| 1 |
Hardening subgoal for Wheezy:
|
| 2 |
All packages, which had a DSA since 2006.
|
| 3 |
|
| 4 |
Instructions:
|
| 5 |
- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
|
| 6 |
- After NMUing a candidate where all build flags have been successfully enabled,
|
| 7 |
add it to the "Resolved/fixed:" list
|
| 8 |
- After NMUing a candidate with only some of the build flags enabled, add it to
|
| 9 |
the "Partially fixed: list (in order to remember what needs further work in the
|
| 10 |
future)
|
| 11 |
- cdbs packages should be fixed automatically, but needs to be double-checked
|
| 12 |
|
| 13 |
|
| 14 |
Candidates:
|
| 15 |
|
| 16 |
alsaplayer (654518)
|
| 17 |
amarok (653354)
|
| 18 |
apt (653504)
|
| 19 |
barnowl (653506)
|
| 20 |
beid (653956)
|
| 21 |
bochs (653511)
|
| 22 |
bzip2 (655164)
|
| 23 |
capi4hylafax (653539)
|
| 24 |
chrony (655123)
|
| 25 |
clamav (653958)
|
| 26 |
courier-authlib (655168)
|
| 27 |
cpio (654522)
|
| 28 |
cscope (653490)
|
| 29 |
ctorrent (653536)
|
| 30 |
devil (653535)
|
| 31 |
dspam (655189)
|
| 32 |
dovecot (653530)
|
| 33 |
drbd8 (currently broken: #654459)
|
| 34 |
e2fsprogs (654457)
|
| 35 |
ejabberd
|
| 36 |
ekg (653531)
|
| 37 |
emacs23 (655118)
|
| 38 |
expat (653526)
|
| 39 |
file (653481)
|
| 40 |
flex (655414)
|
| 41 |
freeciv (654809)
|
| 42 |
freeradius
|
| 43 |
ganglia (655126)
|
| 44 |
eglibc
|
| 45 |
gmime2.4
|
| 46 |
pioneers
|
| 47 |
gnumeric
|
| 48 |
gnupg (653480)
|
| 49 |
gzip (currently broken: 653960)
|
| 50 |
hashcash (655864)
|
| 51 |
heartbeat
|
| 52 |
hostapd
|
| 53 |
hplip
|
| 54 |
httrack
|
| 55 |
hylafax (656260)
|
| 56 |
iceape
|
| 57 |
iceweasel (653191)
|
| 58 |
imagemagick
|
| 59 |
imlib2 (656512)
|
| 60 |
inotify-tools
|
| 61 |
ircd-hybrid
|
| 62 |
isakmpd
|
| 63 |
iscsitarget
|
| 64 |
krb5-appl
|
| 65 |
l2tpns
|
| 66 |
lasso
|
| 67 |
lcms (654821)
|
| 68 |
libapache2-mod-authnz-external
|
| 69 |
libapache2-mod-auth-pgsql
|
| 70 |
libapache-mod-auth-kerb
|
| 71 |
libapache-mod-jk
|
| 72 |
libav
|
| 73 |
cairo (655128)
|
| 74 |
libcgroup (654819)
|
| 75 |
libdumb
|
| 76 |
libexif (650998)
|
| 77 |
libextractor (656780)
|
| 78 |
libfishsound
|
| 79 |
libmikmod (656779)
|
| 80 |
libmodplug (654817)
|
| 81 |
librpcsecgss (654808)
|
| 82 |
libtk-img
|
| 83 |
libtool
|
| 84 |
libtunepimp (654832)
|
| 85 |
libvorbis
|
| 86 |
libwpd (653947)
|
| 87 |
libxfont (654154)
|
| 88 |
libxslt (655601)
|
| 89 |
links2 (654807)
|
| 90 |
linux-ftpd (656005)
|
| 91 |
loop-aes-utils (656009)
|
| 92 |
ltsp
|
| 93 |
lurker
|
| 94 |
lvm2
|
| 95 |
maildrop (655133)
|
| 96 |
mapserver
|
| 97 |
maradns
|
| 98 |
memcached (655134)
|
| 99 |
mimetex (1.73-2) (656646)
|
| 100 |
mlmmj (655893)
|
| 101 |
mono
|
| 102 |
mplayer
|
| 103 |
mplayer2
|
| 104 |
forked-daapd (654147)
|
| 105 |
multipath-tools
|
| 106 |
mutt (654148)
|
| 107 |
mysql-ocaml
|
| 108 |
icinga
|
| 109 |
nbd (653954)
|
| 110 |
ndiswrapper (655249)
|
| 111 |
netpbm-free (655737)
|
| 112 |
netrik (656004)
|
| 113 |
net-snmp
|
| 114 |
newt
|
| 115 |
nginx
|
| 116 |
noweb
|
| 117 |
nspr
|
| 118 |
nss
|
| 119 |
openafs
|
| 120 |
open-iscsi
|
| 121 |
openjdk-6
|
| 122 |
libreoffice (656643)
|
| 123 |
opensaml2 (656006)
|
| 124 |
openssl (653495)
|
| 125 |
openswan (655139)
|
| 126 |
openvpn (655130)
|
| 127 |
pam-pgsql (656003)
|
| 128 |
pcre3 (656008)
|
| 129 |
pdns
|
| 130 |
pdns-recursor
|
| 131 |
perdition (655412)
|
| 132 |
perl
|
| 133 |
ppp
|
| 134 |
pptpd (656650)
|
| 135 |
proftpd-dfsg
|
| 136 |
pstotext (655105)
|
| 137 |
pygresql
|
| 138 |
python2.7
|
| 139 |
python3.2
|
| 140 |
python-cjson
|
| 141 |
qemu (656276)
|
| 142 |
qemu-kvm
|
| 143 |
rssh (654155)
|
| 144 |
rsync (652248)
|
| 145 |
ruby-gnome2 (655415)
|
| 146 |
sash (654909)
|
| 147 |
screen (656513)
|
| 148 |
smstools (656531)
|
| 149 |
snmptrapfmt (656783)
|
| 150 |
socat (654152)
|
| 151 |
spamassassin
|
| 152 |
spamass-milter
|
| 153 |
speex (655880)
|
| 154 |
splitvt (656027)
|
| 155 |
squidguard (656028)
|
| 156 |
subversion
|
| 157 |
suphp (655419)
|
| 158 |
syslog-ng (655163)
|
| 159 |
systemtap (655882)
|
| 160 |
telepathy-gabble (656517)
|
| 161 |
texinfo (656659)
|
| 162 |
tgt (656127)
|
| 163 |
tinyproxy (655870)
|
| 164 |
tk8.4
|
| 165 |
tk8.5
|
| 166 |
unbound
|
| 167 |
unicon
|
| 168 |
unzip (656268)
|
| 169 |
vlc
|
| 170 |
vnc4
|
| 171 |
webcit (656515)
|
| 172 |
webkit
|
| 173 |
wine
|
| 174 |
wxwidgets2.8
|
| 175 |
wzdftpd (655141)
|
| 176 |
x11-xserver-utils (655503)
|
| 177 |
xapian-omega
|
| 178 |
xine-lib (655146)
|
| 179 |
xmlsec1 (656655)
|
| 180 |
xml-security-c (656658)
|
| 181 |
xmltooling (656656)
|
| 182 |
zabbix (656774)
|
| 183 |
collectd (656271)
|
| 184 |
id3lib3.8.3 (656272)
|
| 185 |
exiv2 (656356)
|
| 186 |
opensc (656350)
|
| 187 |
openexr (656506)
|
| 188 |
|
| 189 |
|
| 190 |
Packages using Makefile.PL, needs additional research:
|
| 191 |
libhtml-parser-perl
|
| 192 |
libdbd-pg-perl
|
| 193 |
libimager-perl
|
| 194 |
libnet-dns-perl
|
| 195 |
wml
|
| 196 |
|
| 197 |
Python packages using Makefile.PL, need additional research:
|
| 198 |
zodb
|
| 199 |
|
| 200 |
|
| 201 |
Packages using Scons, needs additional research:
|
| 202 |
blender
|
| 203 |
|
| 204 |
Packages using cmake, needs additional research:
|
| 205 |
kaffeine
|
| 206 |
kdebase
|
| 207 |
kde4libs
|
| 208 |
kdegraphics
|
| 209 |
ktorrent
|
| 210 |
kvirc
|
| 211 |
wesnoth-1.9
|
| 212 |
|
| 213 |
Packages using qmake, needs additional research:
|
| 214 |
psi
|
| 215 |
qt4-x11
|
| 216 |
qt-x11-free
|
| 217 |
|
| 218 |
|
| 219 |
Packages, which should rather be removed than hardened:
|
| 220 |
cgiirc (suggested removal in #653510)
|
| 221 |
djbdns
|
| 222 |
dkim-milter (currently broken, dropped from testing: #629663)
|
| 223 |
kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
|
| 224 |
osiris (suggested removal in 655116)
|
| 225 |
scponly (RM bug: 650590)
|
| 226 |
kazehakase (suggested removal in 656771)
|
| 227 |
|
| 228 |
|
| 229 |
|
| 230 |
Candidate packages using cdbs, needs further studying:
|
| 231 |
sympa
|
| 232 |
libgd2
|
| 233 |
icedove
|
| 234 |
ghostscript
|
| 235 |
libvirt
|
| 236 |
gimp
|
| 237 |
koffice
|
| 238 |
libspf2
|
| 239 |
wordnet
|
| 240 |
sendmail
|
| 241 |
afuse
|
| 242 |
bomberclone
|
| 243 |
camlimages
|
| 244 |
couchdb
|
| 245 |
crossfire
|
| 246 |
dvipng
|
| 247 |
eggdrop
|
| 248 |
gdm3
|
| 249 |
glib2.0
|
| 250 |
gnutls26
|
| 251 |
gst-plugins-bad0.10
|
| 252 |
gst-plugins-good0.10
|
| 253 |
heimdal
|
| 254 |
icu
|
| 255 |
jabberd14
|
| 256 |
libapache2-mod-fcgid
|
| 257 |
evince
|
| 258 |
libast
|
| 259 |
libgtop2
|
| 260 |
libnss-ldap
|
| 261 |
libpam-ldap
|
| 262 |
libsoup2.4
|
| 263 |
libtasn1-3
|
| 264 |
libtheora
|
| 265 |
link-grammar
|
| 266 |
lsh-server
|
| 267 |
mediawiki
|
| 268 |
moin
|
| 269 |
pango1.0
|
| 270 |
pmount
|
| 271 |
polipo
|
| 272 |
poppler
|
| 273 |
postgresql-ocaml
|
| 274 |
pulseaudio
|
| 275 |
ruby1.8
|
| 276 |
ruby1.9.1
|
| 277 |
squid3
|
| 278 |
streamripper
|
| 279 |
sword
|
| 280 |
t1lib
|
| 281 |
unalz
|
| 282 |
uw-imap
|
| 283 |
vino
|
| 284 |
|
| 285 |
|
| 286 |
Fixed:
|
| 287 |
samba (2:3.5.11~dfsg-2)
|
| 288 |
mailman (1:2.1.14-3)
|
| 289 |
flac (1.2.1-6)
|
| 290 |
xorg-server (2:1.11.1.901-1)
|
| 291 |
openldap (2.4.25-4)
|
| 292 |
vim (2:7.3.346-1)
|
| 293 |
freetype (2.4.7-2)
|
| 294 |
python-crypto (2.4-1)
|
| 295 |
xorg-server (2:1.11.1.901-1)
|
| 296 |
xpdf (3.03-7)
|
| 297 |
fetchmail (6.3.21-3)
|
| 298 |
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
|
| 299 |
network-manager (0.9.1.95-1)
|
| 300 |
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
|
| 301 |
tmux (1.6~svn2630-2)
|
| 302 |
tcpdump (4.2.0~rc1-2)
|
| 303 |
libthai (0.1.16-1)
|
| 304 |
git (1:1.7.7.2-1)
|
| 305 |
man-db (2.6.0.2-3)
|
| 306 |
elinks (0.12~pre5-6)
|
| 307 |
zgv (5.9-4)
|
| 308 |
jasper (1.900.1-11)
|
| 309 |
xfs (1.0.8-7)
|
| 310 |
fbi (2.07-9)
|
| 311 |
reprepro (4.5.0-1)
|
| 312 |
antiword (0.37-8) (653499)
|
| 313 |
wv2 (0.4.2.dfsg.1-5)
|
| 314 |
dpkg (1.16.1)
|
| 315 |
fuse (2.8.6-3)
|
| 316 |
fontforge (0.0.20110222-6) (653534)
|
| 317 |
apache2 (2.2.21-4)
|
| 318 |
cabextract (1.4-2) (653509)
|
| 319 |
htdig (3.2.0b6-12)
|
| 320 |
xterm (276-2) (653488)
|
| 321 |
enscript (1.6.5.90-2) (653528)
|
| 322 |
amule (2.3.1-2) (653503)
|
| 323 |
gv (1:3.7.1-2)
|
| 324 |
bluez-hcidump (2.1-2) (653507)
|
| 325 |
lighttpd (1.4.30-1) (654151)
|
| 326 |
pimd (2.1.8-2) (654081)
|
| 327 |
chmlib (2:0.40a-2) (653955)
|
| 328 |
lynx-cur (6.6.7-4) (654097)
|
| 329 |
rdesktop (1.7.0-2) (653498)
|
| 330 |
libpam-krb5 (4.5-3) (654293)
|
| 331 |
curl (7.23.1-3) (654521)
|
| 332 |
audiofile (0.3.2-1) (651029)
|
| 333 |
libarchive (2.8.5-2)
|
| 334 |
courier (0.66.3-2) (654794)
|
| 335 |
libsndfile (1.0.25-4) (654831)
|
| 336 |
libwmf (0.2.8.4-10)
|
| 337 |
exiftags (1.01-5) (654804)
|
| 338 |
nss-pam-ldapd (0.8.5)
|
| 339 |
isc-dhcp (4.2.2-2)
|
| 340 |
sdl-image1.2 (1.2.10-3)
|
| 341 |
mtr (0.82-2) (654117)
|
| 342 |
dia (0.97.2-4)
|
| 343 |
libpng (1.2.46-4) (654149)
|
| 344 |
mldonkey (3.1.0-3) (655140)
|
| 345 |
avahi (0.6.30-6) (655188)
|
| 346 |
mon (1.2.0-5) (655137)
|
| 347 |
acpid (1:2.0.14-2) (653502)
|
| 348 |
libsmi (0.4.8+dfsg2-5) (654812)
|
| 349 |
sudo (1.8.3p1-3) (655417)
|
| 350 |
zoo (2.10-25) (655499)
|
| 351 |
citadel (8.04-1) (653514)
|
| 352 |
firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
|
| 353 |
wget (1.13.4-2) (654908)
|
| 354 |
krb5 (1.10+dfsg~beta1-1) (655248)
|
| 355 |
libxml2 (2.7.8.dfsg-6) (654903)
|
| 356 |
lftp (4.3.4-1)
|
| 357 |
libcdaudio (0.99.12p2-11) (656507)
|
| 358 |
asterisk (1:1.8.8.2~dfsg-1) (653944)
|
| 359 |
ntp (1:4.2.6.p3+dfsg-2)
|
| 360 |
pcsc-lite (1.8.2-1) (656273)
|
| 361 |
vsftpd (2.3.5-2) (655103)
|
| 362 |
libtorrent-rasterbar (0.15.9-1) (656519)
|
| 363 |
tcpreen (1.4.4-2) (655250)
|
| 364 |
slurm-llnl (2.3.2-2) (656781)
|
| 365 |
|
| 366 |
|
| 367 |
|
| 368 |
Hardening incomplete:
|
| 369 |
gtetrinet (653443)
|
| 370 |
ncompress (relro missing)
|
| 371 |
nas (655743) (relro missing)
|
| 372 |
|
| 373 |
|
| 374 |
Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
|
| 375 |
apr
|
| 376 |
apr-util
|
| 377 |
pound (654833)
|
| 378 |
mpg123
|
| 379 |
|
| 380 |
|
| 381 |
|
| 382 |
Packages using hardening-wrapper/-includes (these are considered fixed, although
|
| 383 |
switching them over to dpkg-buildflags might be worthwhile later on):
|
| 384 |
netatalk
|
| 385 |
strongswan
|
| 386 |
graphicsmagick
|
| 387 |
udev
|
| 388 |
xfce4-terminal
|
| 389 |
openssh
|
| 390 |
evolution
|
| 391 |
dbus
|
| 392 |
libgsf
|
| 393 |
tor
|
| 394 |
evolution-data-server
|
| 395 |
cyrus-imapd-2.4
|
| 396 |
aria2
|
| 397 |
mysql-5.1
|
| 398 |
cups
|
| 399 |
wireshark
|
| 400 |
squid
|
| 401 |
exim4
|
| 402 |
php5
|
| 403 |
ipsec-tools
|
| 404 |
postgresql-8.4
|
| 405 |
postgresql-9.0
|
| 406 |
postgresql-9.1
|
| 407 |
gnupg2
|
| 408 |
nagios3
|
| 409 |
tiff
|
| 410 |
bind9
|
| 411 |
postfix
|
| 412 |
chromium-browser
|
| 413 |
pidgin
|
| 414 |
nagios-plugins
|
| 415 |
znc
|
| 416 |
cyrus-sasl2
|
| 417 |
ldns
|
| 418 |
quagga
|
| 419 |
nsd3
|
| 420 |
|
| 421 |
|
| 422 |
|
| 423 |
|
| 424 |
|
| 425 |
|
| 426 |
|
| 427 |
|
| 428 |
|
| 429 |
|
| 430 |
|
| 431 |
|
Parent Directory
| 
Revision Log