Adding CPEPrefixes for more dependencies.

Adding CPEPrefix lines which will allow Vomit to report crbugs for known
vulnerabilities in these components.

See
docs/adding_to_third_party.md
for information about CPEPrefix.

Notes about how some of these were figured out:

* libxml: deduced by looking through the history from the git hash
  given in the latest git commit.
* fontconfig: Went through git history to last tag; matches README
* jsoncpp: Used latest tag.
* Flash is marked as 'unknown', since it's not the real Flash player.
* The Camino Cocoa extensions don't have a corresponding OSS project
  any longer so are also marked as 'unknown'.

Bug: 895969
Change-Id: Iadcd9fff258c18d759d564f15fe4fa334c98b441
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2128971Reviewed-by: Raymes Khoury <raymes@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Adrian Taylor <adetaylor@chromium.org>
Cr-Commit-Position: refs/heads/master@{#756146}

third_party/binutils/README.chromium

 Name: binutils
 URL: http://www.gnu.org/software/binutils/
 Version: 2.30
+CPEPrefix: cpe:/a:gnu:binutils:2.30
 License: GPL v2
 License File: NOT_SHIPPED
 Security Critical: no

third_party/bouncycastle/README.chromium

 Name: Bouncy Castle
 URL: https://www.bouncycastle.org/java.html
 Version: 1.46
+CPEPrefix: cpe:/a:bouncycastle:fips_java_api:1.46
 License: MIT
 License File: NOT_SHIPPED
 Security Critical: no

third_party/checkstyle/README.chromium

@@ -3,6 +3,7 @@ Name: Checkstyle is a development tool to help programmers write Java code that
 Short Name: checkstyle
 URL: https://github.com/checkstyle/checkstyle
 Version: 8.15
+CPEPrefix: cpe:/a:checkstyle:checkstyle:8.15
 License: LGPL 2.1
 License File: NOT_SHIPPED
 Security Critical: no

third_party/d3/README.chromium

@@ -2,6 +2,7 @@ Name: d3
 Short Name: d3
 URL: https://github.com/d3/d3
 Version: 5.7.0
+CPEPrefix: cpe:/a:d3.js_project:d3.js:5.7.0::~~~node.js~~
 Date: Fri Aug 24 5:46 PM 2018 EDT
 Revision: e35d1f74f9337a2eee4aa704f38025621c8ae9d0
 License: BSD 3-Clause

third_party/devscripts/README.chromium

 Name: devscripts
 URL: http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git
 Version: 2.12.4
+CPEPrefix: cpe:/a:debian:devscripts:2.12.4
 Security Critical: no
 License: GPL 2.0
 License File: NOT_SHIPPED

third_party/fontconfig/README.chromium

 Name: fontconfig
 URL: http://www.freedesktop.org/wiki/Software/fontconfig/
 Version: 452be8125f0e2a18a7dfef469e05d19374d36307
+CPEPrefix: cpe:/a:fontconfig_project:fontconfig:2.13.91
 License: MIT
 License File: src/COPYING
 Security Critical: yes

third_party/freetype/README.chromium

@@ -2,6 +2,7 @@ Name: FreeType
 URL: http://www.freetype.org/
 Version: VER-2-10-1-113-g13c0df80d
 Revision: 13c0df80dca59ce2ef3ec125b08c5b6ea485535c
+CPEPrefix: cpe:/a:freetype:freetype:2.10.1
 License: Custom license "inspired by the BSD, Artistic, and IJG (Independent
          JPEG Group) licenses"
 License File: src/docs/FTL.TXT

third_party/guava/README.chromium

@@ -2,6 +2,7 @@ Name: Google Core Libraries for Java
 Short Name: guava
 URL: https://github.com/google/guava
 Version: 23.0
+CPEPrefix: cpe:/a:google:guava:23.0:rc1
 License: Apache 2.0
 License File: NOT_SHIPPED
 Security Critical: no

third_party/hunspell/README.chromium

 Name: hunspell
 URL: http://hunspell.sourceforge.net/
 Version: 1.6.0
+CPEPrefix: cpe:/a:hunspell_project:hunspell:1.6.0
 License: MPL 1.1/GPL 2.0/LGPL 2.1
 License File: COPYING.MPL
 Security Critical: yes

third_party/jdk/README.chromium

@@ -2,6 +2,7 @@ Name: Java Development Kit
 Short Name: JDK
 URL: https://www.java.com/
 Version: 11.0.4
+CPEPrefix: cpe:/a:oracle:jdk:11.0.4
 License: GPL v2
 License File: NOT_SHIPPED
 Security Critical: no

third_party/jinja2/README.chromium

@@ -2,6 +2,7 @@ Name: Jinja2 Python Template Engine
 Short Name: jinja2
 URL: http://jinja.pocoo.org/
 Version: 2.10
+CPEPrefix: cpe:/a:pocoo:jinja2:2.10
 License: BSD 3-Clause
 License File: LICENSE
 Security Critical: no

third_party/jsoncpp/README.chromium

 Name: jsoncpp
 URL: https://github.com/open-source-parsers/jsoncpp
-Version: f572e8e42e22cfcf5ab0aea26574f408943edfa4
+Version: 645250b6690785be60ab6780ce4b58698d884d11
+CPEPrefix: cpe:/a:jsoncpp_project:jsoncpp:1.9.1
 License: MIT
 License File: LICENSE
 Security Critical: yes

third_party/junit/README.chromium

 Name: JUnit
 URL: http://junit.org
 Version: 4.12
+CPEPrefix: cpe:/a:jenkins:junit:4.12::~~~jenkins~~
 License: Common Public License 1.0
 License File: NOT_SHIPPED
 Security Critical: no

third_party/liblouis/README.chromium

@@ -2,6 +2,7 @@ Name: Braille Translation Library
 Short Name: liblouis
 URL: https://github.com/liblouis/liblouis
 Version: 3.12.0
+CPEPrefix: cpe:/a:liblouis:liblouis:3.12.0
 License: LGPL3 and GPL3
 License Android Compatible: No
 License File: LICENSE

third_party/libusb/README.chromium

 Name: libusbx
 URL: http://libusb.org
 Version: 1.0.17
+CPEPrefix: cpe:/a:libusb:libusb:1.0.17:rc1
 License: LGPL 2.1
 License File: src/COPYING
 Security Critical: yes

third_party/libwebm/README.chromium

@@ -2,6 +2,7 @@ Name: WebM container parser and writer.
 Short Name: libwebm
 URL: http://www.webmproject.org/code/
 Version: unknown
+CPEPrefix: cpe:/a:webmproject:libwebm:1.0.0.27
 License: BSD
 License File: source/LICENSE.TXT
 Security Critical: yes

third_party/libwebp/README.chromium

@@ -2,6 +2,7 @@ Name: WebP image encoder/decoder
 Short Name: libwebp
 URL: http://developers.google.com/speed/webp
 Version: v1.1.0
+CPEPrefix: cpe:/a:webmproject:libwebp:1.1.0
 License: BSD
 License File: LICENSE
 Security Critical: Yes

third_party/libxml/README.chromium

 Name: libxml
 URL: http://xmlsoft.org
 Version: a7fe7ee45938c53a8dd028dd40baa461191a2fd2
+CPEPrefix: cpe:/a:xmlsoft:libxml2:2.9.9
 License: MIT
 License File: src/Copyright
 Security Critical: yes

third_party/logilab/logilab/common/README.chromium

 URL: http://www.logilab.org/project/logilab-common
 Name: logilab-common
 Version: 0.63.2
+CPEPrefix: cpe:/a:logilab:logilab-common:0.63.2
 License: GPL v2
 License File: LICENSE.txt
 Security Critical: No

third_party/markdown/README.chromium

@@ -2,6 +2,7 @@ Name: markdown, a text-to-HTML conversion tool for web writers
 Short Name: markdown
 URL: https://pypi.python.org/pypi/Markdown
 Version: 2.3.1
+CPEPrefix: cpe:/a:cebe:markdown:2.3.1
 Date: March 22, 2013
 Revision: commit 0ea0bac85a749a13381b721cde44214d9193406c
 License: BSD 3-Clause

third_party/mesa_headers/README.chromium

 Name: mesa_headers
 Version: 9.0.3
+CPEPrefix: cpe:/a:mesa3d:mesa:9.0.3
 URL: http://www.mesa3d.org/
 License: MIT and SGI Free Software B License Version 2.0
 Security Critical: Yes

third_party/minizip/README.chromium

@@ -2,6 +2,7 @@ Name: nmoinvaz/minizip
 Short name: minizip
 URL: https://github.com/nmoinvaz/minizip
 Version: 2.8.1
+CPEPrefix: cpe:/a:minizip_project:minizip:2.8.1
 Revision: 1ff40343b55e738d941abb51c70eddb803db16e2
 Security critical: yes
 License: Custom license

third_party/mozilla/README.chromium

@@ -2,6 +2,7 @@ Name: Cocoa extension code from Camino
 Short Name: camino
 URL: http://caminobrowser.org/
 Version: unknown
+CPEPrefix: unknown
 License: MPL 1.1/GPL 2.0/LGPL 2.1
 Security Critical: yes
 

third_party/openh264/README.chromium

@@ -2,6 +2,7 @@ Name: OpenH264
 Short Name: openh264
 URL: http://www.openh264.org/
 Version: unknown
+CPEPrefix: cpe:/a:cisco:openh264:1.9.0
 (Cut at 6f26bce0b1c4e8ce0e13332f7c0083788def5fdf, which is between 1.9.0 and
 1.10.0)
 License: 2-Clause BSD

third_party/protobuf/README.chromium

@@ -4,6 +4,7 @@ URL: https://github.com/google/protobuf
 License: BSD
 License File: LICENSE
 Version: 3.9.0
+CPEPrefix: cpe:/a:google:protobuf:3.9.0
 Revision: cf242503ec157a7dda8a6eda48712dd26c81d2e6
 Security Critical: yes
 

third_party/requests/README.chromium

 Name: Requests
 URL: http://docs.python-requests.org/en/latest/
 Version: 2.5.0
+CPEPrefix: cpe:/a:python-requests:requests:2.5.0
 License: Apache Version 2.0
 License File: NOT_SHIPPED
 Security Critical: no

third_party/simplejson/README.chromium

 Name: simplejson
 URL: https://github.com/simplejson/simplejson
 Version: 2.6.2
+CPEPrefix: cpe:/a:simplejson_project:simplejson:2.6.2::~~~python~~
 License: MIT
 License File: LICENSE.txt
 Security Critical: no

third_party/snappy/README.chromium

@@ -2,6 +2,7 @@ Name: Snappy: A fast compressor/decompressor
 Short Name: snappy
 URL: http://google.github.io/snappy/
 Version: 1.1.7.git.3f194acb57e0487531c96b97af61dcbd025a78a3
+CPEPrefix: cpe:/a:google:snappy:1.1.7
 License: New BSD
 License File: src/COPYING
 Security Critical: yes

third_party/sqlite/README.chromium

 Name: sqlite
 URL: https://sqlite.org/
 Version: 3.31.1
+CPEPrefix: cpe:/a:sqlite:sqlite:3.31.1
 Included In Release: Yes
 Security Critical: Yes
 License: Public domain

third_party/tlslite/README.chromium

 Name: tlslite
 URL: http://trevp.net/tlslite/
 Version: 0.4.8
+CPEPrefix: cpe:/a:tlslite_project:tlslite:0.4.8::~~~python~~
 Security Critical: No
 License: Public domain and BSD
 

third_party/wayland/README.chromium

 Name: wayland
 URL: http://wayland.freedesktop.org/
 Version: 1.17.0
+CPEPrefix: cpe:/a:wayland:wayland:1.17.0
 License: MIT
 License File: src/COPYING
 Security Critical: yes

third_party/xstream/README.chromium

 Name: Xstream
 URL: https://x-stream.github.io/
 Version: 1.4.8
+CPEPrefix: cpe:/a:xstream_project:xstream:1.4.8
 License: BSD 3-Clause
 License File: NOT_SHIPPED
 Security Critical: no

third_party/zlib/README.chromium

@@ -2,6 +2,7 @@ Name: zlib
 Short Name: zlib
 URL: http://zlib.net/
 Version: 1.2.11
+CPEPrefix: cpe:/a:zlib:zlib:1.2.11
 Security Critical: yes
 License: Custom license
 License File: LICENSE