- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running

openssh binaries on a newer fix release than they were compiled on.
   with and ok dtucker@
This commit is contained in:
Damien Miller 2012-03-30 11:34:27 +11:00
parent 67ccc86506
commit 4d55734c16
2 changed files with 10 additions and 2 deletions

View File

@ -1,6 +1,9 @@
20120330
- (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING
file from spec file. From crighter at nuclioss com.
- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
20120309
- (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux

View File

@ -211,9 +211,14 @@ seed_rng(void)
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch)
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());