diff options
| -rw-r--r-- | COPYING | 8 | ||||
| -rw-r--r-- | INSTALL | 3 | ||||
| -rw-r--r-- | NEWS | 6 | ||||
| -rw-r--r-- | configure.ac | 8 | ||||
| -rw-r--r-- | fetchmail.c | 14 | ||||
| -rw-r--r-- | socket.c | 8 |
6 files changed, 30 insertions, 17 deletions
@@ -22,10 +22,10 @@ following clause applies: |of the GNU General Public License cover the whole combination. | |In addition, as a special exception, the copyright holders of fetchmail -|give you permission to combine fetchmail with free -|software programs or libraries that are released under the GNU LGPL and with -|code included in the standard release of OpenSSL under the OpenSSL or SSLeay license -|(or modified versions of such code, with unchanged license). +|give you permission to combine fetchmail with free software programs or +|libraries that are released with code included in the standard release of +|OpenSSL under the OpenSSL or SSLeay license (or modified versions of such +|code, with unchanged license). | |You may copy and distribute such a system following the terms of the GNU GPL |for fetchmail and the licenses of the other code concerned, @@ -25,7 +25,8 @@ See README.SSL for details. Forked libraries deriving from OpenSSL and under the SSLeay or OpenSSL license cannot be used due to licensing issues, and are not supported. -This affects, f.i., LibreSSL. +This affects, f.i., LibreSSL, unless it is part of the operating system +(f. i., on OpenBSD). Since 6.4.25, there is experimental support for wolfSSL 5.0.0 or newer, which is under GNU GPL v2 or later license and hence may be easier for @@ -100,9 +100,9 @@ fetchmail-6.4.25.rc4 (release candidate issued 2021-12-03, 31641 LoC): # BREAKING CHANGES: * Since distributions continue patching for LibreSSL use, which cannot be linked legally, block out LibreSSL in configure.ac and socket.c, and - refer to COPYING. OpenSSL and wolfSSL 5 can be used. - SSL-related documentation was updated, do re-read - COPYING, INSTALL, README, README.packaging, README.SSL. + refer to COPYING, unless on OpenBSD (which ships it in the base system). + OpenSSL and wolfSSL 5 can be used. SSL-related documentation was updated, do + re-read COPYING, INSTALL, README, README.packaging, README.SSL. * Bump OpenSSL version requirement to 1.0.2f in order to safely remove the obsolete OpenSSL flag SSL_OP_SINGLE_DH_USE. This blocks out 1.0.2e and older 1.0.2 versions. 1.0.2f was a security fix release, and 1.0.2u is diff --git a/configure.ac b/configure.ac index f8e4ca84..7cacff99 100644 --- a/configure.ac +++ b/configure.ac @@ -889,9 +889,15 @@ AS_MESSAGE([ LIBS: $LIBS]) case "$LIBS" in *-lssl*|*libssl*|*-lwolfssl*|*libwolfssl*) - AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], + case $host_os in + openbsd*) ;; dnl OpenBSD ships LibreSSL in the base operating system + dnl so makes use of the GPL2 clause 3 exception. + *) + AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], AC_MSG_ERROR([fetchmail cannot legally be linked against LibreSSL for lack of GPL2 clause 2b exception. See COPYING.]),, [#include <openssl/ssl.h>]) + ;; + esac AC_CHECK_DECLS([TLS1_3_VERSION],, AC_MSG_WARN([Your OpenSSL version is too old and does not support TLS v1.3. Upgrade.]), [#include <openssl/ssl.h>]) diff --git a/fetchmail.c b/fetchmail.c index 160990b7..84a6d7fd 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -317,13 +317,15 @@ int main(int argc, char **argv) printf(GT_("OpenSSL: %s\nEngines: %s\n"), OpenSSL_version(OPENSSL_DIR), OpenSSL_version(OPENSSL_ENGINES_DIR)); -#if !HAVE_DECL_TLS1_3_VERSION || defined(OPENSSL_NO_TLS1_3) +# if !HAVE_DECL_TLS1_3_VERSION || defined(OPENSSL_NO_TLS1_3) printf(GT_("WARNING: Your SSL/TLS library does not support TLS v1.3.\n")); -#endif -#ifdef LIBRESSL_VERSION_NUMBER +# endif +# if defined(LIBRESSL_VERSION_NUMBER) && !defined(__OpenBSD__) + /* OpenBSD ships LibreSSL as part of the base system, so is exempt + * because it can pull the GPL v2 clause 3 exception */ printf(GT_("ERROR: Compiled against LibreSSL, which is a copyright violation for lack of GPL clause 2b exception. See COPYING. Aborting.\n")); exit(PS_UNDEFINED); -#endif +# endif #else printf(GT_("WARNING: Compiled without SSL/TLS.\n")); #endif @@ -355,13 +357,13 @@ int main(int argc, char **argv) xfree(run.logfile); } -#if 0 +# if 0 /* not in daemon mode -> turn off logfile option */ if (0 == run.poll_interval) { if (outlevel >= O_NORMAL) { fprintf(stderr, GT_("Not running in daemon mode, ignoring logfile option.\n")); } xfree(run.logfile); } -#endif +# endif /* log file not writable -> turn off logfile option */ if (run.logfile && 0 != access(run.logfile, F_OK)) { @@ -407,8 +407,12 @@ va_dcl { #define fm_MIN_OPENSSL_VER 0x1000206fL /* 1.0.2f */ -#ifdef LIBRESSL_VERSION_NUMBER -#error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." +#ifdef LIBRESSL_VERSION_NUMBER +# ifdef __OpenBSD__ +# pragma message "WARNING - Linking against LibreSSL, which is not a supported configuration." +# else +# error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." +# endif #endif #ifdef USING_WOLFSSL |