/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Contents of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log

Revision 8871 - (hide annotations) (download)
Thu May 22 20:20:46 2008 UTC (5 years ago) by thijs
File size: 14036 byte(s) 
phpgedview removed (but fixed a few weeks ago anyway, but still has a copy in stable)
1 nion 7695 Embedded code copies
2     ====================
3    
4 thijs 8078 This file collects source packages that embed code from other projects.
5     This is considered bad for fixing security flaws because the fix needs
6     to be applied in multiple source packages.
7 jmm-guest 1586
8 nion 7695 Format:
9     <srcpkg> (<optional comment about srcpkg>)
10     - <embedding srcpkg> <status> (<sort>; bug #<number>)
11     NOTE: optional comments about the linkage of the embedding srcpkg
12    
13 thijs 8078 status: version number fixing the embedded copy, <unfixed>, <removed>,
14     <itp> or <unknown> if the version number can not be determined
15 fw 8142 <unfixable> for unavoidable cases (e.g., forks that add real value)
16 nion 7828 sort: static (linking statically against a lib)
17     embed (embedding a copy of the library into another source package)
18 thijs 8078 fork (the package is not just embedding code but it is a fork and
19     thus might share parts of the source code)
20 fw 8142 old-version (the package is an older version of essentially
21     the same code)
22 nion 7828
23 thijs 8078 The srcpkg might be some string to identify the code if there is no
24     specific source package.
25 jmm-guest 1586
26 thijs 8078 Everything up to the next line is ignored.
27 stef-guest 7923 ---BEGIN
28 nion 7696 xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29 jmm-guest 7743 NOTE: Fixed packages link to poppler library unless otherwise noted
30 nion 7697 - gpdf <removed>
31     [sarge] - gpdf <unfixed>
32     NOTE: has been replaced by evince in etch
33     - pdftohtml <unknown>
34     [sarge] - pdftohtml <unfixed>
35     [etch] - pdftohtml <unfixed>
36     NOTE: has been replaced by poppler-utils
37 nion 7739 - kdegraphics <unfixed> (embed; bug #436164)
38 nion 7696 NOTE: the kpdf replacement in KDE 4 is using poppler
39 nion 8760 - texlive-base 3.0-12 (embed)
40 jmm-guest 7743 - texlive-bin 2007-1 (embed)
41 nion 7696 NOTE: links to poppler
42 nion 7739 - koffice <unfixed> (embed; bug #436163)
43     - libextractor 0.5.12-1 (embed)
44 jmm-guest 7743 NOTE: libextractor is using its own pdf decoder now
45 nion 7739 - libextractor 0.5.12-1 (embed)
46     - pdfkit.framework 0.8-4 (embed)
47     - ipe <unfixed> (embed)
48 nion 7696 NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
49 nion 7739 - ruby-gnome2 <unknown> (embed)
50 nion 7696 NOTE: copy only present in source but links to poppler
51    
52 nion 7791 ppmd
53 nion 7755 - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54    
55 thijs 8189 peercast
56     - gnome-peercast <unfixed> (embed)
57     NOTE: gnome-peercast may better be removed, see #466539
58    
59 nion 7791 silc-toolkit
60 nion 7740 - silc-client 1.1~beta6-1 (embed)
61 nion 6965
62 nion 7791 dietlibc
63 nion 7740 - ccontrol 0.9.1+20071204-1 (static)
64 nion 6967
65 nion 7791 libiax
66 nion 7740 - iaxmodem <unfixed> (embed)
67 nion 6969
68 nion 7787 zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
69     - dpkg <unfixed> (embed)
70     NOTE: see 18196.48620.491996.624772@davenant.relativity.greenend.org.uk on debian-devel for discussion
71     - rsync <unfixed> (embed)
72     NOTE: somehow derived code base
73     - mono <unfixed> (embed)
74     TODO: check mozilla
75     - Linux kernels <unfixed> (embed)
76     - pvpgn 1.7.8-2 (embed)
77     - mrtg 2.12.2-1 (embed)
78     - rpm <unknown> (embed)
79 nion 7841 NOTE: pinged anibal since when rpm was fixed
80 jmm-guest 1586
81 nion 7788 libbz2
82     - dpkg <unfixed> (static)
83 stef-guest 5320
84 nion 7788 ekg
85     - centericq <unfixed> (embed)
86     - gaim <unfixed> (embed)
87     - pigdin <unfixed> (embed)(links dynamically against libgadu)
88     - kopete 4:3.3.2-5 (embed)
89     - kadu <unfixed> (embed)
90     - gadu <unfixed> (embed)
91     NOTE: g/kadu not packaged in Debian yet
92 jmm-guest 1586
93 nion 7791 xmlrpc (which package is the "origin" of this code?)
94 nion 7788 - drupal <unfixed> (embed)
95     - phpgroupware <unfixed> (embed)
96     - egroupware <unfixed> (embed)
97     - phpwiki (embed)
98     - php4 <unfixed> (embed)
99     TODO: check, php-pear, IIRC this was reorganized some weeks ago?
100 jmm-guest 1586
101 nion 7791 shtool (affects build-time only)
102     - mysql-ocaml <unfixed> (embed)
103     - php4 <unfixed> (embed)
104 jmm-guest 1588
105 nion 7791 mozilla source code
106     - mozilla-firefox <unfixed> (embed)
107     - mozilla-thunderbird
108     - firefox <removed>
109     [etch] - firefox <unfixed> (embed)
110     - thunderbird <removed>
111     [etch] - thunderbird <unfixed> (embed)
112     - iceweasel <unfixed> (embed)
113     - iceape <unfixed> (embed)
114     - icedove <unfixed> (embed)
115     - xulrunner <unfixed> (embed)
116     - nvu <removed> (embed)
117 jmm-guest 1588
118 nion 7791 xli
119     - xloadimage <unfixed> (embed)
120 jmm-guest 1588
121 nion 7827 lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
122     - openmotif <unfixed> (embed)
123     - xfree86/xorg <unfixed> (embed)
124     NOTE: in libxpm
125 jmm-guest 1588
126 nion 7827 kerberized apps with BSD origin
127     - krb4 <unfixed> (embed)
128     - krb5 <unfixed> (embed)
129     - heimdal <unfixed> (embed)
130 jmm-guest 1588
131 nion 7827 grip (which pkg is the origin?)
132     - libcdaudio
133     - grip
134     - gnome-vfs
135     TODO: check vfs2 as well
136 stef-guest 1608
137 nion 7827 fudforum
138     - phpgroupware-fudforum <unfixed> (embed)
139     - egroupware-fudforum <removed>
140     [sarge] - egroupware-fudforum <unfixed> (embed)
141 jmm-guest 1670
142 nion 7827 cvs
143     - gcvs <unfixed> (embed)
144     NOTE: see cvsunix/src in tarball
145 jmm-guest 1684
146 nion 7827 pcre
147     - python* <unfixed> (embed)
148     - php4 <unknown> (embed)
149     - analog 2:5.23-0woody1 (embed)
150     - libgoffice-1 <unfixed> (embed)
151     - vfu 4.06-4.1 (embed; bug #450754)
152     - tf5 5.0beta7-1 (embed)
153     - monotone <unfixed> (embed)
154     NOTE: this only affects versions >= 0.37
155     - glib <unfixed> (embed)
156     NOTE: 2.14 series for gregex support, only for udeb, regular packag links dynamic
157     - apache2 2.0.53-4 (embed)
158     - exim4 4.10-0.srh20.12 (embed)
159     - yacas <unfixed> (embed)
160     NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
161     - gtamsanalyzer.app 0.42-5 (embed)
162 nion 8392 - tin <unknown> (embed)
163 nion 8780 - kazehakase 0.5.2-1
164     - webkit <unfixed> (embed)
165     - qt4-x11 <unfixed> (embed)
166     NOTE: embedded via webkit copy
167 jmm-guest 1758
168 nion 7827 tiff
169 nion 8587 - wxwindows2.4 2.2.1 (embed)
170 joeyh 1802
171 nion 7827 uudeview
172     - libconvert-uulib-perl <unfixed> (embed)
173 jmm-guest 1824
174 nion 7827 sqlite (not affected by security vulnerabilities so far)
175     - amarok <unfixed> (embed)
176     - monotone <unfixed> (embed)
177     - iceweasel <unfixed> (embed)
178 jmm-guest 1828
179 nion 7827 util-linux/mount
180     - loop-aes-utils <unfixed> (embed)
181     NOTE: contains code from util-linux' mount in the mount-aes-udeb
182 jmm-guest 2104
183 nion 7827 webmin
184     - usermin <unknown> (embed)
185     [sarge] - usermin <unfixed> (embed)
186 jmm-guest 2714
187 nion 7827 sylpheed
188 nion 7828 - sylpheed-claws <unfixed> (fork)
189 jmm-guest 2751
190 nion 7827 phpsysinfo
191     - egroupware <unfixed> (embed)
192     - phpgroupware <unfixed> (embed)
193 jmm-guest 2800
194 nion 7830 phpldapadmin
195 stef-guest 7923 [sarge] - egroupware <unfixed> (embed)
196 nion 7830 NOTE: removed from egroupware after sarge
197 jmm-guest 2800
198 nion 7830 chmlib
199     - kchmviewer <unknown> (embed)
200 jmm-guest 2800
201 nion 7830 libavcodec/libavformat (source: ffmpeg)
202     - mplayer <unfixed> (embed; bug #395252)
203     - xvidcap <unfixed> (embed)
204     - kino <unfixed> (static)
205     - vlc <unfixed> (static)
206     - smilutils <unfixed> (static)
207     - motion <unfixed> (static)
208     - gst-ffmpeg <unfixed> (embed)
209     - gstreamer0.10-ffmpeg <unfixed> (embed)
210     - xmovie <unfixed>
211 nion 7841 TODO: gimp-gap (potentially using ffmpeg code as well)
212 jmm-guest 2948
213 nion 7830 mad MPEG decoding lib
214     - mad <unfixed> (embed)
215     - xine-lib <unfixed> (embed)
216 jmm-guest 2948
217     libdts
218 nion 7840 - xine-lib <unfixed> (embed)
219 jmm-guest 2948
220     flac
221 nion 7840 - xine-lib <unfixed> (embed)
222 jmm-guest 2948
223 nion 7840 liba52
224     - a52dec <unfixed> (embed)
225     - xine-lib <unfixed> (embed)
226 jmm-guest 2948
227 nion 7840 libmpeg2
228     - mpeg2dec <unfixed> (embed)
229     - xine-lib <unfixed> (embed)
230 jmm-guest 2948
231 nion 7840 curl
232     - wget <unfixed> (embed)
233     NOTE: code for NTLM authentication
234 jmm-guest 3093
235 nion 7840 uw-imap
236     - pine <unfixed> (embed)
237     - alpine <unfixed> (embed)
238 jmm-guest 3320
239 nion 7840 imagemagick
240     - graphicsmagick <unfixed> (fork)
241 jmm-guest 3402
242 nion 7840 halibut
243     - nsis <unfixed> (embed)
244 micah 3537
245 nion 7840 libghttp
246     - hotway <unfixed> (embed)
247 micah 3537
248 nion 7840 libsndfile
249     - ardour <unfixed> (embed)
250 micah 3537
251 nion 7840 glibmm2.4
252     - ardour <unfixed> (embed)
253 nion 6869
254 nion 7840 libgnomecanvasmm2.6
255     - ardour <unfixed> (embed)
256 nion 6869
257 nion 7840 libsigc++-2.0
258     - ardour <unfixed> (embed)
259 nion 6869
260 nion 7840 soundtouch
261     - ardour <unfixed> (embed)
262 nion 6869
263 nion 7840 libmms
264     - xine-lib <unfixed> (embed)
265     - mimms <unfixed> (embed)
266 nion 6869
267 nion 7840 fckeditor
268 nion 8085 - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
269 nion 7840 - moin <unfixed> (embed; bug #452599)
270     - karrigell <unfixed> (embed; bug #452598)
271     - gforge-plugins-extra 4.6.99+svn6225-1 (embed)
272 stef-guest 4517
273 nion 7841 ipatlas (not packaged in Debian)
274     - moodle <unfixed> (embed)
275 jmm-guest 7383
276 nion 7841 libphp-phpmailer
277     - moodle <unfixed> (embed)
278 neilm 4838
279 nion 7841 htmlArea (not packaged in Debian)
280     - moodle <unfixed> (embed)
281    
282 nion 8175 giflib:
283     - wine <unfixed> (embed; bug #466181)
284    
285 nion 7841 bennu (not packaged in Debian)
286     - moodle <unfixed> (embed)
287    
288     smarty:
289 thijs 8342 - moodle <unfixed> (embed; bug #471158)
290     - gallery2 <unfixed> (embed; bug #471160)
291 nion 8361 - mahara 0.9.2-2 (embed; bug #471201)
292 thijs 8347 - gosa 2.4beta1-1 (embed; bug #471200)
293 nion 7841
294 nion 7840 TinyMCE
295 micah 8739 - wordpress <unfixed> (embed; bug #478257)
296 nion 7840 - moodle <unfixed> (embed)
297     - knowledgeroot <unfixed> (embed)
298     - joomla <itp> (bug #326398)
299 stef-guest 4517
300 nion 7840 scintilla
301     - scite <unfixed> (embed)
302     - qscintilla <unfixed> (embed)
303     - qscintilla2 <unfixed> (embed)
304     - geany <unfixed> (embed)
305 stef-guest 4706
306 nion 7840 libphp-adodb
307 stef-guest 7923 - moodle <unfixed> (embed)
308     NOTE: also AdoDB-XML Schema
309 nion 7840 - gallery2 <unfixed> (embed)
310     - phppgadmin <unfixed> (embed)
311     - egroupware <unfixed> (embed)
312     - phpwiki <unfixed> (embed)
313     - ipplan <unfixed> (embed)
314     - typo3 <unfixed> (embed)
315     - moodle <unfixed> (embed)
316     - cacti <unknown> (embed)
317     [sarge] - cacti <unfixed> (embed)
318     NOTE: dependency exists, but internal version is used
319 stef-guest 4706
320 nion 7840 gzip
321 nion 7841 - linux-kernel <unfixed> (embed)
322     NOTE: lib/inflate.c
323     - klibc <unfixed> (embed)
324     NOTE: based on linux-kernel gzip code
325     - busybox <unfixed> (embed)
326 micah 4767
327 nion 7841 neon
328     - cadaver <unfixed> (embed; bug #188381)
329     - gnome-vfs2 <unfixed> (embed; bug #395874)
330     - litmus <unfixed> (embed; #395875)
331     [sarge] - screem <unfixed> (embed)
332     - sitecopy <unfixed> (embed; bug #395876)
333 stef-guest 7923 [etch] - tla <unfixed> (embed; bug #395877)
334     [sarge] - tla <unfixed> (embed; bug #395877)
335 stef-guest 5319
336 nion 7841 libmodplug
337     - gst-plugins-bad0.10 <unfixed> (embed)
338 stef-guest 5320
339 nion 7841 libvncserver
340     - vino <unfixed> (embed)
341 stef-guest 5320
342 nion 7841 putty
343     - filezilla <unfixed> (embed)
344 stef-guest 5320
345 nion 7841 tinyxml (not packaged in Debian)
346     - filezilla <unfixed>
347 stef-guest 5320
348 nion 7841 gv
349     - evince <unfixed> (embed)
350     NOTE: ps/ tree from gv 3.5.8
351     - evince-gtk <unfixed> (embed)
352     NOTE: not packaged in Debian
353 stef-guest 5321
354 nion 7841 libXbae
355     [etch] - libpawlib2-lesstif <unfixed> (embed)
356     NOTE: from Cernlib
357 stef-guest 5321
358 nion 7841 libXaw
359 stef-guest 7924 [etch] - libpawlib2-lesstif
360 nion 7841 NOTE: from Cernlib
361     NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
362 stef-guest 5321
363 nion 7841 libgd2
364     - graphviz <unfixed> (embed)
365     NOTE: lib/gd seems to be 2.0.33
366 nion 8098 - wml <unfixed> (embed)
367     NOTE: derived from gd 1.6.3
368 stef-guest 5321
369 nion 7841 rar
370     - unrar-nonfree <unfixed> (embed)
371 stef-guest 5440
372 nion 7841 unrar-free (maybe this code is derived from the original rar, too?)
373     - clamav <unfixed> (embed)
374     NOTE: seems to be disabled in default config
375 stef-guest 5440
376 nion 7841 mplayer (DirectMedia Object loader)
377     - xine-lib <unfixed> (embed)
378     NOTE: src/libw32dll/
379     - vlc <unfixed> (embed)
380     NOTE: modules/codec/dmo/
381 stef-guest 5440
382 nion 7841 libwpd (WordPerfect converter)
383     - openoffice.org <unfixed> (embed)
384 alec-guest 5564
385 nion 7841 fsplib (http://sourceforge.net/projects/fsp/)
386     - gftp <unfixed> (embed)
387     NOTE: lib/fsplib version 0.3
388 keescook-guest 6298
389 nion 7841 librpcsecgss
390     - krb5 <unfixed> (embed)
391 keescook-guest 6498
392 nion 7841 jasper
393     - ghostscript <unfixed> (embed)
394     - gs-gpl <unfixed> (embed)
395 stef-guest 6985
396 nion 7841 libidn
397     - monotone <unfixed> (embed)
398 keescook-guest 7007
399 nion 7841 liblua
400     - monotone <unfixed> (embed)
401 micah 7134
402 nion 7841 libbotan
403     - montone <unfixed> (embed)
404 nion 7136
405 nion 7841 NetXX
406     - monotone <unfixed> (embed)
407 nion 7136
408 nion 7841 libgc
409     - mono <unfixed> (embed)
410 nion 7136
411 nion 7841 lzma
412     - p7zip <unfixed> (embed)
413 white 7203
414 nion 7841 lzo
415     - grub2 <unfixed> (embed)
416 jmm-guest 7212
417 nion 7927 yassl
418     - mysql-dfsg-5.0 <unfixed> (embed)
419    
420 nion 7841 pax code
421     - tar <unfixed> (embed)
422     - cpio <unfixed> (embed)
423 jmm-guest 7212
424 nion 7841 t1lib
425     - tetex-bin 2.0.2-1 (embed)
426     - texlive-bin <unknown> (embed)
427 thijs 7985
428     guichan
429     - boswars <unfixed> (embed)
430     NOTE: maintainer notified us, working on it
431    
432     tolua
433     - boswars <unfixed> (embed)
434     NOTE: maintainer notified us, working on it
435    
436     asio-dev
437     - luxrender <unfixed> (embed)
438     NOTE: maintainer notified us, working on it
439     NOTE: may be merged with boost "soon"
440    
441 nion 7995 xine-lib
442     - vlc <unfixed> (embed)
443     NOTE: only parts included in modules/access/rtsp
444 stef-guest 8075
445     netpbm
446     - tcl8.3 <unfixed> (embed)
447     - tcl8.4 <unfixed> (embed)
448     - tcl8.5 <unfixed> (embed)
449     NOTE: generic/tkImgGIF.c
450 fw 8143
451     tk8.5
452     - tk8.0 <removed> (old-version)
453     - tk8.3 <unfixed> (old-version)
454     - tk8.4 <unfixed> (old-version)
455     - perl-tk <unfixable> (fork)
456 nion 8280
457 nion 8281 samba
458 nion 8280 - mc <unfixed> (embed)
459     NOTE: maintainer is aware of this, currently searching a solution
460 micah 8337
461     plib1.8.4c2
462     - boson <unfixed> (fork)
463     NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
464 micah 8370
465     fribidi
466     - quesoglc <unfixed> (embed)
467    
468     glew
469     - quesoglc <unfixed> (embed)
470    
471     minorGems
472     - transcend <unfixed> (embed)
473     - cultivation <unfixed> (embed)
474 jamie-guest 8413
475 jamie-guest 8728 tar
476     - libarchive <unfixed> (embed)
477 jamie-guest 8438 NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
478 jamie-guest 8728
479     cpio
480     - libarchive <unfixed> (embed)
481 jamie-guest 8438 NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
482 jamie-guest 8413
483 nion 8523 webkit
484     - qt4-x11 <unfixed> (embed)
485 white 8694
486     ftgl
487     - blender 2.45+r14660-1 (embed)
488     NOTE: Once the above version is released, it will be fixed
489 thijs 8700
490     wv
491     - abiword <unfixed>
492    
493 jamie-guest 8728 qemu
494     - kvm <unfixed> (embed)
495    
496 jamie-guest 8729 speex
497     - vorbis-tools <unfixed> (embed)
498     NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
499     - gst-plugins-good0.10 <unfixed> (embed)
500     - xine-lib <unfixed> (embed)
501     - libfishsound <unfixed> (embed)
502     - libannodex <unfixed> (embed)
503     - vlc <unfixed> (embed)
504     - xmms-speex <unfixed> (embed)
505     - libsdl-sound1.2 <unfixed> (embed)
506     - sweep <unfixed> (embed)
507    
508 micah 8740 libreadline
509     - magic <unfixed> (old-version)
510 micah 8739 NOTE: magic is currently an RFS
511    
512 micah 8740 opcode
513     - ode <unfixed> (embed)
514 micah 8739 NOTE: opcode is not a package in debian, it is just embedded
515     NOTE: http://www.codercorner.com/Opcode.htm
516 micah 8740
517     gimpact
518     - ode <unfixed> (embed)
519 micah 8739 NOTE: gimpact is not a package in debian, it is just embedded
520     NOTE: http://gimpact.sf.net
521 micah 8741
522     MochiKit.js
523     - mahara <unfixed> (embed)
524     - ntop <unfixed> (embed)
525     - python-oherence <unfixed> (embed)
526     - python-paste <unfixed> (embed)
527     - python-turbogears <unfixed> (embed)
528     - zope-plone3 <unfixed> (embed)
529    
530     prototype.js
531     - netbeans-ide <unfixed> (embed)
532     - auth2db-frontend <unfixed> (embed)
533     - citadel-webcit <unfixed> (embed)
534     - asterisk <unfixed> (embed)
535     - doc-iana <unfixed> (embed)
536     - libaws-doc <unfixed> (embed)
537     - libgettext-ruby-data <unfixed> (embed)
538     - libjson-ruby-doc <unfixed> (embed)
539     - liblucene2-java-doc <unfixed> (embed)
540     - libopenid-ruby <unfixed> (embed)
541     - solr-common <unfixed> (embed)
542     - glpi <unfixed> (embed)
543     - hobbix <unfixed> (embed)
544     - mnemo2 <unfixed> (embed)
545     - nag2 <unfixed> (embed)
546     - libjs-prototype <unfixed> (embed)
547     - libjs-scriptaculous <unfixed> (embed)
548     - knowledgeroot <unfixed> (embed)
549     - mediatomb-common <unfixed> (embed)
550     - mt-daapd <unfixed> (embed)
551     - op-panel <unfixed> (embed)
552     - ebug-http <unfixed> (embed)
553 thijs 8871 - phpgedview <removed> (embed)
554 micah 8741 - poker-web <unfixed> (embed)
555     - python-webhelpers <unfixed> (embed)
556     - qwik <unfixed> (embed)
557     - rails <unfixed> (embed)
558     - typo3-src-4.1 <unfixed> (embed)
559     - wordpress <unfixed> (embed)
560     - zope-plone3 <unfixed> (embed)
561     - smokeping <unfixed> (embed)
562    
  ViewVC Help
Powered by ViewVC 1.1.5