From 27eab7b074d48d902e421067165270c10e64f49c Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 19 Mar 2012 11:06:07 +0000
Subject: Disable OpenSSL version check again, as its SONAME is sufficient
 nowadays (closes: #664383).

---
 debian/changelog                              |  7 +++++++
 debian/patches/no-openssl-version-check.patch | 27 +++++++++++++++++++++++++++
 debian/patches/series                         |  1 +
 entropy.c                                     |  7 -------
 4 files changed, 35 insertions(+), 7 deletions(-)
 create mode 100644 debian/patches/no-openssl-version-check.patch

diff --git a/debian/changelog b/debian/changelog
index b0e975ecb..9ef1bc0d5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:5.9p1-4) UNRELEASED; urgency=low
+
+  * Disable OpenSSL version check again, as its SONAME is sufficient
+    nowadays (closes: #664383).
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 19 Mar 2012 11:04:52 +0000
+
 openssh (1:5.9p1-3) unstable; urgency=low
 
   * debconf template translations:
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
new file mode 100644
index 000000000..d88d0fff0
--- /dev/null
+++ b/debian/patches/no-openssl-version-check.patch
@@ -0,0 +1,27 @@
+Description: Disable OpenSSL version check
+ OpenSSL's SONAME is sufficient nowadays.
+Author: Philip Hands <phil@hands.com>
+Author: Colin Watson <cjwatson@debian.org>
+Bug-Debian: http://bugs.debian.org/93581
+Bug-Debian: http://bugs.debian.org/664383
+Forwarded: not-needed
+Last-Update: 2012-03-19
+
+Index: b/entropy.c
+===================================================================
+--- a/entropy.c
++++ b/entropy.c
+@@ -209,13 +209,6 @@
+ #ifndef OPENSSL_PRNG_ONLY
+ 	unsigned char buf[RANDOM_SEED_SIZE];
+ #endif
+-	/*
+-	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+-	 * We match major, minor, fix and status (not patch)
+-	 */
+-	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+-		fatal("OpenSSL version mismatch. Built against %lx, you "
+-		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+ 
+ #ifndef OPENSSL_PRNG_ONLY
+ 	if (RAND_status() == 1) {
diff --git a/debian/patches/series b/debian/patches/series
index 2be7cf10a..11059c095 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -39,5 +39,6 @@ doc-hash-tab-completion.patch
 auth-log-verbosity.patch
 
 # Debian-specific configuration
+no-openssl-version-check.patch
 gnome-ssh-askpass2-icon.patch
 debian-config.patch
diff --git a/entropy.c b/entropy.c
index 2d6d3ec52..2aee2d917 100644
--- a/entropy.c
+++ b/entropy.c
@@ -209,13 +209,6 @@ seed_rng(void)
 #ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
 #endif
-	/*
-	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-	 * We match major, minor, fix and status (not patch)
-	 */
-	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
-		fatal("OpenSSL version mismatch. Built against %lx, you "
-		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
 
 #ifndef OPENSSL_PRNG_ONLY
 	if (RAND_status() == 1) {
-- 
cgit v1.2.3