3 files changed, 35 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 99c395769..f4755f107 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-openssh (1:6.4p1-2) UNRELEASED; urgency=low
+openssh (1:6.4p1-2) UNRELEASED; urgency=high
  * Increase ServerKeyBits value in package-generated sshd_config to 1024
    (closes: #727622, LP: #1244272).
+  * Restore patch to disable OpenSSL version check (closes: #732940).
 -- Colin Watson <cjwatson@debian.org>  Tue, 12 Nov 2013 11:14:41 +0000
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
new file mode 100644
index 000000000..8c7b6538e
--- /dev/null
+++ b/debian/patches/no-openssl-version-check.patch
@@ -0,0 +1,32 @@
+Description: Disable OpenSSL version check
+ OpenSSL's SONAME is sufficient nowadays.
+Author: Philip Hands <phil@hands.com>
+Author: Colin Watson <cjwatson@debian.org>
+Bug-Debian: http://bugs.debian.org/93581
+Bug-Debian: http://bugs.debian.org/664383
+Forwarded: not-needed
+Last-Update: 2013-12-23
+Index: b/entropy.c
+===================================================================
+--- a/entropy.c
+++ b/entropy.c
+@@ -209,18 +209,6 @@
+ #ifndef OPENSSL_PRNG_ONLY
+        unsigned char buf[RANDOM_SEED_SIZE];
+ #endif
+-       /*
+-        * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+-        * We match major, minor, fix and status (not patch) for <1.0.0.
+-        * After that, we acceptable compatible fix versions (so we
+-        * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+-        * within a patch series.
+-        */
+-       u_long version_mask = SSLeay() >= 0x1000000f ?  ~0xffff0L : ~0xff0L;
+-       if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
+-           (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
+-               fatal("OpenSSL version mismatch. Built against %lx, you "
+-                   "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+ 
+ #ifndef OPENSSL_PRNG_ONLY
+        if (RAND_status() == 1) {
diff --git a/debian/patches/series b/debian/patches/series
index f5c2ebb52..4d2080a37 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -43,6 +43,7 @@ doc-upstart.patch
 ssh-agent-setgid.patch
 # Debian-specific configuration
+no-openssl-version-check.patch
 gnome-ssh-askpass2-icon.patch
 sigstop.patch
 debian-config.patch

diff --git a/debian/changelog b/debian/changelog index 99c395769..f4755f107 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,7 +1,8 @@
1	openssh (1:6.4p1-2) UNRELEASED; urgency=low	1	openssh (1:6.4p1-2) UNRELEASED; urgency=high
2		2
3	* Increase ServerKeyBits value in package-generated sshd_config to 1024	3	* Increase ServerKeyBits value in package-generated sshd_config to 1024
4	(closes: #727622, LP: #1244272).	4	(closes: #727622, LP: #1244272).
		5	* Restore patch to disable OpenSSL version check (closes: #732940).
5		6
6	-- Colin Watson <cjwatson@debian.org> Tue, 12 Nov 2013 11:14:41 +0000	7	-- Colin Watson <cjwatson@debian.org> Tue, 12 Nov 2013 11:14:41 +0000
7		8


diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch new file mode 100644 index 000000000..8c7b6538e --- /dev/null +++ b/debian/patches/no-openssl-version-check.patch
@@ -0,0 +1,32 @@
		1	Description: Disable OpenSSL version check
		2	OpenSSL's SONAME is sufficient nowadays.
		3	Author: Philip Hands <phil@hands.com>
		4	Author: Colin Watson <cjwatson@debian.org>
		5	Bug-Debian: http://bugs.debian.org/93581
		6	Bug-Debian: http://bugs.debian.org/664383
		7	Forwarded: not-needed
		8	Last-Update: 2013-12-23
		9
		10	Index: b/entropy.c
		11	===================================================================
		12	--- a/entropy.c
		13	+++ b/entropy.c
		14	@@ -209,18 +209,6 @@
		15	#ifndef OPENSSL_PRNG_ONLY
		16	unsigned char buf[RANDOM_SEED_SIZE];
		17	#endif
		18	- /*
		19	- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
		20	- * We match major, minor, fix and status (not patch) for <1.0.0.
		21	- * After that, we acceptable compatible fix versions (so we
		22	- * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
		23	- * within a patch series.
		24	- */
		25	- u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
		26	- if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) \|\|
		27	- (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
		28	- fatal("OpenSSL version mismatch. Built against %lx, you "
		29	- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
		30
		31	#ifndef OPENSSL_PRNG_ONLY
		32	if (RAND_status() == 1) {


diff --git a/debian/patches/series b/debian/patches/series index f5c2ebb52..4d2080a37 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -43,6 +43,7 @@ doc-upstart.patch
43	ssh-agent-setgid.patch	43	ssh-agent-setgid.patch
44		44
45	# Debian-specific configuration	45	# Debian-specific configuration
		46	no-openssl-version-check.patch
46	gnome-ssh-askpass2-icon.patch	47	gnome-ssh-askpass2-icon.patch
47	sigstop.patch	48	sigstop.patch
48	debian-config.patch	49	debian-config.patch