[Secure-testing-commits] r47826 - hardening

Moritz Muehlenhoff jmm at moszumanska.debian.org
Sun Jan 8 06:44:30 UTC 2017 

Author: jmm
Date: 2017-01-08 06:44:30 +0000 (Sun, 08 Jan 2017)
New Revision: 47826

Removed:
   hardening/non-candidates.txt
   hardening/subgoal-daemons.txt
   hardening/subgoal-dsa.txt
   hardening/subgoal-important.txt
   hardening/subgoal-interpreters.txt
Log:
drop old hardening tracking files, no longer a dedidated release goal anyway
- not used for a while, bugs are opened for most and lintian
  has done their magic.


Deleted: hardening/non-candidates.txt
===================================================================
--- hardening/non-candidates.txt	2017-01-08 06:28:45 UTC (rev 47825)
+++ hardening/non-candidates.txt	2017-01-08 06:44:30 UTC (rev 47826)
@@ -1,151 +0,0 @@
-adzapper
-ajaxterm
-apt-listchanges
-auth2db
-awstats
-b2evolution
-backup-manager
-boinc
-ca-certificates
-cacti
-changetrack
-cpqarrayd
-debian-goodies
-dnsmasq
-doctrine
-dokuwiki
-drupal6
-enemies-of-carlotta
-fail2ban
-fcheck
-fex
-firefox-sage
-flamethrower
-flexbackup
-freesci
-gallery
-gallery2
-gfax
-gitolite
-gnatsweb
-gtk+2.0
-hiki
-horde2
-horde3
-ikiwiki
-ilohamail
-imp4
-ingo1
-ipplan
-jailer
-jffnms
-kronolith
-kronolith2
-ldap-account-manager
-ldapscripts
-libcrypt-cbc-perl
-libmojolicious-perl
-libnet-server-perl
-libphp-adodb
-libphp-phpmailer
-libxerces2-java
-logwatch
-lookup-el
-mahara
-mantis
-mdadm
-migrationtools
-moodle
-motor
-movabletype-opensource
-ocsinventory-agent
-otrs
-otrs2
-php4
-phpbb2
-phpgedview
-php-json-ext
-phpldapadmin
-php-mail
-phpmyadmin
-php-net-ping
-phppgadmin
-phpwiki
-php-xajax
-phpymadmin
-policyd-weight
-pommed
-popfile
-postfix-policyd
-postgrey
-python-cherrypy
-python-django
-python-dns
-rails
-redmine
-request-tracker3.4
-request-tracker3.6
-roundup
-serendipity
-sitebar
-slash
-smarty
-squirrelmail
-storebackup
-smbind
-tdiary
-tex-common
-tetex-bin
-trac
-trac-git
-transmission
-tunapie
-turba2
-tutos
-typo3-src
-twiki
-upcoming
-usermin
-webcalendar
-webmin
-websvn
-weechat
-wordpress
-xen
-yarssr
-yaws
-zaptel
-zonecheck
-zoph
-bugzilla
-sork-passwd-h3
-spip
-advi
-gforge
-albatross
-refpolicy
-base-files
-debconf
-debconf-i18n
-liblocale-gettext-perl
-libtext-charwidth-perl
-libtext-iconv-perl
-libtext-wrapi18n-perl
-lsb-base
-sensible-utils
-sysv-rc
-tzdata
-adduser
-debian-archive-keyring
-manpages
-netbase
-readline-common
-tasksel
-tasksel-data
-ganeti
-pywebdav
-sql-ledger
-request-tracker3.8
-pyopenssl
-
-

Deleted: hardening/subgoal-daemons.txt
===================================================================
--- hardening/subgoal-daemons.txt	2017-01-08 06:28:45 UTC (rev 47825)
+++ hardening/subgoal-daemons.txt	2017-01-08 06:44:30 UTC (rev 47826)
@@ -1,327 +0,0 @@
-Hardening subgoal for Wheezy:
-All daemons and libraries accessible from the network
-
-debtags search --names 'interface::daemon && implemented-in::c'
-
-Instructions:
-- After checking a package, add it to the "Candidates:" list or non-candidates.txt
-- After NMUing a candidate where all build flags have been successfully enabled, 
-  add it to the "Resolved/fixed:" list
-- After NMUing a candidate with only some of the build flags enabled, add it to
-  the "Partially fixed: list (in order to remember what needs further work in the
-  future)
-
-This list needs cleaned up further:
-- Packages with same source should be merged
-- Packages without tags should be added
-
-To check:
-
-ample
-and
-archfs
-avr-evtd
-bacula
-bandwidthd
-bcron
-beanstalkd
-binkd
-bluemon
-boa
-busybox-syslogd
-daemon
-daemontools
-dante
-dbndns
-dhis-dns-engine
-dhis-mx-sendmail-engine
-dhis-server
-dicod
-djbdns
-dma
-dnsproxy
-dsyslog
-dynamips
-ekeyd
-ez-ipupdate
-fldigi
-freepops
-gamin
-gammu
-gconf
-gnome-keyring
-gnome-settings-daemon
-gpm
-gogoc
-hal
-hdapsd
-hlbr
-httptunnel
-hybserv
-ibod
-ident2
-ifmail
-ifplugd
-ifuse
-inn
-inn2
-innfeed
-inputlirc
-iodine
-ipband
-ircd-ircu
-isakmpd
-isns
-kannel
-keynav
-klone
-krb5-appl
-labrea
-ldm-server
-leafnode
-libchipcard
-libdaemon
-libpam-ssh
-linux-atm
-linux-igd
-linux-ftpd
-lldpd
-lnpd
-lsh-server
-lyskom-server
-masqmail
-mathopd
-mdadm
-micro-httpd
-milter-greylist
-mini-httpd
-minit
-mmpong
-moc
-mpd
-mpdscribble
-muroard
-mxallowd
-nas
-net-acct
-netatalk
-netplug
-nfs-utils
-ngetty
-notification-daemon
-notify-osd
-nuttcp
-obex-data-server
-oftc-hybrid
-openafs
-opencryptoki
-openvas-server
-p910nd
-pacemaker
-pads
-powernowd
-ppp
-prayer
-preload
-pvm
-radioclk
-radiusd-livingston
-randomsound
-readahead
-remctl
-rlinetd
-rpld
-rrdcollect
-rsh-redone
-scanbuttond
-shell-fm
-shishi
-sl-modem
-sleepd
-smcroute
-snmptrapfmt
-sphinxsearch
-sup
-swapspace
-sysrqd
-sysvinit
-tcpspy
-telepathy-gabble
-telepathy-haze
-telepathy-idle
-telepathy-salut
-telepathy-sofiasip
-telnetd-ssl
-tetrinet-server
-timidity
-timps
-tracker
-tsocks
-ttysnoop
-udev
-udisks
-up-imapproxy
-upower
-upstart
-uptimed
-usbmuxd
-uucp
-v86d
-vtun
-webfs
-wicd-cli
-wims
-wmaloader
-xfce4-session
-xfce4-volumed
-xfstt
-xfwm4
-xmms2-core
-xneur
-xrdp
-xserver-xephyr
-xymon
-yubikey-server-c
-zephyr
-
-Candidates:
-clamav (#644335)
-fair (#725360)
-
-Partially fixed:
-acpi		1:2.0.14-2 #653502 , no pie and bindnow
-accountsservice
-amule		2.3.1-2 #653503, no pie and bindnow
-asterisk	1:1.8.8.2~dfsg-1 #653944, hardening flags disabled since 1:11.5.1~dfsg-1
-autossh		1.4c-2
-autofs		5.0.6-3
-balance		, no pie and bindnow
-bip			0.8.9-1, need only bindnow
-bitlbee		3.2.2-1, no bindnow
-cfengine2	, FTBFS with -Werror=format-security
-cfengine3	, FTBFS with -Werror=format-security
-c-icap		1:0.3.1-1, no pie and bindow
-cherokee, removed from the archive
-clamav		0.97.5+dfsg-1 #653958, no pie and bindnow
-clamsmtp	1.10-11, no pie and bindnow
-conntrack	1:1.2.1-1, no pie and bindnow
-consolekit	0.4.5-3, no pie and bindnow
-crossfire	no pie and bindnow
-eggdrop		1.6.20-2 #668091, no pie and bindnow
-esmtp		1.2-7, no pie and bindnow
-fprobe		, no pie and bindnow
-gearmand	, no pie and bindnow
-git			1:1.7.7.2-1, no pie and bindnow
-gpsd		3.10+dev3~d6b65b48-3, relro not effective and not pie/bindnow
-haveged		1.7-1, no pie and bindnow
-icecast2	2.4.0-1, no pie and bindnow
-inoticoming	0.2.2-1, no pie and bindnow
-ircd-hybrid	1:7.2.2.dfsg.2-8, no pie and bindnow
-iscsitarget	1.4.20.2-7 #656867, no pie and bindnow
-lsyncd		2.0.7-2, no pie and bindnow
-maradns		no pie and bindnow
-mediatomb	0.12.1-4, no pie and bindnow
-memcached	1.4.13-0.1 #655134, no pie and bindnow
-miredo		1.2.6-1, no pie and bindnow
-mysql-5.5	no pie and bindnow
-ngircd		19.1-1 #664984, no pie and bindnow
-open-iscsi	659662, no LDFLAGS used, bug reopened
-net-snmp	5.7.2~dfsg-1~0.1, no pie
-pdns		3.1-1, no pie and bindnow
-perdition	1.19~rc5-1 #655412, no pie and bindnow
-polipo		1.0.4.1-1.2 #666451, no pie and bindnow
-postfix-gld	1.7-6 #763154, no pie and bindnow
-proftpd		1.3.4a-2 #657213, no pie and bindnow
-ntp			1:4.2.6.p3+dfsg-2, no pie and bindnow
-pound		2.6-2 #654833, no pie and bindnow
-portsentry	1.2-14 #763158, no pie and bindnow
-pure-ftpd	#764537 CPPFLAGS used, but not applied
-rpcbind		0.2.0-8, no pie and bindnow
-samba		2:3.5.11~dfsg-2, no pie and bindnow
-snort		2.9.7.0-3, no pie and bindnow
-sysstat		9.1.7-2, no pie and bindnow
-trafficserver 3.0.2-1
-tcpd		7.6.q-22, no pie and bindnow
-tor			0.2.2.7-alpha-2
-uw-imap		8:2007f~dfsg-1, no pie and bindnow
-varnish		3.0.2-2 #663064, no pie and bindnow
-vpnc		0.5.3r512-1, no pie and bindnow
-
-Resolved/fixed:
-aiccu           20070115-15 #644408
-amanda          1:3.3.1-1
-apache2		2.2.12-1, sometimes partial
-apt-cacher-ng	0.6.12-1
-at			3.1.13-2
-avahi
-bind9		1:9.5.0.dfsg.P2-2
-bird		1.3.11-4
-bluez
-collectd	4.10.7-1 #656271
-cron            3.0pl1-121
-cvsd		1.0.24 #662226
-cyrus-imapd-2.4	2.4.17+caldav~beta9-9
-dbus		1.5.10-1
-dovecot		1:2.0.18-1 #653530
-dnsmasq		2.62-1
-exim4		4.80~rc2-1, false positive with blhc
-fetchmail	6.3.21-3
-freeradius	2.1.12+dfsg-1 #657838
-haproxy	
-inetutils 	2:1.9-1
-inspircd	2.0.5-0.1
-ircd-irc2	2.11.2p3~dfsg-1
-ircd-ratbox	3.0.7.dfsg-2 #664903
-isc-dhcp        4.2.2-2
-knot		1.5.1-2
-krb5		1.10+dfsg~beta1-1 #655248
-lighttpd	1.4.30-1
-loqui		0.5.1-2
-memcachedb	1.2.0-9
-minidlna	1.0.25+dfsg-1
-nagios3		3.2.3-2 (hardening-wrapper used)
-nagios-plugins	1.4.15-5
-nbd		1:3.0-1
-nfdump
-nginx		1.1.14-1
-nsd			3.2.9-3
-openbsd-inetd	0.20140418-1
-openldap	2.4.25-4 #644427
-openssh		1:5.2p1-1
-openvpn		2.2.1-4
-pcsc-lite	1.8.2-1
-postfix		2.5.4-2
-privoxy		3.0.19-2
-rsyslog		5.8.6-1 #644303
-rsync		3.1.1-1
-solid-pop3d	0.15-25
-squid		2.7.STABLE7-1
-squid3		partial
-sslh		1.10-1
-stunnel4	3:4.53-1
-suricata	1.0-1
-tcpdump		4.0.0-6
-tinc		1.0.19-1
-tinyproxy	1.8.3-2
-transmission-daemon 2.51-2 #671569
-trousers	0.3.8-1
-unbound		1.4.16-2 #658021
-vsftpd		2.3.5-2 #644295
-xdm		1:1.1.11-1
-w3m             0.5.3-5
-radvd		1:1.9.1-1.1 #665715
-quagga		0.99.22.4-3
-redis		2:2.8.14-1 #760567
-slony1-2
-sniffit         0.3.7.beta-17 (#649817)
-squidguard	1.5-3 #760726
-synergy		1.3.8-2
-zabbix		1:2.0.1+dfsg-1
-
-Not relevant:
-sks             ocaml
-ctrlproxy		removed from the archive (#657303)
-dancer-ircd		removed from the archive (#717164)
-dancer-services	removed from the archive
-bozohttpd		removed from the archive (#768477)
-warsow-server	removed from the archive (#648317)

Deleted: hardening/subgoal-dsa.txt
===================================================================
--- hardening/subgoal-dsa.txt	2017-01-08 06:28:45 UTC (rev 47825)
+++ hardening/subgoal-dsa.txt	2017-01-08 06:44:30 UTC (rev 47826)
@@ -1,464 +0,0 @@
-Hardening subgoal for Wheezy:
-All packages, which had a DSA since 2006 (up to the end of 2013)
-
-Instructions:
-- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
-- After NMUing a candidate where all build flags have been successfully enabled,
-  add it to the "Resolved/fixed:" list
-- After NMUing a candidate with only some of the build flags enabled, add it to
-  the "Partially fixed: list (in order to remember what needs further work in the
-  future)
-
-
-Unfixed packages:
-heartbeat (657840)
-isakmpd (657210)
-vnc4 (656862)
-xserver-xorg-video-openchrome (734640)
-cfingerd (needed)
-gridengine (needed)
-torque (needed)
-streamripper (needed, overrides CPPFLAGS in configure.ac)
-link-grammar (needed, LDFLAGS is set locally)
-sword (needed)
-python-cjson (734637)
-pygresql (needed)
-python-pam (needed)
-zodb (needed)
-pcp
-
-
-
-
-
-Packages using qmake, needs additional research:
-mumble
-
-
-Packages using cmake, needs additional research: (KDE-specific workaround, but apparently unfixed for plain cmake)
-kde-baseapps
-wesnoth-1.10
-
-
-Fixed:
-samba (2:3.5.11~dfsg-2)
-mailman (1:2.1.14-3)
-flac (1.2.1-6)
-xorg-server (2:1.11.1.901-1)
-openldap (2.4.25-4)
-vim (2:7.3.346-1)
-freetype (2.4.7-2)
-python-crypto (2.4-1)
-xorg-server (2:1.11.1.901-1)
-xpdf (3.03-7)
-fetchmail (6.3.21-3)
-libmusicbrainz-2.1 (2.1_2.1.5-6.1)
-network-manager (0.9.1.95-1)
-libmusicbrainz-2.1 (2.1_2.1.5-6.1)
-tmux (1.6~svn2630-2)
-tcpdump (4.2.0~rc1-2)
-libthai (0.1.16-1)
-git (1:1.7.7.2-1)
-man-db (2.6.0.2-3)
-elinks (0.12~pre5-6)
-zgv (5.9-4)
-jasper (1.900.1-11)
-xfs (1.0.8-7)
-fbi (2.07-9)
-reprepro (4.5.0-1)
-antiword (0.37-8) (653499)
-wv2 (0.4.2.dfsg.1-5)
-dpkg (1.16.1)
-fuse (2.8.6-3)
-fontforge (0.0.20110222-6) (653534)
-apache2 (2.2.21-4)
-cabextract (1.4-2) (653509)
-htdig (3.2.0b6-12)
-xterm (276-2) (653488)
-enscript (1.6.5.90-2) (653528)
-amule (2.3.1-2) (653503)
-gv (1:3.7.1-2)
-bluez-hcidump (2.1-2) (653507)
-lighttpd (1.4.30-1) (654151)
-pimd (2.1.8-2) (654081)
-chmlib (2:0.40a-2) (653955)
-lynx-cur (6.6.7-4) (654097)
-rdesktop (1.7.0-2) (653498)
-libpam-krb5 (4.5-3) (654293)
-curl (7.23.1-3) (654521)
-audiofile (0.3.2-1) (651029)
-libarchive (2.8.5-2)
-courier (0.66.3-2) (654794)
-libsndfile (1.0.25-4) (654831)
-libwmf (0.2.8.4-10)
-exiftags (1.01-5) (654804)
-nss-pam-ldapd (0.8.5)
-isc-dhcp (4.2.2-2)
-sdl-image1.2 (1.2.10-3)
-mtr (0.82-2) (654117)
-dia (0.97.2-4)
-libpng (1.2.46-4) (654149)
-mldonkey (3.1.0-3) (655140)
-avahi (0.6.30-6) (655188)
-mon (1.2.0-5) (655137)
-acpid (1:2.0.14-2) (653502)
-libsmi (0.4.8+dfsg2-5) (654812)
-sudo (1.8.3p1-3) (655417)
-zoo (2.10-25) (655499)
-citadel (8.04-1) (653514)
-firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
-wget (1.13.4-2) (654908)
-krb5 (1.10+dfsg~beta1-1) (655248)
-libxml2 (2.7.8.dfsg-6) (654903)
-lftp (4.3.4-1)
-libcdaudio (0.99.12p2-11) (656507)
-asterisk (1:1.8.8.2~dfsg-1) (653944)
-ntp (1:4.2.6.p3+dfsg-2)
-pcsc-lite (1.8.2-1) (656273)
-libtorrent-rasterbar (0.15.9-1) (656519)
-tcpreen (1.4.4-2) (655250)
-slurm-llnl (2.3.2-2) (656781)
-mlmmj (1.2.17-4) (655893)
-nas (1.9.3-3) (655743, 656857)
-dspam (3.10.1+dfsg-3+b1) (655189)
-tinyproxy (1.8.3-2) (655870)
-xine-lib (1.1.20.1-2) (655146)
-apt (0.8.16~exp12) (653504)
-exiv2 (0.22-2) (656356)
-xml-security-c (1.6.1-2) (656658)
-httrack (3.44.2-1) (657334)
-telepathy-gabble (0.14.1-1) (656517)
-mimetex (1.73-2) (656646)
-xmltooling (1.4.2-2) (656656)
-emacs23 (23.3+1-5) (655118)
-opensaml2 (2.4.3-2) (656006)
-zabbix (1:1.8.10-1) (656774)
-gmime2.4 (2.6.4-1) (657328)
-qemu-kvm (1.0+dfsg-6) (657867)
-iscsitarget (1.4.20.2-7) (656867)
-ejabberd (2.1.10-2) (657525)
-nginx (1.1.14-1) (658186)
-lurker (2.3-3) (657655)
-libapache-mod-jk (1:1.2.32-2) (656876)
-pound (2.6-2) (654833)
-rssh (2.3.3-2) (654155)
-maradns (1.4.10-2) (657657)
-perl (5.14.2-8) (657853)
-qemu (1.0+dfsg-3) (656276)
-bochs (2.4.6-5) (653511)
-syslog-ng (3.3.4.dfsg-1) (655163)
-libmikmod (3.1.12-3) (656779)
-nspr (4.9~beta5-2) (657522)
-webkit (1.6.3-1) (659391)
-e2fsprogs (1.42.1-1) (654457)
-splitvt (1.6.6-10) (656027)
-hylafax (2:6.1~20111227-8) (656260)
-nbd (1:3.0-1) (653954)
-gnupg (1.4.12-1) (653480)
-openvpn (2.2.1-4) (655130)
-maildrop (2.5.5-1) (655133)
-imagemagick (8:6.7.4.0-2) (657833)
-loop-aes-utils (2.16.2-3) (656009)
-vsftpd (2.3.5-3) (655103)
-vlc (2.0.0-5) (658030)
-libxfont (1:1.4.5-1) (654154)
-libav (4:0.8-2) (658929)
-multipath-tools (0.4.9+git0.4dfdaf2b-3) (657848)
-ndiswrapper (1.57-1) (655249)
-postgresql-9.1 (9.1.3-2)
-dovecot (1:2.0.18-1) (653530)
-lsh-utils (2.0.4-dfsg-9)
-libspf2 (1.2.9-5)
-gnutls26 (2.12.17-2)
-ncompress (4.2.4.4-4)
-libwpd (0.9.4-2)
-libreoffice (1:3.5.1-1)
-webcit (8.05-dfsg-1)
-systemtap (1.7-1) (655882)
-gzip (1.4-4) (664499)
-openssl (1.0.1-1) (653495)
-libtasn1-3 (2.12-1)
-krb5-appl (1:1.0.1-2) (657842)
-perdition (1.19~rc5-1) (655412)
-expat (2.1.0~beta3-1) (653526)
-mono (2.10.8.1-2) (657518)
-screen (4.1.0~20120320gitdb59704-1) (656513)
-afuse (0.2-3+b1) (663617)
-bomberclone (0.11.9-3+b1) (663617)
-libgd2 (2.0.36~rc1~dfsg-6+b1) (663617)
-dvipng (1.14-1+b1) (663617)
-pango1.0 (1.29.4-3+b1) (663617)
-vino (3.2.2-1+b1) (663617)
-libpam-ldap (184-8.5+b1) (663617)
-wordnet (1:3.0-26.1+b1) (663617)
-evince (3.2.1-1+b1) (663617)
-libast (0.7-6+b1) (663617)
-proftpd-dfsg (1.3.4a-2) (657213)
-texinfo (4.13a.dfsg.1-9) (656659)
-cairo (1.12.0-2) (655128)
-linux-ftpd (0.17-34) (656005)
-unzip (6.0-6) (656268)
-openexr (1.6.1-5) (656506)
-qt4-x11 (4:4.7.4-3)
-mpg123 (1.13.7-1)
-openssh (1:5.9p1-5)
-icedove (10.0.3-1)
-libhtml-parser-perl (3.69-2)
-libdbd-pg-perl (2.19.2-1)
-libimager-perl (0.89+dfsg-1)
-netrik (1.16.1-1.1) (656004)
-cscope (15.7a-3.6) (653490)
-libexif (0.6.20-2) (650998)
-python2.7 (2.7.2-10)
-alsaplayer (0.99.80-5.1) (654518)
-ctorrent (1.3.4.dnh3.3.2-3.1) (653536)
-python3.2 (3.2.2-3)
-xmlsec1 (1.2.14-1.3) (656655)
-couchdb (1.1.1-2)
-libsoup2.4 (2.38.0-1)
-glib2.0 (2.32.0-2)
-libvirt (0.9.11-1)
-libmodplug (1:0.8.8.4-2) (654817)
-pam-pgsql (0.7.3.1-3) (656003)
-sympa (6.1.7~dfsg-2+b1) (667819)
-libgtop2 (2.28.4-2+b1) (667819)
-pulseaudio (1.1-3+b1) (667819)
-squid3 (3.1.19-1+b1) (667819)
-gtetrinet (0.7.11-3+b1) (667819)
-gst-plugins-bad0.10 (0.10.23-1+b1) (667819)
-gst-plugins-good0.10 (0.10.31-1+b1) (667819)
-psi (0.14-3)
-pstotext (1.9-6) (655105)
-inotify-tools (3.13-3.1) (657841)
-libdumb (0.9.3-5.2) (658965)
-courier-authlib (0.63.0-5) (655168)
-ircd-hybrid (7.2.2.dfsg.2-7) (657537)
-libextractor (0.5.23+dfsg-8) (656780)
-hashcash (1.21-1.1) (655864)
-ganglia (3.3.5-2) (655126)
-poppler (0.18.3-1)
-mediawiki ('fixed' in 1:1.18.1-1 dropping -math package)
-icu (4.8.1.1-5)
-open-iscsi (2.0.872+git0.6676a1cf-1) (659662)
-crossfire (1.70.0-1)
-id3lib3.8.3 (3.8.3-15) (656272)
-squidguard (1.4-5) (656028)
-ekg (1:1.8~rc2+r2850-3.1) (653531)
-unbound (1.4.16-2) (658021)
-links2 (2.6-1) (654807)
-ruby1.8 (1.8.7.358-1) (667957)
-iceweasel (10.0.4esr-1)  (653191)
-nss (3.13.4-1) (657325)
-libcgroup (0.37.1-2) (654819)
-mplayer2 (2.0-518-gb711624-1) (658034)
-imlib2 (1.4.5-1) (656512)
-x11-xserver-utils (7.7~1) (655503)
-freeciv (2.3.2-1) (654809)
-libxslt (1.1.26-11) (655601)
-ruby-gnome2 (1.1.3-1) (655415)
-suphp (0.7.1-2) (655419)
-pdns (3.0-1.2) (656861)
-xapian-omega (1.2.10-1) (658024)
-forked-daapd (0.19gcd-2.1) (654147)
-socat (1.7.1.3-1.4) (654152)
-icinga (1.6.1-3) (656866)
-wpa (1.0-1) (657332)
-memcached (1.4.13-0.1) (655134)
-collectd (4.10.7-1) (656271)
-speex (1.2~rc1-4) (655880)
-amarok (2.5.0-2) (653354)
-kaffeine (1.2.2-2)
-libtk-img (1:1.3-release-12) (657209)
-openswan (1:2.6.37-2) (655139)
-wine (1.2.3-0.2) (658039) [not completely fixed.  wine's configure script automatically detects fortify and disables it via -D_FORTIFY_SOURCE=0.  will need to do some research on why that's done and whether it can be disabled]
-hplip (3.12.4-1) (667828)
-iceape (2.7.4-1)
-libtheora (1.1.1+dfsg.1-3.1)
-net-snmp (5.4.3~dfsg-2.5) (657519)
-tk8.4 (8.4.19-5) (658017)
-tk8.5 (8.5.11-2) (658018)
-heimdal (1.6~git20120403+dfsg1-2) (668022)
-lvm2 (2.02.95-2) (657523)
-bzip2 (1.0.6-2) (655164)
-opensc (0.12.2-3) (656350)
-ruby1.9.1 (1.9.3.194-1) (667964)
-snmptrapfmt (1.14+nmu1) (656783)
-polipo (1.0.4.1-1.2) (666451)
-pioneers (14.1-1) (657829)
-cpio (2.11-8) (654522)
-spamassassin (3.3.2-3) (674016)
-drbd8 (2:8.3.13-1) (667558)
-newt (0.52.14-11) (658430)
-clamav (0.97.5+dfsg-1) (653958)
-librpcsecgss (0.19-5) (654808)
-libfishsound (1.0.0-1.1) (657847)
-rsync (3.0.9-3) (652248)
-pdns-recursor (3.3-3) (656859)
-exim4 (4.80~rc2-1)
-mutt (1.5.21-6) (654148)
-capi4hylafax (01.03.00.99.svn.300-17) (653539)
-smstools (3.1.14-1.1) (656531)
-libnss-ldap (264-2.3)
-gdm3 (3.4.1-1)
-uw-imap (8:2007f~dfsg-1)
-libnet-dns-perl (0.68-1) (666767)
-flex (2.5.35-10.1) (655414)
-file (5.11-2) (653481)
-freeradius (2.1.12+dfsg-1) (657838)
-pptpd (1.3.4-6) (656650)
-chrony (1.26-2) (655123)
-devil (1.7.8-7) (653535)
-lasso (667555)
-apr
-apr-util
-openafs (1.6.2~pre2-1) (659663)
-lcms (1.19.dfsg-1.2) (654821)
-kvirc (669189)
-l2tpns (2.2.1-1) (657846)
-gnumeric
-kvirc
-wireshark
-chromium-browser
-tiff
-gnupg2
-php5
-postgresql-9.1
-systemd
-apr
-apr-util
-ltsp (5.4.0-1)
-super (3.30.0-4)
-libxt (1:1.1.1-2)
-libxcursor (1:1.1.14-1)
-libxext (2:1.3.2-1)
-libxi (2:1.7.1.901-1)
-libxrandr (2:1.4.1-1)
-libxcb (1.8-1)
-foomatic-filters (4.0.14-1)
-libupnp (1:1.6.17-1)
-tinc (1.0.19-1)
-arpwatch (2.1a15-1.2)
-libxrender (1:0.9.8-1)
-libx11 (2:1.6.0-1)
-polarssl (1.2.0-1)
-gimp (2.8.2-1)
-libtar (1.2.16-1)
-inetutils (2:1.9-1)
-varnish (3.0.2-2)
-openarena (0.8.8-1)
-libxtst (2:1.2.2-1)
-libxfixes (1:5.0-3)
-libxvmc (2:1.0.8-1)
-libxv (2:1.0.9-1)
-nbd (1:3.2-2)
-ganglia (3.3.5-2)
-gnash (0.8.11~git20130903-1)
-bogofilter (1.2.2+dfsg1-3)
-stunnel4 (3:4.53-1)
-libgcrypt11 (1.5.3-2)
-systemd (fixed since initial release)
-exactimage (0.8.8-1)
-putty (0.63-1)
-cvs (2:1.12.13+real-8)
-libfs (2:1.0.5-1)
-haproxy (1.4.24-2) (might be fixed earlier)
-mapserver (6.2.1-3)
-notmuch (checked current version, but no info in changelog when it was introduced)
-bip (0.8.9-1)
-libyaml-libyaml-perl (0.38-2)
-ircd-ratbox (3.0.7.dfsg-2)
-inspircd (2.0.5-0.1)
-spamass-milter (0.3.2-1)
-wpa (1.0-2)
-libgdata (checked current version, but no info in changelog when it was introduced)
-trousers (0.3.8-1)
-libxres (2:1.0.7-1)
-xen (4.2.2-1)
-mesa (9.1.4-1)
-libxinerama (2:1.1.3-1)
-ecryptfs-utils (103-3)
-quagga (0.99.22.4-3)
-openconnect (3.17-1)
-radsecproxy (1.6-1)
-openttd (1.1.5-2)
-zoneminder (1.25.0-3)
-icedtea-web (1.3-1)
-telepathy-gabble (0.14.1-1)
-dbus (1.5.10-1)
-libgsf (1.14.26-2)
-libdmx (1:1.1.3-1)
-libxxf86dga (2:1.1.4-1)
-libxxf86vm (1:1.1.3-1)
-wxwidgets2.8 (2.8.12.1-13)
-eggdrop (1.6.20-2)
-kde4libs (4:4.10.4-1)
-ktorrent (4.3.1-2)
-libapache2-mod-fcgid (1:2.3.7-1)
-weechat (0.4.2-1)
-libssh (0.5.0-2)
-libapache2-mod-auth-pgsql (2.0.3-6)
-libapache2-mod-authnz-external (3.3.1-0.1)
-libapache-mod-auth-kerb (5.4-2.1)
-libapache2-mod-rpaf (0.6-6)
-blender (2.65a+svn53743-1)
-xfce4-terminal (0.6.2-1)
-evolution-data-server (3.2.1-1)
-aria2 (1.15.0-2)
-cups (1.5.2-6)
-modsecurity-apache (2.6.6-1)
-libupnp4 (1.8.0~svn20100507-1.2)
-ppp (2.4.5+git20130610-2) (658181)
-pymongo (2.2-2)
-raptor (1.4.21-8) (first rebuild after cdbs was fixed)
-plib (1.8.5-7)
-nut (2.6.1-1)
-dropbear (734636) (2013.60-1)
-cups-pk-helper (0.2.5-2) (734803)
-barnowl (1.9-1) (653506)
-libproxy (checked current version, but no info in changelog when it was introduced)
-libvorbis (1.3.2-1.3)
-subversion (1.8.5-1) (734918)
-wml (2.0.12ds1-7)
-davfs2 (checked current version, but no info in changelog when it was introduced)
-openjdk-7 (660021) (checked current version, but no info in changelog when it was introduced)
-graphviz (2.26.3-16.1) (734804)
-unalz (0.65-4) (736460)
-libotr (4.0.0-3) (734115)
-pmount (0.9.23-3) (664501)
-openjpeg (1.5.1-1)
-tgt (1:1.0.46-1) (656127)
-graphicsmagick (1.3.18-3)
-cyrus-imapd-2.4 (2.4.17+caldav~beta9-9)
-pixman (0.32.6-3) (733986)
-noweb (2.11b-8) (657656)
-globus-gridftp-server (734920) (7.11-1)
-pcre3 (656008) (1:8.35-3.1)
-netpbm-free (655737) (2:10.0-15.1)
-sendmail (8.14.4-4.1)
-strongswan (5.0.4-1)
-evolution (3.4.2-1)
-cyrus-sasl2 (2.1.24~rc1.dfsg1+cvs2011-05-23-5)
-nsd3 (3.2.9-3)
-ipsec-tools (1:0.8.2+20140711-2)
-ghostscript (9.16~dfsg-2)
-bacula (736461) (7.0.5+dfsg-3)
-
-
-Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
-eglibc (657528)
-
-
-
-Packages using hardening-wrapper/-includes (these are considered fixed, although
-   switching them over to dpkg-buildflags might be worthwhile later on):
-tor
-mysql-5.5
-nagios3
-bind9
-postfix
-pidgin (needed)
-monitoring-plugins
-znc
-ldns (needed)
-virtualbox (736459) (4.3.6-dfsg-1)
-

Deleted: hardening/subgoal-important.txt
===================================================================
--- hardening/subgoal-important.txt	2017-01-08 06:28:45 UTC (rev 47825)
+++ hardening/subgoal-important.txt	2017-01-08 06:44:30 UTC (rev 47826)
@@ -1,76 +0,0 @@
-Hardening subgoal for Wheezy:
-All packages of priority required or important. Generated with
-
-aptitude search '~prequired' | sed 's/\ A//' '{print$2}' 
-aptitude search '~pimportant' | sed 's/\ A//' '{print$2}
-
-Instructions:
-- After NMUing a candidate where all build flags have been successfully enabled, 
-  add it to the "Resolved/fixed:" list
-- After NMUing a candidate with only some of the build flags enabled, add it to
-  the "Partially fixed: list (in order to remember what needs further work in the
-  future)
-
-Packages, which need to be fixed:
-iproute (672828)
-libept (relro missing, 734632)
-mawk (incomplete, 656026)
-
-
-
-Resolved/fixed:
-pam (1.1.3-3)
-udev (163-1)
-man-db (2.5.7-5)
-libpipeline (1.0.0-1)
-readline6 (6.2-7)
-ncurses (5.9-3)
-rsyslog (5.8.6-1)
-libselinux (2.1.0-2)
-debianutils (4.1)
-libusb (2:0.1.12-20) (653742)
-tar (1.26-4) (653722)
-iptables (1.4.12.1-1) (653737)
-findutils (4.4.2-2) (653849)
-module-init-tools (4.0.3-1) (now kmod)
-hostname (3.10) (655874)
-bash (4.2-1)
-bsdmainutils (9.0.1) (656011)
-procps (1:3.3.2-3) (656511)
-cron (3.0pl1-121) (653720)
-slang2 (2.2.4-6) (656128)
-aptitude (0.6.5-1) (657532)
-shadow (1:4.1.5-1) (657010)
-diffutils (1:3.2-2) (653853)
-libsepol (2.1.4-2) (656016)
-grep (2.11-1) (655502)
-dmidecode (2.11-6) (655891)
-cwidget (0.5.16-3.2) (656024)
-ifupdown (0.7~rc1+experimental) (661243)
-coreutils (8.13-3.2) (653743)
-popt (1.16-5) (672835)
-logrotate (3.8.1-3) (658735)
-traceroute (1:2.0.18-2) (656014)
-xapian-core (1.2.10-2) (672836)
-zlib (1:1.2.7.dfsg-2) (672310)
-sysvinit (2.88dsf-25)
-sed (4.2.1-10) (653718)
-netcat (1.10-40) (655881)
-acl (2.2.51-8) (673998)
-gdbm (1.8.3-11) (657040)
-xz-utils (5.1.1alpha+20120614-1) (653739)
-util-linux (2.20.1-2) (653856)
-attr (1:2.4.46-8)
-base-passwd (3.5.25) (655501)
-groff (1.21-8) (653852)
-iputils (3:20101006-3) (656023)
-net-tools (1.60-24.2) (656130)
-boost1.54
-dash (0.5.7-3+nmu1) (662721)
-libsigc++-2.0 (2.2.11-1) (658964) 
-nano (2.2.6-3) (656133)
-
-
-
-
-

Deleted: hardening/subgoal-interpreters.txt
===================================================================
--- hardening/subgoal-interpreters.txt	2017-01-08 06:28:45 UTC (rev 47825)
+++ hardening/subgoal-interpreters.txt	2017-01-08 06:44:30 UTC (rev 47826)
@@ -1,90 +0,0 @@
-Hardening subgoal for Wheezy:
-All interpreters written in C
-
-debtags search --names 'devel::interpreter && implemented-in::c'
-
-Instructions:
-- After checking a package, add it to the "Candidates:" list or non-candidates.txt
-- After NMUing a candidate where all build flags have been successfully enabled, 
-  add it to the "Resolved/fixed:" list
-- After NMUing a candidate with only some of the build flags enabled, add it to
-  the "Partially fixed: list (in order to remember what needs further work in the
-  future)
-
-This list needs cleaned up further:
-- Packages with same source should be merged
-- Packages without tags should be added (ex ruby)
-- Add shell interpreters
-- Add PDF interpreters
-
-To check:
-
-9base
-bc
-beef
-chemeq
-clips
-clisp
-cpp-4.4
-cpp-4.6
-cpp-4.7
-csh
-dash
-evince
-frotz
-gambas2-script
-gambc
-gcl
-gclcvs
-ghc6
-goo
-gplcver
-gs-gpl
-guile-1.8-libs
-hugs
-iceweasel
-icon
-ikarus
-jzip
-ksh
-lua5.1
-lua5.2
-lua50
-mdk
-mksh
-mono
-nodejs
-original-awk
-parrot
-pdksh
-perl
-pike7.6
-pike7.8
-poppler
-python2.6
-python2.7
-python3.2
-ragel
-ruby1.8
-ruby1.9.1
-seed
-slsh
-tads3
-tcl-dev
-yorick
-
-Candidates:
-
-Partially fixed:
-zsh (#644400)
-mawk (#656026)
-
-Resolved/fixed:
-bash		4.2-1 #641350
-dmidecode	2.11-5
-gawk		1:4.0.1+dfsg-1
-php5		5.3.1-3
-python2.7	2.7.2-10
-tcsh		6.18.01-1 #644402
-
-

More information about the Secure-testing-commits mailing list