# HG changeset patch # Parent 4821397c95e57962905e6d47554bef9e4ea57483 disable run-time check for OpenSSL ABI by version number as that is not a reliable indicator of ABI changes and doesn't make much sense in a distribution package diff --git a/openssh-7.2p2/configure.ac b/openssh-7.2p2/configure.ac --- a/openssh-7.2p2/configure.ac +++ b/openssh-7.2p2/configure.ac @@ -4663,16 +4663,29 @@ AC_ARG_WITH([bsd-auth], if test "x$withval" != "xno" ; then AC_DEFINE([BSD_AUTH], [1], [Define if you have BSD auth support]) BSD_AUTH_MSG=yes fi ] ) +# Whether we are using distribution (Open)SSL, so no runtime checks are necessary +DISTRO_SSL=no +AC_ARG_WITH([distro-ssl], + [ --with-distro-ssl Disable runtime OpenSSL version checks (good for distributions)], + [ + if test "x$withval" != "xno" ; then + AC_DEFINE([DISTRO_SSL], [1], + [Define if you are using distribution SSL library and don;t expect its API/ABI to change]) + DISTRO_SSL=yes + fi + ] +) + # Where to place sshd.pid piddir=/var/run # make sure the directory exists if test ! -d $piddir ; then piddir=`eval echo ${sysconfdir}` case $piddir in NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;; esac diff --git a/openssh-7.2p2/entropy.c b/openssh-7.2p2/entropy.c --- a/openssh-7.2p2/entropy.c +++ b/openssh-7.2p2/entropy.c @@ -209,19 +209,21 @@ rexec_recv_rng_seed(Buffer *m) #endif /* OPENSSL_PRNG_ONLY */ void seed_rng(void) { #ifndef OPENSSL_PRNG_ONLY unsigned char buf[RANDOM_SEED_SIZE]; #endif +#ifndef DISTRO_SSL if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay())) fatal("OpenSSL version mismatch. Built against %lx, you " "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); +#endif #ifndef OPENSSL_PRNG_ONLY if (RAND_status() == 1) { debug3("RNG is ready, skipping seeding"); return; } if (seed_from_prngd(buf, sizeof(buf)) == -1)