diff options
| author | Eray Aslan <eras@gentoo.org> | 2024-10-05 09:23:47 +0200 |
|---|---|---|
| committer | Eray Aslan <eras@gentoo.org> | 2024-10-05 09:53:39 +0200 |
| commit | c16397904a998b5f011a6870e9d35d98b21e2e0c (patch) | |
| tree | 887b99ba2fe5f543030d22f2d693b139f7dd532d /mail-mta/postfix/files/openssl-compatibility-warning.patch | |
| parent | 6bba8fe8e808f871e151e22727bdd07cdede4a45 (diff) | |
| download | gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.tar.gz gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.tar.bz2 gentoo-c16397904a998b5f011a6870e9d35d98b21e2e0c.zip | |
mail-mta/postfix: backport fix for too eager warning
do not log a warning for minor version changes for openssl >= 3.0.0. The
overall warning logic is:
when the OpenSSL library compile-time version
differs from the run-time version, allow forward-compatible
minor version differences with OpenSSL >= 3.x.x, allow
forward-compatible micro version differences with OpenSSL
1.1.x, and allow no version difference with OpenSSL <=
1.0.x. Otherwise, log a potential version mismatch warning
Closes: https://bugs.gentoo.org/940708
Signed-off-by: Eray Aslan <eras@gentoo.org>
Diffstat (limited to 'mail-mta/postfix/files/openssl-compatibility-warning.patch')
| -rw-r--r-- | mail-mta/postfix/files/openssl-compatibility-warning.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/mail-mta/postfix/files/openssl-compatibility-warning.patch b/mail-mta/postfix/files/openssl-compatibility-warning.patch new file mode 100644 index 000000000000..275efed85971 --- /dev/null +++ b/mail-mta/postfix/files/openssl-compatibility-warning.patch @@ -0,0 +1,40 @@ +# bug 940708 +--- postfix-3.9.0/src/tls/tls_misc.c 2023-08-07 15:42:24.000000000 +0200 ++++ postfix-3.10_pre20240612/work/postfix-3.10-20240612/src/tls/tls_misc.c 2024-06-12 17:59:54.000000000 +0200 +@@ -1433,20 +1433,29 @@ + { + TLS_VINFO hdr_info; + TLS_VINFO lib_info; ++ int warn_compat = 0; + + tls_version_split(OPENSSL_VERSION_NUMBER, &hdr_info); + tls_version_split(OpenSSL_version_num(), &lib_info); + + /* + * Warn if run-time library is different from compile-time library, +- * allowing later run-time "micro" versions starting with 1.1.0. ++ * allowing later run-time "micro" versions starting with 1.1.0, and ++ * later minor numbers starting with 3.0.0. + */ +- if (lib_info.major != hdr_info.major +- || lib_info.minor != hdr_info.minor +- || (lib_info.micro != hdr_info.micro +- && (lib_info.micro < hdr_info.micro +- || hdr_info.major == 0 +- || (hdr_info.major == 1 && hdr_info.minor == 0)))) ++ if (hdr_info.major >= 3) { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor < hdr_info.minor; ++ } else if (hdr_info.major == 1 && hdr_info.minor != 0) { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor != hdr_info.minor ++ || lib_info.micro < hdr_info.micro; ++ } else { ++ warn_compat = lib_info.major != hdr_info.major ++ || lib_info.minor != hdr_info.minor ++ || lib_info.micro != hdr_info.micro; ++ } ++ if (warn_compat) + msg_warn("run-time library vs. compile-time header version mismatch: " + "OpenSSL %d.%d.%d may not be compatible with OpenSSL %d.%d.%d", + lib_info.major, lib_info.minor, lib_info.micro, |