Since 673655b40733 ("dropbear: clean up the rule file and add bugfix")
it's explicitly stated, bundled libtomcrypt and libtommath are used in
the ptxdist dropbear package. Before very likely also the bundled libs
were used, because no separate packages exist in ptxdist. So the
dropbear package should consider the licenses of the bundled libs.
As of dropbear 2019.78, dropbear itself states in its 'LICENSE' file
those libs are public domain, but in fact those libs are dual licensed
public_domain and WTFPL, as their license files state.
Adding hashes for the bundled libs will help detect future changes, as
long as the dropbear package uses the bundled variant of that libs.
Signed-off-by: Alexander Dahl <a...@thorsis.com>
---
rules/dropbear.make | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index d52efa396..acd9ef5f9 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -23,9 +23,12 @@ DROPBEAR_SUFFIX := tar.bz2
DROPBEAR_URL :=
http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
DROPBEAR_SOURCE := $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX)
DROPBEAR_DIR := $(BUILDDIR)/$(DROPBEAR)
-DROPBEAR_LICENSE := MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short
+DROPBEAR_LICENSE := \
+ MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain
OR WTFPL)
DROPBEAR_LICENSE_FILES := \
file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \
+ file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
+ file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \
file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
# ----------------------------------------------------------------------------
--
2.27.0
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to
ptxdist-requ...@pengutronix.de
