openssh 3.7.1p1 needs a patch to compile against openssl-0.9.7a

[Kevin B. Hendricks]

Hi,

I tried yum-update on openssh to get the latest security patch but it seems to 
come back with openssh-3.5 and not the very latest version openssh-3.7.1p1
that is the version with  the security fix.

Is this a mistake or have the required security patches been backported to 
this version?

Since I was unsure if all patches from 3.71 have made it into the 3.5 version 
available via yum update openssh, I decided to build my own form source.

The problem is that openssh source seems to be incompatible with changes done 
for openssl - 0.9.7a versus 0.9.6

I tried to build openssh-3.7.1p1 against openssl-0.9.7a that comes with YDL 3 
and found that openssl-0.9.7a libcrypto.so no longer exports BN_mod since it 
is now simply defined as:

#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))

in /usr/include/openssl/bn.h

But openssh-3.7.1p1/ in rsa.c and auth-rsa.c need this symbol to work (they do 
not include openssl/bn.h and so they expect BN_mod to be defined in 
libcrypto.so.0.9.7a but it is not.

So I had to add the define above to the openssh source in rsa.c and auth-rsa.c 
to get things to compile and link against openssl-0.9.7a

With that change in place it all seems to work.

Kevin