Bug 1724434 - Missing MPLv2.0 in License
Summary: Missing MPLv2.0 in License
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: perl-IO-Socket-SSL
Version: 8.1
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: 8.0
Assignee: perl-maint-list
QA Contact: Martin Kyral
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-27 05:54 UTC by Petr Pisar
Modified: 2019-11-05 21:16 UTC (History)
6 users (show)

Fixed In Version: perl-IO-Socket-SSL-2.066-3.el8
Doc Type: No Doc Update
Doc Text:
Clone Of: 1724169
Environment:
Last Closed: 2019-11-05 21:15:59 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1632600 None None None 2019-06-27 05:54:38 UTC
Red Hat Product Errata RHEA-2019:3448 None None None 2019-11-05 21:16:06 UTC

Description Petr Pisar 2019-06-27 05:54:39 UTC
+++ This bug was initially created as a clone of Bug #1724169 +++

I noticed IO-Socket-SSL-2.066 sources distribute Public Suffix list from <https://publicsuffix.org/list/> in lib/IO/Socket/SSL/PublicSuffix.pm file. The data carry it's own license declaration:

// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at https://mozilla.org/MPL/2.0/.

I believe perl-IO-Socket-SSL should add MPLv2.0 to the License tag.

--- Additional comment from Paul Howarth on 2019-06-26 15:16:44 GMT ---

Fixed in perl-IO-Socket-SSL-2.066-4.fc31

https://src.fedoraproject.org/rpms/perl-IO-Socket-SSL/c/030559c4b0c18576c7089bf3e4efa1ee9f689aa2
https://koji.fedoraproject.org/koji/taskinfo?taskID=35844506

-----

RHEL-8.1.0 (perl-IO-Socket-SSL-2.066-2.el8) is affected. Since a bad license tag is a regression introduced in bug #1632600, I request fixing it in RHEL-8.1.0.

Comment 4 Petr Pisar 2019-06-27 11:47:08 UTC
I digged a history and the MPLv2-licensed code exists since upstream's IO-Socket-SSL-1.976. That means since RHEL ≥ 8.0.0. Nevertheless, it's fixed now.

Comment 7 errata-xmlrpc 2019-11-05 21:15:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:3448


Note You need to log in before you can comment on or make changes to this bug.