/[secure-testing]/data/embedded-code-copies
ViewVC logotype

Diff of /data/embedded-code-copies

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 8075 by stef-guest, Mon Feb 4 22:41:34 2008 UTC revision 8780 by nion, Mon May 12 13:08:46 2008 UTC
# Line 1  Line 1 
1  Embedded code copies  Embedded code copies
2  ====================  ====================
3    
4  This file collects cases, where a source package embeds code from  This file collects source packages that embed code from other projects.
5  other projects which is considered bad for fixing security flaws  This is considered bad for fixing security flaws because the fix needs
6  because the fix needs to be applied in multiple source packages.  to be applied in multiple source packages.
7    
8  Format:  Format:
9  <srcpkg> (<optional comment about srcpkg>)  <srcpkg> (<optional comment about srcpkg>)
10          - <embedding srcpkg> <status> (<sort>; bug #<number>)          - <embedding srcpkg> <status> (<sort>; bug #<number>)
11          NOTE: optional comments about the linkage of the embedding srcpkg          NOTE: optional comments about the linkage of the embedding srcpkg
12    
13  status: version number fixing the embedded copy, <unfixed>, <removed>, <itp> or <unknown> if the version number can not be determined  status: version number fixing the embedded copy, <unfixed>, <removed>,
14            <itp> or <unknown> if the version number can not be determined
15            <unfixable> for unavoidable cases (e.g., forks that add real value)
16  sort: static (linking statically against a lib)  sort: static (linking statically against a lib)
17        embed (embedding a copy of the library into another source package)        embed (embedding a copy of the library into another source package)
18        fork (the package is not just embedding code but it is a fork and thus might share parts of the source code)        fork (the package is not just embedding code but it is a fork and
19                thus might share parts of the source code)
20          old-version (the package is an older version of essentially
21                       the same code)
22    
23  The srcpkg might be some string to identify the code if there is no specific source package.  The srcpkg might be some string to identify the code if there is no
24    specific source package.
25    
26  Everything up to the next line is ignored  Everything up to the next line is ignored.
27  ---BEGIN  ---BEGIN
28  xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)  xpdf (some srcpkgs use xpdf2 code, some xpdf3 code)
29          NOTE: Fixed packages link to poppler library unless otherwise noted          NOTE: Fixed packages link to poppler library unless otherwise noted
# Line 30  xpdf (some srcpkgs use xpdf2 code, some Line 36  xpdf (some srcpkgs use xpdf2 code, some
36          NOTE: has been replaced by poppler-utils          NOTE: has been replaced by poppler-utils
37          - kdegraphics <unfixed> (embed; bug #436164)          - kdegraphics <unfixed> (embed; bug #436164)
38          NOTE: the kpdf replacement in KDE 4 is using poppler          NOTE: the kpdf replacement in KDE 4 is using poppler
39          - tetex-bin 3.0-12 (embed)          - texlive-base 3.0-12 (embed)
40          - texlive-bin 2007-1 (embed)          - texlive-bin 2007-1 (embed)
41          NOTE: links to poppler          NOTE: links to poppler
42          - koffice <unfixed> (embed; bug #436163)          - koffice <unfixed> (embed; bug #436163)
# Line 46  xpdf (some srcpkgs use xpdf2 code, some Line 52  xpdf (some srcpkgs use xpdf2 code, some
52  ppmd  ppmd
53          - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)          - libcomplearn-mod-ppmd <unfixed> (embed; bug #458152)
54    
55    peercast
56            - gnome-peercast <unfixed> (embed)
57            NOTE: gnome-peercast may better be removed, see #466539
58    
59  silc-toolkit  silc-toolkit
60          - silc-client 1.1~beta6-1 (embed)          - silc-client 1.1~beta6-1 (embed)
61    
# Line 149  pcre Line 159  pcre
159          - yacas <unfixed> (embed)          - yacas <unfixed> (embed)
160          NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway          NOTE: <= 1.0.x; is using pcre to scan text, can execute shell commands via the syntax anyway
161          - gtamsanalyzer.app 0.42-5 (embed)          - gtamsanalyzer.app 0.42-5 (embed)
162            - tin <unknown> (embed)
163            - kazehakase 0.5.2-1
164            - webkit <unfixed> (embed)
165            - qt4-x11 <unfixed> (embed)
166            NOTE: embedded via webkit copy
167    
168  tiff  tiff
169          - wxpythongtk <unfixed> (embed)          - wxwindows2.4 2.2.1 (embed)
         TODO: check, which debian pkg this is in  
170    
171  uudeview  uudeview
172          - libconvert-uulib-perl <unfixed> (embed)          - libconvert-uulib-perl <unfixed> (embed)
# Line 251  libmms Line 265  libmms
265          - mimms <unfixed> (embed)          - mimms <unfixed> (embed)
266    
267  fckeditor  fckeditor
268          - knowledgeroot <unfixed> (embed; bug #461555)          - knowledgeroot 0.9.8.5-3 (embed; bug #461555)
269          - moin <unfixed> (embed; bug #452599)          - moin <unfixed> (embed; bug #452599)
270          - karrigell <unfixed> (embed; bug #452598)          - karrigell <unfixed> (embed; bug #452598)
271          - gforge-plugins-extra 4.6.99+svn6225-1 (embed)          - gforge-plugins-extra 4.6.99+svn6225-1 (embed)
# Line 265  libphp-phpmailer Line 279  libphp-phpmailer
279  htmlArea (not packaged in Debian)  htmlArea (not packaged in Debian)
280          - moodle <unfixed> (embed)          - moodle <unfixed> (embed)
281    
282    giflib:
283            - wine <unfixed> (embed; bug #466181)
284    
285  bennu (not packaged in Debian)  bennu (not packaged in Debian)
286          - moodle <unfixed> (embed)          - moodle <unfixed> (embed)
287    
288  smarty:  smarty:
289          - moodle <unfixed> (embed)          - moodle <unfixed> (embed; bug #471158)
290            - gallery2 <unfixed> (embed; bug #471160)
291            - mahara 0.9.2-2 (embed; bug #471201)
292            - gosa 2.4beta1-1 (embed; bug #471200)
293    
294  TinyMCE  TinyMCE
295          - wordpress <unfixed> (embed)          - wordpress <unfixed> (embed; bug #478257)
296          - moodle <unfixed> (embed)          - moodle <unfixed> (embed)
297          - knowledgeroot <unfixed> (embed)          - knowledgeroot <unfixed> (embed)
298          - joomla <itp> (bug #326398)          - joomla <itp> (bug #326398)
# Line 343  libXaw Line 363  libXaw
363  libgd2  libgd2
364          - graphviz <unfixed> (embed)          - graphviz <unfixed> (embed)
365          NOTE: lib/gd seems to be 2.0.33          NOTE: lib/gd seems to be 2.0.33
366            - wml <unfixed> (embed)
367            NOTE: derived from gd 1.6.3
368    
369  rar  rar
370          - unrar-nonfree <unfixed> (embed)          - unrar-nonfree <unfixed> (embed)
# Line 425  netpbm Line 447  netpbm
447          - tcl8.4 <unfixed> (embed)          - tcl8.4 <unfixed> (embed)
448          - tcl8.5 <unfixed> (embed)          - tcl8.5 <unfixed> (embed)
449          NOTE: generic/tkImgGIF.c          NOTE: generic/tkImgGIF.c
450    
451    tk8.5
452            - tk8.0 <removed> (old-version)
453            - tk8.3 <unfixed> (old-version)
454            - tk8.4 <unfixed> (old-version)
455            - perl-tk <unfixable> (fork)
456    
457    samba
458            - mc <unfixed> (embed)
459            NOTE: maintainer is aware of this, currently searching a solution
460    
461    plib1.8.4c2
462            - boson <unfixed> (fork)
463            NOTE: embedding the font pieces of plib, based on the header file it is forked, contains "Added by AB for boson." and similar
464    
465    fribidi
466            - quesoglc <unfixed> (embed)
467    
468    glew
469            - quesoglc <unfixed> (embed)
470    
471    minorGems
472            - transcend <unfixed> (embed)
473            - cultivation <unfixed> (embed)
474    
475    tar
476            - libarchive <unfixed> (embed)
477            NOTE: FreeBSD tar (tar/bsdtar.c) in libarchive 1.2 and higher. libarchive ends up statically linked into bsdtar executable
478    
479    cpio
480            - libarchive <unfixed> (embed)
481            NOTE: cpio included in libarchive 2.2 and higher, but not compiled until libarchive 2.4.11-1 (as bsdcpio package)
482    
483    webkit
484            - qt4-x11 <unfixed> (embed)
485    
486    ftgl
487            - blender 2.45+r14660-1 (embed)
488            NOTE: Once the above version is released, it will be fixed
489    
490    wv
491            - abiword <unfixed>
492    
493    qemu
494            - kvm <unfixed> (embed)
495    
496    speex
497            - vorbis-tools <unfixed> (embed)
498            NOTE: while comiled against libspeex-dev, ogg123/speex_format.c is compiled with embedded code copied from speexdec.c
499            - gst-plugins-good0.10 <unfixed> (embed)
500            - xine-lib <unfixed> (embed)
501            - libfishsound <unfixed> (embed)
502            - libannodex <unfixed> (embed)
503            - vlc <unfixed> (embed)
504            - xmms-speex <unfixed> (embed)
505            - libsdl-sound1.2 <unfixed> (embed)
506            - sweep <unfixed> (embed)
507    
508    libreadline
509            - magic <unfixed> (old-version)
510            NOTE: magic is currently an RFS
511    
512    opcode
513            - ode <unfixed> (embed)
514            NOTE: opcode is not a package in debian, it is just embedded
515            NOTE: http://www.codercorner.com/Opcode.htm
516    
517    gimpact
518            - ode <unfixed> (embed)
519            NOTE: gimpact is not a package in debian, it is just embedded
520            NOTE: http://gimpact.sf.net
521    
522    MochiKit.js
523            - mahara <unfixed> (embed)
524            - ntop <unfixed> (embed)
525            - python-oherence <unfixed> (embed)
526            - python-paste <unfixed> (embed)
527            - python-turbogears <unfixed> (embed)
528            - zope-plone3 <unfixed> (embed)
529    
530    prototype.js
531            - netbeans-ide <unfixed> (embed)
532            - auth2db-frontend <unfixed> (embed)
533            - citadel-webcit <unfixed> (embed)
534            - asterisk <unfixed> (embed)
535            - doc-iana <unfixed> (embed)
536            - libaws-doc <unfixed> (embed)
537            - libgettext-ruby-data <unfixed> (embed)
538            - libjson-ruby-doc <unfixed> (embed)
539            - liblucene2-java-doc <unfixed> (embed)
540            - libopenid-ruby <unfixed> (embed)
541            - solr-common <unfixed> (embed)
542            - glpi <unfixed> (embed)
543            - hobbix <unfixed> (embed)
544            - mnemo2 <unfixed> (embed)
545            - nag2 <unfixed> (embed)
546            - libjs-prototype <unfixed> (embed)
547            - libjs-scriptaculous <unfixed> (embed)
548            - knowledgeroot <unfixed> (embed)
549            - mediatomb-common <unfixed> (embed)
550            - mt-daapd <unfixed> (embed)
551            - op-panel <unfixed> (embed)
552            - ebug-http <unfixed> (embed)
553            - phpgedview <unfixed> (embed)
554            - poker-web <unfixed> (embed)
555            - python-webhelpers <unfixed> (embed)
556            - qwik <unfixed> (embed)
557            - rails <unfixed> (embed)
558            - typo3-src-4.1 <unfixed> (embed)
559            - wordpress <unfixed> (embed)
560            - zope-plone3 <unfixed> (embed)
561            - smokeping <unfixed> (embed)
562    
Legend:
Removed from v.8075  
changed lines
  Added in v.8780
  ViewVC Help
Powered by ViewVC 1.1.5