From 4d55734c16aa104afea1e446788b3bc7a53999e6 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 30 Mar 2012 11:34:27 +1100 Subject: [PATCH] - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@ --- ChangeLog | 3 +++ entropy.c | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ac8fd70b7..00be8d367 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20120330 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING file from spec file. From crighter at nuclioss com. + - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running + openssh binaries on a newer fix release than they were compiled on. + with and ok dtucker@ 20120309 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux diff --git a/entropy.c b/entropy.c index 2d6d3ec52..2d483b391 100644 --- a/entropy.c +++ b/entropy.c @@ -211,9 +211,14 @@ seed_rng(void) #endif /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) + u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());