Bug 1213351

Summary: python-lxml contains non-free file (RNG scheme for ISO Schematron)
Product: [openSUSE] openSUSE Tumbleweed Reporter: Matej Cepl <mcepl>
Component: PythonAssignee: Matej Cepl <mcepl>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Matej Cepl 2023-07-14 15:41:31 UTC 
Red Hat lawyers concluded (https://gitlab.com/fedora/legal/fedora-license-data/-/issues/154) that the license included in https://github.com/lxml/lxml/blob/master/src/lxml/isoschematron/resources/rng/iso-schematron.rng is confusing, misworded, and most likely non-Free (distribute-only-for-gratis problem).

They started to remove the schema file from their project (e.g., https://src.fedoraproject.org/rpms/python-lxml/c/9d95f5a04edc386313fa854541971b3af07bcae1?branch=rawhide).

This issue has been reported upstream as https://bugs.launchpad.net/lxml/+bug/2024343 and they created patch which allows the test suite to pass even without RNG file in the question.
Comment 1 OBSbugzilla Bot 2023-07-14 17:25:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1213351) was mentioned in
https://build.opensuse.org/request/show/1098714 Factory / python-lxml
Comment 2 Matej Cepl 2023-07-18 14:32:04 UTC 
SR accepted
Comment 7 Maintenance Automation 2023-12-13 12:36:21 UTC 
SUSE-SU-2023:4757-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:
SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (src): venv-salt-minion-3006.0-1.30.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Maintenance Automation 2023-12-13 12:36:23 UTC 
SUSE-SU-2023:4754-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2023-12-13 12:36:27 UTC 
SUSE-SU-2023:4753-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-12-13 12:36:30 UTC 
SUSE-SU-2023:4752-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Maintenance Automation 2023-12-13 12:36:34 UTC 
SUSE-SU-202311:15246-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Maintenance Automation 2023-12-13 12:36:39 UTC 
SUSE-SU-202311:15245-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Maintenance Automation 2023-12-13 12:36:42 UTC 
SUSE-SU-2023:4749-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:
SUSE Manager Client Tools for SLE 15 (src): venv-salt-minion-3006.0-150000.3.48.2
SUSE Manager Client Tools for SLE Micro 5 (src): venv-salt-minion-3006.0-150000.3.48.2
SUSE Manager Proxy 4.3 Module 4.3 (src): venv-salt-minion-3006.0-150000.3.48.2
SUSE Manager Server 4.3 Module 4.3 (src): venv-salt-minion-3006.0-150000.3.48.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Maintenance Automation 2023-12-13 12:36:45 UTC 
SUSE-SU-2023:4748-1: An update that solves one vulnerability, contains one feature and has two security fixes can now be installed.

Category: security (important)
Bug References: 1213351, 1214477, 1215157
CVE References: CVE-2023-34049
Jira References: MSQA-708
Sources used:
SUSE Manager Client Tools for SLE 12 (src): venv-salt-minion-3006.0-3.46.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.