{ "SPDXID": "SPDXRef-DOCUMENT", "name": "firefox-0.140.9.1-1.oe2403sp3.aarch64.rpm", "spdxVersion": "SPDX-2.2", "creationInfo": { "created": "2026-05-16T13:51:51.381289187Z", "creators": [ "openeuler_creator" ] }, "dataLicense": "CC0-1.0", "documentNamespace": "https://sbom.openEuler.org/firefox-0.140.9.1-1.oe2403sp3.aarch64.rpm", "packages": [ { "SPDXID": "SPDXRef-rpm-alsa-lib-1.2.10", "name": "alsa-lib", "checksums": [ { "algorithm": "SHA256", "checksumValue": "43c4d9eb712871495e94fd07e9293fbf9e237c2a1ec47a7d01e350c517eab3c3" } ], "description": "The alsa-lib is a library to interface with ALSA in the Linux kernel\nand virtual devices using a plugin system.\nMore detail: https://alsa.opensrc.org/Alsa-lib", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/alsa-lib@1.2.10-4.oe2403sp3?arch=x86_64&epoch=0&upstream=alsa-lib-1.2.10-4.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://alsa-project.org/", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "the user space library that developers compile ALSA applications against", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.2.10-4.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-ffmpeg-6.1.1", "name": "ffmpeg", "checksums": [ { "algorithm": "SHA256", "checksumValue": "d194f07d676c7f6f386680b25466e7abf3be41afe6228ac995fbd5cf432dcbb6" } ], "description": "FFmpeg is a complete and free Internet live audio and video\nbroadcasting solution for Linux/Unix. It also includes a digital\nVCR. It can encode in real time in many formats including MPEG1 audio\nand video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/ffmpeg@6.1.1-27.oe2403sp3?arch=x86_64&epoch=0&upstream=ffmpeg-6.1.1-27.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://ffmpeg.org/", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "Digital VCR and streaming server", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:6.1.1-27.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-freetype-2.13.2", "name": "freetype", "checksums": [ { "algorithm": "SHA256", "checksumValue": "d04ff3a2b7119549382eaf6162d957abfa343b038e50f74a35f5172b102a9991" } ], "description": "FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality\noutput (glyph images) of most vector and bitmap font formats", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/freetype@2.13.2-5.oe2403sp3?arch=x86_64&epoch=0&upstream=freetype-2.13.2-5.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://www.freetype.org", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "FreeType is a freely available software library to render fonts", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.13.2-5.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-gdk-pixbuf2-2.42.10", "name": "gdk-pixbuf2", "checksums": [ { "algorithm": "SHA256", "checksumValue": "6b2c75b5f1cefe26163a5f24573e27562e5b750ac39516946e4687d705269d1f" } ], "description": "gdk is written in C but has been designed from the ground up to support a wide range of languages.\nIt provide a complete set of widgets,and suitable for projects ranging from small one-off\ntools to complete application suites.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/gdk-pixbuf2@2.42.10-7.oe2403sp3?arch=x86_64&epoch=0&upstream=gdk-pixbuf2-2.42.10-7.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://gitlab.gnome.org/GNOME/gdk-pixbuf", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "gdk is a multi-platform toolkit for creating graphical user interfaces.", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.42.10-7.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-glib2-2.78.3", "name": "glib2", "checksums": [ { "algorithm": "SHA256", "checksumValue": "0ec006e93fb87f446a44db901df86096a47acfb2199234f75dd6796be58e4066" } ], "description": "GLib is a bundle of three (formerly five) low-level system libraries\nwritten in C and developed mainly by GNOME. GLib's code was separated\nfrom GTK, so it can be used by software other than GNOME and has been\ndeveloped in parallel ever since.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/glib2@2.78.3-13.oe2403sp3?arch=x86_64&epoch=0&upstream=glib2-2.78.3-13.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://www.gtk.org", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "The core library that forms the basis for projects such as GTK+ and GNOME", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.78.3-13.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-glibc-2.38", "name": "glibc", "checksums": [ { "algorithm": "SHA256", "checksumValue": "5b9ff7dcfad4f84b7de1d2f196b2ea0b7976510cb9db329bdfc1d6cfd5b8d730" } ], "description": "The GNU C Library project provides the core libraries for the GNU system and\nGNU/Linux systems, as well as many other systems that use Linux as the kernel.\nThese libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD,\nOS-specific APIs and more. These APIs include such foundational facilities as\nopen, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,\n login, exit and more.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/glibc@2.38-101.oe2403sp3?arch=x86_64&epoch=0&upstream=glibc-2.38-101.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.gnu.org/software/glibc/", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "The GNU libc libraries", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:2.38-101.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-harfbuzz-8.3.0", "name": "harfbuzz", "checksums": [ { "algorithm": "SHA256", "checksumValue": "a8483b8aa1799d97a36b4781d6e1a0529e41c165c8be26106b0b1f344e725705" } ], "description": "HarfBuzz is a text-shaping engine. If you give HarfBuzz a font and a string\ncontaining a sequence of Unicode codepoints, HarfBuzz selects and positions\nthe corresponding glyphs from the font, applying all of the necessary layout\nrules and font features. HarfBuzz then returns the string to you in the form\nthat is correctly arranged for the language and writing system.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/harfbuzz@8.3.0-4.oe2403sp3?arch=x86_64&epoch=0&upstream=harfbuzz-8.3.0-4.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "https://harfbuzz.github.io/", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "A text shaping engine", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:8.3.0-4.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-libvpx-1.13.1", "name": "libvpx", "checksums": [ { "algorithm": "SHA256", "checksumValue": "782f01feccb975a33562c931b71bd68f3e954425ca5472e9d756b2cda949ebe8" } ], "description": "libvpx provides the VP8/VP9 SDK, which allows you to integrate your applications\nwith the VP8 and VP9 video codecs, high quality, royalty free, open source codecs\ndeployed on millions of computers and devices worldwide.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/libvpx@1.13.1-5.oe2403sp3?arch=x86_64&epoch=0&upstream=libvpx-1.13.1-5.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.webmproject.org/code/", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "VP8/VP9 Video Codec SDK", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.13.1-5.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-mesa-libgbm-24.0.3", "name": "mesa-libgbm", "checksums": [ { "algorithm": "SHA256", "checksumValue": "de1419d0c8c7820d66f3509b3c581f40d17d97fbcd2bc85ba4e52758caf92b66" } ], "description": "Mesa gbm runtime library.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/mesa-libgbm@24.0.3-5.oe2403sp3?arch=x86_64&epoch=0&upstream=mesa-24.0.3-5.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.mesa3d.org", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "Mesa gbm runtime library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:24.0.3-5.oe2403sp3" }, { "SPDXID": "SPDXRef-rpm-zlib-1.2.13", "name": "zlib", "checksums": [ { "algorithm": "SHA256", "checksumValue": "5e8398c87da1ae6ca0f5417dccfed134392bbbb4d396bc22a3b3aa0a9aec91d8" } ], "description": "Zlib is a free, general-purpose, not covered by any patents, lossless data-compression\nlibrary for use on virtually any computer hardware and operating system. The zlib data\nformat is itself portable across platforms.", "downloadLocation": "NOASSERTION", "externalRefs": [ { "referenceCategory": "PACKAGE_MANAGER", "referenceLocator": "pkg:rpm/zlib@1.2.13-5.oe2403sp3?arch=x86_64&epoch=0&upstream=zlib-1.2.13-5.oe2403sp3.src.rpm", "referenceType": "purl" } ], "filesAnalyzed": false, "homepage": "http://www.zlib.net", "sourceInfo": "acquired package info from repodata DB: repodata/7aaa8028cd6c068a90bd42ae637c48d9a5489a6964ac2eb43a64aa54e68696c5-primary.sqlite.bz2", "summary": "A lossless data-compression library", "supplier": "Organization: http://openeuler.org", "versionInfo": "0:1.2.13-5.oe2403sp3" } ], "relationships": [ { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-alsa-lib-1.2.10" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-ffmpeg-6.1.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-freetype-2.13.2" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-gdk-pixbuf2-2.42.10" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-glib2-2.78.3" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-glibc-2.38" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-harfbuzz-8.3.0" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-libvpx-1.13.1" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-mesa-libgbm-24.0.3" }, { "spdxElementId": "SPDXRef-rpm-firefox-140.9.1", "relationshipType": "DEPENDS_ON", "relatedSpdxElement": "SPDXRef-rpm-zlib-1.2.13" } ] }