71 lines
3 KiB
Diff
71 lines
3 KiB
Diff
From bcb6fbcb58e6256516d5a63e6c27c3dd880373c3 Mon Sep 17 00:00:00 2001
|
|
From: Kurt Roeckx <kurt@roeckx.be>
|
|
Date: Sun, 9 Feb 2014 16:10:14 +0000
|
|
Subject: Don't check the status field of the OpenSSL version
|
|
|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
|
|
not compatible the soname will change. OpenSSH seems to want to do a
|
|
check for the soname based on the version number, but wants to keep the
|
|
status of the release the same. Remove that check on the status since
|
|
it doesn't tell you anything about how compatible that version is.
|
|
|
|
Author: Colin Watson <cjwatson@debian.org>
|
|
Bug-Debian: https://bugs.debian.org/93581
|
|
Bug-Debian: https://bugs.debian.org/664383
|
|
Bug-Debian: https://bugs.debian.org/732940
|
|
Forwarded: not-needed
|
|
Last-Update: 2023-09-02
|
|
|
|
Patch-Name: no-openssl-version-status.patch
|
|
---
|
|
openbsd-compat/openssl-compat.c | 8 ++++----
|
|
openbsd-compat/regress/opensslvertest.c | 2 ++
|
|
2 files changed, 6 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
|
|
index 14865077e..0cea08c03 100644
|
|
--- a/openbsd-compat/openssl-compat.c
|
|
+++ b/openbsd-compat/openssl-compat.c
|
|
@@ -49,18 +49,18 @@ ssh_compatible_openssl(long headerver, long libver)
|
|
return 1;
|
|
|
|
/*
|
|
- * For versions >= 3.0, only the major and status must match.
|
|
+ * For versions >= 3.0, only the major must match.
|
|
*/
|
|
if (headerver >= 0x3000000f) {
|
|
- mask = 0xf000000fL; /* major,status */
|
|
+ mask = 0xf0000000L; /* major */
|
|
return (headerver & mask) == (libver & mask);
|
|
}
|
|
|
|
/*
|
|
- * For versions >= 1.0.0, but <3, major,minor,status must match and
|
|
+ * For versions >= 1.0.0, but <3, major,minor must match and
|
|
* library fix version must be equal to or newer than the header.
|
|
*/
|
|
- mask = 0xfff0000fL; /* major,minor,status */
|
|
+ mask = 0xfff00000L; /* major,minor */
|
|
hfix = (headerver & 0x000ff000) >> 12;
|
|
lfix = (libver & 0x000ff000) >> 12;
|
|
if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
|
|
diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c
|
|
index 99c894418..351df4374 100644
|
|
--- a/openbsd-compat/regress/opensslvertest.c
|
|
+++ b/openbsd-compat/regress/opensslvertest.c
|
|
@@ -28,6 +28,7 @@ struct version_test {
|
|
} version_tests[] = {
|
|
/* built with 1.0.1b release headers */
|
|
{ 0x1000101fL, 0x1000101fL, 1},/* exact match */
|
|
+ { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */
|
|
{ 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */
|
|
{ 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
|
|
{ 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */
|
|
@@ -48,6 +49,7 @@ struct version_test {
|
|
|
|
/* built with 3.0.1 release headers */
|
|
{ 0x3010101fL, 0x3010101fL, 1},/* exact match */
|
|
+ { 0x3010101fL, 0x30101010L, 1}, /* different status: ok */
|
|
{ 0x3010101fL, 0x3010102fL, 1}, /* newer library patch version: ok */
|
|
{ 0x3010101fL, 0x3010100fL, 1}, /* older library patch version: ok */
|
|
{ 0x3010101fL, 0x3010201fL, 1}, /* newer library fix version: ok */
|