File openssh-7.7p1-disable_openssl_abi_check.patch of Package openssh.29884

# HG changeset patch
# Parent  b13da8c3e99081cb92ab226d2c512241a82cd0d5
disable run-time check for OpenSSL ABI by version number as that is not a
reliable indicator of ABI changes and doesn't make much sense in a
distribution package

diff --git a/openssh-7.7p1/configure.ac b/openssh-7.7p1/configure.ac
--- openssh-7.7p1/configure.ac
+++ openssh-7.7p1/configure.ac
@@ -4895,16 +4895,29 @@ AC_ARG_WITH([bsd-auth],
 		if test "x$withval" != "xno" ; then
 			AC_DEFINE([BSD_AUTH], [1],
 				[Define if you have BSD auth support])
 			BSD_AUTH_MSG=yes
 		fi
 	]
 )
 
+# Whether we are using distribution (Open)SSL, so no runtime checks are necessary
+DISTRO_SSL=no
+AC_ARG_WITH([distro-ssl],
+	[  --with-distro-ssl       Disable runtime OpenSSL version checks (good for distributions)],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_DEFINE([DISTRO_SSL], [1],
+                      [Define if you are using distribution SSL library and don;t expect its API/ABI to change])
+			DISTRO_SSL=yes
+		fi
+	]
+)
+
 # Where to place sshd.pid
 piddir=/var/run
 # make sure the directory exists
 if test ! -d $piddir ; then
 	piddir=`eval echo ${sysconfdir}`
 	case $piddir in
 		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
 	esac
diff --git a/openssh-7.7p1/entropy.c b/openssh-7.7p1/entropy.c
--- openssh-7.7p1/entropy.c
+++ openssh-7.7p1/entropy.c
@@ -209,19 +209,21 @@ rexec_recv_rng_seed(Buffer *m)
 #endif /* OPENSSL_PRNG_ONLY */
 
 void
 seed_rng(void)
 {
 #ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
 #endif
+#ifndef DISTRO_SSL
 	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+#endif
 
 #ifndef OPENSSL_PRNG_ONLY
 	if (RAND_status() == 1) {
 		debug3("RNG is ready, skipping seeding");
 		return;
 	}
 
 	if (seed_from_prngd(buf, sizeof(buf)) == -1)
openSUSE Build Service is sponsored by