Bug#836910: jessie-pu: package kamailio/4.2.0-2+deb8u1

Sun, 11 Sep 2016 11:51:52 -0700 

On Wed, Sep  7, 2016 at 11:48:46 +0200, Victor Seva wrote:

> diff -Nru kamailio-4.2.0/debian/patches/fix_tls.patch 
> kamailio-4.2.0/debian/patches/fix_tls.patch
> --- kamailio-4.2.0/debian/patches/fix_tls.patch       1970-01-01 
> 01:00:00.000000000 +0100
> +++ kamailio-4.2.0/debian/patches/fix_tls.patch       2016-09-07 
> 10:00:32.000000000 +0200
> @@ -0,0 +1,34 @@
> +From 0a5f99b28d01d79cf2675df6d2a6220167e2476e Mon Sep 17 00:00:00 2001
> +From: Daniel-Constantin Mierla <mico...@gmail.com>
> +Date: Tue, 7 Jun 2016 15:21:06 +0200
> +Subject: [PATCH] tls: proper check of libssl versions used for compilation 
> and
> + available on system
> +
> +- shift out the last 12bits, being the patch version and status (see man
> +  SSLeay)
> +- reported by Victor Seva, GH #662
> +
> +(cherry picked from commit c38b4c7345a6806f48a0cdb07841e10bc962e1bf)
> +(cherry picked from commit 253909bf673c0a59e7adf578bb5df73eb157d0f2)
> +(cherry picked from commit 5632abc108bf8ed8157a77806ea80b962db3fa4f)
> +---
> + modules/tls/tls_init.c | 6 ++++--
> + 1 file changed, 4 insertions(+), 2 deletions(-)
> +
> +diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
> +index a381be1..7bfc10f 100644
> +--- a/modules/tls/tls_init.c
> ++++ b/modules/tls/tls_init.c
> +@@ -543,8 +543,10 @@ int init_tls_h(void)
> + #endif
> +     ssl_version=SSLeay();
> +     /* check if version have the same major minor and fix level
> +-     * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not) */
> +-    if ((ssl_version>>8)!=(OPENSSL_VERSION_NUMBER>>8)){
> ++     * (e.g. 0.9.8a & 0.9.8c are ok, but 0.9.8 and 0.9.9x are not)
> ++     * - values is represented as 0xMMNNFFPPS: major minor fix patch status
> ++     *   0x00090705f == 0.9.7e release */
> ++    if ((ssl_version>>12)!=(OPENSSL_VERSION_NUMBER>>12)){
> +             LOG(L_CRIT, "ERROR: tls: init_tls_h: installed openssl library "
> +                             "version is too different from the library the 
> ser tls module "
> +                             "was compiled with: installed \"%s\" (0x%08lx), 
> compiled "

TBH, this seems just as wrong; libssl has a SONAME for a reason, no need
to reinvent broken checks in each user.

Cheers,
Julien

Reply via email to