[Secure-testing-team] Proposed additions to embedded-code-copies
Jakub Wilk
ubanus at users.sf.net
Sat Aug 8 14:13:32 UTC 2009
[Please keep me on Cc, I'm not subscribed.]
* Moritz Muehlenhoff <jmm at inutil.org>, 2009-08-08, 13:50:
>> Here's a list of embedded code copies that I'm aware of, but which
>> are not currently listed in the embedded-code-copies file:
>>
>> * pdf2djvu embeds a small (40 lines or so) excerpt from poppler: the
>> SplashOutputDev::convertPath() method.
>>
>> * mercurial embeds a module from python-urlgrabber (see #531062).
>>
>> * python-mechanize embeds an old version (2.1.1) of
>> python-beautifulsoup.
>>
>> * atheme-services, libbsd-arc4random-perl, isakmpd embed parts of *
>> libbsd.
>>
>> You may consider adding these entries.
>
>Thanks! Commited (w/o the pdf2djvu buglet, which looks harmless to me).
Looks harmless to me, too. (I'm the upstream of pdf2djvu.)
>Did you spot these by hand/knowing about them or do have an automated
>script, which found them?
I found instances of embedding libbsd by searching for arc4random.c in
the Debian source code search engine[1] and manually filtering out
unrelated files.
As for the other ones, I spotted them while reading/fixing their code.
[1] http://walrus.rave.org/source/
--
Jakub Wilk
More information about the Secure-testing-team
mailing list