diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2021-12-05 15:48:25 +0100 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2021-12-05 18:56:55 +0100 |
| commit | c4419bdd2557321b268f6e105d511923b9a35936 (patch) | |
| tree | a1e1353e613ac8ecbc2f80976d5f36ef9919ae12 | |
| parent | ad96f3ef1136aa4a201a5dffceb2b005be4b7011 (diff) | |
| download | fetchmail-c4419bdd2557321b268f6e105d511923b9a35936.tar.gz fetchmail-c4419bdd2557321b268f6e105d511923b9a35936.tar.bz2 fetchmail-c4419bdd2557321b268f6e105d511923b9a35936.zip | |
Permit LibreSSL on OpenBSD.
On OpenBSD, libressl is "normally distributed (in either source or
binary form) with the major components (compiler, kernel, and so on) of
the operating system on which the executable runs" according to Stuart
Henderson, so according to the GNU GPL v2 clause 3, we can permit
LibreSSL for OpenBSD.
| -rw-r--r-- | COPYING | 8 | ||||
| -rw-r--r-- | INSTALL | 3 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | configure.ac | 8 | ||||
| -rw-r--r-- | fetchmail.c | 14 | ||||
| -rw-r--r-- | socket.c | 8 |
6 files changed, 30 insertions, 17 deletions
@@ -22,10 +22,10 @@ following clause applies: |of the GNU General Public License cover the whole combination. | |In addition, as a special exception, the copyright holders of fetchmail -|give you permission to combine fetchmail with free -|software programs or libraries that are released under the GNU LGPL and with -|code included in the standard release of OpenSSL under the OpenSSL or SSLeay license -|(or modified versions of such code, with unchanged license). +|give you permission to combine fetchmail with free software programs or +|libraries that are released with code included in the standard release of +|OpenSSL under the OpenSSL or SSLeay license (or modified versions of such +|code, with unchanged license). | |You may copy and distribute such a system following the terms of the GNU GPL |for fetchmail and the licenses of the other code concerned, @@ -25,7 +25,8 @@ See README.SSL for details. Forked libraries deriving from OpenSSL and under the SSLeay or OpenSSL license cannot be used due to licensing issues, and are not supported. -This affects, f.i., LibreSSL. +This affects, f.i., LibreSSL, unless it is part of the operating system +(f. i., on OpenBSD). Since 6.4.25, there is experimental support for wolfSSL 5.0.0 or newer, which is under GNU GPL v2 or later license and hence may be easier for @@ -100,9 +100,9 @@ fetchmail-6.4.25.rc4 (release candidate issued 2021-12-03, 31641 LoC): # BREAKING CHANGES: * Since distributions continue patching for LibreSSL use, which cannot be linked legally, block out LibreSSL in configure.ac and socket.c, and - refer to COPYING. OpenSSL and wolfSSL 5 can be used. - SSL-related documentation was updated, do re-read - COPYING, INSTALL, README, README.packaging, README.SSL. + refer to COPYING, unless on OpenBSD (which ships it in the base system). + OpenSSL and wolfSSL 5 can be used. SSL-related documentation was updated, do + re-read COPYING, INSTALL, README, README.packaging, README.SSL. * Bump OpenSSL version requirement to 1.0.2f in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is diff --git a/configure.ac b/configure.ac index f8e4ca84..7cacff99 100644 --- a/configure.ac +++ b/configure.ac @@ -889,9 +889,15 @@ AS_MESSAGE([ LIBS: $LIBS]) case "$LIBS" in *-lssl*|*libssl*|*-lwolfssl*|*libwolfssl*) - AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], + case $host_os in + openbsd*) ;; dnl OpenBSD ships LibreSSL in the base operating system + dnl so makes use of the GPL2 clause 3 exception. + *) + AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], AC_MSG_ERROR([fetchmail cannot legally be linked against LibreSSL for lack of GPL2 clause 2b exception. See COPYING.]),, [#include <openssl/ssl.h>]) + ;; + esac AC_CHECK_DECLS([TLS1_3_VERSION],, AC_MSG_WARN([Your OpenSSL version is too old and does not support TLS v1.3. Upgrade.]), [#include <openssl/ssl.h>]) diff --git a/fetchmail.c b/fetchmail.c index 160990b7..84a6d7fd 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -317,13 +317,15 @@ int main(int argc, char **argv) printf(GT_("OpenSSL: %s\nEngines: %s\n"), OpenSSL_version(OPENSSL_DIR), OpenSSL_version(OPENSSL_ENGINES_DIR)); -#if !HAVE_DECL_TLS1_3_VERSION || defined(OPENSSL_NO_TLS1_3) +# if !HAVE_DECL_TLS1_3_VERSION || defined(OPENSSL_NO_TLS1_3) printf(GT_("WARNING: Your SSL/TLS library does not support TLS v1.3.\n")); -#endif -#ifdef LIBRESSL_VERSION_NUMBER +# endif +# if defined(LIBRESSL_VERSION_NUMBER) && !defined(__OpenBSD__) + /* OpenBSD ships LibreSSL as part of the base system, so is exempt + * because it can pull the GPL v2 clause 3 exception */ printf(GT_("ERROR: Compiled against LibreSSL, which is a copyright violation for lack of GPL clause 2b exception. See COPYING. Aborting.\n")); exit(PS_UNDEFINED); -#endif +# endif #else printf(GT_("WARNING: Compiled without SSL/TLS.\n")); #endif @@ -355,13 +357,13 @@ int main(int argc, char **argv) xfree(run.logfile); } -#if 0 +# if 0 /* not in daemon mode -> turn off logfile option */ if (0 == run.poll_interval) { if (outlevel >= O_NORMAL) { fprintf(stderr, GT_("Not running in daemon mode, ignoring logfile option.\n")); } xfree(run.logfile); } -#endif +# endif /* log file not writable -> turn off logfile option */ if (run.logfile && 0 != access(run.logfile, F_OK)) { @@ -407,8 +407,12 @@ va_dcl { #define fm_MIN_OPENSSL_VER 0x1000206fL /* 1.0.2f */ -#ifdef LIBRESSL_VERSION_NUMBER -#error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." +#ifdef LIBRESSL_VERSION_NUMBER +# ifdef __OpenBSD__ +# pragma message "WARNING - Linking against LibreSSL, which is not a supported configuration." +# else +# error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." +# endif #endif #ifdef USING_WOLFSSL |