Debian Bug report logs - #688868
Upstream license exception required to enable linking with SSL

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Guillaume BERAUDO <guillaume.beraudo@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: libexosip2: should be compiled with SSL support

Date: Wed, 26 Sep 2012 15:40:30 +0200

Package: libexosip2-7
Version: 3.6.0-4
Severity: serious
Justification: 0: makes the package in question unusable or mostly so

Dear Maintainer,

The exosip library is not compiled with SSL support.
The control file marks libssl-dev as a build conflict.

I couldn't find the rationale behind it; only a bug report from 2007 on
Bayonne mention the fact. See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=442964 .


Today this bug has become serious because many routers mess up with
unencrypted SIP traffic, preventing calls to succeed.

TLS was added to Linphone one year ago using exosip with SSL and it
works as expected and is available in wheezy.


I hesitated to set the severity to serious, but frankly, many people
will be stuck in using skype if TLS support is not available in their
softphone.


Cheers,

Guillaume


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libexosip2-7 depends on:
ii  libc6              2.13-35
ii  libosip2-7         3.6.0-4
ii  multiarch-support  2.13-35

libexosip2-7 recommends no packages.

libexosip2-7 suggests no packages.

-- no debconf information

Message #10 received at 688868@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <mark@purcell.id.au>

To: Guillaume BERAUDO <guillaume.beraudo@gmail.com>, 688868@bugs.debian.org

Subject: Re: Bug#688868: libexosip2: should be compiled with SSL support

Date: Sat, 29 Sep 2012 19:12:18 +1000

[Message part 1 (text/plain, inline)]

tags 688868 wontfix upstream
tags 688868 severity wishlist
retitle 688868 Upstream license exception required to enable linking with SSL
thanks


On Wed, 26 Sep 2012 23:40:30 Guillaume BERAUDO wrote:
> The exosip library is not compiled with SSL support.
> The control file marks libssl-dev as a build conflict.

Guillaume,

It is not always permitted to link gpl code with ssl unless upstream provides 
a license exception:

http://www.openssl.org/support/faq.html#LEGAL2
http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html

	The GPL (including version 3) is incompatible with some terms of the
	OpenSSL license, and therefore Debian does not allow GPL-licensed code
	linked with OpenSSL libraries unless there is a license exception
	explicitly permitting this.

Mark

[signature.asc (application/pgp-signature, inline)]

Message #19 received at 688868-forwarded@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <mark@purcell.id.au>

To: jack@atosc.org, osip@atosc.org

Cc: 688868-forwarded@bugs.debian.org, Guillaume BERAUDO <guillaume.beraudo@gmail.com>

Subject: Fwd: Re: Bug#688868: libexosip2: Upstream license exception required to enable linking with SSL

Date: Sat, 6 Oct 2012 16:58:23 +1000

[Message part 1 (text/plain, inline)]

Aymeric,

If you wish to allow libexosip2 to be shipped with SSL support you will need 
to provide a licence exception like the following:
	
	"This program is released under the GPL with the additional exemption 	
	that compiling, linking, and/or using OpenSSL is allowed"

Mark


Can I use OpenSSL with GPL software?

On many systems including the major Linux and BSD distributions, yes (the GPL 
does not place restrictions on using libraries that are part of the normal 
operating system distribution).
On other systems, the situation is less clear. Some GPL software copyright 
holders claim that you infringe on their rights if you use OpenSSL with their 
software on operating systems that don't normally include OpenSSL.

If you develop open source software that uses OpenSSL, you may find it useful 
to choose an other license than the GPL, or state explicitly that "This 
program is released under the GPL with the additional exemption that 
compiling, linking, and/or using OpenSSL is allowed." If you are using GPL 
software developed by others, you may want to ask the copyright holder for 
permission to use their software with OpenSSL.


----------  Forwarded Message  ----------

Subject: Re: Bug#688868: libexosip2: should be compiled with SSL support
Date: Sat, 29 Sep 2012, 19:12:18
From: Mark Purcell <mark@purcell.id.au>
To: Guillaume BERAUDO <guillaume.beraudo@gmail.com>, 688868@bugs.debian.org

tags 688868 wontfix upstream
tags 688868 severity wishlist
retitle 688868 Upstream license exception required to enable linking with SSL
thanks


On Wed, 26 Sep 2012 23:40:30 Guillaume BERAUDO wrote:
> The exosip library is not compiled with SSL support.
> The control file marks libssl-dev as a build conflict.

Guillaume,

It is not always permitted to link gpl code with ssl unless upstream provides 
a license exception:

http://www.openssl.org/support/faq.html#LEGAL2
http://lintian.debian.org/tags/possible-gpl-code-linked-with-openssl.html

	The GPL (including version 3) is incompatible with some terms of the
	OpenSSL license, and therefore Debian does not allow GPL-licensed code
	linked with OpenSSL libraries unless there is a license exception
	explicitly permitting this.

Mark

-----------------------------------------

[signature.asc (application/pgp-signature, inline)]

Message #24 received at 688868@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: Serge Pouliquen <sp31415@free.fr>

Cc: 688868@bugs.debian.org, Aymeric Moizard <amoizard@gmail.com>, 688868-submitter@bugs.debian.org

Subject: Re: question about exosip with ssl support

Date: Thu, 14 Mar 2013 20:32:11 +1100

[Message part 1 (text/plain, inline)]

tags 688868 fixed-upstream pending -wontfix
thanks

Serge, (& Aymeric)

Great news, yes this means that from this version we can link and ship with 
SSL support.

No issue contacting me this way, but it would be better via the BTS through 
email to: 688868@bugs.debian.org

Mark


On Wed, 13 Mar 2013 08:12:46 Serge Pouliquen wrote:
> Hi,
> 
> In bug 688868, you have indicated that exosip license doesn't allow
> openssl. The developer made a recent modification (in dev branch) in the
> license. Could you check if the modification is compatible with your
> expectation ?
> 
> http://git.savannah.gnu.org/cgit/exosip.git/commit/?id=f449310b14626034cb78
> 4f703458380a0ff41a62
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688868
> 
> I hope that I am not doing a mistake by contacting you that way.
> 
> Regards,
> Serge Pouliquen
> (a end-user interested in SSL support in exosip)

[signature.asc (application/pgp-signature, inline)]

Message #36 received at 688868@bugs.debian.org (full text, mbox, reply):

From: Serge Pouliquen <sp31415@free.fr>

To: 688868@bugs.debian.org

Subject: Re: question about exosip with ssl support

Date: Tue, 19 Mar 2013 02:55:48 +0100

Hi,

Thank you for the feedback.

Is it possible for you to propose a new version of the exosip package 
with ssl support ?
Probably in experimental repository...

Regards,
Serge Pouliquen


On 03/14/2013 10:32 AM, Mark Purcell wrote:
> tags 688868 fixed-upstream pending -wontfix
> thanks
>
> Serge, (&  Aymeric)
>
> Great news, yes this means that from this version we can link and ship with
> SSL support.
>
> No issue contacting me this way, but it would be better via the BTS through
> email to: 688868@bugs.debian.org
>
> Mark
>
>
> On Wed, 13 Mar 2013 08:12:46 Serge Pouliquen wrote:
>> Hi,
>>
>> In bug 688868, you have indicated that exosip license doesn't allow
>> openssl. The developer made a recent modification (in dev branch) in the
>> license. Could you check if the modification is compatible with your
>> expectation ?
>>
>> http://git.savannah.gnu.org/cgit/exosip.git/commit/?id=f449310b14626034cb78
>> 4f703458380a0ff41a62
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688868
>>
>> I hope that I am not doing a mistake by contacting you that way.
>>
>> Regards,
>> Serge Pouliquen
>> (a end-user interested in SSL support in exosip)

Message #43 received at 688868@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: Gijs Hillenius <gijs@hillenius.net>

Cc: 688868@bugs.debian.org

Subject: Re: libexosip2 and openssl

Date: Sun, 10 Nov 2013 17:00:58 +1100

[Message part 1 (text/plain, inline)]

On Sat, 9 Nov 2013 18:51:35 Gijs Hillenius wrote:
> Hello Mark,
> 
> I'm trying to configure linphone, but might be running into Debian bug
> 688868. (could not start tls transport on port 5061..)
> 
> However, reading that bug's report, I would think that bug has
> actually already been fixed. That is not entirely clear from the
> changelog.. it seems to have been fixed, but the bug is now marked
> whishlist in libexosip2-7. I'm not entirely sure how this is linked to
> libexosip2-10

Gijs,

This bug hasn't yet been closed as does continue to effect libexosip2-10.

I was waiting for an update from upstream, but perhaps I should pull the 
upstream change into Debian early.

Mark

[signature.asc (application/pgp-signature, inline)]

Message #48 received at 688868-close@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: 688868-close@bugs.debian.org

Subject: Bug#688868: fixed in libexosip2 4.1.0-1

Date: Tue, 21 Jan 2014 16:00:06 +0000

Source: libexosip2
Source-Version: 4.1.0-1

We believe that the bug you reported is fixed in the latest version of
libexosip2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 688868@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated libexosip2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 20 Jan 2014 21:48:15 +1100
Source: libexosip2
Binary: libexosip2-dev libexosip2-11
Architecture: source amd64
Version: 4.1.0-1
Distribution: experimental
Urgency: low
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description: 
 libexosip2-11 - eXtended osip library
 libexosip2-dev - eXtended osip library development files
Closes: 688868 735950
Changes: 
 libexosip2 (4.1.0-1) experimental; urgency=low
 .
   * New upstream release
   * NEW package libexosip2-11 - match soname
   * Fix "use dh-autoreconf instead of autotools-dev to fix FTBFS on
     ppc64el" patch from ~logan (Closes: #735950)
   * Fix "Upstream license exception required to enable linking with SSL"
     Upstream exception added to debian/copyright (Closes: #688868)
   * Add Build-Depends: libssl-dev
   * quilt refresh
   * Fix further spelling-error-in-manpage.patch
Checksums-Sha1: 
 bbdb2dc85e25e1b3fb05a09faa88bf93c70d108d 1541 libexosip2_4.1.0-1.dsc
 f85e93227f772acac1b3e17b69c6b8a708336ba8 530997 libexosip2_4.1.0.orig.tar.gz
 3d8b5664ae577fdfd3b7fa1229d1b27289857a52 10379 libexosip2_4.1.0-1.debian.tar.gz
 2dcc5c3bd2cbbde7e476e7af41458f0881b36127 327200 libexosip2-dev_4.1.0-1_amd64.deb
 41f48ad5a00cc241c3d76ed0756add6716e7cf07 139274 libexosip2-11_4.1.0-1_amd64.deb
Checksums-Sha256: 
 e953c400ea45244733f29ddff1afcf7ee03ca4c75804d0e9531bfcfc18db722d 1541 libexosip2_4.1.0-1.dsc
 3c77713b783f239e3bdda0cc96816a544c41b2c96fa740a20ed322762752969d 530997 libexosip2_4.1.0.orig.tar.gz
 fc11df32263cf8f95c9137ce9b877d08c11d413642f83df312dde774e20b6261 10379 libexosip2_4.1.0-1.debian.tar.gz
 dbe8ded9427248ef783c0f065dd9c4e8e46a4c66acbba3d1485a196ce8d77958 327200 libexosip2-dev_4.1.0-1_amd64.deb
 ee4e2db968784280fd6b2ca30c80ad043d814c0cf89f275e60b51658595a1485 139274 libexosip2-11_4.1.0-1_amd64.deb
Files: 
 e47c28f7bd3a74f0d6fa468ec9a51af1 1541 libs optional libexosip2_4.1.0-1.dsc
 62de8bf34dbf803bc531ad5b1adcd028 530997 libs optional libexosip2_4.1.0.orig.tar.gz
 93c59a8cb451f62fab752227ea247b64 10379 libs optional libexosip2_4.1.0-1.debian.tar.gz
 57636ad9b9dc14462db2f820693d8d45 327200 libdevel optional libexosip2-dev_4.1.0-1_amd64.deb
 ba3387ac4e62fdbf2667fad313349d5f 139274 libs optional libexosip2-11_4.1.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlLc/9MACgkQoCzanz0IthLDxwCcDX+hL5wjATkj/pjLslCXS5LW
1ygAnAwakQG7VGwsuMLs4a/UIzVYU+1p
=QrEV
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.