aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthias Andree <matthias.andree@gmx.de>2021-09-13 22:43:34 +0200
committerMatthias Andree <matthias.andree@gmx.de>2021-09-13 23:00:47 +0200
commit8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9 (patch)
tree22824f825892beffc8a046d6b631a1587f59afd4
parentfded2be1a60cacde4459f1b7193dfb803d9c3605 (diff)
downloadfetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.gz
fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.tar.bz2
fetchmail-8eed56c21ca5bbdf3c00aaf74d807bcad8713ba9.zip
Note OpenSSL 3.0.0 support and licensing change.
While here, rearrange COPYING a little bit and add a few paragraphs. Zeilen,
-rw-r--r--COPYING27
-rw-r--r--NEWS6
-rw-r--r--README.SSL27
3 files changed, 41 insertions, 19 deletions
diff --git a/COPYING b/COPYING
index c778d257..7499e673 100644
--- a/COPYING
+++ b/COPYING
@@ -5,12 +5,30 @@ Copyright (C) 2004 Matthias Andree, Eric S. Raymond,
Copyright (C) 2005 - 2012 Sunil Shetye
Copyright (C) 2005 - 2021 Matthias Andree
-If enabled at configure/compile time, the following clause applies:
+Some older portions not explicitly mentioned above are copyrighted by
+Carl E. Harris, George M. Sipe, Graham Wilson, Matthias Andree and Sunil Shetye.
+
+
+SSL library considerations
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+If linking against OpenSSL versions under dual OpenSSL/SSLeay license (f. i.
+OpenSSL 1.1.1x and older) is enabled at configure/compile time, the
+following clause applies:
| This product includes software developed by the OpenSSL Project
| for use in the OpenSSL Toolkit. (http://www.openssl.org/)
-Some older portions not explicitly mentioned above are copyrighted by
-Carl E. Harris, George M. Sipe, Graham Wilson, Matthias Andree and Sunil Shetye.
+Specific permission is granted for the GPLed code in this distribution to
+be linked to OpenSSL without invoking GPL clause 2(b).
+
+Note that this permission applies to OpenSSL, and OpenSSL only.
+
+
+If linking against OpenSSL versions licensed under the Apache License version
+2.0 (for instance, OpenSSL 3.0.x), note that this library is incompatible with
+the GPLv2, so that effectively, distributors need to pull the "or any later version"
+grant in the GPLv2 and apply the GPLv3 which is considered compatible with the
+Apache License 2.0 by the FSF and the ASF.
+~~~~~~~~~~~~~~~~~~~~~~~~~~
The support for SMB authentication is copyright by Andrew Tridgell and
is under GPL version 2 (or any later version). Andrew Tridgell has
@@ -56,9 +74,6 @@ Project, see the respective file headers for details.
All other code in the distribution incorporates the copy of GPL version 2
below by reference.
-Specific permission is granted for the GPLed code in this distribution to
-be linked to OpenSSL without invoking GPL clause 2(b).
-
-------------------------------------------------------------------------------
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
diff --git a/NEWS b/NEWS
index 68fbeb8b..aa239b0d 100644
--- a/NEWS
+++ b/NEWS
@@ -92,6 +92,12 @@ removed from a 6.5.0 or newer release.)
--------------------------------------------------------------------------------
fetchmail-6.4.22 (not yet released):
+# OPENSSL AND LICENSING NOTE:
+* fetchmail 6.4.22 is compatible with OpenSSL 1.1.1 and 3.0.0.
+ OpenSSL's licensing changed between these releases from dual OpenSSL/SSLeay
+ license to Apache License v2.0, which is considered incompatible with GPL v2
+ by the FSF. For implications and details, see the file COPYING.
+
# SECURITY FIXES:
* On IMAP connections, without --ssl and with nonempty --sslproto, meaning that
fetchmail is to enforce TLS, and when the server or an attacker sends
diff --git a/README.SSL b/README.SSL
index cf07d05e..425f574e 100644
--- a/README.SSL
+++ b/README.SSL
@@ -12,30 +12,31 @@ setup.
In case of troubles, mail the README.SSL-SERVER file to your ISP and
have them check their server configuration against it.
-Note that fetchmail up to version 6.3.26 confused SSL/TLS protocol levels with
-whether a service needs to use in-band negotiation (STLS/STARTTLS for
-POP3/IMAP4) or is totally SSL-wrapped on a separate port.
+Note that fetchmail up to version 6.3.26 used to confuse SSL/TLS protocol
+levels with whether a service needs to use in-band negotiation (STLS/STARTTLS
+for POP3/IMAP4) or is totally SSL-wrapped ("Implicit TLS") on a separate port.
+Fetchmail 6.4 seeks to fix that to some extent without breaking the
+command-line and rcfile interfaces too much (see --ssl and --sslproto options,
+below and in the manual).
-Also, fetchmail 6.4.0 and newer releases changed some of the semantics
-as the result of a bug-fix, and will auto-negotiate TLSv1 or newer only.
+fetchmail 6.4.0 will auto-negotiate TLSv1 or newer only.
-Finally, due to other defaults changing, and several mail services not
-supporting in-band negotiation of SSL or TLS by means of STLS or STARTTLS,
-you may need to add ssl or --ssl to your configuration.
+Fetchmail 6.4.22 supports OpenSSL 3.0.0 and 1.1.1.
- -- Matthias Andree, 2021-03-29
+ -- Matthias Andree, 2021-09-09
Quickstart
----------
-Use an up-to-date release of OpenSSL v1.1.1 or newer, so as to get
+Use an up-to-date release of OpenSSL v1.1.1 or v3.0.0 or newer, so as to get
TLSv1.3 support. Older OpenSSL versions are unsupported upstream, and
-fetchmail rejects versions before v1.0.2 and warns about versions before v1.1.1.
+fetchmail rejects versions before v1.0.2 and warns about versions before
+v1.1.1.
In all four examples below, the (--)sslcertck has become redundant
-since fetchmail v6.4.0 but since fetchmail 6.3 releases will be in circulation
-for a while, we'll leave it here to be safe.
+since fetchmail v6.4.0, but since fetchmail 6.3 releases will be in circulation
+for too long, (--)sslcertck will remain in the examples below for now.
For use of SSL or TLS on a separate port (recommended), called Implicit TLS,
the whole TCP connection is SSL-encrypted from the very beginning (SSL- or