-
-
Notifications
You must be signed in to change notification settings - Fork 15
TODO
brian d foy edited this page Sep 1, 2022
·
30 revisions
This is a document listing items to research.
The following distributions have Windows/DOS .dll and .exe files:
git ls-files | grep '.\(dll\|exe\)$' | sed 's|distros/./\([^/]\+\)/.\+|\1|' | sort | uniq > /tmp/dll-distrosAcme-MITHALDU-BleedingOpenGL
Album
Alien-Base-ModuleBuild
Alien-BatToExeConverter
Alien-Build
Alien-MeCab
Alien-Win32-LZMA
Alien-wxWidgets
Apache2-AutoIndex-XSLT
App-dumpbin
App-SweeperBot
App-whichdll
CAD-ProEngineer
Cisco-IPPhone
Clang-CastXML
Config-LotusNotes
Crypt-MatrixSSL
Data-ParseBinary
Device-LabJack
Device-ParallelPort-drv-win32
Device-Velleman-K8055
dmake
eicndhcpd_v111_src
ExtUtils-Depends
FFI-CheckLib
File-Which
HoneyClient-Agent
HoneyClient-DB
HoneyClient-Manager
HoneyClient-Util
Image-ExifTool
lanman
LEOCHARRE-Dev
Lingua-EN-SENNA
Mecom
Net-FullAuto
Notes
OpenGL
OpenGL-GLUT
PeopleSoft
Perl-Dist-Strawberry
Perl-Dist-WiX
perl_mlb
Portable
Portable-Dist
Prima-prigraph-win32
Run-Parts
SOM
Sys-GNU-ldconfig
Tie-LevelDB
tinyperl
Win32-API
Win32-Excel-Refresh
Win32-Exe
Win32-FTDI-FTD2XX
Win32-GUI
Win32-GUI-Scintilla
Win32-GuiTest
Win32-IEAutomation
Win32-PEFile
Win32-PerfMon
Win32-PerlExe-Env
Win32-Resources
Win32-ServiceManager
Win32-SqlServer
Win32-TSA-Notify
Win32-Vcpkg
Win32-Watir
XS-libdwarf
This distribution also includes embedded binaries, see https://metacpan.org/release/MDOOTSON/Wx-PdfDocument-0.21/source/MANIFEST
mswlibs/builtin/x64/libwxexpat.a
mswlibs/builtin/x64/libwxjpeg.a
mswlibs/builtin/x64/libwxpng.a
mswlibs/builtin/x64/libwxregex.a
mswlibs/builtin/x64/libwxregexu.a
mswlibs/builtin/x64/libwxtiff.a
mswlibs/builtin/x64/libwxzlib.a
mswlibs/builtin/x64/wxexpat.lib
mswlibs/builtin/x64/wxjpeg.lib
mswlibs/builtin/x64/wxpng.lib
mswlibs/builtin/x64/wxregex.lib
mswlibs/builtin/x64/wxregexu.lib
mswlibs/builtin/x64/wxtiff.lib
mswlibs/builtin/x64/wxzlib.lib
mswlibs/builtin/x86/libwxexpat.a
mswlibs/builtin/x86/libwxjpeg.a
mswlibs/builtin/x86/libwxpng.a
mswlibs/builtin/x86/libwxregex.a
mswlibs/builtin/x86/libwxregexu.a
mswlibs/builtin/x86/libwxtiff.a
mswlibs/builtin/x86/libwxzlib.a
mswlibs/builtin/x86/wxexpat.lib
mswlibs/builtin/x86/wxjpeg.lib
mswlibs/builtin/x86/wxpng.lib
mswlibs/builtin/x86/wxregex.lib
mswlibs/builtin/x86/wxregexu.lib
mswlibs/builtin/x86/wxtiff.lib
mswlibs/builtin/x86/wxzlib.lib
See #60.
- uplug-main seems to have .jar files included.
git ls-files | grep '.\(jar\|class\)$' | sed 's|distros/./\([^/]\+\)/.\+|\1|' | sort | uniq > /tmp/java-distrosThe following list of distributions with Java .jar or .class files:
Acme-CPANModulesBundle-Import-MojoliciousAdvent-2017
Alien-Ditaa
Alien-InteractiveBrokers
Alien-Jerl
Alien-Saxon
Alien-SeleniumRC
Apache2-WebApp-Toolkit
App-Basis-ConvertText2
Archive-Extract
Archive-Probe
arXiv
Bio_AssemblyImprovement
Couchbase
Couchbase-Client
DateTime-TimeZone-HPUX
Date-Tolkien-Shire-Data
Db-DFC
DBD-JDBC
Dist-Zilla-Plugin-Web
dotReader
EBook-EPUB-Check
FreeWRL
hyperic-sigar
IBM-LoadLeveler
Image-WebP
Inline-Java
Java
Java-2Perl6API
Java-Build
Java-JVM-Classfile
Java-SJ
JDBC
Jemplate
jp_beta
Lingua-StanfordCoreNLP
Maplat
Music-NeoRiemannianTonnetz
Net-RabbitMQ-Java
NLP-Service
osgish
Package-Tent
PerlPoint-Converters
TBX-Checker
Text-ClearSilver
Text-PDF2XML
UML-Sequence
uplug-main
Wasm-Wasm3
WWW-HtmlUnit
XML-Filter-Essex
XML-Jing
XML-Schema
There are many modules that include jQuery and other JavaScript libraries as part of the distribution.
The following list of distributions have JavaScript, generated from
git ls-files | grep '.js$' | sed 's|distros/./\([^/]\+\)/.\+|\1|' | sort | uniq- ack
- Ado
- Algorithm-CouponCode
- Alice
- Alien-CodePress
- Alien-Electron
- Alien-GvaScript
- Alien-Prototype
- Alien-Prototype-Carousel
- Alien-SwaggerUI
- Alien-uv
- Alien-Web
- Alien-Web-ExtJS-V3
- Alien-Web-HalBrowser
- Alien-XGBoost
- Amon2
- AnnoCPAN
- AnyEvent-HTTPD-ExtDirect
- Apache2-Autocomplete
- Apache2-Filter-Minifier-JavaScript
- Apache2-Response-FileMerge
- Apache2-Translation
- Apache2-UploadProgress
- Apache2-WebApp-Extra-Admin
- Apache-ExtDirect
- Apache-HTTunnel
- Apache-JAF
- Apache-MP3
- Apache-MP3-Skin
- Apache-SdnFw
- Apache-Voodoo
- App-Alice
- App-Beeminder-Hook
- App-CamelPKI
- App-Chronicle
- App-CSE
- App-Dochazka-WWW
- App-DuckPAN
- App-Duppy
- App-EventStreamr
- App-Gre
- App-I18N
- App-jupiter
- App-Licensecheck
- App-MFILE-WWW
- App-Mimosa
- App-MojoSlides
- App-MusicExpo
- App-Mxpress-PDF
- App-Netdisco
- App-NetdiscoX-Web-Plugin-GraphLink
- App-NetdiscoX-Web-Plugin-GraphLinkSwitch
- App-NetdiscoX-Web-Plugin-JackLink
- App-NetdiscoX-Web-Plugin-JackReport
- App-NetdiscoX-Web-Plugin-Observium
- App-Nostray
- App-Office-CMS
- App-Office-Contacts-Donations
- App-Office-Contacts-Import-vCards
- App-perl2js
- App-remarkpl
- App-revealup
- App-RPi-EnvUI
- App-sitelenmute
- App-SocialCalc-Multiplayer
- App-Standby
- App-TemplateCMD
- App-Templer
- App-unbelievable
- App-XUL
- AproJo
- AquariumHive
- Articulate
- ASNMTAP
- AtteanX-Endpoint
- Audit-DBI-TT2
- Authen-U2F
- Auth-GoogleAuthenticator
- AxKit2
- B-C
- Beagle
- Beekeeper
- Benchmark-Perl-Formance-Cargo
- Biblio-RFID
- Bib-Tools
- Bigtop
- Bio-Chado-Schema
- Bio-Palantir
- Bio-Roary
- Bot-BasicBot-Pluggable-Module-Notes
- Bracket
- Buscador
- Business-AU-Ledger
- Business-Cart-Generic
- Business-DK-Postalcode
- Business-eWAY-RapidAPI
- BusyBird
- Calendar-Model
- CallBackery
- Captive-Portal
- Catalyst-ActionRole-Public
- Catalyst-Controller-AutoAssets
- Catalyst-Controller-Combine
- Catalyst-Controller-POD
- Catalyst-Plugin-Authentication-Credential-CHAP
- Catalyst-Plugin-AutoCRUD
- Catalyst-Plugin-UploadProgress
- Catalyst-View-Component-jQuery
- Catalyst-View-JavaScript-Minifier-XS
- CatalystX-CMS
- CatalystX-CRUD-YUI
- CatalystX-Example-YUIUploader
- CatalystX-ExtJS
- CatalystX-ExtJS-REST
- CatalystX-Features
- CGI-Application-Demo-Ajax
- CGI-Application-Plugin-AJAXUpload
- CGI-Application-Plugin-Authentication
- CGI-Application-Server
- CGI-Application-Util-Diff
- CGI-Browse
- CGI-Ex
- CGI-ExtDirect
- CGI-Inspect
- CGI-JSONRPC
- CGI-OptimalQuery
- CGI-WebToolkit
- Chart
- Chart-OFC2
- Chart-Plotly
- Chat-iFly
- Cindy
- Cindy-Apache2
- ClearPress
- Clio
- Cmd-Dwarf
- Code-TidyAll
- Cog
- Continuity
- Convos
- CPAN-Testers-WWW-Admin
- CPAN-Testers-WWW-Blog
- CPAN-Testers-WWW-Development
- CPAN-Testers-WWW-Preferences
- CPAN-Testers-WWW-Reports
- CPAN-Testers-WWW-Statistics
- CPAN-Testers-WWW-Wiki
- Crypt-Tea_JS
- C-sparse
- CSS-Compressor
- Dancer2
- Dancer2-Plugin-ProgressStatus
- Dancer-Layout-Bootstrap
- Dancer-Plugin-Assets
- Dancer-Plugin-DebugToolbar
- Dancer-Plugin-Test-Jasmine
- Dancer-SearchApp
- Dancer-Template-Mason
- Dancer-Template-TemplateDeclare
- Dash
- Data-Context
- Data-Context-BEM
- Data-JSONSchema-Ajv
- Data-Passphrase
- Data-Transform-ExplicitMetadata
- DBD-Teradata
- Debian-Apt-PM
- Devel-ebug-HTTP
- Devel-hdb
- Devel-NYTProf
- Devel-QuickCover
- Devel-SizeMe
- Device-Firmata
- Device-WebIO-Dancer
- Dezi-Admin
- DiaColloDB-WWW
- disbatch
- Dist-Zilla-Plugin-JavaScript-Minifier
- Dist-Zilla-Plugin-JSAN
- Dist-Zilla-Plugin-RunByBranch
- Dist-Zilla-Plugin-Web
- dthumb
- Dwimmer
- EdgeExpressDB
- EJS-Template
- Embperl
- Encode-Arabic
- EntityModel
- ePortal
- ETLp
- Expense-Tracker
- Farabi
- File-Next
- File-Next-OO
- Flower
- Foorum
- FormValidator-Simple-Plugin-V8
- FreeWRL
- Froody
- Galileo
- Game-Collisions
- Games-Perlwar
- Gantry
- GBrowse
- Geo-Google-PolylineEncoder
- Geo-Hex-V3-XS
- Geo-Postcodes
- gestalt
- Gitalist
- GPS-Tracer
- GrabzItClient
- Groonga-HTTP
- GrowthForecast
- GuacLite
- GunMojo
- HON-I18N-Converter
- Hopkins-Plugin-HMI
- HTML5-Manifest
- HTML-DeferableCSS
- HTML-Encapsulate
- HTML-FormHandlerX-Form-JQueryValidator
- HTML-GUI
- HTML-Highlighter
- HTML-JQuery
- HTML-Latemp-GenMakeHelpers
- HTML-Menu-TreeView
- HTML-Merge
- HTML-Parser-Simple
- HTML-Tag
- HTML-Tested-JavaScript
- HTTP-CDN
- HTTP-Daemon-Threaded
- HTTP-Proxy-GreaseMonkey
- HTTP-Session2
- ICC-Profile
- Image-Animated-JPEG
- Image-CCV
- Jacode4e
- Jacode4e-RoundTrip
- Jamila
- JavaScript
- JavaScript-Dependency-Manager
- JavaScript-Duktape
- JavaScript-Ectype
- JavaScript-Ectype-Handler-Apache2
- JavaScript-Embedded
- JavaScript-ExtJS-V3
- JavaScript-Minifier
- JavaScript-Packer
- JavaScript-Prepare
- JavaScript-QuickJS
- Javascript-Select-Chain
- JavaScript-Shell
- JavaScript-Sprockets
- JavaScript-V8-CommonJS
- JavaScript-V8-Handlebars
- JBD
- Jedi-Plugin-Template
- Jemplate
- Jifty
- Jifty-Plugin-Chart
- Jifty-Plugin-GoogleMap
- Jifty-Plugin-Media
- Jifty-Plugin-SimpleColor
- Jifty-Plugin-WikiToolbar
- Jifty-Plugin-WyzzEditor
- JQuery
- jQuery-DataTables
- JS
- JSAN-Librarian
- JSAN-Parse-FileDeps
- js-app
- JS-Chicken
- JS-Data-Page
- jsFind
- JS-jQuery
- JS-JSLint
- JS-JSON
- JSON-Schema-AsType
- JSON-SchemaValidator
- JSON-TinyValidatorV4
- JSORB
- JSPL
- JS-SourceMap
- JSTAPd
- JS-Test-Base
- JS-Test-Simple
- junoscript-perl
- KiokuDB-Navigator
- Kossy
- Labyrinth-Demo
- Labyrinth-Plugin-Album
- Labyrinth-Plugin-Articles-Diary
- Labyrinth-Plugin-Articles-Newsletters
- Labyrinth-Plugin-Release
- Labyrinth-Plugin-Survey
- LaTeXML
- LaTeXML-Plugin-LtxMojo
- Lemonldap-NG-Manager
- Lemonldap-NG-Portal
- libapreq2
- Lingua-DetectCyrillic
- Lingua-Ogmios
- Linux-DVB-DVBT-Apps-QuartzPVR
- LLEval
- Locales
- Locale-Simple
- Locale-TextDomain-OO
- Locale-TextDomain-OO-Extract
- Locale-TextDomain-OO-Util
- Locale-Utils-PlaceholderBabelFish
- Locale-Utils-PlaceholderNamed
- Mail-Toaster
- makepp
- Maplat
- Math-RungeKutta
- McBain-WithWebSocket
- meon-Web
- Mercury
- MIME-Lite-HTML
- Minion
- MiniPAN
- Module-Build-JSAN-Installable
- Module-Install-HTML5Manifest
- Module-JSAN
- Mojito
- Mojo-Leds
- Mojolicious
- Mojolicious-Command-Author-generate-automake_app
- Mojolicious-Command-generate-qx_mojo_app
- Mojolicious-Plugin-Angular-MaterialDesign
- Mojolicious-Plugin-AssetPack
- Mojolicious-Plugin-AssetPack-Backcompat
- Mojolicious-Plugin-AssetPack-Che
- Mojolicious-Plugin-Bundle
- Mojolicious-Plugin-ContextResources
- Mojolicious-Plugin-CSPHeader
- Mojolicious-Plugin-DbicSchemaViewer
- Mojolicious-Plugin-DBViewer
- Mojolicious-Plugin-DevexpressHelpers
- Mojolicious-Plugin-GzipStatic
- Mojolicious-Plugin-Humane
- Mojolicious-Plugin-JSLoader
- Mojolicious-Plugin-Leafletjs
- Mojolicious-Plugin-Loco
- Mojolicious-Plugin-Materialize
- Mojolicious-Plugin-Multiplex
- Mojolicious-Plugin-MySQLViewerLite
- Mojolicious-Plugin-Notifications
- Mojolicious-Plugin-Prove
- Mojolicious-Plugin-Qaptcha
- Mojolicious-Plugin-RevealJS
- Mojolicious-Plugin-SemanticUI
- Mojolicious-Plugin-SimpleSlides
- Mojolicious-Plugin-SQLiteViewerLite
- Mojolicious-Plugin-StaticCompressor
- Mojolicious-Plugin-StaticShare
- Mojolicious-Plugin-Status
- Mojolicious-Plugin-SwaggerUI
- Mojolicious-Plugin-Tables
- Mojolicious-Plugin-TagHelpers-NoCaching
- Mojolicious-Plugin-Toto
- Mojolicious-Plugin-Webpack
- MojoMojo
- MojoX-ValidateHeadLinks
- Monitoring-Reporter
- Monitoring-Spooler
- MooseX-amine
- Mozilla-Persona
- Muldis-D-Manual
- MVC-Neaf
- MySQL-Admin
- Nephia-Plugin-ResponseHandler
- Nephia-Plugin-SocketIO
- Nephia-Setup-Plugin-Assets-JQuery
- Nes
- Net-FullAuto
- Net-Google-Code
- Net-Statsd-Server
- Net-Whois-Raw
- Nginx-Redis
- OAuthomatic
- OCBNET-WebSprite
- OpenGuides
- OpenThought
- OpusVL-AppKit
- Padre
- Padre-Plugin-Plack
- Parley
- Pcore
- Pcore-Chrome
- PDF-Reuse-Tutorial
- perfSONAR_PS-Services-PingER
- Perl6-Pugs
- Perlbal-Plugin-Expires
- perlbench
- PerlBench
- Perldoc-Server
- PerlMonksFlairApp
- Photography-Website
- Plack
- Plack-App-MCCS
- Plack-App-Proxy-Selective
- Plack-App-SeeAlso
- Plack-Debugger
- Plack-Middleware-Assets
- Plack-Middleware-Assets-RailsLike
- Plack-Middleware-AutoRefresh
- Plack-Middleware-ComboLoader
- Plack-Middleware-Debug
- Plack-Middleware-ExtDirect
- Plack-Middleware-InteractiveDebugger
- Plack-Middleware-JavaScript-Ectype
- Plack-Middleware-Pjax
- Plack-Middleware-Scrutiny
- Plack-Middleware-Static-Combine
- Plack-Middleware-Static-Minifier
- Plack-Middleware-StaticShared
- Plagger
- PMLTQ
- PocketIO
- Pod-Autopod
- Pod-Classdoc
- Pod-S5
- Pod-Site
- POE-Component-Server-Bayeux
- POE-XUL
- Progressive-Web-Application
- Prophet
- Pugs-Compiler-Rule
- Puzzle
- QBit-WebInterface
- Qgoda
- Rails-Assets
- Rapi-Blog
- RapidApp
- Rapi-Demo-CrudModes
- Rapi-Fs
- RDF-Endpoint
- RDF-Query
- RDF-Service
- Report_HTML_DB
- Resource-Pack
- Resource-Pack-jQuery
- Resource-Pack-JSON
- Rest-HtmlVis
- Rex-JobControl
- Rex-WebUI
- RocksDB
- RRD-CGI-Image
- RT-Authen-Token
- RT-BugTracker-Public
- RT-Extension-AjaxPreviewScrips
- RT-Extension-Announce
- RT-Extension-AutomaticAssignment
- RT-Extension-ConditionalCustomFields
- RT-Extension-DisableOtherTransaction
- RT-Extension-ExampleTheme
- RT-Extension-FormTools
- RT-Extension-JSGantt
- RT-Extension-LifecycleUI
- RT-Extension-ManageAutoCreatedUsers
- RT-Extension-Memo
- RT-Extension-QuoteSelection
- RT-Extension-ReferenceIDoitObjects
- RT-Extension-RightsInspector
- RT-Extension-SkipQuotes
- RT-Extension-Tags
- RT-Extension-TimeTracking
- RT-Extension-ToggleTheme
- RT-Extension-TravisCI
- RT-TicketWhiteboard
- RTx-DDMU
- RTx-EmailCompletion
- RTx-FillTicketData
- RTx-Foundry
- RTx-MD5Auth
- RTx-Timeline
- Scripting
- SeeAlso-Server
- Serengeti
- Serge
- Sidef
- Silki
- Slovo
- Smolder
- SockJS
- Solstice
- Squatting
- SReview
- Stardust
- Strehler
- Strehler-RSS
- String-Comments-Extract
- Swagger2
- Syntax-Highlight-Engine-Kate
- Syntax-Highlight-Perl6
- Syntax-Kamelon
- TAP-Formatter-HTML
- Tapir
- Tapper-Reports-Web
- TaskForest
- Tatsumaki
- Template-Plugin-File-StaticURL
- Template-Plugin-ForumCode
- Test2-Harness-UI
- Test-Daily
- Test-File-Content
- Test-Health
- Test-Mocha-PhantomJS
- Test-WWW-Jasmine
- Text-Md2Inao
- Text-PO
- Text-SmartLinks
- Text-Table-HTML-DataTables
- Tinker
- Tree-PseudoIncLib
- Treex-View
- TT2-Play-Area
- TVGuide-NL
- Twiggy
- UAV-Pilot
- UAV-Pilot-ARDrone
- Ukigumo-Agent
- Ukigumo-Server
- UR
- v6
- Valence
- Vote
- W3C-LinkChecker
- Wasm-Wasm3
- Wcpancover
- Web-AssetLib
- Web-Hippie
- Web-Hippie-PubSub
- Web-Library-BackboneJS
- Web-Library-Bootstrap
- Web-Library-D3
- Web-Library-DataTables
- Web-Library-jQuery
- Web-Library-jQueryUI
- Web-Library-UnderscoreJS
- Web-Scaffold
- WebService-Google-Closure
- WebSocket
- Wight
- Wight-Chart
- Win32-SqlServer-DTS
- WWW-Crawler-Mojo
- WWW-IRail-API
- WWW-Mechanize-PhantomJS
- WWW-ORCID
- WWW-REST-Apid
- WWW-Selenium-Utils
- WWW-UsePerl-Server
- WWW-Wikipedia-TemplateFiller
- WWW-WTF
- X10-Home
- XAS-Service
- Xmldoom
- XS-libuv
- XTaTIK
- XUL-App
- XUL-Node
- Yancy
- YATT-Lite
- Yeb
- Yeb-Plugin-Xslate
- Yote-Server
- Yukki
- Zabbix-Reporter
- Zonemaster-GUI
- Zucchini
Investigate HTTP::Parser::XS and Gazelle using picohttpparser #95
PDF-IO-Matlab uses matio 1.5.0 which has at least one vulnerability, see https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=matio (was #47)
I've researched some of the version history for Git-Raw's use of libgit2, see
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libgit2 https://metacpan.org/dist/Git-Raw/changes But we need to correlate git commit ids in libgit2 with versions. I've assumed the changes related to the nearest tag but these may not be correct.
Also note that there are additional deps included https://metacpan.org/release/JACQUESG/Git-Raw-0.88/source/deps/libgit2/deps
This includes one issue for zlib http-parser https://github.com/nodejs/http-parser/ ntlm-client TBD pcre TBD winhtt[ TBD I've created a ticket https://github.com/jacquesg/p5-Git-Raw/issues/223
These deps are part of libgit2. I've sent a separate email to that project regarding zlib.
- MarpaX-ELSIF includes pcre2, among other libraries. Do any others?
- libgit2 has pcre as an internal dependency
- Perl6-Pugs
- re-engine-RE2 may have pcre
Config-UCL has libucl-0.8.1, but it appears that libucl is updated more recently but the ChangeLog file is not,
which means that it might be a newer version. (The configure.ac in the git repo calls the version "0.8.2".)
libucl also has some fixed security issues that are not CVEs:
- https://github.com/ChijinZ/security_advisories/tree/master/libucl-230f197
- https://github.com/vstakhov/libucl/pull/260
But it does not look like the embedded version of libucl contains the most recent security fix.
I have created a ticket for Config-URL https://rt.cpan.org/Ticket/Display.html?id=143727
Some modules amay include a version of lua.
Socket-Class includes openssl. Do any others?
We should look over Changes and any open issues for cryptography-related modules, including modules in the Digest or Crypt namespaces.
Also see
- File-KeePass
- File-KDBX
- Net-SSH-Perl
- Net-SSLeay