openssh 3.7.1p1 needs a patch to compile against openssl-0.9.7a
Dan Burcaw
yellowdog-general@lists.terrasoftsolutions.com
Thu Sep 18 12:30:00 2003
Kevin,
Yes, they've been backported.
Regards,
Dan
On Thu, 2003-09-18 at 10:32, Kevin B. Hendricks wrote:
> Hi,
>
> I tried yum-update on openssh to get the latest security patch but it seems to
> come back with openssh-3.5 and not the very latest version openssh-3.7.1p1
> that is the version with the security fix.
>
> Is this a mistake or have the required security patches been backported to
> this version?
>
> Since I was unsure if all patches from 3.71 have made it into the 3.5 version
> available via yum update openssh, I decided to build my own form source.
>
> The problem is that openssh source seems to be incompatible with changes done
> for openssl - 0.9.7a versus 0.9.6
>
> I tried to build openssh-3.7.1p1 against openssl-0.9.7a that comes with YDL 3
> and found that openssl-0.9.7a libcrypto.so no longer exports BN_mod since it
> is now simply defined as:
>
> #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
>
> in /usr/include/openssl/bn.h
>
> But openssh-3.7.1p1/ in rsa.c and auth-rsa.c need this symbol to work (they do
> not include openssl/bn.h and so they expect BN_mod to be defined in
> libcrypto.so.0.9.7a but it is not.
>
> So I had to add the define above to the openssh source in rsa.c and auth-rsa.c
> to get things to compile and link against openssl-0.9.7a
>
> With that change in place it all seems to work.
>
> Kevin
>
> _______________________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general