/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18218 - (show annotations) (download)
Thu Jan 19 19:12:13 2012 UTC (15 months, 4 weeks ago) by jmm
File MIME type: text/plain
File size: 6660 byte(s) 
bsdmainutils fixed, submitted patches for exiv2 and opensc
1 Hardening subgoal for Wheezy:
2 All packages, which had a DSA since 2006.
3
4 Instructions:
5 - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 - After NMUing a candidate where all build flags have been successfully enabled,
7 add it to the "Resolved/fixed:" list
8 - After NMUing a candidate with only some of the build flags enabled, add it to
9 the "Partially fixed: list (in order to remember what needs further work in the
10 future)
11 - cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14 Candidates:
15
16 alsaplayer (654518)
17 amarok (653354)
18 apt (653504)
19 asterisk (653944)
20 barnowl (653506)
21 beid (653956)
22 bochs (653511)
23 bzip2 (655164)
24 capi4hylafax (653539)
25 chrony (655123)
26 clamav (653958)
27 courier-authlib (655168)
28 cpio (654522)
29 cscope (653490)
30 ctorrent (653536)
31 devil (653535)
32 dspam (655189)
33 dovecot (653530)
34 drbd8 (currently broken: #654459)
35 e2fsprogs (654457)
36 ejabberd
37 ekg (653531)
38 emacs23 (655118)
39 expat (653526)
40 file (653481)
41 flex (655414)
42 freeciv (654809)
43 freeradius
44 ganglia (655126)
45 eglibc
46 gmime2.4
47 pioneers
48 gnumeric
49 gnupg (653480)
50 gzip (currently broken: 653960)
51 hashcash (655864)
52 heartbeat
53 hostapd
54 hplip
55 httrack
56 hylafax (656260)
57 iceape
58 iceweasel (653191)
59 imagemagick
60 imlib2
61 inotify-tools
62 ircd-hybrid
63 isakmpd
64 iscsitarget
65 kazehakase
66 krb5-appl
67 l2tpns
68 lasso
69 lcms (654821)
70 libapache2-mod-authnz-external
71 libapache2-mod-auth-pgsql
72 libapache-mod-auth-kerb
73 libapache-mod-jk
74 libav
75 cairo (655128)
76 libcgroup (654819)
77 libdumb
78 libexif (650998)
79 libextractor
80 libfishsound
81 libmikmod
82 libmodplug (654817)
83 librpcsecgss (654808)
84 libtk-img
85 libtool
86 libtunepimp (654832)
87 libvorbis
88 libwpd (653947)
89 libxfont (654154)
90 libxslt (655601)
91 links2 (654807)
92 linux-ftpd (656005)
93 loop-aes-utils (656009)
94 ltsp
95 lurker
96 lvm2
97 maildrop (655133)
98 mapserver
99 maradns
100 memcached (655134)
101 mimetex
102 mlmmj (655893)
103 mono
104 mplayer
105 mplayer2
106 forked-daapd (654147)
107 multipath-tools
108 mutt (654148)
109 mysql-ocaml
110 icinga
111 nas (655743)
112 nbd (653954)
113 ndiswrapper (655249)
114 netpbm-free (655737)
115 netrik (656004)
116 net-snmp
117 newt
118 nginx
119 noweb
120 nspr
121 nss
122 ntp
123 openafs
124 open-iscsi
125 openjdk-6
126 libreoffice
127 opensaml2 (656006)
128 openssl (653495)
129 openswan (655139)
130 openvpn (655130)
131 pam-pgsql (656003)
132 pcre3 (656008)
133 pdns
134 pdns-recursor
135 perdition (655412)
136 perl
137 ppp
138 pptpd
139 proftpd-dfsg
140 pstotext (655105)
141 pygresql
142 python2.7
143 python3.2
144 python-cjson
145 qemu (656276)
146 qemu-kvm
147 qt4-x11
148 qt-x11-free
149 rssh (654155)
150 rsync (652248)
151 ruby-gnome2 (655415)
152 sash (654909)
153 screen
154 slurm-llnl
155 smstools
156 snmptrapfmt
157 socat (654152)
158 spamassassin
159 spamass-milter
160 speex (655880)
161 splitvt (656027)
162 squidguard (656028)
163 strongswan
164 subversion
165 suphp (655419)
166 syslog-ng (655163)
167 systemtap (655882)
168 tcpreen (655250)
169 telepathy-gabble
170 texinfo
171 tgt (656127)
172 tinyproxy (655870)
173 tk8.4
174 tk8.5
175 unbound
176 unicon
177 unzip (656268)
178 vlc
179 vnc4
180 webcit
181 webkit
182 wine
183 wxwidgets2.8
184 wzdftpd (655141)
185 x11-xserver-utils (655503)
186 xapian-omega
187 xine-lib (655146)
188 xmlsec1
189 xml-security-c
190 xmltooling
191 zabbix
192 zodb
193 vsftpd (655103)
194 collectd (656271)
195 id3lib3.8.3 (656272)
196 pcsc-lite (656273)
197 exiv2 (656356)
198 opensc (656350)
199
200
201 Packages using dh, but which need additional multiarch changes for compat 9:
202 openexr
203 libtorrent-rasterbar
204 libcdaudio
205
206
207 Packages using Makefile.PL, needs additional research:
208 libhtml-parser-perl
209 libdbd-pg-perl
210 libimager-perl
211 libnet-dns-perl
212 wml
213
214
215 Packages using Scons, needs additional research:
216 blender
217
218 Packages using cmake, needs additional research:
219 kaffeine
220 kdebase
221 kde4libs
222 kdegraphics
223 ktorrent
224 kvirc
225 wesnoth-1.9
226 psi
227
228
229 Packages, which should rather be removed than hardened:
230 cgiirc (suggested removal in #653510)
231 djbdns
232 dkim-milter (currently broken, dropped from testing: #629663)
233 kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
234 osiris (suggested removal in 655116)
235 scponly (RM bug: 650590)
236
237
238
239 Candidate packages using cdbs, needs further studying:
240 sympa
241 libgd2
242 icedove
243 ghostscript
244 libvirt
245 gimp
246 koffice
247 libspf2
248 wordnet
249 sendmail
250 afuse
251 bomberclone
252 camlimages
253 couchdb
254 crossfire
255 dvipng
256 eggdrop
257 gdm3
258 glib2.0
259 gnutls26
260 gst-plugins-bad0.10
261 gst-plugins-good0.10
262 heimdal
263 icu
264 jabberd14
265 libapache2-mod-fcgid
266 evince
267 libast
268 libgtop2
269 libnss-ldap
270 libpam-ldap
271 libsoup2.4
272 libtasn1-3
273 libtheora
274 link-grammar
275 lsh-server
276 mediawiki
277 moin
278 pango1.0
279 pmount
280 polipo
281 poppler
282 postgresql-ocaml
283 pulseaudio
284 ruby1.8
285 ruby1.9.1
286 squid3
287 streamripper
288 sword
289 t1lib
290 unalz
291 uw-imap
292 vino
293
294
295 Fixed:
296 samba (2:3.5.11~dfsg-2)
297 mailman (1:2.1.14-3)
298 flac (1.2.1-6)
299 xorg-server (2:1.11.1.901-1)
300 openldap (2.4.25-4)
301 vim (2:7.3.346-1)
302 freetype (2.4.7-2)
303 python-crypto (2.4-1)
304 xorg-server (2:1.11.1.901-1)
305 xpdf (3.03-7)
306 fetchmail (6.3.21-3)
307 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
308 network-manager (0.9.1.95-1)
309 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
310 tmux (1.6~svn2630-2)
311 tcpdump (4.2.0~rc1-2)
312 libthai (0.1.16-1)
313 git (1:1.7.7.2-1)
314 man-db (2.6.0.2-3)
315 elinks (0.12~pre5-6)
316 zgv (5.9-4)
317 jasper (1.900.1-11)
318 xfs (1.0.8-7)
319 fbi (2.07-9)
320 reprepro (4.5.0-1)
321 antiword (0.37-8) (653499)
322 wv2 (0.4.2.dfsg.1-5)
323 dpkg (1.16.1)
324 fuse (2.8.6-3)
325 fontforge (0.0.20110222-6) (653534)
326 apache2 (2.2.21-4)
327 cabextract (1.4-2) (653509)
328 htdig (3.2.0b6-12)
329 xterm (276-2) (653488)
330 enscript (1.6.5.90-2) (653528)
331 amule (2.3.1-2) (653503)
332 gv (1:3.7.1-2)
333 bluez-hcidump (2.1-2) (653507)
334 lighttpd (1.4.30-1) (654151)
335 pimd (2.1.8-2) (654081)
336 chmlib (2:0.40a-2) (653955)
337 lynx-cur (6.6.7-4) (654097)
338 rdesktop (1.7.0-2) (653498)
339 libpam-krb5 (4.5-3) (654293)
340 curl (7.23.1-3) (654521)
341 audiofile (0.3.2-1) (651029)
342 libarchive (2.8.5-2)
343 courier (0.66.3-2) (654794)
344 libsndfile (1.0.25-4) (654831)
345 libwmf (0.2.8.4-10)
346 exiftags (1.01-5) (654804)
347 nss-pam-ldapd (0.8.5)
348 isc-dhcp (4.2.2-2)
349 sdl-image1.2 (1.2.10-3)
350 mtr (0.82-2) (654117)
351 dia (0.97.2-4)
352 libpng (1.2.46-4) (654149)
353 mldonkey (3.1.0-3) (655140)
354 avahi (0.6.30-6) (655188)
355 mon (1.2.0-5) (655137)
356 acpid (1:2.0.14-2) (653502)
357 libsmi (0.4.8+dfsg2-5) (654812)
358 sudo (1.8.3p1-3) (655417)
359 zoo (2.10-25) (655499)
360 citadel (8.04-1) (653514)
361 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
362 wget (1.13.4-2) (654908)
363 krb5 (1.10+dfsg~beta1-1) (655248)
364 libxml2 (2.7.8.dfsg-6) (654903)
365 lftp (4.3.4-1)
366
367
368
369
370 Hardening incomplete:
371 gtetrinet (653443)
372 ncompress (relro missing)
373
374
375 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
376 apr
377 apr-util
378 pound (654833)
379 mpg123
380
381
382
383 Packages using hardening-wrapper/-includes (these are considered fixed, although
384 switching them over to dpkg-buildflags might be worthwhile later on):
385 netatalk
386 graphicsmagick
387 udev
388 xfce4-terminal
389 openssh
390 evolution
391 dbus
392 libgsf
393 tor
394 evolution-data-server
395 cyrus-imapd-2.4
396 aria2
397 mysql-5.1
398 cups
399 wireshark
400 squid
401 exim4
402 php5
403 ipsec-tools
404 postgresql-8.4
405 postgresql-9.0
406 postgresql-9.1
407 gnupg2
408 nagios3
409 tiff
410 bind9
411 postfix
412 chromium-browser
413 pidgin
414 nagios-plugins
415 znc
416 cyrus-sasl2
417 ldns
418 quagga
419 nsd3
420
421
422
423
424
425
426
427
428
429
430
431
  ViewVC Help
Powered by ViewVC 1.1.5