Allwinner CedarX Media Codec Library GPL/LGPL Compliance Update

Last month, I wrote about potential open source licenses and VP6 copyright infringement by Allwinner with their CedarX media codec library, and then since there’s been a few developments.
Allwinner_GPL_LGPL

First, Allwinner sent me an email saying they’ve now updated Cedarx library and referring my previous article. Here’s an extract:

Here, I have some update of the Allwinner’s open-source status.

We have done a lot of discussion with the developers from the linux-sunxi communication about the software license of CedarX. For each question or requirement asked by the developers, Allwinner has identify and try to give the best solution.

Now, we believe Allwinner’s CedarX license is fully compliant and resolves concerns from the community. And you can take the announcement https://www.mail-archive.com/linux-sunxi@googlegroups.com/msg10597.html as a reference.

Allwinner is always supporting the open-source, and try to do better and better. You can see some update on the github https://github.com/allwinner-zh, and some feedback from developers: https://github.com/allwinner-zh/bootloader/issues/5.

It’s difficult to make everyone happy, but we believe Allwinner will do better and better, and give more and more help to the developers, and we believe Allwinner will be accepted by more and more developers.

The announcement claims “the CedarX media codec framework is now released with full open source code under the LGPL license”. That actually means there’s an open source API to access the closed source binaries that’s released under the LGPL license. The good news is the VP6 code that could infringe on On2/Google copyrights has now been removed and they are using ffmpeg instead.

So I asked on linux-sunxi IRC channel to find out if there was real progress made, and soon after some more details were released on linux-sunxi mailing list, and the part that looks really bad is:

264FillDefaultRefList() and a lot of code around it is straight out of the libavcodec h264 decoder. The original name for that function is ff_h264_fill_default_ref_list() in libavcodec/h264_refs.c: https://github.com/FFmpeg/FFmpeg/blob/master/libavcodec/h264_refs.c#L115 This is new, as some totally different code for h264 was available in the previous versions of the cedarx binaries.

This looks like Allwinner reached a new low, as it would mean Allwinner purposely renamed some function from LGPL code to make it look like it was their own. However, another email on arm-netbook mailing list by a soon-to-be Allwinner’s software engineer gives some more light to what actually happened here:

I can explain the whole process in a whole detail, because I was directly involved in the process of this decision and I can tell where this is going right now:

The rename was done to fix the LGPL violations by adding a wrapper for the GPLed libraries which will be LGPLed and published. This way we have Binary<->LGPLed open source code<->GPL libraries

Next step will be to drop the whole “we ship our own SDK”-thing and move over to stream our code into the existing open source alternatives.

But until the FOSS libraries have all the functionality from the shipped SDK we can not just stop supporting our customers in China. Also we can not suddenly make it open source for the following reasons:

  • Some engineers and managers do not fully comply with the GPLing of their code yet.
  • The code has awful coding style and my armcc refuses to compile at least 2/3 of the code because of the Chinese comments.
  • Also some of the engineers obviously have never heard the term “revision control” which makes it even harder to locate the actual version of the source code from which the binary was compiled from… -.-‘

So Allwinner has not make it right just yet, but at least they are trying, and even hiring western engineers to try fixing the licensing issues. I’m just not sure the current plan for binary<->LGPL wrapper<->GPL is actually valid, but at least they have longer term plan to upstream changes to open source project, at least that’s the way to understand the email above. Beside legal and technical work, moving from closed source “license infringing” code to properly licensed code is also a social engineering task, as all stakeholders in the company and possibly their customers must be convinced proper licensing is the way to go, and not the business as usual “just copy code from the net” and ignore licensing terms as Allwinner and many other companies have done in the past.

  1. March 23rd, 2015 at 17:34 | #1

    and that’s exactly the reason i’d prefer people wrongly using GPL-stuff to people that don’t use it at all (and doing own closed-source bullshit).
    Both ways leave me with closed binaries, but GPL-violating gives the community leverage to get code released. So i might get a clean system some day.

    As for that binaryLGPL-WrapperGPL lib:
    it depends on how it’s implemented. Imho if that binary-stuff is just an exchangeable part that’s not compiled together with the libs/wrapper, then it should be fine.
    Like you can use Gimp to draw nonfree images and read nonfree plugins.
    But if you compile it together (i.e. adding nonfree lib to the source) then it’s invalid.

  2. LinAdmin
    March 23rd, 2015 at 17:45 | #2

    After reading these emails I remain rather sceptical about a soon solution.

  3. ade
    March 23rd, 2015 at 17:56 | #3

    @ade

    I’m skeptical about the legal aspect of “Binary [__] LGPLed open source code [__] GPL librarie” if “[__]” means “link”. Indeed, IMO the GPL is “viral” i.e. if a LGPL lib links to it, it becames GPL (otherwise the whole business models of dual commercial-GPL lib would be threatened), and therefore the Binary still has to be GPL.
    I think the only way to have it OK would be to avoid dynamic linking, i.e. to use IPC to a daemon in-between e.g.
    “Binary [__ IPC __] GPL Daemon [__] GPL Lib”

  4. nonshopper
    March 23rd, 2015 at 19:10 | #4

    @ade
    I think you are right. I might have to reread licenses, but out of my mind, they are not allowed to circumvent the GPL like this (I think we’d see it more often otherwise). They don’t need a license for their wrapper, but they still can’t link it with GPL code unless they license the whole with GPL, And they are not the sole owners of the whole work, so they can’t link it with binary code without getting permission from all the GPLd code authors. They possibly legally could do IPC as you said, but I don’t know if that would be acceptable performance-wise.
    The whole exercise stinks in that they want to have their cake and eat it too. You either code or buy all your propietary code (or draw from permissive licensed code) or you use copyleft works of others and then share your sources with your users. That’s the whole point of writing a copyleft license, not some bureaucratic inconvenience surmountable with good intentions.
    If they think that shipping something that works now (and is not upgradable as software evolves) is good enough for them, and don’t think copyright is important enough then they can say so, and handle the lawsuits that should come. But if they are going to violate copyright they can as well screw the proprietary authors and publish their source code (but warn others, because many of us want to have source code that we can legally use). If they choose to victimize free software authors, then I hope F.S. authors will sue them and win, no other action is likely to change Allwinner ways. It’s best to talk before suing, but once the other party keeps avoiding their obligations, and pocketing the profits it gives them, there’s a limit to anyone’s patience.
    And those of us who cannot sue should do our best to explain that the company is selling not acceptable products, not caring for future usability and not offering anything trusty (if they were legally sound it would still be frightening hearing that they don’t even use revision control, but then you could at least think it’s lower quality for lower price).
    We would need some consumer association looking at these issues and compiling some status tables for all the different consumer products out there. No small tasks… But it really takes both courts and market.

  5. Jon Smirl
    March 23rd, 2015 at 20:32 | #5

    I think someone is confused on the “GPL libraries” bit. You never make user space libraries GPL, no one will tolerate it. Doing that would force every single app that used the library to be GPL and that’s never going to happen. The GPL would infect up the chain – you’d have to GPL use space banking apps, CAD/CAM, video players, etc. So all user space libraries are LGPL/MIT/etc or no one will use them. Some libraries are mutli-licensed like Mozilla. Mozilla is MPL, LGPL, GPL. You get to pick which want you want. LGPL is purposely not viral so that it does not infect the chain.

    So it it legally ok to make a LGPL wrapper around a proprietary binary in user space. But it is definitely not ok to put LGPL code into your proprietary binary and call it your own, that’s just stealing. You also need to consider if proprietary
    binaries serve your customer’s needs. In our case we wasted a lot of development money on Allwinner before abandoning the proprietary binaries and going with another vendor.

    I don’t see why people have so much trouble following the GPL/LGPL. It is a very simple exchange. The people that wrote the GPL/LGPL code are willing to share it with you if you will also share your code with them. No money is exchanged. If you don’t like these terms please don’t use GPL/LGPL code. Instead go use Microsoft code and after their license enforcement people get through emptying your wallet you’ll understand what a good deal the GPL/LGPL code was.

  6. Someone
    March 23rd, 2015 at 21:43 | #6

    @Jon Smirl
    You’re totally right: but these companies think stealing GPL code is not really a problem, because it’s free (!) and none will ever sue them.

  7. passante
    March 23rd, 2015 at 22:07 | #7

    FsF should sue them more and more, or the entire opensource movement will loose momentum.
    Kickstarting a campaign to sue them will educate a lot of companies in one shot.

  8. anon
    March 24th, 2015 at 00:00 | #8

    @passante
    Sue large-ish Chinese company in China for IP violations… Good luck. :-S

  9. rasz_pl
    March 24th, 2015 at 01:27 | #9

    @anon

    not in china, sue in germany, block imports to EU

  10. Sobtech
    March 24th, 2015 at 06:34 | #10

    i will never buy a Allwinner!
    Cheater! just take without cooperation with communities…

  11. kusta
    March 24th, 2015 at 06:37 | #11

    This is one more reminder why people should stay away from all Allwinner sh*t, worst company among SoC’s in today world.

  12. anon
    March 24th, 2015 at 10:31 | #12

    @kusta
    Not really, unfortunately pretty much all ARM SoC manufacturers do that kind of stuff, and similar stuff have happened in the past in the x86 world too, and it took years of fighting to get x86 manufacturers start to accept the copyleft license, and its usage… Remember there were more than Intel/AMD/VIA once.

    And MIPS with Imagination messing about is no spring chicken either. 🙂

  13. March 24th, 2015 at 18:01 | #13

    @anon
    Could you please explain what you mean by your last comment? We have not broken any GPL rules when it comes to MIPS.

    In fact, here is a chart showing our contributions to the kernel for MIPS CPUs
    http://blog.imgtec.com/wp-content/uploads/2014/06/Linux-for-MIPS-Up-stream-Linux-kernel-patches.png

    Thanks,
    Alex.

  14. anon
    March 24th, 2015 at 18:29 | #14

    @Alexandru Voica
    OK, maybe it is just a casual observation of Imagination just doing their own thing as closed source, than actually using already existing GPL’d code per se, there is nothing wrong doing it proprietary of course, as long as the resulting binary blobs are not linking with outside GPL code, but of course the bad thing about that is that those proprietary pieces never are able to be upstreamed to mainline.

    MIPS as a CPU is perfectly fine (used those amazing (at the time) SGI O2 and Octane2 systems back in the day), it is the proprietary IP on GPU/VPU-side that irks the FLOSS crowd.

    BTW, too bad there is no high-end MIPS64 chips that people could use as a (headless) server systems, as now they need all kind of nasty hacks with non-mainline (old) kernel snapshots, in that sense the MIPS would have an upper hand on ARM.

  15. Jon Smirl
    March 24th, 2015 at 20:32 | #15

    Please don’t beat up on Allwinner for Mali or the PowerVR GPUs. Allwinner does not control the open sourcing of that code. Go beat up on ARM, Inc and Imagination Tech. This applies to all of the CPUs using these GPUs. AFAIK there are no open source choices for ARM GPUs that are available as IP blocks that Allwinner could license. The reason every one quotes for keeping the GPUs closed is that there are too many patents on GPUs and every one is violating everyone else’s patents. Opening the source would ignite huge legal wars.

    Also, I’ve never seen a clear statement out of Allwinner as to whether they completely own Cedar or if parts of it are licensed. If some of it is licensed that could explain a lot. Then we’d need to know who it was licensed from and go beat up on them.

  16. ade
    March 24th, 2015 at 21:39 | #16

    @Sobtech
    In fact, Allwinner may not be perfect but they are not _that_ bad compared to some other chipset makers (not sure Rockchip, Mediatek, Realtek, etc. are doing much better…), and at least they are trying to improve (slowly, yet better than nothing). Besides, the main problem IMO is not on Allwinner side but rather on the ODM/OEM side : try to get any board/kernel source-code for any chinese tablet / smartphone / router you’d find on Alibaba/Taobao. Good luck ! For example, even as a _customer_ ordering a few thousands routers, I had to fight really hard to get my hands on some (incomplete/unusable) source-code, and finally ended doing my own reverse-engineering to port openwrt to my routers. Most ODMs/OEMs – especially the smallest – will just grab GPL source code and pretend it’s their own (and make you pay or sign an NDA to have access to it).

  17. anon
    March 24th, 2015 at 22:57 | #17

    @ade
    When there is such purchase scales involved, maybe some random ODM could whip out an custom ASIC off opencores.org, the costs of custom ASIC production on anything above “current lowest node size * 4” is actually pretty decent, seen few designs (hand-made, partly by me) getting done on 90nm for under a $1k for a 150mm wafer (from MOSIS), and that was an one-off wafer only, they are ready to go down in price is someone would want more.

    There might even be market for FLOSS people to start actually producing their own ASICs, then they would know absolutely what they have, and how far they can take their own designs, without starting patent wars. 🙂

  18. anon
    March 25th, 2015 at 01:41 | #18

    @anon
    If one wonders do civilians actually do such things by themselves (and sometimes only for themselves) one cool site to get into the mindset is “copyleft hardware planet”: http://en.qi-hardware.com/planet/

    Be aware that that site is one HUGE thingie that sucks out browser memory like there is no tomorrow, ARM systems with only 1GB of memory might get nice lock-ups, freezes, or reboots… You have been warned. 🙂

  19. notzed
    March 25th, 2015 at 07:35 | #19

    Isn’t there a clause in the GNU GPL which revokes (all? or just the applicable) GPL licenses until they are explicitly re-enabled by the authors?

    GNU GPL is perfectly valid for libraries and used quite often: there is a good reason the GNU LGPL was renamed to the “Lesser”, you know, decades ago.

    Linking GNU GPL with any proprietary code _and distributing it_ is forbidden, explicitly. It doesn’t matter how many ‘wrappers’ you go through. The system-call interface is the only real hard boundary though and anything else above that is less so and muddied with different language linking conventions and their interaction with law designed to protect printers.

    I don’t get how many people don’t “understand” this when it’s one of the cleanest bit of legalese you are likely to ever come across and common sense tells you that without this it would be entirely toothless. It’s almost as if the internet has made willful ignorance some sort of perverse badge of honour to be flashed at every opportunity.

    The ONLY exception to this rule is the weak and usually exploited ‘system supplied’ clause. Which could be made to apply here as well and loosely as it does in most other cases. However, each layer must be license and interface clean: you can’t include (L)GPL code in a proprietary library that is part of that interface. You can’t add ‘hooks’ directly or through patches from the library to your proprietary code.

    GNU LGPL is probably worse than GNU GPL for hardware vendors because it can’t just be weakly exploited by just making the source you used available: in the LGPL case as a user you have to be able to replace the LGPL code in the running system. Either via the whole library or a separate object file you can re-link. You certainly can’t just cut and paste (L)GPL snippets into any non-compatible source file.

  20. Jon Smirl
    March 25th, 2015 at 08:30 | #20

    All of the shared libraries on Linux are LGPL. They have to be, if they were GPL then any random app that runs on Linux would get GPL’d due to the viral infection. That would be the end of Linux if that was the case. You can GPL static user space libraries but they will be limited in their use. You can also GPL apps if you choose to. It is fine for a GPL app to use LGPL libraries.

    Of course Stallman wants all of the Linux shared objects to be GPL’d so that there is no more proprietary software, but that’s not going to happen. For example if that was the case all of those Steam games on Linux would disappear. You can GPL your shared library if you want, but no one will use it is for a few GPL’d apps.

    The penalty for violating the GPL is a removal of your license to use the code. If you continue to ship code after a GPL violation you can be hauled into court for copyright infringement. The collective authors don’t need to do anything. Just one author has to be party to the copyright infringement suit. In general it is impossible to get all of the authors to do anything – many are lost or even dead.

    The LGPL is viral at a source code level, not at the binary level. If you copy snippets of LGPL code the viral clause turns whatever you copied it into into LGPL’d code. However you can do anything you want to a LGPL binary except alter it. The LGPL stops at the shared object interface. You can wrap it however you choose to.

  21. ade
    March 25th, 2015 at 17:18 | #21

    @Jon Smirl
    > “All of the shared libraries on Linux are LGPL. They have to be, if they were GPL then any random app that runs on Linux would get GPL’d due to the viral infection. That would be the end of Linux if that was the case”

    I disagree : some libs are GPL. This is the whole business-model of dual-licensing (GPL+commercial), remember QT before Trolltech was bough by Nokia ? Rememer YaSSL ? Remember this article from Stallman https://www.gnu.org/philosophy/why-not-lgpl.html ?
    However, I agree GPL is “viral”. IMO it is a bit too strong while BSD is too weak, and LGPL/MPL are the right balance for me (even for applications, not only for libs) : I don’t like putting restrictions on technical choices for non-technical reasons (i.e. some people may want to copy-paste some GPL code from an app to a lib. Another example : a long time ago I wanted to experiment / move some code from the linux kernel to userland libs, but *BSDs are the only OS that can be used as a basis for micro/nano/exokernel experiments for that reason…). But that’s only my opinion for my case : I totally understand the business-model of dual-licenced GPL+commercial libs (and QT would probably not had the same quality if it was not backed by a company like Trolltech…)

  22. Jon Smirl
    March 25th, 2015 at 20:08 | #22

    QT is dual licensed commercial and LGPL.

  23. Jon Smirl
    March 25th, 2015 at 20:12 | #23

    Actually is it triple licensed like Mozilla.

    http://doc.qt.io/qt-5/licensing.html

    Enterprise, Professional, and Indie Mobile licenses.
    Community license (GPL or LGPL versions 3 and 2.1).

  24. anon
    March 26th, 2015 at 09:39 | #24

    Allwinner is taking it even further, now stripping symbols to make it harder to detect the source of the code: http://www.phoronix.com/scan.php?page=news_item&px=Allwinner-Stripped-Symbols

  25. Simos
    March 27th, 2015 at 23:18 | #25

    @anon

    It’s downright silly to complain about “strip”-ing symbols. Any closed-source libraries that are distributed by companies, are stripped.
    It’s standard practice and way too common. See all those GPU libraries from ARM or ImgTec. All stripped!

    What happened was that Allwinner simply omitted to strip the initial version of the libraries.

  26. anon
    March 29th, 2015 at 19:04 | #26

    @Simos
    Yep, all final binaries usually strip them, and AllWinner just made an amateur mistake that made their code stealing to surface instantly, now on they will strip them always, and can get away with it longer, but of course people are constantly datamining binaries (and hopefully someone will setup big iron for that task alone sometime in the future), so more corporations will keep get caught on it in the future, it is just sad fact that there is not much the FLOSS crowd can do about it. 🙁

    Money > Morale/Ethics.

  27. April 10th, 2015 at 17:28 | #27

    Open source NAND flash driver released by Allwinner -> https://github.com/allwinner-zh/linux-3.4-sunxi/tree/master/modules/nand

  28. May 19th, 2015 at 08:34 | #28

    One more release:

    “We’re proud to announce a new code release today for CedarX. Before delving
    into the details, I’d like to share some context:

    1. As a growing company, we are doing our best to understand the needs of the
    open source software community. This is a learning process. We’re working
    with different people across the Linux development community to better
    understand best practices.

    2. Open source software development is a collaborative process. It works
    because people genuinely want to help others improve and be successful. Some
    people are new and others help them learn the ropes over time. We hope that
    this same positive feedback process can be applied to GPL.

    With that context, here’s an update on our CedarX code release (we welcome
    constructive feedback!)

    1. New code architecture. Driver has been split into several plugins, one
    plugin per video format.
    2. GPL-complaint. We have scanned and analyzed the code to ensure that there
    is no GPL code used or called.
    3. Partial CedarX video decoder source code release. MPEG2, MPEG4, MJPEG, and
    H264 drivers source code available.

    We hope this is helpful to everyone. If not, please let us know how we can
    improve. Thanks!”

  29. sky770
    May 19th, 2015 at 09:41 | #29

    #2:
    “..that there is no non? GPL code used or called..”

  1. No trackbacks yet.