src/java/org/apache/fop/pdf/ sRGB Color Space Profile.icm is non-free

Projet:Trisquel
Version:6.0
Composant:License problems
Catégorie:Rapporter un bogue
Priorité:blocking
Attribué:quidam
Statut:patch (ready)
Description

I don't use Trisquel, I use Debian, but I was installing some build depends and apt-listbugs caught this bug with the package "fop":

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657281

It seems that the file "src/java/org/apache/fop/pdf/sRGB Color Space Profile.icm" is non-free, as shown in this section of the {,.LICENSE.txt} for that file:

----

Obtained from: http://www.srgb.com/usingsrgb.html

The file "sRGB Color Space Profile.icm" is:
Copyright (c) 1998 Hewlett-Packard Company

To anyone who acknowledges that the file "sRGB Color Space Profile.icm"
is provided "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTY:
permission to use, copy and distribute this file for any purpose is hereby
granted without fee, provided that the file is not changed including the HP
copyright notice tag, and that the name of Hewlett-Packard Company not be
used in advertising or publicity pertaining to distribution of the software
without specific, written prior permission. Hewlett-Packard Company makes
no representations about the suitability of this software for any purpose.

----

The line in question is "provided that file is not changed". Modification is not permitted. This is a serious bug, but it has been "ignored" for releases in the Debian repos for nearly two years. Ubuntu doesn't have a bug assigned against this issue, and Trisquel is based on Ubuntu, so I can see why it might have been missed. It's a ~dfsg package as it is, or at least it's labelled as such, but it obviously does not qualify if it contains a non-free file.

And yes, I did run a dget [1] on the Trisquel source and checked whether the offending file is in Trisquel, and it is.

I don't know anything about Java so I'm not sure what functionality would be missed with the absense of this file, so I'm not sure whether programs that depend on this package[2] are affected by it and what the proper course of action would be.

Thanks,
--Aubrey

[1] $ dget -x http://archive.trisquel.info/trisquel/pool/main/f/fop/fop_1.0.dfsg2-6.dsc

[2] Here is the list of programs that depend on it (apt-cache rdepends fop) from Debian, not sure what Trisquel's output would be.

$ apt-cache rdepends fop
fop
Reverse Depends:
xmlto
scilab-full-bin
publican
libjlatexmath-fop-java
libjeuclid-fop-java
freemind-plugins-svg
libfop-java
libfop-java
erlang-erl-docgen
elki
docbook-xsl-ns
docbook-xsl
libboost1.55-tools-dev
libboost1.54-tools-dev
libboost1.53-dev
libboost1.49-dev
libbatik-java

sam, 04/05/2014 - 19:07

Sorry, but it looks like I missed some pertinent information in my initial bug report. First, the issue was brought up with Apache, and somebody there claims it would be trivial to create a color profile identical to the offending one:

https://issues.apache.org/bugzilla/show_bug.cgi?id=52704#c12

Also the issue has apparently been brought up with Fedora, too, and was even allegedly resolved:

https://bugzilla.redhat.com/show_bug.cgi?id=848659

Here's the patch that got it allowed into Fedora's repo again:

https://bugzilla.redhat.com/attachment.cgi?id=735886&action=diff

And here's this link too, found from the Debian bug:

http://lists.freedesktop.org/archives/openicc/2013q1/004907.html

Edit: Aha! gNewSense has fixed this bug!

https://savannah.nongnu.org/bugs/index.php?35790

Maybe that'll help?

mer, 03/25/2015 - 17:11

Thanks for the excellent work Aubrey.

Problem also in Belenos.

lun, 03/30/2015 - 22:30
Statut:active» patch (ready)

Hi Aubrey, thanks for this high quality bug report.

I sent a merge request to fix the issue in belenos that should be also applied to toutatis and taranis:

https://devel.trisquel.info/trisquel/package-helpers/merge_requests/63

mar, 04/21/2015 - 17:53
Assigné à:anonymous» quidam