From bec8de281c8b0384380e35bb61ba0fe6ac0e12fd Mon Sep 17 00:00:00 2001 From: rhythmrx9 Date: Sat, 29 Jan 2022 13:47:19 +0530 Subject: [PATCH 1/6] added libebml checker --- cve_bin_tool/checkers/libebml.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 cve_bin_tool/checkers/libebml.py diff --git a/cve_bin_tool/checkers/libebml.py b/cve_bin_tool/checkers/libebml.py new file mode 100644 index 0000000000..04a854eff8 --- /dev/null +++ b/cve_bin_tool/checkers/libebml.py @@ -0,0 +1,21 @@ +# Copyright (C) 2022 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +""" +CVE checker for libebml + +https://www.cvedetails.com/product/33126/Matroska-Libebml.html?vendor_id=7864 + +""" + +from cve_bin_tool.checkers import Checker + + +class LibebmlChecker(Checker): + CONTAINS_PATTERNS = [] + FILENAME_PATTERNS = [r"libebml.so"] + VERSION_PATTERNS = [ + r"libebml-([0-9]+\.[0-9]+\.[0-9]+)", + r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown", + ] + VENDOR_PRODUCT = [("matroska", "libebml")] From 06fdef6f5d03c0a44d827236d6b1928a97ebf15e Mon Sep 17 00:00:00 2001 From: rhythmrx9 Date: Sat, 29 Jan 2022 14:40:04 +0530 Subject: [PATCH 2/6] added tests for libebml checker --- README.md | 22 ++++++------- cve_bin_tool/checkers/__init__.py | 1 + doc/MANUAL.md | 22 ++++++------- .../libebml-1.3.9-1.el7.x86_64.rpm.tar.gz | Bin 0 -> 7636 bytes .../libebml4v5_1.3.6-2_amd64.deb.tar.gz | Bin 0 -> 7319 bytes test/test_data/libebml.py | 30 ++++++++++++++++++ 6 files changed, 53 insertions(+), 22 deletions(-) create mode 100644 test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz create mode 100644 test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz create mode 100644 test/test_data/libebml.py diff --git a/README.md b/README.md index f4c4e0fb5d..754ba7bb93 100644 --- a/README.md +++ b/README.md @@ -191,23 +191,23 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |--------- |------------- |---------- |------------- |---------- |------------ | +|--------------- |--------------- |-------- |------------- |---------- |------------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls | | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | -| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver | -| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached | -| mtr |mysql |nano |ncurses |nessus |netpbm |nginx | -| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh | -| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png | -| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 | -| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo | -| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark | -| wpa_supplicant |xerces |xml2 |zlib |zsh | | | +| libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | +| libnss |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | +| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | +| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | +| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | +| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | +| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | +| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | +| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | +| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | All the checkers can be found in the checkers directory, as can the diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index fd7938a1b0..bb176502ea 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -55,6 +55,7 @@ "libarchive", "libbpg", "libdb", + "libebml", "libgcrypt", "libical", "libjpeg_turbo", diff --git a/doc/MANUAL.md b/doc/MANUAL.md index fb7e573fa9..5ce9dc60f9 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -118,23 +118,23 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |--------- |------------- |---------- |------------- |---------- |------------ | +|--------------- |--------------- |-------- |------------- |---------- |------------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | | ftp |gcc |gimp |glibc |gnomeshell |gnupg |gnutls | | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | -| libbpg |libdb |libgcrypt |libical |libjpeg_turbo |liblas |libnss | -| libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt |libvncserver | -| libxslt |lighttpd |logrotate |lua |mariadb |mdadm |memcached | -| mtr |mysql |nano |ncurses |nessus |netpbm |nginx | -| node |ntp |open_vm_tools |openafs |openjpeg |openldap |openssh | -| openssl |openswan |openvpn |p7zip |pcsc_lite |pigz |png | -| polarssl_fedora |poppler |postgresql |pspp |python |qt |radare2 | -| rsyslog |samba |sane_backends |sqlite |strongswan |subversion |sudo | -| syslogng |systemd |tcpdump |trousers |varnish |webkitgtk |wireshark | -| wpa_supplicant |xerces |xml2 |zlib |zsh | | | +| libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | +| libnss |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | +| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | +| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | +| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | +| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | +| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | +| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | +| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | +| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | For a quick overview of usage and how it works, you can also see [the readme file](README.md). diff --git a/test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz b/test/condensed-downloads/libebml-1.3.9-1.el7.x86_64.rpm.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..1f25f909c6b2aa673039128738cec810b0c9716d GIT binary patch literal 7636 zcmV;_9V_A=iwFn-00002|7>YuWnyh?Eio=LE;%hRE@f;tE_gULUp6!@a&T=fbYXG; z?LBQ<+enhLcb}$zg_7}PO)@c-F)(fBmYu z_0p2MB|AI!+=oLvPa}0zS5_xLu0r_z>e@-61owdl`KVK?ja{GImZ2t72OKwj$J>uVLEwX=h`06zo zAKWy^q1*oJGcs@8zb8Al?x_UYp9*>2I$dYvjB6U5gy)-_19PVcfXh)WGTr41*ZX)Cq`j z4gZLt56+E|J-2ThKd|S6^UlPZ+5>Yqu^CJZF{}p@378Y-Gkm^V8kZqnXJY!k?GxkE z``yqknnx$Yo0EpNgvi0q>1ZvFs8YmCWSvHiCKoA~s@_bzp*cCRhYKV{#WDl?0rU51 zpyzo3f3=Qy59ZKWs_HJhqr^t=IJ2Q(u04v?FOX7IH3+qd?b_2o-R|2#9|}RAVtEF( zHbmSrA@c59hRZT2!O{Jbh3h^R;k0!B+{D7xmU6+GAlQk0Z7wE^r<|)r;i5w5OouCuU%3 zm+$+ATGu~x%*kYET6ejOBp|hZKZiO!T}&pA+Qr$@l`&{t+U7`19lqOr%bVHf-pJO7 z3-O)>stVR<-5J*S&bT(6Nu;|7gaS6~2g{xXjyDB>J)ciKg92#8r}uroqk=rvZ>rLrJ4wUw<4S4q*p^MeU+0VG&lm-m+oC?qk7_qQuUlI z=C-kP=E1_8NQ=FR793hHM)!lcZMsk>7}KUPwrc_ptK&_fg$cAv=kfwdY?v`{sn=Gw zbia@04~^;AoPzyk)S#h4`+y1F(nigQ7^QTHiqe@|TMe~N+gfONJU?y5i1M@NjHDQ9 zE2M2C?9!5RY=o_Y01;ZZsXccrDFW&s6xI$#=p#**ue=*bV45U}DkWBz7hh?c&<}Q} zUg+pPO-&apBxr{*Mu4W`+t|?Z zyiI$5l=Sr8m1Y*oqjT9QkYFk0E`jWHpacTB)~Q<|Lg+rEwat1i$B%$I7UOKYMqmyl zD%R?ZZR-v*cYAR*zLf~em}qj0)@j&jmI>NEbtV&F1G=82qHa;FP%~&3;FPLW%6~4k zl$Ft5g4Bme3TyjlG>V!dDoUPBTCj85O>`CnbESTEhgqG-;)Vq@kscZ!Yeg9k;sW9z{H2~T?oE#_%3a6p{dQQsq>)CJZpSnPs~R_`$z|Bk^x(Suu20;5ryre zh-0du6)==F`z5UMXuR{yw#O{fG70FvOYkksZ&+7e(>Ti=!MOmE_pd>t2Z7#4642rDl7BIyn2(7WE!#z~oi zd9`!%&SouFHyJYWEmwhV6s8*%OdY}pdtp6~f`aIH?#!G=W$m+JX1^iV*!HP6x9nt& zP%?P^u(aoNHf-Ho@8D4M+%8EH4_Z5-&I$tBu>@gVro4r?1Ci|`A)Rn8spWXSF*JR< zsZX6C;+l<*X2SXfozB z?8)bqd8F0*i%BYIT;78Lv@hni<@k;_m52Zeuo_-N8?8!kv?@jMxI7|L0Hw9H%htRh<`LaE)SR1oFuS88Vla_4xqkJYe#4B5*;c#VZ zG(5RttL0HMD>dnH7CKUKUp@xsy7GAn#iNE8P1N1yCFQg*>olpu7m6odt6>Cllk;&R zRR*X_0J)j?od{xxCNgr_k~aK9F*})n;<>1#vWljnTH4R{9KC>iQWiu7Dl4F!n-BVk z_1ooWO+-tE3I(&pC!RHUoY`_x+Yw5sZ0!iMASc-&c%)w0A$uIJ3u{(d<)w?1p=o~I z)NDfF>sAbM?e=grZY#8Yx%JkPf)cN$hA?J}{Qy_U+2~^k=0?{i#U*!Eq zr@$p+-(H&p;?Yxqo2CvriyUOQINN|;x?#Js;L(`dGs6d5^M>g|YWddogSq#}FW-u2$KBZobRp@$VuFUD zY1{T3`n=lvwqe{%7r20jH9z&{(Cajy*5)Rq0=WGqpp$T{B&+J3OB=zOTZV91#xZX( zTz;Dd%8vqRS}7+`=AF3>g9zVF=>JRXw<-H=%3fQqywxqJOlL}0cFo1Z$^{Sgj$=8x zusO7EoT*_!-)tPl%x!*M9vnslT}QMXCf2$lN&ME9&ZzO@v=m$S>yrX!RnA$xSomXk zVrjaai@9gnzMt_NQjfP<_hMatBTroBZ=@;PM^`Ta%TKMs1mE>aw z`U1|)G>#Do+MwlgG?|<`K28?JlNrl2jf*qOCEyPy_A~;_W}x*9fX!E9+b|Z>n}s=4A!bm)MEe|6H67FV6Z~M*kQ-mjh!!8$xtCM##~@O?ck_KIgucFyAr^ zb9B4#17mEPvp<{j1pW*1-9I%3sxfHr1puuU=G~Zh-k&dqxC91r=g{nfEQMn{=)F4E zkF*QnFWlTLP`ZO<%)syBc;wE0G%Pv_$n@FKJ?P*TZjg5I*1QaI@nAEJyxufXIooEzB*j%%#}&_& zgfLYOOD`zN){nAY4AMfoxysJo5OXaP;uDt6!9@&8M&%6cUl^4$0G?@0Cfph>$J;PtF_DVbf08bWDGB!zD>^wN@%5#N(pkahjM}(QVGG# zJfnS3*`a%PAu*!Y$l=BTOOdn_UT8Ga&_a6*jpY zDVc)FHDWmgwG1K4BBK~N4q3Qb0?&6gIbA+!6hhTPXr6MuhGbB+5L%b4739}YB=izM zUFK+n3qUC)k}Uy+1hfLD!x2yGD2JmJ_!wz=4o53=C=v=8EUnn?B}B4lTDgf!D2Y%t zv1=1kh{0M>+f=xDGbE7Ltq7pX05UZdk9at>a>dDHN-SGvix!lM*4ffJ*D18hPN7wb zrO2$(m59QrZ>P}pbP8RMR1|(CuuznY9dt^(Y^TJ_N(9QTITkO7hHBN3DPl*ah%)_% z7BUMxl)}%=aBe!Z=D3-`Gj?YOaW4a6=T!+hH<_M_b=sFjj zlP5(h4^<1HDaxsWNRv&2R5>U`P*D77vLXbv3?XaG0*zS5%ZQT8H?Lj|PJPL=WCGJ9 zNz_uw1=9j~B(01{cE4{TL3!EbwgktCbB8?>h??C<8iTCm#o4_qow|K*`IbAw#YB5P z1*Znc;no8It@ucLnL{X^B+n~PMA)0!1HG$O|esal+&gv;c5 zKWNlZ$)nZ%cmWod{k4H{+ut(S!usyq28?h+Pvo*h_7?VE3gM!bkBtt=UIKU`Mp2y2voZ+9-$78IhrW-w#yP8k=(?n43=E>-V@>=3djJ zB)=+|Xd`%rXr^}{RL-oTl)H>O51t7$(ywENOMt|41yp8EM*CBR`$+r#OxU;Q) z%Cd#PpG9qaDp?Lv<_coJ)%Vo~_=1UT-Wgy~;aP+tBP-oiS&%m6?#j7jFV>CO+`%6bn=qno}pXj$pjKHc+;573iyK@aFw zyNR#o)6kvITa3OJkscTt`1^}9i}Lr{@fJ`0;%tdYyn&Gexf}p*UE1b_9xkrs5^n)c zv?V=rSrflIG=2Re-;v)ylDVKnZQj_ysWY)JJld`oB5zw0 zY$@a-){B#~Q?T?xIw%Krp_~-Ei5nB6+k>Ri`)TPX==y!zzBAltf^V(*jthCMRQVK8 z%aRn)Ze_d|Z(?(bvWAewRVq-FG(yoOI8ha@C(uguo^v{G+(GI?<2D6G3k&QR2tpST z`gN)io)*FJ-nBQshyGLC1vCQlhC5`^MjFgBx^8mF1SD=p2Z1Ku4P=MfXXrm<7XgJU zf83$!&|MD(>soZE8f}&a$Q9^B2~rc!fNB?FJyVTX3)ht|(Z+E2&$d2?E;sU_)@lx# z?xWWFI|kj?JjoPee0C^me^a}i(i)oDBP9prRhy?-r1-l4!#vndC~7InDsHieL%o!P*f|UEbgHxE1xlwnmTq=dFo#zrJDnC;g&W(Fnz;tDg!1}n zgfk9e(zy$uB)LzGJ4(u@)iFC2X+obz3yUAgN6l!^joED34)N-6qdy4Pu z5Trw8T0fEcm7KEbCZW9wTB%x!X^Rt`6;>)U>4JkSS8jHG`l7rx+fWR+ymzdX6K#dKt@7;C znnPT5=U7_T9v z!+uS4V{d*8nBNZ1Uu5mbfsN#rYnh-?kKvlW6kv)v{3(R!@@wehO^n6Vewf)-U>6l> zeu$9<*9*a={f}#WC)a^J344fYJLyJ#{X_zc`X|2Td=<%(98*VcwLM@)^FXfgmHMEf zN@Vw)bICHD*K9SVJFgii#QVX>di4r_v1126-T3Xsf*wD9srY5Fc*7oV6aI%k$lFfG*s9gZ+n#>hF&Z_s8NY7TlK14TQQIb+j~|bYbwjOfvFMK9KOpC!S215)!VQ`7TI}DC7 z*u$WK!AlIDWAOO|(_(Oo!4QK_7+hlT4ufM1_AqE*@DhXP7<}$vS`2P67-H}VgG&tF zVQ`GW9tI5zUSjYZgU`p97K2+1h8TRp;1Yv(7#w4;hd~2_ml!<9;PVlt#o!i$AqJl? zxWwQc2FDoeVbFkJ`*!~sIry>%!ME^v&~8C+z59&3KHUN6Pw=)~gSXen;{drGoHyaK zaR_gF7;MAmL9>BSprZWx`_XTt(+Xa7$LFbfZU(-!?YA1S_ZbZMob~pTar zl?vj5L=TGI{sTxZzU}T44ugCBhth37C=0URZMPN?fKU)J1|l?XLFHo?3bKwe^)RqT z7>?t79AfZ*LC__Yc~j+?^eS(t;Ixn~@D+smtrB#A?i-zDDX3T{fH(@-1X!3rtVe>I z-u|HS05Ji^jCDq1QfX0|JuGed24eq$GV7$8%WEP|RG!@=CIO}NBK#MXKgpwW$Wa|p zB}i9%hU^LEwnuA@Q8;1QuZAjBr~3Bxu>0z5tDEp(ih#v-sK5HH(xSz14(a~hL#9Ur zYjW4> z?%#pFU0+sTOqEJRC8%t6 zV?JK1*UlOOwXP#(njMsKQ0ZbaT2|~0t?^@6E_~Ss6{VZ811R?%^UX}L)7mF6)5y9* zqXEx8ie>NaAN)0P{aubP)S=GhE_l^zf2m-)U>g#FoiG|HOODH1CzW7B&su@bGD9Wr z?gIsIJrGyNcW`UGCk~^Kr}8DqQ8jB<*`|oGfp)KrZtf`SiLgo3+eyJtL{OXd+bC(6 zAgR8{htRf^L(Q`e>37?_Cg*u}T0n@RE$i?W*9`c9u(sGgs2HZ**&yak)AmTD-n7A1 z9za!<&;talmX$cD1J@G%TmD%e+PfL11B}FIl_ptR2+w}`QiW|p%Ws|zbUgT>Idr?!L zPZ63L=zG`?qks$Qe{xj9x6Rl%4`Xhdu{W;8j8ahAHXIG0M7sO0&&gu+>+fj`=DLp6 z(2K#FpahveV?Dl#G78ltQk+<4sB+NQ^%JBjH)C>n7nl7VH9BZl!k@W<(WF8LR=DD? zJUdVfW4eHm?B;OcOhzMT&R#Z;uk_wY^ec<6VXRbZZ~AjzZG%@;T1 z{H>#t`{|GGZpnAG&)4LY_i~rK7XIGEI=RM8A2iS5Y+`joIXF;SB>a^l<=UCpGZ@on zvWv;~_L5x|)fk!#k6-+t3_Wkc!i`lavK>ScdU0&LmxwEH?q?X-Mf+@P1rgrCzfKv2 zglI8U*=CPt2Ta2@lrLYDXMQlZ+*#G6zaIGBbnPFM=e!8dH%Ryv&F?C26fEuNlY|$2 z)u0yGk0^x^oGuUPUM$`3+W|7I4sj<*xJglY@j?k-^}cTh)r}4EY}oUxJ9|W&H^_<% zY(JnArGS1AQ>Al(P>T;Bk-9@9l@m%I)p%)bM|JK8V4IeZ)=LQo=>_j1tJ6ooRuG@L zKMjzaX^@d{G4<(>3m|BNtRrG{MSeBSlTK%?Dvyxgzff$MTk9n?v_?@a9GpTH7gl7- zVp0C!zN#Cffai-sQTFz@-&v^opur@}Rzm3-4D#`FQ)wGPs zGu>zY8ftJzuNe1F=@sLA+Yr_}GzxW+zLOSG4aT<883Ritq^dk8&lT@lNd&~0AC!@2 z`^wY{l(D(A6;oManJJ(=H4SIQ zs<}>ObX%bGMzVEOm+g+Gs>{3`tCXy7rjaXJWrUnHOIq_G`CO)=UD~dR7d+mX)K0^_ z%k-T)lT5$4liAUCa@v~4gol~=cb-80tTPdvLYJN+mmU)@I0G&^=UsG$yX{$BvU_nO9Qwdisg>;&1Q3!bQ?Gksyq4@AZ{)j@+X$0{}1j$hY=`jOZs^n^V zH}&qB$>2tFBHDYdeK^I2BKei;Y7`a!?r4?pPJeHY-(#xaV1%|wR5EgEf}C<}_s^N$v#*ViyY@{-> z)sPZIU94s#k>RF3tEo{zym^54aM`^9`!BaD&&lVD-eqcazgCC85l$44-OnFCkw^c> zee&w&kKTf~e_#3=lkdpgMf)dW{PX5l@}Sj@Typhod-xxuXR1S!Jpa%4HPZj>*B)s- z9Pg8tXTN?XHGd3N6qrL&0}HZiH`7IpD&=diB>FWr{V}PH9;g1J%l-#*23dv;AOB$h zY;I3XL=4|%lYrE)J4$NU7bP|P`5SDtD4G*7;OsAYve=Z-&!JFyuJ z!<^5}M@A!hzqKGC5<`AKmr7~6js--#fCfwm#&GESRAhse3Mpdo~P&Od3v6nr|0Q;dY+!A=jr*sdHx3)YcBBspa1|Y CaoKDD literal 0 HcmV?d00001 diff --git a/test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz b/test/condensed-downloads/libebml4v5_1.3.6-2_amd64.deb.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e5c45643cea8e91a121a50a1c5430b5c622e9c38 GIT binary patch literal 7319 zcmeIu^*%K+i*#s)lumDn|;Q8t(W$knvn97J*&%5^FoQ+`%P9VeK9{73TJYgsL z8FaCK$)|$J~hcd9TNq3p$ z_3*L>|K*OA=n1!H@$H)fgj~#edUxy#?1||x@XG8N>SpGQv-EcOwtpUCTG0IVbY1u+ z)1l)YuXZFUPN(>LY<+L~+;?Prd0wJw-qk$)@=q^at8Sg<#PsLete59mgmG$6{!8ms zD&;Rk&F8}%ryl#2{O+dM>yr@jogFs-hf@>N^11ti+xuXFnfkEf-EYTARlDxjf<`kEsK?;WWL5iC0D* zc3zzY@pwYa zfk)E9yhH^*Z#!8U-`AZ96R9hp8aC6#6yaK_U10uk6qlu_AVE1h4qgS5k=)JLr~X;t z9{De{4F@HPc)?XKIH)v5^Y>noeolPX!vraPL>T!Y=%-7 z&BfC*pzeTH#+U}=IbQ&(IA#v0fk?xvYe=dk1Vg=R1Y`At?Zcy1jtV5hy~l4d*sBSH zX5k&MZCLPe4O2`wWPASRZ$8dEc#|FQvwy+Y_h=$V6zJF(2;o#U-f|t(ms2nr=LHPU zz2EqXH!lQk%N*64`YXDzBzm4b*QG|*KbUi1fuTnf5Q^NL*Xn7Tq+Czgm1{WJqNg+Hxc_)|e2!|UW*R7VZF0~~Tav@{u~d^02n$!|RUe?% zz2Rr1*|~7Cg`P+_=gtr9Vp+CGdi>@4t36F`fYgzc+9C=|`*1)#f8TE==yrhesh;V| zr5smdI`+8erMHjZGD%H>59T2taBjk9N+XD^+NoJ>>dBM4VrTLf@4cd#MpYH(;3=E@ z#6QfD4S8`^B$&y(n8%0=~hx?H~i$6U<&YAS;+`VfPMIV%}+=c?fhoU z1{54`l={e}Yg_LO;9pl(Z;$+F!Ggw|-P?h?E-jE@+my!(lZ#XVq0?JBaoeRw4G!Fx zfnF&*hmE6dDLIdv8N1CDm340j2FwiRv+Ms zgAYZ~L0zpGKO96^)ix93cm+O7Ef1r!~JId}Zd-(-3CJdi&!k(Jr;o8fAIA>jc@Y&DODjm`hs1SY1o zHJAa_aGIC92up^DQDqo{g~!6M`78xU@s01sv4{>R%pSLXsn2k_uLG7WS_&;_rokt0 z?Jb#s)_F>_^yOIgj)xy=QmIA_%hz;{%ikHbv()G%m8Ll@oh3*;^~z6{WjUqVQI{iq zDzS2Bvl0!YTV^yTj3exqpLSm-Mr`$OwGFcB&aC(57|x!aC&_$Yb-~w(X-g(-3&~{5 z^d#&usL7_$Dmlk}0kFE(82SbMwv`%_yVj~^M&QMd*(@tr7L?Urnu4KcQX~V}xdn8d zLvzQWRhWg;wHeqoArp7V6VhWI%=8Gww^|$6A+;MI*Q}V}8Pge~+G_e-m&8nbj@Q=R zc8co$R)_($o^l)rAZ!iuGl8niFp@)TqZ-V%$jjM%+Z2WgQ zetzsX8TTz}TbO;ni*2lSD(ol3YCk}UP&h;}385M14-BaaP#t==y_{byg5_d;KDx58 z?j>b+S$z0pP%#-`WlT~LagDkT5wC-@KDDm5jCsWV^|EykY40XD2qHk?&$^`IN@-cb zs-7+BYUtcD>0X$ua^8OyUa(ljTEM3$&!1)9y(KTNy52Y|)ZojjIAi$%zk)+j@i5aFlXlj^Ygqtp|*LFVecx@1%z!Q-OTUIX`7V?kyADatcL># zZ)?W+fNp{W5-#ZDpJH8uu;?xY1)f{})73@GTwU46C1bifWN}`X1?e&46QKVa2%>Awqk7I^pm?2Ewk_2C~+- zHQvY%!HAA=-kS!ZC)V=$b=|{b%#Qq3=y9JZe|g|9Igz~X*@RF4UD3HoQqz~HC&sUa z`rY>z`}xe(UCgNQ+HI6R$iLSE@I+bfKOaYo(*GKz!l4i_l4-P7bW9u2A*4G`(CmLq z2(NL1aEi;Gbi=3m>Nj9b52;P0NoMX?_Y*A%_3F_cLG%@WsRr7$nPP2r7yTJrCnFK- z6j-Cd&?z~L6umn6+Hpm}u!RP;tDhUAcLpT1#l$G46_HIxb&|oFWDO+_6S~LokgiLm z)?Kc7IX?5AO1WHtbVMxyL|Uhn+46o%7qUo^Jp#AEnw!@30dqsxPTpay!sX1zqm{ zh#r3}5~>@W=r)&SyT~VRUL8Y?LzqmGVC^{W+6MM@)|fWqSoL~$&Hi<)5Wt1Dbv(7~ z;u)@qIy;AcsdxJR%XAGrczS<|q5&K66?$HQ!$aRS)|bJy@MqH{H)0|%gFc|(UwM|t zcu*N;(znz%qJ%QLH~KdGi}iG#5Qfex-ykrc)7wCZp1un}ztB*-$X-sZ(LpT<`F;rA zZNQiK;q8G+IM1@$M8%&-ACMZ63p9+QeK5a5R$R~_(cN~jJ*ZEud}SNU%D0g3^+K9G z29Cr7(a1I#TkHH2RnYjs?0fjXj|shFt+o8l+GSrKJztntsMj>YYd}> z=7@d&Tw`;lg2Uzi{YoSAs%?T2f zF;V+v#oN2X2M||Vv+{@=MF!ZYfi0UNN1+Q!@uP-ns5wEyWznOiY8pJky=4ibd}?j9 z!cS&lU%!tk6X84GfAC)_MN<1R=Jx!ERF9gHZ}x?y%+1s_-Tck_ib9yR2c?%w%Jh^j zqQ}bPHEpYP)V=ew-3R%K58dK05tyD*vsU`(7Ty^bW~*gjcFV`@9rH46&vQatg2&$A zO+zk41@c`ihRt_SEs!Euhj@NWQ?p%%HoHb5Yvy%`X=my3#x-d*L<(h5%5&>aDd~?$ zOWso!$Xu@ z!-`P;8%oh#Ckd*Y!VdsJlN=(8&~HCUFu!Soj(3uGzaaKEe;HAyq$e}c5dJV%wIyo8 zpps(oBHm~E);-J)O<&j4yD}|CAm=X-cE?x=yYzQ^NsBzmB0~t_Ri=^F_ngTNV=KqU8vjEwyyrw zTy&cSs;NnQNQv$24ug_a+`q>z;8qcn^t5XUYb&CDd#Th{8lTl5*1&0h@=~xqxjT&W zac>doHyQN2O(Lj89;ud`xv$$G-?NZ0u%1k0wLr`jtMm4{7`(ihcSXN*eJNDkc9JWq zJHyXf>;I@wrldYcYQRi;JBWaUu_JCJ>wkM7y$$#>!`_0pSoj+9QV>t} z2MyQF8yz*O?^ydr#H&17hWtrZ`bcUDzdueZ2CeJnyqm38-{QXw*7~A3oW}VT5~&+c zQ{R|(SlXivBRG1vXVT5bjP{ABGjB(RtfU6Z(XPueTW3glH8lrF11#`Bi@Se|uYk%t zrfM!Dp?imCttb>iMCx6)%wnE3w~?!3LDBjQ+FAM?T}q_ptHBXo>#)Ozg=lT0uq-KA zu+PVRd&`GKeWtZjmZ64=a@qROlcPoPH05sN_LB=@W;!~k zSxF+gp=r6&{u7$>S8751s6W4Nr1u}M?>2j4JC%GqdMYcu!nCA+7ArcVtcp?+FG@*6 zmbstghj|t7`Q{>rYVI(&kVix&B*JK#zu$=r)xVk+`{0APlgBxhQTJ!=-*us?E)ubR z(VDXMc^_vIqPzWy!}ZoX5VNS*0+WO_Eld&{-mp-yBBGD7-|q*=Q$oJ;WxJio+}&X4 z{kzyE$?p4^T4?Y0?O34{NW<~L{A!pq{XqYh7jg`6uE5((D0cjqCp_}wZVWpYt>vfs z=TA7OyFMn_svjFZpFn&m7R^#Le+-JM>9l@t30^SX>olVcn(nR}{dN3}@@CX$7>|rb z2@gtSlqQ-RTOY67=O0$uN5z|jYsM5t5s1GbStKf7=s$&b!;f*mZT+PT4wv5%bmY#NmhviN>d1QP~4oL8Sp6m$`-3o|ARQ14pHjkyHAD@ zA+3okl|30MZJCQ!#;2v-_qlimaQv~MSz(|T7fxII>@Bi0Z((U7D_PyE>gl-jY94NC zw!aj(J8^5c*_lce47@gs!@=p_fAQ9aRwl8PTZpd$$O?@$o<%&4Z%Sl)P*nD`4q}0G zsLN{f@S6+YtLePFFx!vU<}_$!_2S(C5?8gz6^)Q@&zUdI`-m7ZXyIvkc2yzaYT4iR z$C$rMff2eZSxHG{TK1O()PgX>P&Dx7V-g2z8B>g zI{5sz4~L)PnYiViR_hgcRku2_8(Tr=_C;L1n9l1A(oFRMg z&1-MRuJYu$=pgYkyNv>-Gi`NbEY}Gl?bY=0oL@4_i*bC2DcuBuGO3Y zYh+qr;qOKp5mqLTV3i>|#L%gpvD?viS3htaBlp^(V)B-g73;zMWg4J8yc=knF@RW5 z)Pc!?*$U!o55&3wUPr_a=EU+Or3KEZ*}Rqc%htMbD>d1c=s@X*X& z>T?9wrdmLWWx= zrnrG9HhYi@(uEfadq}LDq%EpnwzaHd0-fOKHof!E(QgS>`8I|?hREIjTIxvPGeAm{ z)y6h{25e9_H^WRD)mAWvDlbZ#sRexrC8`nsknli3G^%A3!ZL@4MM z5_F^p)2qt=hwd8p0Xp|qrm~mK3ei5nM3*K67Ey2m7F|19k5)7|BsiC24w>Xrq9$c@Q1s`+-L?g{P6{jK`4|DuX-}%( z)#tUegj}Swd7Cg@eEjRQhbO)^lkf-}6?<&gZhVxb&IhB~e9%Z8^a9GXyA+i0U&fX1 zj3yhb_-DPOv$jO-I0o>wy5{n3{lQH0AuqlChsEJZ>RodniSen9a5NV+%7GaM%+ppS zutv$!B=5b&PQp5fRA#Uq_q>bRds+QS;f!hu9io3$vz{9ib-H$g z6waRORKpReV9HFP)D3C|M;K!`^v?c2Sz5CQboY>WIr8NjCO0bgkmTrv`4t{sOS~0~ zced{K%UCDaSs8w8o<^~AI~%ke$%)tZInnvbiWF;ka>c*GeUBgKkfVQ+|2`-cZHZgE zq3y*1f}9mun@p#^#yA=#WHMk1dYC4(AN2kEw5B!)#if!!a5$y9u4*J>vHfU+R-PyG z*NLPhR+~W*Q6rXrN~|m#b$aMik3|G{+r^}NG;Jpo(|0U~o`k+xpO|Tqi0UDm%W#$Y zT2GRt7i_-H!3rBfe5YttUD-EW^+G4HRb}PQ9c^J>qoXJW#|uCdoHLd5qWn)AQ!5p0 zCZfYeRFkc-#YxfE7dY+59VGqO^ccpd*25ZteANF0uKL8n7&)qdJl^4CO}q_Gs7bP_ xwK~W~dpA)p`~Bu|4~3upRmQxrY=!(k|F0juZ880C`)~hnQ{HQfAzdIL{SSpsxbFY} literal 0 HcmV?d00001 diff --git a/test/test_data/libebml.py b/test/test_data/libebml.py new file mode 100644 index 0000000000..a8d0116b67 --- /dev/null +++ b/test/test_data/libebml.py @@ -0,0 +1,30 @@ +# Copyright (C) 2021 Intel Corporation +# SPDX-License-Identifier: GPL-3.0-or-later + +mapping_test_data = [ + { + "product": "libebml", + "version": "1.3.9", + "version_strings": ["libebml-1.3.9"], + }, + { + "product": "libebml", + "version": "1.3.6", + "version_strings": ["libebml-1.3.6"], + }, +] + +package_test_data = [ + { + "url": "https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/l/", + "package_name": "libebml-1.3.9-1.el7.x86_64.rpm", + "product": "libebml", + "version": "1.3.9", + }, + { + "url": "http://ftp.de.debian.org/debian/pool/main/libe/libebml/", + "package_name": "libebml4v5_1.3.6-2_amd64.deb", + "product": "libebml", + "version": "1.3.6", + }, +] From ed57755ba9789eefb74be79b50454090936a8247 Mon Sep 17 00:00:00 2001 From: rhythmrx9 <33546975+rhythmrx9@users.noreply.github.com> Date: Sat, 29 Jan 2022 15:11:42 +0530 Subject: [PATCH 3/6] Update cve_bin_tool/checkers/libebml.py Co-authored-by: Bread Genie <63963181+BreadGenie@users.noreply.github.com> --- cve_bin_tool/checkers/libebml.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve_bin_tool/checkers/libebml.py b/cve_bin_tool/checkers/libebml.py index 04a854eff8..6a8eca239b 100644 --- a/cve_bin_tool/checkers/libebml.py +++ b/cve_bin_tool/checkers/libebml.py @@ -16,6 +16,6 @@ class LibebmlChecker(Checker): FILENAME_PATTERNS = [r"libebml.so"] VERSION_PATTERNS = [ r"libebml-([0-9]+\.[0-9]+\.[0-9]+)", - r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown", + r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown\nEBMLVoid", ] VENDOR_PRODUCT = [("matroska", "libebml")] From a1b6c2faf5d980f4fd4bf3576de34fa3bfaa4644 Mon Sep 17 00:00:00 2001 From: rhythmrx9 Date: Wed, 2 Feb 2022 11:31:01 +0530 Subject: [PATCH 4/6] refactor: added libebml in allow.txt --- .github/actions/spelling/allow.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index c57b067145..994fb05c5a 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -172,6 +172,7 @@ libbpg libc libcurl libdb +libebml libexpat libgcrypt libical From c1927249b839eabfe4365a08a0c8fc6061eb1d7c Mon Sep 17 00:00:00 2001 From: rhythmrx9 <33546975+rhythmrx9@users.noreply.github.com> Date: Wed, 2 Mar 2022 10:42:56 +0530 Subject: [PATCH 5/6] refactor: version_patterns for libebml checker Co-authored-by: Terri Oda --- cve_bin_tool/checkers/libebml.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cve_bin_tool/checkers/libebml.py b/cve_bin_tool/checkers/libebml.py index 6a8eca239b..6c4825d66c 100644 --- a/cve_bin_tool/checkers/libebml.py +++ b/cve_bin_tool/checkers/libebml.py @@ -16,6 +16,6 @@ class LibebmlChecker(Checker): FILENAME_PATTERNS = [r"libebml.so"] VERSION_PATTERNS = [ r"libebml-([0-9]+\.[0-9]+\.[0-9]+)", - r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown\nEBMLVoid", + r"([0-9]+\.[0-9]+\.[0-9]+)\nUnknown\nEBMLVoid", # This string may be brittle to changes in string ordering ] VENDOR_PRODUCT = [("matroska", "libebml")] From 11d88559d40b8f99f22e6fb7679fc69e3acbfb6b Mon Sep 17 00:00:00 2001 From: rhythmrx9 Date: Wed, 2 Mar 2022 11:11:30 +0530 Subject: [PATCH 6/6] chore: format checkers table in readme.md --- .github/actions/spelling/allow.txt | 2 ++ README.md | 53 +++++++++++++++++++++++------- cve_bin_tool/checkers/__init__.py | 2 ++ doc/MANUAL.md | 21 ++++++------ 4 files changed, 56 insertions(+), 22 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 994fb05c5a..a658bdeb6f 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -181,6 +181,8 @@ liblas libnss libpng libraryname +librsvg +libseccomp libsndfile libsoup libsqlite diff --git a/README.md b/README.md index 754ba7bb93..cfe84b76fa 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ The CVE Binary Tool is a free, open source tool to help you find known vulnerabi The tool has two main modes of operation: 1. A binary scanner which helps you determine which packages may have been included as part of a piece of software. There are around 100 checkers which focus on common, vulnerable open source components such as openssl, libpng, libxml2 and expat. -2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, and several Software Bill of Materials (SBOM) formats. +2. Tools for scanning known component lists in various formats, including .csv, several linux distribution package lists, language specific package scanners and several Software Bill of Materials (SBOM) formats. It is intended to be used as part of your continuous integration system to enable regular vulnerability scanning and give you early warning of known issues in your supply chain. @@ -24,7 +24,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en - [CVE Binary Tool quick start / README](#cve-binary-tool-quick-start--readme) - [Installing CVE Binary Tool](#installing-cve-binary-tool) - [Most popular usage options](#most-popular-usage-options) - - [Using the tool offline](#using-the-tool-offline) + - [Using the tool offline](#using-the-tool-offline) - [Finding known vulnerabilities using the binary scanner](#finding-known-vulnerabilities-using-the-binary-scanner) - [Finding known vulnerabilities in a list of components](#finding-known-vulnerabilities-in-a-list-of-components) - [Scanning an SBOM file for known vulnerabilities](#scanning-an-sbom-file-for-known-vulnerabilities) @@ -33,6 +33,7 @@ For more details, see our [documentation](https://cve-bin-tool.readthedocs.io/en - [Configuration](#configuration) - [Using CVE Binary Tool in GitHub Actions](#using-cve-binary-tool-in-github-actions) - [Binary checker list](#binary-checker-list) + - [Language Specific checkers](#language-specific-checkers) - [Limitations](#limitations) - [Requirements](#requirements) - [Feedback & Contributions](#feedback--contributions) @@ -63,6 +64,8 @@ To run the binary scanner on a directory or file: cve-bin-tool ``` +Note that this option will also use any [language specific checkers](#language-specific-checkers) to find known vulnerabilities in components. + ### Finding known vulnerabilities in a list of components To scan a comma-delimited (CSV) or JSON file which lists dependencies and versions: @@ -191,7 +194,7 @@ The following checkers are available for finding components in binary files: | | | | Available checkers | | | | -|--------------- |--------------- |-------- |------------- |---------- |------------- |---------- | +|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -199,15 +202,16 @@ The following checkers are available for finding components in binary files: | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | -| libnss |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | -| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | -| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | -| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | -| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | -| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | -| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | -| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | -| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | +| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 | +| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua | +| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses | +| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs | +| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip | +| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp | +| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite | +| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers | +| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib | +| zsh | | | | | | | All the checkers can be found in the checkers directory, as can the @@ -215,6 +219,31 @@ All the checkers can be found in the checkers directory, as can the Support for new checkers can be requested via [GitHub issues](https://github.com/intel/cve-bin-tool/issues). +## Language Specific checkers + +A number of checkers are available for finding vulnerable components in specific language packages. + +### Java + +The scanner examines the `pom.xml` file within a Java package archive to identify Java components. The package names and versions within the archive are used to search the database for vulnerabilities. + +JAR, WAR and EAR archives are supported. + +### Javascript + +The scanner examines the `package-lock.json` file within a javascript application +to identify components. The package names and versions are used to search the database for vulnerabilities. + + +### Python + +The scanner examines the `PKG-INFO` and `METADATA` files for an installed Python package to extract the component name and version which +are used to search the database for vulnerabilities. + +The tool supports the scanning of the contents of any Wheel package files (indicated with a file extension of .whl) and egg package files (indicated with a file extension of .egg). + +The `--package-list` option can be used with a Python dependencies file `requirements.txt` to find the vulnerabilities in the list of components. + ## Limitations This scanner does not attempt to exploit issues or examine the code in greater diff --git a/cve_bin_tool/checkers/__init__.py b/cve_bin_tool/checkers/__init__.py index bb176502ea..a9f44424c5 100644 --- a/cve_bin_tool/checkers/__init__.py +++ b/cve_bin_tool/checkers/__init__.py @@ -61,6 +61,8 @@ "libjpeg_turbo", "liblas", "libnss", + "librsvg", + "libseccomp", "libsndfile", "libsoup", "libsrtp", diff --git a/doc/MANUAL.md b/doc/MANUAL.md index 5ce9dc60f9..ba004a0440 100644 --- a/doc/MANUAL.md +++ b/doc/MANUAL.md @@ -118,7 +118,7 @@ which is useful if you're trying the latest code from | | | | Available checkers | | | | -|--------------- |--------------- |-------- |------------- |---------- |------------- |---------- | +|--------------- |---------- |------------ |--------------- |---------- |------------- |---------- | | accountsservice |avahi |bash |bind |binutils |bolt |bubblewrap | | busybox |bzip2 |cronie |cryptsetup |cups |curl |dbus | | dnsmasq |dovecot |dpkg |enscript |expat |ffmpeg |freeradius | @@ -126,15 +126,16 @@ which is useful if you're trying the latest code from | gpgme |gstreamer |gupnp |haproxy |hdf5 |hostapd |hunspell | | icecast |icu |irssi |kbd |kerberos |kexectools |libarchive | | libbpg |libdb |libebml |libgcrypt |libical |libjpeg_turbo |liblas | -| libnss |libsndfile |libsoup |libsrtp |libssh2 |libtiff |libvirt | -| libvncserver |libxslt |lighttpd |logrotate |lua |mariadb |mdadm | -| memcached |mtr |mysql |nano |ncurses |nessus |netpbm | -| nginx |node |ntp |open_vm_tools |openafs |openjpeg |openldap | -| openssh |openssl |openswan |openvpn |p7zip |pcsc_lite |pigz | -| png |polarssl_fedora |poppler |postgresql |pspp |python |qt | -| radare2 |rsyslog |samba |sane_backends |sqlite |strongswan |subversion | -| sudo |syslogng |systemd |tcpdump |trousers |varnish |webkitgtk | -| wireshark |wpa_supplicant |xerces |xml2 |zlib |zsh | | +| libnss |librsvg |libseccomp |libsndfile |libsoup |libsrtp |libssh2 | +| libtiff |libvirt |libvncserver |libxslt |lighttpd |logrotate |lua | +| mariadb |mdadm |memcached |mtr |mysql |nano |ncurses | +| nessus |netpbm |nginx |node |ntp |open_vm_tools |openafs | +| openjpeg |openldap |openssh |openssl |openswan |openvpn |p7zip | +| pcsc_lite |pigz |png |polarssl_fedora |poppler |postgresql |pspp | +| python |qt |radare2 |rsyslog |samba |sane_backends |sqlite | +| strongswan |subversion |sudo |syslogng |systemd |tcpdump |trousers | +| varnish |webkitgtk |wireshark |wpa_supplicant |xerces |xml2 |zlib | +| zsh | | | | | | | For a quick overview of usage and how it works, you can also see [the readme file](README.md).