Bug 2137790 - log4j contains glyphicons with unacceptable licenses [fedora-all]
Summary: log4j contains glyphicons with unacceptable licenses [fedora-all]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: log4j
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Marián Konček
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-26 08:12 UTC by Marián Konček
Modified: 2022-12-30 01:34 UTC (History)
5 users (show)

Fixed In Version: log4j-2.17.2-4.fc37 log4j-2.17.2-2.fc36
Clone Of:
Environment:
Last Closed: 2022-12-30 00:31:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Marián Konček 2022-10-26 08:12:42 UTC 
See: https://pagure.io/releng/issue/11083

Log4j versions 2.13 and later started including glyphicons.zip file (used for building the project website, not needed for package build) and additional png files. These files are present in Fedora source rpms. However, they are not required for the package build.
Comment 1 Marián Konček 2022-10-26 08:26:06 UTC 
Fixed in Rawhide by PRs:
https://src.fedoraproject.org/rpms/log4j/pull-request/16
https://src.fedoraproject.org/rpms/log4j/pull-request/17

In Fedora 37:
https://src.fedoraproject.org/rpms/log4j/pull-request/20

In Fedora 36:
https://src.fedoraproject.org/rpms/log4j/pull-request/19

In Fedora 35:
https://src.fedoraproject.org/rpms/log4j/pull-request/18
Comment 2 Marián Konček 2022-10-26 08:32:29 UTC 
According to the license, we are not allowed to distribute the aforementioned files.
The glyphicons zip archive and png files have to be removed from the source rpm of log4j.
Comment 3 Fedora Update System 2022-12-21 06:40:25 UTC 
FEDORA-2022-174713e43f has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-174713e43f
Comment 4 Fedora Update System 2022-12-21 06:40:48 UTC 
FEDORA-2022-62c1c8536b has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-62c1c8536b
Comment 5 Fedora Update System 2022-12-22 01:16:57 UTC 
FEDORA-2022-62c1c8536b has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-62c1c8536b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-62c1c8536b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 6 Fedora Update System 2022-12-22 01:40:37 UTC 
FEDORA-2022-174713e43f has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-174713e43f`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-174713e43f

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 7 Fedora Update System 2022-12-30 00:31:02 UTC 
FEDORA-2022-174713e43f has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 8 Fedora Update System 2022-12-30 01:34:40 UTC 
FEDORA-2022-62c1c8536b has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.