3 files changed, 44 insertions, 0 deletions
diff --git a/debian/adjust-openssl-dependencies b/debian/adjust-openssl-dependencies
new file mode 100755
index 000000000..9daa9b415
--- /dev/null
+++ b/debian/adjust-openssl-dependencies
@@ -0,0 +1,32 @@
+#! /bin/sh
+# Attempt to tighten libssl dependencies to match the check in entropy.c.
+# Must be run after dpkg-shlibdeps.
+client=debian/openssh-client.substvars
+server=debian/openssh-server.substvars
+libssl_version="$(dpkg-query -W libssl-dev 2>/dev/null | cut -f2)"
+if [ -z "$libssl_version" ]; then
+        echo "Can't find libssl-dev version; leaving dependencies alone."
+        exit 0
+fi
+libssl_version="$(echo "$libssl_version" | sed 's/[a-z-].*//')"
+libssl_package="$(sed -n 's/.*[= ]\(libssl[0-9][a-z0-9+.-]*\).*/\1/p' "$client")"
+if [ "$libssl_package" ]; then
+        new_dep="$libssl_package (>= $libssl_version)"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server"
+fi
+client_udeb=debian/openssh-client-udeb.substvars
+server_udeb=debian/openssh-server-udeb.substvars
+libcrypto_package="$(sed -n 's/.*[= ]\(libcrypto[0-9][a-z0-9+.-]*\).*/\1/p' "$client_udeb")"
+if [ "$libcrypto_package" ]; then
+        new_dep="$libcrypto_package (>= $libssl_version)"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client_udeb"
+        sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server_udeb"
+fi
+exit 0
diff --git a/debian/changelog b/debian/changelog
index 14a4d3fc9..7bc1ab882 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:6.0p1-2) UNRELEASED; urgency=low
+  * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
+    "fix" version at build time (closes: #678661).
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Jun 2012 02:41:20 +0100
 openssh (1:6.0p1-1) unstable; urgency=low
  [ Roger Leigh ]
diff --git a/debian/rules b/debian/rules
index 889b5a079..9e84c07e8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -174,6 +174,11 @@ override_dh_fixperms:
        dh_fixperms
        chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
+# Tighten libssl dependencies to match the check in entropy.c.
+override_dh_shlibdeps:
+        dh_shlibdeps
+        debian/adjust-openssl-dependencies
 override_dh_installdeb:
        dh_installdeb
        perl -i debian/substitute-conffile.pl \

diff --git a/debian/adjust-openssl-dependencies b/debian/adjust-openssl-dependencies new file mode 100755 index 000000000..9daa9b415 --- /dev/null +++ b/debian/adjust-openssl-dependencies
@@ -0,0 +1,32 @@
		1	#! /bin/sh
		2	# Attempt to tighten libssl dependencies to match the check in entropy.c.
		3	# Must be run after dpkg-shlibdeps.
		4
		5	client=debian/openssh-client.substvars
		6	server=debian/openssh-server.substvars
		7
		8	libssl_version="$(dpkg-query -W libssl-dev 2>/dev/null \| cut -f2)"
		9	if [ -z "$libssl_version" ]; then
		10	echo "Can't find libssl-dev version; leaving dependencies alone."
		11	exit 0
		12	fi
		13	libssl_version="$(echo "$libssl_version" \| sed 's/[a-z-].*//')"
		14
		15	libssl_package="$(sed -n 's/.[= ]\(libssl[0-9][a-z0-9+.-]\).*/\1/p' "$client")"
		16	if [ "$libssl_package" ]; then
		17	new_dep="$libssl_package (>= $libssl_version)"
		18	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client"
		19	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server"
		20	fi
		21
		22	client_udeb=debian/openssh-client-udeb.substvars
		23	server_udeb=debian/openssh-server-udeb.substvars
		24
		25	libcrypto_package="$(sed -n 's/.[= ]\(libcrypto[0-9][a-z0-9+.-]\).*/\1/p' "$client_udeb")"
		26	if [ "$libcrypto_package" ]; then
		27	new_dep="$libcrypto_package (>= $libssl_version)"
		28	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client_udeb"
		29	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server_udeb"
		30	fi
		31
		32	exit 0


diff --git a/debian/changelog b/debian/changelog index 14a4d3fc9..7bc1ab882 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,10 @@
		1	openssh (1:6.0p1-2) UNRELEASED; urgency=low
		2
		3	* Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
		4	"fix" version at build time (closes: #678661).
		5
		6	-- Colin Watson <cjwatson@debian.org> Sun, 24 Jun 2012 02:41:20 +0100
		7
1	openssh (1:6.0p1-1) unstable; urgency=low	8	openssh (1:6.0p1-1) unstable; urgency=low
2		9
3	[ Roger Leigh ]	10	[ Roger Leigh ]


diff --git a/debian/rules b/debian/rules index 889b5a079..9e84c07e8 100755 --- a/debian/rules +++ b/debian/rules
@@ -174,6 +174,11 @@ override_dh_fixperms:
174	dh_fixperms	174	dh_fixperms
175	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign	175	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
176		176
		177	# Tighten libssl dependencies to match the check in entropy.c.
		178	override_dh_shlibdeps:
		179	dh_shlibdeps
		180	debian/adjust-openssl-dependencies
		181
177	override_dh_installdeb:	182	override_dh_installdeb:
178	dh_installdeb	183	dh_installdeb
179	perl -i debian/substitute-conffile.pl \	184	perl -i debian/substitute-conffile.pl \