From bb007f0b04c719fd2b846d177c3c4739fdb7c318 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 15 Mar 2023 06:20:30 +0000
Subject: gentoo auto-resync : 15:03:2023 - 06:20:30

---
 ...enssh-9.1_p2-openssl-version-compat-check.patch | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 net-misc/openssh/files/openssh-9.1_p2-openssl-version-compat-check.patch

(limited to 'net-misc/openssh/files/openssh-9.1_p2-openssl-version-compat-check.patch')

diff --git a/net-misc/openssh/files/openssh-9.1_p2-openssl-version-compat-check.patch b/net-misc/openssh/files/openssh-9.1_p2-openssl-version-compat-check.patch
new file mode 100644
index 000000000000..530d96e11ce2
--- /dev/null
+++ b/net-misc/openssh/files/openssh-9.1_p2-openssl-version-compat-check.patch
@@ -0,0 +1,42 @@
+https://bugzilla.mindrot.org/show_bug.cgi?id=3548
+--- a/openbsd-compat/openssl-compat.c
++++ b/openbsd-compat/openssl-compat.c
+@@ -33,10 +33,10 @@
+ 
+ /*
+  * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
+- * We match major, minor, fix and status (not patch) for <1.0.0.
+- * After that, we acceptable compatible fix versions (so we
+- * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed
+- * within a patch series.
++ * Versions >=3 require only major versions to match.
++ * For versions <3, we accept compatible fix versions (so we allow 1.0.1
++ * to work with 1.0.0). Going backwards is only allowed within a patch series.
++ * See https://www.openssl.org/policies/releasestrat.html
+  */
+ 
+ int
+@@ -48,15 +48,17 @@ ssh_compatible_openssl(long headerver, long libver)
+ 	if (headerver == libver)
+ 		return 1;
+ 
+-	/* for versions < 1.0.0, major,minor,fix,status must match */
+-	if (headerver < 0x1000000f) {
+-		mask = 0xfffff00fL; /* major,minor,fix,status */
++	/*
++	 * For versions >= 3.0, only the major and status must match.
++	 */
++	if (headerver >= 0x3000000f) {
++		mask = 0xf000000fL; /* major,status */
+ 		return (headerver & mask) == (libver & mask);
+ 	}
+ 
+ 	/*
+-	 * For versions >= 1.0.0, major,minor,status must match and library
+-	 * fix version must be equal to or newer than the header.
++	 * For versions >= 1.0.0, but <3, major,minor,status must match and
++	 * library fix version must be equal to or newer than the header.
+ 	 */
+ 	mask = 0xfff0000fL; /* major,minor,status */
+ 	hfix = (headerver & 0x000ff000) >> 12;
+
-- 
cgit v1.2.3