lock down to openssl version used at compile time to avoid fatal error
$ ssh localhost
OpenSSL version mismatch. Built against
1000008f, you have
1000105f
$ rpm -q --blink openssl openssh-clients
openssl-1.0.1e-1.x86_64.rpm
<= openssl-1.0.0j-1.x86_64.rpm
openssh-clients-5.9p1-9.x86_64.rpm
<= openssh-clients-5.9p1-8.x86_64.rpm
similar to neon fix:
http://git.pld-linux.org/?p=packages/neon.git;a=commitdiff;h=
00c6dbc2309d9d93db6a6f469fc8516981bdb405
openssh-6.2p2/entropy.c reads:
void
seed_rng(void)
{
#ifndef OPENSSL_PRNG_ONLY
unsigned char buf[RANDOM_SEED_SIZE];
#endif
/*
* OpenSSL version numbers: MNNFFPPS: major minor fix patch status
* We match major, minor, fix and status (not patch) for <1.0.0.
* After that, we acceptable compatible fix versions (so we
* allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
* within a patch series.
*/
u_long version_mask = SSLeay() >= 0x1000000f ? ~0xffff0L : ~0xff0L;
if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
(SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
fatal("OpenSSL version mismatch. Built against %lx, you "
"have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
projects / packages / openssh.git / commit