secure-testing/hardening/subgoal-dsa.txt

Hardening subgoal for Wheezy:
All packages, which had a DSA since 2006. 

Instructions:
- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
- After NMUing a candidate where all build flags have been successfully enabled, 
  add it to the "Resolved/fixed:" list
- After NMUing a candidate with only some of the build flags enabled, add it to
  the "Partially fixed: list (in order to remember what needs further work in the 
  future)
- cdbs packages should be fixed automatically, but needs to be double-checked


Candidates:

alsaplayer (654518)
amarok (653354)
barnowl (653506)
beid (653956)
bzip2 (655164)
capi4hylafax (653539)
chrony (655123)
clamav (653958)
courier-authlib (655168)
cpio (654522)
cscope (653490)
ctorrent (653536)
devil (653535)
dovecot (653530)
drbd8 (currently broken: #654459)
ekg (653531)
expat (653526)
file (653481)
flex (655414)
freeciv (654809)
freeradius (657838)
ganglia (655126)
eglibc (657528)
pioneers (657829)
gnumeric (657839)
gzip (currently broken: 653960)
hashcash (655864)
heartbeat (657840)
hostapd (657332)
hplip (currently broken: 657047)
iceape
iceweasel (653191)
imlib2 (656512)
inotify-tools (657841)
ircd-hybrid (657537)
isakmpd (657210)
krb5-appl (657842)
l2tpns (657846)
lasso
lcms (654821)
libapache2-mod-authnz-external
libapache2-mod-auth-pgsql
libapache-mod-auth-kerb
cairo (655128)
libcgroup (654819)
libdumb (658965)
libexif (650998)
libextractor (656780)
libfishsound (657847)
libmodplug (654817)
librpcsecgss (654808)
libtk-img (657209)
libtool
libtunepimp (654832)
libvorbis
libwpd (653947)
libxslt (655601)
links2 (654807)
linux-ftpd (656005)
ltsp
lvm2 (657523)
mapserver
memcached (655134)
mono (657518)
mplayer (658040)
mplayer2 (658034)
forked-daapd (654147)
mutt (654148)
icinga (656866)
netpbm-free (655737)
netrik (656004)
net-snmp (657519)
newt (658430)
noweb (657656)
nss (657325)
openafs (659663)
open-iscsi (659662)
libreoffice (656643)
openssl (653495)
openswan (655139)
pam-pgsql (656003)
pcre3 (656008)
pdns (656861)
pdns-recursor (656859)
perdition (655412)
ppp (658181)
pptpd (656650)
proftpd-dfsg (657213)
pstotext (655105)
python2.7 (in preparation in experimental)
python3.2 (in preparation in experimental)
rsync (652248)
ruby-gnome2 (655415)
sash (654909)
screen (656513)
smstools (656531)
snmptrapfmt (656783)
socat (654152)
spamassassin
spamass-milter
speex (655880)
squidguard (656028)
subversion
suphp (655419)
systemtap (655882) (fixed in experimental)
texinfo (656659)
tgt (656127)
tk8.4 (658017)
tk8.5 (658018)
unbound (658021)
unicon (658043)
unzip (656268)
vnc4 (656862)
webcit (656515)
wine (658039)
wxwidgets2.8
wzdftpd (655141)
x11-xserver-utils (655503)
xapian-omega (658024)
xmlsec1 (656655)
collectd (656271)
id3lib3.8.3 (656272)
opensc (656350)
openexr (656506)
pmount


Packages using Makefile.PL, needs additional research:
libhtml-parser-perl
libdbd-pg-perl
libimager-perl
libnet-dns-perl
wml

Python packages, need additional research:
zodb
python-cjson
pygresql


Packages using Scons, needs additional research:
blender

Packages using cmake, needs additional research:
kaffeine
kdebase
kde4libs
kdegraphics
ktorrent
kvirc
wesnoth-1.9

Packages using qmake, needs additional research:
psi
qt4-x11
qt-x11-free

Ocaml packages, needs additional research:
mysql-ocaml
postgresql-ocaml
camlimages


Packages, which should rather be removed than hardened:
cgiirc (suggested removal in #653510)
djbdns
dkim-milter (currently broken, dropped from testing: #629663)
kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)


Candidate packages using cdbs:
(Starting with 0.4.106, cdbs now properly exports flags. Some package
will still need patches, since they set flags manually in debian/rules
or in their upstream buildsystems. jmm will request binNMUs for all pkgs
which work w/o adaptions.)

sympa
icedove
ghostscript
libvirt
gimp
koffice
libspf2
wordnet
couchdb
crossfire
gdm3
glib2.0
gnutls26
gst-plugins-bad0.10
gst-plugins-good0.10
heimdal
jabberd14
libapache2-mod-fcgid
evince
libast
libgtop2
libnss-ldap
libpam-ldap
libsoup2.4
libtasn1-3
libtheora
link-grammar
mediawiki
moin
polipo
poppler
pulseaudio
ruby1.8
ruby1.9.1
squid3
sword
unalz
uw-imap

cdbs packages needing additional patches:
t1lib (arcane buildsystem)
streamripper (overrides CPPFLAGS in configure.ac)
eggdrop
icu (CFLAGS is set locally)


cdbs Bin-NMU candidates:
afuse 0.2-3
bomberclone 0.11.9-3
libgd2 2.0.36~rc1~dfsg-6
dvipng 1.14-1
pango1.0 1.29.4-3
vino 3.2.2-1


cdbs Bin-NMU candidates after some more investigation:
libnss-ldap 264-2.2 (cdbs currently broken, sonames messed up after recompile, #663442)


Fixed:
samba (2:3.5.11~dfsg-2)
mailman (1:2.1.14-3)
flac (1.2.1-6)
xorg-server (2:1.11.1.901-1)
openldap (2.4.25-4)
vim (2:7.3.346-1)
freetype (2.4.7-2)
python-crypto (2.4-1)
xorg-server (2:1.11.1.901-1)
xpdf (3.03-7)
fetchmail (6.3.21-3)
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
network-manager (0.9.1.95-1)
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
tmux (1.6~svn2630-2)
tcpdump (4.2.0~rc1-2)
libthai (0.1.16-1)
git (1:1.7.7.2-1)
man-db (2.6.0.2-3)
elinks (0.12~pre5-6)
zgv (5.9-4)
jasper (1.900.1-11)
xfs (1.0.8-7)
fbi (2.07-9) 
reprepro (4.5.0-1)
antiword (0.37-8) (653499)
wv2 (0.4.2.dfsg.1-5)
dpkg (1.16.1)
fuse (2.8.6-3)
fontforge (0.0.20110222-6) (653534)
apache2 (2.2.21-4)
cabextract (1.4-2) (653509)
htdig (3.2.0b6-12)
xterm (276-2) (653488)
enscript (1.6.5.90-2) (653528)
amule (2.3.1-2) (653503)
gv (1:3.7.1-2)
bluez-hcidump (2.1-2) (653507)
lighttpd (1.4.30-1) (654151)
pimd (2.1.8-2) (654081)
chmlib (2:0.40a-2) (653955)
lynx-cur (6.6.7-4) (654097)
rdesktop (1.7.0-2) (653498)
libpam-krb5 (4.5-3) (654293)
curl (7.23.1-3) (654521)
audiofile (0.3.2-1) (651029)
libarchive (2.8.5-2)
courier (0.66.3-2) (654794)
libsndfile (1.0.25-4) (654831)
libwmf (0.2.8.4-10)
exiftags (1.01-5) (654804) 
nss-pam-ldapd (0.8.5)
isc-dhcp (4.2.2-2)
sdl-image1.2 (1.2.10-3)
mtr (0.82-2) (654117)
dia (0.97.2-4)
libpng (1.2.46-4) (654149)
mldonkey (3.1.0-3) (655140)
avahi (0.6.30-6) (655188)
mon (1.2.0-5) (655137)
acpid (1:2.0.14-2) (653502)
libsmi (0.4.8+dfsg2-5) (654812)
sudo (1.8.3p1-3) (655417)
zoo (2.10-25) (655499)
citadel (8.04-1) (653514)
firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
wget (1.13.4-2) (654908)
krb5 (1.10+dfsg~beta1-1) (655248)
libxml2 (2.7.8.dfsg-6) (654903)
lftp (4.3.4-1)
libcdaudio (0.99.12p2-11) (656507)
asterisk (1:1.8.8.2~dfsg-1) (653944)
ntp (1:4.2.6.p3+dfsg-2)
pcsc-lite (1.8.2-1) (656273)
libtorrent-rasterbar (0.15.9-1) (656519)
tcpreen (1.4.4-2) (655250)
slurm-llnl (2.3.2-2) (656781)
mlmmj (1.2.17-4) (655893)
nas (1.9.3-3) (655743, 656857)
dspam (3.10.1+dfsg-3+b1) (655189)
tinyproxy (1.8.3-2) (655870)
xine-lib (1.1.20.1-2) (655146)
apt (0.8.16~exp12) (653504)
exiv2 (0.22-2) (656356)
xml-security-c (1.6.1-2) (656658)
httrack (3.44.2-1) (657334)
telepathy-gabble (0.14.1-1) (656517)
mimetex (1.73-2) (656646)
xmltooling (1.4.2-2) (656656)
emacs23 (23.3+1-5) (655118)
opensaml2 (2.4.3-2) (656006)
zabbix (1:1.8.10-1) (656774)
gmime2.4 (2.6.4-1) (657328)
qemu-kvm (1.0+dfsg-6) (657867)
iscsitarget (1.4.20.2-7) (656867)
ejabberd (2.1.10-2) (657525)
nginx (1.1.14-1) (658186)
lurker (2.3-3) (657655)
libapache-mod-jk (1:1.2.32-2) (656876)
pound (2.6-2) (654833)
rssh (2.3.3-2) (654155)
maradns (1.4.10-2) (657657)
perl (5.14.2-8) (657853)
qemu (1.0+dfsg-3) (656276)
bochs (2.4.6-5) (653511)
syslog-ng (3.3.4.dfsg-1) (655163)
libmikmod (3.1.12-3) (656779)
nspr (4.9~beta5-2) (657522)
webkit (1.6.3-1) (659391)
e2fsprogs (1.42.1-1) (654457)
splitvt (1.6.6-10) (656027)
hylafax (2:6.1~20111227-8) (656260)
nbd (1:3.0-1) (653954)
gnupg (1.4.12-1) (653480)
openvpn (2.2.1-4) (655130)
maildrop (2.5.5-1) (655133)
imagemagick (8:6.7.4.0-2) (657833) (in experimental)
loop-aes-utils (2.16.2-3) (656009)
vsftpd (2.3.5-3) (655103)
openjdk-7 (7~u3-2.1-2) (660021)
vlc (2.0.0-5) (658030)
libxfont (1:1.4.5-1) (654154)
libav (4:0.8-2) (658929)
multipath-tools (0.4.9+git0.4dfdaf2b-2) (657848)
ndiswrapper (1.57-1) (655249)
postgresql-9.1 (9.1.3-2)
lsh-utils (2.0.4-dfsg-9)


Hardening incomplete:
gtetrinet (653443)
ncompress (relro missing)


Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
apr
apr-util
mpg123
sendmail


Packages using hardening-wrapper/-includes (these are considered fixed, although
   switching them over to dpkg-buildflags might be worthwhile later on):
netatalk
strongswan
graphicsmagick
udev
xfce4-terminal
openssh
evolution
dbus
libgsf
tor
evolution-data-server
cyrus-imapd-2.4
aria2
mysql-5.1
cups
wireshark
squid
exim4
php5
ipsec-tools
postgresql-8.4
postgresql-9.0
gnupg2
nagios3
tiff
bind9
postfix
chromium-browser
pidgin
nagios-plugins
znc
cyrus-sasl2
ldns
quagga
nsd3
1	Hardening subgoal for Wheezy:
2	All packages, which had a DSA since 2006.
3
4	Instructions:
5	- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6	- After NMUing a candidate where all build flags have been successfully enabled,
7	add it to the "Resolved/fixed:" list
8	- After NMUing a candidate with only some of the build flags enabled, add it to
9	the "Partially fixed: list (in order to remember what needs further work in the
10	future)
11	- cdbs packages should be fixed automatically, but needs to be double-checked
12
13
14	Candidates:
15
16	alsaplayer (654518)
17	amarok (653354)
18	barnowl (653506)
19	beid (653956)
20	bzip2 (655164)
21	capi4hylafax (653539)
22	chrony (655123)
23	clamav (653958)
24	courier-authlib (655168)
25	cpio (654522)
26	cscope (653490)
27	ctorrent (653536)
28	devil (653535)
29	dovecot (653530)
30	drbd8 (currently broken: #654459)
31	ekg (653531)
32	expat (653526)
33	file (653481)
34	flex (655414)
35	freeciv (654809)
36	freeradius (657838)
37	ganglia (655126)
38	eglibc (657528)
39	pioneers (657829)
40	gnumeric (657839)
41	gzip (currently broken: 653960)
42	hashcash (655864)
43	heartbeat (657840)
44	hostapd (657332)
45	hplip (currently broken: 657047)
46	iceape
47	iceweasel (653191)
48	imlib2 (656512)
49	inotify-tools (657841)
50	ircd-hybrid (657537)
51	isakmpd (657210)
52	krb5-appl (657842)
53	l2tpns (657846)
54	lasso
55	lcms (654821)
56	libapache2-mod-authnz-external
57	libapache2-mod-auth-pgsql
58	libapache-mod-auth-kerb
59	cairo (655128)
60	libcgroup (654819)
61	libdumb (658965)
62	libexif (650998)
63	libextractor (656780)
64	libfishsound (657847)
65	libmodplug (654817)
66	librpcsecgss (654808)
67	libtk-img (657209)
68	libtool
69	libtunepimp (654832)
70	libvorbis
71	libwpd (653947)
72	libxslt (655601)
73	links2 (654807)
74	linux-ftpd (656005)
75	ltsp
76	lvm2 (657523)
77	mapserver
78	memcached (655134)
79	mono (657518)
80	mplayer (658040)
81	mplayer2 (658034)
82	forked-daapd (654147)
83	mutt (654148)
84	icinga (656866)
85	netpbm-free (655737)
86	netrik (656004)
87	net-snmp (657519)
88	newt (658430)
89	noweb (657656)
90	nss (657325)
91	openafs (659663)
92	open-iscsi (659662)
93	libreoffice (656643)
94	openssl (653495)
95	openswan (655139)
96	pam-pgsql (656003)
97	pcre3 (656008)
98	pdns (656861)
99	pdns-recursor (656859)
100	perdition (655412)
101	ppp (658181)
102	pptpd (656650)
103	proftpd-dfsg (657213)
104	pstotext (655105)
105	python2.7 (in preparation in experimental)
106	python3.2 (in preparation in experimental)
107	rsync (652248)
108	ruby-gnome2 (655415)
109	sash (654909)
110	screen (656513)
111	smstools (656531)
112	snmptrapfmt (656783)
113	socat (654152)
114	spamassassin
115	spamass-milter
116	speex (655880)
117	squidguard (656028)
118	subversion
119	suphp (655419)
120	systemtap (655882) (fixed in experimental)
121	texinfo (656659)
122	tgt (656127)
123	tk8.4 (658017)
124	tk8.5 (658018)
125	unbound (658021)
126	unicon (658043)
127	unzip (656268)
128	vnc4 (656862)
129	webcit (656515)
130	wine (658039)
131	wxwidgets2.8
132	wzdftpd (655141)
133	x11-xserver-utils (655503)
134	xapian-omega (658024)
135	xmlsec1 (656655)
136	collectd (656271)
137	id3lib3.8.3 (656272)
138	opensc (656350)
139	openexr (656506)
140	pmount
141
142
143	Packages using Makefile.PL, needs additional research:
144	libhtml-parser-perl
145	libdbd-pg-perl
146	libimager-perl
147	libnet-dns-perl
148	wml
149
150	Python packages, need additional research:
151	zodb
152	python-cjson
153	pygresql
154
155
156	Packages using Scons, needs additional research:
157	blender
158
159	Packages using cmake, needs additional research:
160	kaffeine
161	kdebase
162	kde4libs
163	kdegraphics
164	ktorrent
165	kvirc
166	wesnoth-1.9
167
168	Packages using qmake, needs additional research:
169	psi
170	qt4-x11
171	qt-x11-free
172
173	Ocaml packages, needs additional research:
174	mysql-ocaml
175	postgresql-ocaml
176	camlimages
177
178
179	Packages, which should rather be removed than hardened:
180	cgiirc (suggested removal in #653510)
181	djbdns
182	dkim-milter (currently broken, dropped from testing: #629663)
183	kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
184
185
186
187	Candidate packages using cdbs:
188	(Starting with 0.4.106, cdbs now properly exports flags. Some package
189	will still need patches, since they set flags manually in debian/rules
190	or in their upstream buildsystems. jmm will request binNMUs for all pkgs
191	which work w/o adaptions.)
192
193	sympa
194	icedove
195	ghostscript
196	libvirt
197	gimp
198	koffice
199	libspf2
200	wordnet
201	couchdb
202	crossfire
203	gdm3
204	glib2.0
205	gnutls26
206	gst-plugins-bad0.10
207	gst-plugins-good0.10
208	heimdal
209	jabberd14
210	libapache2-mod-fcgid
211	evince
212	libast
213	libgtop2
214	libnss-ldap
215	libpam-ldap
216	libsoup2.4
217	libtasn1-3
218	libtheora
219	link-grammar
220	mediawiki
221	moin
222	polipo
223	poppler
224	pulseaudio
225	ruby1.8
226	ruby1.9.1
227	squid3
228	sword
229	unalz
230	uw-imap
231
232	cdbs packages needing additional patches:
233	t1lib (arcane buildsystem)
234	streamripper (overrides CPPFLAGS in configure.ac)
235	eggdrop
236	icu (CFLAGS is set locally)
237
238
239	cdbs Bin-NMU candidates:
240	afuse 0.2-3
241	bomberclone 0.11.9-3
242	libgd2 2.0.36~rc1~dfsg-6
243	dvipng 1.14-1
244	pango1.0 1.29.4-3
245	vino 3.2.2-1
246
247
248	cdbs Bin-NMU candidates after some more investigation:
249	libnss-ldap 264-2.2 (cdbs currently broken, sonames messed up after recompile, #663442)
250
251
252
253	Fixed:
254	samba (2:3.5.11~dfsg-2)
255	mailman (1:2.1.14-3)
256	flac (1.2.1-6)
257	xorg-server (2:1.11.1.901-1)
258	openldap (2.4.25-4)
259	vim (2:7.3.346-1)
260	freetype (2.4.7-2)
261	python-crypto (2.4-1)
262	xorg-server (2:1.11.1.901-1)
263	xpdf (3.03-7)
264	fetchmail (6.3.21-3)
265	libmusicbrainz-2.1 (2.1_2.1.5-6.1)
266	network-manager (0.9.1.95-1)
267	libmusicbrainz-2.1 (2.1_2.1.5-6.1)
268	tmux (1.6~svn2630-2)
269	tcpdump (4.2.0~rc1-2)
270	libthai (0.1.16-1)
271	git (1:1.7.7.2-1)
272	man-db (2.6.0.2-3)
273	elinks (0.12~pre5-6)
274	zgv (5.9-4)
275	jasper (1.900.1-11)
276	xfs (1.0.8-7)
277	fbi (2.07-9)
278	reprepro (4.5.0-1)
279	antiword (0.37-8) (653499)
280	wv2 (0.4.2.dfsg.1-5)
281	dpkg (1.16.1)
282	fuse (2.8.6-3)
283	fontforge (0.0.20110222-6) (653534)
284	apache2 (2.2.21-4)
285	cabextract (1.4-2) (653509)
286	htdig (3.2.0b6-12)
287	xterm (276-2) (653488)
288	enscript (1.6.5.90-2) (653528)
289	amule (2.3.1-2) (653503)
290	gv (1:3.7.1-2)
291	bluez-hcidump (2.1-2) (653507)
292	lighttpd (1.4.30-1) (654151)
293	pimd (2.1.8-2) (654081)
294	chmlib (2:0.40a-2) (653955)
295	lynx-cur (6.6.7-4) (654097)
296	rdesktop (1.7.0-2) (653498)
297	libpam-krb5 (4.5-3) (654293)
298	curl (7.23.1-3) (654521)
299	audiofile (0.3.2-1) (651029)
300	libarchive (2.8.5-2)
301	courier (0.66.3-2) (654794)
302	libsndfile (1.0.25-4) (654831)
303	libwmf (0.2.8.4-10)
304	exiftags (1.01-5) (654804)
305	nss-pam-ldapd (0.8.5)
306	isc-dhcp (4.2.2-2)
307	sdl-image1.2 (1.2.10-3)
308	mtr (0.82-2) (654117)
309	dia (0.97.2-4)
310	libpng (1.2.46-4) (654149)
311	mldonkey (3.1.0-3) (655140)
312	avahi (0.6.30-6) (655188)
313	mon (1.2.0-5) (655137)
314	acpid (1:2.0.14-2) (653502)
315	libsmi (0.4.8+dfsg2-5) (654812)
316	sudo (1.8.3p1-3) (655417)
317	zoo (2.10-25) (655499)
318	citadel (8.04-1) (653514)
319	firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
320	wget (1.13.4-2) (654908)
321	krb5 (1.10+dfsg~beta1-1) (655248)
322	libxml2 (2.7.8.dfsg-6) (654903)
323	lftp (4.3.4-1)
324	libcdaudio (0.99.12p2-11) (656507)
325	asterisk (1:1.8.8.2~dfsg-1) (653944)
326	ntp (1:4.2.6.p3+dfsg-2)
327	pcsc-lite (1.8.2-1) (656273)
328	libtorrent-rasterbar (0.15.9-1) (656519)
329	tcpreen (1.4.4-2) (655250)
330	slurm-llnl (2.3.2-2) (656781)
331	mlmmj (1.2.17-4) (655893)
332	nas (1.9.3-3) (655743, 656857)
333	dspam (3.10.1+dfsg-3+b1) (655189)
334	tinyproxy (1.8.3-2) (655870)
335	xine-lib (1.1.20.1-2) (655146)
336	apt (0.8.16~exp12) (653504)
337	exiv2 (0.22-2) (656356)
338	xml-security-c (1.6.1-2) (656658)
339	httrack (3.44.2-1) (657334)
340	telepathy-gabble (0.14.1-1) (656517)
341	mimetex (1.73-2) (656646)
342	xmltooling (1.4.2-2) (656656)
343	emacs23 (23.3+1-5) (655118)
344	opensaml2 (2.4.3-2) (656006)
345	zabbix (1:1.8.10-1) (656774)
346	gmime2.4 (2.6.4-1) (657328)
347	qemu-kvm (1.0+dfsg-6) (657867)
348	iscsitarget (1.4.20.2-7) (656867)
349	ejabberd (2.1.10-2) (657525)
350	nginx (1.1.14-1) (658186)
351	lurker (2.3-3) (657655)
352	libapache-mod-jk (1:1.2.32-2) (656876)
353	pound (2.6-2) (654833)
354	rssh (2.3.3-2) (654155)
355	maradns (1.4.10-2) (657657)
356	perl (5.14.2-8) (657853)
357	qemu (1.0+dfsg-3) (656276)
358	bochs (2.4.6-5) (653511)
359	syslog-ng (3.3.4.dfsg-1) (655163)
360	libmikmod (3.1.12-3) (656779)
361	nspr (4.9~beta5-2) (657522)
362	webkit (1.6.3-1) (659391)
363	e2fsprogs (1.42.1-1) (654457)
364	splitvt (1.6.6-10) (656027)
365	hylafax (2:6.1~20111227-8) (656260)
366	nbd (1:3.0-1) (653954)
367	gnupg (1.4.12-1) (653480)
368	openvpn (2.2.1-4) (655130)
369	maildrop (2.5.5-1) (655133)
370	imagemagick (8:6.7.4.0-2) (657833) (in experimental)
371	loop-aes-utils (2.16.2-3) (656009)
372	vsftpd (2.3.5-3) (655103)
373	openjdk-7 (7~u3-2.1-2) (660021)
374	vlc (2.0.0-5) (658030)
375	libxfont (1:1.4.5-1) (654154)
376	libav (4:0.8-2) (658929)
377	multipath-tools (0.4.9+git0.4dfdaf2b-2) (657848)
378	ndiswrapper (1.57-1) (655249)
379	postgresql-9.1 (9.1.3-2)
380	lsh-utils (2.0.4-dfsg-9)
381
382
383	Hardening incomplete:
384	gtetrinet (653443)
385	ncompress (relro missing)
386
387
388	Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
389	apr
390	apr-util
391	mpg123
392	sendmail
393
394
395
396	Packages using hardening-wrapper/-includes (these are considered fixed, although
397	switching them over to dpkg-buildflags might be worthwhile later on):
398	netatalk
399	strongswan
400	graphicsmagick
401	udev
402	xfce4-terminal
403	openssh
404	evolution
405	dbus
406	libgsf
407	tor
408	evolution-data-server
409	cyrus-imapd-2.4
410	aria2
411	mysql-5.1
412	cups
413	wireshark
414	squid
415	exim4
416	php5
417	ipsec-tools
418	postgresql-8.4
419	postgresql-9.0
420	gnupg2
421	nagios3
422	tiff
423	bind9
424	postfix
425	chromium-browser
426	pidgin
427	nagios-plugins
428	znc
429	cyrus-sasl2
430	ldns
431	quagga
432	nsd3