2120577 – rust: rust-std-static-wasm32-wasi includes dlmalloc with disallowed CC0 license

Bug 2120577 - rust: rust-std-static-wasm32-wasi includes dlmalloc with disallowed CC0 license

Summary: rust: rust-std-static-wasm32-wasi includes dlmalloc with disallowed CC0 license

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rust
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Rust SIG
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-23 10:09 UTC by Florian Weimer
Modified:	2023-09-30 01:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:	rust-1.72.1-3.fc40
Clone Of:
Environment:
Last Closed:	2023-09-30 01:28:51 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	WebAssembly wasi-libc issues 319	0	None	open	dlmalloc has license incompatible with Fedora policies	2022-12-05 21:00:31 UTC

Description Florian Weimer 2022-08-23 10:09:51 UTC

libc.a contains this:

dlmalloc.o:
         U __heap_base
000022a0 T __libc_calloc
00001ba3 T __libc_free
00000001 T __libc_malloc
         U __stack_pointer
00000000 d _gm_
00003052 T aligned_alloc
000022a0 T calloc
00002788 t dispose_chunk
00001bae t dlfree
0000000c t dlmalloc
         U errno
00001ba3 T free
00002ea5 t internal_memalign
00000001 T malloc
00003072 T malloc_usable_size
         U memcpy
         U memset
000001d8 d mparams
00002e2a T posix_memalign
0000230c T realloc
         U sbrk

According to the malloc.c sources, the license is <http://creativecommons.org/publicdomain/zero/1.0/>, which Fedora calls CC0 or CC0-1.0. Per <https://docs.fedoraproject.org/en-US/legal/allowed-licenses/>, this license is not allowed for code.

There's another copy of dlmalloc in the rust sources under vendor/dlmalloc/src/dlmalloc.c; not sure how this is used.

Comment 1 Florian Weimer 2022-08-23 10:12:44 UTC

Previous versions of dlmalloc used a different language:

  This is a version (aka dlmalloc) of malloc/free/realloc written by
  Doug Lea and released to the public domain, as explained at
  http://creativecommons.org/licenses/publicdomain.  Send questions,
  comments, complaints, performance data, etc to dl.edu

Those versions are still acceptable to Fedora (see CC-PDDC).

Comment 2 Fabio Valentini 2022-08-23 10:19:22 UTC

According to the posts on the legal list, there will be some grace period for existing packages:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/RRYM3CLYJYW64VSQIXY6IF3TCDZGS6LM/
Right now, only new packages licensed CC0-1.0 are not allowed, existing packages are not going to be removed because of this.

Comment 3 Ben Cotton 2022-11-29 19:00:14 UTC

This message is a reminder that Fedora Linux 35 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '35'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 35 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 4 Josh Stone 2023-09-30 01:28:51 UTC

In rust-1.72.1-3.fc40, Fedora's build is using the unbundled wasi-libc-static which uses emmalloc, and I also update the bundled build to use emmalloc for non-Fedora.

Note You need to log in before you can comment on or make changes to this bug.