From 340d00bf9910ed55163be26435f70baf65a64f9d Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sat, 20 Nov 2021 11:37:13 +0100 Subject: LibreSSL: block, due to licensing issue. See COPYING or NEWS. --- NEWS | 8 ++++++++ configure.ac | 3 +++ fetchmail.c | 3 ++- socket.c | 4 ++-- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index b72769a3..85942474 100644 --- a/NEWS +++ b/NEWS @@ -89,6 +89,14 @@ removed from a 6.5.0 or newer release.) security fixes. Fetchmail means "could idle after poll", but this would have required another loop through the translators. +-------------------------------------------------------------------------------- +fetchmail-6.4.25 (not yet released): + +# CHANGES +* Since distributions continue patching for LibreSSL use, which cannot be + linked legally, block out LibreSSL in configure.ac and socket.c, and + refer to COPYING. + -------------------------------------------------------------------------------- fetchmail-6.4.24 (released 2021-11-20, 30218 LoC): diff --git a/configure.ac b/configure.ac index 14760f3a..ba21272d 100644 --- a/configure.ac +++ b/configure.ac @@ -813,6 +813,9 @@ fi AC_MSG_NOTICE([LIBS:] "$LIBS") case "$LIBS" in *-lssl*|*libssl*) + AC_CHECK_DECLS([LIBRESSL_VERSION_NUMBER], + AC_MSG_ERROR([fetchmail cannot legally be linked against LibreSSL for lack of GPL2 clause 2b exception. See COPYING.]),, + [#include ]) AC_CHECK_DECLS([TLS1_3_VERSION],, AC_MSG_WARN([Your OpenSSL version is too old and does not support TLS v1.3. Upgrade.]), [#include ]) diff --git a/fetchmail.c b/fetchmail.c index 71ecc1b0..060e0a9f 100644 --- a/fetchmail.c +++ b/fetchmail.c @@ -317,7 +317,8 @@ int main(int argc, char **argv) printf(GT_("WARNING: Your SSL/TLS library does not support TLS v1.3.\n")); #endif #ifdef LIBRESSL_VERSION_NUMBER - printf(GT_("WARNING: Compiled against LibreSSL, which is not a supported configuration.\n")); + printf(GT_("ERROR: Compiled against LibreSSL, which is a copyright violation for lack of GPL clause 2b exception. See COPYING. Aborting.\n")); + exit(PS_UNDEFINED); #endif #else printf(GT_("WARNING: Compiled without SSL/TLS.\n")); diff --git a/socket.c b/socket.c index 8887c094..8ee88ec2 100644 --- a/socket.c +++ b/socket.c @@ -409,7 +409,7 @@ va_dcl { #define fm_MIN_OPENSSL_VER 0x1000200fL #ifdef LIBRESSL_VERSION_NUMBER -#pragma message "WARNING - LibreSSL is unsupported. Use at your own risk." +#error "FAILED - LibreSSL cannot be used legally, for lack of GPL clause 2b exception, see COPYING." #endif #if OPENSSL_VERSION_NUMBER < 0x1010100fL @@ -922,7 +922,7 @@ static const char *SSLCertGetCN(const char *mycert, } #if !defined(OSSL110_API) -/* ===== implementation for OpenSSL 1.0.X and LibreSSL ===== */ +/* ===== implementation for OpenSSL 1.0.X ===== */ static int OSSL10X_proto_version_logic(int sock, const char **myproto, int *avoid_ssl_versions) { if (!*myproto) { -- cgit v1.2.3