openssh 3.7.1p1 needs a patch to compile against openssl-0.9.7a
Kevin B. Hendricks
yellowdog-general@lists.terrasoftsolutions.com
Thu Sep 18 10:37:00 2003
Hi,
I tried yum-update on openssh to get the latest security patch but it seems to
come back with openssh-3.5 and not the very latest version openssh-3.7.1p1
that is the version with the security fix.
Is this a mistake or have the required security patches been backported to
this version?
Since I was unsure if all patches from 3.71 have made it into the 3.5 version
available via yum update openssh, I decided to build my own form source.
The problem is that openssh source seems to be incompatible with changes done
for openssl - 0.9.7a versus 0.9.6
I tried to build openssh-3.7.1p1 against openssl-0.9.7a that comes with YDL 3
and found that openssl-0.9.7a libcrypto.so no longer exports BN_mod since it
is now simply defined as:
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
in /usr/include/openssl/bn.h
But openssh-3.7.1p1/ in rsa.c and auth-rsa.c need this symbol to work (they do
not include openssl/bn.h and so they expect BN_mod to be defined in
libcrypto.so.0.9.7a but it is not.
So I had to add the define above to the openssh source in rsa.c and auth-rsa.c
to get things to compile and link against openssl-0.9.7a
With that change in place it all seems to work.
Kevin