/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Diff of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 17348 by jmm, Sat Oct 1 18:43:27 2011 UTC revision 18250 by jmm, Sun Jan 22 13:42:33 2012 UTC
# Line 8  Instructions: Line 8  Instructions:
8  - After NMUing a candidate with only some of the build flags enabled, add it to  - After NMUing a candidate with only some of the build flags enabled, add it to
9    the "Partially fixed: list (in order to remember what needs further work in the    the "Partially fixed: list (in order to remember what needs further work in the
10    future)    future)
11    - cdbs packages should be fixed automatically, but needs to be double-checked
12    
 This lists needs cleaned up further:  
 - Software written in non-C/C++ languages (PHP, etc.) should be added to  
   the non-candidates.txt file  
 - Some packages have been removed/superceded by newer srcpkgs (e.g. postgres) (I did  
   some cursory cleanup, but needs more work)  
13    
14  To check:  Candidates:
15    
16  abcmidi  alsaplayer (654518)
17  acpid  amarok (653354)
18  afuse  apt (653504)
19  alsaplayer  barnowl (653506)
20  amarok  beid (653956)
21  amule  bochs (653511)
22  antiword  bzip2 (655164)
23  apache2  capi4hylafax (653539)
24  apr  chrony (655123)
25  apr-util  clamav (653958)
26  apt  courier-authlib (655168)
27  asterisk  cpio (654522)
28  audiofile  cscope (653490)
29  avahi  ctorrent (653536)
30  barnowl  devil (653535)
31  beid  dspam (655189)
32  blender  dovecot (653530)
33  bluez-hcidump  drbd8 (currently broken: #654459)
34  bochs  e2fsprogs (654457)
 bomberclone  
 bsdgames  
 bzip2  
 cabextract  
 camlimages  
 capi4hylafax  
 cgiirc  
 cheesetracker  
 chmlib  
 chrony  
 citadel  
 clamav  
 collectd  
 couchdb  
 courier  
 courier-authlib  
 cpio  
 crawl  
 crossfire  
 cscope  
 ctorrent  
 curl  
 cyrus-imapd-2.2  
 devil  
 devscripts  
 dia  
 djbdns  
 dkim-milter  
 dovecot  
 dpkg  
 drbd8  
 dspam  
 dvipng  
 e2fsprogs  
 eggdrop  
35  ejabberd  ejabberd
36  ekg  ekg (653531)
37  elinks  emacs23 (655118)
38  emacs23  expat (653526)
39  enscript  file (653481)
40  evince  flex (655414)
41  exiftags  freeciv (654809)
 exiv2  
 expat  
 fbi  
 fetchmail  
 file  
 firebird2.5  
 flac  
 flex  
 fontforge  
 freeciv  
42  freeradius  freeradius
43  freetype  ganglia (655126)
 fuse  
 ganeti  
 ganglia  
 gdm3  
 ghostscript  
 git-core  
 glib2.0  
44  eglibc  eglibc
45  gmime2.4  gmime2.4
46  pioneers  pioneers
47  gnumeric  gnumeric
48  gnupg  gnupg (653480)
49  gnutls26  gzip (currently broken: 653960)
50  gst-plugins-bad0.10  hashcash (655864)
 gst-plugins-good0.10  
 gtetrinet  
 gv  
 gzip  
 hashcash  
51  heartbeat  heartbeat
 heimdal  
52  hostapd  hostapd
53  hplip  hplip
 htdig  
54  httrack  httrack
55  hybserv  hylafax (656260)
 hylafax  
56  iceape  iceape
57  icedove  iceweasel (653191)
 iceweasel  
 icu  
 id3lib3.8.3  
58  imagemagick  imagemagick
59  imlib2  imlib2 (656512)
60  inotify-tools  inotify-tools
61  ircd-hybrid  ircd-hybrid
62  isakmpd  isakmpd
 isc-dhcp  
63  iscsitarget  iscsitarget
 jabberd14  
 jasper  
 kaffeine  
 kazehakase  
 kde4libs  
 kdebase  
 kdegraphics  
 kolab-cyrus-imapd  
 krb5  
64  krb5-appl  krb5-appl
 ktorrent  
 kvirc  
65  l2tpns  l2tpns
66  lasso  lasso
67  lcms  lcms (654821)
 lftp  
68  libapache2-mod-authnz-external  libapache2-mod-authnz-external
69  libapache2-mod-auth-pgsql  libapache2-mod-auth-pgsql
 libapache2-mod-fcgid  
70  libapache-mod-auth-kerb  libapache-mod-auth-kerb
71  libapache-mod-jk  libapache-mod-jk
 libarchive  
72  libav  libav
73  libast  cairo (655128)
74  cairo  libcgroup (654819)
 libcdaudio  
 libcgroup  
 libdbd-pg-perl  
75  libdumb  libdumb
76  libexif  libexif (650998)
77  libextractor  libextractor (656780)
78  libfishsound  libfishsound
79  libgtop2  libmikmod (656779)
80  libhtml-parser-perl  libmodplug (654817)
81  libimager-perl  librpcsecgss (654808)
 libmikmod  
 libmodplug  
 libmusicbrainz-2.1  
 libnet-dns-perl  
 libnss-ldap  
 libpam-heimdal  
 libpam-krb5  
 libpam-ldap  
 libpng  
 librpcsecgss  
 libsmi  
 libsndfile  
 libsoup2.4  
 libtasn1-3  
 libthai  
 libtheora  
82  libtk-img  libtk-img
83  libtool  libtool
84  libtorrent-rasterbar  libtunepimp (654832)
 libtunepimp  
85  libvorbis  libvorbis
86  libwmf  libwpd (653947)
87  libwpd  libxfont (654154)
88  libxfont  libxslt (655601)
89  libxml2  links2 (654807)
90  libxslt  linux-ftpd (656005)
91  lighttpd  loop-aes-utils (656009)
 link-grammar  
 links2  
 linux-ftpd  
 loop-aes-utils  
 lsh-server  
92  ltsp  ltsp
93  lurker  lurker
94  lvm2  lvm2
95  lynx-cur  maildrop (655133)
 maildrop  
 mailman  
96  mapserver  mapserver
97  maradns  maradns
98  mediawiki  memcached (655134)
99  memcached  mimetex (1.73-2) (656646)
100  mimetex  mlmmj (655893)
 mldonkey  
 mlmmj  
 moin  
 mon  
101  mono  mono
 mpg123  
102  mplayer  mplayer
103  mplayer2  mplayer2
104  forked-daapd  forked-daapd (654147)
 mtr  
105  multipath-tools  multipath-tools
106  mutt  mutt (654148)
107  mysql-ocaml  mysql-ocaml
108  icinga  icinga
109  nas  nbd (653954)
110  nbd  ndiswrapper (655249)
111  ndiswrapper  netpbm-free (655737)
112  netpbm-free  netrik (656004)
 netrik  
113  net-snmp  net-snmp
 network-manager  
114  newt  newt
115  nginx  nginx
 no-ip  
116  noweb  noweb
 nsd3  
117  nspr  nspr
118  nss  nss
 nss-pam-ldapd  
 ntp  
119  openafs  openafs
 openexr  
120  open-iscsi  open-iscsi
121  openjdk-6  openjdk-6
122  openldap  libreoffice (656643)
123  libreoffice  opensaml2 (656006)
124  opensaml2  openssl (653495)
125  opensc  openswan (655139)
126  openssl  openvpn (655130)
127  openswan  pam-pgsql (656003)
128  openvpn  pcre3 (656008)
 oprofile  
 osiris  
 pam-pgsql  
 pango1.0  
 pcre3  
 pcsc-lite  
129  pdns  pdns
130  pdns-recursor  pdns-recursor
131  perdition  perdition (655412)
132  perl  perl
 petris  
 pimd  
 pinball  
 pmount  
 polipo  
 poppler  
 postgresql-ocaml  
 pound  
133  ppp  ppp
134  pptpd  pptpd (656650)
135  proftpd-dfsg  proftpd-dfsg
136  psi  pstotext (655105)
 pstotext  
 pulseaudio  
137  pygresql  pygresql
 python2.6  
138  python2.7  python2.7
139  python3.2  python3.2
140  python-cjson  python-cjson
141  python-crypto  qemu (656276)
 pywebdav  
 qemu  
142  qemu-kvm  qemu-kvm
143  qt4-x11  rssh (654155)
144  qt-x11-free  rsync (652248)
145  rdesktop  ruby-gnome2 (655415)
146  reprepro  sash (654909)
147  request-tracker3.8  screen (656513)
148  rssh  smstools (656531)
149  rsync  snmptrapfmt (656783)
150  ruby1.8  socat (654152)
 ruby1.9.1  
 ruby-gnome2  
 samba  
 sash  
 scponly  
 screen  
 sdl-image1.2  
 shadow  
 slurm-llnl  
 smstools  
 snmptrapfmt  
 socat  
151  spamassassin  spamassassin
152  spamass-milter  spamass-milter
153  speex  speex (655880)
154  splitvt  splitvt (656027)
155  sql-ledger  squidguard (656028)
 squid3  
 squidguard  
 streamripper  
 strongswan  
156  subversion  subversion
157  sudo  suphp (655419)
158  suphp  syslog-ng (655163)
159  sword  systemtap (655882)
160  sympa  telepathy-gabble (656517)
161  syslog-ng  texinfo (656659)
162  systemtap  tgt (656127)
163  t1lib  tinyproxy (655870)
 tcpreen  
 telepathy-gabble  
 texinfo  
 tgt  
 thttpd  
 tinymux  
 tinyproxy  
164  tk8.4  tk8.4
165  tk8.5  tk8.5
 tk8.6  
 tuxpaint  
 typespeed  
 unalz  
166  unbound  unbound
167  unicon  unicon
168  unzip  unzip (656268)
 util-linux  
 uw-imap  
 vim  
 vino  
169  vlc  vlc
170  vnc4  vnc4
171  webcit  webcit (656515)
172  webkit  webkit
 wesnoth  
 wget  
173  wine  wine
 wml  
 wv2  
 wxwidgets2.6  
174  wxwidgets2.8  wxwidgets2.8
175  wzdftpd  wzdftpd (655141)
176  x11-xserver-utils  x11-xserver-utils (655503)
177  xapian-omega  xapian-omega
178  xfs  xine-lib (655146)
179  xine-lib  xmlsec1 (656655)
180  xmcd  xml-security-c (656658)
181  xmlsec1  xmltooling (656656)
182  xml-security-c  zabbix (656774)
183  xmltooling  collectd (656271)
184  xmms  id3lib3.8.3 (656272)
185  xorg-server  exiv2 (656356)
186  xpdf  opensc (656350)
187  xpvm  openexr (656506)
188  xterm  
189  zabbix  
190  zgv  Packages using Makefile.PL, needs additional research:
191    libhtml-parser-perl
192    libdbd-pg-perl
193    libimager-perl
194    libnet-dns-perl
195    wml
196    
197    Python packages using Makefile.PL, need additional research:
198  zodb  zodb
 zoo  
199    
200    
201  Candidate packages using cdbs, fixed with the next upload after 2011-09-23 with  Packages using Scons, needs additional research:
202    the upload of dpkg/1.16.1:  blender
203  koffice  
204  kphone  Packages using cmake, needs additional research:
205    kaffeine
206    kdebase
207    kde4libs
208    kdegraphics
209    ktorrent
210    kvirc
211    wesnoth-1.9
212    
213    Packages using qmake, needs additional research:
214    psi
215    qt4-x11
216    qt-x11-free
217    
218    
219    Packages, which should rather be removed than hardened:
220    cgiirc (suggested removal in #653510)
221    djbdns
222    dkim-milter (currently broken, dropped from testing: #629663)
223    kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
224    osiris (suggested removal in 655116)
225    scponly (RM bug: 650590)
226    kazehakase (suggested removal in 656771)
227    
228    
229    
230    Candidate packages using cdbs, needs further studying:
231    sympa
232  libgd2  libgd2
233    icedove
234    ghostscript
235    libvirt
236    gimp
237    koffice
238  libspf2  libspf2
239  wordnet  wordnet
240  sendmail  sendmail
241    afuse
242    bomberclone
243    camlimages
244    couchdb
245    crossfire
246    dvipng
247    eggdrop
248    gdm3
249    glib2.0
250    gnutls26
251    gst-plugins-bad0.10
252    gst-plugins-good0.10
253    heimdal
254    icu
255    jabberd14
256    libapache2-mod-fcgid
257    evince
258    libast
259    libgtop2
260    libnss-ldap
261    libpam-ldap
262    libsoup2.4
263    libtasn1-3
264    libtheora
265    link-grammar
266    lsh-server
267    mediawiki
268    moin
269    pango1.0
270    pmount
271    polipo
272    poppler
273    postgresql-ocaml
274    pulseaudio
275    ruby1.8
276    ruby1.9.1
277    squid3
278    streamripper
279    sword
280    t1lib
281    unalz
282    uw-imap
283    vino
284    
285    
286  Candidates:  Fixed:
287    samba (2:3.5.11~dfsg-2)
288    mailman (1:2.1.14-3)
289    flac (1.2.1-6)
290    xorg-server (2:1.11.1.901-1)
291    openldap (2.4.25-4)
292    vim (2:7.3.346-1)
293    freetype (2.4.7-2)
294    python-crypto (2.4-1)
295    xorg-server (2:1.11.1.901-1)
296    xpdf (3.03-7)
297    fetchmail (6.3.21-3)
298    libmusicbrainz-2.1 (2.1_2.1.5-6.1)
299    network-manager (0.9.1.95-1)
300    libmusicbrainz-2.1 (2.1_2.1.5-6.1)
301    tmux (1.6~svn2630-2)
302    tcpdump (4.2.0~rc1-2)
303    libthai (0.1.16-1)
304    git (1:1.7.7.2-1)
305    man-db (2.6.0.2-3)
306    elinks (0.12~pre5-6)
307    zgv (5.9-4)
308    jasper (1.900.1-11)
309    xfs (1.0.8-7)
310    fbi (2.07-9)
311    reprepro (4.5.0-1)
312    antiword (0.37-8) (653499)
313    wv2 (0.4.2.dfsg.1-5)
314    dpkg (1.16.1)
315    fuse (2.8.6-3)
316    fontforge (0.0.20110222-6) (653534)
317    apache2 (2.2.21-4)
318    cabextract (1.4-2) (653509)
319    htdig (3.2.0b6-12)
320    xterm (276-2) (653488)
321    enscript (1.6.5.90-2) (653528)
322    amule (2.3.1-2) (653503)
323    gv (1:3.7.1-2)
324    bluez-hcidump (2.1-2) (653507)
325    lighttpd (1.4.30-1) (654151)
326    pimd (2.1.8-2) (654081)
327    chmlib (2:0.40a-2) (653955)
328    lynx-cur (6.6.7-4) (654097)
329    rdesktop (1.7.0-2) (653498)
330    libpam-krb5 (4.5-3) (654293)
331    curl (7.23.1-3) (654521)
332    audiofile (0.3.2-1) (651029)
333    libarchive (2.8.5-2)
334    courier (0.66.3-2) (654794)
335    libsndfile (1.0.25-4) (654831)
336    libwmf (0.2.8.4-10)
337    exiftags (1.01-5) (654804)
338    nss-pam-ldapd (0.8.5)
339    isc-dhcp (4.2.2-2)
340    sdl-image1.2 (1.2.10-3)
341    mtr (0.82-2) (654117)
342    dia (0.97.2-4)
343    libpng (1.2.46-4) (654149)
344    mldonkey (3.1.0-3) (655140)
345    avahi (0.6.30-6) (655188)
346    mon (1.2.0-5) (655137)
347    acpid (1:2.0.14-2) (653502)
348    libsmi (0.4.8+dfsg2-5) (654812)
349    sudo (1.8.3p1-3) (655417)
350    zoo (2.10-25) (655499)
351    citadel (8.04-1) (653514)
352    firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
353    wget (1.13.4-2) (654908)
354    krb5 (1.10+dfsg~beta1-1) (655248)
355    libxml2 (2.7.8.dfsg-6) (654903)
356    lftp (4.3.4-1)
357    libcdaudio (0.99.12p2-11) (656507)
358    asterisk (1:1.8.8.2~dfsg-1) (653944)
359    ntp (1:4.2.6.p3+dfsg-2)
360    pcsc-lite (1.8.2-1) (656273)
361    vsftpd (2.3.5-2) (655103)
362    libtorrent-rasterbar (0.15.9-1) (656519)
363    tcpreen (1.4.4-2) (655250)
364    slurm-llnl (2.3.2-2) (656781)
365    
366    
367    
368    Hardening incomplete:
369    gtetrinet (653443)
370    ncompress (relro missing)
371    nas (655743) (relro missing)
372    
373    
374  Partially fixed:  Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
375  -  apr
376    apr-util
377    pound (654833)
378    mpg123
379    
 Resolved/fixed:  
 ncompress (4.2.4.4-3)  
 libvirt (0.9.6-1 through cdbs)  
 gimp (2.6.11-4 through cdbs)  
 xzgv (5.9-3)  
380    
381    
382  Packages using hardening-wrapper/-includes (these are considered fixed, although  Packages using hardening-wrapper/-includes (these are considered fixed, although
383     switching them over to dpkg-buildflags might be worthwhile later on):     switching them over to dpkg-buildflags might be worthwhile later on):
 tmux  
384  netatalk  netatalk
385  man-db  strongswan
386  graphicsmagick  graphicsmagick
387  udev  udev
388  xfce4-terminal  xfce4-terminal
389  openssh  openssh
390  evolution  evolution
391  dbus  dbus
 tcpdump  
392  libgsf  libgsf
393  tor  tor
394  evolution-data-server  evolution-data-server
# Line 431  znc Line 416  znc
416  cyrus-sasl2  cyrus-sasl2
417  ldns  ldns
418  quagga  quagga
419    nsd3
420    
421    
422    
423    
424    
425    
426    
427    
428    
429    
430    
431    
Legend:
Removed from v.17348  
changed lines
  Added in v.18250
  ViewVC Help
Powered by ViewVC 1.1.5