summaryrefslogtreecommitdiffstats
path: root/debian/adjust-openssl-dependencies
diff options
context:
space:
mode:
Diffstat (limited to 'debian/adjust-openssl-dependencies')
-rwxr-xr-xdebian/adjust-openssl-dependencies36
1 files changed, 36 insertions, 0 deletions
diff --git a/debian/adjust-openssl-dependencies b/debian/adjust-openssl-dependencies
new file mode 100755
index 0000000..1cd7f29
--- /dev/null
+++ b/debian/adjust-openssl-dependencies
@@ -0,0 +1,36 @@
+#! /bin/sh
+# Attempt to tighten libssl dependencies to match the check in entropy.c.
+# Must be run after dpkg-shlibdeps.
+
+client=debian/openssh-client.substvars
+server=debian/openssh-server.substvars
+
+libssl_version="$(dpkg-query -W libssl-dev 2>/dev/null | cut -f2)"
+if [ -z "$libssl_version" ]; then
+ echo "Can't find libssl-dev version; leaving dependencies alone."
+ exit 0
+fi
+libssl_version="$(echo "$libssl_version" | sed 's/[a-z-].*//')"
+
+libssl_package="$(sed -n 's/.*[= ]\(libssl[0-9][a-z0-9+.-]*\).*/\1/p' "$client")"
+if [ "$libssl_package" ]; then
+ new_dep="$libssl_package (>= $libssl_version)"
+ sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client"
+ sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server"
+fi
+
+client_udeb=debian/openssh-client-udeb.substvars
+server_udeb=debian/openssh-server-udeb.substvars
+
+libcrypto_package="$(sed -n 's/.*[= ]\(libcrypto[0-9][a-z0-9+.-]*\).*/\1/p' "$client_udeb")"
+if [ "$libcrypto_package" ]; then
+ new_dep="$libcrypto_package (>= $libssl_version)"
+ if [ -e "$client_udeb" ]; then
+ sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client_udeb"
+ fi
+ if [ -e "$server_udeb" ]; then
+ sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server_udeb"
+ fi
+fi
+
+exit 0
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-01 11:49:13 +0000