/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18598 - (show annotations) (download)
Tue Mar 6 16:57:49 2012 UTC (14 months, 2 weeks ago) by jmm
File MIME type: text/plain
File size: 8074 byte(s) 
vsftpd, libav, multipath-tools, ndiswrapper, psql-9.1 switched from hardening-wrapper to dpkg-buildflags
1 Hardening subgoal for Wheezy:
2 All packages, which had a DSA since 2006.
3
4 Instructions:
5 - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 - After NMUing a candidate where all build flags have been successfully enabled,
7 add it to the "Resolved/fixed:" list
8 - After NMUing a candidate with only some of the build flags enabled, add it to
9 the "Partially fixed: list (in order to remember what needs further work in the
10 future)
11 - cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14 Candidates:
15
16 alsaplayer (654518)
17 amarok (653354)
18 barnowl (653506)
19 beid (653956)
20 bzip2 (655164)
21 capi4hylafax (653539)
22 chrony (655123)
23 clamav (653958)
24 courier-authlib (655168)
25 cpio (654522)
26 cscope (653490)
27 ctorrent (653536)
28 devil (653535)
29 dovecot (653530)
30 drbd8 (currently broken: #654459)
31 ekg (653531)
32 expat (653526)
33 file (653481)
34 flex (655414)
35 freeciv (654809)
36 freeradius (657838)
37 ganglia (655126)
38 eglibc (657528)
39 pioneers (657829)
40 gnumeric (657839)
41 gzip (currently broken: 653960)
42 hashcash (655864)
43 heartbeat (657840)
44 hostapd (657332)
45 hplip (currently broken: 657047)
46 iceape
47 iceweasel (653191)
48 imlib2 (656512)
49 inotify-tools (657841)
50 ircd-hybrid (657537)
51 isakmpd (657210)
52 krb5-appl (657842)
53 l2tpns (657846)
54 lasso
55 lcms (654821)
56 libapache2-mod-authnz-external
57 libapache2-mod-auth-pgsql
58 libapache-mod-auth-kerb
59 cairo (655128)
60 libcgroup (654819)
61 libdumb (658965)
62 libexif (650998)
63 libextractor (656780)
64 libfishsound (657847)
65 libmodplug (654817)
66 librpcsecgss (654808)
67 libtk-img (657209)
68 libtool
69 libtunepimp (654832)
70 libvorbis
71 libwpd (653947)
72 libxfont (654154)
73 libxslt (655601)
74 links2 (654807)
75 linux-ftpd (656005)
76 ltsp
77 lvm2 (657523)
78 mapserver
79 memcached (655134)
80 mono (657518)
81 mplayer (658040)
82 mplayer2 (658034)
83 forked-daapd (654147)
84 mutt (654148)
85 icinga (656866)
86 netpbm-free (655737)
87 netrik (656004)
88 net-snmp (657519)
89 newt (658430)
90 noweb (657656)
91 nss (657325)
92 openafs (659663)
93 open-iscsi (659662)
94 libreoffice (656643)
95 openssl (653495)
96 openswan (655139)
97 pam-pgsql (656003)
98 pcre3 (656008)
99 pdns (656861)
100 pdns-recursor (656859)
101 perdition (655412)
102 ppp (658181)
103 pptpd (656650)
104 proftpd-dfsg (657213)
105 pstotext (655105)
106 python2.7 (in preparation in experimental)
107 python3.2 (in preparation in experimental)
108 rsync (652248)
109 ruby-gnome2 (655415)
110 sash (654909)
111 screen (656513)
112 smstools (656531)
113 snmptrapfmt (656783)
114 socat (654152)
115 spamassassin
116 spamass-milter
117 speex (655880)
118 squidguard (656028)
119 subversion
120 suphp (655419)
121 systemtap (655882) (fixed in experimental)
122 texinfo (656659)
123 tgt (656127)
124 tk8.4 (658017)
125 tk8.5 (658018)
126 unbound (658021)
127 unicon (658043)
128 unzip (656268)
129 vlc (658030)
130 vnc4 (656862)
131 webcit (656515)
132 wine (658039)
133 wxwidgets2.8
134 wzdftpd (655141)
135 x11-xserver-utils (655503)
136 xapian-omega (658024)
137 xmlsec1 (656655)
138 collectd (656271)
139 id3lib3.8.3 (656272)
140 opensc (656350)
141 openexr (656506)
142
143
144 Packages using Makefile.PL, needs additional research:
145 libhtml-parser-perl
146 libdbd-pg-perl
147 libimager-perl
148 libnet-dns-perl
149 wml
150
151 Python packages, need additional research:
152 zodb
153 python-cjson
154 pygresql
155
156
157 Packages using Scons, needs additional research:
158 blender
159
160 Packages using cmake, needs additional research:
161 kaffeine
162 kdebase
163 kde4libs
164 kdegraphics
165 ktorrent
166 kvirc
167 wesnoth-1.9
168
169 Packages using qmake, needs additional research:
170 psi
171 qt4-x11
172 qt-x11-free
173
174 Ocaml packages, needs additional research:
175 mysql-ocaml
176
177
178 Packages, which should rather be removed than hardened:
179 cgiirc (suggested removal in #653510)
180 djbdns
181 dkim-milter (currently broken, dropped from testing: #629663)
182 kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
183
184
185
186 Candidate packages using cdbs, needs further studying:
187 sympa
188 libgd2
189 icedove
190 ghostscript
191 libvirt
192 gimp
193 koffice
194 libspf2
195 wordnet
196 afuse
197 bomberclone
198 camlimages
199 couchdb
200 crossfire
201 dvipng
202 eggdrop
203 gdm3
204 glib2.0
205 gnutls26
206 gst-plugins-bad0.10
207 gst-plugins-good0.10
208 heimdal
209 icu
210 jabberd14
211 libapache2-mod-fcgid
212 evince
213 libast
214 libgtop2
215 libnss-ldap
216 libpam-ldap
217 libsoup2.4
218 libtasn1-3
219 libtheora
220 link-grammar
221 lsh-server
222 mediawiki
223 moin
224 pango1.0
225 pmount
226 polipo
227 poppler
228 postgresql-ocaml
229 pulseaudio
230 ruby1.8
231 ruby1.9.1
232 squid3
233 streamripper
234 sword
235 t1lib
236 unalz
237 uw-imap
238 vino
239
240
241 Fixed:
242 samba (2:3.5.11~dfsg-2)
243 mailman (1:2.1.14-3)
244 flac (1.2.1-6)
245 xorg-server (2:1.11.1.901-1)
246 openldap (2.4.25-4)
247 vim (2:7.3.346-1)
248 freetype (2.4.7-2)
249 python-crypto (2.4-1)
250 xorg-server (2:1.11.1.901-1)
251 xpdf (3.03-7)
252 fetchmail (6.3.21-3)
253 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
254 network-manager (0.9.1.95-1)
255 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
256 tmux (1.6~svn2630-2)
257 tcpdump (4.2.0~rc1-2)
258 libthai (0.1.16-1)
259 git (1:1.7.7.2-1)
260 man-db (2.6.0.2-3)
261 elinks (0.12~pre5-6)
262 zgv (5.9-4)
263 jasper (1.900.1-11)
264 xfs (1.0.8-7)
265 fbi (2.07-9)
266 reprepro (4.5.0-1)
267 antiword (0.37-8) (653499)
268 wv2 (0.4.2.dfsg.1-5)
269 dpkg (1.16.1)
270 fuse (2.8.6-3)
271 fontforge (0.0.20110222-6) (653534)
272 apache2 (2.2.21-4)
273 cabextract (1.4-2) (653509)
274 htdig (3.2.0b6-12)
275 xterm (276-2) (653488)
276 enscript (1.6.5.90-2) (653528)
277 amule (2.3.1-2) (653503)
278 gv (1:3.7.1-2)
279 bluez-hcidump (2.1-2) (653507)
280 lighttpd (1.4.30-1) (654151)
281 pimd (2.1.8-2) (654081)
282 chmlib (2:0.40a-2) (653955)
283 lynx-cur (6.6.7-4) (654097)
284 rdesktop (1.7.0-2) (653498)
285 libpam-krb5 (4.5-3) (654293)
286 curl (7.23.1-3) (654521)
287 audiofile (0.3.2-1) (651029)
288 libarchive (2.8.5-2)
289 courier (0.66.3-2) (654794)
290 libsndfile (1.0.25-4) (654831)
291 libwmf (0.2.8.4-10)
292 exiftags (1.01-5) (654804)
293 nss-pam-ldapd (0.8.5)
294 isc-dhcp (4.2.2-2)
295 sdl-image1.2 (1.2.10-3)
296 mtr (0.82-2) (654117)
297 dia (0.97.2-4)
298 libpng (1.2.46-4) (654149)
299 mldonkey (3.1.0-3) (655140)
300 avahi (0.6.30-6) (655188)
301 mon (1.2.0-5) (655137)
302 acpid (1:2.0.14-2) (653502)
303 libsmi (0.4.8+dfsg2-5) (654812)
304 sudo (1.8.3p1-3) (655417)
305 zoo (2.10-25) (655499)
306 citadel (8.04-1) (653514)
307 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
308 wget (1.13.4-2) (654908)
309 krb5 (1.10+dfsg~beta1-1) (655248)
310 libxml2 (2.7.8.dfsg-6) (654903)
311 lftp (4.3.4-1)
312 libcdaudio (0.99.12p2-11) (656507)
313 asterisk (1:1.8.8.2~dfsg-1) (653944)
314 ntp (1:4.2.6.p3+dfsg-2)
315 pcsc-lite (1.8.2-1) (656273)
316 libtorrent-rasterbar (0.15.9-1) (656519)
317 tcpreen (1.4.4-2) (655250)
318 slurm-llnl (2.3.2-2) (656781)
319 mlmmj (1.2.17-4) (655893)
320 nas (1.9.3-3) (655743, 656857)
321 dspam (3.10.1+dfsg-3+b1) (655189)
322 tinyproxy (1.8.3-2) (655870)
323 xine-lib (1.1.20.1-2) (655146)
324 apt (0.8.16~exp12) (653504)
325 exiv2 (0.22-2) (656356)
326 xml-security-c (1.6.1-2) (656658)
327 httrack (3.44.2-1) (657334)
328 telepathy-gabble (0.14.1-1) (656517)
329 mimetex (1.73-2) (656646)
330 xmltooling (1.4.2-2) (656656)
331 emacs23 (23.3+1-5) (655118)
332 opensaml2 (2.4.3-2) (656006)
333 zabbix (1:1.8.10-1) (656774)
334 gmime2.4 (2.6.4-1) (657328)
335 qemu-kvm (1.0+dfsg-6) (657867)
336 iscsitarget (1.4.20.2-7) (656867)
337 ejabberd (2.1.10-2) (657525)
338 nginx (1.1.14-1) (658186)
339 lurker (2.3-3) (657655)
340 libapache-mod-jk (1:1.2.32-2) (656876)
341 pound (2.6-2) (654833)
342 rssh (2.3.3-2) (654155)
343 maradns (1.4.10-2) (657657)
344 perl (5.14.2-8) (657853)
345 qemu (1.0+dfsg-3) (656276)
346 bochs (2.4.6-5) (653511)
347 syslog-ng (3.3.4.dfsg-1) (655163)
348 libmikmod (3.1.12-3) (656779)
349 nspr (4.9~beta5-2) (657522)
350 webkit (1.6.3-1) (659391)
351 e2fsprogs (1.42.1-1) (654457)
352 splitvt (1.6.6-10) (656027)
353 hylafax (2:6.1~20111227-8) (656260)
354 nbd (1:3.0-1) (653954)
355 gnupg (1.4.12-1) (653480)
356 openvpn (2.2.1-4) (655130)
357 maildrop (2.5.5-1) (655133)
358 imagemagick (8:6.7.4.0-2) (657833) (in experimental)
359 loop-aes-utils (2.16.2-3) (656009)
360 vsftpd (2.3.5-3) (655103)
361 openjdk-7 (7~u3-2.1-2) (660021)
362 libav (4:0.8-2) (658929)
363 multipath-tools (0.4.9+git0.4dfdaf2b-2) (657848)
364 ndiswrapper (1.57-1) (655249)
365 postgresql-9.1 (9.1.3-2)
366
367
368 Hardening incomplete:
369 gtetrinet (653443)
370 ncompress (relro missing)
371
372
373 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
374 apr
375 apr-util
376 mpg123
377 sendmail
378
379
380
381 Packages using hardening-wrapper/-includes (these are considered fixed, although
382 switching them over to dpkg-buildflags might be worthwhile later on):
383 netatalk
384 strongswan
385 graphicsmagick
386 udev
387 xfce4-terminal
388 openssh
389 evolution
390 dbus
391 libgsf
392 tor
393 evolution-data-server
394 cyrus-imapd-2.4
395 aria2
396 mysql-5.1
397 cups
398 wireshark
399 squid
400 exim4
401 php5
402 ipsec-tools
403 postgresql-8.4
404 postgresql-9.0
405 gnupg2
406 nagios3
407 tiff
408 bind9
409 postfix
410 chromium-browser
411 pidgin
412 nagios-plugins
413 znc
414 cyrus-sasl2
415 ldns
416 quagga
417 nsd3
  ViewVC Help
Powered by ViewVC 1.1.5