/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18170 - (show annotations) (download)
Sun Jan 15 16:31:06 2012 UTC (16 months ago) by jmm
File MIME type: text/plain
File size: 6413 byte(s) 
libxml2 and hostname fixed in maintainer uploads
1 Hardening subgoal for Wheezy:
2 All packages, which had a DSA since 2006.
3
4 Instructions:
5 - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 - After NMUing a candidate where all build flags have been successfully enabled,
7 add it to the "Resolved/fixed:" list
8 - After NMUing a candidate with only some of the build flags enabled, add it to
9 the "Partially fixed: list (in order to remember what needs further work in the
10 future)
11 - cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14 Candidates:
15
16 alsaplayer (654518)
17 amarok (653354)
18 apt (653504)
19 asterisk (653944)
20 barnowl (653506)
21 beid (653956)
22 bochs (653511)
23 bzip2 (655164)
24 capi4hylafax (653539)
25 chrony (655123)
26 clamav (653958)
27 courier-authlib (655168)
28 cpio (654522)
29 cscope (653490)
30 ctorrent (653536)
31 devil (653535)
32 dspam (655189)
33 dovecot (653530)
34 drbd8 (currently broken: #654459)
35 e2fsprogs (654457)
36 ejabberd
37 ekg (653531)
38 emacs23 (655118)
39 expat (653526)
40 file (653481)
41 flex (655414)
42 freeciv (654809)
43 freeradius
44 ganglia (655126)
45 eglibc
46 gmime2.4
47 pioneers
48 gnumeric
49 gnupg (653480)
50 gzip (currently broken: 653960)
51 hashcash (655864)
52 heartbeat
53 hostapd
54 hplip
55 httrack
56 hylafax
57 iceape
58 iceweasel (653191)
59 imagemagick
60 imlib2
61 inotify-tools
62 ircd-hybrid
63 isakmpd
64 iscsitarget
65 kazehakase
66 krb5-appl
67 l2tpns
68 lasso
69 lcms (654821)
70 lftp
71 libapache2-mod-authnz-external
72 libapache2-mod-auth-pgsql
73 libapache-mod-auth-kerb
74 libapache-mod-jk
75 libav
76 cairo (655128)
77 libcgroup (654819)
78 libdbd-pg-perl
79 libdumb
80 libexif (650998)
81 libextractor
82 libfishsound
83 libhtml-parser-perl
84 libimager-perl
85 libmikmod
86 libmodplug (654817)
87 libnet-dns-perl
88 librpcsecgss (654808)
89 libtk-img
90 libtool
91 libtunepimp (654832)
92 libvorbis
93 libwpd (653947)
94 libxfont (654154)
95 libxslt (655601)
96 links2 (654807)
97 linux-ftpd
98 loop-aes-utils
99 ltsp
100 lurker
101 lvm2
102 maildrop (655133)
103 mapserver
104 maradns
105 memcached (655134)
106 mimetex
107 mlmmj
108 mono
109 mplayer
110 mplayer2
111 forked-daapd (654147)
112 multipath-tools
113 mutt (654148)
114 mysql-ocaml
115 icinga
116 nas (655743)
117 nbd (653954)
118 ndiswrapper (655249)
119 netpbm-free (655737)
120 netrik
121 net-snmp
122 newt
123 nginx
124 noweb
125 nspr
126 nss
127 ntp
128 openafs
129 open-iscsi
130 openjdk-6
131 libreoffice
132 opensaml2
133 openssl (653495)
134 openswan (655139)
135 openvpn (655130)
136 pam-pgsql
137 pcre3
138 pdns
139 pdns-recursor
140 perdition (655412)
141 perl
142 ppp
143 pptpd
144 proftpd-dfsg
145 psi
146 pstotext (655105)
147 pygresql
148 python2.7
149 python3.2
150 python-cjson
151 qemu
152 qemu-kvm
153 qt4-x11
154 qt-x11-free
155 rssh (654155)
156 rsync (652248)
157 ruby-gnome2 (655415)
158 sash (654909)
159 scponly
160 screen
161 slurm-llnl
162 smstools
163 snmptrapfmt
164 socat (654152)
165 spamassassin
166 spamass-milter
167 speex (655880)
168 splitvt
169 squidguard
170 strongswan
171 subversion
172 suphp (655419)
173 syslog-ng (655163)
174 systemtap (655882)
175 tcpreen (655250)
176 telepathy-gabble
177 texinfo
178 tgt
179 tinyproxy (655870)
180 tk8.4
181 tk8.5
182 unbound
183 unicon
184 unzip
185 vlc
186 vnc4
187 webcit
188 webkit
189 wine
190 wml
191 wxwidgets2.8
192 wzdftpd (655141)
193 x11-xserver-utils (655503)
194 xapian-omega
195 xine-lib (655146)
196 xmlsec1
197 xml-security-c
198 xmltooling
199 zabbix
200 zodb
201 vsftpd (655103)
202 collectd
203
204
205 Packages using dh, but which need additional multiarch changes for compat 9:
206 opensc
207 openexr
208 libtorrent-rasterbar
209 exiv2
210 libcdaudio
211 pcsc-lite
212 id3lib3.8.3
213
214
215 Packages using Scons, needs additional research:
216 blender
217
218 Packages using cmake, needs additional research:
219 kaffeine
220 kdebase
221 kde4libs
222 kdegraphics
223 ktorrent
224 kvirc
225 wesnoth-1.9
226
227
228 Packages, which should rather be removed than hardened:
229 cgiirc (suggested removal in #653510)
230 djbdns
231 dkim-milter (currently broken, dropped from testing: #629663)
232 kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
233 osiris (suggested removal in 655116)
234
235
236
237 Candidate packages using cdbs, needs further studying:
238 sympa
239 libgd2
240 icedove
241 ghostscript
242 libvirt
243 gimp
244 koffice
245 libspf2
246 wordnet
247 sendmail
248 afuse
249 bomberclone
250 camlimages
251 couchdb
252 crossfire
253 dvipng
254 eggdrop
255 gdm3
256 glib2.0
257 gnutls26
258 gst-plugins-bad0.10
259 gst-plugins-good0.10
260 heimdal
261 icu
262 jabberd14
263 libapache2-mod-fcgid
264 evince
265 libast
266 libgtop2
267 libnss-ldap
268 libpam-ldap
269 libsoup2.4
270 libtasn1-3
271 libtheora
272 link-grammar
273 lsh-server
274 mediawiki
275 moin
276 pango1.0
277 pmount
278 polipo
279 poppler
280 postgresql-ocaml
281 pulseaudio
282 ruby1.8
283 ruby1.9.1
284 squid3
285 streamripper
286 sword
287 t1lib
288 unalz
289 uw-imap
290 vino
291
292
293 Fixed:
294 samba (2:3.5.11~dfsg-2)
295 mailman (1:2.1.14-3)
296 flac (1.2.1-6)
297 xorg-server (2:1.11.1.901-1)
298 openldap (2.4.25-4)
299 vim (2:7.3.346-1)
300 freetype (2.4.7-2)
301 python-crypto (2.4-1)
302 xorg-server (2:1.11.1.901-1)
303 xpdf (3.03-7)
304 fetchmail (6.3.21-3)
305 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
306 network-manager (0.9.1.95-1)
307 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
308 tmux (1.6~svn2630-2)
309 tcpdump (4.2.0~rc1-2)
310 libthai (0.1.16-1)
311 git (1:1.7.7.2-1)
312 man-db (2.6.0.2-3)
313 elinks (0.12~pre5-6)
314 zgv (5.9-4)
315 jasper (1.900.1-11)
316 xfs (1.0.8-7)
317 fbi (2.07-9)
318 reprepro (4.5.0-1)
319 antiword (0.37-8) (653499)
320 wv2 (0.4.2.dfsg.1-5)
321 dpkg (1.16.1)
322 fuse (2.8.6-3)
323 fontforge (0.0.20110222-6) (653534)
324 apache2 (2.2.21-4)
325 cabextract (1.4-2) (653509)
326 htdig (3.2.0b6-12)
327 xterm (276-2) (653488)
328 enscript (1.6.5.90-2) (653528)
329 amule (2.3.1-2) (653503)
330 gv (1:3.7.1-2)
331 bluez-hcidump (2.1-2) (653507)
332 lighttpd (1.4.30-1) (654151)
333 pimd (2.1.8-2) (654081)
334 chmlib (2:0.40a-2) (653955)
335 lynx-cur (6.6.7-4) (654097)
336 rdesktop (1.7.0-2) (653498)
337 libpam-krb5 (4.5-3) (654293)
338 curl (7.23.1-3) (654521)
339 audiofile (0.3.2-1) (651029)
340 libarchive (2.8.5-2)
341 courier (0.66.3-2) (654794)
342 libsndfile (1.0.25-4) (654831)
343 libwmf (0.2.8.4-10)
344 exiftags (1.01-5) (654804)
345 nss-pam-ldapd (0.8.5)
346 isc-dhcp (4.2.2-2)
347 sdl-image1.2 (1.2.10-3)
348 mtr (0.82-2) (654117)
349 dia (0.97.2-4)
350 libpng (1.2.46-4) (654149)
351 mldonkey (3.1.0-3) (655140)
352 avahi (0.6.30-6) (655188)
353 mon (1.2.0-5) (655137)
354 acpid (1:2.0.14-2) (653502)
355 libsmi (0.4.8+dfsg2-5) (654812)
356 sudo (1.8.3p1-3) (655417)
357 zoo (2.10-25) (655499)
358 citadel (8.04-1) (653514)
359 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
360 wget (1.13.4-2) (654908)
361 krb5 (1.10+dfsg~beta1-1) (655248)
362 libxml2 (2.7.8.dfsg-6) (654903)
363
364
365
366 Hardening incomplete:
367 gtetrinet (653443)
368 ncompress (relro missing)
369
370
371 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
372 apr
373 apr-util
374 pound (654833)
375 mpg123
376
377
378
379 Packages using hardening-wrapper/-includes (these are considered fixed, although
380 switching them over to dpkg-buildflags might be worthwhile later on):
381 netatalk
382 graphicsmagick
383 udev
384 xfce4-terminal
385 openssh
386 evolution
387 dbus
388 libgsf
389 tor
390 evolution-data-server
391 cyrus-imapd-2.4
392 aria2
393 mysql-5.1
394 cups
395 wireshark
396 squid
397 exim4
398 php5
399 ipsec-tools
400 postgresql-8.4
401 postgresql-9.0
402 postgresql-9.1
403 gnupg2
404 nagios3
405 tiff
406 bind9
407 postfix
408 chromium-browser
409 pidgin
410 nagios-plugins
411 znc
412 cyrus-sasl2
413 ldns
414 quagga
415 nsd3
416
417
418
419
420
421
422
423
424
425
426
427
  ViewVC Help
Powered by ViewVC 1.1.5