From cf921afbdd2a3de916c9c4258765cdcdce8d1584 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 24 Jun 2012 12:15:59 +0100
Subject: Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the
 current "fix" version at build time (closes: #678661).

---
 debian/adjust-openssl-dependencies | 32 ++++++++++++++++++++++++++++++++
 debian/changelog                   |  7 +++++++
 debian/rules                       |  5 +++++
 3 files changed, 44 insertions(+)
 create mode 100755 debian/adjust-openssl-dependencies

(limited to 'debian')

diff --git a/debian/adjust-openssl-dependencies b/debian/adjust-openssl-dependencies
new file mode 100755
index 000000000..9daa9b415
--- /dev/null
+++ b/debian/adjust-openssl-dependencies
@@ -0,0 +1,32 @@
+#! /bin/sh
+# Attempt to tighten libssl dependencies to match the check in entropy.c.
+# Must be run after dpkg-shlibdeps.
+
+client=debian/openssh-client.substvars
+server=debian/openssh-server.substvars
+
+libssl_version="$(dpkg-query -W libssl-dev 2>/dev/null | cut -f2)"
+if [ -z "$libssl_version" ]; then
+	echo "Can't find libssl-dev version; leaving dependencies alone."
+	exit 0
+fi
+libssl_version="$(echo "$libssl_version" | sed 's/[a-z-].*//')"
+
+libssl_package="$(sed -n 's/.*[= ]\(libssl[0-9][a-z0-9+.-]*\).*/\1/p' "$client")"
+if [ "$libssl_package" ]; then
+	new_dep="$libssl_package (>= $libssl_version)"
+	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client"
+	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server"
+fi
+
+client_udeb=debian/openssh-client-udeb.substvars
+server_udeb=debian/openssh-server-udeb.substvars
+
+libcrypto_package="$(sed -n 's/.*[= ]\(libcrypto[0-9][a-z0-9+.-]*\).*/\1/p' "$client_udeb")"
+if [ "$libcrypto_package" ]; then
+	new_dep="$libcrypto_package (>= $libssl_version)"
+	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$client_udeb"
+	sed -i "/^shlibs:Depends=/s/\$/, $new_dep/" "$server_udeb"
+fi
+
+exit 0
diff --git a/debian/changelog b/debian/changelog
index 14a4d3fc9..7bc1ab882 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openssh (1:6.0p1-2) UNRELEASED; urgency=low
+
+  * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
+    "fix" version at build time (closes: #678661).
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Jun 2012 02:41:20 +0100
+
 openssh (1:6.0p1-1) unstable; urgency=low
 
   [ Roger Leigh ]
diff --git a/debian/rules b/debian/rules
index 889b5a079..9e84c07e8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -174,6 +174,11 @@ override_dh_fixperms:
 	dh_fixperms
 	chmod u+s debian/openssh-client/usr/lib/openssh/ssh-keysign
 
+# Tighten libssl dependencies to match the check in entropy.c.
+override_dh_shlibdeps:
+	dh_shlibdeps
+	debian/adjust-openssl-dependencies
+
 override_dh_installdeb:
 	dh_installdeb
 	perl -i debian/substitute-conffile.pl \
-- 
cgit v1.2.3