Contents of /data/embedded-code-copies

Embedded code copies
====================

This file collects cases, where a source package embeds code from
other projects which is considered bad for fixing security flaws
because the fix needs to be applied in multiple source packages.

Format:
<srcpkg> (<optional comment about srcpkg>)
        - <embedding srcpkg> <status> (<sort>; bug #<number>)
        NOTE: optional comments about the linkage of the embedding srcpkg

status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
sort: static (linking statically against a lib)
      embed (embedding a copy of the library into another source package)
      fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)

The srcpkg might be some string to identify the code if there is no specific source package.

xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
        NOTE: Fixed packages link to poppler library unless otherwise noted
        - gpdf <removed>
        [sarge] - gpdf <unfixed>
        NOTE: has been replaced by evince in etch
        - pdftohtml <unknown>
        [sarge] - pdftohtml <unfixed>
        [etch] - pdftohtml <unfixed>
        NOTE: has been replaced by poppler-utils
        - kdegraphics <unfixed> (embed; bug #436164)
        NOTE: the kpdf replacement in KDE 4 is using poppler
        - tetex-bin 3.0-12 (embed)
        - texlive-bin 2007-1 (embed)
        NOTE: links to poppler
        - koffice <unfixed> (embed; bug #436163)
        - libextractor 0.5.12-1 (embed)
        NOTE: libextractor is using its own pdf decoder now
        - libextractor 0.5.12-1 (embed)
        - pdfkit.framework 0.8-4 (embed)
        - ipe <unfixed> (embed)
        NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
        - ruby-gnome2 <unknown> (embed)
        NOTE: copy only present in source but links to poppler

ppmd
        - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)

silc-toolkit
        - silc-client 1.1~beta6-1 (embed)

dietlibc
        - ccontrol 0.9.1+20071204-1 (static)

libiax
        - iaxmodem <unfixed> (embed)

zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
        - dpkg <unfixed> (embed)
        NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
        - rsync <unfixed> (embed)
        NOTE: somehow derived code base
        - mono <unfixed> (embed)
        TODO: check mozilla
        - Linux kernels <unfixed> (embed)
        - pvpgn 1.7.8-2 (embed)
        - mrtg 2.12.2-1 (embed)
        - rpm <unknown> (embed)
        NOTE: pinged joeyh since when rpm was fixed

libbz2
        - dpkg <unfixed> (static)

ekg
        - centericq <unfixed> (embed)
        - gaim <unfixed> (embed)
        - pigdin <unfixed> (embed)(links dynamically against libgadu)
        - kopete 4:3.3.2-5 (embed)
        - kadu <unfixed> (embed)
        - gadu <unfixed> (embed)
        NOTE: g/kadu not packaged in Debian yet

xmlrpc (which package is the "origin" of this code?)
        - drupal <unfixed> (embed)
        - phpgroupware <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki (embed)
        - php4 <unfixed> (embed)
        TODO: check, php-pear, IIRC this was reorganized some weeks ago?

shtool (affects build-time only)
        - mysql-ocaml <unfixed> (embed)
        - php4 <unfixed> (embed)

mozilla source code
        - mozilla-firefox <unfixed> (embed)
        - mozilla-thunderbird
        - firefox <removed>
        [etch] - firefox <unfixed> (embed)
        - thunderbird <removed>
        [etch] - thunderbird <unfixed> (embed)
        - iceweasel <unfixed> (embed)
        - iceape <unfixed> (embed)
        - icedove <unfixed> (embed)
        - xulrunner <unfixed> (embed)
        - nvu <removed> (embed)

xli
        - xloadimage <unfixed> (embed)

lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
        - openmotif <unfixed> (embed)
        - xfree86/xorg <unfixed> (embed)
        NOTE: in libxpm

kerberized apps with BSD origin
        - krb4 <unfixed> (embed)
        - krb5 <unfixed> (embed)
        - heimdal <unfixed> (embed)

grip (which pkg is the origin?)
        - libcdaudio
        - grip
        - gnome-vfs
        TODO: check vfs2 as well

fudforum
        - phpgroupware-fudforum <unfixed> (embed)
        - egroupware-fudforum <removed>
        [sarge] - egroupware-fudforum <unfixed> (embed)

cvs
        - gcvs <unfixed> (embed)
        NOTE: see cvsunix/src in tarball

pcre
        - python* <unfixed> (embed)
        - php4 <unknown> (embed)
        - analog 2:5.23-0woody1 (embed)
        - libgoffice-1 <unfixed> (embed)
        - vfu 4.06-4.1 (embed; bug #450754)
        - tf5 5.0beta7-1 (embed)
        - monotone <unfixed> (embed)
        NOTE: this only affects versions >= 0.37
        - glib <unfixed> (embed)
        NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
        - apache2 2.0.53-4 (embed)
        - exim4 4.10-0.srh20.12 (embed)
        - yacas <unfixed> (embed)
        NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
        - gtamsanalyzer.app 0.42-5 (embed)

tiff
        - wxpythongtk <unfixed> (embed)
        TODO: check, which debian pkg this is in

uudeview
        - libconvert-uulib-perl <unfixed> (embed)

sqlite (not affected by security vulnerabilities so far)
        - amarok <unfixed> (embed)
        - monotone <unfixed> (embed)
        - iceweasel <unfixed> (embed)

util-linux/mount
        - loop-aes-utils <unfixed> (embed)
        NOTE: contains code from util-linux' mount in the mount-aes-udeb

webmin
        - usermin <unknown> (embed)
        [sarge] - usermin <unfixed> (embed)

sylpheed
        - sylpheed-claws <unfixed> (fork)

phpsysinfo
        - egroupware <unfixed> (embed)
        - phpgroupware <unfixed> (embed)

phpldapadmin
        - [sarge] egroupware <unfixed> (embed)
        NOTE: removed from egroupware after sarge

chmlib
        - kchmviewer <unknown> (embed)

libavcodec/libavformat (source: ffmpeg)
        - mplayer <unfixed> (embed; bug #395252)
        - xvidcap <unfixed> (embed)
        - kino <unfixed> (static)
        - vlc <unfixed> (static)
        - smilutils <unfixed> (static)
        - motion <unfixed> (static)
        - gst-ffmpeg <unfixed> (embed)
        - gstreamer0.10-ffmpeg <unfixed> (embed)
        - xmovie <unfixed>

mad MPEG decoding lib
        - mad <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libdts
        - xine-lib <unfixed> (embed)

flac
        - xine-lib <unfixed> (embed)

liba52
        - a52dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

libmpeg2
        - mpeg2dec <unfixed> (embed)
        - xine-lib <unfixed> (embed)

curl
        - wget <unfixed> (embed)
        NOTE: code for NTLM authentication

uw-imap
        - pine <unfixed> (embed)
        - alpine <unfixed> (embed)

imagemagick
        - graphicsmagick <unfixed> (fork)

halibut
        - nsis <unfixed> (embed)

libghttp
        - hotway <unfixed> (embed)

libsndfile
        - ardour <unfixed> (embed)

glibmm2.4
        - ardour <unfixed> (embed)

libgnomecanvasmm2.6
        - ardour <unfixed> (embed)

libsigc++-2.0
        - ardour <unfixed> (embed)

soundtouch
        - ardour <unfixed> (embed)

libmms
        - xine-lib <unfixed> (embed)
        - mimms <unfixed> (embed)

fckeditor
        - knowledgeroot <unfixed> (embed)
        - moin <unfixed> (embed; bug #452599)
        - karrigell <unfixed> (embed; bug #452598)
        - gforge-plugins-extra 4.6.99+svn6225-1 (embed)


Moodle contains lots of things:
AdoDB
AdoDB-XML Schema
ipatlas
PHPMailer
Smarty
htmlArea
TinyMCE
bennu

TinyMCE
        - wordpress <unfixed> (embed)
        - moodle <unfixed> (embed)
        - knowledgeroot <unfixed> (embed)
        - joomla <itp> (bug #326398)

scintilla
        - scite <unfixed> (embed)
        - qscintilla <unfixed> (embed)
        - qscintilla2 <unfixed> (embed)
        - geany <unfixed> (embed)

libphp-adodb
        - gallery2 <unfixed> (embed)
        - phppgadmin <unfixed> (embed)
        - egroupware <unfixed> (embed)
        - phpwiki <unfixed> (embed)
        - ipplan <unfixed> (embed)
        - typo3 <unfixed> (embed)
        - moodle <unfixed> (embed)
        - cacti <unknown> (embed)
        [sarge] - cacti <unfixed> (embed)
        NOTE: dependency exists, but internal version is used

gzip
linux-kernel (lib/inflate.c)
klibc (based on linux-kernel gzip code)
busybox

neon:
cadaver (all, but being worked on: #188381)
gnome-vfs2 (#395874)
litmus (#395875)
screem (sarge only)
sitecopy (#395876)
tla (etch/sid only: #395877)

libmodplug:
gst-plugins-bad0.10

libvncserver:
vino

putty:
filezilla

tinyxml (not packaged in Debian):
filezilla

gv:
evince (ps/ tree from gv 3.5.8)
evince-gtk (not packaged in Debian)

libXbae:
libpawlib2-lesstif package (from Cernlib)

libXaw:
libpawlib2-lesstif package (from Cernlib)

(I plan to deal with the above two cases after Etch release. -- KevinMcCarty)

libgd2:
graphviz (lib/gd seems to be 2.0.33)

rar:
unrar-nonfree

unrar-free: (maybe this code is derived from the original rar, too?)
clamav (seems to be disabled in default config)

mplayer (DirectMedia Object loader):
xine-lib (src/libw32dll/)
vlc (modules/codec/dmo/)

libwpd (WordPerfect converter):
openoffice.org

fsplib (http://sourceforge.net/projects/fsp/):
gftp (lib/fsplib version 0.3)

librpcsecgss:
krb5

jasper:
ghostscript
gs-gpl

libidn:
monotone

liblua:
monotone

libbotan:
montone

NetXX:
monotone

libgc:
mono

lzma:
p7zip

lzo:
grub2

pax code:
tar
cpio

t1lib:
tetex-bin (links to system t1lib since 2.0.2)
texlive-bin (links to system t1lib)

TODO evaluate:
gimp-gap (potentially using ffmpeg code as well)


1	nion	7695	Embedded code copies
2			====================
3
4	jmm-guest	1586	This file collects cases, where a source package embeds code from
5	nion	7695	other projects which is considered bad for fixing security flaws
6			because the fix needs to be applied in multiple source packages.
7	jmm-guest	1586
8	nion	7695	Format:
9			<srcpkg> (<optional comment about srcpkg>)
10			- <embedding srcpkg> <status> (<sort>; bug #<number>)
11			NOTE: optional comments about the linkage of the embedding srcpkg
12
13	nion	7840	status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined
14	nion	7828	sort: static (linking statically against a lib)
15			embed (embedding a copy of the library into another source package)
16			fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)
17
18	nion	7788	The srcpkg might be some string to identify the code if there is no specific source package.
19	jmm-guest	1586
20	nion	7696	xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
21	jmm-guest	7743	NOTE: Fixed packages link to poppler library unless otherwise noted
22	nion	7697	- gpdf <removed>
23			[sarge] - gpdf <unfixed>
24			NOTE: has been replaced by evince in etch
25			- pdftohtml <unknown>
26			[sarge] - pdftohtml <unfixed>
27			[etch] - pdftohtml <unfixed>
28			NOTE: has been replaced by poppler-utils
29	nion	7739	- kdegraphics <unfixed> (embed; bug #436164)
30	nion	7696	NOTE: the kpdf replacement in KDE 4 is using poppler
31	nion	7739	- tetex-bin 3.0-12 (embed)
32	jmm-guest	7743	- texlive-bin 2007-1 (embed)
33	nion	7696	NOTE: links to poppler
34	nion	7739	- koffice <unfixed> (embed; bug #436163)
35			- libextractor 0.5.12-1 (embed)
36	jmm-guest	7743	NOTE: libextractor is using its own pdf decoder now
37	nion	7739	- libextractor 0.5.12-1 (embed)
38			- pdfkit.framework 0.8-4 (embed)
39			- ipe <unfixed> (embed)
40	nion	7696	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
41	nion	7739	- ruby-gnome2 <unknown> (embed)
42	nion	7696	NOTE: copy only present in source but links to poppler
43
44	nion	7791	ppmd
45	nion	7755	- libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
46
47	nion	7791	silc-toolkit
48	nion	7740	- silc-client 1.1~beta6-1 (embed)
49	nion	6965
50	nion	7791	dietlibc
51	nion	7740	- ccontrol 0.9.1+20071204-1 (static)
52	nion	6967
53	nion	7791	libiax
54	nion	7740	- iaxmodem <unfixed> (embed)
55	nion	6969
56	nion	7787	zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
57			- dpkg <unfixed> (embed)
58			NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
59			- rsync <unfixed> (embed)
60			NOTE: somehow derived code base
61			- mono <unfixed> (embed)
62			TODO: check mozilla
63			- Linux kernels <unfixed> (embed)
64			- pvpgn 1.7.8-2 (embed)
65			- mrtg 2.12.2-1 (embed)
66			- rpm <unknown> (embed)
67	nion	7788	NOTE: pinged joeyh since when rpm was fixed
68	jmm-guest	1586
69	nion	7788	libbz2
70			- dpkg <unfixed> (static)
71	stef-guest	5320
72	nion	7788	ekg
73			- centericq <unfixed> (embed)
74			- gaim <unfixed> (embed)
75			- pigdin <unfixed> (embed)(links dynamically against libgadu)
76			- kopete 4:3.3.2-5 (embed)
77			- kadu <unfixed> (embed)
78			- gadu <unfixed> (embed)
79			NOTE: g/kadu not packaged in Debian yet
80	jmm-guest	1586
81	nion	7791	xmlrpc (which package is the "origin" of this code?)
82	nion	7788	- drupal <unfixed> (embed)
83			- phpgroupware <unfixed> (embed)
84			- egroupware <unfixed> (embed)
85			- phpwiki (embed)
86			- php4 <unfixed> (embed)
87			TODO: check, php-pear, IIRC this was reorganized some weeks ago?
88	jmm-guest	1586
89	nion	7791	shtool (affects build-time only)
90			- mysql-ocaml <unfixed> (embed)
91			- php4 <unfixed> (embed)
92	jmm-guest	1588
93	nion	7791	mozilla source code
94			- mozilla-firefox <unfixed> (embed)
95			- mozilla-thunderbird
96			- firefox <removed>
97			[etch] - firefox <unfixed> (embed)
98			- thunderbird <removed>
99			[etch] - thunderbird <unfixed> (embed)
100			- iceweasel <unfixed> (embed)
101			- iceape <unfixed> (embed)
102			- icedove <unfixed> (embed)
103			- xulrunner <unfixed> (embed)
104			- nvu <removed> (embed)
105	jmm-guest	1588
106	nion	7791	xli
107			- xloadimage <unfixed> (embed)
108	jmm-guest	1588
109	nion	7827	lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
110			- openmotif <unfixed> (embed)
111			- xfree86/xorg <unfixed> (embed)
112			NOTE: in libxpm
113	jmm-guest	1588
114	nion	7827	kerberized apps with BSD origin
115			- krb4 <unfixed> (embed)
116			- krb5 <unfixed> (embed)
117			- heimdal <unfixed> (embed)
118	jmm-guest	1588
119	nion	7827	grip (which pkg is the origin?)
120			- libcdaudio
121			- grip
122			- gnome-vfs
123			TODO: check vfs2 as well
124	stef-guest	1608
125	nion	7827	fudforum
126			- phpgroupware-fudforum <unfixed> (embed)
127			- egroupware-fudforum <removed>
128			[sarge] - egroupware-fudforum <unfixed> (embed)
129	jmm-guest	1670
130	nion	7827	cvs
131			- gcvs <unfixed> (embed)
132			NOTE: see cvsunix/src in tarball
133	jmm-guest	1684
134	nion	7827	pcre
135			- python* <unfixed> (embed)
136			- php4 <unknown> (embed)
137			- analog 2:5.23-0woody1 (embed)
138			- libgoffice-1 <unfixed> (embed)
139			- vfu 4.06-4.1 (embed; bug #450754)
140			- tf5 5.0beta7-1 (embed)
141			- monotone <unfixed> (embed)
142			NOTE: this only affects versions >= 0.37
143			- glib <unfixed> (embed)
144			NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
145			- apache2 2.0.53-4 (embed)
146			- exim4 4.10-0.srh20.12 (embed)
147			- yacas <unfixed> (embed)
148			NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
149			- gtamsanalyzer.app 0.42-5 (embed)
150	jmm-guest	1758
151	nion	7827	tiff
152			- wxpythongtk <unfixed> (embed)
153			TODO: check, which debian pkg this is in
154	joeyh	1802
155	nion	7827	uudeview
156			- libconvert-uulib-perl <unfixed> (embed)
157	jmm-guest	1824
158	nion	7827	sqlite (not affected by security vulnerabilities so far)
159			- amarok <unfixed> (embed)
160			- monotone <unfixed> (embed)
161			- iceweasel <unfixed> (embed)
162	jmm-guest	1828
163	nion	7827	util-linux/mount
164			- loop-aes-utils <unfixed> (embed)
165			NOTE: contains code from util-linux' mount in the mount-aes-udeb
166	jmm-guest	2104
167	nion	7827	webmin
168			- usermin <unknown> (embed)
169			[sarge] - usermin <unfixed> (embed)
170	jmm-guest	2714
171	nion	7827	sylpheed
172	nion	7828	- sylpheed-claws <unfixed> (fork)
173	jmm-guest	2751
174	nion	7827	phpsysinfo
175			- egroupware <unfixed> (embed)
176			- phpgroupware <unfixed> (embed)
177	jmm-guest	2800
178	nion	7830	phpldapadmin
179			- [sarge] egroupware <unfixed> (embed)
180			NOTE: removed from egroupware after sarge
181	jmm-guest	2800
182	nion	7830	chmlib
183			- kchmviewer <unknown> (embed)
184	jmm-guest	2800
185	nion	7830	libavcodec/libavformat (source: ffmpeg)
186			- mplayer <unfixed> (embed; bug #395252)
187			- xvidcap <unfixed> (embed)
188			- kino <unfixed> (static)
189			- vlc <unfixed> (static)
190			- smilutils <unfixed> (static)
191			- motion <unfixed> (static)
192			- gst-ffmpeg <unfixed> (embed)
193			- gstreamer0.10-ffmpeg <unfixed> (embed)
194			- xmovie <unfixed>
195	jmm-guest	2948
196	nion	7830	mad MPEG decoding lib
197			- mad <unfixed> (embed)
198			- xine-lib <unfixed> (embed)
199	jmm-guest	2948
200			libdts
201	nion	7840	- xine-lib <unfixed> (embed)
202	jmm-guest	2948
203			flac
204	nion	7840	- xine-lib <unfixed> (embed)
205	jmm-guest	2948
206	nion	7840	liba52
207			- a52dec <unfixed> (embed)
208			- xine-lib <unfixed> (embed)
209	jmm-guest	2948
210	nion	7840	libmpeg2
211			- mpeg2dec <unfixed> (embed)
212			- xine-lib <unfixed> (embed)
213	jmm-guest	2948
214	nion	7840	curl
215			- wget <unfixed> (embed)
216			NOTE: code for NTLM authentication
217	jmm-guest	3093
218	nion	7840	uw-imap
219			- pine <unfixed> (embed)
220			- alpine <unfixed> (embed)
221	jmm-guest	3320
222	nion	7840	imagemagick
223			- graphicsmagick <unfixed> (fork)
224	jmm-guest	3402
225	nion	7840	halibut
226			- nsis <unfixed> (embed)
227	micah	3537
228	nion	7840	libghttp
229			- hotway <unfixed> (embed)
230	micah	3537
231	nion	7840	libsndfile
232			- ardour <unfixed> (embed)
233	micah	3537
234	nion	7840	glibmm2.4
235			- ardour <unfixed> (embed)
236	nion	6869
237	nion	7840	libgnomecanvasmm2.6
238			- ardour <unfixed> (embed)
239	nion	6869
240	nion	7840	libsigc++-2.0
241			- ardour <unfixed> (embed)
242	nion	6869
243	nion	7840	soundtouch
244			- ardour <unfixed> (embed)
245	nion	6869
246	nion	7840	libmms
247			- xine-lib <unfixed> (embed)
248			- mimms <unfixed> (embed)
249	nion	6869
250	nion	7840	fckeditor
251			- knowledgeroot <unfixed> (embed)
252			- moin <unfixed> (embed; bug #452599)
253			- karrigell <unfixed> (embed; bug #452598)
254			- gforge-plugins-extra 4.6.99+svn6225-1 (embed)
255	stef-guest	4517
256
257	jmm-guest	7383
258	neilm	4838	Moodle contains lots of things:
259			AdoDB
260			AdoDB-XML Schema
261			ipatlas
262			PHPMailer
263			Smarty
264			htmlArea
265			TinyMCE
266			bennu
267
268	nion	7840	TinyMCE
269			- wordpress <unfixed> (embed)
270			- moodle <unfixed> (embed)
271			- knowledgeroot <unfixed> (embed)
272			- joomla <itp> (bug #326398)
273	stef-guest	4517
274	nion	7840	scintilla
275			- scite <unfixed> (embed)
276			- qscintilla <unfixed> (embed)
277			- qscintilla2 <unfixed> (embed)
278			- geany <unfixed> (embed)
279	stef-guest	4706
280	nion	7840	libphp-adodb
281			- gallery2 <unfixed> (embed)
282			- phppgadmin <unfixed> (embed)
283			- egroupware <unfixed> (embed)
284			- phpwiki <unfixed> (embed)
285			- ipplan <unfixed> (embed)
286			- typo3 <unfixed> (embed)
287			- moodle <unfixed> (embed)
288			- cacti <unknown> (embed)
289			[sarge] - cacti <unfixed> (embed)
290			NOTE: dependency exists, but internal version is used
291	stef-guest	4706
292	nion	7840	gzip
293	micah	4767	linux-kernel (lib/inflate.c)
294			klibc (based on linux-kernel gzip code)
295	micah	4808	busybox
296	micah	4767
297	neilm	4891	neon:
298			cadaver (all, but being worked on: #188381)
299			gnome-vfs2 (#395874)
300			litmus (#395875)
301			screem (sarge only)
302			sitecopy (#395876)
303			tla (etch/sid only: #395877)
304	stef-guest	5319
305			libmodplug:
306			gst-plugins-bad0.10
307	stef-guest	5320
308			libvncserver:
309			vino
310
311			putty:
312			filezilla
313
314			tinyxml (not packaged in Debian):
315			filezilla
316
317			gv:
318			evince (ps/ tree from gv 3.5.8)
319			evince-gtk (not packaged in Debian)
320	stef-guest	5321
321			libXbae:
322			libpawlib2-lesstif package (from Cernlib)
323
324			libXaw:
325			libpawlib2-lesstif package (from Cernlib)
326
327			(I plan to deal with the above two cases after Etch release. -- KevinMcCarty)
328
329			libgd2:
330			graphviz (lib/gd seems to be 2.0.33)
331	stef-guest	5440
332			rar:
333			unrar-nonfree
334
335			unrar-free: (maybe this code is derived from the original rar, too?)
336			clamav (seems to be disabled in default config)
337
338	keescook-guest	5526	mplayer (DirectMedia Object loader):
339			xine-lib (src/libw32dll/)
340			vlc (modules/codec/dmo/)
341	alec-guest	5564
342			libwpd (WordPerfect converter):
343			openoffice.org
344	keescook-guest	6298
345			fsplib (http://sourceforge.net/projects/fsp/):
346			gftp (lib/fsplib version 0.3)
347	keescook-guest	6498
348			librpcsecgss:
349			krb5
350	stef-guest	6985
351	keescook-guest	7007	jasper:
352			ghostscript
353			gs-gpl
354
355	nion	7136	libidn:
356			monotone
357	micah	7134
358	nion	7136	liblua:
359			monotone
360
361			libbotan:
362			montone
363
364			NetXX:
365			monotone
366
367	nion	7135	libgc:
368			mono
369	white	7203
370	jmm-guest	7212	lzma:
371			p7zip
372
373			lzo:
374			grub2
375
376	white	7203	pax code:
377			tar
378			cpio
379	jamie-guest	7487
380			t1lib:
381	jamie-guest	7503	tetex-bin (links to system t1lib since 2.0.2)
382			texlive-bin (links to system t1lib)
383	jamie-guest	7487
384	nion	7840	TODO evaluate:
385			gimp-gap (potentially using ffmpeg code as well)
386
387