Debian Bug report logs - #641479
alpine: Contains non-free code

version graph

Package: alpine; Maintainer for alpine is Asheesh Laroia <asheesh@asheesh.org>; Source for alpine is src:alpine.

Reported by: Sam Geeraerts <samgee@elmundolibre.be>

Date: Tue, 13 Sep 2011 16:57:01 UTC

Severity: serious

Tags: patch, upstream

Found in version alpine/2.00+dfsg-6

Fixed in version alpine/2.02+dfsg-1

Done: Asheesh Laroia <asheesh@asheesh.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Asheesh Laroia <asheesh@asheesh.org>:
Bug#641479; Package alpine. (Tue, 13 Sep 2011 16:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sam Geeraerts <samgee@elmundolibre.be>:
New Bug report received and forwarded. Copy sent to Asheesh Laroia <asheesh@asheesh.org>. (Tue, 13 Sep 2011 16:57:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sam Geeraerts <samgee@elmundolibre.be>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: alpine: Contains non-free code
Date: Tue, 13 Sep 2011 18:54:20 +0200
Package: alpine
Version: 2.00+dfsg-6
Severity: serious
Tags: upstream
Justification: Policy 2.1.3
User: gnewsense-dev@nongnu.org
Usertags: gnewsense libreplanet

The file pico/msmem.c contains the following comment:

===========
 * This code originally written by Stephen Chung and posted to a Usenet news
 * group.  I've modified them for use in Pine.  The author says:
 *
 *
 * Copyright (C) Stephen Chung, 1991-1992.  All rights reserved.
 *
 * Afterwords
 * ----------
 *
 * Theoretically, you are required to obtain special approval from me (because
 * I copyrighted these routines) if you want to use them in your programs.
 * However, I usually don't really care if you are not using these routines in
 * a commercial, shareware etc. product.
===========

Even when ignoring the vague and confusing words in the last sentence
("usually", "really", "not") I understand this to only give permission to
use and distribute the code verbatim. It doesn't say anything about modifying
or distributing modified versions, meaning that it's not allowed (although the
Pine developer didn't seem to see it that way). This violates DFSG.

-- System Information:
Debian Release: 3.0.2
Architecture: i386 (i686)

Kernel: Linux 2.6.38.6-libre-planet (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, Asheesh Laroia <asheesh@asheesh.org>:
Bug#641479; Package alpine. (Tue, 04 Oct 2011 00:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Paul Tagliamonte <paultag@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Asheesh Laroia <asheesh@asheesh.org>. (Tue, 04 Oct 2011 00:51:03 GMT) Full text and rfc822 format available.

Message #10 received at 641479@bugs.debian.org (full text, mbox):

From: Paul Tagliamonte <paultag@ubuntu.com>
To: 641479@bugs.debian.org
Subject: RE: alpine: Contains non-free code
Date: Mon, 3 Oct 2011 20:46:23 -0400
Howdy, Asheesh (and others),

I had some time, so I figured I'd document the interface to the
nonfree source and get someone to implement a drop-in replacement, but
I discovered something a bit funny when I was in there:

#include <windows.h>

I took a look at the build system, turns out it was only for Windows.
I removed the nonfree file, repacked and rebuilt, and it built with
success in a pbuild chroot.

I removed the following files (I also found windows binaries in there)

Windows Binaries:
 ./ldap/binaries/debug/ldap32.dll
 ./ldap/binaries/debug/libldap.dll
 ./ldap/binaries/release/ldap32.dll
 ./ldap/binaries/release/libldap.dll
 ./alpine/ldap32.dll
Windows Non-DFSG Free Source:
 ./pico/msmem.c

I've put my copy of the tarball I tested with on my people.u.c

http://people.ubuntu.com/~paultag/alpine_2.02+dfsg1.orig.tar.gz

It's MD5 on my machine is:

15ee825093b90368e52b3fca7f18f680

Cheers, folks,
Paul

-- 
All programmers are playwrights, and all computers are lousy actors.

#define sizeof(x) rand()
:wq




Information forwarded to debian-bugs-dist@lists.debian.org, Asheesh Laroia <asheesh@asheesh.org>:
Bug#641479; Package alpine. (Thu, 10 Nov 2011 08:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Nieder <jrnieder@gmail.com>:
Extra info received and forwarded to list. Copy sent to Asheesh Laroia <asheesh@asheesh.org>. (Thu, 10 Nov 2011 08:36:03 GMT) Full text and rfc822 format available.

Message #15 received at 641479@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: Paul Tagliamonte <paultag@ubuntu.com>
Cc: 641479@bugs.debian.org
Subject: Re: alpine: Contains non-free code
Date: Thu, 10 Nov 2011 02:32:58 -0600
Hey,

Paul Tagliamonte wrote:

> I removed the following files (I also found windows binaries in there)
>
> Windows Binaries:
>  ./ldap/binaries/debug/ldap32.dll
>  ./ldap/binaries/debug/libldap.dll
>  ./ldap/binaries/release/ldap32.dll
>  ./ldap/binaries/release/libldap.dll
>  ./alpine/ldap32.dll
> Windows Non-DFSG Free Source:
>  ./pico/msmem.c
>
> I've put my copy of the tarball I tested with on my people.u.c
>
> http://people.ubuntu.com/~paultag/alpine_2.02+dfsg1.orig.tar.gz

Nice.  Could you (or anyone) get in touch with upstream at [1] to see
if they are interested in adopting these changes?  If doing so, please
send the issue number to this bug log so we can track it.

Thanks much,
Jonathan

[1] http://sourceforge.net/tracker/?group_id=264924&atid=1128048




Information forwarded to debian-bugs-dist@lists.debian.org, Asheesh Laroia <asheesh@asheesh.org>:
Bug#641479; Package alpine. (Sat, 03 Mar 2012 15:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Edward Allcutt <edward@allcutt.me.uk>:
Extra info received and forwarded to list. Copy sent to Asheesh Laroia <asheesh@asheesh.org>. (Sat, 03 Mar 2012 15:39:05 GMT) Full text and rfc822 format available.

Message #20 received at 641479@bugs.debian.org (full text, mbox):

From: Edward Allcutt <edward@allcutt.me.uk>
To: 641479@bugs.debian.org
Subject: Ping: alpine: Contains non-free code
Date: Sat, 3 Mar 2012 15:27:06 +0000 (GMT)
This is RC and appears to need a maintainer upload with a repacked 
upstream tarball, regardless of whether upstream will accept patches.

Are any of the maintainers planning to handle this soon?

-- 
Edward Allcutt




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#641479; Package alpine. (Mon, 05 Mar 2012 21:09:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Asheesh Laroia <asheesh@asheesh.org>:
Extra info received and forwarded to list. (Mon, 05 Mar 2012 21:09:12 GMT) Full text and rfc822 format available.

Message #25 received at 641479@bugs.debian.org (full text, mbox):

From: Asheesh Laroia <asheesh@asheesh.org>
To: Edward Allcutt <edward@allcutt.me.uk>, 641479@bugs.debian.org
Subject: Re: Bug#641479: Ping: alpine: Contains non-free code
Date: Mon, 5 Mar 2012 15:57:37 -0500 (EST)
On Sat, 3 Mar 2012, Edward Allcutt wrote:

> This is RC and appears to need a maintainer upload with a repacked upstream 
> tarball, regardless of whether upstream will accept patches.
>
> Are any of the maintainers planning to handle this soon?

You're right that in the near term, a fresh upload is required. I will 
work on that soon.




Information forwarded to debian-bugs-dist@lists.debian.org, Asheesh Laroia <asheesh@asheesh.org>:
Bug#641479; Package alpine. (Mon, 02 Jul 2012 22:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ivo De Decker <ivo.dedecker@ugent.be>:
Extra info received and forwarded to list. Copy sent to Asheesh Laroia <asheesh@asheesh.org>. (Mon, 02 Jul 2012 22:48:03 GMT) Full text and rfc822 format available.

Message #30 received at 641479@bugs.debian.org (full text, mbox):

From: Ivo De Decker <ivo.dedecker@ugent.be>
To: 641479@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: alpine: Contains non-free code
Date: Tue, 3 Jul 2012 00:45:30 +0200
tags 641479 patch
thanks

On Mon, Oct 03, 2011 at 08:46:23PM -0400, Paul Tagliamonte wrote:
> I took a look at the build system, turns out it was only for Windows.
> I removed the nonfree file, repacked and rebuilt, and it built with
> success in a pbuild chroot.
> 
> I removed the following files (I also found windows binaries in there)
> 
> Windows Binaries:
>  ./ldap/binaries/debug/ldap32.dll
>  ./ldap/binaries/debug/libldap.dll
>  ./ldap/binaries/release/ldap32.dll
>  ./ldap/binaries/release/libldap.dll
>  ./alpine/ldap32.dll
> Windows Non-DFSG Free Source:
>  ./pico/msmem.c
> 
> I've put my copy of the tarball I tested with on my people.u.c
> 
> http://people.ubuntu.com/~paultag/alpine_2.02+dfsg1.orig.tar.gz

This is somewhat like a patch, so tagging this bug accordingly, so that it is
removed from the unpatched RC bug list.

Cheers,

Ivo






Added tag(s) patch. Request was from Ivo De Decker <ivo.dedecker@ugent.be> to control@bugs.debian.org. (Mon, 02 Jul 2012 22:48:04 GMT) Full text and rfc822 format available.

Reply sent to Asheesh Laroia <asheesh@asheesh.org>:
You have taken responsibility. (Tue, 03 Jul 2012 00:51:05 GMT) Full text and rfc822 format available.

Notification sent to Sam Geeraerts <samgee@elmundolibre.be>:
Bug acknowledged by developer. (Tue, 03 Jul 2012 00:51:05 GMT) Full text and rfc822 format available.

Message #37 received at 641479-close@bugs.debian.org (full text, mbox):

From: Asheesh Laroia <asheesh@asheesh.org>
To: 641479-close@bugs.debian.org
Subject: Bug#641479: fixed in alpine 2.02+dfsg-1
Date: Tue, 03 Jul 2012 00:47:11 +0000
Source: alpine
Source-Version: 2.02+dfsg-1

We believe that the bug you reported is fixed in the latest version of
alpine, which is due to be installed in the Debian FTP archive:

alpine-dbg_2.02+dfsg-1_amd64.deb
  to main/a/alpine/alpine-dbg_2.02+dfsg-1_amd64.deb
alpine-doc_2.02+dfsg-1_all.deb
  to main/a/alpine/alpine-doc_2.02+dfsg-1_all.deb
alpine-pico_2.02+dfsg-1_amd64.deb
  to main/a/alpine/alpine-pico_2.02+dfsg-1_amd64.deb
alpine_2.02+dfsg-1.debian.tar.gz
  to main/a/alpine/alpine_2.02+dfsg-1.debian.tar.gz
alpine_2.02+dfsg-1.dsc
  to main/a/alpine/alpine_2.02+dfsg-1.dsc
alpine_2.02+dfsg-1_amd64.deb
  to main/a/alpine/alpine_2.02+dfsg-1_amd64.deb
alpine_2.02+dfsg.orig.tar.gz
  to main/a/alpine/alpine_2.02+dfsg.orig.tar.gz
pilot_2.02+dfsg-1_amd64.deb
  to main/a/alpine/pilot_2.02+dfsg-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 641479@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Asheesh Laroia <asheesh@asheesh.org> (supplier of updated alpine package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 02 Jul 2012 16:44:02 -0600
Source: alpine
Binary: alpine alpine-doc alpine-dbg alpine-pico pilot
Architecture: source all amd64
Version: 2.02+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Asheesh Laroia <asheesh@asheesh.org>
Changed-By: Asheesh Laroia <asheesh@asheesh.org>
Description: 
 alpine     - Text-based email client, friendly for novices but powerful
 alpine-dbg - Text-based email client's debugging symbols
 alpine-doc - Text-based email client's documentation
 alpine-pico - Simple text editor from Alpine, a text-based email client
 pilot      - Simple file browser from Alpine, a text-based email client
Closes: 641479
Changes: 
 alpine (2.02+dfsg-1) unstable; urgency=medium
 .
   * ACK'd non-maintainer upload by tolimar. (Thank you!)
   * Removed Windows (and other) binaries from ldap/binaries/* and
     pico/msmem.c and alpine/ldap32.dll. This is now documented in
     debian/copyright. (Closes: #641479)
   * Configuring debian/rules for hardening flags, as per release goal.
     (Therefore, this release adds a versioned dpkg dependency.)
   * Set urgency to medium due to fix for release-critical bug.
   * Bump the Standards-Version to 3.9.3; no changes since 3.9.1 affect
     this package.
Checksums-Sha1: 
 208130552b733862c6179241069ea0a5a72fb4a1 1682 alpine_2.02+dfsg-1.dsc
 55419c9d67b661081a72ebba54512c9846f3055b 6586460 alpine_2.02+dfsg.orig.tar.gz
 9d58d7d01971a188405419eb441c4afb1f762826 14866 alpine_2.02+dfsg-1.debian.tar.gz
 d016ddb3cf10e1369ccbcd8f5a8af110080b6ecd 389868 alpine-doc_2.02+dfsg-1_all.deb
 db87e665791b7cbd1f852cbbac67f0066f10573e 3163672 alpine_2.02+dfsg-1_amd64.deb
 594e35a73224a647efce755082e8c5c9b156875e 6018666 alpine-dbg_2.02+dfsg-1_amd64.deb
 5d4bed48451aeddd746fa344928345b35e42e139 401438 alpine-pico_2.02+dfsg-1_amd64.deb
 eb27fc1019a394916e0637d3eb9e542006d872c8 397480 pilot_2.02+dfsg-1_amd64.deb
Checksums-Sha256: 
 245993b1c67a1e5c6c41603772c7cdde023a745178ab652fbcef8abbf7748e4c 1682 alpine_2.02+dfsg-1.dsc
 f86eae9b6f6523f3eab0400052ed97e9812fe3e1f4e4bb642ad2f84e4cdb2c82 6586460 alpine_2.02+dfsg.orig.tar.gz
 4bcfcefa64e6c2874f8b7369ce5c7023cf96d151dd1ed9d70339a3752c2bef23 14866 alpine_2.02+dfsg-1.debian.tar.gz
 f4b065f339129af9efb75caf6818f1d9f5839c742d79f708a4c4b3da49aad9ca 389868 alpine-doc_2.02+dfsg-1_all.deb
 fc37ee2dcf538b936b2b74ffd346be717b51fe8b4ffdc4b3114a1fd43bcf9957 3163672 alpine_2.02+dfsg-1_amd64.deb
 7723f3673c5f8f847d76c5868641082fe07d8497f31b15d057cf8f94e14cc942 6018666 alpine-dbg_2.02+dfsg-1_amd64.deb
 f7e93a1865caf037c5e1843b30ba45e6ab0f288fb9f9e14e7fb58a1b18cf70ca 401438 alpine-pico_2.02+dfsg-1_amd64.deb
 a03fde659ed30b732f51ced2692347b89a6b228b944eb90a72442cf6e0f078db 397480 pilot_2.02+dfsg-1_amd64.deb
Files: 
 9776b5a46e4e0de9ce8f7b9553b0330a 1682 mail optional alpine_2.02+dfsg-1.dsc
 2eb373e7ace2dd5dad5b9012169d3d5c 6586460 mail optional alpine_2.02+dfsg.orig.tar.gz
 818d5aa0f0e705a67c9a232850f2f3f4 14866 mail optional alpine_2.02+dfsg-1.debian.tar.gz
 aa5984b97d6046206b4eb698fe1f549d 389868 doc optional alpine-doc_2.02+dfsg-1_all.deb
 ab2cdb7ceba0307473839d6569505193 3163672 mail optional alpine_2.02+dfsg-1_amd64.deb
 1923e0cafb1ca66280bbb7f1900ef455 6018666 debug extra alpine-dbg_2.02+dfsg-1_amd64.deb
 9214640777330096f975b5d4e4f40f65 401438 editors extra alpine-pico_2.02+dfsg-1_amd64.deb
 7aeea5f493a55fc6d1f71b51c32f01b7 397480 utils optional pilot_2.02+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk/yPgAACgkQN+HBdXAJatHfigCfSoa5i77XoBmt9Mm+w0NiZTul
MhQAn0JSdUn/xHRuD/TkPjs+cF8U3kc2
=XqJG
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jun 2013 08:19:26 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:47:09 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.