Debian Bug report logs -
#688868
Upstream license exception required to enable linking with SSL
Reported by: Guillaume BERAUDO <guillaume.beraudo@gmail.com>
Date: Wed, 26 Sep 2012 13:45:01 UTC
Severity: wishlist
Tags: fixed-upstream, upstream
Found in version libexosip2/3.6.0-4
Fixed in version libexosip2/4.1.0-1
Done: Mark Purcell <msp@debian.org>
Bug is archived. No further changes may be made.
Forwarded to jack@atosc.org, osip@atosc.org
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#688868; Package libexosip2-7.
(Wed, 26 Sep 2012 13:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Guillaume BERAUDO <guillaume.beraudo@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Wed, 26 Sep 2012 13:45:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libexosip2-7
Version: 3.6.0-4
Severity: serious
Justification: 0: makes the package in question unusable or mostly so
Dear Maintainer,
The exosip library is not compiled with SSL support.
The control file marks libssl-dev as a build conflict.
I couldn't find the rationale behind it; only a bug report from 2007 on
Bayonne mention the fact. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442964 .
Today this bug has become serious because many routers mess up with
unencrypted SIP traffic, preventing calls to succeed.
TLS was added to Linphone one year ago using exosip with SSL and it
works as expected and is available in wheezy.
I hesitated to set the severity to serious, but frankly, many people
will be stuck in using skype if TLS support is not available in their
softphone.
Cheers,
Guillaume
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libexosip2-7 depends on:
ii libc6 2.13-35
ii libosip2-7 3.6.0-4
ii multiarch-support 2.13-35
libexosip2-7 recommends no packages.
libexosip2-7 suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#688868; Package libexosip2-7.
(Sat, 29 Sep 2012 09:18:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Mark Purcell <mark@purcell.id.au>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Sat, 29 Sep 2012 09:18:13 GMT) (full text, mbox, link).
Message #10 received at 688868@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 688868 wontfix upstream
tags 688868 severity wishlist
retitle 688868 Upstream license exception required to enable linking with SSL
thanks
On Wed, 26 Sep 2012 23:40:30 Guillaume BERAUDO wrote:
> The exosip library is not compiled with SSL support.
> The control file marks libssl-dev as a build conflict.
Guillaume,
It is not always permitted to link gpl code with ssl unless upstream provides
a license exception:
http://www.openssl.org/support/faq.html#LEGAL2
http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html
The GPL (including version 3) is incompatible with some terms of the
OpenSSL license, and therefore Debian does not allow GPL-licensed code
linked with OpenSSL libraries unless there is a license exception
explicitly permitting this.
Mark
[signature.asc (application/pgp-signature, inline)]
Added tag(s) upstream and wontfix.
Request was from Mark Purcell <mark@purcell.id.au>
to control@bugs.debian.org.
(Sat, 29 Sep 2012 09:18:17 GMT) (full text, mbox, link).
Changed Bug title to 'Upstream license exception required to enable linking with SSL' from 'libexosip2: should be compiled with SSL support'
Request was from Mark Purcell <mark@purcell.id.au>
to control@bugs.debian.org.
(Sat, 29 Sep 2012 09:18:17 GMT) (full text, mbox, link).
Severity set to 'wishlist' from 'serious'
Request was from Mark Purcell <mark@purcell.id.au>
to control@bugs.debian.org.
(Sat, 29 Sep 2012 09:57:13 GMT) (full text, mbox, link).
Reply sent
to Mark Purcell <mark@purcell.id.au>:
You have marked Bug as forwarded.
(Sat, 06 Oct 2012 07:03:03 GMT) (full text, mbox, link).
Message #19 received at 688868-forwarded@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Aymeric,
If you wish to allow libexosip2 to be shipped with SSL support you will need
to provide a licence exception like the following:
"This program is released under the GPL with the additional exemption
that compiling, linking, and/or using OpenSSL is allowed"
Mark
Can I use OpenSSL with GPL software?
On many systems including the major Linux and BSD distributions, yes (the GPL
does not place restrictions on using libraries that are part of the normal
operating system distribution).
On other systems, the situation is less clear. Some GPL software copyright
holders claim that you infringe on their rights if you use OpenSSL with their
software on operating systems that don't normally include OpenSSL.
If you develop open source software that uses OpenSSL, you may find it useful
to choose an other license than the GPL, or state explicitly that "This
program is released under the GPL with the additional exemption that
compiling, linking, and/or using OpenSSL is allowed." If you are using GPL
software developed by others, you may want to ask the copyright holder for
permission to use their software with OpenSSL.
---------- Forwarded Message ----------
Subject: Re: Bug#688868: libexosip2: should be compiled with SSL support
Date: Sat, 29 Sep 2012, 19:12:18
From: Mark Purcell <mark@purcell.id.au>
To: Guillaume BERAUDO <guillaume.beraudo@gmail.com>, 688868@bugs.debian.org
tags 688868 wontfix upstream
tags 688868 severity wishlist
retitle 688868 Upstream license exception required to enable linking with SSL
thanks
On Wed, 26 Sep 2012 23:40:30 Guillaume BERAUDO wrote:
> The exosip library is not compiled with SSL support.
> The control file marks libssl-dev as a build conflict.
Guillaume,
It is not always permitted to link gpl code with ssl unless upstream provides
a license exception:
http://www.openssl.org/support/faq.html#LEGAL2
http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html
The GPL (including version 3) is incompatible with some terms of the
OpenSSL license, and therefore Debian does not allow GPL-licensed code
linked with OpenSSL libraries unless there is a license exception
explicitly permitting this.
Mark
-----------------------------------------
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#688868; Package libexosip2-7.
(Thu, 14 Mar 2013 09:33:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Mark Purcell <msp@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Thu, 14 Mar 2013 09:33:07 GMT) (full text, mbox, link).
Message #24 received at 688868@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 688868 fixed-upstream pending -wontfix
thanks
Serge, (& Aymeric)
Great news, yes this means that from this version we can link and ship with
SSL support.
No issue contacting me this way, but it would be better via the BTS through
email to: 688868@bugs.debian.org
Mark
On Wed, 13 Mar 2013 08:12:46 Serge Pouliquen wrote:
> Hi,
>
> In bug 688868, you have indicated that exosip license doesn't allow
> openssl. The developer made a recent modification (in dev branch) in the
> license. Could you check if the modification is compatible with your
> expectation ?
>
> http://git.savannah.gnu.org/cgit/exosip.git/commit/?id=f449310b14626034cb78
> 4f703458380a0ff41a62
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688868
>
> I hope that I am not doing a mistake by contacting you that way.
>
> Regards,
> Serge Pouliquen
> (a end-user interested in SSL support in exosip)
[signature.asc (application/pgp-signature, inline)]
Added tag(s) pending and fixed-upstream.
Request was from Mark Purcell <msp@debian.org>
to control@bugs.debian.org.
(Thu, 14 Mar 2013 09:33:11 GMT) (full text, mbox, link).
Removed tag(s) wontfix.
Request was from Mark Purcell <msp@debian.org>
to control@bugs.debian.org.
(Thu, 14 Mar 2013 09:33:12 GMT) (full text, mbox, link).
Message sent on
to Guillaume BERAUDO <guillaume.beraudo@gmail.com>:
Bug#688868.
(Thu, 14 Mar 2013 09:33:14 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#688868; Package libexosip2-7.
(Tue, 19 Mar 2013 01:57:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Serge Pouliquen <sp31415@free.fr>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Tue, 19 Mar 2013 01:57:07 GMT) (full text, mbox, link).
Message #36 received at 688868@bugs.debian.org (full text, mbox, reply):
Hi,
Thank you for the feedback.
Is it possible for you to propose a new version of the exosip package
with ssl support ?
Probably in experimental repository...
Regards,
Serge Pouliquen
On 03/14/2013 10:32 AM, Mark Purcell wrote:
> tags 688868 fixed-upstream pending -wontfix
> thanks
>
> Serge, (& Aymeric)
>
> Great news, yes this means that from this version we can link and ship with
> SSL support.
>
> No issue contacting me this way, but it would be better via the BTS through
> email to: 688868@bugs.debian.org
>
> Mark
>
>
> On Wed, 13 Mar 2013 08:12:46 Serge Pouliquen wrote:
>> Hi,
>>
>> In bug 688868, you have indicated that exosip license doesn't allow
>> openssl. The developer made a recent modification (in dev branch) in the
>> license. Could you check if the modification is compatible with your
>> expectation ?
>>
>> http://git.savannah.gnu.org/cgit/exosip.git/commit/?id=f449310b14626034cb78
>> 4f703458380a0ff41a62
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688868
>>
>> I hope that I am not doing a mistake by contacting you that way.
>>
>> Regards,
>> Serge Pouliquen
>> (a end-user interested in SSL support in exosip)
Added indication that 688868 affects libexosip2-10
Request was from Mark Purcell <msp@debian.org>
to control@bugs.debian.org.
(Sun, 10 Nov 2013 05:57:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#688868; Package libexosip2-7.
(Sun, 10 Nov 2013 06:03:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Mark Purcell <msp@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Sun, 10 Nov 2013 06:03:08 GMT) (full text, mbox, link).
Message #43 received at 688868@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sat, 9 Nov 2013 18:51:35 Gijs Hillenius wrote:
> Hello Mark,
>
> I'm trying to configure linphone, but might be running into Debian bug
> 688868. (could not start tls transport on port 5061..)
>
> However, reading that bug's report, I would think that bug has
> actually already been fixed. That is not entirely clear from the
> changelog.. it seems to have been fixed, but the bug is now marked
> whishlist in libexosip2-7. I'm not entirely sure how this is linked to
> libexosip2-10
Gijs,
This bug hasn't yet been closed as does continue to effect libexosip2-10.
I was waiting for an update from upstream, but perhaps I should pull the
upstream change into Debian early.
Mark
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Mark Purcell <msp@debian.org>:
You have taken responsibility.
(Tue, 21 Jan 2014 16:03:08 GMT) (full text, mbox, link).
Notification sent
to Guillaume BERAUDO <guillaume.beraudo@gmail.com>:
Bug acknowledged by developer.
(Tue, 21 Jan 2014 16:03:08 GMT) (full text, mbox, link).
Message #48 received at 688868-close@bugs.debian.org (full text, mbox, reply):
Source: libexosip2
Source-Version: 4.1.0-1
We believe that the bug you reported is fixed in the latest version of
libexosip2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 688868@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated libexosip2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 20 Jan 2014 21:48:15 +1100
Source: libexosip2
Binary: libexosip2-dev libexosip2-11
Architecture: source amd64
Version: 4.1.0-1
Distribution: experimental
Urgency: low
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description:
libexosip2-11 - eXtended osip library
libexosip2-dev - eXtended osip library development files
Closes: 688868 735950
Changes:
libexosip2 (4.1.0-1) experimental; urgency=low
.
* New upstream release
* NEW package libexosip2-11 - match soname
* Fix "use dh-autoreconf instead of autotools-dev to fix FTBFS on
ppc64el" patch from ~logan (Closes: #735950)
* Fix "Upstream license exception required to enable linking with SSL"
Upstream exception added to debian/copyright (Closes: #688868)
* Add Build-Depends: libssl-dev
* quilt refresh
* Fix further spelling-error-in-manpage.patch
Checksums-Sha1:
bbdb2dc85e25e1b3fb05a09faa88bf93c70d108d 1541 libexosip2_4.1.0-1.dsc
f85e93227f772acac1b3e17b69c6b8a708336ba8 530997 libexosip2_4.1.0.orig.tar.gz
3d8b5664ae577fdfd3b7fa1229d1b27289857a52 10379 libexosip2_4.1.0-1.debian.tar.gz
2dcc5c3bd2cbbde7e476e7af41458f0881b36127 327200 libexosip2-dev_4.1.0-1_amd64.deb
41f48ad5a00cc241c3d76ed0756add6716e7cf07 139274 libexosip2-11_4.1.0-1_amd64.deb
Checksums-Sha256:
e953c400ea45244733f29ddff1afcf7ee03ca4c75804d0e9531bfcfc18db722d 1541 libexosip2_4.1.0-1.dsc
3c77713b783f239e3bdda0cc96816a544c41b2c96fa740a20ed322762752969d 530997 libexosip2_4.1.0.orig.tar.gz
fc11df32263cf8f95c9137ce9b877d08c11d413642f83df312dde774e20b6261 10379 libexosip2_4.1.0-1.debian.tar.gz
dbe8ded9427248ef783c0f065dd9c4e8e46a4c66acbba3d1485a196ce8d77958 327200 libexosip2-dev_4.1.0-1_amd64.deb
ee4e2db968784280fd6b2ca30c80ad043d814c0cf89f275e60b51658595a1485 139274 libexosip2-11_4.1.0-1_amd64.deb
Files:
e47c28f7bd3a74f0d6fa468ec9a51af1 1541 libs optional libexosip2_4.1.0-1.dsc
62de8bf34dbf803bc531ad5b1adcd028 530997 libs optional libexosip2_4.1.0.orig.tar.gz
93c59a8cb451f62fab752227ea247b64 10379 libs optional libexosip2_4.1.0-1.debian.tar.gz
57636ad9b9dc14462db2f820693d8d45 327200 libdevel optional libexosip2-dev_4.1.0-1_amd64.deb
ba3387ac4e62fdbf2667fad313349d5f 139274 libs optional libexosip2-11_4.1.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlLc/9MACgkQoCzanz0IthLDxwCcDX+hL5wjATkj/pjLslCXS5LW
1ygAnAwakQG7VGwsuMLs4a/UIzVYU+1p
=QrEV
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 19 Feb 2014 07:35:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Nov 25 10:15:16 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.