Overview
Request 580670 superseded
The changelog entry got extended by the correct CVE and SUSE bugzilla
numbers for further reference.
The license string was GPL-3.0 in the past - but is now (SPDX 3)
clearly GPL-3.0-or-later.
- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):
* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
an arbitrary command execution vulnerability
- Created by lrupp
- In state superseded
- Supersedes 580666
- Superseded by 583250
- Open review for openSUSE:Factory:Staging:adi:15
Request History
lrupp created request
The changelog entry got extended by the correct CVE and SUSE bugzilla
numbers for further reference.
The license string was GPL-3.0 in the past - but is now (SPDX 3)
clearly GPL-3.0-or-later.
- update to 2.3.1 RC1 (package version 2.3.0.1) (bsc#1056094):
* SECURITY (MODERATE): fix for CVE-2017-7466, which finally fixes
an arbitrary command execution vulnerability
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added repo-checker as a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
Output of check script (non-fatal):
Unknown license 'GPL-3.0-or-later'
staging-bot added openSUSE:Factory:Staging:adi:15 as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:15"
staging-bot accepted review
Picked openSUSE:Factory:Staging:adi:15
repo-checker accepted review
cycle and install check passed
licensedigger accepted review
ok
dimstar declined review
Indeed, the changed license in the .spec file definitively warrants a changelog entry; the rest of the changelog is just added information about CVE/bnc refs.
The old license was, in spdx3 form GPL-3.0-only, now you have GPL-3.0-or-later; so you don't 'just' move to spdx3 (which I could accept as being done by spec-cleaner), but factually change the license here.
dimstar declined request
Indeed, the changed license in the .spec file definitively warrants a changelog entry; the rest of the changelog is just added information about CVE/bnc refs.
The old license was, in spdx3 form GPL-3.0-only, now you have GPL-3.0-or-later; so you don't 'just' move to spdx3 (which I could accept as being done by spec-cleaner), but factually change the license here.
superseded by 583250
I would mention the fix for the license in the changes file