net-misc/openssh/files/openssh-9.3_p1-openssl-version-compat-check.patch - third_party/overlays/portage-stable - Git at Google

 https://bugzilla.mindrot.org/show_bug.cgi?id=3548
 --- a/openbsd-compat/openssl-compat.c
 +++ b/openbsd-compat/openssl-compat.c
 @@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver)
  	if (headerver == libver)
  		return 1;

 -	/* for versions < 1.0.0, major,minor,fix,status must match */
 -	if (headerver < 0x1000000f) {
 -		mask = 0xfffff00fL; /* major,minor,fix,status */
 -		return (headerver & mask) == (libver & mask);
 +	/*
 +	 * For versions < 3.0.0, major,minor,status must match and library
 +	 * fix version must be equal to or newer than the header.
 +	 */
 +	if (headerver < 0x3000000f) {
 +		mask = 0xfff0000fL; /* major,minor,status */
 +		hfix = (headerver & 0x000ff000) >> 12;
 +		lfix = (libver & 0x000ff000) >> 12;
 +		if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
 +			return 1;
  	}

  	/*
 -	 * For versions >= 1.0.0, major,minor,status must match and library
 -	 * fix version must be equal to or newer than the header.
 +	 * For versions >= 3.0.0, major must match and minor,status must be
 +	 * equal to or greater than the header.
  	 */
 -	mask = 0xfff00000L; /* major,minor,status */
 -	hfix = (headerver & 0x000ff000) >> 12;
 -	lfix = (libver & 0x000ff000) >> 12;
 +	mask = 0xf000000fL; /* major, status */
 +	hfix = (headerver & 0x0ffffff0L) >> 12;
 +	lfix = (libver & 0x0ffffff0L) >> 12;
  	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
  		return 1;
  	return 0;
 --- a/openbsd-compat/regress/opensslvertest.c
 +++ b/openbsd-compat/regress/opensslvertest.c
 @@ -31,7 +31,7 @@ struct version_test {
  	{ 0x0090802fL, 0x0090804fL, 1},	/* newer library fix version: ok */
  	{ 0x0090802fL, 0x0090801fL, 1},	/* older library fix version: ok */
  	{ 0x0090802fL, 0x0090702fL, 0},	/* older library minor version: NO */
 -	{ 0x0090802fL, 0x0090902fL, 0},	/* newer library minor version: NO */
 +	{ 0x0090802fL, 0x0090902fL, 1},	/* newer library minor version: ok */
  	{ 0x0090802fL, 0x0080802fL, 0},	/* older library major version: NO */
  	{ 0x0090802fL, 0x1000100fL, 0},	/* newer library major version: NO */

 @@ -41,7 +41,7 @@ struct version_test {
  	{ 0x1000101fL, 0x1000100fL, 1},	/* older library patch version: ok */
  	{ 0x1000101fL, 0x1000201fL, 1},	/* newer library fix version: ok */
  	{ 0x1000101fL, 0x1000001fL, 0},	/* older library fix version: NO */
 -	{ 0x1000101fL, 0x1010101fL, 0},	/* newer library minor version: NO */
 +	{ 0x1000101fL, 0x1010101fL, 1},	/* newer library minor version: ok */
  	{ 0x1000101fL, 0x0000101fL, 0},	/* older library major version: NO */
  	{ 0x1000101fL, 0x2000101fL, 0},	/* newer library major version: NO */
  };
	https://bugzilla.mindrot.org/show_bug.cgi?id=3548
	--- a/openbsd-compat/openssl-compat.c
	+++ b/openbsd-compat/openssl-compat.c
	@@ -48,19 +48,25 @@ ssh_compatible_openssl(long headerver, long libver)
	if (headerver == libver)
	return 1;

	- /* for versions < 1.0.0, major,minor,fix,status must match */
	- if (headerver < 0x1000000f) {
	- mask = 0xfffff00fL; /* major,minor,fix,status */
	- return (headerver & mask) == (libver & mask);
	+ /*
	+ * For versions < 3.0.0, major,minor,status must match and library
	+ * fix version must be equal to or newer than the header.
	+ */
	+ if (headerver < 0x3000000f) {
	+ mask = 0xfff0000fL; /* major,minor,status */
	+ hfix = (headerver & 0x000ff000) >> 12;
	+ lfix = (libver & 0x000ff000) >> 12;
	+ if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
	+ return 1;
	}

	/*
	- * For versions >= 1.0.0, major,minor,status must match and library
	- * fix version must be equal to or newer than the header.
	+ * For versions >= 3.0.0, major must match and minor,status must be
	+ * equal to or greater than the header.
	*/
	- mask = 0xfff00000L; /* major,minor,status */
	- hfix = (headerver & 0x000ff000) >> 12;
	- lfix = (libver & 0x000ff000) >> 12;
	+ mask = 0xf000000fL; /* major, status */
	+ hfix = (headerver & 0x0ffffff0L) >> 12;
	+ lfix = (libver & 0x0ffffff0L) >> 12;
	if ( (headerver & mask) == (libver & mask) && lfix >= hfix)
	return 1;
	return 0;
	--- a/openbsd-compat/regress/opensslvertest.c
	+++ b/openbsd-compat/regress/opensslvertest.c
	@@ -31,7 +31,7 @@ struct version_test {
	{ 0x0090802fL, 0x0090804fL, 1}, /* newer library fix version: ok */
	{ 0x0090802fL, 0x0090801fL, 1}, /* older library fix version: ok */
	{ 0x0090802fL, 0x0090702fL, 0}, /* older library minor version: NO */
	- { 0x0090802fL, 0x0090902fL, 0}, /* newer library minor version: NO */
	+ { 0x0090802fL, 0x0090902fL, 1}, /* newer library minor version: ok */
	{ 0x0090802fL, 0x0080802fL, 0}, /* older library major version: NO */
	{ 0x0090802fL, 0x1000100fL, 0}, /* newer library major version: NO */

	@@ -41,7 +41,7 @@ struct version_test {
	{ 0x1000101fL, 0x1000100fL, 1}, /* older library patch version: ok */
	{ 0x1000101fL, 0x1000201fL, 1}, /* newer library fix version: ok */
	{ 0x1000101fL, 0x1000001fL, 0}, /* older library fix version: NO */
	- { 0x1000101fL, 0x1010101fL, 0}, /* newer library minor version: NO */
	+ { 0x1000101fL, 0x1010101fL, 1}, /* newer library minor version: ok */
	{ 0x1000101fL, 0x0000101fL, 0}, /* older library major version: NO */
	{ 0x1000101fL, 0x2000101fL, 0}, /* newer library major version: NO */
	};