File openssh-7.6p1-disable_openssl_abi_check.patch of Package openssh.21986
# HG changeset patch
# Parent f22dd231807395dc77507fd9baf4ad64ef34fa7a
disable run-time check for OpenSSL ABI by version number as that is not a
reliable indicator of ABI changes and doesn't make much sense in a
distribution package
Index: openssh-7.6p1/configure.ac
===================================================================
--- openssh-7.6p1.orig/configure.ac 2019-03-12 14:38:34.016923316 +0100
+++ openssh-7.6p1/configure.ac 2019-03-12 14:38:34.800927725 +0100
@@ -4793,6 +4793,19 @@ AC_ARG_WITH([bsd-auth],
]
)
+# Whether we are using distribution (Open)SSL, so no runtime checks are necessary
+DISTRO_SSL=no
+AC_ARG_WITH([distro-ssl],
+ [ --with-distro-ssl Disable runtime OpenSSL version checks (good for distributions)],
+ [
+ if test "x$withval" != "xno" ; then
+ AC_DEFINE([DISTRO_SSL], [1],
+ [Define if you are using distribution SSL library and don;t expect its API/ABI to change])
+ DISTRO_SSL=yes
+ fi
+ ]
+)
+
# Where to place sshd.pid
piddir=/var/run
# make sure the directory exists
Index: openssh-7.6p1/entropy.c
===================================================================
--- openssh-7.6p1.orig/entropy.c 2019-03-12 14:38:31.752910584 +0100
+++ openssh-7.6p1/entropy.c 2019-03-12 14:38:34.800927725 +0100
@@ -214,9 +214,11 @@ seed_rng(void)
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
+#ifndef DISTRO_SSL
if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+#endif
#ifndef OPENSSL_PRNG_ONLY
if (RAND_status() == 1) {