diff options
author | Damien Miller <djm@mindrot.org> | 2012-03-30 11:34:27 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-03-30 11:34:27 +1100 |
commit | 4d55734c16aa104afea1e446788b3bc7a53999e6 (patch) | |
tree | 3f2f86d60703afe751ce5001b6df78f464115b49 | |
parent | 67ccc86506212c12e60bffd9a0e924a84800cf00 (diff) |
- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running
openssh binaries on a newer fix release than they were compiled on.
with and ok dtucker@
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | entropy.c | 9 |
2 files changed, 10 insertions, 2 deletions
@@ -1,6 +1,9 @@ 20120330 - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING file from spec file. From crighter at nuclioss com. + - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running + openssh binaries on a newer fix release than they were compiled on. + with and ok dtucker@ 20120309 - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux @@ -211,9 +211,14 @@ seed_rng(void) #endif /* * OpenSSL version numbers: MNNFFPPS: major minor fix patch status - * We match major, minor, fix and status (not patch) + * We match major, minor, fix and status (not patch) for <1.0.0. + * After that, we acceptable compatible fix versions (so we + * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed + * within a patch series. */ - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) + u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L; + if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) || + (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12)) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); |