diff options
Diffstat (limited to 'debian/patches/no-openssl-version-status.patch')
| -rw-r--r-- | debian/patches/no-openssl-version-status.patch | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch new file mode 100644 index 000000000..46c5a736d --- /dev/null +++ b/debian/patches/no-openssl-version-status.patch | |||
| @@ -0,0 +1,62 @@ | |||
| 1 | From 9265d741180d536c5a55719e835490c6fe2753d7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Kurt Roeckx <kurt@roeckx.be> | ||
| 3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 | ||
| 4 | Subject: Don't check the status field of the OpenSSL version | ||
| 5 | |||
| 6 | There is no reason to check the version of OpenSSL (in Debian). If it's | ||
| 7 | not compatible the soname will change. OpenSSH seems to want to do a | ||
| 8 | check for the soname based on the version number, but wants to keep the | ||
| 9 | status of the release the same. Remove that check on the status since | ||
| 10 | it doesn't tell you anything about how compatible that version is. | ||
| 11 | |||
| 12 | Author: Colin Watson <cjwatson@debian.org> | ||
| 13 | Bug-Debian: https://bugs.debian.org/93581 | ||
| 14 | Bug-Debian: https://bugs.debian.org/664383 | ||
| 15 | Bug-Debian: https://bugs.debian.org/732940 | ||
| 16 | Forwarded: not-needed | ||
| 17 | Last-Update: 2014-10-07 | ||
| 18 | |||
| 19 | Patch-Name: no-openssl-version-status.patch | ||
| 20 | --- | ||
| 21 | openbsd-compat/openssl-compat.c | 6 +++--- | ||
| 22 | openbsd-compat/regress/opensslvertest.c | 1 + | ||
| 23 | 2 files changed, 4 insertions(+), 3 deletions(-) | ||
| 24 | |||
| 25 | diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c | ||
| 26 | index 63a660c..3f62403 100644 | ||
| 27 | --- a/openbsd-compat/openssl-compat.c | ||
| 28 | +++ b/openbsd-compat/openssl-compat.c | ||
| 29 | @@ -36,7 +36,7 @@ | ||
| 30 | /* | ||
| 31 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | ||
| 32 | * We match major, minor, fix and status (not patch) for <1.0.0. | ||
| 33 | - * After that, we acceptable compatible fix versions (so we | ||
| 34 | + * After that, we accept compatible fix and status versions (so we | ||
| 35 | * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed | ||
| 36 | * within a patch series. | ||
| 37 | */ | ||
| 38 | @@ -57,10 +57,10 @@ ssh_compatible_openssl(long headerver, long libver) | ||
| 39 | } | ||
| 40 | |||
| 41 | /* | ||
| 42 | - * For versions >= 1.0.0, major,minor,status must match and library | ||
| 43 | + * For versions >= 1.0.0, major,minor must match and library | ||
| 44 | * fix version must be equal to or newer than the header. | ||
| 45 | */ | ||
| 46 | - mask = 0xfff0000fL; /* major,minor,status */ | ||
| 47 | + mask = 0xfff00000L; /* major,minor */ | ||
| 48 | hfix = (headerver & 0x000ff000) >> 12; | ||
| 49 | lfix = (libver & 0x000ff000) >> 12; | ||
| 50 | if ( (headerver & mask) == (libver & mask) && lfix >= hfix) | ||
| 51 | diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c | ||
| 52 | index 5d019b5..5847487 100644 | ||
| 53 | --- a/openbsd-compat/regress/opensslvertest.c | ||
| 54 | +++ b/openbsd-compat/regress/opensslvertest.c | ||
| 55 | @@ -35,6 +35,7 @@ struct version_test { | ||
| 56 | |||
| 57 | /* built with 1.0.1b release headers */ | ||
| 58 | { 0x1000101fL, 0x1000101fL, 1},/* exact match */ | ||
| 59 | + { 0x1000101fL, 0x10001010L, 1}, /* different status: ok */ | ||
| 60 | { 0x1000101fL, 0x1000102fL, 1}, /* newer library patch version: ok */ | ||
| 61 | { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ | ||
| 62 | { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ | ||