diff options
author | David Seifert <soap@gentoo.org> | 2023-05-08 22:56:02 +0200 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2023-05-11 21:03:18 +0100 |
commit | f23d1796f90a0981b4b31a97260cf97a5ed72180 (patch) | |
tree | 7d376ed61ec476ef7a3815a1263cf8f08ca3cdbb /net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch | |
parent | media-libs/mesa: Stabilize 23.0.3-r1 amd64, #906134 (diff) | |
download | gentoo-f23d1796f90a0981b4b31a97260cf97a5ed72180.tar.gz gentoo-f23d1796f90a0981b4b31a97260cf97a5ed72180.tar.bz2 gentoo-f23d1796f90a0981b4b31a97260cf97a5ed72180.zip |
net-misc/openssh-contrib: new package, add 9.3_p1
This package will include the three big third-party patch series for
HPN/SCTP/X509 functionality in OpenSSH. Historically, these patches
have caused numerous issues for users in the OpenSSH package and they
are of questionable quality. By maintaining these patches in a
separate package, we can minimize the effect of them on the garden
path, which should be to provide our users with a minimally patched
OpenSSH experience. Furthermore, since vanilla OpenSSH package will
not require a large chunk of rebasing for these patches, we can more
easily bump OpenSSH for new releases.
Signed-off-by: David Seifert <soap@gentoo.org>
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch')
-rw-r--r-- | net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch b/net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch new file mode 100644 index 000000000000..b571ae253fff --- /dev/null +++ b/net-misc/openssh-contrib/files/openssh-9.3_p1-openssl-version-compat-check.patch @@ -0,0 +1,58 @@ +https://bugzilla.mindrot.org/show_bug.cgi?id=3548 +--- a/openbsd-compat/openssl-compat.c ++++ b/openbsd-compat/openssl-compat.c +@@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver) + if (headerver == libver) + return 1; + +- /* for versions < 1.0.0, major,minor,fix,status must match */ +- if (headerver < 0x1000000f) { +- mask = 0xfffff00fL; /* major,minor,fix,status */ +- return (headerver & mask) == (libver & mask); ++ /* ++ * For versions < 3.0.0, major,minor,status must match and library ++ * fix version must be equal to or newer than the header. ++ */ ++ if (headerver < 0x3000000f) { ++ mask = 0xfff0000fL; /* major,minor,status */ ++ hfix = (headerver & 0x000ff000) >> 12; ++ lfix = (libver & 0x000ff000) >> 12; ++ if ( (headerver & mask) == (libver & mask) && lfix >= hfix) ++ return 1; + } + + /* +- * For versions >= 1.0.0, major,minor,status must match and library +- * fix version must be equal to or newer than the header. ++ * For versions >= 3.0.0, major must match and minor,status must be ++ * equal to or greater than the header. + */ +- mask = 0xfff00000L; /* major,minor,status */ +- hfix = (headerver & 0x000ff000) >> 12; +- lfix = (libver & 0x000ff000) >> 12; ++ mask = 0xf000000fL; /* major, status */ ++ hfix = (headerver & 0x0ffffff0L) >> 12; ++ lfix = (libver & 0x0ffffff0L) >> 12; + if ( (headerver & mask) == (libver & mask) && lfix >= hfix) + return 1; + return 0; +--- a/openbsd-compat/regress/opensslvertest.c ++++ b/openbsd-compat/regress/opensslvertest.c +@@ -31,7 +31,7 @@ struct version_test { + { 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */ + { 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */ + { 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */ +- { 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */ ++ { 0x0090802fL, 0x0090902fL, 1}, /* newer library minor version: ok */ + { 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */ + { 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */ + +@@ -41,7 +41,7 @@ struct version_test { + { 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */ + { 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */ + { 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */ +- { 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */ ++ { 0x1000101fL, 0x1010101fL, 1}, /* newer library minor version: ok */ + { 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */ + { 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */ + }; |