This one deserves a note. In the change to CHANGES, there's the

This one deserves a note.  In the change to CHANGES, there's the
following:

+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).

That makes this one a false positive.