{ "SPDXID": "SPDXRef-DOCUMENT", "name": "firefox-0.128.9.0-1.oe2403sp1.aarch64.rpm", "spdxVersion": "SPDX-2.2", "creationInfo": { "created": "2026-05-16T14:15:08.237702372Z", "creators": [ "openeuler_creator" ] }, "dataLicense": "CC0-1.0", "documentNamespace": "https://sbom.openEuler.org/firefox-0.128.9.0-1.oe2403sp1.aarch64.rpm", "packages": [ { "SPDXID": "SPDXRef-rpm-alsa-lib-1.2.10", "name": "alsa-lib", "checksums": [ { "algorithm": "SHA256", "checksumValue": "fe6b4ad3e76e9c33bdcf847aaea3dfbd8a4fbd162963064ece7a888090fada97" } ], "description": "The alsa-lib is a library to interface with ALSA in the Linux kernel\nand virtual devices using a plugin system.\nMore detail: https://alsa.opensrc.org/Alsa-lib", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/alsa-lib@1.2.10-4.oe2403sp1?arch=x86_64&epoch=0&upstream=alsa-lib-1.2.10-4.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://alsa-project.org/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "the user space library that developers compile ALSA applications against", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.2.10-4.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-cairo-1.18.0", "name": "cairo", "checksums": [ { "algorithm": "SHA256", "checksumValue": "f50f963b5dc10da10e5e1712dd857134c96914b92f295984aca965363f5c0bf8" } ], "description": "Cairo is a 2D graphics libarary with support for multiple output devices.\nIt provides high-quality display and print output and this package also\ncontains functionality to make cairo graphics library integrate well with\nGObject used by GNOME.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/cairo@1.18.0-2.oe2403sp1?arch=x86_64&epoch=0&upstream=cairo-1.18.0-2.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://cairographics.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "A 2D graphics library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.18.0-2.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-cairo-gobject-1.18.0", "name": "cairo-gobject", "checksums": [ { "algorithm": "SHA256", "checksumValue": "e8d306ba64df18568fb1da186d2ac93a0184c688a0527ef81b2c73dda919d2cf" } ], "description": "Cairo is a 2D graphics library designed to provide high-quality display\nand print output.\n\nThis package contains functionality to make cairo graphics library\nintegrate well with the GObject object system used by GNOME.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/cairo-gobject@1.18.0-2.oe2403sp1?arch=x86_64&epoch=0&upstream=cairo-1.18.0-2.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://cairographics.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "GObject bindings for cairo", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.18.0-2.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-coreutils-9.4", "name": "coreutils", "checksums": [ { "algorithm": "SHA256", "checksumValue": "60ec93c05e9eb1555cb60c985c5c99fd5ec8964d64a66cdd6922d565c9304f61" } ], "description": "These are the GNU core utilities. This package is the combination of\nthe old GNU fileutils, sh-utils, and textutils packages.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/coreutils@9.4-17.oe2403sp1?arch=x86_64&epoch=0&upstream=coreutils-9.4-17.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://www.gnu.org/software/coreutils/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "A set of basic GNU tools commonly used in shell scripts", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:9.4-17.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-ffmpeg-6.1.1", "name": "ffmpeg", "checksums": [ { "algorithm": "SHA256", "checksumValue": "8ebd9f9dfbb61f312014e766ac0c2abc4f1bd5d35d6b0e9daeae54fa887e70d3" } ], "description": "FFmpeg is a complete and free Internet live audio and video\nbroadcasting solution for Linux/Unix. It also includes a digital\nVCR. It can encode in real time in many formats including MPEG1 audio\nand video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/ffmpeg@6.1.1-20.oe2403sp1?arch=x86_64&epoch=0&upstream=ffmpeg-6.1.1-20.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://ffmpeg.org/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "Digital VCR and streaming server", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:6.1.1-20.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-freetype-2.13.2", "name": "freetype", "checksums": [ { "algorithm": "SHA256", "checksumValue": "b858a4a9a1bded3bf88e797933f01ccaab2031b543b9def404a93d603bd2808d" } ], "description": "FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality\noutput (glyph images) of most vector and bitmap font formats", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/freetype@2.13.2-3.oe2403sp1?arch=x86_64&epoch=0&upstream=freetype-2.13.2-3.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://www.freetype.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "FreeType is a freely available software library to render fonts", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.13.2-3.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-gdk-pixbuf2-2.42.10", "name": "gdk-pixbuf2", "checksums": [ { "algorithm": "SHA256", "checksumValue": "34b29f0111c7ba59e7e12cc0fb2090b7f10392936df45e73715ccc67d9a9a599" } ], "description": "gdk is written in C but has been designed from the ground up to support a wide range of languages.\nIt provide a complete set of widgets,and suitable for projects ranging from small one-off\ntools to complete application suites.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/gdk-pixbuf2@2.42.10-5.oe2403sp1?arch=x86_64&epoch=0&upstream=gdk-pixbuf2-2.42.10-5.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://gitlab.gnome.org/GNOME/gdk-pixbuf", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "gdk is a multi-platform toolkit for creating graphical user interfaces.", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.42.10-5.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-glib2-2.78.3", "name": "glib2", "checksums": [ { "algorithm": "SHA256", "checksumValue": "cafa94b041ab91d7c11726c1667787e408924afb8b37f5631ecd96688f5201da" } ], "description": "GLib is a bundle of three (formerly five) low-level system libraries\nwritten in C and developed mainly by GNOME. GLib's code was separated\nfrom GTK, so it can be used by software other than GNOME and has been\ndeveloped in parallel ever since.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/glib2@2.78.3-10.oe2403sp1?arch=x86_64&epoch=0&upstream=glib2-2.78.3-10.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://www.gtk.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "The core library that forms the basis for projects such as GTK+ and GNOME", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.78.3-10.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-glibc-2.38", "name": "glibc", "checksums": [ { "algorithm": "SHA256", "checksumValue": "406bf61a0c7f32534eb60e39c41da5c2c08e48c2e013fe970240acf8e8a07cf4" } ], "description": "The GNU C Library project provides the core libraries for the GNU system and\nGNU/Linux systems, as well as many other systems that use Linux as the kernel.\nThese libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD,\nOS-specific APIs and more. These APIs include such foundational facilities as\nopen, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,\n login, exit and more.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/glibc@2.38-101.oe2403sp1?arch=x86_64&epoch=0&upstream=glibc-2.38-101.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.gnu.org/software/glibc/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "The GNU libc libraries", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.38-101.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-harfbuzz-8.3.0", "name": "harfbuzz", "checksums": [ { "algorithm": "SHA256", "checksumValue": "30f3d27ad972da321e4db8ef25eb89d367a9d51ee6cdea48bf09ce35b84534ce" } ], "description": "HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string\ncontaining a sequence of Unicode codepoints, HarfBuzz selects and positions\nthe corresponding glyphs from the font, applying all of the necessary layout\nrules and font features. HarfBuzz then returns the string to you in the form\nthat is correctly arranged for the language and writing system.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/harfbuzz@8.3.0-2.oe2403sp1?arch=x86_64&epoch=0&upstream=harfbuzz-8.3.0-2.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://harfbuzz.github.io/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "A text shaping engine", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:8.3.0-2.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-libX11-1.8.7", "name": "libX11", "checksums": [ { "algorithm": "SHA256", "checksumValue": "9f60b3d8c7fd2145b60eca2972ee7b0d94d8035ef47001d340f17d03cb716cad" } ], "description": "Core X11 protocol client library.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/libX11@1.8.7-3.oe2403sp1?arch=x86_64&epoch=0&upstream=libX11-1.8.7-3.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.x.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "Core X11 protocol client library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.8.7-3.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-libgcc-12.3.1", "name": "libgcc", "checksums": [ { "algorithm": "SHA256", "checksumValue": "8a52fe9861cec16b979af09bc3cfe5704a7dffdea62c2ba5cfe3a6b11ce1eb25" } ], "description": "This package contains GCC shared support library which is needed\ne.g. for exception handling support.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/libgcc@12.3.1-64.oe2403sp1?arch=x86_64&epoch=0&upstream=gcc-12.3.1-64.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://gcc.gnu.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "GCC version 12 shared support library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:12.3.1-64.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-libstdc---12.3.1", "name": "libstdc++", "checksums": [ { "algorithm": "SHA256", "checksumValue": "92c7fd1cf4e2ee5ce5030dfc68126cd6045d9ef708d767fb64792c3c7852e265" } ], "description": "The libstdc++ package contains a rewritten standard compliant GCC Standard\nC++ Library.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/libstdc++@12.3.1-64.oe2403sp1?arch=x86_64&epoch=0&upstream=gcc-12.3.1-64.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://gcc.gnu.org", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "GNU Standard C++ Library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:12.3.1-64.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-libvpx-1.13.1", "name": "libvpx", "checksums": [ { "algorithm": "SHA256", "checksumValue": "9278638f26fe3eb22d5ab8be9e9a346ff27d7d039e0fcff6ca0feaa7ad49b4d0" } ], "description": "libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications\nwith the VP8 and VP9 video codecs, high quality, royalty free, open source codecs\ndeployed on millions of computers and devices worldwide.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/libvpx@1.13.1-4.oe2403sp1?arch=x86_64&epoch=0&upstream=libvpx-1.13.1-4.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.webmproject.org/code/", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "VP8/VP9 Video Codec SDK", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.13.1-4.oe2403sp1" }, { "SPDXID": "SPDXRef-rpm-zlib-1.2.13", "name": "zlib", "checksums": [ { "algorithm": "SHA256", "checksumValue": "54f2ea25d0f405a90e86933cc17a9c0a763bbeb4a2cc3b54ecbd79453f73243f" } ], "description": "Zlib is a free, general-purpose, not covered by any patents, lossless data-compression\nlibrary for use on virtually any computer hardware and operating system. The zlib data\nformat is itself portable across platforms.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/zlib@1.2.13-5.oe2403sp1?arch=x86_64&epoch=0&upstream=zlib-1.2.13-5.oe2403sp1.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.zlib.net", "sourceInfo": "acquired package info from repodata DB: repodata/1e9e517490e627182a173b99be812700d86db4782dd8e70517e6881c5499f9e5-primary.sqlite.bz2", "summary": "A lossless data-compression library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.2.13-5.oe2403sp1" } ], "relationships": [ { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-alsa-lib-1.2.10" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-cairo-1.18.0" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-cairo-gobject-1.18.0" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-coreutils-9.4" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-ffmpeg-6.1.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-freetype-2.13.2" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-gdk-pixbuf2-2.42.10" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-glib2-2.78.3" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-glibc-2.38" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-harfbuzz-8.3.0" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-libX11-1.8.7" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-libgcc-12.3.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-libstdc---12.3.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-libvpx-1.13.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-128.9.0", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-zlib-1.2.13" } ] }