/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18529 - (show annotations) (download)
Thu Feb 23 18:04:43 2012 UTC (14 months, 4 weeks ago) by jmm
File MIME type: text/plain
File size: 7988 byte(s) 
imagemagick fixed
1 Hardening subgoal for Wheezy:
2 All packages, which had a DSA since 2006.
3
4 Instructions:
5 - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 - After NMUing a candidate where all build flags have been successfully enabled,
7 add it to the "Resolved/fixed:" list
8 - After NMUing a candidate with only some of the build flags enabled, add it to
9 the "Partially fixed: list (in order to remember what needs further work in the
10 future)
11 - cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14 Candidates:
15
16 alsaplayer (654518)
17 amarok (653354)
18 barnowl (653506)
19 beid (653956)
20 bzip2 (655164)
21 capi4hylafax (653539)
22 chrony (655123)
23 clamav (653958)
24 courier-authlib (655168)
25 cpio (654522)
26 cscope (653490)
27 ctorrent (653536)
28 devil (653535)
29 dovecot (653530)
30 drbd8 (currently broken: #654459)
31 ekg (653531)
32 expat (653526)
33 file (653481)
34 flex (655414)
35 freeciv (654809)
36 freeradius (657838)
37 ganglia (655126)
38 eglibc (657528)
39 pioneers (657829)
40 gnumeric (657839)
41 gzip (currently broken: 653960)
42 hashcash (655864)
43 heartbeat (657840)
44 hostapd (657332)
45 hplip (currently broken: 657047)
46 iceape
47 iceweasel (653191)
48 imlib2 (656512)
49 inotify-tools (657841)
50 ircd-hybrid (657537)
51 isakmpd (657210)
52 krb5-appl (657842)
53 l2tpns (657846)
54 lasso
55 lcms (654821)
56 libapache2-mod-authnz-external
57 libapache2-mod-auth-pgsql
58 libapache-mod-auth-kerb
59 libav (658929)
60 cairo (655128)
61 libcgroup (654819)
62 libdumb (658965)
63 libexif (650998)
64 libextractor (656780)
65 libfishsound (657847)
66 libmodplug (654817)
67 librpcsecgss (654808)
68 libtk-img (657209)
69 libtool
70 libtunepimp (654832)
71 libvorbis
72 libwpd (653947)
73 libxfont (654154)
74 libxslt (655601)
75 links2 (654807)
76 linux-ftpd (656005)
77 loop-aes-utils (656009)
78 ltsp
79 lvm2 (657523)
80 mapserver
81 memcached (655134)
82 mono (657518)
83 mplayer (658040)
84 mplayer2 (658034)
85 forked-daapd (654147)
86 multipath-tools (657848)
87 mutt (654148)
88 icinga (656866)
89 ndiswrapper (655249)
90 netpbm-free (655737)
91 netrik (656004)
92 net-snmp (657519)
93 newt (658430)
94 noweb (657656)
95 nss (657325)
96 openafs (659663)
97 open-iscsi (659662)
98 openjdk-7 (660021)
99 libreoffice (656643)
100 openssl (653495)
101 openswan (655139)
102 pam-pgsql (656003)
103 pcre3 (656008)
104 pdns (656861)
105 pdns-recursor (656859)
106 perdition (655412)
107 ppp (658181)
108 pptpd (656650)
109 proftpd-dfsg (657213)
110 pstotext (655105)
111 python2.7 (in preparation in experimental)
112 python3.2 (in preparation in experimental)
113 rsync (652248)
114 ruby-gnome2 (655415)
115 sash (654909)
116 screen (656513)
117 smstools (656531)
118 snmptrapfmt (656783)
119 socat (654152)
120 spamassassin
121 spamass-milter
122 speex (655880)
123 squidguard (656028)
124 subversion
125 suphp (655419)
126 systemtap (655882) (fixed in experimental)
127 texinfo (656659)
128 tgt (656127)
129 tk8.4 (658017)
130 tk8.5 (658018)
131 unbound (658021)
132 unicon (658043)
133 unzip (656268)
134 vlc (658030)
135 vnc4 (656862)
136 webcit (656515)
137 wine (658039)
138 wxwidgets2.8
139 wzdftpd (655141)
140 x11-xserver-utils (655503)
141 xapian-omega (658024)
142 xmlsec1 (656655)
143 collectd (656271)
144 id3lib3.8.3 (656272)
145 opensc (656350)
146 openexr (656506)
147 vsftpd (655103)
148
149
150 Packages using Makefile.PL, needs additional research:
151 libhtml-parser-perl
152 libdbd-pg-perl
153 libimager-perl
154 libnet-dns-perl
155 wml
156
157 Python packages, need additional research:
158 zodb
159 python-cjson
160 pygresql
161
162
163 Packages using Scons, needs additional research:
164 blender
165
166 Packages using cmake, needs additional research:
167 kaffeine
168 kdebase
169 kde4libs
170 kdegraphics
171 ktorrent
172 kvirc
173 wesnoth-1.9
174
175 Packages using qmake, needs additional research:
176 psi
177 qt4-x11
178 qt-x11-free
179
180 Ocaml packages, needs additional research:
181 mysql-ocaml
182
183
184 Packages, which should rather be removed than hardened:
185 cgiirc (suggested removal in #653510)
186 djbdns
187 dkim-milter (currently broken, dropped from testing: #629663)
188 kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
189
190
191
192 Candidate packages using cdbs, needs further studying:
193 sympa
194 libgd2
195 icedove
196 ghostscript
197 libvirt
198 gimp
199 koffice
200 libspf2
201 wordnet
202 afuse
203 bomberclone
204 camlimages
205 couchdb
206 crossfire
207 dvipng
208 eggdrop
209 gdm3
210 glib2.0
211 gnutls26
212 gst-plugins-bad0.10
213 gst-plugins-good0.10
214 heimdal
215 icu
216 jabberd14
217 libapache2-mod-fcgid
218 evince
219 libast
220 libgtop2
221 libnss-ldap
222 libpam-ldap
223 libsoup2.4
224 libtasn1-3
225 libtheora
226 link-grammar
227 lsh-server
228 mediawiki
229 moin
230 pango1.0
231 pmount
232 polipo
233 poppler
234 postgresql-ocaml
235 pulseaudio
236 ruby1.8
237 ruby1.9.1
238 squid3
239 streamripper
240 sword
241 t1lib
242 unalz
243 uw-imap
244 vino
245
246
247 Fixed:
248 samba (2:3.5.11~dfsg-2)
249 mailman (1:2.1.14-3)
250 flac (1.2.1-6)
251 xorg-server (2:1.11.1.901-1)
252 openldap (2.4.25-4)
253 vim (2:7.3.346-1)
254 freetype (2.4.7-2)
255 python-crypto (2.4-1)
256 xorg-server (2:1.11.1.901-1)
257 xpdf (3.03-7)
258 fetchmail (6.3.21-3)
259 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
260 network-manager (0.9.1.95-1)
261 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
262 tmux (1.6~svn2630-2)
263 tcpdump (4.2.0~rc1-2)
264 libthai (0.1.16-1)
265 git (1:1.7.7.2-1)
266 man-db (2.6.0.2-3)
267 elinks (0.12~pre5-6)
268 zgv (5.9-4)
269 jasper (1.900.1-11)
270 xfs (1.0.8-7)
271 fbi (2.07-9)
272 reprepro (4.5.0-1)
273 antiword (0.37-8) (653499)
274 wv2 (0.4.2.dfsg.1-5)
275 dpkg (1.16.1)
276 fuse (2.8.6-3)
277 fontforge (0.0.20110222-6) (653534)
278 apache2 (2.2.21-4)
279 cabextract (1.4-2) (653509)
280 htdig (3.2.0b6-12)
281 xterm (276-2) (653488)
282 enscript (1.6.5.90-2) (653528)
283 amule (2.3.1-2) (653503)
284 gv (1:3.7.1-2)
285 bluez-hcidump (2.1-2) (653507)
286 lighttpd (1.4.30-1) (654151)
287 pimd (2.1.8-2) (654081)
288 chmlib (2:0.40a-2) (653955)
289 lynx-cur (6.6.7-4) (654097)
290 rdesktop (1.7.0-2) (653498)
291 libpam-krb5 (4.5-3) (654293)
292 curl (7.23.1-3) (654521)
293 audiofile (0.3.2-1) (651029)
294 libarchive (2.8.5-2)
295 courier (0.66.3-2) (654794)
296 libsndfile (1.0.25-4) (654831)
297 libwmf (0.2.8.4-10)
298 exiftags (1.01-5) (654804)
299 nss-pam-ldapd (0.8.5)
300 isc-dhcp (4.2.2-2)
301 sdl-image1.2 (1.2.10-3)
302 mtr (0.82-2) (654117)
303 dia (0.97.2-4)
304 libpng (1.2.46-4) (654149)
305 mldonkey (3.1.0-3) (655140)
306 avahi (0.6.30-6) (655188)
307 mon (1.2.0-5) (655137)
308 acpid (1:2.0.14-2) (653502)
309 libsmi (0.4.8+dfsg2-5) (654812)
310 sudo (1.8.3p1-3) (655417)
311 zoo (2.10-25) (655499)
312 citadel (8.04-1) (653514)
313 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
314 wget (1.13.4-2) (654908)
315 krb5 (1.10+dfsg~beta1-1) (655248)
316 libxml2 (2.7.8.dfsg-6) (654903)
317 lftp (4.3.4-1)
318 libcdaudio (0.99.12p2-11) (656507)
319 asterisk (1:1.8.8.2~dfsg-1) (653944)
320 ntp (1:4.2.6.p3+dfsg-2)
321 pcsc-lite (1.8.2-1) (656273)
322 libtorrent-rasterbar (0.15.9-1) (656519)
323 tcpreen (1.4.4-2) (655250)
324 slurm-llnl (2.3.2-2) (656781)
325 mlmmj (1.2.17-4) (655893)
326 nas (1.9.3-3) (655743, 656857)
327 dspam (3.10.1+dfsg-3+b1) (655189)
328 tinyproxy (1.8.3-2) (655870)
329 xine-lib (1.1.20.1-2) (655146)
330 apt (0.8.16~exp12) (653504)
331 exiv2 (0.22-2) (656356)
332 xml-security-c (1.6.1-2) (656658)
333 httrack (3.44.2-1) (657334)
334 telepathy-gabble (0.14.1-1) (656517)
335 mimetex (1.73-2) (656646)
336 xmltooling (1.4.2-2) (656656)
337 emacs23 (23.3+1-5) (655118)
338 opensaml2 (2.4.3-2) (656006)
339 zabbix (1:1.8.10-1) (656774)
340 gmime2.4 (2.6.4-1) (657328)
341 qemu-kvm (1.0+dfsg-6) (657867)
342 iscsitarget (1.4.20.2-7) (656867)
343 ejabberd (2.1.10-2) (657525)
344 nginx (1.1.14-1) (658186)
345 lurker (2.3-3) (657655)
346 libapache-mod-jk (1:1.2.32-2) (656876)
347 pound (2.6-2) (654833)
348 rssh (2.3.3-2) (654155)
349 maradns (1.4.10-2) (657657)
350 perl (5.14.2-8) (657853)
351 qemu (1.0+dfsg-3) (656276)
352 bochs (2.4.6-5) (653511)
353 syslog-ng (3.3.4.dfsg-1) (655163)
354 libmikmod (3.1.12-3) (656779)
355 nspr (4.9~beta5-2) (657522)
356 webkit (1.6.3-1) (659391)
357 e2fsprogs (1.42.1-1) (654457)
358 splitvt (1.6.6-10) (656027)
359 hylafax (2:6.1~20111227-8) (656260)
360 nbd (1:3.0-1) (653954)
361 gnupg (1.4.12-1) (653480)
362 openvpn (2.2.1-4) (655130)
363 maildrop (2.5.5-1) (655133)
364 imagemagick (8:6.7.4.0-2) (657833) (in experimental)
365
366
367
368 Hardening incomplete:
369 gtetrinet (653443)
370 ncompress (relro missing)
371
372
373 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
374 apr
375 apr-util
376 mpg123
377 sendmail
378
379
380
381 Packages using hardening-wrapper/-includes (these are considered fixed, although
382 switching them over to dpkg-buildflags might be worthwhile later on):
383 netatalk
384 strongswan
385 graphicsmagick
386 udev
387 xfce4-terminal
388 openssh
389 evolution
390 dbus
391 libgsf
392 tor
393 evolution-data-server
394 cyrus-imapd-2.4
395 aria2
396 mysql-5.1
397 cups
398 wireshark
399 squid
400 exim4
401 php5
402 ipsec-tools
403 postgresql-8.4
404 postgresql-9.0
405 postgresql-9.1
406 gnupg2
407 nagios3
408 tiff
409 bind9
410 postfix
411 chromium-browser
412 pidgin
413 nagios-plugins
414 znc
415 cyrus-sasl2
416 ldns
417 quagga
418 nsd3
  ViewVC Help
Powered by ViewVC 1.1.5