{"SPDXID": "SPDXRef-DOCUMENT", "creationInfo": {"comment": "This document was created by analyzing recipe files during the build.", "created": "2025-03-07T03:37:35Z", "creators": ["Tool: OpenEmbedded Core create-spdx.bbclass", "Organization: OpenEmbedded ()", "Person: N/A ()"], "licenseListVersion": "3.14"}, "dataLicense": "CC0-1.0", "documentNamespace": "http://spdx.org/spdxdocs/recipe-busybox-1dd695ee-b779-5d09-9314-a0c15f2a4031", "externalDocumentRefs": [{"checksum": {"algorithm": "SHA1", "checksumValue": "e01b3543d512290e8759f75facc5eb99d247edce"}, "externalDocumentId": "DocumentRef-dependency-recipe-gcc-cross-aarch64", "spdxDocument": "http://spdx.org/spdxdocs/recipe-gcc-cross-aarch64-e05122e2-842a-5b45-a068-7a450933ae13"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "e4870c97e67cca1e28c352aa92600ad4b9946dc6"}, "externalDocumentId": "DocumentRef-dependency-recipe-gcc-runtime", "spdxDocument": "http://spdx.org/spdxdocs/recipe-gcc-runtime-a8177036-816d-5f00-a030-969647302050"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "29f98206b0ceb3ee8af81abc4271bb097587ffcd"}, "externalDocumentId": "DocumentRef-dependency-recipe-glibc", "spdxDocument": "http://spdx.org/spdxdocs/recipe-glibc-8ec5f1d4-204b-530d-8854-79bbb314d6d7"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "4f719554b27b844e5de0f8227adc3ce10580e70b"}, "externalDocumentId": "DocumentRef-dependency-recipe-kern-tools-native", "spdxDocument": "http://spdx.org/spdxdocs/recipe-kern-tools-native-df052eaa-fcae-5096-ab00-31da460b907f"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "255db4ecba347831f02b882cf956cb8ff3334468"}, "externalDocumentId": "DocumentRef-dependency-recipe-libxcrypt", "spdxDocument": "http://spdx.org/spdxdocs/recipe-libxcrypt-efbb6a8f-45ef-56f5-b465-7bb29439adf1"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "a0fd280986fed15549f236d496b575b14ab95c8e"}, "externalDocumentId": "DocumentRef-dependency-recipe-opkg-utils", "spdxDocument": "http://spdx.org/spdxdocs/recipe-opkg-utils-f3c24e09-f6ff-5f5c-ab93-a37218f4e1a7"}, {"checksum": {"algorithm": "SHA1", "checksumValue": "8702b3fcd414aa3e55b1a5f52b06635899d99b82"}, "externalDocumentId": "DocumentRef-dependency-recipe-systemd-systemctl-native", "spdxDocument": "http://spdx.org/spdxdocs/recipe-systemd-systemctl-native-2f3d50ae-528c-5654-b3e7-3b2e2de42e45"}], "hasExtractedLicensingInfos": [{"extractedText": "\n--------------------------------------------------------------------------\n\nThis program, \"bzip2\", the associated library \"libbzip2\", and all\ndocumentation, are copyright (C) 1996-2006 Julian R Seward.  All\nrights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n\n2. The origin of this software must not be misrepresented; you must \n   not claim that you wrote the original software.  If you use this \n   software in a product, an acknowledgment in the product \n   documentation would be appreciated but is not required.\n\n3. Altered source versions must be plainly marked as such, and must\n   not be misrepresented as being the original software.\n\n4. The name of the author may not be used to endorse or promote \n   products derived from this software without specific prior written \n   permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS\nOR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\nARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\nDIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE\nGOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS\nINTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nJulian Seward, Cambridge, UK.\njseward@bzip.org\nbzip2/libbzip2 version 1.0.4 of 20 December 2006\n\n--------------------------------------------------------------------------\n", "licenseId": "LicenseRef-bzip2-1.0.4", "name": "bzip2-1.0.4"}], "name": "recipe-busybox", "packages": [{"SPDXID": "SPDXRef-Recipe-busybox", "copyrightText": "NOASSERTION", "description": "BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides minimalist replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. BusyBox provides a fairly complete POSIX environment for any small or embedded system.", "downloadLocation": "NOASSERTION", "externalRefs": [{"referenceCategory": "SECURITY", "referenceLocator": "cpe:2.3:*:*:busybox:1.36.1:*:*:*:*:*:*:*", "referenceType": "http://spdx.org/rdf/references/cpe23Type"}], "homepage": "https://www.busybox.net", "licenseConcluded": "NOASSERTION", "licenseDeclared": "GPL-2.0-only AND LicenseRef-bzip2-1.0.4", "licenseInfoFromFiles": ["NOASSERTION"], "name": "busybox", "sourceInfo": "CVEs fixed: CVE-2022-28391 CVE-2023-42363 CVE-2023-42365 CVE-2023-42364 CVE-2023-42366 CVE-2021-42380", "summary": "Tiny versions of many common UNIX utilities in a single small executable", "supplier": "Organization: OpenEmbedded ()", "versionInfo": "1.36.1"}, {"SPDXID": "SPDXRef-Download-busybox-1", "checksums": [{"algorithm": "SHA256", "checksumValue": "b8cc24c9574d809e7279c3be349795c5d5ceb6fdf19ca709f80cde50e47de314"}], "copyrightText": "NOASSERTION", "downloadLocation": "https://busybox.net/downloads/busybox-1.36.1.tar.bz2", "licenseConcluded": "NOASSERTION", "licenseDeclared": "NOASSERTION", "licenseInfoFromFiles": ["NOASSERTION"], "name": "busybox-source-1", "supplier": "NOASSERTION"}], "relationships": [{"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "DESCRIBES", "spdxElementId": "SPDXRef-DOCUMENT"}, {"relatedSpdxElement": "SPDXRef-Download-busybox-1", "relationshipType": "DESCRIBES", "spdxElementId": "SPDXRef-DOCUMENT"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "SPDXRef-Download-busybox-1"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-gcc-cross-aarch64:SPDXRef-Recipe-gcc-cross-aarch64"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-gcc-runtime:SPDXRef-Recipe-gcc-runtime"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-glibc:SPDXRef-Recipe-glibc"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-kern-tools-native:SPDXRef-Recipe-kern-tools-native"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-libxcrypt:SPDXRef-Recipe-libxcrypt"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-opkg-utils:SPDXRef-Recipe-opkg-utils"}, {"relatedSpdxElement": "SPDXRef-Recipe-busybox", "relationshipType": "BUILD_DEPENDENCY_OF", "spdxElementId": "DocumentRef-dependency-recipe-systemd-systemctl-native:SPDXRef-Recipe-systemd-systemctl-native"}], "spdxVersion": "SPDX-2.2"}