commit: d36ce79317be230c6559f8e1abba88095f998fb1
parent 0dbae24a86415b956640738c921ddc4079a424c3
Author: Michael Forney <mforney@mforney.org>
Date: Wed, 22 Apr 2020 02:19:18 -0700
openssh: Update to latest git and port to BearSSL
Diffstat:
9 files changed, 17 insertions(+), 308 deletions(-)
diff --git a/.gitmodules b/.gitmodules
@@ -223,8 +223,7 @@
ignore = all
[submodule "pkg/openssh/src"]
path = pkg/openssh/src
- url = https://github.com/openssh/openssh-portable
- ignore = all
+ url = https://github.com/oasislinux/openssh.git
[submodule "pkg/pigz/src"]
path = pkg/pigz/src
url = https://github.com/madler/pigz
diff --git a/pkg/openssh/README.md b/pkg/openssh/README.md
@@ -9,6 +9,7 @@ Generated with
--enable-security-key \
--without-pie \
--with-security-key-builtin \
+ --with-bearssl \
CPPFLAGS='-I/src/oasis/pkg/openbsd/include -I/src/oasis/out/pkg/libfido2/include -I/src/oasis/out/pkg/zlib/include' \
LDFLAGS='-L/src/oasis/out/pkg/libressl -L/src/oasis/out/pkg/openbsd -L/src/oasis/out/pkg/libfido2 -L/src/oasis/out/pkg/libcbor -L/src/oasis/out/pkg/zlib' \
LIBS='-lcrypto -lbsd'
diff --git a/pkg/openssh/config.h b/pkg/openssh/config.h
@@ -93,7 +93,6 @@
/* #undef HAVE_BLOWFISH_EXPANDSTATE */
/* #undef HAVE_BLOWFISH_INITSTATE */
/* #undef HAVE_BLOWFISH_STREAM2WORD */
-#define HAVE_BN_IS_PRIME_EX 1
/* #undef HAVE_BSD_LIBUTIL_H */
/* #undef HAVE_BSM_AUDIT_H */
/* #undef HAVE_BSTRING_H */
@@ -106,7 +105,7 @@
/* #undef HAVE_CLOSEFROM */
#define HAVE_CONST_GAI_STRERROR_PROTO 1
#define HAVE_CONTROL_IN_MSGHDR 1
-#define HAVE_CRYPT 1
+/* #undef HAVE_CRYPT */
/* #undef HAVE_CRYPTO_SHA2_H */
#define HAVE_CRYPT_H 1
/* #undef HAVE_CYGWIN */
@@ -114,6 +113,7 @@
#define HAVE_DECL_AI_NUMERICSERV 1
/* #undef HAVE_DECL_AUTHENTICATE */
#define HAVE_DECL_BZERO 1
+#define HAVE_DECL_GETPEEREID 0
#define HAVE_DECL_GLOB_NOMATCH 1
/* #undef HAVE_DECL_GSS_C_NT_HOSTBASED_SERVICE */
#define HAVE_DECL_HOWMANY 1
@@ -134,28 +134,12 @@
#define HAVE_DECL_WRITEV 1
#define HAVE_DECL__GETLONG 0
#define HAVE_DECL__GETSHORT 0
-#define HAVE_DES_CRYPT 1
/* #undef HAVE_DEV_PTMX */
/* #undef HAVE_DEV_PTS_AND_PTC */
-#define HAVE_DH_GET0_KEY 1
-#define HAVE_DH_GET0_PQG 1
-#define HAVE_DH_SET0_KEY 1
-#define HAVE_DH_SET0_PQG 1
-#define HAVE_DH_SET_LENGTH 1
#define HAVE_DIRENT_H 1
#define HAVE_DIRFD 1
#define HAVE_DIRNAME 1
#define HAVE_DLOPEN 1
-#define HAVE_DSA_GENERATE_PARAMETERS_EX 1
-#define HAVE_DSA_GET0_KEY 1
-#define HAVE_DSA_GET0_PQG 1
-#define HAVE_DSA_SET0_KEY 1
-#define HAVE_DSA_SET0_PQG 1
-#define HAVE_DSA_SIG_GET0 1
-#define HAVE_DSA_SIG_SET0 1
-#define HAVE_ECDSA_SIG_GET0 1
-#define HAVE_ECDSA_SIG_SET0 1
-#define HAVE_EC_KEY_METHOD_NEW 1
#define HAVE_ELF_H 1
#define HAVE_ENDGRENT 1
#define HAVE_ENDIAN_H 1
@@ -165,22 +149,6 @@
#define HAVE_ERRX 1
#define HAVE_ERR_H 1
/* #undef HAVE_ETC_DEFAULT_LOGIN */
-#define HAVE_EVP_CIPHER_CTX_CTRL 1
-#define HAVE_EVP_CIPHER_CTX_GET_IV 1
-/* #undef HAVE_EVP_CIPHER_CTX_IV */
-/* #undef HAVE_EVP_CIPHER_CTX_IV_NOCONST */
-#define HAVE_EVP_CIPHER_CTX_SET_IV 1
-#define HAVE_EVP_DIGESTFINAL_EX 1
-#define HAVE_EVP_DIGESTINIT_EX 1
-#define HAVE_EVP_MD_CTX_CLEANUP 1
-#define HAVE_EVP_MD_CTX_COPY_EX 1
-#define HAVE_EVP_MD_CTX_FREE 1
-#define HAVE_EVP_MD_CTX_INIT 1
-#define HAVE_EVP_MD_CTX_NEW 1
-#define HAVE_EVP_PKEY_GET0_RSA 1
-#define HAVE_EVP_SHA256 1
-#define HAVE_EVP_SHA384 1
-#define HAVE_EVP_SHA512 1
#define HAVE_EXIT_IN_UTMP 1
#define HAVE_EXPLICIT_BZERO 1
#define HAVE_FCHMOD 1
@@ -248,7 +216,6 @@
/* #undef HAVE_GSSAPI_H */
/* #undef HAVE_GSSAPI_KRB5_H */
#define HAVE_HEADER_AD 1
-#define HAVE_HMAC_CTX_INIT 1
#define HAVE_HOST_IN_UTMP 1
#define HAVE_HOST_IN_UTMPX 1
/* #undef HAVE_IAF_H */
@@ -275,7 +242,6 @@
/* #undef HAVE_LDNS */
/* #undef HAVE_LIBAUDIT_H */
/* #undef HAVE_LIBBSM */
-/* #undef HAVE_LIBCRYPT */
/* #undef HAVE_LIBDL */
#define HAVE_LIBGEN_H 1
/* #undef HAVE_LIBIAF */
@@ -328,10 +294,6 @@
/* #undef HAVE_OLD_PAM */
/* #undef HAVE_OPENLOG_R */
#define HAVE_OPENPTY 1
-#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1
-#define HAVE_OPENSSL_INIT_CRYPTO 1
-#define HAVE_OPENSSL_VERSION 1
-#define HAVE_OPENSSL_VERSION_NUM 1
/* #undef HAVE_OSF_SIA */
/* #undef HAVE_PAM_GETENVLIST */
/* #undef HAVE_PAM_PAM_APPL_H */
@@ -362,21 +324,6 @@
#define HAVE_RLIMIT_NPROC /**/
/* #undef HAVE_RPC_TYPES_H */
/* #undef HAVE_RRESVPORT_AF */
-#define HAVE_RSA_GENERATE_KEY_EX 1
-#define HAVE_RSA_GET0_CRT_PARAMS 1
-#define HAVE_RSA_GET0_FACTORS 1
-#define HAVE_RSA_GET0_KEY 1
-#define HAVE_RSA_GET_DEFAULT_METHOD 1
-#define HAVE_RSA_METH_DUP 1
-#define HAVE_RSA_METH_FREE 1
-#define HAVE_RSA_METH_GET_FINISH 1
-#define HAVE_RSA_METH_SET1_NAME 1
-#define HAVE_RSA_METH_SET_FINISH 1
-#define HAVE_RSA_METH_SET_PRIV_DEC 1
-#define HAVE_RSA_METH_SET_PRIV_ENC 1
-#define HAVE_RSA_SET0_CRT_PARAMS 1
-#define HAVE_RSA_SET0_FACTORS 1
-#define HAVE_RSA_SET0_KEY 1
/* #undef HAVE_SANDBOX_H */
/* #undef HAVE_SANDBOX_INIT */
#define HAVE_SA_FAMILY_T 1
@@ -577,15 +524,6 @@
/* #undef NO_ATTRIBUTE_ON_RETURN_TYPE */
/* #undef NO_UID_RESTORATION_TEST */
/* #undef NO_X11_UNIX_SOCKETS */
-/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */
-#define OPENSSL_HAS_ECC 1
-#define OPENSSL_HAS_NISTP256 1
-#define OPENSSL_HAS_NISTP384 1
-#define OPENSSL_HAS_NISTP521 1
-#define OPENSSL_HAVE_EVPCTR 1
-#define OPENSSL_HAVE_EVPGCM 1
-/* #undef OPENSSL_LOBOTOMISED_AES */
-#define OPENSSL_PRNG_ONLY 1
#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org"
#define PACKAGE_NAME "OpenSSH"
#define PACKAGE_STRING "OpenSSH Portable"
@@ -596,8 +534,6 @@
#define PAM_TTY_KLUDGE 1
/* #undef PASSWD_NEEDS_USERNAME */
/* #undef PLATFORM_SYS_DIR_UID */
-/* #undef PRNGD_PORT */
-/* #undef PRNGD_SOCKET */
/* #undef PTY_ZEROREAD */
/* #undef SANDBOX_CAPSICUM */
/* #undef SANDBOX_DARWIN */
@@ -638,7 +574,6 @@
#define USE_BTMP 1
/* #undef USE_LIBEDIT */
/* #undef USE_LINUX_AUDIT */
-/* #undef USE_OPENSSL_ENGINE */
/* #undef USE_PAM */
/* #undef USE_PIPES */
/* #undef USE_SOLARIS_PRIVS */
@@ -646,11 +581,11 @@
/* #undef USE_SOLARIS_PROJECTS */
/* #undef WITH_ABBREV_NO_TTY */
/* #undef WITH_AIXAUTHENTICATE */
+#define WITH_BEARSSL 1
/* #undef WITH_IRIX_ARRAY */
/* #undef WITH_IRIX_AUDIT */
/* #undef WITH_IRIX_JOBS */
/* #undef WITH_IRIX_PROJECT */
-#define WITH_OPENSSL 1
/* #undef WITH_SELINUX */
#define WITH_ZLIB 1
#if defined AC_APPLE_UNIVERSAL_BUILD
diff --git a/pkg/openssh/gen.lua b/pkg/openssh/gen.lua
@@ -10,16 +10,16 @@ cflags{
'-I $dir',
'-I $srcdir',
'-I $basedir/pkg/openbsd/include',
+ '-I $builddir/pkg/bearssl/include',
'-I $builddir/pkg/libfido2/include',
- '-I $builddir/pkg/libressl/include',
'-I $builddir/pkg/linux-headers/include',
'-I $builddir/pkg/zlib/include',
'-idirafter $srcdir/openbsd-compat',
}
pkg.deps = {
+ 'pkg/bearssl/headers',
'pkg/libfido2/headers',
- 'pkg/libressl/headers',
'pkg/linux-headers/headers',
'pkg/zlib/headers',
}
@@ -38,8 +38,8 @@ lib('libopenbsd-compat.a', [[openbsd-compat/(
bsd-flock.c bsd-getpagesize.c bsd-getpeereid.c bsd-malloc.c bsd-misc.c
bsd-nextstep.c bsd-openpty.c bsd-poll.c bsd-setres_id.c bsd-signal.c
bsd-snprintf.c bsd-statvfs.c bsd-waitpid.c fake-rfc2553.c
- getrrsetbyname-ldns.c kludge-fd_set.c openssl-compat.c
- libressl-api-compat.c xcrypt.c
+ getrrsetbyname-ldns.c kludge-fd_set.c
+ xcrypt.c
port-aix.c port-irix.c port-linux.c port-solaris.c port-net.c port-uw.c
)]])
@@ -53,7 +53,6 @@ lib('libssh.a', [[
sshkey.c
sshbuf-getput-basic.c
sshbuf-misc.c
- sshbuf-getput-crypto.c
krl.c
bitmap.c
@@ -67,17 +66,17 @@ lib('libssh.a', [[
authfd.c authfile.c
canohost.c channels.c cipher.c cipher-aes.c cipher-aesctr.c
- cipher-ctr.c cleanup.c
+ cleanup.c
compat.c fatal.c hostfile.c
log.c match.c moduli.c nchan.c packet.c
readpass.c ttymodes.c xmalloc.c addrmatch.c
atomicio.c dispatch.c mac.c misc.c utf8.c
- monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-ecdsa-sk.c
+ monitor_fdpass.c rijndael.c ssh-ecdsa.c ssh-ecdsa-sk.c
ssh-ed25519-sk.c ssh-rsa.c dh.c
msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c umac128.c
ssh-pkcs11.c smult_curve25519_ref.c
- poly1305.c chacha.c cipher-chachapoly.c
- ssh-ed25519.c digest-openssl.c digest-libc.c
+ poly1305.c chacha.c cipher-chachapoly.c cipher-chachapoly-bearssl.c
+ ssh-ed25519.c digest-bearssl.c digest-libc.c
hmac.c sc25519.c ge25519.c fe25519.c ed25519.c verify.c hash.c
kex.c kexdh.c kexgex.c kexecdh.c kexc25519.c
kexgexc.c kexgexs.c
@@ -88,8 +87,9 @@ lib('libssh.a', [[
ssh-sk-client.c
libopenbsd-compat.a
- $builddir/pkg/(libressl/libcrypto.a.d zlib/libz.a)
- $builddir/pkg/(libfido2/libfido2.a.d)
+ $builddir/pkg/bearssl/libbearssl.a
+ $builddir/pkg/libfido2/libfido2.a.d
+ $builddir/pkg/zlib/libz.a
]])
exe('ssh', [[
diff --git a/pkg/openssh/patch/0001-Include-stdlib.h-for-arc4random_uniform.patch b/pkg/openssh/patch/0001-Include-stdlib.h-for-arc4random_uniform.patch
@@ -1,24 +0,0 @@
-From 8e035c27bf466534db0b9233cb038973b1f9ffc5 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 19 Jun 2019 20:06:29 -0700
-Subject: [PATCH] Include stdlib.h for arc4random_uniform
-
----
- openbsd-compat/bindresvport.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c
-index eeb269d5..346c7fe5 100644
---- a/openbsd-compat/bindresvport.c
-+++ b/openbsd-compat/bindresvport.c
-@@ -40,6 +40,7 @@
- #include <arpa/inet.h>
-
- #include <errno.h>
-+#include <stdlib.h>
- #include <string.h>
-
- #define STARTPORT 600
---
-2.20.1
-
diff --git a/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch b/pkg/openssh/patch/0002-printf-p-specifier-requires-void-argument.patch
@@ -1,133 +0,0 @@
-From de0c266e353663043097e1a8bc3a8959f1ee2bcd Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 27 Nov 2019 19:16:26 -0800
-Subject: [PATCH] printf %p specifier requires `void *` argument
-
----
- monitor.c | 4 ++--
- session.c | 2 +-
- ssh-pkcs11-helper.c | 2 +-
- ssh-pkcs11.c | 16 +++++++++-------
- sshbuf-misc.c | 2 +-
- 5 files changed, 14 insertions(+), 12 deletions(-)
-
-diff --git a/monitor.c b/monitor.c
-index dc6d78d3..d5c91465 100644
---- a/monitor.c
-+++ b/monitor.c
-@@ -1166,7 +1166,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
- (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
- fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
-- debug3("%s: key_from_blob: %p", __func__, key);
-+ debug3("%s: key_from_blob: %p", __func__, (void *)key);
-
- if (key != NULL && authctxt->valid) {
- /* These should not make it past the privsep child */
-@@ -1434,7 +1434,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
-
- ret = sshkey_verify(key, signature, signaturelen, data, datalen,
- sigalg, ssh->compat, &sig_details);
-- debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
-+ debug3("%s: %s %p signature %s%s%s", __func__, auth_method, (void *)key,
- (ret == 0) ? "verified" : "unverified",
- (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
-
-diff --git a/session.c b/session.c
-index 8c0e54f7..86e02fb0 100644
---- a/session.c
-+++ b/session.c
-@@ -1791,7 +1791,7 @@ session_dump(void)
- s->used,
- s->next_unused,
- s->self,
-- s,
-+ (void *)s,
- s->chanid,
- (long)s->pid);
- }
-diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
-index 17220d62..9269cc25 100644
---- a/ssh-pkcs11-helper.c
-+++ b/ssh-pkcs11-helper.c
-@@ -98,7 +98,7 @@ lookup_key(struct sshkey *k)
- struct pkcs11_keyinfo *ki;
-
- TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
-- debug("check %p %s %s", ki, ki->providername, ki->label);
-+ debug("check %p %s %s", (void *)ki, ki->providername, ki->label);
- if (sshkey_equal(k, ki->key))
- return (ki->key);
- }
-diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
-index a302c79c..255534ba 100644
---- a/ssh-pkcs11.c
-+++ b/ssh-pkcs11.c
-@@ -112,7 +112,7 @@ pkcs11_provider_finalize(struct pkcs11_provider *p)
- CK_ULONG i;
-
- debug("pkcs11_provider_finalize: %p refcount %d valid %d",
-- p, p->refcount, p->valid);
-+ (void *)p, p->refcount, p->valid);
- if (!p->valid)
- return;
- for (i = 0; i < p->nslots; i++) {
-@@ -135,10 +135,12 @@ pkcs11_provider_finalize(struct pkcs11_provider *p)
- static void
- pkcs11_provider_unref(struct pkcs11_provider *p)
- {
-- debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
-+ debug("pkcs11_provider_unref: %p refcount %d", (void *)p, p->refcount);
- if (--p->refcount <= 0) {
-- if (p->valid)
-- error("pkcs11_provider_unref: %p still valid", p);
-+ if (p->valid) {
-+ error("pkcs11_provider_unref: %p still valid",
-+ (void *)p);
-+ }
- free(p->name);
- free(p->slotlist);
- free(p->slotinfo);
-@@ -166,7 +168,7 @@ pkcs11_provider_lookup(char *provider_id)
- struct pkcs11_provider *p;
-
- TAILQ_FOREACH(p, &pkcs11_providers, next) {
-- debug("check %p %s", p, p->name);
-+ debug("check %p %s", (void *)p, p->name);
- if (!strcmp(provider_id, p->name))
- return (p);
- }
-@@ -323,7 +325,7 @@ pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj,
- }
- *val = flag != 0;
- debug("%s: provider %p slot %lu object %lu: attrib %lu = %d",
-- __func__, k11->provider, k11->slotidx, obj, type, *val);
-+ __func__, (void *)k11->provider, k11->slotidx, obj, type, *val);
- return (0);
- }
-
-@@ -415,7 +417,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
- int rval = -1;
-
- if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {
-- error("RSA_get_ex_data failed for rsa %p", rsa);
-+ error("RSA_get_ex_data failed for rsa %p", (void *)rsa);
- return (-1);
- }
-
-diff --git a/sshbuf-misc.c b/sshbuf-misc.c
-index c0336e86..a0e01a80 100644
---- a/sshbuf-misc.c
-+++ b/sshbuf-misc.c
-@@ -65,7 +65,7 @@ sshbuf_dump_data(const void *s, size_t len, FILE *f)
- void
- sshbuf_dump(struct sshbuf *buf, FILE *f)
- {
-- fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf));
-+ fprintf(f, "buffer %p len = %zu\n", (void *)buf, sshbuf_len(buf));
- sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f);
- }
-
---
-2.25.0
-
diff --git a/pkg/openssh/patch/0003-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch b/pkg/openssh/patch/0003-Remove-trailing-semicolon-after-RB_GENERATE_STATIC.patch
@@ -1,45 +0,0 @@
-From dc35250b8f316df340d56e45e14d05dc084f7289 Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Wed, 27 Nov 2019 19:37:17 -0800
-Subject: [PATCH] Remove trailing semicolon after RB_GENERATE_STATIC
-
-This expands to a series of function definitions, so the semicolon is
-not necessary (in fact, it is not allowed in ISO C).
----
- krl.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/krl.c b/krl.c
-index aa8318cf..01522b8f 100644
---- a/krl.c
-+++ b/krl.c
-@@ -60,7 +60,7 @@ struct revoked_serial {
- };
- static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
- RB_HEAD(revoked_serial_tree, revoked_serial);
--RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
-+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp)
-
- /* Tree of key IDs */
- struct revoked_key_id {
-@@ -69,7 +69,7 @@ struct revoked_key_id {
- };
- static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
- RB_HEAD(revoked_key_id_tree, revoked_key_id);
--RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
-+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp)
-
- /* Tree of blobs (used for keys and fingerprints) */
- struct revoked_blob {
-@@ -79,7 +79,7 @@ struct revoked_blob {
- };
- static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
- RB_HEAD(revoked_blob_tree, revoked_blob);
--RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
-+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp)
-
- /* Tracks revoked certs for a single CA */
- struct revoked_certs {
---
-2.25.0
-
diff --git a/pkg/openssh/patch/0004-Add-missing-include-for-NID_X9_62_prime256v1.patch b/pkg/openssh/patch/0004-Add-missing-include-for-NID_X9_62_prime256v1.patch
@@ -1,24 +0,0 @@
-From 0314faf20f9a19100250cbe7d40f6b34be42862b Mon Sep 17 00:00:00 2001
-From: Michael Forney <mforney@mforney.org>
-Date: Tue, 14 Apr 2020 22:54:17 -0700
-Subject: [PATCH] Add missing include for NID_X9_62_prime256v1
-
----
- sk-usbhid.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/sk-usbhid.c b/sk-usbhid.c
-index ad83054a..92483c3a 100644
---- a/sk-usbhid.c
-+++ b/sk-usbhid.c
-@@ -31,6 +31,7 @@
- #include <openssl/bn.h>
- #include <openssl/ec.h>
- #include <openssl/ecdsa.h>
-+#include <openssl/evp.h>
- #endif /* WITH_OPENSSL */
-
- #include <fido.h>
---
-2.26.1
-
diff --git a/pkg/openssh/ver b/pkg/openssh/ver
@@ -1 +1 @@
-8.2p1 r1
+8.2p1-110-gd6cc7617 r0
