1berry/qtbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMake: Add PURL and CPE info to 3rd party attribution files

Browse Source 
The change adds CPE and PURL keys to all qt_attribution.json files in
the repo.

In case if no sensible CPE or PURL exists, a "Comment" field is added
with the text "no relevant CPE or PURL found". If only one of them
does not exist, it is written as such in the Comment field.

This allows filtering for files that haven't had the information added
yet vs those that were looked up but no relevant information was
found.

For sources that are not hosted on github, a generic PURL is used with
a download_url fragment pointing either to the exact location where
the sources can be downloaded, or to the homepage of the project.
The generic package name was chosen based on the 'Id' key of the
attribution entry where it was present, and is not authoritative.

For PURL github packages, the 'git tag' name was specified into the
'version' part of the PURL, rather than the 'version number', because
SBOM processing tooling handle that better than the version number.
For example for the freetype package, we specify the string
'VER-2-13-3' rather than the tag name '2.13.3'.
We might revisit this in the future.

[ChangeLog][Third-Party Code] Added PURL and CPE information to the
attribution files of 3rd party sources.

Task-number: QTBUG-122899
Task-number: QTBUG-129602
Change-Id: Iad126242cafc3ea0b678c5c36b26f857039b1dbd
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
(cherry picked from commit 36dca3c04f759449f74008a3e79021a179b0f35e)
This commit is contained in:
Alexandru Croitor 2024-07-24 17:33:17 +02:00
parent f3aabe7ed5
commit e2ba5d9053
45 changed files with 127 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/3rdparty/D3D12MemoryAllocator/qt_attribution.json vendored
View File

@ -8,9 +8,11 @@
"Homepage": "https://github.com/GPUOpen-LibrariesAndSDKs/D3D12MemoryAllocator",
"Version": "f128d39b7a95b4235bd228d231646278dc6c24b2",
"PURL": "pkg:github/GPUOpen-LibrariesAndSDKs/D3D12MemoryAllocator@f128d39b7a95b4235bd228d231646278dc6c24b2",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "LICENSE.txt",
"Copyright": "Copyright (c) 2019-2022 Advanced Micro Devices, Inc. All rights reserved."
"Copyright": "Copyright (c) 2019-2022 Advanced Micro Devices, Inc. All rights reserved.",
"Comment": "no relevant CPE found"
}
]

4
src/3rdparty/VulkanMemoryAllocator/qt_attribution.json vendored
View File

@ -8,9 +8,11 @@
"Homepage": "https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator",
"Version": "3.0.1",
"PURL": "pkg:github/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator@v3.0.1",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "LICENSE.txt",
"Copyright": "Copyright (c) 2017-2022 Advanced Micro Devices, Inc. All rights reserved."
"Copyright": "Copyright (c) 2017-2024 Advanced Micro Devices, Inc. All rights reserved.",
"Comment": "no relevant CPE found"
}
]

3
src/3rdparty/android/qt_attribution.json vendored
View File

@ -7,5 +7,6 @@
"License": "Apache License 2.0",
"LicenseId": "Apache-2.0",
"LicenseFile": "LICENSE",
"Copyright": "Copyright (C) 2005 The Android Open Source Project"
"Copyright": "Copyright (C) 2005 The Android Open Source Project",
"Comment": "no relevant PURL or CPE found"
}

2
src/3rdparty/blake2/qt_attribution.json vendored
View File

@ -9,6 +9,8 @@
"Homepage": "https://blake2.net/",
"Version": "54f4faa4c16ea34bcd59d16e8da46a64b259fc07",
"DownloadLocation": "https://github.com/BLAKE2/BLAKE2/tree/54f4faa4c16ea34bcd59d16e8da46a64b259fc07",
"PURL": "pkg:github/BLAKE2/BLAKE2@54f4faa4c16ea34bcd59d16e8da46a64b259fc07",
"CPE": "cpe:2.3:a:blake2:blake2:*:*:*:*:*:*:*:*",
"License": "Creative Commons Zero v1.0 Universal or Apache License 2.0",
"LicenseId": "CC0-1.0 OR Apache-2.0",
"LicenseFile": "COPYING",

2
src/3rdparty/double-conversion/qt_attribution.json vendored
View File

@ -7,6 +7,8 @@
"Homepage": "https://github.com/google/double-conversion",
"Version": "3.3.0",
"DownloadLocation": "https://github.com/google/double-conversion/releases/tag/v3.3.0",
"PURL": "pkg:github/google/double-conversion@v3.3.0",
"CPE": "cpe:2.3:a:google:double-conversion:3.3.0:*:*:*:*:*:*:*",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseId": "BSD-3-Clause",
"LicenseFile": "LICENSE",

2
src/3rdparty/easing/qt_attribution.json vendored
View File

@ -5,7 +5,7 @@
"QtUsage": "Used in Qt Core (QEasingCurve).",
"Files": "easing.cpp",
"Comment": "treat as final",
"Comment": "treat as final, no relevant PURL or CPE found",
"Homepage": "http://robertpenner.com/easing/",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseId": "BSD-3-Clause",

2
src/3rdparty/forkfd/qt_attribution.json vendored
View File

@ -3,7 +3,7 @@
"Name": "forkfd",
"QDocModule": "qtcore",
"QtUsage": "Used on most Unix platforms in Qt Core.",
"Comment": "No upstream; treat as final",
"Comment": "No upstream; treat as final, no relevant PURL or CPE found",
"Files": [ "forkfd.c", "forkfd.h", "forkfd_gcc.h" ],
"License": "MIT License",

6
src/3rdparty/freetype/qt_attribution.json vendored
View File

@ -10,6 +10,12 @@
"Homepage": "http://www.freetype.org",
"Version": "2.13.3",
"DownloadLocation": "https://download.savannah.gnu.org/releases/freetype/freetype-2.13.3.tar.gz",
"PURL": [
"pkg:github/freetype/freetype@VER-2-13-3"
],
"CPE": [
"cpe:2.3:a:freetype:freetype:2.13:3:*:*:*:*:*:*"
],
"License": "Freetype Project License or GNU General Public License v2.0 only",
"LicenseId": "FTL OR GPL-2.0-only",

2
src/3rdparty/gradle/qt_attribution.json vendored
View File

@ -6,6 +6,8 @@
"Homepage": "https://gradle.org",
"Version": "8.10",
"DownloadLocation": "https://github.com/gradle/gradle/releases/tag/v8.10.0",
"PURL": "pkg:github/gradle/gradle@v8.10.0",
"CPE": "cpe:2.3:a:gradle:gradle:8.10.0:*:*:*:*:*:*:*",
"QtUsage": "Needed to create Android packages",
"License": "Apache License 2.0",
"LicenseId": "Apache-2.0",

3
src/3rdparty/harfbuzz-ng/qt_attribution.json vendored
View File

@ -9,7 +9,8 @@
"Homepage": "http://harfbuzz.org",
"Version": "10.1.0",
"DownloadLocation": "https://github.com/harfbuzz/harfbuzz/releases/tag/10.1.0",
"PURL": "pkg:github/harfbuzz/harfbuzz@10.1.0",
"CPE": "cpe:2.3:a:harfbuzz_project:harfbuzz:10.1.0:*:*:*:*:*:*:*",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "COPYING",

3
src/3rdparty/icc/qt_attribution.json vendored
View File

@ -6,9 +6,10 @@
"QtUsage": "Used in Qt Gui (Embedded into PDF/A-1b files generated by QPrinter/QPdfWriter).",
"Files": "sRGB2014.icc",
"Comment": "No upstream: treat as final",
"Comment": "No upstream: treat as final, no relevant CPE found",
"Description": "An ICC color profile for PDF/A-1b compatible PDF files.",
"Homepage": "http://www.color.org/",
"PURL": "pkg:generic/icc-sRGB-color-profile?download_url=http://www.color.org/",
"LicenseId": "LicenseRef-ICC-License",
"License": "International Color Consortium License",
"LicenseFile": "LICENSE.txt",

2
src/3rdparty/libjpeg/qt_attribution.json vendored
View File

@ -9,6 +9,8 @@
"Homepage": "http://libjpeg-turbo.virtualgl.org/",
"Version": "3.0.4",
"DownloadLocation": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/3.0.4/libjpeg-turbo-3.0.4.tar.gz",
"PURL": "pkg:github/libjpeg-turbo/libjpeg-turbo@3.0.4",
"CPE": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:3.0.4:*:*:*:*:*:*:*",
"License": "Independent JPEG Group License and BSD 3-Clause \"New\" or \"Revised\" License",
"LicenseId": "IJG AND BSD-3-Clause",

2
src/3rdparty/libpng/qt_attribution.json vendored
View File

@ -9,6 +9,8 @@
"Homepage": "http://www.libpng.org/pub/png/libpng.html",
"Version": "1.6.44",
"DownloadLocation": "https://download.sourceforge.net/libpng/libpng-1.6.44.tar.xz",
"PURL": "pkg:github/pnggroup/libpng@v1.6.44",
"CPE": "cpe:2.3:a:libpng:libpng:1.6.44:*:*:*:*:*:*:*",
"License": "libpng License and PNG Reference Library version 2",
"LicenseId": "Libpng AND libpng-2.0",

7
src/3rdparty/libpsl/qt_attribution.json vendored
View File

@ -19,9 +19,10 @@ supported by Qt (by the QNetworkCookieJar class).",
"Comment": "Consult https://github.com/publicsuffix/list for the sha1 but download from ...",
"Homepage": "http://publicsuffix.org/",
"Comment": "Suggested update schedule: twice per year (before a 6.x.0 release)",
"Comment": "Suggested update schedule: twice per year (before a 6.x.0 release), no relevant CPE found",
"Version": "903a83ff7bfc3148e3692e09396f9f3bdc9462ef, fetched on 2024-06-05",
"DownloadLocation": "https://publicsuffix.org/list/public_suffix_list.dat",
"PURL": "pkg:generic/psl-data@903a83ff7bfc3148e3692e09396f9f3bdc9462ef?download_url=https://publicsuffix.org/list/public_suffix_list.dat",
"License": "Mozilla Public License 2.0",
"LicenseFile": "PSL-LICENSE.txt",
@ -38,9 +39,11 @@ supported by Qt (by the QNetworkCookieJar class).",
to lookup entries in it.",
"Homepage": "https://github.com/rockdaboot/libpsl",
"Version": "664f3dc85259ec65e30248a61fa1c45b7b0e4c3f",
"PURL": "pkg:github/rockdaboot/libpsl@664f3dc85259ec65e30248a61fa1c45b7b0e4c3f",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseFile": "src/LICENSE.chromium",
"LicenseId": "BSD-3-Clause",
"Copyright": "Copyright 2014-2016 The Chromium Authors. All rights reserved."
"Copyright": "Copyright 2014-2016 The Chromium Authors. All rights reserved.",
"Comment": "no relevant CPE found"
}
]

2
src/3rdparty/md4/qt_attribution.json vendored
View File

@ -4,7 +4,7 @@
"QDocModule": "qtcore",
"QtUsage": "Used in Qt Core (QCryptographicHash).",
"Comment": "Treat as final version; no upstream known",
"Comment": "Treat as final version; no upstream known, no relevant CPE or PURL found",
"Description": "An OpenSSL-compatible implementation of the RSA Data Security, Inc. MD4 Message-Digest Algorithm.",
"License": "Public Domain",
"LicenseId": "CC0-1.0",

2
src/3rdparty/md4c/qt_attribution.json vendored
View File

@ -12,5 +12,7 @@
"LicenseFile": "LICENSE.md",
"Version": "0.5.2",
"DownloadLocation": "https://github.com/mity/md4c/releases/tag/release-0.5.2",
"PURL": "pkg:github/mity/md4c@release-0.5.2",
"CPE": "cpe:2.3:a:md4c_project:md4c:0.5.2:*:*:*:*:*:*:*",
"Copyright": "Copyright © 2016-2024 Martin Mitáš"
}

2
src/3rdparty/md5/qt_attribution.json vendored
View File

@ -4,7 +4,7 @@
"QDocModule": "qtcore",
"QtUsage": "Used in Qt Core (QCryptographicHash).",
"Comment": "Treat as final version; no upstream known",
"Comment": "Treat as final version; no upstream known, no relevant CPE or PURL found",
"Description": "MD5 message-digest algorithm.",
"License": "Public Domain",
"LicenseId": "CC0-1.0",

2
src/3rdparty/pcre2/CMakeLists.txt vendored
View File

@ -45,8 +45,6 @@ qt_internal_add_3rdparty_library(BundledPcre2
PCRE2_CODE_UNIT_WIDTH=16
PUBLIC_INCLUDE_DIRECTORIES
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/src>
CPE_VENDOR "pcre"
CPE_PRODUCT "pcre2"
)
qt_disable_warnings(BundledPcre2)
qt_set_symbol_visibility_hidden(BundledPcre2)

4
src/3rdparty/pcre2/qt_attribution.json vendored
View File

@ -10,6 +10,8 @@
"Homepage": "http://www.pcre.org/",
"Version": "10.44",
"DownloadLocation": "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.bz2",
"PURL": "pkg:github/PCRE2Project/pcre2@pcre2-10.44",
"CPE": "cpe:2.3:a:pcre:pcre2:10.44:*:*:*:*:*:*:*",
"License": "BSD 3-clause \"New\" or \"Revised\" License with PCRE2 binary-like Packages Exception",
"LicenseId": "LicenseRef-BSD-3-Clause-with-PCRE2-Binary-Like-Packages-Exception",
"LicenseFile": "LICENCE",
@ -27,6 +29,8 @@
"Homepage": "http://www.pcre.org/",
"Version": "10.44",
"DownloadLocation": "https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.44/pcre2-10.44.tar.bz2",
"PURL": "pkg:github/PCRE2Project/pcre2@10.44",
"CPE": "cpe:2.3:a:pcre:pcre2:10.44:*:*:*:*:*:*:*",
"License": "BSD 2-clause \"Simplified\" License",
"LicenseId": "BSD-2-Clause",
"LicenseFile": "LICENCE-SLJIT",

4
src/3rdparty/pixman/qt_attribution.json vendored
View File

@ -7,8 +7,10 @@
"Description": "pixman is a library that provides low-level pixel manipulation features such as image compositing and trapezoid rasterization.",
"Homepage": "http://www.pixman.org/",
"Version": "0.17.12",
"PURL": "pkg:generic/pixman@0.17.12?download_url=http://www.pixman.org/",
"License": "MIT License",
"LicenseFile": "LICENSE",
"LicenseId": "MIT",
"Copyright": "Copyright © 2009 Nokia Corporation"
"Copyright": "Copyright © 2009 Nokia Corporation",
"Comment": "no relevant CPE found"
}

2
src/3rdparty/rfc6234/qt_attribution.json vendored
View File

@ -4,7 +4,7 @@
"QDocModule": "qtcore",
"QtUsage": "Used in Qt Core (QCryptographicHash and QMessageAuthenticationCode)",
"Comment": "The RFC actually contains the code, embedded in RFC-boilerplate; presumably we extracted it; treat as final",
"Comment": "The RFC actually contains the code, embedded in RFC-boilerplate; presumably we extracted it; treat as final, no relevant CPE or PURL found",
"Description": "Implements the Secure Hash Algorithms SHA 384 and SHA-521",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseFile": "LICENSE",

4
src/3rdparty/sha1/qt_attribution.json vendored
View File

@ -5,9 +5,11 @@
"QtUsage": "Used in Qt Core (QCryptographicHash).",
"Description": "Implements the Secure Hash Algorithms SHA 1",
"PURL": "pkg:generic/csha1?download_url=https://www.dominik-reichl.de/projects/csha1/",
"Homepage": "http://www.dominik-reichl.de/projects/csha1/",
"License": "Public Domain",
"LicenseId": "LicenseRef-SHA1-Public-Domain",
"Copyright": ["Copyright (C) Dominik Reichl <dominik.reichl@t-online.de>",
"Copyright (C) 2016 The Qt Company Ltd"]
"Copyright (C) 2016 The Qt Company Ltd"],
"Comment": "no relevant CPE found"
}

10
src/3rdparty/sha3/qt_attribution.json vendored
View File

@ -8,11 +8,13 @@
"Files": "brg_endian.h",
"Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.",
"Version": "https://github.com/BrianGladman/sha/ commit 4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228",
"Version": "4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228",
"PURL": "pkg:github/BrianGladman/sha@4b9e13ead2c5b5e41ca27c65de4dd69ae0bac228",
"License": "BSD 2-clause \"Simplified\" License",
"LicenseFile": "BRG_ENDIAN_LICENSE",
"LicenseId": "BSD-2-Clause",
"Copyright": "Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved."
"Copyright": "Copyright (c) 1998-2013, Brian Gladman, Worcester, UK. All rights reserved.",
"Comment": "no relevant CPE found"
},
{
"Id": "sha3_keccak",
@ -36,10 +38,12 @@
"Description": "SHA-3, originally known as Keccak, is a cryptographic hash function.",
"Version": "3.2",
"PURL": "pkg:generic/sha3_keccak@3.2?download_url=https://keccak.team/obsolete/KeccakReferenceAndOptimized-3.2.zip",
"License": "Creative Commons Zero v1.0 Universal",
"LicenseId": "CC0-1.0",
"LicenseFile": "CC0_LICENSE",
"Copyright": "Guido Bertoni, Joan Daemen, Michaël Peeters and Gilles Van Assche.\nTo the extent possible under law, the implementers have waived all copyright
and related or neighboring rights to the source code in this file."
and related or neighboring rights to the source code in this file.",
"Comment": "no relevant CPE found"
}
]

4
src/3rdparty/siphash/qt_attribution.json vendored
View File

@ -8,6 +8,7 @@
"Description": "Implements the SipHash algorithm.",
"Homepage": "https://131002.net/siphash/",
"DownloadLocation": "https://raw.githubusercontent.com/veorq/SipHash/adcbf09b1684a718f594faa650ffc56bacdb0777/siphash24.c",
"PURL": "pkg:github/veorq/SipHash@adcbf09b1684a718f594faa650ffc56bacdb0777",
"License": "Creative Commons Zero v1.0 Universal",
"LicenseId": "CC0-1.0",
@ -15,5 +16,6 @@
"Copyright (C) 2012-2014 Jean-Philippe Aumasson",
"Copyright (C) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to>",
"Copyright (C) 2016 Intel Corporation"
]
],
"Comment": "no relevant CPE found"
}

2
src/3rdparty/sqlite/qt_attribution.json vendored
View File

@ -8,6 +8,8 @@
"Description": "SQLite is a small C library that implements a self-contained, embeddable, zero-configuration SQL database engine.",
"Homepage": "https://www.sqlite.org/",
"Version": "3.47.0",
"PURL": "pkg:github/sqlite/sqlite@version-3.47.0",
"CPE": "cpe:2.3:a:sqlite:sqlite:3.47.0:*:*:*:*:*:*:*",
"DownloadLocation": "https://www.sqlite.org/2024/sqlite-amalgamation-3470000.zip",
"License": "SQLite Blessing",
"LicenseId": "blessing",

2
src/3rdparty/tinycbor/qt_attribution.json vendored
View File

@ -11,6 +11,8 @@
"LicenseId": "MIT",
"LicenseFile": "LICENSE",
"DownloadLocation": "https://github.com/intel/tinycbor/archive/v0.6.0/tinycbor-0.6.0.tar.gz",
"PURL": "pkg:github/intel/tinycbor@v0.6.0",
"CPE": "cpe:2.3:a:tinycbor:tinycbor:0.6.0:*:*:*:*:*:*:*",
"Version": "0.6.0",
"Copyright": "Copyright (C) 2015-2021 Intel Corporation"
}

4
src/3rdparty/wasm/qt_attribution.json vendored
View File

@ -9,11 +9,13 @@
"Homepage": "https://dejavu-fonts.github.io/",
"Version": "2.37",
"PURL": "pkg:generic/dejayvu@2.37?download_url=https://dejavu-fonts.github.io/",
"License": "Bitstream Vera Font License",
"LicenseId": "Bitstream-Vera",
"LicenseFile": "DEJAVU-LICENSE",
"Copyright": ["Copyright (c) 2003 by Bitstream, Inc",
"Copyright (c) 2006 by Tavmjong Bah",
"(c) American Mathematical Society"]
"(c) American Mathematical Society"],
"Comment": "no relevant CPE found"
}
]

2
src/3rdparty/wintab/qt_attribution.json vendored
View File

@ -6,7 +6,7 @@
"Files": ["pktdef.h", "wintab.h"],
"Description": "Wintab is a de facto API for pointing devices on Windows.",
"PackageComment": "Upstream http://www.pointing.com/Wintab.html no longer offers updates; treat as final",
"PackageComment": "Upstream http://www.pointing.com/Wintab.html no longer offers updates; treat as final, no relevant CPE and PURL found",
"License": "LCS-Telegraphics License",
"LicenseId": "LicenseRef-Lcs-Telegraphics",
"Copyright": "Copyright 1991-1998 by LCS/Telegraphics."

4
src/3rdparty/xcb/qt_attribution.json vendored
View File

@ -7,10 +7,12 @@
the system, pass -no-bundled-xcb-xinput.",
"Description": "XInput 2 extension for XCB (The X protocol C-language Binding) library.",
"Homepage": "https://xcb.freedesktop.org/",
"PURL": "pkg:generic/xcb-xinput?download_url=http://xcb.freedesktop.org/",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "LICENSE",
"Copyright": ["Copyright (C) 2001-2006 Bart Massey, Jamey Sharp, and Josh Triplett.",
"Copyright (C) 2006 Peter Hutterer",
"Copyright (C) 2013 Daniel Martin"]
"Copyright (C) 2013 Daniel Martin"],
"Comment": "no relevant CPE found"
}

2
src/3rdparty/zlib/qt_attribution.json vendored
View File

@ -9,6 +9,8 @@
"Homepage": "https://zlib.net/",
"Version": "1.3.1",
"DownloadLocation": "https://github.com/madler/zlib/releases/download/v1.3.1/zlib-1.3.1.tar.gz",
"PURL": "pkg:github/madler/zlib@v1.3.1",
"CPE": "cpe:2.3:a:zlib:zlib:1.3.1:*:*:*:*:*:*:*",
"License": "zlib License",
"LicenseId": "Zlib",

2
src/corelib/kernel/qt_attribution.json
View File

@ -5,7 +5,7 @@
"QtUsage": "Used in Qt Core on macOS.",
"Files": "qeventdispatcher_cf_p.h",
"Comment": "Treat as final version; no upstream known",
"Comment": "Treat as final version; no upstream known, no relevant CPE and PURL found",
"Description": "Implementation of QAbstractEventDispatcher for macOS.",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseId": "BSD-3-Clause",

2
src/corelib/mimetypes/3rdparty/qt_attribution.json vendored
View File

@ -19,6 +19,8 @@
"Version": "5101bc7fb090ed7deffe56837d7633c9485a1e5d",
"DownloadLocation":
"https://github.com/apache/tika/blob/5101bc7fb090ed7deffe56837d7633c9485a1e5d/tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml",
"PURL": "pkg:github/apache/tika@5101bc7fb090ed7deffe56837d7633c9485a1e5d#tika-core/src/main/resources/org/apache/tika/mime/tika-mimetypes.xml",
"CPE": "cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:*",
"License": "Apache License 2.0",
"LicenseId": "Apache-2.0",
"Copyright": "Copyright 2024 The Apache Software Foundation"

10
src/corelib/text/qt_attribution.json
View File

@ -4,7 +4,10 @@
"Name": "Unicode Character Database (UCD)",
"QDocModule": "qtcore",
"QtUsage": "Qt Core uses data obtained from UCD files for working with characters and strings.",
"Comment": { "Files": "For update, see qtbase/util/unicode/README" },
"Comment": {
"Files": "For update, see qtbase/util/unicode/README",
"General": "no relevant CPE and PURL found"
},
"Files": [ "qunicodetables_p.h", "qunicodetables.cpp" ],
"Description": "The Unicode Character Database (UCD) is a set of files that
@ -27,7 +30,10 @@
"Name": "Unicode Common Locale Data Repository (CLDR)",
"QDocModule": "qtcore",
"QtUsage": "Used in Qt Core (QTimeZone, QLocale).",
"Comment": { "Files": "For update, see qtbase/util/locale_database/cldr2qlocalexml.py" },
"Comment": {
"Files": "For update, see qtbase/util/locale_database/cldr2qlocalexml.py",
"General": "no relevant CPE and PURL found"
},
"Files": [ "qlocale_data_p.h",
"../time/qtimezoneprivate_data_p.h", "../time/qhijricalendar_data_p.h",
"../time/qjalalicalendar_data_p.h", "../time/qromancalendar_data_p.h",

4
src/dbus/qt_attribution.json
View File

@ -8,11 +8,13 @@
"Homepage": "https://www.freedesktop.org/wiki/Software/dbus/",
"Version": "Minimal supported is 1.2, compatible up to ...",
"Version": "dbus-1.13.12",
"PURL": "pkg:github/d-bus/dbus@dbus-1.13.12",
"LicenseId": "AFL-2.1 OR GPL-2.0-or-later",
"License": "Academic Free License v2.1, or GNU General Public License v2.0 or later",
"LicenseFile": "LIBDBUS-1-LICENSE.txt",
"Comment": "Fragments from various upstream files, see comments in ...",
"Files": "dbus_minimal_p.h",
"Copyright": ["Copyright (C) 2002, 2003 CodeFactory AB",
"Copyright (C) 2004, 2005 Red Hat, Inc."]
"Copyright (C) 2004, 2005 Red Hat, Inc."],
"Comment": "no relevant CPE found"
}

8
src/gui/opengl/qt_attribution.json
View File

@ -9,10 +9,12 @@
"Homepage": "https://www.khronos.org/",
"Version": "Revision 27684",
"PURL": "pkg:generic/khronos-opengl-headers?download_url=https://www.khronos.org/?revision=27684",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "KHRONOS_LICENSE.txt",
"Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc."
"Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc.",
"Comment": "no relevant CPE found"
},
{
"Id": "opengl-es2-headers",
@ -24,9 +26,11 @@
"Homepage": "https://www.khronos.org/",
"Version": "Revision 27673",
"PURL": "pkg:generic/khronos-opengl-es2-headers?download_url=https://www.khronos.org/?revision=27673",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "KHRONOS_LICENSE.txt",
"Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc."
"Copyright": "Copyright (c) 2013-2014 The Khronos Group Inc.",
"Comment": "no relevant CPE found"
}
]

11
src/gui/painting/qt_attribution.json
View File

@ -8,10 +8,12 @@
"Description": "FreeType is a freely available software library to render fonts.",
"Homepage": "http://www.freetype.org",
"PURL": "pkg:generic/freetype-grayraster?download_url=https://www.freetype.org/",
"License": "Freetype Project License or GNU General Public License v2.0 only",
"LicenseId": "FTL OR GPL-2.0-only",
"LicenseFile": "../../3rdparty/freetype/LICENSE.txt",
"Copyright": "Copyright 2000-2016 by David Turner, Robert Wilhelm, and Werner Lemberg."
"Copyright": "Copyright 2000-2016 by David Turner, Robert Wilhelm, and Werner Lemberg.",
"Comment": "no relevant CPE found"
},
{
"Id": "smooth-scaling-algorithm",
@ -26,7 +28,8 @@
"LicenseFile": "QIMAGETRANSFORM_LICENSE.txt",
"Copyright": ["Copyright (C) 2004, 2005 Daniel M. Duley.",
"(C) Carsten Haitzler and various contributors.",
"(C) Willem Monsuwe <willem@stack.nl>"]
"(C) Willem Monsuwe <willem@stack.nl>"],
"Comment": "no relevant CPE or PURL found"
},
{
"Id": "xserverhelper",
@ -37,10 +40,12 @@
"Description": "Code from X11's region.h, Region.c, poly.h, and PolyReg.c",
"Homepage": "https://www.x.org/",
"PURL": "pkg:generic/xserverhelper?download_url=https://www.x.org/",
"License": "X11 License and Historical Permission Notice and Disclaimer",
"LicenseId": "X11 AND HPND",
"LicenseFile": "XCONSORTIUM_LICENSE.txt",
"Copyright": ["Copyright (c) 1987, 1988 X Consortium",
"Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts."]
"Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts."],
"Comment": "no relevant CPE found"
}
]

4
src/gui/rhi/qt_attribution.json
View File

@ -9,9 +9,11 @@
"Homepage": "https://github.com/microsoft/DirectX-Graphics-Samples",
"Version": "0aa79bad78992da0b6a8279ddb9002c1753cb849",
"PURL": "pkg:github/microsoft/DirectX-Graphics-Samples@0aa79bad78992da0b6a8279ddb9002c1753cb849",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "MiniEngine_LICENSE.txt",
"Copyright": "Copyright (c) 2015 Microsoft"
"Copyright": "Copyright (c) 2015 Microsoft",
"Comment": "no relevant CPE found"
}
]

4
src/gui/text/qt_attribution.json
View File

@ -9,9 +9,11 @@
"Homepage": "https://github.com/adobe-type-tools/agl-aglfn",
"Version": "1.7",
"PURL": "pkg:github/adobe-type-tools/agl-aglfn@1.7",
"License": "BSD 3-Clause \"New\" or \"Revised\" License",
"LicenseId": "BSD-3-Clause",
"LicenseFile": "AGLFN_LICENSE.txt",
"Copyright": "Copyright 2002, 2003, 2005, 2006, 2008, 2010, 2015 Adobe Systems"
"Copyright": "Copyright 2002, 2003, 2005, 2006, 2008, 2010, 2015 Adobe Systems",
"Comment": "no relevant CPE found"
}
]

2
src/gui/vulkan/qt_attribution.json
View File

@ -8,6 +8,8 @@
"Files": "vk.xml",
"Homepage": "https://www.khronos.org/",
"PURL": "pkg:github/KhronosGroup/Vulkan-Docs@v1.3.223?download_url=https://github.com/KhronosGroup/Vulkan-Docs/blob/v1.3.223/xml/vk.xml",
"CPE": "cpe:2.3:a:khronos:vulkan:1.3.223:*:*:*:*:*:*:*",
"Version": "1.3.223",
"License": "Apache License 2.0 or MIT License",
"LicenseId": "Apache-2.0 OR MIT",

3
src/plugins/platforms/cocoa/qt_attribution.json
View File

@ -9,5 +9,6 @@
"LicenseId": "BSD-3-Clause",
"License": "BSD 3-clause \"New\" or \"Revised\" License",
"LicenseFile": "COCOA_LICENSE.txt",
"Copyright": "Copyright (c) 2007-2008, Apple, Inc."
"Copyright": "Copyright (c) 2007-2008, Apple, Inc.",
"Comment": "no relevant CPE or PURL found"
}

8
src/testlib/3rdparty/catch2/qt_attribution.json vendored
View File

@ -4,13 +4,17 @@
"Name": "Catch2",
"QDocModule": "qttestlib",
"QtUsage": "Used for testing of the Qt Test module.",
"Comment": { "UpstreamFile": "single_include/catch2/catch.hpp",
"Generator": "scripts/generateSingleHeader.py" },
"Comment": {
"UpstreamFile": "single_include/catch2/catch.hpp",
"Generator": "scripts/generateSingleHeader.py",
"General": "no relevant CPE found"
},
"Files": "catch_p.h",
"Description": "Catch2 is a multi-paradigm test framework for C++.",
"Homepage": "https://github.com/catchorg/Catch2",
"Version": "2.13.10",
"PURL": "pkg:github/catchorg/Catch2@v2.13.10",
"License": "Boost Software License 1.0",
"LicenseId": "BSL-1.0",
"LicenseFile": "LICENSE.txt",

4
src/testlib/3rdparty/cycle/qt_attribution.json vendored
View File

@ -12,13 +12,15 @@
"01-rename-ticks.patch",
"02-preprocesor-checks.patch",
"03-parisc-compile.patch"
]
],
"General": "no relevant CPE found"
},
"Files": "cycle_p.h",
"Description": "Allows to access the CPU's cycle counters.",
"Homepage": "http://fftw.org/",
"Version": "3.3.10",
"PURL": "pkg:github/FFTW/fftw3@fftw-3.3.10",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "LICENSE.txt",

4
src/testlib/3rdparty/linux/qt_attribution.json vendored
View File

@ -11,13 +11,15 @@
"Not normally needed unless",
"New feature in QtTest needs something in a newer version",
"or if a Linux port to some new architecture omits old API"
]
],
"General": "no relevant CPE found"
},
"Files": "perf_event_p.h",
"Description": "Allows access to the Linux kernel's performance events.",
"Homepage": "https://www.kernel.org",
"Version": "6.0",
"PURL": "pkg:github/torvalds/linux@v6.0#include/uapi/linux/perf_event.h",
"License": "GNU General Public License v2.0 only with Linux Syscall Note",
"LicenseId": "GPL-2.0-only WITH Linux-syscall-note",
"LicenseFile": "LICENSE.txt",

4
src/testlib/3rdparty/valgrind/qt_attribution.json vendored
View File

@ -5,12 +5,14 @@
"QDocModule": "qttestlib",
"QtUsage": "Used on Linux ond MacOS in the Qt Test module.",
"Comment": { "UpstreamFiles": [ "include/valgrind.h.in", "callgrind/callgrind.h" ],
"License": "These two files are BSD; the rest of valgrind is GPL" },
"License": "These two files are BSD; the rest of valgrind is GPL",
"General": "no relevant CPE found" },
"Files": [ "valgrind_p.h", "callgrind_p.h" ],
"Description": "An instrumentation framework for building dynamic analysis tools.",
"Homepage": "http://valgrind.org/",
"Version": "3.23.0",
"PURL": "pkg:generic/valgrind@3.23.0?download_url=https://valgrind.org/",
"License": "BSD 4-clause \"Original\" or \"Old\" License",
"LicenseId": "BSD-4-Clause",
"LicenseFile": "LICENSE.txt",

1
util/gradientgen/qt_attribution.json
View File

@ -8,6 +8,7 @@
"Description": "WebGradients is a free collection of 180 linear gradients.",
"Homepage": "https://webgradients.com/",
"PURL": "pkg:generic/webgradients?download_url=https://webgradients.com/",
"License": "MIT License",
"LicenseId": "MIT",
"LicenseFile": "WEBGRADIENTS_LICENSE.txt",