From d18e1c1119cc5675c7e55ef5a9b7634b26fdef85 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 20 Dec 2023 11:31:43 +0100 Subject: [PATCH] Relax OpenSSH build-time checks for OpenSSL version Related: RHEL-4734 --- openssh-9.3p1-openssl-compat.patch | 12 ++++++++++++ openssh.spec | 2 ++ 2 files changed, 14 insertions(+) diff --git a/openssh-9.3p1-openssl-compat.patch b/openssh-9.3p1-openssl-compat.patch index cf512ef..0efbdec 100644 --- a/openssh-9.3p1-openssl-compat.patch +++ b/openssh-9.3p1-openssl-compat.patch @@ -38,3 +38,15 @@ */ mask = 0xfff0000fL; /* major,minor,status */ hfix = (headerver & 0x000ff000) >> 12; +diff -up openssh-8.7p1/configure.ac.check openssh-8.7p1/configure.ac +--- openssh-8.7p1/configure.ac.check 2023-11-27 14:54:32.959113758 +0100 ++++ openssh-8.7p1/configure.ac 2023-11-27 14:54:49.467500523 +0100 +@@ -2821,7 +2821,7 @@ if test "x$openssl" = "xyes" ; then + ;; + 101*) ;; # 1.1.x + 200*) ;; # LibreSSL +- 300*) ;; # OpenSSL development branch. ++ 30*) ;; # OpenSSL 3.x series + *) + AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) + ;; diff --git a/openssh.spec b/openssh.spec index f578982..a43e1cf 100644 --- a/openssh.spec +++ b/openssh.spec @@ -798,6 +798,8 @@ test -f %{sysconfig_anaconda} && \ * Wed Dec 20 2023 Dmitry Belyavskiy - 8.7p1-36 - Fix Terrapin attack Resolves: CVE-2023-48795 +- Relax OpenSSH build-time checks for OpenSSL version + Related: RHEL-4734 * Mon Oct 23 2023 Dmitry Belyavskiy - 8.7p1-35 - Relax OpenSSH checks for OpenSSL version