summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKurt Roeckx <kurt@roeckx.be>2014-02-09 16:10:14 +0000
committerColin Watson <cjwatson@debian.org>2017-10-04 13:54:48 +0100
commitb614a7f9148af821919165be47c6c29f59dc6b44 (patch)
tree7f30089de560bcde699cb974d22b7ee818da16f5
parentb37d4f364f9c9bfbaf372e903ebbe80ef8ae2264 (diff)
Don't check the status field of the OpenSSL version
There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
-rw-r--r--openbsd-compat/openssl-compat.c6
-rw-r--r--openbsd-compat/regress/opensslvertest.c1
2 files changed, 4 insertions, 3 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 259fccbec..aaa953f2d 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -34,7 +34,7 @@
34/* 34/*
35 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 35 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
36 * We match major, minor, fix and status (not patch) for <1.0.0. 36 * We match major, minor, fix and status (not patch) for <1.0.0.
37 * After that, we acceptable compatible fix versions (so we 37 * After that, we accept compatible fix and status versions (so we
38 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed 38 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
39 * within a patch series. 39 * within a patch series.
40 */ 40 */
@@ -55,10 +55,10 @@ ssh_compatible_openssl(long headerver, long libver)
55 } 55 }
56 56
57 /* 57 /*
58 * For versions >= 1.0.0, major,minor,status must match and library 58 * For versions >= 1.0.0, major,minor must match and library
59 * fix version must be equal to or newer than the header. 59 * fix version must be equal to or newer than the header.
60 */ 60 */
61 mask = 0xfff0000fL; /* major,minor,status */ 61 mask = 0xfff00000L; /* major,minor */
62 hfix = (headerver & 0x000ff000) >> 12; 62 hfix = (headerver & 0x000ff000) >> 12;
63 lfix = (libver & 0x000ff000) >> 12; 63 lfix = (libver & 0x000ff000) >> 12;
64 if ( (headerver & mask) == (libver & mask) && lfix >= hfix) 64 if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c
index 5d019b598..58474873d 100644
--- a/openbsd-compat/regress/opensslvertest.c
+++ b/openbsd-compat/regress/opensslvertest.c
@@ -35,6 +35,7 @@ struct version_test {
35 35
36 /* built with 1.0.1b release headers */ 36 /* built with 1.0.1b release headers */
37 { 0x1000101fL, 0x1000101fL, 1},/* exact match */ 37 { 0x1000101fL, 0x1000101fL, 1},/* exact match */
38 { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */
38 { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ 39 { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */
39 { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ 40 { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
40 { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ 41 { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */