From 03ba0382a8ac499aba50aa0203d89586fa785628 Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 9 Feb 2014 16:10:14 +0000 Subject: Don't check the status field of the OpenSSL version There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2023-09-02 Patch-Name: no-openssl-version-status.patch --- openbsd-compat/openssl-compat.c | 8 ++++---- openbsd-compat/regress/opensslvertest.c | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 6c65003f2..30e97c464 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -49,18 +49,18 @@ ssh_compatible_openssl(long headerver, long libver) return 1; /* - * For versions >= 3.0, only the major and status must match. + * For versions >= 3.0, only the major must match. */ if (headerver >= 0x3000000f) { - mask = 0xf000000fL; /* major,status */ + mask = 0xf0000000L; /* major */ return (headerver & mask) == (libver & mask); } /* - * For versions >= 1.0.0, but <3, major,minor,status must match and + * For versions >= 1.0.0, but <3, major,minor must match and * library fix version must be equal to or newer than the header. */ - mask = 0xfff0000fL; /* major,minor,status */ + mask = 0xfff00000L; /* major,minor */ hfix = (headerver & 0x000ff000) >> 12; lfix = (libver & 0x000ff000) >> 12; if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c index 99c894418..351df4374 100644 --- a/openbsd-compat/regress/opensslvertest.c +++ b/openbsd-compat/regress/opensslvertest.c @@ -28,6 +28,7 @@ struct version_test { } version_tests[] = { /* built with 1.0.1b release headers */ { 0x1000101fL, 0x1000101fL, 1},/* exact match */ + { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */ { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ @@ -48,6 +49,7 @@ struct version_test { /* built with 3.0.1 release headers */ { 0x3010101fL, 0x3010101fL, 1},/* exact match */ + { 0x3010101fL, 0x30101010L, 1}, /* different status: ok */ { 0x3010101fL, 0x3010102fL, 1}, /* newer library patch version: ok */ { 0x3010101fL, 0x3010100fL, 1}, /* older library patch version: ok */ { 0x3010101fL, 0x3010201fL, 1}, /* newer library fix version: ok */