# Legal Report Package: shadowsocks-rust Checkout: 7c8330c3b624bf81545235f4a70a58545e7736ec4d9ab87efc59d7152f1ff98d Unpacked: 280365 files (539MiB) ## System Notice Diff to closest match 356717: Found new unresolved matches in vendor/blake3/README.md and 55 other files Found new license AGPL-3.0+ (risk 3) not present in old report Found new license Any reference local:patent (risk 2) not present in old report Found new license Any technical limitation (risk 3) not present in old report Found new license Artistic-1.0-Perl OR GPL-1.0+ (risk 2) not present in old report Found new license BSD-Unspecifid AND GPL-2.0 (risk 2) not present in old report Found new license CC-BY-4.0 (risk 2) not present in old report Found new license GPL-2.0 AND AGPL-3.0 (risk 5) not present in old report Found new license GPL-2.0 OR Apache-2.0:patent (risk 2) not present in old report Found new license GPL-2.0+ (risk 2) not present in old report Found new license GPL-2.0-or-later (risk 2) not present in old report Found new license GPL-3.0 WITH GCC-exception-3.1 (risk 3) not present in old report Found new license GPL-3.0+ (risk 3) not present in old report Found new license OFL-1.1 (risk 3) not present in old report Found new license bzip2-1.0.6 (risk 2) not present in old report Found new license regex (risk 2) not present in old report ## Licenses **Warning** Elevated risk, package might contain incompatible licenses: GPL-2.0-only, Apache-2.0 Note: Report is incomplete, reviewers need to create new license patterns for unmatched keywords or ignore false positive matches. Estimated risks for each file are based on the highest risk snippet. The lower its similarity to existing license patterns, the higher the risk will climb above the predicted license. ### Risk 9 (Unknown) * `vendor/rtoolbox/Cargo.toml.processed.orig`: 24.5% similarity to "Keyword", estimated risk 9 * `vendor/rtoolbox/README.md`: 32.8% similarity to "Keyword", estimated risk 9 * `vendor/bloomfilter/src/lib.rs`: 31.2% similarity to "Any Permissive", estimated risk 7 * `vendor/openssl-src/openssl/ssl/record/methods/ssl3_cbc.c`: 41.1% similarity to "OpenSSL", estimated risk 7 * `vendor/quinn/README.processed.md`: 29.6% similarity to "MIT OR Apache-2.0", estimated risk 7 * `vendor/rpmalloc/CONTRIBUTING.processed.md`: 36.7% similarity to "Apache-2.0", estimated risk 7 * `vendor/sysexits/README.md`: 36.3% similarity to "Apache-2.0", estimated risk 7 * `vendor/webpki-roots/LICENSE`: 31% similarity to "Any reference local", estimated risk 7 * `vendor/wintun-bindings/wintun/LICENSE.txt`: 28.8% similarity to "Any no warranty", estimated risk 7 * `vendor/librocksdb-sys/rocksdb/memory/memory_allocator_test.cc`: 44.7% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 6 * `vendor/lru_time_cache/src/iter.rs`: 38.8% similarity to "MIT OR Apache-2.0", estimated risk 6 * `vendor/moka/README.processed.md`: 40.3% similarity to "MIT + Apache-2.0", estimated risk 6 * `vendor/openssl-src/openssl/crypto/modes/asm/aes-gcm-armv8-unroll8_64.processed.pl`: 55.4% similarity to "OpenSSL", estimated risk 6 * `vendor/rpmalloc-sys/rpmalloc/rpmalloc/malloc.processed.c`: 34.6% similarity to "MIT", estimated risk 6 * `vendor/rpmalloc-sys/rpmalloc/rpmalloc/rpmalloc.processed.c`: 35.5% similarity to "MIT", estimated risk 6 * `vendor/rpmalloc-sys/rpmalloc/rpmalloc/rpmalloc.processed.h`: 34.6% similarity to "MIT", estimated risk 6 * `vendor/zstd/Readme.md`: 31.3% similarity to "BSD-3-Clause OR GPL-2.0-or-later", estimated risk 6 * `vendor/bloomfilter/README.processed.md`: 48.8% similarity to "GPL-3.0-only", estimated risk 5 * `vendor/crossbeam-channel/README.md`: 54.2% similarity to "Any reference local", estimated risk 5 * `vendor/iri-string/README.md`: 62.7% similarity to "Apache-2.0", estimated risk 5 * `vendor/librocksdb-sys/rocksdb/db_stress_tool/db_stress_compression_manager.h`: 54.6% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 5 * `vendor/librocksdb-sys/rocksdb/java/src/test/java/org/rocksdb/KeyExistsTest.java`: 54.6% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 5 * `vendor/lz4-sys/liblz4/examples/README.md`: 63.9% similarity to "GPL-2.0", estimated risk 5 * `vendor/moka/NOTICE`: 59.1% similarity to "Apache-2.0", estimated risk 5 * `vendor/notify-types/README.md`: 53.8% similarity to "MIT OR Apache-2.0", estimated risk 5 * `vendor/openssl-src/openssl/crypto/modes/asm/aes-gcm-armv8_64.processed.pl`: 73.2% similarity to "OpenSSL", estimated risk 5 * `vendor/openssl-src/openssl/crypto/poly1305/asm/poly1305-ppc.pl`: 66.1% similarity to "OpenSSL", estimated risk 5 * `vendor/untrusted/src/lib.rs`: 50% similarity to "ISC", estimated risk 5 * `vendor/zerocopy/win-cargo.bat`: 46.3% similarity to "Apache-2.0 OR MIT", estimated risk 5 * `vendor/arc-swap/README.md`: 74.8% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/blake3/README.md`: 66.9% similarity to "CC0-1.0", estimated risk 4 * `vendor/chrono/README.md`: 85.6% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/constant_time_eq/README`: 73.4% similarity to "MIT OR Apache-2.0", estimated risk 4 * `vendor/critical-section/README.processed.md`: 66.7% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/dynosaur/README.processed.md`: 81.9% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/encoding_rs/COPYRIGHT`: 65.3% similarity to "MIT OR Apache-2.0", estimated risk 4 * `vendor/encoding_rs/src/lib.processed.rs`: 77.5% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/etherparse/README.processed.md`: 77.9% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/http/README.md`: 88.5% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/httparse/README.processed.md`: 88.5% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/jemalloc-sys/jemalloc/bin/jeprof.processed.in`: 82.1% similarity to "BSD-2-Clause", estimated risk 4 * `vendor/librocksdb-sys/rocksdb/db/internal_stats.cc`: 88.7% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 4 * `vendor/librocksdb-sys/rocksdb/java/src/main/java/org/rocksdb/ConfigOptions.java`: 77.3% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 4 * `vendor/librocksdb-sys/rocksdb/java/src/main/java/org/rocksdb/HyperClockCache.java`: 77.3% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 4 * `vendor/librocksdb-sys/rocksdb/third-party/gtest-1.8.1/fused-src/gtest/gtest.h`: 82% similarity to "BSD-3-Clause", estimated risk 4 * `vendor/librocksdb-sys/rocksdb/tools/block_cache_analyzer/block_cache_trace_analyzer_plot.py`: 77.3% similarity to "GPL-2.0 OR Apache-2.0", estimated risk 4 * `vendor/openssl-src/openssl/crypto/bn/asm/sparct4-mont.pl`: 89.7% similarity to "OpenSSL OR BSD-2-Clause", estimated risk 4 * `vendor/openssl-src/openssl/crypto/des/asm/dest4-sparcv9.pl`: 84.1% similarity to "OpenSSL OR BSD-2-Clause", estimated risk 4 * `vendor/portable-atomic-util/README.processed.md`: 58.4% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/powerfmt/README.md`: 77.8% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/proc-macro-error2/README.processed.md`: 67.6% similarity to "MIT OR Apache-2.0", estimated risk 4 * `vendor/regex/README.md`: 63.8% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/ring-compat/README.processed.md`: 68% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/ring/README.md`: 73.1% similarity to "Any floating warranty", estimated risk 4 * `vendor/ring/crypto/fipsmodule/sha/asm/sha512-x86_64.pl`: 75.6% similarity to "Apache-2.0", estimated risk 4 * `vendor/rpmalloc-sys/rpmalloc/README.processed.md`: 62.7% similarity to "Public-Domain", estimated risk 4 * `vendor/rustls-webpki/LICENSE`: 65% similarity to "ISC", estimated risk 4 * `vendor/snmalloc-sys/snmalloc/snmalloc.processed.txt`: 64.1% similarity to "Any perm noncommercial", estimated risk 4 * `vendor/time/README.md`: 77.8% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/tracing-subscriber/src/fmt/time/datetime.rs`: 69.4% similarity to "MIT", estimated risk 4 * `vendor/tun/src/platform/freebsd/device.rs`: 74.3% similarity to "WTFPL", estimated risk 4 * `vendor/widestring/README.processed.md`: 83.9% similarity to "MIT OR Apache-2.0", estimated risk 4 * `vendor/zeroize/README.md`: 68.7% similarity to "Apache-2.0 OR MIT", estimated risk 4 * `vendor/zstd-sys/zstd/lib/common/threading.c`: 78.2% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 4 * `vendor/byte_string/README.md`: 92.2% similarity to "MIT OR Apache-2.0", estimated risk 2 * `vendor/futures-sink/README.md`: 92.3% similarity to "Apache-2.0 OR MIT", estimated risk 2 * `vendor/librocksdb-sys/snappy/COPYING`: 90.7% similarity to "MIT AND CC-BY-3.0", estimated risk 2 * `vendor/lru-slab/README.md`: 90.9% similarity to "Apache-2.0 OR MIT", estimated risk 2 * `vendor/managed/README.md`: 99.2% similarity to "BSD-Unspecified", estimated risk 2 * `vendor/openssl-src/openssl/crypto/LPdir_unix.c`: 92.9% similarity to "BSD-2-Clause OR OpenSSL", estimated risk 2 * `vendor/smoltcp/README.processed.md`: 99.2% similarity to "BSD-Unspecified", estimated risk 2 * `vendor/zstd-sys/zstd/lib/common/xxhash.c`: 95.3% similarity to "BSD-Unspecifid AND GPL-2.0", estimated risk 2 * `vendor/aes-gcm-siv/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/android_system_properties/CONTRIBUTING.processed.md`: 96.2% similarity to "MIT OR Apache-2.0", estimated risk 1 * `vendor/bzip2-sys/bzip2-1.0.8/README`: 99.9% similarity to "Any floating warranty", estimated risk 1 * `vendor/clap_builder/README.md`: 100% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/opaque-debug/README.processed.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/openssl-src/openssl/crypto/LPdir_vms.c`: 99% similarity to "BSD-2-Clause OR OpenSSL", estimated risk 1 * `vendor/openssl-src/openssl/crypto/aes/asm/aest4-sparcv9.pl`: 96.6% similarity to "OpenSSL OR BSD-2-Clause", estimated risk 1 * `vendor/openssl-src/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl`: 96.6% similarity to "OpenSSL OR BSD-2-Clause", estimated risk 1 * `vendor/openssl-src/openssl/crypto/x509/v3_pci.c`: 98.6% similarity to "OpenSSL OR BSD-3-Clause", estimated risk 1 * `vendor/openssl-src/openssl/crypto/x509/v3_pcia.c`: 95.1% similarity to "OpenSSL OR BSD-3-Clause", estimated risk 1 * `vendor/signal-hook-registry/README.md`: 100% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/signature/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/trait-variant/README.md`: 96.3% similarity to "MIT OR Apache-2.0", estimated risk 1 * `vendor/universal-hash/README.md`: 95.1% similarity to "Apache-2.0 OR MIT", estimated risk 1 * `vendor/untrusted/README.md`: 94.5% similarity to "Any floating warranty", estimated risk 1 * `vendor/uuid/README.md`: 94.6% similarity to "Apache-2.0 OR MIT", estimated risk 1 ### Risk 5 (High) * GPL-2.0-only AND AGPL-3.0-only: 35 files ### Risk 4 (High) * APSL-2.0: 2 files ### Risk 3 (Low) * AGPL-3.0-or-later: 1 file * Any CLA: 1 file * Any reference local: 1 file * Any technical limitation: 1 file * Apache-2.0: 3066 files * Apache-2.0 OR MIT: 1 file * Apache-2.0 WITH LLVM-exception: 4 files * BSD-3-Clause: 28 files * CC-BY-3.0: 2 files * CC-BY-SA-4.0: 2 files * GPL-3.0-only WITH GCC-exception-3.1: 1 file * GPL-3.0-or-later: 1 file * GPL-Unspecified: 5 files * MPL-2.0: 5 files * OFL-1.1: 1 file * OpenSSL: 128 files ### Risk 2 (Low) * All Rights Reserved: 2380 files * Any reference local: 522 files * Apache-2.0 WITH LLVM-exception: 1 file * Artistic-1.0-Perl OR GPL-1.0-or-later: 3 files * BSD-2-Clause: 14 files * BSD-Unspecifid AND GPL-2.0: 89 files * BSD-Unspecified: 65 files * CC-BY-3.0: 3 files * CC-BY-4.0: 2 files * CC0-1.0: 2 files * GPL-2.0-only: 5 files * GPL-2.0-only OR Apache-2.0: 1424 files * GPL-2.0-or-later: 34 files * GPL-2.0-or-later: 3 files * MIT: 1 file * Unicode-TOU: 43 files * bzip2-1.0.6: 1 file * regex: 1 file ### Risk 1 (Low) * 0BSD: 6 files * Any CLA: 6 files * Any Permissive: 5 files * Any copyright: 9 files * Any distributed with: 3 files * Any floating warranty: 7 files * Any keep notice: 1 file * Any reference local: 35 files * Apache-2.0 OR BSD-2-Clause: 2 files * Apache-2.0 OR MIT: 352 files * BSD-2-Clause: 63 files * BSD-3-Clause: 68 files * BSL-1.0: 2 files * BSL-1.0 OR Apache-2.0: 1 file * CC0-1.0: 31 files * FSF unlimited: 1 file * GPL-2.0 OR ANY: 1 file * GPL-2.0-only OR MIT: 2 files * GPL-2.0-or-later OR MIT: 1 file * HPND: 1 file * ISC: 217 files * LGPL-2.0-or-later: 1 file * LGPL-2.1-or-later: 1 file * MIT: 1001 files * MIT + Apache-2.0: 3 files * MIT AND CC-BY-3.0: 1 file * MIT-0: 1 file * MIT OR Apache-2.0: 1232 files * MIT OR BSD-2-Clause OR Apache-2.0: 266 files * MIT OR Unlicense: 8 files * MPL-1.1 OR LGPL-2.1-or-later OR BSD-3-Clause OR GPL-2.0-or-later: 2 files * Public-Domain: 63 files * Unicode: 1 file * Unicode-3.0: 18 files * Unicode-DFS-2016: 1 file * Unicode-TOU: 19 files * Unlicense: 10 files * WTFPL: 37 files * Zlib: 152 files * bzip2-1.0.6: 2 files * openSUSE specfile: 1 file ### Risk 0 (Low) * Any CLA: 1 file * SUSE-FSF: 2 files * Suse Copyright: 1 file ## About This plain text report was generated by Cavil. For more details please consult the HTML and SPDX reports.