/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Diff of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 17231 by jmm, Tue Sep 13 19:54:24 2011 UTC revision 18135 by jmm, Thu Jan 12 17:13:55 2012 UTC
# Line 1  Line 1 
1  Hardening subgoal for Wheezy:  Hardening subgoal for Wheezy:
2  All packages, which had a DSA since 2006.  All packages, which had a DSA since 2006.
3    
4    Instructions:
5    - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6    - After NMUing a candidate where all build flags have been successfully enabled,
7      add it to the "Resolved/fixed:" list
8    - After NMUing a candidate with only some of the build flags enabled, add it to
9      the "Partially fixed: list (in order to remember what needs further work in the
10      future)
11    - cdbs packages should be fixed automatically, but needs to be double-checked
12    
13  This needs to cleaned up  
14  further:  Candidates:
15  - Software written in PHP etc. need to be removed  
16  - Some packages have been removed/superceded by newer srcpkg (I did  alsaplayer (654518)
17    some cursory cleanup, but needs more work)  amarok (653354)
18    apt (653504)
19  To check:  asterisk (653944)
20    barnowl (653506)
21  abc2ps  beid (653956)
22  abcmidi  bochs (653511)
23  acpid  bzip2 (655164)
24  advi  capi4hylafax (653539)
25  adzapper  chrony (655123)
26  afuse  clamav (653958)
27  aircrack-ng  courier-authlib (655168)
28  ajaxterm  cpio (654522)
29  albatross  cscope (653490)
30  alsaplayer  ctorrent (653536)
31  amarok  devil (653535)
32  amule  dspam (655189)
33  antiword  dovecot (653530)
34  apache  drbd8 (currently broken: #654459)
35  apache2  e2fsprogs (654457)
 apr  
 apr-util  
 apt  
 apt-listchanges  
 aria2  
 asterisk  
 audiofile  
 auth2db  
 avahi  
 awstats  
 b2evolution  
 backup-manager  
 barnowl  
 belpic  
 bind  
 bind9  
 blender  
 bluez-hcidump  
 bmv  
 bochs  
 boinc  
 bomberclone  
 bsdgames  
 bugzilla  
 bzip2  
 cabextract  
 ca-certificates  
 cacti  
 camlimages  
 capi4hylafax  
 centericq  
 cfs  
 cgiirc  
 changetrack  
 cheesetracker  
 chmlib  
 chromium-browser  
 chrony  
 citadel  
 clamav  
 collectd  
 couchdb  
 courier  
 courier-authlib  
 cpio  
 crawl  
 crossfire  
 cscope  
 ctorrent  
 cups  
 cupsys  
 curl  
 cvsnt  
 cyrus-imapd  
 cyrus-imapd-2.2  
 cyrus-sasl2  
 dbus  
 debian-goodies  
 devil  
 devscripts  
 dhcp  
 dhcp3  
 dia  
 djbdns  
 dkim-milter  
 dnsmasq  
 doctrine  
 dokuwiki  
 dovecot  
 dpkg  
 drbd8  
 drupal6  
 dspam  
 dtc  
 dvipng  
 e2fsprogs  
 eggdrop  
36  ejabberd  ejabberd
37  ekg  ekg (653531)
38  elinks  emacs23 (655118)
39  elog  expat (653526)
40  emacs21  file (653481)
41  enemies-of-carlotta  flex (655414)
42  enscript  freeciv (654809)
 etch  
 ethereal  
 evince  
 evolution  
 evolution-data-server  
 exiftags  
 exim4  
 exiv2  
 expat  
 fail2ban  
 fbi  
 fcheck  
 fetchmail  
 fex  
 file  
 firebird  
 firebird2  
 fireflier  
 firefox-sage  
 flac  
 flamethrower  
 flex  
 flexbackup  
 flyspray  
 fontforge  
 freeciv  
43  freeradius  freeradius
44  freetype  ganglia (655126)
45  fuse  eglibc
46  gaim  gmime2.4
47  gallery  pioneers
 gallery2  
 ganeti  
 ganglia-monitor-core  
 gcc-3.4  
 gdm  
 gdm3  
 gfax  
 gforge  
 gforge-plugin-scmcvs  
 ghostscript  
 gimp  
 git-core  
 gitolite  
 glib2.0  
 glibc  
 gmime2.2  
 gnatsweb  
 gnocatan  
 gnomemeeting  
 gnome-peercast  
48  gnumeric  gnumeric
49  gnupg  gnupg (653480)
 gnupg2  
 gnutls11  
 gnutls13  
 gpdf  
 graphicsmagick  
 gsambad  
 gs-esp  
 gst-plugins-bad0.10  
 gst-plugins-good0.10  
 gtetrinet  
 gtk+2.0  
 gv  
50  gzip  gzip
51  hashcash  hashcash
52  heartbeat  heartbeat
 heimdal  
 hf  
 hiki  
 horde2  
 horde3  
53  hostapd  hostapd
54  hplip  hplip
 htdig  
55  httrack  httrack
 hybserv  
56  hylafax  hylafax
57  iceape  iceape
58  icedove  iceweasel (653191)
 iceweasel  
 icu  
 id3lib3.8.3  
 ikiwiki  
 ilohamail  
59  imagemagick  imagemagick
60  imlib2  imlib2
 imp4  
 ingo1  
61  inotify-tools  inotify-tools
 ipplan  
 ipsec-tools  
62  ircd-hybrid  ircd-hybrid
63  isakmpd  isakmpd
 isc-dhcp  
64  iscsitarget  iscsitarget
 jabberd14  
 jailer  
 jasper  
 jffnms  
 kaffeine  
65  kazehakase  kazehakase
66  kde4libs  krb5 (655248)
 kdebase  
 kdegraphics  
 kdelibs  
 koffice  
 kolab-cyrus-imapd  
 kphone  
 krb5  
67  krb5-appl  krb5-appl
 kronolith  
 kronolith2  
 ktorrent  
 kvirc  
 kvm  
68  l2tpns  l2tpns
69  lasso  lasso
70  lcms  lcms (654821)
 ldap-account-manager  
 ldapscripts  
 ldns  
71  lftp  lftp
72  libapache2-mod-authnz-external  libapache2-mod-authnz-external
73  libapache2-mod-auth-pgsql  libapache2-mod-auth-pgsql
 libapache2-mod-fcgid  
 libapache-auth-ldap  
74  libapache-mod-auth-kerb  libapache-mod-auth-kerb
75  libapache-mod-jk  libapache-mod-jk
 libapreq2-perl  
 libarchive  
76  libav  libav
77  libast  cairo (655128)
78  libcairo  libcgroup (654819)
 libcdaudio  
 libcgroup  
 libcrypt-cbc-perl  
79  libdbd-pg-perl  libdbd-pg-perl
80  libdumb  libdumb
81  libexif  libexif (650998)
82  libextractor  libextractor
83  libfishsound  libfishsound
 libgd2  
 libgsf  
 libgtop2  
84  libhtml-parser-perl  libhtml-parser-perl
85  libimager-perl  libimager-perl
 libmail-audit-perl  
86  libmikmod  libmikmod
87  libmodplug  libmodplug (654817)
 libmojolicious-perl  
 libmusicbrainz-2.0  
88  libnet-dns-perl  libnet-dns-perl
89  libnet-server-perl  librpcsecgss (654808)
 libnss-ldap  
 libopenssl-ruby  
 libpam-heimdal  
 libpam-krb5  
 libpam-ldap  
 libphp-adodb  
 libphp-phpmailer  
 libpng  
 librpcsecgss  
 libsmi  
 libsndfile  
 libsoup  
 libspf2  
 libtasn1-2  
 libthai  
 libtheora  
90  libtk-img  libtk-img
91  libtool  libtool
92  libtorrent-rasterbar  libtunepimp (654832)
 libtunepimp  
 libvirt  
93  libvorbis  libvorbis
94  libwmf  libwpd (653947)
95  libwpd  libxfont (654154)
96  libxerces2-java  libxml2 (654903)
 libxfont  
 libxml  
 libxml2  
97  libxslt  libxslt
98  lighttpd  links2 (654807)
 link-grammar  
 links  
 links2  
99  linux-ftpd  linux-ftpd
 logwatch  
 lookup-el  
100  loop-aes-utils  loop-aes-utils
 lsh-server  
101  ltsp  ltsp
102  lurker  lurker
103  lvm2  lvm2
104  lxr-cvs  maildrop (655133)
 lynx-cur  
 mahara  
 maildrop  
 mailman  
 man-db  
 mantis  
105  mapserver  mapserver
106  maradns  maradns
107  mediawiki  memcached (655134)
 memcached  
 metamail  
 migrationtools  
108  mimetex  mimetex
 mldonkey  
109  mlmmj  mlmmj
 moin  
 mon  
110  mono  mono
 moodle  
 motor  
 movabletype-opensource  
 mpg123  
111  mplayer  mplayer
112  mt-daapd  mplayer2
113  mtr  forked-daapd (654147)
114  multipath-tools  multipath-tools
115  mutt  mutt (654148)
 mydms  
 mydns  
 mysql-dfsg-5.0  
116  mysql-ocaml  mysql-ocaml
 nagios3  
117  icinga  icinga
 nagios-plugins  
118  nas  nas
119  nbd  nbd (653954)
120  ncompress  ndiswrapper (655249)
 ndiswrapper  
 netatalk  
121  netpbm-free  netpbm-free
122  netrik  netrik
123  net-snmp  net-snmp
 network-manager  
 newsx  
124  newt  newt
 nfs-user-server  
125  nginx  nginx
 no-ip  
126  noweb  noweb
 nsd  
127  nspr  nspr
128  nss  nss
 nss-ldapd  
129  ntp  ntp
 ocsinventory-agent  
130  openafs  openafs
 openexr  
131  open-iscsi  open-iscsi
132  openjdk-6  openjdk-6
 openldap  
133  libreoffice  libreoffice
 opensaml  
134  opensaml2  opensaml2
135  opensc  openssl (653495)
136  openssh  openswan (655139)
137  openssl  openvpn (655130)
 openswan  
 openvpn  
 opie  
 oprofile  
 osiris  
 otrs  
 otrs2  
138  pam-pgsql  pam-pgsql
 pango1.0  
139  pcre3  pcre3
 pcsc-lite  
 pdfkit.framework  
 pdftohtml  
140  pdns  pdns
141  pdns-recursor  pdns-recursor
142  peercast  perdition (655412)
 perdition  
143  perl  perl
 petris  
 php4  
 php5  
 phpbb2  
 phpgedview  
 php-json-ext  
 phpldapadmin  
 php-mail  
 phpmyadmin  
 php-net-ping  
 phppgadmin  
 phpwiki  
 php-xajax  
 phpymadmin  
 pidgin  
 pimd  
 pinball  
 pmount  
 policyd-weight  
 polipo  
 popfile  
 poppler  
 postfix  
 postfix-policyd  
 postgresql  
 postgresql-8.3  
 postgresql-ocaml  
 postgrey  
 pound  
144  ppp  ppp
145  pptpd  pptpd
146  proftpd-dfsg  proftpd-dfsg
147  psi  psi
148  pstotext  pstotext (655105)
 pulseaudio  
149  pygresql  pygresql
150  python  python2.7
151  python2.5  python3.2
 python-cherrypy  
152  python-cjson  python-cjson
 python-crypto  
 python-django  
 python-dns  
 pywebdav  
153  qemu  qemu
154  qemu-kvm  qemu-kvm
155  qt4-x11  qt4-x11
156  qt-x11-free  qt-x11-free
157  quagga  rssh (654155)
158  rails  rsync (652248)
159  rdesktop  ruby-gnome2 (655415)
160  redmine  sash (654909)
 refpolicy  
 reprepro  
 request-tracker3.4  
 request-tracker3.6  
 request-tracker3.8  
 resmgr  
 roundup  
 rssh  
 rsync  
 ruby1.8  
 ruby1.9  
 ruby-gnome2  
 samba  
 sash  
161  scponly  scponly
162  screen  screen
 sdl-image1.2  
 sendmail  
 serendipity  
 shadow  
 silc-client  
 sitebar  
 slash  
163  slurm-llnl  slurm-llnl
 smarty  
 smbind  
164  smstools  smstools
165  snmptrapfmt  snmptrapfmt
166  socat  socat (654152)
 sork-passwd-h3  
167  spamassassin  spamassassin
168  spamass-milter  spamass-milter
169  speex  speex
 spip  
170  splitvt  splitvt
 sql-ledger  
 squid  
 squid3  
171  squidguard  squidguard
 squirrelmail  
 storebackup  
 streamripper  
172  strongswan  strongswan
173  subversion  subversion
174  sudo  suphp (655419)
175  suphp  syslog-ng (655163)
 sword  
 sympa  
 syslog-ng  
176  systemtap  systemtap
177  t1lib  tcpreen (655250)
 tar  
 tcpdump  
 tcpreen  
 tdiary  
178  telepathy-gabble  telepathy-gabble
 tetex-bin  
 tex-common  
179  texinfo  texinfo
180  tgt  tgt
 thttpd  
 tiff  
 tinymux  
181  tinyproxy  tinyproxy
 tk8.3  
182  tk8.4  tk8.4
183  tmux  tk8.5
 tor  
 trac  
 trac-git  
 transmission  
 tunapie  
 turba2  
 tutos  
 tuxpaint  
 twiki  
 typespeed  
 typo3-src  
 udev  
 unalz  
184  unbound  unbound
185  unicon  unicon
186  unzip  unzip
 upcoming  
 usermin  
 util-linux  
 uw-imap  
 vim  
 vino  
187  vlc  vlc
188  vnc4  vnc4
 webcalendar  
189  webcit  webcit
190  webkit  webkit
 webmin  
 websvn  
 weechat  
191  wesnoth  wesnoth
192  wget  wget (654908)
193  wine  wine
 wireshark  
194  wml  wml
195  wordnet  wxwidgets2.8
196  wordpress  wzdftpd (655141)
197  wv2  x11-xserver-utils (655503)
 wxwidgets2.6  
 wzdftpd  
 x11-xserver-utils  
198  xapian-omega  xapian-omega
199  xen-3.0  xine-lib (655146)
 xfce4-terminal  
 xfree86  
 xfs  
 xine  
 xine-lib  
 xmcd  
200  xmlsec1  xmlsec1
201  xml-security-c  xml-security-c
202  xmltooling  xmltooling
 xmms  
 xorg-server  
 xpdf  
 xpvm  
 xterm  
 xulrunner  
 xwine  
 xzgv  
 yarssr  
 yaws  
203  zabbix  zabbix
 zaptel  
 zgv  
 znc  
204  zodb  zodb
205  zonecheck  vsftpd (655103)
206  zoo  collectd
207  zope2.10  
208  zope2.7  
209  zope-cmfplone  Packages using dh, but which need additional multiarch changes for compat 9:
210  zope-ldapuserfolder  opensc
211  zoph  openexr
212    libtorrent-rasterbar
213    exiv2
214    libcdaudio
215    pcsc-lite
216    id3lib3.8.3
217    
218    
219    Packages using Scons, needs additional research:
220    blender
221    
222    Packages using cmake, needs additional research:
223    kaffeine
224    kdebase
225    kde4libs
226    kdegraphics
227    ktorrent
228    kvirc
229    
230    
231    Packages, which should rather be removed than hardened:
232    cgiirc (suggested removal in #653510)
233    djbdns
234    dkim-milter (currently broken, dropped from testing: #629663)
235    kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
236    osiris (suggested removal in 655116)
237    
238    
239    
240    Candidate packages using cdbs, needs further studying:
241    sympa
242    libgd2
243    icedove
244    ghostscript
245    libvirt
246    gimp
247    koffice
248    libspf2
249    wordnet
250    sendmail
251    afuse
252    bomberclone
253    camlimages
254    couchdb
255    crossfire
256    dvipng
257    eggdrop
258    gdm3
259    glib2.0
260    gnutls26
261    gst-plugins-bad0.10
262    gst-plugins-good0.10
263    heimdal
264    icu
265    jabberd14
266    libapache2-mod-fcgid
267    evince
268    libast
269    libgtop2
270    libnss-ldap
271    libpam-ldap
272    libsoup2.4
273    libtasn1-3
274    libtheora
275    link-grammar
276    lsh-server
277    mediawiki
278    moin
279    pango1.0
280    pmount
281    polipo
282    poppler
283    postgresql-ocaml
284    pulseaudio
285    ruby1.8
286    ruby1.9.1
287    squid3
288    streamripper
289    sword
290    t1lib
291    unalz
292    uw-imap
293    vino
294    
295    
296    Fixed:
297    samba (2:3.5.11~dfsg-2)
298    mailman (1:2.1.14-3)
299    flac (1.2.1-6)
300    xorg-server (2:1.11.1.901-1)
301    openldap (2.4.25-4)
302    vim (2:7.3.346-1)
303    freetype (2.4.7-2)
304    python-crypto (2.4-1)
305    xorg-server (2:1.11.1.901-1)
306    xpdf (3.03-7)
307    fetchmail (6.3.21-3)
308    libmusicbrainz-2.1 (2.1_2.1.5-6.1)
309    network-manager (0.9.1.95-1)
310    libmusicbrainz-2.1 (2.1_2.1.5-6.1)
311    tmux (1.6~svn2630-2)
312    tcpdump (4.2.0~rc1-2)
313    libthai (0.1.16-1)
314    git (1:1.7.7.2-1)
315    man-db (2.6.0.2-3)
316    elinks (0.12~pre5-6)
317    zgv (5.9-4)
318    jasper (1.900.1-11)
319    xfs (1.0.8-7)
320    fbi (2.07-9)
321    reprepro (4.5.0-1)
322    antiword (0.37-8) (653499)
323    wv2 (0.4.2.dfsg.1-5)
324    dpkg (1.16.1)
325    fuse (2.8.6-3)
326    fontforge (0.0.20110222-6) (653534)
327    apache2 (2.2.21-4)
328    cabextract (1.4-2) (653509)
329    htdig (3.2.0b6-12)
330    xterm (276-2) (653488)
331    enscript (1.6.5.90-2) (653528)
332    amule (2.3.1-2) (653503)
333    gv (1:3.7.1-2)
334    bluez-hcidump (2.1-2) (653507)
335    lighttpd (1.4.30-1) (654151)
336    pimd (2.1.8-2) (654081)
337    chmlib (2:0.40a-2) (653955)
338    lynx-cur (6.6.7-4) (654097)
339    rdesktop (1.7.0-2) (653498)
340    libpam-krb5 (4.5-3) (654293)
341    curl (7.23.1-3) (654521)
342    audiofile (0.3.2-1) (651029)
343    libarchive (2.8.5-2)
344    courier (0.66.3-2) (654794)
345    libsndfile (1.0.25-4) (654831)
346    libwmf (0.2.8.4-10)
347    exiftags (1.01-5) (654804)
348    nss-pam-ldapd (0.8.5)
349    isc-dhcp (4.2.2-2)
350    sdl-image1.2 (1.2.10-3)
351    mtr (0.82-2) (654117)
352    dia (0.97.2-4)
353    libpng (1.2.46-4) (654149)
354    mldonkey (3.1.0-3) (655140)
355    avahi (0.6.30-6) (655188)
356    mon (1.2.0-5) (655137)
357    acpid (1:2.0.14-2) (653502)
358    libsmi (0.4.8+dfsg2-5) (654812)
359    sudo (1.8.3p1-3) (655417)
360    zoo (2.10-25) (655499)
361    citadel (8.04-1) (653514)
362    
363    
364    Hardening incomplete:
365    gtetrinet (653443)
366    firebird2.5 (654793)
367    ncompress (relro missing)
368    
369    
370    Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
371    apr
372    apr-util
373    pound (654833)
374    mpg123
375    
376    
377    
378    Packages using hardening-wrapper/-includes (these are considered fixed, although
379       switching them over to dpkg-buildflags might be worthwhile later on):
380    netatalk
381    graphicsmagick
382    udev
383    xfce4-terminal
384    openssh
385    evolution
386    dbus
387    libgsf
388    tor
389    evolution-data-server
390    cyrus-imapd-2.4
391    aria2
392    mysql-5.1
393    cups
394    wireshark
395    squid
396    exim4
397    php5
398    ipsec-tools
399    postgresql-8.4
400    postgresql-9.0
401    postgresql-9.1
402    gnupg2
403    nagios3
404    tiff
405    bind9
406    postfix
407    chromium-browser
408    pidgin
409    nagios-plugins
410    znc
411    cyrus-sasl2
412    ldns
413    quagga
414    nsd3
415    
416    
417    
418    
419    
420    
421    
422    
423    
424    
 Resolved/fixed:  
425    
426    
Legend:
Removed from v.17231  
changed lines
  Added in v.18135
  ViewVC Help
Powered by ViewVC 1.1.5