summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/no-openssl-version-check.patch31
-rw-r--r--debian/patches/series1
-rw-r--r--entropy.c3
4 files changed, 7 insertions, 35 deletions
diff --git a/debian/changelog b/debian/changelog
index 02909e99f..603ca1a3e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -49,6 +49,13 @@ openssh (1:5.4p1-1) UNRELEASED; urgency=low
49 * Remove SSHD_OOM_ADJUST configuration. sshd now unconditionally makes 49 * Remove SSHD_OOM_ADJUST configuration. sshd now unconditionally makes
50 itself non-OOM-killable, and doesn't require configuration to avoid log 50 itself non-OOM-killable, and doesn't require configuration to avoid log
51 spam in virtualisation containers (closes: #555625). 51 spam in virtualisation containers (closes: #555625).
52 * Drop Debian-specific removal of OpenSSL version check. Upstream ignores
53 the two patchlevel nybbles now, which is sufficient to address the
54 original reason this change was introduced, and it appears that any
55 change in the major/minor/fix nybbles would involve a new libssl package
56 name. (We'd still lose if the status nybble were ever changed, but that
57 would mean somebody had packaged a development/beta version rather than
58 a proper release, which doesn't appear to be normal practice.)
52 59
53 -- Colin Watson <cjwatson@debian.org> Mon, 01 Mar 2010 12:24:41 +0000 60 -- Colin Watson <cjwatson@debian.org> Mon, 01 Mar 2010 12:24:41 +0000
54 61
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
deleted file mode 100644
index 82f1fa472..000000000
--- a/debian/patches/no-openssl-version-check.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1Description: Disable OpenSSL version check
2 It may be that this patch should be replaced by more accurate dependencies,
3 and it certainly doesn't seem suitable for upstream. This is a very old
4 change, though, and needs review of current practices in Debian's OpenSSL
5 package.
6Author: Philip Hands <phil@hands.com>
7Bug-Debian: http://bugs.debian.org/93581
8Forwarded: not-needed
9Last-Update: 2010-02-28
10
11Index: b/entropy.c
12===================================================================
13--- a/entropy.c
14+++ b/entropy.c
15@@ -151,6 +151,8 @@
16 void
17 init_rng(void)
18 {
19+#if defined (DISABLED_BY_DEBIAN)
20+ /* drow: Is this check still too strict for Debian? */
21 /*
22 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
23 * We match major, minor, fix and status (not patch)
24@@ -158,6 +160,7 @@
25 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
26 fatal("OpenSSL version mismatch. Built against %lx, you "
27 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
28+#endif
29
30 #ifndef OPENSSL_PRNG_ONLY
31 original_uid = getuid();
diff --git a/debian/patches/series b/debian/patches/series
index aaee184ee..03a17ba91 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -44,6 +44,5 @@ doc-connection-sharing.patch
44doc-hash-tab-completion.patch 44doc-hash-tab-completion.patch
45 45
46# Debian-specific configuration 46# Debian-specific configuration
47no-openssl-version-check.patch
48gnome-ssh-askpass2-icon.patch 47gnome-ssh-askpass2-icon.patch
49debian-config.patch 48debian-config.patch
diff --git a/entropy.c b/entropy.c
index 3f63239f4..8b705397f 100644
--- a/entropy.c
+++ b/entropy.c
@@ -151,8 +151,6 @@ seed_rng(void)
151void 151void
152init_rng(void) 152init_rng(void)
153{ 153{
154#if defined (DISABLED_BY_DEBIAN)
155 /* drow: Is this check still too strict for Debian? */
156 /* 154 /*
157 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status 155 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
158 * We match major, minor, fix and status (not patch) 156 * We match major, minor, fix and status (not patch)
@@ -160,7 +158,6 @@ init_rng(void)
160 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) 158 if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
161 fatal("OpenSSL version mismatch. Built against %lx, you " 159 fatal("OpenSSL version mismatch. Built against %lx, you "
162 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay()); 160 "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
163#endif
164 161
165#ifndef OPENSSL_PRNG_ONLY 162#ifndef OPENSSL_PRNG_ONLY
166 original_uid = getuid(); 163 original_uid = getuid();