summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-12-23 10:40:53 +0000
committerColin Watson <cjwatson@debian.org>2013-12-23 10:40:53 +0000
commitc47b4209b4f8e30fdecaba079a70615c0275fe9b (patch)
tree49d08bf7b82c90db8e62a205c2fce4f2f9736108 /debian
parent67978bbe148c5695b25acc04e4ea537e7eaedec8 (diff)
Restore patch to disable OpenSSL version check (closes: #732940).
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog3
-rw-r--r--debian/patches/no-openssl-version-check.patch32
-rw-r--r--debian/patches/series1
3 files changed, 35 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 99c395769..f4755f107 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
1openssh (1:6.4p1-2) UNRELEASED; urgency=low 1openssh (1:6.4p1-2) UNRELEASED; urgency=high
2 2
3 * Increase ServerKeyBits value in package-generated sshd_config to 1024 3 * Increase ServerKeyBits value in package-generated sshd_config to 1024
4 (closes: #727622, LP: #1244272). 4 (closes: #727622, LP: #1244272).
5 * Restore patch to disable OpenSSL version check (closes: #732940).
5 6
6 -- Colin Watson <cjwatson@debian.org> Tue, 12 Nov 2013 11:14:41 +0000 7 -- Colin Watson <cjwatson@debian.org> Tue, 12 Nov 2013 11:14:41 +0000
7 8
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
new file mode 100644
index 000000000..8c7b6538e
--- /dev/null
+++ b/debian/patches/no-openssl-version-check.patch
@@ -0,0 +1,32 @@
1Description: Disable OpenSSL version check
2 OpenSSL's SONAME is sufficient nowadays.
3Author: Philip Hands <phil@hands.com>
4Author: Colin Watson <cjwatson@debian.org>
5Bug-Debian: http://bugs.debian.org/93581
6Bug-Debian: http://bugs.debian.org/664383
7Forwarded: not-needed
8Last-Update: 2013-12-23
9
10Index: b/entropy.c
11===================================================================
12--- a/entropy.c
13+++ b/entropy.c
14@@ -209,18 +209,6 @@
15 #ifndef OPENSSL_PRNG_ONLY
16 unsigned char buf[RANDOM_SEED_SIZE];
17 #endif
18- /*
19- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
20- * We match major, minor, fix and status (not patch) for <1.0.0.
21- * After that, we acceptable compatible fix versions (so we
22- * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
23- * within a patch series.
24- */
25- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
26- if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
27- (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
28- fatal("OpenSSL version mismatch. Built against %lx, you "
29- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
30
31 #ifndef OPENSSL_PRNG_ONLY
32 if (RAND_status() == 1) {
diff --git a/debian/patches/series b/debian/patches/series
index f5c2ebb52..4d2080a37 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -43,6 +43,7 @@ doc-upstart.patch
43ssh-agent-setgid.patch 43ssh-agent-setgid.patch
44 44
45# Debian-specific configuration 45# Debian-specific configuration
46no-openssl-version-check.patch
46gnome-ssh-askpass2-icon.patch 47gnome-ssh-askpass2-icon.patch
47sigstop.patch 48sigstop.patch
48debian-config.patch 49debian-config.patch