diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-03-31 11:19:33 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 11:19:33 +0100 |
| commit | 69456e98a770b7e946b416e5a41ec6288a31e22f (patch) | |
| tree | 66ae4e885a5e76e8c67552b2f6d1336bcacf96fd | |
| parent | 131538f5a7aac4befda4191571235f2b444b59e3 (diff) | |
Drop Debian-specific removal of OpenSSL version check. Upstream ignores
the two patchlevel nybbles now, which is sufficient to address the
original reason this change was introduced, and it appears that any
change in the major/minor/fix nybbles would involve a new libssl package
name. (We'd still lose if the status nybble were ever changed, but that
would mean somebody had packaged a development/beta version rather than
a proper release, which doesn't appear to be normal practice.)
| -rw-r--r-- | debian/changelog | 7 | ||||
| -rw-r--r-- | debian/patches/no-openssl-version-check.patch | 31 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | entropy.c | 3 |
4 files changed, 7 insertions, 35 deletions
diff --git a/debian/changelog b/debian/changelog index 02909e99f..603ca1a3e 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -49,6 +49,13 @@ openssh (1:5.4p1-1) UNRELEASED; urgency=low | |||
| 49 | * Remove SSHD_OOM_ADJUST configuration. sshd now unconditionally makes | 49 | * Remove SSHD_OOM_ADJUST configuration. sshd now unconditionally makes |
| 50 | itself non-OOM-killable, and doesn't require configuration to avoid log | 50 | itself non-OOM-killable, and doesn't require configuration to avoid log |
| 51 | spam in virtualisation containers (closes: #555625). | 51 | spam in virtualisation containers (closes: #555625). |
| 52 | * Drop Debian-specific removal of OpenSSL version check. Upstream ignores | ||
| 53 | the two patchlevel nybbles now, which is sufficient to address the | ||
| 54 | original reason this change was introduced, and it appears that any | ||
| 55 | change in the major/minor/fix nybbles would involve a new libssl package | ||
| 56 | name. (We'd still lose if the status nybble were ever changed, but that | ||
| 57 | would mean somebody had packaged a development/beta version rather than | ||
| 58 | a proper release, which doesn't appear to be normal practice.) | ||
| 52 | 59 | ||
| 53 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Mar 2010 12:24:41 +0000 | 60 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Mar 2010 12:24:41 +0000 |
| 54 | 61 | ||
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch deleted file mode 100644 index 82f1fa472..000000000 --- a/debian/patches/no-openssl-version-check.patch +++ /dev/null | |||
| @@ -1,31 +0,0 @@ | |||
| 1 | Description: Disable OpenSSL version check | ||
| 2 | It may be that this patch should be replaced by more accurate dependencies, | ||
| 3 | and it certainly doesn't seem suitable for upstream. This is a very old | ||
| 4 | change, though, and needs review of current practices in Debian's OpenSSL | ||
| 5 | package. | ||
| 6 | Author: Philip Hands <phil@hands.com> | ||
| 7 | Bug-Debian: http://bugs.debian.org/93581 | ||
| 8 | Forwarded: not-needed | ||
| 9 | Last-Update: 2010-02-28 | ||
| 10 | |||
| 11 | Index: b/entropy.c | ||
| 12 | =================================================================== | ||
| 13 | --- a/entropy.c | ||
| 14 | +++ b/entropy.c | ||
| 15 | @@ -151,6 +151,8 @@ | ||
| 16 | void | ||
| 17 | init_rng(void) | ||
| 18 | { | ||
| 19 | +#if defined (DISABLED_BY_DEBIAN) | ||
| 20 | + /* drow: Is this check still too strict for Debian? */ | ||
| 21 | /* | ||
| 22 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | ||
| 23 | * We match major, minor, fix and status (not patch) | ||
| 24 | @@ -158,6 +160,7 @@ | ||
| 25 | if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) | ||
| 26 | fatal("OpenSSL version mismatch. Built against %lx, you " | ||
| 27 | "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); | ||
| 28 | +#endif | ||
| 29 | |||
| 30 | #ifndef OPENSSL_PRNG_ONLY | ||
| 31 | original_uid = getuid(); | ||
diff --git a/debian/patches/series b/debian/patches/series index aaee184ee..03a17ba91 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
| @@ -44,6 +44,5 @@ doc-connection-sharing.patch | |||
| 44 | doc-hash-tab-completion.patch | 44 | doc-hash-tab-completion.patch |
| 45 | 45 | ||
| 46 | # Debian-specific configuration | 46 | # Debian-specific configuration |
| 47 | no-openssl-version-check.patch | ||
| 48 | gnome-ssh-askpass2-icon.patch | 47 | gnome-ssh-askpass2-icon.patch |
| 49 | debian-config.patch | 48 | debian-config.patch |
| @@ -151,8 +151,6 @@ seed_rng(void) | |||
| 151 | void | 151 | void |
| 152 | init_rng(void) | 152 | init_rng(void) |
| 153 | { | 153 | { |
| 154 | #if defined (DISABLED_BY_DEBIAN) | ||
| 155 | /* drow: Is this check still too strict for Debian? */ | ||
| 156 | /* | 154 | /* |
| 157 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | 155 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status |
| 158 | * We match major, minor, fix and status (not patch) | 156 | * We match major, minor, fix and status (not patch) |
| @@ -160,7 +158,6 @@ init_rng(void) | |||
| 160 | if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) | 158 | if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) |
| 161 | fatal("OpenSSL version mismatch. Built against %lx, you " | 159 | fatal("OpenSSL version mismatch. Built against %lx, you " |
| 162 | "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); | 160 | "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); |
| 163 | #endif | ||
| 164 | 161 | ||
| 165 | #ifndef OPENSSL_PRNG_ONLY | 162 | #ifndef OPENSSL_PRNG_ONLY |
| 166 | original_uid = getuid(); | 163 | original_uid = getuid(); |