control: reassign -1 src:openssh 1:9.2p1-2
control: affects -1 openssl
control: tags -1 patch upstream
control: forwarded -1 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-May/040746.html

On 2023-05-06 21:08:52 [+0200], eric wrote:
> Package: openssl
> Version: 3.1.0-1
> Severity: important
> 
> 
> After install, restarting services failed. rebooting led to sddm restarting
> after entering password.
> 
> Downgrading to unstable version (3.0.8-1) fixes the problem. However you have 
> to
> start wifi via nmcli from command line if you use Network-Manager.

I retried it and it appears to be openssh. It might be the part with the
X on startup starts the ssh agent and this fails since the ssh command
itself aborts due to the version check.

I kept the severity as reported but it only affects openssl in
experimental.

Sebastian
From: Sebastian Andrzej Siewior <[email protected]>
Date: Sun, 7 May 2023 18:18:08 +0200
Subject: [PATCH] compat: Relax version check with OpenSSL 3.0+

OpenSSL 3.1.0 uses the same ABI as OpenSSL 3.0.x series. Further 3.1.x
release are just stable updates and no ABI change (is expected) just
like the 3.0.x series.

Relax the version check for OpenSSL 3+ and rely on ABI compatibility.

Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
---
 openbsd-compat/openssl-compat.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index c1749210d586f..5b35253f1d19b 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -54,6 +54,10 @@ ssh_compatible_openssl(long headerver, long libver)
 		return (headerver & mask) == (libver & mask);
 	}
 
+	/* for versions > 3.0.0, we rely on upstream's ABI */
+	if (headerver > 0x3000000f)
+		return 1;
+
 	/*
 	 * For versions >= 1.0.0, major,minor must match and library
 	 * fix version must be equal to or newer than the header.
-- 
2.40.1

Reply via email to