/[secure-testing]/data/embedded-code-copies

Diff of /data/embedded-code-copies

Parent Directory | Revision Log | View Patch Patch

-revision 7787 by nion,
Wed Jan  2 20:22:47 2008 UTC
+revision 12966 by gilbert-guest,
Fri Oct  9 19:41:19 2009 UTC
 Line 1
  Embedded code copies
  ====================
- This file collects cases, where a source package embeds code from
+ This file collects source packages that embed code from other projects.
- other projects which is considered bad for fixing security flaws
+ This is considered bad for fixing security flaws because the fix needs
- because the fix needs to be applied in multiple source packages.
+ to be applied in multiple source packages.
  Format:
  <srcpkg> (<optional comment about srcpkg>)
          - <embedding srcpkg> <status> (<sort>; bug #<number>)
          NOTE: optional comments about the linkage of the embedding srcpkg
- status: version number fixing the embedded copy, <unfixed>, <removed> or <unknown> if the version number can not be determined
+ status: version number fixing the embedded copy, <unfixed>, <removed>,
- sort: static (linking statically against a lib), embed (embedding a copy of the library into another source package)
+         <itp>, <not-affected>, <unknown> if the version number can not
+         be determined, or <unfixable> for unavoidable cases (e.g., forks
+         that add real value)
+ sort: static (linking statically against a lib)
+       embed (embedding a copy of the library into another source package)
+       fork (the package is not just embedding code but it is a fork and
+             thus might share parts of the source code)
+       old-version (the package is an older version of essentially
+                    the same code)
+ The srcpkg might be some string to identify the code if there is no
+ specific source package.
+ Everything up to the next line is ignored.
+ ---BEGIN
  xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
          NOTE: Fixed packages link to poppler library unless otherwise noted
-         - gpdf <removed>
-         [sarge] - gpdf <unfixed>
          NOTE: has been replaced by evince in etch
          - pdftohtml <unknown>
          [sarge] - pdftohtml <unfixed>
          [etch] - pdftohtml <unfixed>
          NOTE: has been replaced by poppler-utils
-         - kdegraphics <unfixed> (embed; bug #436164)
+         - kdegraphics 4:4.2.2-1 (embed; bug #436164)
-         NOTE: the kpdf replacement in KDE 4 is using poppler
+         - texlive-base 3.0-12 (embed)
-         - tetex-bin 3.0-12 (embed)
          - texlive-bin 2007-1 (embed)
          NOTE: links to poppler
          - koffice <unfixed> (embed; bug #436163)
          - libextractor 0.5.12-1 (embed)
          NOTE: libextractor is using its own pdf decoder now
-         - libextractor 0.5.12-1 (embed)
-         - pdfkit.framework 0.8-4 (embed)
          - ipe <unfixed> (embed)
          NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
          - ruby-gnome2 <unknown> (embed)
          NOTE: copy only present in source but links to poppler
+         - pdfedit <unfixed> (embed; bug #510794)
+         - swftools <unfixed> (embed)
+ ppmd
+         - libcomplearn-mod-ppmd <unfixed> (fork)
+         NOTE: discussion in #458152
+ libevent
+         - transmission 1.71-1 (embed; bug #529372)
- ppmd:
+ lrmi
-         - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
+         - read-edid 2.0.0-1 (embed; bug #495131)
- silc-toolkit:
+ peercast
+         - gnome-peercast <unfixed> (embed)
+         NOTE: gnome-peercast may better be removed, see #466539
+ silc-toolkit
          - silc-client 1.1~beta6-1 (embed)
- dietlibc:
+ icclib
+         - ghostscript <unfixed> (embed)
+         - argyll <unfixed> (embed)
+ dietlibc
          - ccontrol 0.9.1+20071204-1 (static)
- libiax:
+ libmikmod
+         - sdl-mixer1.2 <unfixed> (embed)
+         TODO: report bug
+ libiax
          - iaxmodem <unfixed> (embed)
  zlib (lots of apps embed a copy, but link dynamically, but there are a few exceptions)
-Line 60 
 zlib (lots of apps embed a copy, but lin
+Line 89 
 zlib (lots of apps embed a copy, but lin
          - pvpgn 1.7.8-2 (embed)
          - mrtg 2.12.2-1 (embed)
          - rpm <unknown> (embed)
-         NOTE: pinged joeyh
+         NOTE: pinged anibal since when rpm was fixed
+         - tuxcmd-modules <unfixed> (embed)
+         - zsync <unfixed>
+         - tra <unfixed>
+         - sash <unfixed>
+         - nsis <unfixed>
+         - mseide-msegui <unfixed>
+         NOTE: mseide
+         - mirrordir <unfixed>
+         - poco <unfixed>
+         - klibc <unfixed>
+         - ghostscript <unfixed>
+         - freeimage <unfixed>
+         - clamav <unfixed> (fork)
+         NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
+         - tuxonice-userui <unfixed>
+         - plt-scheme <unfixed>
+         - perl <unfixed>
+         - paraview <unfixed>
+         - gcvs <unfixed>
+         - erlang <unfixed>
+         - dump <unfixed>
+         - aide <unfixed> (static)
+         - dar <unfixed> (static)
+         - avfs <unfixed>
+         - fpc <unfixed>
+         - winff <unfixed>
+         NOTE: inherited from fpc, see #472304
+         - lazarus <unfixed>
+         NOTE: inherited from fpc, see #472304
+         - erlang <unfixed> (embed)
+ dulwich
+         - hg-git <unfixed> (embed; bug #541996)
+ libvigraimpex
+         - hugin <unfixed> (embed; bug #542259)
+         - enblend-enfuse <unfixed> (embed; bug #542258)
+ libbz2
+         - dpkg <unfixed> (static)
+ libgadu
+         - centericq <unfixed> (embed)
+         - pidgin <unfixed> (embed)
+         NOTE: pidgin links dynamically against libgadu; that should be fixed, then???
+         - kdenetwork 4:3.3.2-5 (embed)
+         NOTE: from kdenetwork: kopete
+         - ekg 1:1.8~rc0-1 (embed)
+         - kadu 0.6.0.2-3 (embed; bug #504430)
+         - gadu <itp> (embed)
+ xmlrpc (which package is the "origin" of this code?)
+         - drupal <unfixed> (embed)
+         - phpgroupware <unfixed> (embed)
+         - egroupware <unfixed> (embed)
+         - phpwiki <unfixed> (embed)
+         - php4 <unfixed> (embed)
+         TODO: check, php-pear, IIRC this was reorganized some weeks ago?
+ shtool (affects build-time only)
+         - mysql-ocaml <unfixed> (embed)
+         - php4 <unfixed> (embed)
- libbz2:
- dpkg (statically linked)
- libgadu/ekg:
- centericq
- gaim
- pigdin (links dynamically against libgadu)
- kopete (ships the code, but links dynamically in the Debian package)
- kadu (not packaged in Debian)
- GNU gadu (not yet packaged in Debian)
- xmlrpc: (which package is the "origin" of this code?)
- drupal
- phpgroupware
- egroupware
- phpwiki
- php4 (php-pear, IIRC this was reorganized some weeks ago?)
- shtool: (affects build-time only)
- mysql-ocaml
- php4
- mozilla:
- mozilla-firefox
- mozilla-thunderbird
- firefox (to be removed)
- thunderbird (to be removed)
- iceweasel
  iceape
- icedove
+         - iceweasel <unfixed> (fork)
- xulrunner
+         - icedove <unfixed> (fork)
- nvu (no longer in Debian)
+         - xulrunner <unfixed> (fork)
+         - kompozer <unfixed> (embed; bug #532168)
- xli:
- xloadimage
+ xli
+         - xloadimage <unfixed> (embed)
- lesstif: (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
- openmotif
+ lesstif (beware: two different lesstif APIs supported in one package, MOTIF 1.2 discarded upstream)
- xfree86/xorg (in libxpm)
+         - openmotif <unfixed> (embed)
+         - libxpm <unfixed> (embed)
- kerberized apps with BSD origin:
- krb4
+ kerberized apps with BSD origin
- krb5
+         - krb4 <removed> (embed)
- heimdal
+         - krb5 <unfixed> (embed)
+         - heimdal <unfixed> (embed)
- grip: (which pkg is the origin?)
- libcdaudio
+ grip (which pkg is the origin?)
- grip
+         - libcdaudio <unfixed>
- gnome-vfs (vfs2 as well?)
+         - grip <unfixed>
+         - gnome-vfs <unfixed>
- fudforum:
+         TODO: check vfs2 as well
- phpgroupware-fudforum
- egroupware-fudforum (removed from egroupware after sarge)
+ fudforum
+         [etch] - phpgroupware <unfixed> (embed)
- cvs:
+         NOTE: phpgroupware-fudforum
- gcvs (at least an additional script is included, check if there's more)
+         [sarge] - egroupware-fudforum <removed> (embed)
- pcre:
+ libbsd
- all pythons
+         - rdate 1:1.2-3 (embed)
- php4 (src included, but Debian package links dynamically)
+         - atheme-services <unfixed>
- analog (src included, but Debian package links dynamically)
+         - libbsd-arc4random-perl <unfixed>
- libgoffice-1
+         - isakmpd <unfixed>
- vfu (removed linking against embedded copy in 4.06-4.1; #450754)
- tf5 (since 5.0beta7 the Debian package links dynamically)
+ cvs
- monotone (including this starting from 0.37)
+         - gcvs <unfixed> (embed)
- glib (2.14 series for gregex support, only for udeb, regular packag links dynamic)
+         NOTE: see cvsunix/src in tarball
- apache2 (since 2.0.53-4 uses 040_link_external_pcre patch)
- exim4 (since 4.10-0.srh20.12 uses 36_pcre patch to use external pcre)
+ pcre
- yacas (<= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway)
+         - python* <unfixed> (embed)
- gtamsanalyzer.app (links dynamically since 0.42-5)
+         - php4 <unknown> (embed)
+         - analog 2:5.23-0woody1 (embed)
- tiff:
+         - goffice <unfixed> (embed)
- wxpythongtk (check, which debian pkg this is in)
+         NOTE: libgoffice-*
- older kdegraphics/kpdf releases < 3.3 embedded a copy
+         - vfu 4.06-4.1 (embed; bug #450754)
+         - tf5 5.0beta7-1 (embed)
- uudeview:
+         - monotone 0.43-1 (embed)
- libconvert-uulib-perl
+         NOTE: this only affects versions >= 0.37
+         - glib2.0 2.15.2-1 (embed)
- sqlite: (not affected by security vulnerabilities so far)
+         - apache2 2.0.53-4 (embed)
- amarok
+         - exim4 4.10-0.srh20.12 (embed)
- monotone
+         - yacas <unfixed> (embed)
- iceweasel
+         NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
+         - gtamsanalyzer.app 0.42-5 (embed)
- util-linux/mount:
+         - tin <unknown> (embed)
- loop-aes-utils contains code from util-linux' mount in the mount-aes-udeb
+         - kazehakase 0.5.2-1
+         - webkit 1.0.1-1 (embed)
- webmin:
+         - qt4-x11 <unfixed> (embed)
- usermin (only in sarge)
+         NOTE: embedded via webkit copy
+         - erlang <unfixed> (embed)
- sylpheed:
- sylpheed-claws
+ tiff
+         - wxwindows2.4 2.2.1 (embed)
- phpsysinfo:
- egroupware
+ uudeview
- phpgroupware
+         - libconvert-uulib-perl <unfixed> (embed)
+         - pan <unfixed> (embed)
- phpldapadmin:
- egroupware (removed from egroupware after sarge)
+ sqlite (not affected by security vulnerabilities so far)
+         - amarok <unfixed> (embed)
- chmlib:
+         - monotone 0.43-1 (embed)
- kchmviewer (ships the code but links dynamically)
+         - iceweasel <unfixed> (embed)
- libavcodec/libavformat (source: ffmpeg):
+ util-linux/mount
- mplayer (#395252)
+         - loop-aes-utils <unfixed> (embed)
- xvidcap
+         NOTE: contains code from util-linux' mount in the mount-aes-udeb
- kino (links statically, does not include code)
- vlc (links statically, does not include code)
+ sylpheed
- smilutils (links statically, does not include code)
+         - sylpheed-claws <unfixed> (fork)
- motion (links statically, does not include code)
- gst-ffmpeg
+ phpsysinfo
- gstreamer0.10-ffmpeg
+         - egroupware <unfixed> (embed)
- xmovie
+         - phpgroupware <unfixed> (embed)
- mad MPEG decoding lib:
+ phpldapadmin
- mad
+         [sarge] - egroupware <unfixed> (embed)
- xine-lib
+         NOTE: removed from egroupware after sarge
+ chmlib
+         - kchmviewer <unknown> (embed)
+ ffmpeg (libavcodec/libavformat)
+         - mplayer 1.0~rc2-14 (embed; bug #395252)
+         - kino 1.0.0-1
+         - vlc <not-affected> (Links dynamically since initial release)
+         - smilutils 0.3.0-10
+         NOTE: smilutils likely fixed earlier, marking Etch's version as fixed
+         - motion 3.1.19-1
+         - gstreamer0.10-ffmpeg 0.10.3-2
+         - xmovie <removed>
+         TODO: gimp-gap (potentially using ffmpeg code as well)
+         - avifile <unfixed> (embed; bug #538750)
+ faad2
+         - mplayer 1.0~rc2-20 (embed)
+         - avifile <unfixed> (embed; bug #538750)
+ libmad (MPEG decoding lib)
+         - xine-lib <unfixed> (embed)
+         - avifile <unfixed> (embed) [./plugins/libmad/*]
+         TODO: check ocaml-mad, madplay, pymad, xmms-mad, xmms2
- libdts:
  libdts
- xine-lib
+         - xine-lib <unfixed> (embed)
- flac:
  flac
- xine-lib
+         - xine-lib <unfixed> (embed)
- liba52:
+ liba52
- a52dec
+         - a52dec <unfixed> (embed)
- xine-lib
+         - xine-lib <unfixed> (embed)
- libmpeg2:
+ libmpeg2
- mpeg2dec
+         - mpeg2dec <unfixed> (embed)
- xine-lib
+         - xine-lib <unfixed> (embed)
- curl:
+ curl
- wget (code for NTLM authentication)
+         - wget <unfixed> (embed)
+         NOTE: code for NTLM authentication
- TODO evaluate:
+ uw-imap
- gimp-gap (potentially using ffmpeg code as well)
+         - pine <unfixed> (embed)
+         - alpine <unfixed> (embed)
- uw-imap:
+ imagemagick
- pine
+         - graphicsmagick <unfixed> (fork)
- alpine
- imagemagick:
+ python-urlgrabber
- graphicsmagick
+         - mercurial <unfixed> (embed; bug #531062)
- halibut:
+ python-mechanize
- nsis
+         - beautifulsoup <unfixed> (embed)
- libghttp:
+ halibut
- hotway
+         - nsis <unfixed> (fork)
- libsndfile:
+ libghttp
- ardour
+         - hotway <unfixed> (embed)
- glibmm2.4:
+ libsndfile
- ardour
+         - ardour 1:2.7.1-1 (embed)
- libgnomecanvasmm2.6:
+ glibmm2.4
- ardour
+         - ardour 1:2.7.1-1 (embed)
- libsigc++-2.0:
+ libgnomecanvasmm2.6
- ardour
+         - ardour 1:2.7.1-1 (embed)
- soundtouch:
+ libsigc++-2.0
- ardour
+         - ardour 1:2.7.1-1 (embed)
- libmms:
+ soundtouch
- xine-lib
+         - ardour 1:2.7.1-1 (embed)
- mimms
+ libmms
+         - xine-lib <unfixed> (embed)
+         - mimms <unfixed> (embed)
+ fckeditor
+         - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
+         - moin 1.8.2-2 (embed; bug #452599)
+         - karrigell <removed> (embed; bug #452598)
+         - gforge 4.6.99+svn6225-1 (embed)
+         - request-tracker3.8 <unfixed> (embed)
+ ipatlas (not packaged in Debian)
+         - moodle <unfixed> (embed; bug #507185)
+ libphp-phpmailer
+         - moodle <unfixed> (embed; bug #507185)
+         - mahara <unfixed> (embed)
+         - symfony <unfixed> (embed)
+         [etch] - phpgroupware <unfixed> (embed)
+         NOTE: phpgroupware-felamimail is only in etch
+         - egroupware <unfixed> (embed; bug #504283)
+         - glpi <unfixed>
- FCKeditor: (packaged as fckeditor)
+ htmlArea (not packaged in Debian)
- knowledgeroot
+         - moodle <unfixed> (embed)
- moin (452599)
- karrigell (452598)
- gforge-plugins-extra (fixed since 4.6.99+svn6225-1)
+ giflib:
+         - wine <unfixed> (embed; bug #466181)
+ bennu (not packaged in Debian, http://bennu.sourceforge.net)
+         - moodle <unfixed> (embed)
+ smarty:
+         - moodle 1.8.2-2 (embed; bug #471158)
+         - gallery2 2.2.5-2 (embed; bug #471160)
+         - mahara 0.9.2-2 (embed; bug #471201)
+         - gosa 2.4beta1-1 (embed; bug #471200)
- Moodle contains lots of things:
- AdoDB
- AdoDB-XML Schema
- ipatlas
- PHPMailer
- Smarty
- htmlArea
  TinyMCE
- bennu
+         - wordpress 2.5.1-3 (embed; bug #478257)
+         - moodle <unfixed> (embed; bug #507185)
+         - knowledgeroot <unfixed> (embed)
+         - joomla <itp> (bug #326398)
+ scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
+         - scite <unfixed> (embed)
+         - qscintilla <unfixed> (embed)
+         - qscintilla2 <unfixed> (embed)
+         - geany <unfixed> (fork)
+         - anjuta <unfixed> (embed)
+ libphp-adodb
+         - moodle <unfixed> (embed; bug #507185)
+         NOTE: also AdoDB-XML Schema
+         - gallery2 <unfixed> (embed)
+         - phppgadmin <unfixed> (embed)
+         - egroupware <unfixed> (embed)
+         - phpwiki <unfixed> (embed)
+         - torrentflux 2.0beta1-2 (embed)
+         - ipplan <unfixed> (embed)
+         - typo3-src <unfixed> (embed)
+         - cacti <unknown> (embed)
+         [sarge] - cacti <unfixed> (embed)
+         NOTE: dependency exists, but internal version is used
+         - gforge 4.7~rc2-6 (embed)
+         - mahara <unfixed> (embed)
+ gzip
+         - linux-kernel <unfixed> (embed)
+         NOTE: lib/inflate.c
+         - klibc <unfixed> (embed)
+         NOTE: based on linux-kernel gzip code
+         - busybox <unfixed> (embed)
+ neon
+         - cadaver 0.22.3+debian-1 (embed; bug #188381)
+         - gnome-vfs2 <unfixed> (embed; bug #395874)
+         [etch] - litmus <unfixed> (embed; #395875)
+         - litmus <removed> (embed; #395875)
+         [sarge] - screem <unfixed> (embed)
+         - sitecopy 1:0.16.3-5 (embed; bug #395876)
+         [etch] - tla <unfixed> (embed; bug #395877)
+         [sarge] - tla <unfixed> (embed; bug #395877)
+ libmodplug
+         - gst-plugins-bad0.10 <unfixed> (embed)
+ libvncserver
+         - vino <unfixed> (embed)
+ putty
+         - filezilla <unfixed> (embed)
+ tinyxml (not packaged in Debian)
+         - filezilla <unfixed>
+ gv
+         - evince <unfixed> (embed)
+         NOTE: ps/ tree from gv 3.5.8
+         NOTE: evince-gtk is affected (a component of evince source package)
+ libXbae
+         - paw <removed> (embed)
+         [etch] - paw <unfixed> (embed)
+ libgtkhtml
+         - claws-mail-extra-plugins <unfixed> (fork)
+ libXaw
+         - paw <removed> (embed)
+         [etch] - paw <unfixed> (embed)
+         NOTE: I plan to deal with the above two cases after Etch release. -- KevinMcCarty
+ libgd2
+         - graphviz <unfixed> (embed)
+         NOTE: lib/gd seems to be 2.0.33
+         - wml <unfixed> (embed)
+         - libwmf <unfixed> (embed)
+         NOTE: derived from gd 1.6.3
+ rar
+         - unrar-nonfree <unfixed> (embed)
+ unrar-free (maybe this code is derived from the original rar, too?)
+         - clamav <unfixed> (embed)
+         NOTE: seems to be disabled in default config
+ mplayer (DirectMedia Object loader)
+         - xine-lib <unfixed> (embed)
+         NOTE: src/libw32dll/
+         - vlc <unfixed> (embed)
+         NOTE: modules/codec/dmo/
+         - mplayer 1.0~rc2-20 (embed)
+ libwpd (WordPerfect converter)
+         - openoffice.org <unfixed> (embed)
+ fsplib (http://sourceforge.net/projects/fsp/)
+         - gftp <unfixed> (embed)
+         NOTE: lib/fsplib version 0.3
+ sprng
+         - tree-puzzle <unfixed> (embed)
+ librpcsecgss
+         - krb5 <unfixed> (embed)
+ jasper
+         - ghostscript <unfixed> (embed)
+         - gs-gpl <unfixed> (embed)
+ libiris
+         - psi <unfixed> (embed)
+         - kdenetwork <unfixed> (embed)
+         NOTE: kopete embeds libiris but links dynamically to libidn
+         - kdegames <unfixed> (embed)
+         NOTE: ksirk/kde4
+ libidn
+         - monotone 0.43-1 (embed)
+         - psi <unfixed> (embed)
+         NOTE: psi embeds libiris which embeds libidn
+         - kdegames <unfixed> (embed)
+         NOTE: kdegames/kde4 embeds libiris which embeds libidn
+ liblua
+         - monotone 0.43-1 (embed)
+         - nmap <unfixed> (embed; bug #527997)
+         NOTE: fixed upstream as of nmap svn rev13336.
+ libbotan
+         - monotone 0.43-1 (embed)
+ NetXX
+         - monotone 0.43-1 (embed)
+ libgc
+         - mono <unfixed> (embed)
+ lzma
+         - p7zip <unfixed> (embed)
+         - xz-utils <unfixed> (fork)
+ lzo
+         - grub2 <unfixed> (embed)
+ yassl
+         - mysql-dfsg-5.0 <unfixed> (embed)
+ pax code
+         - tar <unfixed> (embed)
+         - cpio <unfixed> (embed)
+ t1lib
+         - tetex-bin 2.0.2-1 (embed)
+         - texlive-bin <unknown> (embed)
+ guichan
+         - boswars <unfixed> (embed)
+         NOTE: maintainer notified us, working on it
+ tolua
+         - boswars <unfixed> (embed)
+         NOTE: maintainer notified us, working on it
+ asio-dev
+         - luxrender <unfixed> (embed)
+         NOTE: maintainer notified us, working on it
+         NOTE: may be merged with boost "soon"
+ xine-lib
+         - vlc <unfixed> (embed)
+         NOTE: only parts included in modules/access/rtsp
+ netpbm
+         - tcl8.3 <unfixed> (embed)
+         - tcl8.4 <unfixed> (embed)
+         - tcl8.5 <unfixed> (embed)
+         NOTE: generic/tkImgGIF.c
+ tk8.5
+         - tk8.0 <removed> (old-version)
+         - tk8.3 <unfixed> (old-version)
+         - tk8.4 <unfixed> (old-version)
+         - perl-tk <unfixable> (fork)
+ samba
+         - mc 2:4.6.2~git20080311-1 (embed)
+         NOTE: maintainer is aware of this, currently searching a solution
+ plib1.8.4c2
+         - boson <unfixed> (fork)
+         NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
+ fribidi
+         - quesoglc <unfixed> (embed)
+         NOTE: compiled against system fribidi in Debian - embed only used when fribidi is not available on the system
+ glew
+         - quesoglc <unfixed> (embed; bug #489341)
+         NOTE: waiting on GLEW_MX version of glew (see bug #474488)
+ minorGems (pabs contacted upstream about shared lib, he considers minorGems an 'ever-evolving collection of reusable code fragments' for his own use)
+         - transcend <unfixed> (embed)
+         - cultivation <unfixed> (embed)
+         - passage <unfixed> (embed)
+         - gravitation <unfixed> (embed)
+ tar
+         - libarchive <unfixed> (embed)
+         NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
+ cpio
+         - libarchive <unfixed> (embed)
+         NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
+ webkit
+         - qt4-x11 <unfixed> (embed)
+ ftgl
+         - blender 2.46+dfsg-1 (embed)
+ wv
+         - abiword <unfixed>
+ qemu
+         - kvm <unfixed> (embed; bug #543159)
+         - xen-3 <unfixed> (embed)
+         - xen-unstable <unfixed> (embed)
+ vgabios
+         - kvm <unfixed> (embed; bug #489442)
+ bochs
+         - kvm <unfixed> (embed; bug #489442)
+ speex
+         - vorbis-tools <unfixed> (embed)
+         NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
+         - gst-plugins-good0.10 <unfixed> (embed)
+         - xine-lib <unfixed> (embed)
+         - libfishsound <unfixed> (embed)
+         - libannodex <unfixed> (embed)
+         - vlc <unfixed> (embed)
+         - xmms-speex <unfixed> (embed)
+         - libsdl-sound1.2 <unfixed> (embed)
+         - sweep <unfixed> (embed)
+ libreadline
+         - magic <itp> (old-version)
+ opcode
+         - ode <unfixed> (embed)
+         NOTE: opcode is not a package in debian, it is just embedded
+         NOTE: http://www.codercorner.com/Opcode.htm
+ gimpact
+         - ode <unfixed> (embed)
+         NOTE: gimpact is not a package in debian, it is just embedded
+         NOTE: http://gimpact.sf.net
+ mochikit
+         - mahara <unfixed> (embed)
+         NOTE: they require extra patches, still unmerged upstream
+         - ntop <unfixed> (embed)
+         - coherence <unfixed> (embed)
+         NOTE: python-coherence
+         - paste <unfixed> (embed)
+         NOTE: python-paste
+         - turbogears <unfixed> (embed)
+         NOTE: python-turbogears
+         - plone3 <unfixed> (embed)
+         NOTE: zope-plone3
+ prototypejs
+         - netbeans-ide <unfixed> (embed)
+         - auth2db <unfixed> (embed)
+         - webcit <unfixed> (embed)
+         NOTE: citadel-webcit
+         - asterisk <unfixed> (embed)
+         - doc-iana <unfixed> (embed)
+         - libaws <unfixed> (embed)
+         NOTE: libaws-doc
+         - libgettext-ruby <unfixed> (embed)
+         NOTE: libgettext-ruby-data
+         - libjson-ruby <unfixed> (embed)
+         NOTE: libjson-ruby-doc
+         - lucene2 <unfixed> (embed)
+         NOTE: liblucene2-java-doc
+         - libopenid-ruby <unfixed> (embed)
+         - solr <unfixed> (embed)
+         NOTE: solr-common
+         - glpi <unfixed> (embed)
+         - mnemo2 <unfixed> (embed)
+         - nag2 <unfixed> (embed)
+         - knowledgeroot <unfixed> (embed)
+         - mediatomb <unfixed> (embed)
+         NOTE: mediatomb-common
+         - mt-daapd <unfixed> (embed)
+         - op-panel <unfixed> (embed)
+         - ebug-http <unfixed> (embed)
+         - phpgedview <removed> (embed)
+         - poker-network <unfixed> (embed)
+         NOTE: poker-web
+         - webhelpers <unfixed> (embed)
+         NOTE: python-webhelpers
+         - qwik <unfixed> (embed)
+         - rails <unfixed> (embed)
+         - typo3-src <unfixed> (embed)
+         - wordpress 2.5.0-2 (embed)
+         - zope <unfixed> (embed)
+         NOTE: zope-plone3
+         - smokeping <unfixed> (embed)
+         - ampache 3.4.1-2 (embed)
+         - exaile <unfixed> (embed)
+         - hobix <unfixed> (embed)
+         - pixelpost <unfixed> (embed)
+         - symfony <unfixed> (embed)
+         NOTE: it's been said that there are custom changes
+         - zabbix <unfixed> (embed)
+         NOTE: zabbix-frontend-php
+         - turba2 <unfixed> (embed)
+ gdb
+         - insight <unfixed> (embed)
+ e2fsprogs
+         - ldiskfsprogs <unfixable> (fork)
+ quazip (not packaged in Debian)
+         - qcake <unfixed> (embed)
+         NOTE: starting with upstream version 0.6.4
+ exo
+         - pcmanfm <unfixed> (embed; bug #499677)
+         NOTE: slightly modified source code
+ java
+         - openjdk-6 <unfixed>
+         - sun-java5 <unfixed>
+         - sun-java6 <unfixed>
+ libphp-snoopy
+         - ampache 3.4.1-2 (embed; bug #504169)
+         - mahara 1.0.5-2 (embed; bug #504170)
+         - pixelpost 1.7.1-5 (embed; bug #504171)
+         - mediamate 0.9.3.6-5 (embed; bug #504172)
+         - opendb <removed> (embed; bug #504173)
+         [etch] - opendb <unfixed> (embed; bug #504173)
+         - wordpress 2.5.1-9 (embed; bug #443948)
+         - moodle <unfixed> (embed; bug #507185)
+         [etch] - phpgroupware <unfixed> (embed)
+         NOTE: phpgroupware-felamimail
+         - magpierss 0.72-3 (embed; bug #431089)
+ jquery
+         - zekr <unfixed> (embed)
+         - wordpress <unknown> (embed)
+         - yocto-reader <unfixed> (embed)
+         - textpattern <unfixed> (embed)
+         - genshi 0.5.1-1 (embed)
+         NOTE: compressed file under examples/ dir
+         - prewikka <unfixed> (embed)
+         - libramaze-ruby <unfixed> (embed)
+         - drupal5 <unfixed> (embed)
+         - b2evolution <unfixed> (embed)
+         - wesnoth <unfixed> (embed)
+ tablesorter (jquery plugin, not packaged yet)
+         - wesnoth <unfixed> (embed)
+ kses
+         - wordpress <unfixed> (embed; bug #504242)
+         NOTE: their copy has all methods renamed to wp_<foo>
+         NOTE: kses isn't in Debian, RFP: #504240
+         - moodle <unfixed> (embed; bug #507185)
+         - egroupware <unfixed> (embed)
+ magpierss
+         - wordpress <unfixed> (embed; bug #504242)
+         - moodle <unfixed>
+ php-gettext
+         - wordpress 2.8.4-1 (embed; bug #504242)
+ libphp-ixr (name may change, it is the Incutio XML-RPC)
+         - wordpress <unfixed> (embed; bug #504242)
+         NOTE: libphp-ixr isn't in Debian, RFP: #504236
+         - dokuwiki <unfixed> (embed)
+         - textpattern <unfixed> (embed)
+ libphp-cas
+         - glpi <unfixed> (embed)
+         - moodle <unfixed> (embed; bug #505984)
+ scriptaculous
+         - glpi <unfixed> (embed)
+         - libaws <unfixed> (embed)
+         NOTE: libaws-doc
+         - op-panel <unfixed> (embed)
+         - symfony <unfixed> (embed)
+         NOTE: maintainer says there are extra incompatible changes required
+         - pixelpost <unfixed> (embed)
+         - webhelpers <unfixed> (embed)
+         NOTE: python-webhelpers
+         - qwik <unfixed> (embed)
+         - smokeping <unfixed> (embed)
+         - turba2 <unfixed> (embed)
+         - typo3-src 4.2.3-1 (embed)
+ libmarkdown-php
+         - moodle <unfixed> (embed; bug #507185)
+         - pixelpost <unfixed> (embed)
+ php-openid
+         - wordpress-openid <itp> (embed)
+ geshi
+         - dokuwiki 0.0.20080505-3.1 (embed)
+         - pgfouine 1.0-1.1 (embed)
+         - websvn 2.1.0-1 (embed)
+ webcalendar
+         - gforge 4.7~rc2-6 (embed; bug #504758)
+ libical
+         - kdepim <unfixed> (fork)
+         - kdepimlibs <unfixed> (fork)
+         NOTE: fixed in KDE4 post 4.1.x series
+         - claws-mail-extra-plugins <unfixed> (fork)
+ libltdl3
+         - kdelibs <unfixed> (embed)
+         NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
+         - synfig <unfixed> (embed)
+ harfbuzz
+         - qt4-x11 <unfixed> (embed)
+ libzip
+         - php5 <unfixed> (fork)
+         - odt2txt <unfixed> (embed; bug #523808)
+ json.php (not packaged; should be replaced with php's built-in functions)
+         - moodle <unfixed>
+         - yui <unfixed>
+         - gallery2 <unfixed>
+         - dokuwiki <unfixed>
+         - typo3-src <unfixed>
+ php-fpdf
+         - tcpdf <itp> (fork)
+         - moodle <unfixed>
+         - phpwiki <unfixed>
+         - egroupware <unfixed>
+         - ldap-account-manager <unfixed> (fork)
+ tcpdf (itp: #495985)
+         - moodle <unfixed>
+         - phpmyadmin <unfixed>
- TinyMCE:
- wordpress
- moodle
- knowledgeroot
- joomla (ITP)
- scintilla:
- scite
- qscintilla
- qscintilla2
- geany
- libphp-adodb:
- gallery2
- phppgadmin
- egroupware
- phpwiki
- ipplan
  typo3
- moodle
+         - moodle <unfixed>
- cacti (dependency exists, but internal version is used -- only in sarge, fixed in etch)
- gzip:
+ spreadsheet_writeexcel (PHP port of libspreadsheet-writeexcel-perl; itp: #487557)
- linux-kernel (lib/inflate.c)
+         - moodle <unfixed>
- klibc (based on linux-kernel gzip code)
+         - gosa <unfixed>
- busybox
- neon:
+ php-ole (itp: #487558)
- cadaver (all, but being worked on: #188381)
+         - moodle <unfixed>
- gnome-vfs2 (#395874)
- litmus (#395875)
- screem (sarge only)
- sitecopy (#395876)
- tla (etch/sid only: #395877)
- libmodplug:
+ pieforms (http://www.catalyst.net.nz)
- gst-plugins-bad0.10
+         - mahara <unfixed>
- libvncserver:
+ savant2 (http://phpsavant.com)
- vino
+         - egroupware <unfixed>
- putty:
+ rssparser (http://nwow.org)
- filezilla
+         - egroupware <unfixed>
+         - phpgroupware <unfixed>
- tinyxml (not packaged in Debian):
+ lcms
- filezilla
+         - openjdk-6 <unfixed> (fork)
- gv:
+ libphp-phplayersmenu
- evince (ps/ tree from gv 3.5.8)
+         - diogenes <unfixed>
- evince-gtk (not packaged in Debian)
+         - phpldapadmin <unfixed>
- libXbae:
+ libphp-pclzip
- libpawlib2-lesstif package (from Cernlib)
+         - docvert <unfixed>
+         - moodle <unfixed>
+         - egroupware <unfixed>
- libXaw:
+ libphp-simplepie
- libpawlib2-lesstif package (from Cernlib)
+         - dokuwiki <unfixed>
- (I plan to deal with the above two cases after Etch release. -- KevinMcCarty)
+ libphp-jpgraph
+         - egroupware <unfixed>
- libgd2:
+ php-simpletest
- graphviz (lib/gd seems to be 2.0.33)
+         - moodle <unfixed>
- rar:
+ libpng
- unrar-nonfree
+         - iceweasel <not-affected> (uses xulrunner)
+         - icedove 1.5.0.13+1.5.0.15b.dfsg1+prepatch080614i-0etch1, 2.0.0.19-1 (embed)
+         - iceape 1.0.13~pre080614i-0etch1 (embed)
+         - xulrunner 1.9.0.13-1 (embed)
+         [lenny] - xulrunner 1.9.0.11-0lenny1
+         [etch] - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
- unrar-free: (maybe this code is derived from the original rar, too?)
+ irssi
- clamav (seems to be disabled in default config)
+         - silc-client <unfixed> (embed)
+         NOTE: Seems to be a pre-0.8.12 version that is used in irssi-plugin-silc
- mplayer (DirectMedia Object loader):
+ extc
- xine-lib (src/libw32dll/)
+         - mtasc <unfixed> (embed)
- vlc (modules/codec/dmo/)
+         - haxe <unfixed> (embed)
- libwpd (WordPerfect converter):
+ swflib
- openoffice.org
+         - mtasc <unfixed> (embed)
+         - haxe <unfixed> (embed)
- fsplib (http://sourceforge.net/projects/fsp/):
+ libitext-java
- gftp (lib/fsplib version 0.3)
+         - bouncycastle 2.1.4-1 (embed)
- librpcsecgss:
+ python-ply
- krb5
+         - pyke <unfixed> (embed)
- jasper:
+ libdumbnet (libdnet upstream)
- ghostscript
+         - nmap <unfixed> (fork)
- gs-gpl
- libidn:
+ gcc-4.4
- monotone
+         - gcc-mingw32 <unfixed> (embed)
- liblua:
+ camlimages
- monotone
+         - advi <unfixed> (embed)
- libbotan:
+ memcached
- montone
+         - memcachedb <unfixed> (embed)
- NetXX:
+ yajl
- monotone
+         - argyll <unfixed> (embed; bug #544223)
+         NOTE: reference, confirmed by build logs: http://lists.debian.org/debian-mentors/2009/08/msg00062.html
- libgc:
+ libept
- mono
+         - adept <unfixed> (embed; bug #540649)
- lzma:
+ libvorbis
- p7zip
+         - iceweasel <not-affected> (uses xulrunner)
+         - xulrunner <not-affected> (introduced in 1.9.1)
+         TODO: recheck when xulrunner 1.9.1 enters unstable [- xulrunner <unfixed> (embed; bug #540959)]
- lzo:
+ cairo
- grub2
+         - iceweasel <not-affected> (uses xulrunner)
+         - xulrunner 1.8.0.15~pre080614i-0etch1 (embed)
- pax code:
+ php-net-dnsbl
- tar
+         - serendipity <unfixed> (embed)
- cpio
+ php-onyx-rss
+         - serendipity <unfixed> (embed)
+ php-text-wiki
+         - serendipity <unfixed> (embed)
+ php-xml-rpc
+         - serendipity <unfixed> (embed)
+ polarssl (does not have a shared library)
+         - pdkim <itp> (embed; bug #543150)
+         - xyssl <unfixed> (old-version)
+ pidgin
+         - gaim <removed> (old-version)
+ icu
+         - webkit 1.0.1-1 (embed; bug #547214)
+         - texlive-bin <unfixed> (fork)
+         NOTE: texlive upstream working with icu upstream to merge their changes
+ cyrus-imapd-2.2
+         - kolab-cyrus-imapd <unfixed> (fork)
+         - dovecot 1:1.2.1-1 (embed) [/dovecot-sieve/src/libsieve/*]
+ python-cxx-dev
+         - freecad <unfixed> (embed; bug #547936)
+ libzipios++-dev
+         - freecad <unfixed> (embed; bug #547941)
+ linux-2.6
+         - kvm <unfixed> (embed; bug #549973) [./kernel/*]
+         - linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
+ libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
+         - kvm <unfixed> (embed) [./libfdt/*]
+ qweb (not packaged)
+         - ajaxterm <unfixed>
- t1lib:
+ opensaml2
- tetex-bin (links to system t1lib since 2.0.2)
+         - opensaml <removed> (old-version)
- texlive-bin (links to system t1lib)
+ shibboleth-sp2
+         - shibboleth-sp <removed> (old-version)

 Legend:



Removed from v.7787
 


changed lines


 
Added in v.12966
 Legend:



Removed from v.7787
 


changed lines


 
Added in v.12966
-Removed from v.7787
+Added in v.12966

	ViewVC Help
Powered by ViewVC 1.1.5