Issue 37 in vrjuggler: MD5-C code might be troublesome - use libmd5-rfc?
17 views
Skip to first unread message
vrju...@googlecode.com
Jan 16, 2012, 1:19:41 PM1/16/12
to vrjuggl...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 37 by ryan.pav...@gmail.com: MD5-C code might be troublesome -
use libmd5-rfc?
http://code.google.com/p/vrjuggler/issues/detail?id=37
The RSA-sourced md5-c code used in VPR (just for the uuid stuff) may or may
not be troublesome license-wise. Here's some information from people who
know more than me about it: (as well as a potential easier fix)
http://fedoraproject.org/wiki/Licensing:FAQ#What_about_the_RSA_license_on_their_MD5_implementation.3F_Isn.27t_that_GPL-incompatible.3F
If you want, I have branches that use libmd5-rfc, which contains no RSA
code (written from specs, not sample code -
http://sourceforge.net/projects/libmd5-rfc/ ) . Compare views are here:
https://github.com/rpavlik/vrjuggler/compare/3.0...switch-md5-impl-3.0
https://github.com/rpavlik/vrjuggler/compare/master...switch-md5-impl-master
It does at least work and doesn't appear to affect binary compatibility, at
least on Windows.
vrju...@googlecode.com
Apr 20, 2013, 7:56:21 PM4/20/13
to vrjuggl...@googlegroups.com
Comment #1 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Can you explain what the technical issue is? Even with the link you
provided I do not understand what the licensing problem may be with VR
Juggler.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
vrju...@googlecode.com
Apr 23, 2013, 4:23:08 PM4/23/13
to vrjuggl...@googlegroups.com
Comment #2 on issue 37 by ryan.pav...@gmail.com: MD5-C code might be
Licenses with an "advertising clause" (like old BSD) are GPL-incompatible.
The RSA-originated code in libmd5 (as included in the VR Juggler source
code) contains a license statement similar to (but more annoying than) the
old BSD advertising clause.
In the words of another alternate reimplementation: "Equivalent code is
available from RSA Data Security, Inc.
This code has been tested against that, and is equivalent,
except that you don't need to include two pages of legalese
with every copy." (Colin Plumb's version, in this case grabbed from here:
https://github.com/iodoom/iod3/blob/master/neo/idlib/hashing/MD5.cpp )
The Fedora link points out a "clarification" made by RSA that seems to
resolve the incompatibility for them, but it's unclear to me how it
actually does so, and why any particular allegiance is shown to that
version when there are alternate ones available under simpler zlib/png
licenses (like the libmd5-rfc) or similar permissive licenses.
Yes, it's a technicality, and I'm no lawyer, so I don't know if the Fedora
statement has any bearing on what VR Juggler is doing, but I ran across
this when building Debian packages, and it's likely an issue that would
keep VR Juggler out of Linux distributions. (And, if there is in fact a
legal issue, it might prohibit distribution of compiled "derivative
works") Just seemed easier to switch and be on the safe side.
vrju...@googlecode.com
Apr 23, 2013, 4:30:19 PM4/23/13
to vrjuggl...@googlegroups.com
Comment #3 on issue 37 by ryan.pav...@gmail.com: MD5-C code might be
See also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345837
The fully updated version of Colin Plumb's code as used by dpkg can be
found here, if you'd prefer that one. Looks like a drop-in replacement for
the RSA one used now (same struct/function names):
http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=blob;f=lib/dpkg/md5.h;hb=HEAD
http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=blob;f=lib/dpkg/md5.c;hb=HEAD
vrju...@googlecode.com
Apr 27, 2013, 2:36:45 PM4/27/13
to vrjuggl...@googlegroups.com
Comment #4 on issue 37 by patrick....@gmail.com: MD5-C code might be
My vote is to switch to Ryan's libmd5-rfc code. The Git branches look
perfectly sensible to me.
vrju...@googlecode.com
Aug 12, 2013, 6:39:02 PM8/12/13
to vrjuggl...@googlegroups.com
Updates:
Status: Accepted
Owner: doug.mcc...@gmail.com
Comment #5 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Thanks for your patch. This commit resolve the 3.0 issues:
https://code.google.com/p/vrjuggler/source/detail?r=f40fa3b523c9244a97dc668ca3988861b86c841e&name=3.0
Status: Accepted
Owner: doug.mcc...@gmail.com
Comment #5 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Thanks for your patch. This commit resolve the 3.0 issues:
https://code.google.com/p/vrjuggler/source/detail?r=f40fa3b523c9244a97dc668ca3988861b86c841e&name=3.0
vrju...@googlecode.com
Aug 12, 2013, 7:08:53 PM8/12/13
to vrjuggl...@googlegroups.com
Updates:
Status: Fixed
Comment #6 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Thanks for the patch. This commit resolves the master issues:
https://code.google.com/p/vrjuggler/source/detail?r=09e18eb4e57652654db42c820fe6e63dc162e4c0&name=master
Please note the commit message. I manually applied changes to the vc10
build files without verifying that the changes work. I do not have access
to MSVS 2010.
Status: Fixed
Comment #6 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Thanks for the patch. This commit resolves the master issues:
https://code.google.com/p/vrjuggler/source/detail?r=09e18eb4e57652654db42c820fe6e63dc162e4c0&name=master
Please note the commit message. I manually applied changes to the vc10
build files without verifying that the changes work. I do not have access
to MSVS 2010.
vrju...@googlecode.com
Aug 14, 2013, 2:31:42 PM8/14/13
to vrjuggl...@googlegroups.com
Comment #7 on issue 37 by ryan.pav...@gmail.com: MD5-C code might be
FYI - looks like the cherrypick somehow broke things: it's not finding the
include directory. (I don't remember if I tested this using the Doozer
build system or just the CMake and vcproj ones - it may be possible that I
missed some place where I should have changed an include directory)
modules/vapor/vpr/Util/GUID.cpp:49:19: fatal error: md5.h: No such file or
directory
vrju...@googlecode.com
Aug 14, 2013, 2:52:45 PM8/14/13
to vrjuggl...@googlegroups.com
Updates:
Status: Accepted
Comment #8 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Can you create a patch for this?
Status: Accepted
Comment #8 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
Can you create a patch for this?
vrju...@googlecode.com
Aug 14, 2013, 3:52:28 PM8/14/13
to vrjuggl...@googlegroups.com
Comment #9 on issue 37 by ryan.pav...@gmail.com: MD5-C code might be
Should just be a search and replace of md5-c with libmd5-rfc. That should
work on both branches.
vrju...@googlecode.com
Aug 14, 2013, 4:03:51 PM8/14/13
to vrjuggl...@googlegroups.com
Comment #10 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
OK, sounds like a straight forward plan, send me a patch and I will get it
applied.
vrju...@googlecode.com
Aug 14, 2013, 4:15:05 PM8/14/13
to vrjuggl...@googlegroups.com
Comment #11 on issue 37 by ryan.pav...@gmail.com: MD5-C code might be
Here I was hoping you'd just run sed yourself...
Anyway, here are the patches for both branches.
Attachments:
3.0-patches.zip 1.7 KB
master-patches.zip 2.3 KB
vrju...@googlecode.com
Aug 14, 2013, 9:56:58 PM8/14/13
to vrjuggl...@googlegroups.com
Comment #12 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
I just applied the patches. Based on what I saw for the 3.0 branch I am
guessing it still has build issues. There were no actual changes for the
modules source tree in those patches. Anyway, give it a try and we will see
if things are resolved.
vrju...@googlecode.com
Sep 18, 2013, 10:14:07 PM9/18/13
to vrjuggl...@googlegroups.com
Updates:
Status: Fixed
Comment #13 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
I think this is finally corrected.
Status: Fixed
Comment #13 on issue 37 by doug.mcc...@gmail.com: MD5-C code might be
I think this is finally corrected.
Reply all
Reply to author
Forward
0 new messages