RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1989405 - Problematic copyright notice in exempi source files
Summary: Problematic copyright notice in exempi source files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: exempi
Version: 9.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: beta
: ---
Assignee: Nikola Forró
QA Contact: Dita Stehlikova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-08-03 07:17 UTC by Nikola Forró
Modified: 2022-05-17 13:19 UTC (History)
4 users (show)

Fixed In Version: exempi-2.6.0-0.1.20211007gite23c213.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 13:01:27 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github adobe XMP-Toolkit-SDK issues 16 0 None None None 2021-08-03 07:23:05 UTC
Red Hat Issue Tracker RHELPLAN-92013 0 None None None 2021-08-03 07:21:29 UTC
Red Hat Product Errata RHBA-2022:2438 0 None None None 2022-05-17 13:01:29 UTC

Description Nikola Forró 2021-08-03 07:17:06 UTC 
Description of problem:

Several source files (namely SafeStringAPIs.cpp, SafeStringAPIs.h, SafeTypes.h and SuppressSAL.h) contain the following header:


/*************************************************************************
*
* ADOBE CONFIDENTIAL
* ___________________
*
*  Copyright 2010 Adobe Systems Incorporated
*  All Rights Reserved.
*
* NOTICE:  All information contained herein is, and remains
* the property of Adobe Systems Incorporated and its suppliers,
* if any.  The intellectual and technical concepts contained
* herein are proprietary to Adobe Systems Incorporated and its
* suppliers and are protected by trade secret or copyright law.
* Dissemination of this information or reproduction of this material
* is strictly forbidden unless prior written permission is obtained
* from Adobe Systems Incorporated.
**************************************************************************/

These files come from XMP Toolkit SDK CC-2016.7 [1], which is released under BSD license:

Copyright (c) 1999 - 2016, Adobe Systems Incorporated
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 
* Neither the name of Adobe Systems Incorporated, nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

There is clearly a conflict between the headers and the license the source files are supposed to be under.


Version-Release number of selected component (if applicable):
exempi-2.5.1-7.el9


[1] https://www.adobe.com/devnet/xmp/sdk/eula-cc20168.html
Comment 1 Nikola Forró 2021-08-03 07:23:06 UTC 
There is an open issue in XMP Toolkit SDK upstream to eliminate all such problematic headers.
Comment 2 Honza Horak 2021-08-04 14:52:54 UTC 
I'm thinking about possible back-up plans -- one that was already mentioned and is definitely not perfect, but in worst case could work -- using an older version of the package (as recent as possible from those that does not have this problem). But would it work technically -- would the packages depending on this package work fine? Maybe it's worth investigating it ahead to know whether we have at least some way forward that is ok from legal perspective.
Comment 3 Nikola Forró 2021-08-04 17:13:03 UTC 
There was a SONAME bump, so downgrading to exempi 2.3.0 would require rebuilding the dependent packages - eog and tracker-miners. Though I'm quite sure that despite the SONAME bump there wasn't any breaking ABI change.
Comment 4 Nikola Forró 2021-08-05 15:35:09 UTC 
Created attachment 1811253 [details]
Downgrade exempi to 2.3.0 without changing SONAME
Comment 5 Nikola Forró 2021-08-05 15:41:08 UTC 
I've tested this scratch build of exempi downgraded to 2.3.0 and everything seems to work fine:
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=38715336
Comment 7 Nikola Forró 2021-08-25 16:13:11 UTC 
A new version of XMP-Toolkit-SDK including a fix of all remaining problematic headers [1] is supposed to be released within one week [2].

[1] https://github.com/adobe/XMP-Toolkit-SDK/commit/f24b96f
[2] https://github.com/adobe/XMP-Toolkit-SDK/issues/16#issuecomment-900242232
Comment 8 Nikola Forró 2021-08-30 13:38:33 UTC 
The new release is here:
https://github.com/adobe/XMP-Toolkit-SDK/releases/tag/v2021.08

Now we have to wait until exempi upstream incorporates it and releases a new version.
Comment 9 Honza Horak 2021-09-08 10:51:28 UTC 
(In reply to Nikola Forró from comment #8)
> The new release is here:
> https://github.com/adobe/XMP-Toolkit-SDK/releases/tag/v2021.08
> 
> Now we have to wait until exempi upstream incorporates it and releases a new
> version.

It seems to be tracked in this issue if I'm not mistaken.

Nikola, do you have any signs from exempi upstream or your own guess when this can happen? If there is a chance it takes too long, do you see as an option to do it downstream?
Comment 10 Nikola Forró 2021-09-08 13:05:32 UTC 
Upstream maintainer doesn't plan to work on a new release immediately, however I've just finished working on incorporating the new XMP SDK and opened a PR:
https://gitlab.freedesktop.org/libopenraw/exempi/-/merge_requests/3

We could do it downstream as well, but it would be rather complicated, I suppose it would require making a temporary fork of exempi, or a humongous patch.
Comment 11 Honza Horak 2021-09-09 13:20:54 UTC 
That's great news, thanks a lot for the work, Nikola!

Although there is still an open question on my end -- even if upstream incorporates the change and releases a new version soon enough for RHEL-9.0 GA (we can wait few months to see whether it happens), what do we do for RHEL 9.0 Beta? I doubt the fact it is Beta changes much on the license level, so we likely need to do something about it soon anyway (although the solution might be more hackish than for the one for GA).

Anyway, the next step can be to check with the legal folks to make sure this is a must to be fixed for Beta as well. Can you, please, contact them, Nikola? (if it was not done before)
Comment 14 Nikola Forró 2021-10-21 11:07:26 UTC 
CentOS Stream MR to rebase to 2.6.0 pre-release version: https://gitlab.com/redhat/centos-stream/rpms/exempi/-/merge_requests/2
Comment 23 errata-xmlrpc 2022-05-17 13:01:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: exempi), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2438
Note You need to log in before you can comment on or make changes to this bug.