Bug#952868: OpenSSL linking without license exception
Am 19.10.20 um 22:42 schrieb Michael Biebl: > On Sun, 1 Mar 2020 13:14:49 +0100 Bastian Germann > wrote: >> Package: wesnoth >> Severity: serious >> >> This GPL2 package links with OpenSSL. The OpenSSL license is >> incompatible with the GPL (see >> https://ftp-master.debian.org/REJECT-FAQ.html). This can be solved by >> asking upstream to add a license exception or by linking with wolfSSL >> instead. You can find a patch enclosed (untested). > > This patch is not strictly needed anymore, given that OpenSSL is now > considered a system library, i.e. doesn't require a license exception in > wesnoth. > > See > http://meetbot.debian.net/debian-ftp/2020/debian-ftp.2020-03-13-20.02.html > See also https://salsa.debian.org/ftp-team/website/-/merge_requests/6 signature.asc Description: OpenPGP digital signature
Bug#952868: OpenSSL linking without license exception
On Sun, 1 Mar 2020 13:14:49 +0100 Bastian Germann wrote: > Package: wesnoth > Severity: serious > > This GPL2 package links with OpenSSL. The OpenSSL license is > incompatible with the GPL (see > https://ftp-master.debian.org/REJECT-FAQ.html). This can be solved by > asking upstream to add a license exception or by linking with wolfSSL > instead. You can find a patch enclosed (untested). This patch is not strictly needed anymore, given that OpenSSL is now considered a system library, i.e. doesn't require a license exception in wesnoth. See http://meetbot.debian.net/debian-ftp/2020/debian-ftp.2020-03-13-20.02.html It's obviously your choice, if you want to continue to ship this patch and use libwolfssl (although I think OpenSSL is much more battle tested). Regards, Michael signature.asc Description: OpenPGP digital signature
Bug#952868: OpenSSL linking without license exception
Am 11.05.20 um 09:05 schrieb Rhonda D'Vine: > Without libssl-dev installed in > the building chroot this fails for me. Can you revisit this, and check > where you might have missed something? Try this new patch version. It is tested to compile without libssl-dev installed. >From 5a04599fa6d10e34df6695bb21adb352f8a1dd7d Mon Sep 17 00:00:00 2001 From: Bastian Germann Date: Sun, 1 Mar 2020 11:19:53 +0100 Subject: [PATCH] Replace OpenSSL with wolfSSL --- debian/control | 2 +- debian/control.in | 2 +- debian/patches/01wolfssl-crypto | 16 debian/patches/04omit-ssleay| 20 debian/patches/series | 2 ++ debian/rules| 2 +- 6 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 debian/patches/01wolfssl-crypto create mode 100644 debian/patches/04omit-ssleay diff --git a/debian/control b/debian/control index 5e35ef9..1d650a0 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Build-Depends: debhelper (>= 11~), libsdl2-image-dev (>= 2.0.0), libboost-iostreams-dev, libboost-test-dev, libboost-regex-dev, libboost-serialization-dev, libboost-system-dev, libboost-thread-dev, libboost-program-options-dev, libboost-filesystem-dev, libboost-locale-dev, - libboost-random-dev, libpng-dev, libreadline-dev, libssl-dev, + libboost-random-dev, libpng-dev, libreadline-dev, libwolfssl-dev, libpango1.0-dev, libvorbis-dev, cmake (>= 2.6) Standards-Version: 4.1.4 Uploaders: Rhonda D'Vine , diff --git a/debian/control.in b/debian/control.in index f97ece5..b57f2df 100644 --- a/debian/control.in +++ b/debian/control.in @@ -8,7 +8,7 @@ Build-Depends: debhelper (>= 11~), libsdl2-image-dev (>= 2.0.0), libboost-iostreams-dev, libboost-test-dev, libboost-regex-dev, libboost-serialization-dev, libboost-system-dev, libboost-thread-dev, libboost-program-options-dev, libboost-filesystem-dev, libboost-locale-dev, - libboost-random-dev, libpng-dev, libreadline-dev, libssl-dev, + libboost-random-dev, libpng-dev, libreadline-dev, libwolfssl-dev, libpango1.0-dev, libvorbis-dev, cmake (>= 2.6) Standards-Version: 4.1.4 Uploaders: Rhonda D'Vine , diff --git a/debian/patches/01wolfssl-crypto b/debian/patches/01wolfssl-crypto new file mode 100644 index 000..4b3fa74 --- /dev/null +++ b/debian/patches/01wolfssl-crypto @@ -0,0 +1,16 @@ +Author: Bastian Germann vim:ft=diff: +Description: Link with wolfssl instead of libcrypto. + +--- a/cmake/FindCrypto.cmake b/cmake/FindCrypto.cmake +@@ -1,8 +1,8 @@ + # OpenSSL crypto library + +-find_path(CRYPTO_INCLUDE_DIR openssl/md5.h) ++find_path(CRYPTO_INCLUDE_DIR openssl/md5.h /usr/include/wolfssl) + +-find_library(CRYPTO_LIBRARY crypto) ++find_library(CRYPTO_LIBRARY wolfssl) + + # handle the QUIETLY and REQUIRED arguments and set XXX_FOUND to TRUE if all listed variables are TRUE + INCLUDE(FindPackageHandleStandardArgs) diff --git a/debian/patches/04omit-ssleay b/debian/patches/04omit-ssleay new file mode 100644 index 000..213a253 --- /dev/null +++ b/debian/patches/04omit-ssleay @@ -0,0 +1,20 @@ +Author: Bastian Germann vim:ft=diff: +Description: Omit SSLeay call which has linking problems. + +diff --git a/src/build_info.cpp b/src/build_info.cpp +index 263841e..ef61201 100644 +--- a/src/build_info.cpp b/src/build_info.cpp +@@ -239,12 +239,6 @@ version_table_manager::version_table_manager() + // OpenSSL/libcrypto + // + +-#ifndef __APPLE__ +- compiled[LIB_CRYPTO] = format_openssl_version(OPENSSL_VERSION_NUMBER); +- linked[LIB_CRYPTO] = format_openssl_version(SSLeay()); +- names[LIB_CRYPTO] = "OpenSSL/libcrypto"; +-#endif +- + // + // Cairo + // diff --git a/debian/patches/series b/debian/patches/series index 57b6465..f08ba3d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,4 @@ +01wolfssl-crypto 02wesnoth-nolog-desktop-file 03wesnothd-name +04omit-ssleay diff --git a/debian/rules b/debian/rules index 02ad407..cbec12c 100755 --- a/debian/rules +++ b/debian/rules @@ -23,7 +23,7 @@ ifneq (,$(filter $(DEB_HOST_ARCH), mips mipsel)) CXXFLAGSDBG = -g1 endif -export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) +export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) -I/usr/include/wolfssl -DOPENSSL_ALL export CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(CPPFLAGS) -std=c++11 -fopenmp export CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) $(CPPFLAGS) -std=c++11 -fopenmp $(CXXFLAGSDBG) export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) -- 2.26.2
Bug#952868: OpenSSL linking without license exception
Dear Bastian, I can't seem to get this patch to work. Without libssl-dev installed in the building chroot this fails for me. Can you revisit this, and check where you might have missed something? I used a clean unstable cowbuilder chroot for building with this patch. Thanks, Rhonda On Sun, Mar 01, 2020 at 01:14:49PM +0100, Bastian Germann wrote: > Package: wesnoth > Severity: serious > > This GPL2 package links with OpenSSL. The OpenSSL license is > incompatible with the GPL (see > https://ftp-master.debian.org/REJECT-FAQ.html). This can be solved by > asking upstream to add a license exception or by linking with wolfSSL > instead. You can find a patch enclosed (untested). > From f15f10434ef5fbdc9cf2eeea15e7ca057c0f6e63 Mon Sep 17 00:00:00 2001 > From: Bastian Germann > Date: Sun, 1 Mar 2020 11:19:53 +0100 > Subject: [PATCH] Replace OpenSSL with wolfSSL > > --- > debian/control | 2 +- > debian/patches/01wolfssl-crypto | 14 ++ > debian/patches/series | 1 + > debian/rules| 2 +- > 4 files changed, 17 insertions(+), 2 deletions(-) > create mode 100644 debian/patches/01wolfssl-crypto > > diff --git a/debian/control b/debian/control > index 5e35ef9b..1d650a07 100644 > --- a/debian/control > +++ b/debian/control > @@ -8,7 +8,7 @@ Build-Depends: debhelper (>= 11~), libsdl2-image-dev (>= > 2.0.0), >libboost-iostreams-dev, libboost-test-dev, libboost-regex-dev, >libboost-serialization-dev, libboost-system-dev, libboost-thread-dev, >libboost-program-options-dev, libboost-filesystem-dev, libboost-locale-dev, > - libboost-random-dev, libpng-dev, libreadline-dev, libssl-dev, > + libboost-random-dev, libpng-dev, libreadline-dev, libwolfssl-dev, >libpango1.0-dev, libvorbis-dev, cmake (>= 2.6) > Standards-Version: 4.1.4 > Uploaders: Rhonda D'Vine , > diff --git a/debian/patches/01wolfssl-crypto b/debian/patches/01wolfssl-crypto > new file mode 100644 > index ..ad55d158 > --- /dev/null > +++ b/debian/patches/01wolfssl-crypto > @@ -0,0 +1,14 @@ > +Author: Bastian Germann vim:ft=diff: > +Description: Link with wolfssl instead of libcrypto. > + > +--- a/cmake/FindCrypto.cmake > b/cmake/FindCrypto.cmake > +@@ -2,7 +2,7 @@ > + > + find_path(CRYPTO_INCLUDE_DIR openssl/md5.h) > + > +-find_library(CRYPTO_LIBRARY crypto) > ++find_library(CRYPTO_LIBRARY wolfssl) > + > + # handle the QUIETLY and REQUIRED arguments and set XXX_FOUND to TRUE if > all listed variables are TRUE > + INCLUDE(FindPackageHandleStandardArgs) > diff --git a/debian/patches/series b/debian/patches/series > index 57b6465e..8014e9fd 100644 > --- a/debian/patches/series > +++ b/debian/patches/series > @@ -1,2 +1,3 @@ > +01wolfssl-crypto > 02wesnoth-nolog-desktop-file > 03wesnothd-name > diff --git a/debian/rules b/debian/rules > index 02ad4071..cbec12c1 100755 > --- a/debian/rules > +++ b/debian/rules > @@ -23,7 +23,7 @@ ifneq (,$(filter $(DEB_HOST_ARCH), mips mipsel)) > CXXFLAGSDBG = -g1 > endif > > -export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) > +export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) > -I/usr/include/wolfssl -DOPENSSL_ALL > export CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(CPPFLAGS) > -std=c++11 -fopenmp > export CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) $(CPPFLAGS) > -std=c++11 -fopenmp $(CXXFLAGSDBG) > export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) > -- > 2.25.1 >
Bug#952868: OpenSSL linking without license exception
Control: block 952868 by 924937 On Sun, 2020-03-01 at 13:14 +0100, Bastian Germann wrote: > This GPL2 package links with OpenSSL. The OpenSSL license is > incompatible with the GPL (see > https://ftp-master.debian.org/REJECT-FAQ.html). This can be solved by > asking upstream to add a license exception or by linking with wolfSSL > instead. You can find a patch enclosed (untested). See also #924937. Ansgar
Bug#952868: OpenSSL linking without license exception
Package: wesnoth Severity: serious This GPL2 package links with OpenSSL. The OpenSSL license is incompatible with the GPL (see https://ftp-master.debian.org/REJECT-FAQ.html). This can be solved by asking upstream to add a license exception or by linking with wolfSSL instead. You can find a patch enclosed (untested). From f15f10434ef5fbdc9cf2eeea15e7ca057c0f6e63 Mon Sep 17 00:00:00 2001 From: Bastian Germann Date: Sun, 1 Mar 2020 11:19:53 +0100 Subject: [PATCH] Replace OpenSSL with wolfSSL --- debian/control | 2 +- debian/patches/01wolfssl-crypto | 14 ++ debian/patches/series | 1 + debian/rules| 2 +- 4 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 debian/patches/01wolfssl-crypto diff --git a/debian/control b/debian/control index 5e35ef9b..1d650a07 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Build-Depends: debhelper (>= 11~), libsdl2-image-dev (>= 2.0.0), libboost-iostreams-dev, libboost-test-dev, libboost-regex-dev, libboost-serialization-dev, libboost-system-dev, libboost-thread-dev, libboost-program-options-dev, libboost-filesystem-dev, libboost-locale-dev, - libboost-random-dev, libpng-dev, libreadline-dev, libssl-dev, + libboost-random-dev, libpng-dev, libreadline-dev, libwolfssl-dev, libpango1.0-dev, libvorbis-dev, cmake (>= 2.6) Standards-Version: 4.1.4 Uploaders: Rhonda D'Vine , diff --git a/debian/patches/01wolfssl-crypto b/debian/patches/01wolfssl-crypto new file mode 100644 index ..ad55d158 --- /dev/null +++ b/debian/patches/01wolfssl-crypto @@ -0,0 +1,14 @@ +Author: Bastian Germann vim:ft=diff: +Description: Link with wolfssl instead of libcrypto. + +--- a/cmake/FindCrypto.cmake b/cmake/FindCrypto.cmake +@@ -2,7 +2,7 @@ + + find_path(CRYPTO_INCLUDE_DIR openssl/md5.h) + +-find_library(CRYPTO_LIBRARY crypto) ++find_library(CRYPTO_LIBRARY wolfssl) + + # handle the QUIETLY and REQUIRED arguments and set XXX_FOUND to TRUE if all listed variables are TRUE + INCLUDE(FindPackageHandleStandardArgs) diff --git a/debian/patches/series b/debian/patches/series index 57b6465e..8014e9fd 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ +01wolfssl-crypto 02wesnoth-nolog-desktop-file 03wesnothd-name diff --git a/debian/rules b/debian/rules index 02ad4071..cbec12c1 100755 --- a/debian/rules +++ b/debian/rules @@ -23,7 +23,7 @@ ifneq (,$(filter $(DEB_HOST_ARCH), mips mipsel)) CXXFLAGSDBG = -g1 endif -export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) +export CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) -I/usr/include/wolfssl -DOPENSSL_ALL export CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(CPPFLAGS) -std=c++11 -fopenmp export CXXFLAGS := $(shell dpkg-buildflags --get CXXFLAGS) $(CPPFLAGS) -std=c++11 -fopenmp $(CXXFLAGSDBG) export LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) -- 2.25.1