diff --git a/src/3rdparty/D3D12MemoryAllocator/qt_attribution.json b/src/3rdparty/D3D12MemoryAllocator/qt_attribution.json index 3bb1be825d2..a415b5adbc0 100644 --- a/src/3rdparty/D3D12MemoryAllocator/qt_attribution.json +++ b/src/3rdparty/D3D12MemoryAllocator/qt_attribution.json @@ -8,9 +8,11 @@ "Homepage": "https://github.com/GPUOpen-LibrariesAndSDKs/D3D12MemoryAllocator", "Version": "f128d39b7a95b4235bd228d231646278dc6c24b2", + "PURL": "pkg:github/GPUOpen-LibrariesAndSDKs/D3D12MemoryAllocator@f128d39b7a95b4235bd228d231646278dc6c24b2", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "LICENSE.txt", - "Copyright": "Copyright (c) 2019-2022 Advanced Micro Devices, Inc. All rights reserved." + "Copyright": "Copyright (c) 2019-2022 Advanced Micro Devices, Inc. All rights reserved.", + "Comment": "no relevant CPE found" } ] diff --git a/src/3rdparty/VulkanMemoryAllocator/qt_attribution.json b/src/3rdparty/VulkanMemoryAllocator/qt_attribution.json index 713fea87504..124299bafcf 100644 --- a/src/3rdparty/VulkanMemoryAllocator/qt_attribution.json +++ b/src/3rdparty/VulkanMemoryAllocator/qt_attribution.json @@ -8,9 +8,11 @@ "Homepage": "https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator", "Version": "3.1.0", + "PURL": "pkg:github/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator@v3.1.0", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "LICENSE.txt", - "Copyright": "Copyright (c) 2017-2024 Advanced Micro Devices, Inc. All rights reserved." + "Copyright": "Copyright (c) 2017-2024 Advanced Micro Devices, Inc. All rights reserved.", + "Comment": "no relevant CPE found" } ] diff --git a/src/3rdparty/android/qt_attribution.json b/src/3rdparty/android/qt_attribution.json index c1f89fd8bd9..9660cb17c79 100644 --- a/src/3rdparty/android/qt_attribution.json +++ b/src/3rdparty/android/qt_attribution.json @@ -7,5 +7,6 @@ "License": "Apache License 2.0", "LicenseId": "Apache-2.0", "LicenseFile": "LICENSE", - "Copyright": "Copyright (C) 2005 The Android Open Source Project" + "Copyright": "Copyright (C) 2005 The Android Open Source Project", + "Comment": "no relevant PURL or CPE found" } diff --git a/src/3rdparty/blake2/qt_attribution.json b/src/3rdparty/blake2/qt_attribution.json index ad1116f53ea..1b79392b05f 100644 --- a/src/3rdparty/blake2/qt_attribution.json +++ b/src/3rdparty/blake2/qt_attribution.json @@ -9,6 +9,8 @@ "Homepage": "https://blake2.net/", "Version": "54f4faa4c16ea34bcd59d16e8da46a64b259fc07", "DownloadLocation": "https://github.com/BLAKE2/BLAKE2/tree/54f4faa4c16ea34bcd59d16e8da46a64b259fc07", + "PURL": "pkg:github/BLAKE2/BLAKE2@54f4faa4c16ea34bcd59d16e8da46a64b259fc07", + "CPE": "cpe:2.3:a:blake2:blake2:*:*:*:*:*:*:*:*", "License": "Creative Commons Zero v1.0 Universal or Apache License 2.0", "LicenseId": "CC0-1.0 OR Apache-2.0", "LicenseFile": "COPYING", diff --git a/src/3rdparty/double-conversion/qt_attribution.json b/src/3rdparty/double-conversion/qt_attribution.json index 4166ccef322..c374d5ac4bc 100644 --- a/src/3rdparty/double-conversion/qt_attribution.json +++ b/src/3rdparty/double-conversion/qt_attribution.json @@ -7,6 +7,8 @@ "Homepage": "https://github.com/google/double-conversion", "Version": "3.3.0", "DownloadLocation": "https://github.com/google/double-conversion/releases/tag/v3.3.0", + "PURL": "pkg:github/google/double-conversion@v3.3.0", + "CPE": "cpe:2.3:a:google:double-conversion:3.3.0:*:*:*:*:*:*:*", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseId": "BSD-3-Clause", "LicenseFile": "LICENSE", diff --git a/src/3rdparty/easing/qt_attribution.json b/src/3rdparty/easing/qt_attribution.json index 1535efa585a..154d7a06038 100644 --- a/src/3rdparty/easing/qt_attribution.json +++ b/src/3rdparty/easing/qt_attribution.json @@ -5,7 +5,7 @@ "QtUsage": "Used in Qt Core (QEasingCurve).", "Files": "easing.cpp", - "Comment": "treat as final", + "Comment": "treat as final, no relevant PURL or CPE found", "Homepage": "http://robertpenner.com/easing/", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseId": "BSD-3-Clause", diff --git a/src/3rdparty/forkfd/qt_attribution.json b/src/3rdparty/forkfd/qt_attribution.json index 1b847791331..6ba54c18cb6 100644 --- a/src/3rdparty/forkfd/qt_attribution.json +++ b/src/3rdparty/forkfd/qt_attribution.json @@ -3,7 +3,7 @@ "Name": "forkfd", "QDocModule": "qtcore", "QtUsage": "Used on most Unix platforms in Qt Core.", - "Comment": "No upstream; treat as final", + "Comment": "No upstream; treat as final, no relevant PURL or CPE found", "Files": [ "forkfd.c", "forkfd.h", "forkfd_gcc.h" ], "License": "MIT License", diff --git a/src/3rdparty/freetype/qt_attribution.json b/src/3rdparty/freetype/qt_attribution.json index 6dd4bf1575a..26c7137251f 100644 --- a/src/3rdparty/freetype/qt_attribution.json +++ b/src/3rdparty/freetype/qt_attribution.json @@ -10,6 +10,12 @@ "Homepage": "http://www.freetype.org", "Version": "2.13.3", "DownloadLocation": "https://download.savannah.gnu.org/releases/freetype/freetype-2.13.3.tar.gz", + "PURL": [ + "pkg:github/freetype/freetype@VER-2-13-3" + ], + "CPE": [ + "cpe:2.3:a:freetype:freetype:2.13:3:*:*:*:*:*:*" + ], "License": "Freetype Project License or GNU General Public License v2.0 only", "LicenseId": "FTL OR GPL-2.0-only", diff --git a/src/3rdparty/gradle/qt_attribution.json b/src/3rdparty/gradle/qt_attribution.json index 26e39eab5b3..7c102945bed 100644 --- a/src/3rdparty/gradle/qt_attribution.json +++ b/src/3rdparty/gradle/qt_attribution.json @@ -6,6 +6,8 @@ "Homepage": "https://gradle.org", "Version": "8.10", "DownloadLocation": "https://github.com/gradle/gradle/releases/tag/v8.10.0", + "PURL": "pkg:github/gradle/gradle@v8.10.0", + "CPE": "cpe:2.3:a:gradle:gradle:8.10.0:*:*:*:*:*:*:*", "QtUsage": "Needed to create Android packages", "License": "Apache License 2.0", "LicenseId": "Apache-2.0", diff --git a/src/3rdparty/harfbuzz-ng/qt_attribution.json b/src/3rdparty/harfbuzz-ng/qt_attribution.json index b338da6bfeb..82f133443be 100644 --- a/src/3rdparty/harfbuzz-ng/qt_attribution.json +++ b/src/3rdparty/harfbuzz-ng/qt_attribution.json @@ -9,7 +9,8 @@ "Homepage": "http://harfbuzz.org", "Version": "10.1.0", "DownloadLocation": "https://github.com/harfbuzz/harfbuzz/releases/tag/10.1.0", - + "PURL": "pkg:github/harfbuzz/harfbuzz@10.1.0", + "CPE": "cpe:2.3:a:harfbuzz_project:harfbuzz:10.1.0:*:*:*:*:*:*:*", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "COPYING", diff --git a/src/3rdparty/icc/qt_attribution.json b/src/3rdparty/icc/qt_attribution.json index d2e68076714..3e46223fb59 100644 --- a/src/3rdparty/icc/qt_attribution.json +++ b/src/3rdparty/icc/qt_attribution.json @@ -6,9 +6,10 @@ "QtUsage": "Used in Qt Gui (Embedded into PDF/A-1b files generated by QPrinter/QPdfWriter).", "Files": "sRGB2014.icc", - "Comment": "No upstream: treat as final", + "Comment": "No upstream: treat as final, no relevant CPE found", "Description": "An ICC color profile for PDF/A-1b compatible PDF files.", "Homepage": "http://www.color.org/", + "PURL": "pkg:generic/icc-sRGB-color-profile?download_url=http://www.color.org/", "LicenseId": "LicenseRef-ICC-License", "License": "International Color Consortium License", "LicenseFile": "LICENSE.txt", diff --git a/src/3rdparty/libjpeg/qt_attribution.json b/src/3rdparty/libjpeg/qt_attribution.json index bff272dec99..b65fc7fb60c 100644 --- a/src/3rdparty/libjpeg/qt_attribution.json +++ b/src/3rdparty/libjpeg/qt_attribution.json @@ -9,6 +9,8 @@ "Homepage": "http://libjpeg-turbo.virtualgl.org/", "Version": "3.0.4", "DownloadLocation": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/3.0.4/libjpeg-turbo-3.0.4.tar.gz", + "PURL": "pkg:github/libjpeg-turbo/libjpeg-turbo@3.0.4", + "CPE": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:3.0.4:*:*:*:*:*:*:*", "License": "Independent JPEG Group License and BSD 3-Clause \"New\" or \"Revised\" License", "LicenseId": "IJG AND BSD-3-Clause", diff --git a/src/3rdparty/libpng/qt_attribution.json b/src/3rdparty/libpng/qt_attribution.json index 58b110e8e97..6d9995381ce 100644 --- a/src/3rdparty/libpng/qt_attribution.json +++ b/src/3rdparty/libpng/qt_attribution.json @@ -9,6 +9,8 @@ "Homepage": "http://www.libpng.org/pub/png/libpng.html", "Version": "1.6.44", "DownloadLocation": "https://download.sourceforge.net/libpng/libpng-1.6.44.tar.xz", + "PURL": "pkg:github/pnggroup/libpng@v1.6.44", + "CPE": "cpe:2.3:a:libpng:libpng:1.6.44:*:*:*:*:*:*:*", "License": "libpng License and PNG Reference Library version 2", "LicenseId": "Libpng AND libpng-2.0", diff --git a/src/3rdparty/libpsl/qt_attribution.json b/src/3rdparty/libpsl/qt_attribution.json index cb5ad65a4db..02d42edbc12 100644 --- a/src/3rdparty/libpsl/qt_attribution.json +++ b/src/3rdparty/libpsl/qt_attribution.json @@ -19,9 +19,10 @@ supported by Qt (by the QNetworkCookieJar class).", "Comment": "Consult https://github.com/publicsuffix/list for the sha1 but download from ...", "Homepage": "http://publicsuffix.org/", - "Comment": "Suggested update schedule: twice per year (before a 6.x.0 release)", + "Comment": "Suggested update schedule: twice per year (before a 6.x.0 release), no relevant CPE found", "Version": "903a83ff7bfc3148e3692e09396f9f3bdc9462ef, fetched on 2024-06-05", "DownloadLocation": "https://publicsuffix.org/list/public_suffix_list.dat", + "PURL": "pkg:generic/psl-data@903a83ff7bfc3148e3692e09396f9f3bdc9462ef?download_url=https://publicsuffix.org/list/public_suffix_list.dat", "License": "Mozilla Public License 2.0", "LicenseFile": "PSL-LICENSE.txt", @@ -38,9 +39,11 @@ supported by Qt (by the QNetworkCookieJar class).", to lookup entries in it.", "Homepage": "https://github.com/rockdaboot/libpsl", "Version": "664f3dc85259ec65e30248a61fa1c45b7b0e4c3f", + "PURL": "pkg:github/rockdaboot/libpsl@664f3dc85259ec65e30248a61fa1c45b7b0e4c3f", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseFile": "src/LICENSE.chromium", "LicenseId": "BSD-3-Clause", - "Copyright": "Copyright 2014-2016 The Chromium Authors. All rights reserved." + "Copyright": "Copyright 2014-2016 The Chromium Authors. All rights reserved.", + "Comment": "no relevant CPE found" } ] diff --git a/src/3rdparty/md4/qt_attribution.json b/src/3rdparty/md4/qt_attribution.json index f61d6b97c86..757c7996ab7 100644 --- a/src/3rdparty/md4/qt_attribution.json +++ b/src/3rdparty/md4/qt_attribution.json @@ -4,7 +4,7 @@ "QDocModule": "qtcore", "QtUsage": "Used in Qt Core (QCryptographicHash).", - "Comment": "Treat as final version; no upstream known", + "Comment": "Treat as final version; no upstream known, no relevant CPE or PURL found", "Description": "An OpenSSL-compatible implementation of the RSA Data Security, Inc. MD4 Message-Digest Algorithm.", "License": "Public Domain", "LicenseId": "CC0-1.0", diff --git a/src/3rdparty/md4c/qt_attribution.json b/src/3rdparty/md4c/qt_attribution.json index db53e2d12e1..59578e2eecf 100644 --- a/src/3rdparty/md4c/qt_attribution.json +++ b/src/3rdparty/md4c/qt_attribution.json @@ -12,5 +12,7 @@ "LicenseFile": "LICENSE.md", "Version": "0.5.2", "DownloadLocation": "https://github.com/mity/md4c/releases/tag/release-0.5.2", + "PURL": "pkg:github/mity/md4c@release-0.5.2", + "CPE": "cpe:2.3:a:md4c_project:md4c:0.5.2:*:*:*:*:*:*:*", "Copyright": "Copyright © 2016-2024 Martin Mitáš" } diff --git a/src/3rdparty/md5/qt_attribution.json b/src/3rdparty/md5/qt_attribution.json index 22165a6a0db..0c2f5feda8a 100644 --- a/src/3rdparty/md5/qt_attribution.json +++ b/src/3rdparty/md5/qt_attribution.json @@ -4,7 +4,7 @@ "QDocModule": "qtcore", "QtUsage": "Used in Qt Core (QCryptographicHash).", - "Comment": "Treat as final version; no upstream known", + "Comment": "Treat as final version; no upstream known, no relevant CPE or PURL found", "Description": "MD5 message-digest algorithm.", "License": "Public Domain", "LicenseId": "CC0-1.0", diff --git a/src/3rdparty/pcre2/CMakeLists.txt b/src/3rdparty/pcre2/CMakeLists.txt index 1e4bb72e0b2..f389566a31e 100644 --- a/src/3rdparty/pcre2/CMakeLists.txt +++ b/src/3rdparty/pcre2/CMakeLists.txt @@ -47,8 +47,6 @@ qt_internal_add_3rdparty_library(BundledPcre2 PCRE2_CODE_UNIT_WIDTH=16 PUBLIC_INCLUDE_DIRECTORIES $ - CPE_VENDOR "pcre" - CPE_PRODUCT "pcre2" ) qt_disable_warnings(BundledPcre2) qt_set_symbol_visibility_hidden(BundledPcre2) diff --git a/src/3rdparty/pcre2/qt_attribution.json b/src/3rdparty/pcre2/qt_attribution.json index d9dc1ae6976..9ac498650c3 100644 --- a/src/3rdparty/pcre2/qt_attribution.json +++ b/src/3rdparty/pcre2/qt_attribution.json @@ -10,6 +10,8 @@ "Homepage": "http://www.pcre.org/", "Version": "10.44", "DownloadLocation": "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.bz2", + "PURL": "pkg:github/PCRE2Project/pcre2@pcre2-10.44", + "CPE": "cpe:2.3:a:pcre:pcre2:10.44:*:*:*:*:*:*:*", "License": "BSD 3-clause \"New\" or \"Revised\" License with PCRE2 binary-like Packages Exception", "LicenseId": "LicenseRef-BSD-3-Clause-with-PCRE2-Binary-Like-Packages-Exception", "LicenseFile": "LICENCE", @@ -27,6 +29,8 @@ "Homepage": "http://www.pcre.org/", "Version": "10.44", "DownloadLocation": "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.bz2", + "PURL": "pkg:github/PCRE2Project/pcre2@10.44", + "CPE": "cpe:2.3:a:pcre:pcre2:10.44:*:*:*:*:*:*:*", "License": "BSD 2-clause \"Simplified\" License", "LicenseId": "BSD-2-Clause", "LicenseFile": "LICENCE-SLJIT", diff --git a/src/3rdparty/pixman/qt_attribution.json b/src/3rdparty/pixman/qt_attribution.json index 1268b2e22f4..8fe97b4199c 100644 --- a/src/3rdparty/pixman/qt_attribution.json +++ b/src/3rdparty/pixman/qt_attribution.json @@ -7,8 +7,10 @@ "Description": "pixman is a library that provides low-level pixel manipulation features such as image compositing and trapezoid rasterization.", "Homepage": "http://www.pixman.org/", "Version": "0.17.12", + "PURL": "pkg:generic/pixman@0.17.12?download_url=http://www.pixman.org/", "License": "MIT License", "LicenseFile": "LICENSE", "LicenseId": "MIT", - "Copyright": "Copyright © 2009 Nokia Corporation" + "Copyright": "Copyright © 2009 Nokia Corporation", + "Comment": "no relevant CPE found" } diff --git a/src/3rdparty/rfc6234/qt_attribution.json b/src/3rdparty/rfc6234/qt_attribution.json index 3876dc00b41..282590da0ba 100644 --- a/src/3rdparty/rfc6234/qt_attribution.json +++ b/src/3rdparty/rfc6234/qt_attribution.json @@ -4,7 +4,7 @@ "QDocModule": "qtcore", "QtUsage": "Used in Qt Core (QCryptographicHash and QMessageAuthenticationCode)", - "Comment": "The RFC actually contains the code, embedded in RFC-boilerplate; presumably we extracted it; treat as final", + "Comment": "The RFC actually contains the code, embedded in RFC-boilerplate; presumably we extracted it; treat as final, no relevant CPE or PURL found", "Description": "Implements the Secure Hash Algorithms SHA 384 and SHA-521", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseFile": "LICENSE", diff --git a/src/3rdparty/sha1/qt_attribution.json b/src/3rdparty/sha1/qt_attribution.json index 4530add814e..04933a27005 100644 --- a/src/3rdparty/sha1/qt_attribution.json +++ b/src/3rdparty/sha1/qt_attribution.json @@ -5,9 +5,11 @@ "QtUsage": "Used in Qt Core (QCryptographicHash).", "Description": "Implements the Secure Hash Algorithms SHA 1", + "PURL": "pkg:generic/csha1?download_url=https://www.dominik-reichl.de/projects/csha1/", "Homepage": "http://www.dominik-reichl.de/projects/csha1/", "License": "Public Domain", "LicenseId": "LicenseRef-SHA1-Public-Domain", "Copyright": ["Copyright (C) Dominik Reichl ", - "Copyright (C) 2016 The Qt Company Ltd"] + "Copyright (C) 2016 The Qt Company Ltd"], + "Comment": "no relevant CPE found" } diff --git a/src/3rdparty/sha3/qt_attribution.json b/src/3rdparty/sha3/qt_attribution.json index 1bd974144ba..c91e88affb6 100644 --- a/src/3rdparty/sha3/qt_attribution.json +++ b/src/3rdparty/sha3/qt_attribution.json @@ -8,11 +8,13 @@ "Files": "brg_endian.h", "Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.", - "Version": "https://github.com/BrianGladman/sha/ commit 4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228", + "Version": "4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228", + "PURL": "pkg:github/BrianGladman/sha@4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228", "License": "BSD 2-clause \"Simplified\" License", "LicenseFile": "BRG_ENDIAN_LICENSE", "LicenseId": "BSD-2-Clause", - "Copyright": "Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved." + "Copyright": "Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.", + "Comment": "no relevant CPE found" }, { "Id": "sha3_keccak", @@ -36,10 +38,12 @@ "Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.", "Version": "3.2", + "PURL": "pkg:generic/sha3_keccak@3.2?download_url=https://keccak.team/obsolete/KeccakReferenceAndOptimized-3.2.zip", "License": "Creative Commons Zero v1.0 Universal", "LicenseId": "CC0-1.0", "LicenseFile": "CC0_LICENSE", "Copyright": "Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.\nTo the extent possible under law, the implementers have waived all copyright -and related or neighboring rights to the source code in this file." +and related or neighboring rights to the source code in this file.", + "Comment": "no relevant CPE found" } ] diff --git a/src/3rdparty/siphash/qt_attribution.json b/src/3rdparty/siphash/qt_attribution.json index 9c74513e499..1687742f03f 100644 --- a/src/3rdparty/siphash/qt_attribution.json +++ b/src/3rdparty/siphash/qt_attribution.json @@ -8,6 +8,7 @@ "Description": "Implements the SipHash algorithm.", "Homepage": "https://131002.net/siphash/", "DownloadLocation": "https://raw.githubusercontent.com/veorq/SipHash/adcbf09b1684a718f594faa650ffc56bacdb0777/siphash24.c", + "PURL": "pkg:github/veorq/SipHash@adcbf09b1684a718f594faa650ffc56bacdb0777", "License": "Creative Commons Zero v1.0 Universal", "LicenseId": "CC0-1.0", @@ -15,5 +16,6 @@ "Copyright (C) 2012-2014 Jean-Philippe Aumasson", "Copyright (C) 2012-2014 Daniel J. Bernstein ", "Copyright (C) 2016 Intel Corporation" - ] + ], + "Comment": "no relevant CPE found" } diff --git a/src/3rdparty/sqlite/qt_attribution.json b/src/3rdparty/sqlite/qt_attribution.json index 0d2b2da5761..a09b7f461e9 100644 --- a/src/3rdparty/sqlite/qt_attribution.json +++ b/src/3rdparty/sqlite/qt_attribution.json @@ -8,6 +8,8 @@ "Description": "SQLite is a small C library that implements a self-contained, embeddable, zero-configuration SQL database engine.", "Homepage": "https://www.sqlite.org/", "Version": "3.47.0", + "PURL": "pkg:github/sqlite/sqlite@version-3.47.0", + "CPE": "cpe:2.3:a:sqlite:sqlite:3.47.0:*:*:*:*:*:*:*", "DownloadLocation": "https://www.sqlite.org/2024/sqlite-amalgamation-3470000.zip", "License": "SQLite Blessing", "LicenseId": "blessing", diff --git a/src/3rdparty/tinycbor/qt_attribution.json b/src/3rdparty/tinycbor/qt_attribution.json index b19c57904b4..9bebd487615 100644 --- a/src/3rdparty/tinycbor/qt_attribution.json +++ b/src/3rdparty/tinycbor/qt_attribution.json @@ -11,6 +11,8 @@ "LicenseId": "MIT", "LicenseFile": "LICENSE", "DownloadLocation": "https://github.com/intel/tinycbor/archive/v0.6.0/tinycbor-0.6.0.tar.gz", + "PURL": "pkg:github/intel/tinycbor@v0.6.0", + "CPE": "cpe:2.3:a:tinycbor:tinycbor:0.6.0:*:*:*:*:*:*:*", "Version": "0.6.0", "Copyright": "Copyright (C) 2015-2021 Intel Corporation" } diff --git a/src/3rdparty/wasm/qt_attribution.json b/src/3rdparty/wasm/qt_attribution.json index 8cf67cefb7b..7d5015eb9a1 100644 --- a/src/3rdparty/wasm/qt_attribution.json +++ b/src/3rdparty/wasm/qt_attribution.json @@ -9,11 +9,13 @@ "Homepage": "https://dejavu-fonts.github.io/", "Version": "2.37", + "PURL": "pkg:generic/dejayvu@2.37?download_url=https://dejavu-fonts.github.io/", "License": "Bitstream Vera Font License", "LicenseId": "Bitstream-Vera", "LicenseFile": "DEJAVU-LICENSE", "Copyright": ["Copyright (c) 2003 by Bitstream, Inc", "Copyright (c) 2006 by Tavmjong Bah", - "(c) American Mathematical Society"] + "(c) American Mathematical Society"], + "Comment": "no relevant CPE found" } ] diff --git a/src/3rdparty/wintab/qt_attribution.json b/src/3rdparty/wintab/qt_attribution.json index 82670f8fa2f..6c3a0ef6fe6 100644 --- a/src/3rdparty/wintab/qt_attribution.json +++ b/src/3rdparty/wintab/qt_attribution.json @@ -6,7 +6,7 @@ "Files": ["pktdef.h", "wintab.h"], "Description": "Wintab is a de facto API for pointing devices on Windows.", - "PackageComment": "Upstream http://www.pointing.com/Wintab.html no longer offers updates; treat as final", + "PackageComment": "Upstream http://www.pointing.com/Wintab.html no longer offers updates; treat as final, no relevant CPE and PURL found", "License": "LCS-Telegraphics License", "LicenseId": "LicenseRef-Lcs-Telegraphics", "Copyright": "Copyright 1991-1998 by LCS/Telegraphics." diff --git a/src/3rdparty/xcb/qt_attribution.json b/src/3rdparty/xcb/qt_attribution.json index dce3977905c..26dc030a3ee 100644 --- a/src/3rdparty/xcb/qt_attribution.json +++ b/src/3rdparty/xcb/qt_attribution.json @@ -7,10 +7,12 @@ the system, pass -no-bundled-xcb-xinput.", "Description": "XInput 2 extension for XCB (The X protocol C-language Binding) library.", "Homepage": "https://xcb.freedesktop.org/", + "PURL": "pkg:generic/xcb-xinput?download_url=http://xcb.freedesktop.org/", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "LICENSE", "Copyright": ["Copyright (C) 2001-2006 Bart Massey, Jamey Sharp, and Josh Triplett.", "Copyright (C) 2006 Peter Hutterer", - "Copyright (C) 2013 Daniel Martin"] + "Copyright (C) 2013 Daniel Martin"], + "Comment": "no relevant CPE found" } diff --git a/src/3rdparty/zlib/qt_attribution.json b/src/3rdparty/zlib/qt_attribution.json index 88ed202db14..c4ed4de2ddd 100644 --- a/src/3rdparty/zlib/qt_attribution.json +++ b/src/3rdparty/zlib/qt_attribution.json @@ -9,6 +9,8 @@ "Homepage": "https://zlib.net/", "Version": "1.3.1", "DownloadLocation": "https://github.com/madler/zlib/releases/download/v1.3.1/zlib-1.3.1.tar.gz", + "PURL": "pkg:github/madler/zlib@v1.3.1", + "CPE": "cpe:2.3:a:zlib:zlib:1.3.1:*:*:*:*:*:*:*", "License": "zlib License", "LicenseId": "Zlib", diff --git a/src/corelib/kernel/qt_attribution.json b/src/corelib/kernel/qt_attribution.json index 86ca3a26640..32292460115 100644 --- a/src/corelib/kernel/qt_attribution.json +++ b/src/corelib/kernel/qt_attribution.json @@ -5,7 +5,7 @@ "QtUsage": "Used in Qt Core on macOS.", "Files": "qeventdispatcher_cf_p.h", - "Comment": "Treat as final version; no upstream known", + "Comment": "Treat as final version; no upstream known, no relevant CPE and PURL found", "Description": "Implementation of QAbstractEventDispatcher for macOS.", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseId": "BSD-3-Clause", diff --git a/src/corelib/mimetypes/3rdparty/qt_attribution.json b/src/corelib/mimetypes/3rdparty/qt_attribution.json index 0efdf1b46c3..bb9828595d6 100644 --- a/src/corelib/mimetypes/3rdparty/qt_attribution.json +++ b/src/corelib/mimetypes/3rdparty/qt_attribution.json @@ -19,6 +19,8 @@ "Version": "5101bc7fb090ed7deffe56837d7633c9485a1e5d", "DownloadLocation": "https://github.com/apache/tika/blob/5101bc7fb090ed7deffe56837d7633c9485a1e5d/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml", + "PURL": "pkg:github/apache/tika@5101bc7fb090ed7deffe56837d7633c9485a1e5d#tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml", + "CPE": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*", "License": "Apache License 2.0", "LicenseId": "Apache-2.0", "Copyright": "Copyright 2024 The Apache Software Foundation" diff --git a/src/corelib/text/qt_attribution.json b/src/corelib/text/qt_attribution.json index 5efda8db747..875f53944db 100644 --- a/src/corelib/text/qt_attribution.json +++ b/src/corelib/text/qt_attribution.json @@ -4,7 +4,10 @@ "Name": "Unicode Character Database (UCD)", "QDocModule": "qtcore", "QtUsage": "Qt Core uses data obtained from UCD files for working with characters and strings.", - "Comment": { "Files": "For update, see qtbase/util/unicode/README" }, + "Comment": { + "Files": "For update, see qtbase/util/unicode/README", + "General": "no relevant CPE and PURL found" + }, "Files": [ "qunicodetables_p.h", "qunicodetables.cpp" ], "Description": "The Unicode Character Database (UCD) is a set of files that @@ -24,7 +27,10 @@ "Name": "Unicode Common Locale Data Repository (CLDR)", "QDocModule": "qtcore", "QtUsage": "Used in Qt Core (QTimeZone, QLocale).", - "Comment": { "Files": "For update, see qtbase/util/locale_database/cldr2qlocalexml.py" }, + "Comment": { + "Files": "For update, see qtbase/util/locale_database/cldr2qlocalexml.py", + "General": "no relevant CPE and PURL found" + }, "Files": [ "qlocale_data_p.h", "../time/qtimezoneprivate_data_p.h", "../time/qtimezonelocale_data_p.h", "../time/qhijricalendar_data_p.h", "../time/qjalalicalendar_data_p.h", diff --git a/src/dbus/qt_attribution.json b/src/dbus/qt_attribution.json index a4c4446862f..ee565760f11 100644 --- a/src/dbus/qt_attribution.json +++ b/src/dbus/qt_attribution.json @@ -8,11 +8,13 @@ "Homepage": "https://www.freedesktop.org/wiki/Software/dbus/", "Version": "Minimal supported is 1.2, compatible up to ...", "Version": "dbus-1.13.12", + "PURL": "pkg:github/d-bus/dbus@dbus-1.13.12", "LicenseId": "AFL-2.1 OR GPL-2.0-or-later", "License": "Academic Free License v2.1, or GNU General Public License v2.0 or later", "LicenseFile": "LIBDBUS-1-LICENSE.txt", "Comment": "Fragments from various upstream files, see comments in ...", "Files": "dbus_minimal_p.h", "Copyright": ["Copyright (C) 2002, 2003 CodeFactory AB", - "Copyright (C) 2004, 2005 Red Hat, Inc."] + "Copyright (C) 2004, 2005 Red Hat, Inc."], + "Comment": "no relevant CPE found" } diff --git a/src/gui/opengl/qt_attribution.json b/src/gui/opengl/qt_attribution.json index 44310980e2a..64fdd22cf4e 100644 --- a/src/gui/opengl/qt_attribution.json +++ b/src/gui/opengl/qt_attribution.json @@ -9,10 +9,12 @@ "Homepage": "https://www.khronos.org/", "Version": "Revision 27684", + "PURL": "pkg:generic/khronos-opengl-headers?download_url=https://www.khronos.org/?revision=27684", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "KHRONOS_LICENSE.txt", - "Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc." + "Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc.", + "Comment": "no relevant CPE found" }, { "Id": "opengl-es2-headers", @@ -24,9 +26,11 @@ "Homepage": "https://www.khronos.org/", "Version": "Revision 27673", + "PURL": "pkg:generic/khronos-opengl-es2-headers?download_url=https://www.khronos.org/?revision=27673", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "KHRONOS_LICENSE.txt", - "Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc." + "Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc.", + "Comment": "no relevant CPE found" } ] diff --git a/src/gui/painting/qt_attribution.json b/src/gui/painting/qt_attribution.json index 33ed2fd5c7b..74ab387133d 100644 --- a/src/gui/painting/qt_attribution.json +++ b/src/gui/painting/qt_attribution.json @@ -8,10 +8,12 @@ "Description": "FreeType is a freely available software library to render fonts.", "Homepage": "http://www.freetype.org", + "PURL": "pkg:generic/freetype-grayraster?download_url=https://www.freetype.org/", "License": "Freetype Project License or GNU General Public License v2.0 only", "LicenseId": "FTL OR GPL-2.0-only", "LicenseFile": "../../3rdparty/freetype/LICENSE.txt", - "Copyright": "Copyright 2000-2016 by David Turner, Robert Wilhelm, and Werner Lemberg." + "Copyright": "Copyright 2000-2016 by David Turner, Robert Wilhelm, and Werner Lemberg.", + "Comment": "no relevant CPE found" }, { "Id": "smooth-scaling-algorithm", @@ -26,7 +28,8 @@ "LicenseFile": "QIMAGETRANSFORM_LICENSE.txt", "Copyright": ["Copyright (C) 2004, 2005 Daniel M. Duley.", "(C) Carsten Haitzler and various contributors.", - "(C) Willem Monsuwe "] + "(C) Willem Monsuwe "], + "Comment": "no relevant CPE or PURL found" }, { "Id": "xserverhelper", @@ -37,10 +40,12 @@ "Description": "Code from X11's region.h, Region.c, poly.h, and PolyReg.c", "Homepage": "https://www.x.org/", + "PURL": "pkg:generic/xserverhelper?download_url=https://www.x.org/", "License": "X11 License and Historical Permission Notice and Disclaimer", "LicenseId": "X11 AND HPND", "LicenseFile": "XCONSORTIUM_LICENSE.txt", "Copyright": ["Copyright (c) 1987, 1988 X Consortium", - "Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts."] + "Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts."], + "Comment": "no relevant CPE found" } ] diff --git a/src/gui/rhi/qt_attribution.json b/src/gui/rhi/qt_attribution.json index e9329d41582..4e3a4ff3589 100644 --- a/src/gui/rhi/qt_attribution.json +++ b/src/gui/rhi/qt_attribution.json @@ -9,9 +9,11 @@ "Homepage": "https://github.com/microsoft/DirectX-Graphics-Samples", "Version": "0aa79bad78992da0b6a8279ddb9002c1753cb849", + "PURL": "pkg:github/microsoft/DirectX-Graphics-Samples@0aa79bad78992da0b6a8279ddb9002c1753cb849", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "MiniEngine_LICENSE.txt", - "Copyright": "Copyright (c) 2015 Microsoft" + "Copyright": "Copyright (c) 2015 Microsoft", + "Comment": "no relevant CPE found" } ] diff --git a/src/gui/text/qt_attribution.json b/src/gui/text/qt_attribution.json index f4998da6ea8..822dbdb953b 100644 --- a/src/gui/text/qt_attribution.json +++ b/src/gui/text/qt_attribution.json @@ -9,9 +9,11 @@ "Homepage": "https://github.com/adobe-type-tools/agl-aglfn", "Version": "1.7", + "PURL": "pkg:github/adobe-type-tools/agl-aglfn@1.7", "License": "BSD 3-Clause \"New\" or \"Revised\" License", "LicenseId": "BSD-3-Clause", "LicenseFile": "AGLFN_LICENSE.txt", - "Copyright": "Copyright 2002, 2003, 2005, 2006, 2008, 2010, 2015 Adobe Systems" + "Copyright": "Copyright 2002, 2003, 2005, 2006, 2008, 2010, 2015 Adobe Systems", + "Comment": "no relevant CPE found" } ] diff --git a/src/gui/vulkan/qt_attribution.json b/src/gui/vulkan/qt_attribution.json index b49e59954d2..375fcdb10ce 100644 --- a/src/gui/vulkan/qt_attribution.json +++ b/src/gui/vulkan/qt_attribution.json @@ -8,6 +8,8 @@ "Files": "vk.xml", "Homepage": "https://www.khronos.org/", + "PURL": "pkg:github/KhronosGroup/Vulkan-Docs@v1.3.223?download_url=https://github.com/KhronosGroup/Vulkan-Docs/blob/v1.3.223/xml/vk.xml", + "CPE": "cpe:2.3:a:khronos:vulkan:1.3.223:*:*:*:*:*:*:*", "Version": "1.3.223", "License": "Apache License 2.0 or MIT License", "LicenseId": "Apache-2.0 OR MIT", diff --git a/src/plugins/platforms/cocoa/qt_attribution.json b/src/plugins/platforms/cocoa/qt_attribution.json index 1da0d7e3708..615f24d0381 100644 --- a/src/plugins/platforms/cocoa/qt_attribution.json +++ b/src/plugins/platforms/cocoa/qt_attribution.json @@ -9,5 +9,6 @@ "LicenseId": "BSD-3-Clause", "License": "BSD 3-clause \"New\" or \"Revised\" License", "LicenseFile": "COCOA_LICENSE.txt", - "Copyright": "Copyright (c) 2007-2008, Apple, Inc." + "Copyright": "Copyright (c) 2007-2008, Apple, Inc.", + "Comment": "no relevant CPE or PURL found" } diff --git a/src/testlib/3rdparty/catch2/qt_attribution.json b/src/testlib/3rdparty/catch2/qt_attribution.json index 7c3b1618d79..8bac8bc2bb8 100644 --- a/src/testlib/3rdparty/catch2/qt_attribution.json +++ b/src/testlib/3rdparty/catch2/qt_attribution.json @@ -4,13 +4,17 @@ "Name": "Catch2", "QDocModule": "qttestlib", "QtUsage": "Used for testing of the Qt Test module.", - "Comment": { "UpstreamFile": "single_include/catch2/catch.hpp", - "Generator": "scripts/generateSingleHeader.py" }, + "Comment": { + "UpstreamFile": "single_include/catch2/catch.hpp", + "Generator": "scripts/generateSingleHeader.py", + "General": "no relevant CPE found" + }, "Files": "catch_p.h", "Description": "Catch2 is a multi-paradigm test framework for C++.", "Homepage": "https://github.com/catchorg/Catch2", "Version": "2.13.10", + "PURL": "pkg:github/catchorg/Catch2@v2.13.10", "License": "Boost Software License 1.0", "LicenseId": "BSL-1.0", "LicenseFile": "LICENSE.txt", diff --git a/src/testlib/3rdparty/cycle/qt_attribution.json b/src/testlib/3rdparty/cycle/qt_attribution.json index 89773e39c7e..dab1de85f60 100644 --- a/src/testlib/3rdparty/cycle/qt_attribution.json +++ b/src/testlib/3rdparty/cycle/qt_attribution.json @@ -12,13 +12,15 @@ "01-rename-ticks.patch", "02-preprocesor-checks.patch", "03-parisc-compile.patch" - ] + ], + "General": "no relevant CPE found" }, "Files": "cycle_p.h", "Description": "Allows to access the CPU's cycle counters.", "Homepage": "http://fftw.org/", "Version": "3.3.10", + "PURL": "pkg:github/FFTW/fftw3@fftw-3.3.10", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "LICENSE.txt", diff --git a/src/testlib/3rdparty/linux/qt_attribution.json b/src/testlib/3rdparty/linux/qt_attribution.json index 07e82490580..8fbd0408c79 100644 --- a/src/testlib/3rdparty/linux/qt_attribution.json +++ b/src/testlib/3rdparty/linux/qt_attribution.json @@ -11,13 +11,15 @@ "Not normally needed unless", "New feature in QtTest needs something in a newer version", "or if a Linux port to some new architecture omits old API" - ] + ], + "General": "no relevant CPE found" }, "Files": "perf_event_p.h", "Description": "Allows access to the Linux kernel's performance events.", "Homepage": "https://www.kernel.org", "Version": "6.0", + "PURL": "pkg:github/torvalds/linux@v6.0#include/uapi/linux/perf_event.h", "License": "GNU General Public License v2.0 only with Linux Syscall Note", "LicenseId": "GPL-2.0-only WITH Linux-syscall-note", "LicenseFile": "LICENSE.txt", diff --git a/src/testlib/3rdparty/valgrind/qt_attribution.json b/src/testlib/3rdparty/valgrind/qt_attribution.json index f1ea241f803..8078274d690 100644 --- a/src/testlib/3rdparty/valgrind/qt_attribution.json +++ b/src/testlib/3rdparty/valgrind/qt_attribution.json @@ -5,12 +5,14 @@ "QDocModule": "qttestlib", "QtUsage": "Used on Linux ond MacOS in the Qt Test module.", "Comment": { "UpstreamFiles": [ "include/valgrind.h.in", "callgrind/callgrind.h" ], - "License": "These two files are BSD; the rest of valgrind is GPL" }, + "License": "These two files are BSD; the rest of valgrind is GPL", + "General": "no relevant CPE found" }, "Files": [ "valgrind_p.h", "callgrind_p.h" ], "Description": "An instrumentation framework for building dynamic analysis tools.", "Homepage": "http://valgrind.org/", "Version": "3.23.0", + "PURL": "pkg:generic/valgrind@3.23.0?download_url=https://valgrind.org/", "License": "BSD 4-clause \"Original\" or \"Old\" License", "LicenseId": "BSD-4-Clause", "LicenseFile": "LICENSE.txt", diff --git a/util/gradientgen/qt_attribution.json b/util/gradientgen/qt_attribution.json index e3a70a7404e..25c382c7d27 100644 --- a/util/gradientgen/qt_attribution.json +++ b/util/gradientgen/qt_attribution.json @@ -8,6 +8,7 @@ "Description": "WebGradients is a free collection of 180 linear gradients.", "Homepage": "https://webgradients.com/", + "PURL": "pkg:generic/webgradients?download_url=https://webgradients.com/", "License": "MIT License", "LicenseId": "MIT", "LicenseFile": "WEBGRADIENTS_LICENSE.txt",