/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18477 - (show annotations) (download)
Sun Feb 19 19:26:29 2012 UTC (15 months ago) by jmm
File MIME type: text/plain
File size: 7876 byte(s) 
webkit and e2fsprogs fixed
1 Hardening subgoal for Wheezy:
2 All packages, which had a DSA since 2006.
3
4 Instructions:
5 - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 - After NMUing a candidate where all build flags have been successfully enabled,
7 add it to the "Resolved/fixed:" list
8 - After NMUing a candidate with only some of the build flags enabled, add it to
9 the "Partially fixed: list (in order to remember what needs further work in the
10 future)
11 - cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14 Candidates:
15
16 alsaplayer (654518)
17 amarok (653354)
18 barnowl (653506)
19 beid (653956)
20 bzip2 (655164)
21 capi4hylafax (653539)
22 chrony (655123)
23 clamav (653958)
24 courier-authlib (655168)
25 cpio (654522)
26 cscope (653490)
27 ctorrent (653536)
28 devil (653535)
29 dovecot (653530)
30 drbd8 (currently broken: #654459)
31 ekg (653531)
32 expat (653526)
33 file (653481)
34 flex (655414)
35 freeciv (654809)
36 freeradius (657838)
37 ganglia (655126)
38 eglibc (657528)
39 pioneers (657829)
40 gnumeric (657839)
41 gnupg (653480)
42 gzip (currently broken: 653960)
43 hashcash (655864)
44 heartbeat (657840)
45 hostapd (657332)
46 hplip (currently broken: 657047)
47 hylafax (656260)
48 iceape
49 iceweasel (653191)
50 imagemagick (657833)
51 imlib2 (656512)
52 inotify-tools (657841)
53 ircd-hybrid (657537)
54 isakmpd (657210)
55 krb5-appl (657842)
56 l2tpns (657846)
57 lasso
58 lcms (654821)
59 libapache2-mod-authnz-external
60 libapache2-mod-auth-pgsql
61 libapache-mod-auth-kerb
62 libav (658929)
63 cairo (655128)
64 libcgroup (654819)
65 libdumb (658965)
66 libexif (650998)
67 libextractor (656780)
68 libfishsound (657847)
69 libmodplug (654817)
70 librpcsecgss (654808)
71 libtk-img (657209)
72 libtool
73 libtunepimp (654832)
74 libvorbis
75 libwpd (653947)
76 libxfont (654154)
77 libxslt (655601)
78 links2 (654807)
79 linux-ftpd (656005)
80 loop-aes-utils (656009)
81 ltsp
82 lvm2 (657523)
83 maildrop (655133)
84 mapserver
85 memcached (655134)
86 mono (657518)
87 mplayer (658040)
88 mplayer2 (658034)
89 forked-daapd (654147)
90 multipath-tools (657848)
91 mutt (654148)
92 icinga (656866)
93 nbd (653954)
94 ndiswrapper (655249)
95 netpbm-free (655737)
96 netrik (656004)
97 net-snmp (657519)
98 newt (658430)
99 noweb (657656)
100 nss (657325)
101 openafs (659663)
102 open-iscsi (659662)
103 openjdk-6
104 libreoffice (656643)
105 openssl (653495)
106 openswan (655139)
107 openvpn (655130)
108 pam-pgsql (656003)
109 pcre3 (656008)
110 pdns (656861)
111 pdns-recursor (656859)
112 perdition (655412)
113 ppp (658181)
114 pptpd (656650)
115 proftpd-dfsg (657213)
116 pstotext (655105)
117 python2.7 (in preparation in experimental)
118 python3.2 (in preparation in experimental)
119 rsync (652248)
120 ruby-gnome2 (655415)
121 sash (654909)
122 screen (656513)
123 smstools (656531)
124 snmptrapfmt (656783)
125 socat (654152)
126 spamassassin
127 spamass-milter
128 speex (655880)
129 splitvt (656027)
130 squidguard (656028)
131 subversion
132 suphp (655419)
133 systemtap (655882) (fixed in experimental)
134 texinfo (656659)
135 tgt (656127)
136 tk8.4 (658017)
137 tk8.5 (658018)
138 unbound (658021)
139 unicon (658043)
140 unzip (656268)
141 vlc (658030)
142 vnc4 (656862)
143 webcit (656515)
144 wine (658039)
145 wxwidgets2.8
146 wzdftpd (655141)
147 x11-xserver-utils (655503)
148 xapian-omega (658024)
149 xmlsec1 (656655)
150 collectd (656271)
151 id3lib3.8.3 (656272)
152 opensc (656350)
153 openexr (656506)
154 vsftpd (655103)
155
156
157 Packages using Makefile.PL, needs additional research:
158 libhtml-parser-perl
159 libdbd-pg-perl
160 libimager-perl
161 libnet-dns-perl
162 wml
163
164 Python packages, need additional research:
165 zodb
166 python-cjson
167 pygresql
168
169
170 Packages using Scons, needs additional research:
171 blender
172
173 Packages using cmake, needs additional research:
174 kaffeine
175 kdebase
176 kde4libs
177 kdegraphics
178 ktorrent
179 kvirc
180 wesnoth-1.9
181
182 Packages using qmake, needs additional research:
183 psi
184 qt4-x11
185 qt-x11-free
186
187 Ocaml packages, needs additional research:
188 mysql-ocaml
189
190
191 Packages, which should rather be removed than hardened:
192 cgiirc (suggested removal in #653510)
193 djbdns
194 dkim-milter (currently broken, dropped from testing: #629663)
195 kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
196
197
198
199 Candidate packages using cdbs, needs further studying:
200 sympa
201 libgd2
202 icedove
203 ghostscript
204 libvirt
205 gimp
206 koffice
207 libspf2
208 wordnet
209 afuse
210 bomberclone
211 camlimages
212 couchdb
213 crossfire
214 dvipng
215 eggdrop
216 gdm3
217 glib2.0
218 gnutls26
219 gst-plugins-bad0.10
220 gst-plugins-good0.10
221 heimdal
222 icu
223 jabberd14
224 libapache2-mod-fcgid
225 evince
226 libast
227 libgtop2
228 libnss-ldap
229 libpam-ldap
230 libsoup2.4
231 libtasn1-3
232 libtheora
233 link-grammar
234 lsh-server
235 mediawiki
236 moin
237 pango1.0
238 pmount
239 polipo
240 poppler
241 postgresql-ocaml
242 pulseaudio
243 ruby1.8
244 ruby1.9.1
245 squid3
246 streamripper
247 sword
248 t1lib
249 unalz
250 uw-imap
251 vino
252
253
254 Fixed:
255 samba (2:3.5.11~dfsg-2)
256 mailman (1:2.1.14-3)
257 flac (1.2.1-6)
258 xorg-server (2:1.11.1.901-1)
259 openldap (2.4.25-4)
260 vim (2:7.3.346-1)
261 freetype (2.4.7-2)
262 python-crypto (2.4-1)
263 xorg-server (2:1.11.1.901-1)
264 xpdf (3.03-7)
265 fetchmail (6.3.21-3)
266 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
267 network-manager (0.9.1.95-1)
268 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
269 tmux (1.6~svn2630-2)
270 tcpdump (4.2.0~rc1-2)
271 libthai (0.1.16-1)
272 git (1:1.7.7.2-1)
273 man-db (2.6.0.2-3)
274 elinks (0.12~pre5-6)
275 zgv (5.9-4)
276 jasper (1.900.1-11)
277 xfs (1.0.8-7)
278 fbi (2.07-9)
279 reprepro (4.5.0-1)
280 antiword (0.37-8) (653499)
281 wv2 (0.4.2.dfsg.1-5)
282 dpkg (1.16.1)
283 fuse (2.8.6-3)
284 fontforge (0.0.20110222-6) (653534)
285 apache2 (2.2.21-4)
286 cabextract (1.4-2) (653509)
287 htdig (3.2.0b6-12)
288 xterm (276-2) (653488)
289 enscript (1.6.5.90-2) (653528)
290 amule (2.3.1-2) (653503)
291 gv (1:3.7.1-2)
292 bluez-hcidump (2.1-2) (653507)
293 lighttpd (1.4.30-1) (654151)
294 pimd (2.1.8-2) (654081)
295 chmlib (2:0.40a-2) (653955)
296 lynx-cur (6.6.7-4) (654097)
297 rdesktop (1.7.0-2) (653498)
298 libpam-krb5 (4.5-3) (654293)
299 curl (7.23.1-3) (654521)
300 audiofile (0.3.2-1) (651029)
301 libarchive (2.8.5-2)
302 courier (0.66.3-2) (654794)
303 libsndfile (1.0.25-4) (654831)
304 libwmf (0.2.8.4-10)
305 exiftags (1.01-5) (654804)
306 nss-pam-ldapd (0.8.5)
307 isc-dhcp (4.2.2-2)
308 sdl-image1.2 (1.2.10-3)
309 mtr (0.82-2) (654117)
310 dia (0.97.2-4)
311 libpng (1.2.46-4) (654149)
312 mldonkey (3.1.0-3) (655140)
313 avahi (0.6.30-6) (655188)
314 mon (1.2.0-5) (655137)
315 acpid (1:2.0.14-2) (653502)
316 libsmi (0.4.8+dfsg2-5) (654812)
317 sudo (1.8.3p1-3) (655417)
318 zoo (2.10-25) (655499)
319 citadel (8.04-1) (653514)
320 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
321 wget (1.13.4-2) (654908)
322 krb5 (1.10+dfsg~beta1-1) (655248)
323 libxml2 (2.7.8.dfsg-6) (654903)
324 lftp (4.3.4-1)
325 libcdaudio (0.99.12p2-11) (656507)
326 asterisk (1:1.8.8.2~dfsg-1) (653944)
327 ntp (1:4.2.6.p3+dfsg-2)
328 pcsc-lite (1.8.2-1) (656273)
329 libtorrent-rasterbar (0.15.9-1) (656519)
330 tcpreen (1.4.4-2) (655250)
331 slurm-llnl (2.3.2-2) (656781)
332 mlmmj (1.2.17-4) (655893)
333 nas (1.9.3-3) (655743, 656857)
334 dspam (3.10.1+dfsg-3+b1) (655189)
335 tinyproxy (1.8.3-2) (655870)
336 xine-lib (1.1.20.1-2) (655146)
337 apt (0.8.16~exp12) (653504)
338 exiv2 (0.22-2) (656356)
339 xml-security-c (1.6.1-2) (656658)
340 httrack (3.44.2-1) (657334)
341 telepathy-gabble (0.14.1-1) (656517)
342 mimetex (1.73-2) (656646)
343 xmltooling (1.4.2-2) (656656)
344 emacs23 (23.3+1-5) (655118)
345 opensaml2 (2.4.3-2) (656006)
346 zabbix (1:1.8.10-1) (656774)
347 gmime2.4 (2.6.4-1) (657328)
348 qemu-kvm (1.0+dfsg-6) (657867)
349 iscsitarget (1.4.20.2-7) (656867)
350 ejabberd (2.1.10-2) (657525)
351 nginx (1.1.14-1) (658186)
352 lurker (2.3-3) (657655)
353 libapache-mod-jk (1:1.2.32-2) (656876)
354 pound (2.6-2) (654833)
355 rssh (2.3.3-2) (654155)
356 maradns (1.4.10-2) (657657)
357 perl (5.14.2-8) (657853)
358 qemu (1.0+dfsg-3) (656276)
359 bochs (2.4.6-5) (653511)
360 syslog-ng (3.3.4.dfsg-1) (655163)
361 libmikmod (3.1.12-3) (656779)
362 nspr (4.9~beta5-2) (657522)
363 webkit (1.6.3-1) (659391)
364 e2fsprogs (1.42.1-1) (654457)
365
366
367
368 Hardening incomplete:
369 gtetrinet (653443)
370 ncompress (relro missing)
371
372
373 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
374 apr
375 apr-util
376 mpg123
377 sendmail
378
379
380
381 Packages using hardening-wrapper/-includes (these are considered fixed, although
382 switching them over to dpkg-buildflags might be worthwhile later on):
383 netatalk
384 strongswan
385 graphicsmagick
386 udev
387 xfce4-terminal
388 openssh
389 evolution
390 dbus
391 libgsf
392 tor
393 evolution-data-server
394 cyrus-imapd-2.4
395 aria2
396 mysql-5.1
397 cups
398 wireshark
399 squid
400 exim4
401 php5
402 ipsec-tools
403 postgresql-8.4
404 postgresql-9.0
405 postgresql-9.1
406 gnupg2
407 nagios3
408 tiff
409 bind9
410 postfix
411 chromium-browser
412 pidgin
413 nagios-plugins
414 znc
415 cyrus-sasl2
416 ldns
417 quagga
418 nsd3
  ViewVC Help
Powered by ViewVC 1.1.5