- (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running

openssh binaries on a newer fix release than they were compiled on. with and ok dtucker@
author: Damien Miller <djm@mindrot.org> 2012-03-30 11:34:27 +1100
committer: Damien Miller <djm@mindrot.org> 2012-03-30 11:34:27 +1100
commit: 4d55734c16aa104afea1e446788b3bc7a53999e6 (patch)
tree: 3f2f86d60703afe751ce5001b6df78f464115b49 /entropy.c
parent: 67ccc86506212c12e60bffd9a0e924a84800cf00 (diff)
download: openssh-git-4d55734c16aa104afea1e446788b3bc7a53999e6.tar.gz
1 files changed, 7 insertions, 2 deletions
diff --git a/entropy.c b/entropy.c
index 2d6d3ec5..2d483b39 100644
--- a/entropy.c
+++ b/entropy.c
@@ -211,9 +211,14 @@ seed_rng(void)
 #endif
 	/*
 	 * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
-	 * We match major, minor, fix and status (not patch)
+	 * We match major, minor, fix and status (not patch) for <1.0.0.
+	 * After that, we acceptable compatible fix versions (so we
+	 * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+	 * within a patch series.
 	 */
-	if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
+	u_long version_mask = SSLeay() >= 0x1000000f ?  ~0xffff0L : ~0xff0L;
+	if (((SSLeay() ^ OPENSSL_VERSION_NUMBER) & version_mask) ||
+	    (SSLeay() >> 12) < (OPENSSL_VERSION_NUMBER >> 12))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
 		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
author	Damien Miller <djm@mindrot.org>	2012-03-30 11:34:27 +1100
committer	Damien Miller <djm@mindrot.org>	2012-03-30 11:34:27 +1100
commit	4d55734c16aa104afea1e446788b3bc7a53999e6 (patch)
tree	3f2f86d60703afe751ce5001b6df78f464115b49 /entropy.c
parent	67ccc86506212c12e60bffd9a0e924a84800cf00 (diff)
download	openssh-git-4d55734c16aa104afea1e446788b3bc7a53999e6.tar.gz