Overview

Request 580670 superseded

The changelog entry got extended by the correct CVE and SUSE bugzilla
numbers for further reference.

The license string was GPL-3.0 in the past - but is now (SPDX 3)
clearly GPL-3.0-or-later.

- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):
* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
an arbitrary command execution vulnerability

Marcus Rueckert's avatar
Marcus Rueckert (darix) -
reviewer

I would mention the fix for the license in the changes file

- Update license to SPDX 3 and properly reflect that ansible is
  GPL 3.0 or later.
Request History
Lars Vogdt's avatar

lrupp created request

The changelog entry got extended by the correct CVE and SUSE bugzilla
numbers for further reference.

The license string was GPL-3.0 in the past - but is now (SPDX 3)
clearly GPL-3.0-or-later.

- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):
* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
an arbitrary command execution vulnerability

Factory Auto's avatar

factory-auto added opensuse-review-team as a reviewer

Please review sources

Factory Auto's avatar

factory-auto added repo-checker as a reviewer

Please review build success

Factory Auto's avatar

factory-auto accepted review

Check script succeeded

Output of check script (non-fatal):
Unknown license 'GPL-3.0-or-later'

Staging Bot's avatar

staging-bot added openSUSE:Factory:Staging:adi:15 as a reviewer

Being evaluated by staging project "openSUSE:Factory:Staging:adi:15"

Staging Bot's avatar

staging-bot accepted review

Picked openSUSE:Factory:Staging:adi:15

Repo Checker's avatar

repo-checker accepted review

cycle and install check passed

Saul Goodman's avatar

licensedigger accepted review

ok

Dominique Leuenberger's avatar

dimstar declined review

Indeed, the changed license in the .spec file definitively warrants a changelog entry; the rest of the changelog is just added information about CVE/bnc refs.

The old license was, in spdx3 form GPL-3.0-only, now you have GPL-3.0-or-later; so you don't 'just' move to spdx3 (which I could accept as being done by spec-cleaner), but factually change the license here.

Dominique Leuenberger's avatar

dimstar declined request

Indeed, the changed license in the .spec file definitively warrants a changelog entry; the rest of the changelog is just added information about CVE/bnc refs.

The old license was, in spdx3 form GPL-3.0-only, now you have GPL-3.0-or-later; so you don't 'just' move to spdx3 (which I could accept as being done by spec-cleaner), but factually change the license here.

Lars Vogdt's avatar

lrupp superseded request

superseded by 583250

openSUSE Build Service is sponsored by
Places