From cfcc719c2fc2e40fb2936269dc4bdbd28be5d71a Mon Sep 17 00:00:00 2001
From: Petr Hodina <phodina@protonmail.com>
Date: Fri, 10 Jun 2022 10:26:13 +0200
Subject: [PATCH] gnu: Add ncrack.
* gnu/packages/networking.scm (ncrack): New variable.
* gnu/local.mk: Add patches.
* gnu/packages/patches/ncrack-fix-autotools-compat.patch: New file.
* gnu/packages/patches/ncrack-fix-gcc-10-build.patch: New file.
* gnu/packages/patches/ncrack-fix-spelling-errors.patch: New file.
* gnu/packages/patches/ncrack-nullcheck.patch: New file.
* gnu/packages/patches/ncrack-unbundle-opensshlib.patch: New file.
@@ -786,6 +786,35 @@ (define-public knockd
at the link-layer level.")
(license license:gpl2+)))
+(define-public ncrack
+ (package
+ (name "ncrack")
+ (version "0.7")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/nmap/ncrack/archive/refs/tags/"
+ version ".tar.gz"))
+ (patches (search-patches "ncrack-nullcheck.patch"
+ "ncrack-fix-gcc-10-build.patch"
+ "ncrack-fix-autotools-compat.patch"
+ "ncrack-fix-spelling-errors.patch"))
+ (sha256
+ (base32
+ "0jnif319rjykiphi211v1c2hblw1ql190dnbd030qjkwcz6p3ygk"))))
+ (build-system gnu-build-system)
+ (arguments
+ (list #:tests? #f)) ;no test suite
+ (native-inputs (list pkg-config))
+ (inputs (list openssl zlib))
+ (home-page "https://nmap.org/ncrack/man.html")
+ (synopsis "Network authentication cracking tool")
+ (description
+ "@code{Ncrack} is a tool for network authentication cracking. It was
+designed for high-speed parallel cracking using a dynamic engine that can
+adapt to different network situations.")
+ (license license:gpl2+)))
+
(define-public nng
(package
(name "nng")
new file mode 100644
@@ -0,0 +1,122 @@
+From: =?utf-8?q?Rapha=C3=ABl_Hertzog?= <hertzog@debian.org>
+Date: Wed, 28 Aug 2019 11:47:34 +0200
+Subject: Use stricter autoconf syntax imposed by newer versions
+
+Bug: https://github.com/nmap/ncrack/pull/28
+
+This allows the Debian packaging to use "autoreconf" with a recent
+version of autoconf.
+---
+ nbase/acinclude.m4 | 24 ++++++++++++------------
+ nbase/configure.ac | 2 +-
+ 2 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/nbase/acinclude.m4 b/nbase/acinclude.m4
+index 8bc7f68..d962d6a 100644
+--- a/nbase/acinclude.m4
++++ b/nbase/acinclude.m4
+@@ -11,7 +11,7 @@ dnl Note that if the system doesn't have gai_strerror(), we
+ dnl can't use getaddrinfo() because we can't get strings
+ dnl describing the error codes.
+ dnl
+-AC_DEFUN(APR_CHECK_WORKING_GETADDRINFO,[
++AC_DEFUN([APR_CHECK_WORKING_GETADDRINFO],[
+ AC_CACHE_CHECK(for working getaddrinfo, ac_cv_working_getaddrinfo,[
+ AC_TRY_RUN( [
+ #ifdef HAVE_NETDB_H
+@@ -54,7 +54,7 @@ if test "$ac_cv_working_getaddrinfo" = "yes"; then
+ if test "$ac_cv_func_gai_strerror" != "yes"; then
+ ac_cv_working_getaddrinfo="no"
+ else
+- AC_DEFINE(HAVE_GETADDRINFO, 1, [Define if getaddrinfo exists and works well enough for APR])
++ AC_DEFINE([HAVE_GETADDRINFO], [1], [Define if getaddrinfo exists and works well enough for APR])
+ fi
+ fi
+ ])
+@@ -62,7 +62,7 @@ fi
+ dnl
+ dnl check for working getnameinfo() -- from Apache 2.0.40
+ dnl
+-AC_DEFUN(APR_CHECK_WORKING_GETNAMEINFO,[
++AC_DEFUN([APR_CHECK_WORKING_GETNAMEINFO],[
+ AC_CACHE_CHECK(for working getnameinfo, ac_cv_working_getnameinfo,[
+ AC_TRY_RUN( [
+ #ifdef HAVE_NETDB_H
+@@ -113,11 +113,11 @@ int main(void) {
+ ac_cv_working_getnameinfo="yes"
+ ])])
+ if test "$ac_cv_working_getnameinfo" = "yes"; then
+- AC_DEFINE(HAVE_GETNAMEINFO, 1, [Define if getnameinfo exists])
++ AC_DEFINE([HAVE_GETNAMEINFO], [1], [Define if getnameinfo exists])
+ fi
+ ])
+
+-AC_DEFUN(APR_CHECK_SOCKADDR_IN6,[
++AC_DEFUN([APR_CHECK_SOCKADDR_IN6],[
+ AC_CACHE_CHECK(for sockaddr_in6, ac_cv_define_sockaddr_in6,[
+ AC_TRY_COMPILE([
+ #ifdef HAVE_SYS_TYPES_H
+@@ -143,7 +143,7 @@ else
+ fi
+ ])
+
+-AC_DEFUN(CHECK_AF_INET6_DEFINE,[
++AC_DEFUN([CHECK_AF_INET6_DEFINE],[
+ AC_CACHE_CHECK(for AF_INET6 definition, ac_cv_define_af_inet6,[
+ AC_TRY_COMPILE([
+ #ifdef HAVE_SYS_TYPES_H
+@@ -166,13 +166,13 @@ int af = AF_INET6;
+
+ if test "$ac_cv_define_af_inet6" = "yes"; then
+ have_af_inet6=1
+- AC_DEFINE(HAVE_AF_INET6, 1, [Define if AF_INET6 is defined])
++ AC_DEFINE([HAVE_AF_INET6], [1], [AF_INET6 macro is defined])
+ else
+ have_af_inet6=0
+ fi
+ ])
+
+-AC_DEFUN(APR_CHECK_SOCKADDR_STORAGE,[
++AC_DEFUN([APR_CHECK_SOCKADDR_STORAGE],[
+ AC_CACHE_CHECK(for sockaddr_storage, ac_cv_define_sockaddr_storage,[
+ AC_TRY_COMPILE([
+ #ifdef HAVE_SYS_TYPES_H
+@@ -195,21 +195,21 @@ struct sockaddr_storage sa;
+
+ if test "$ac_cv_define_sockaddr_storage" = "yes"; then
+ have_sockaddr_storage=1
+- AC_DEFINE(HAVE_SOCKADDR_STORAGE, 1, [Define if struct sockaddr_storage exists])
++ AC_DEFINE([HAVE_SOCKADDR_STORAGE], [1], [struct sockaddr_storage is available])
+ else
+ have_sockaddr_storage=0
+ fi
+ ])
+
+ dnl This test taken from GCC libjava.
+-AC_DEFUN(CHECK_PROC_SELF_EXE,[
++AC_DEFUN([CHECK_PROC_SELF_EXE],[
+ if test x"$cross_compiling" = x"no"; then
+ AC_CHECK_FILES(/proc/self/exe, [
+- AC_DEFINE(HAVE_PROC_SELF_EXE, 1, [Define if you have /proc/self/exe])])
++ AC_DEFINE([HAVE_PROC_SELF_EXE], [1], [Define if you have /proc/self/exe])])
+ else
+ case $host in
+ *-linux*)
+- AC_DEFINE(HAVE_PROC_SELF_EXE, 1, [Define if you have /proc/self/exe])
++ AC_DEFINE([HAVE_PROC_SELF_EXE], [1], [Define if you have /proc/self/exe])
+ ;;
+ esac
+ fi
+diff --git a/nbase/configure.ac b/nbase/configure.ac
+index eb28fa4..375d0f9 100644
+--- a/nbase/configure.ac
++++ b/nbase/configure.ac
+@@ -60,7 +60,7 @@ AC_C_INLINE
+ case "$host" in
+ *-sgi-irix5* | *-sgi-irix6*)
+ if test -z "$GCC"; then
+- AC_DEFINE(inline, )
++ AC_DEFINE([inline], [], [Disable inline keyword])
+ fi
+ ;;
+ esac
new file mode 100644
@@ -0,0 +1,15 @@
+Description: Fix build with gcc-10.
+Author: Jürgen Hötzel <juergen@hoetzel.info>
+Origin: https://github.com/nmap/ncrack/pull/83/
+
+--- a/opensshlib/umac.c
++++ b/opensshlib/umac.c
+@@ -1181,7 +1181,7 @@
+ uhash_ctx hash; /* Hash function for message compression */
+ pdf_ctx pdf; /* PDF for hashed output */
+ void *free_ptr; /* Address to free this struct via */
+-} umac_ctx;
++};
+
+ /* ---------------------------------------------------------------------- */
+
new file mode 100644
@@ -0,0 +1,138 @@
+From: Sophie Brun <sophie@freexian.com>
+Date: Wed, 28 Aug 2019 11:47:34 +0200
+Subject: Fix spelling error
+
+Last-Update: 2019-08-28
+
+Last-Update: 2019-08-28
+---
+ docs/ncrack.1 | 16 ++++++++--------
+ docs/ncrack.usage.txt | 2 +-
+ ncrack.cc | 4 ++--
+ ncrack_input.cc | 2 +-
+ 4 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/docs/ncrack.1 b/docs/ncrack.1
+index 2f12990..a8907b8 100644
+--- a/docs/ncrack.1
++++ b/docs/ncrack.1
+@@ -116,7 +116,7 @@ SERVICE SPECIFICATION:
+ domain <name>: used in modules like WinRM to specify the domain
+ TIMING AND PERFORMANCE:
+ Options which take <time> are in seconds, unless you append \'ms\'
+- (miliseconds), \'m\' (minutes), or \'h\' (hours) to the value (e\&.g\&. 30m)\&.
++ (milliseconds), \'m\' (minutes), or \'h\' (hours) to the value (e\&.g\&. 30m)\&.
+ Service\-specific options:
+ cl (min connection limit): minimum number of concurrent parallel connections
+ CL (max connection limit): maximum number of concurrent parallel connections
+@@ -237,7 +237,7 @@ rather than on the command line\&.
+ .SH "SERVICE SPECIFICATION"
+ .\" service specification
+ .PP
+-No cracking session can be carried out without targetting a certain service to attack\&. Service specification is one of the most flexible subsystems of Ncrack and collaborates with target\-specification in a way that allows different option combinations to be applied\&. For Ncrack to start running, you will have to specify at least one target host and one associated service to attack\&. Ncrack provides ways to specify a service by its default port number, by its name (as extracted from the
++No cracking session can be carried out without targeting a certain service to attack\&. Service specification is one of the most flexible subsystems of Ncrack and collaborates with target\-specification in a way that allows different option combinations to be applied\&. For Ncrack to start running, you will have to specify at least one target host and one associated service to attack\&. Ncrack provides ways to specify a service by its default port number, by its name (as extracted from the
+ ncrack\-services
+ file) or both\&. Normally, you need to define both name and port number only in the special case where you know that a particular service is listening on a non\-default port\&.
+ .PP
+@@ -317,7 +317,7 @@ option (see below for explanation)\&.
+ .SH "SERVICE OPTIONS"
+ .\" service options
+ .PP
+-Apart from general service specification, Ncrack allows you to provide a multitude of options that apply to each or a subset of your targets\&. Options include timing and performance optimizations (which are thoroughly analyzed in a seperate section), SSL enabling/disabling and other module\-specific parameters like the relative URL path for the HTTP module\&. Options can be defined in a variety of ways which include: per\-host options, per\-module options and global options\&. Since a combination of these options may be used, there is a strict hierarchy of precedence which will be discussed later\&.
++Apart from general service specification, Ncrack allows you to provide a multitude of options that apply to each or a subset of your targets\&. Options include timing and performance optimizations (which are thoroughly analyzed in a separate section), SSL enabling/disabling and other module\-specific parameters like the relative URL path for the HTTP module\&. Options can be defined in a variety of ways which include: per\-host options, per\-module options and global options\&. Since a combination of these options may be used, there is a strict hierarchy of precedence which will be discussed later\&.
+ .PP
+ \fBPer\-host Options\fR
+ .PP
+@@ -555,7 +555,7 @@ all do the same thing\&.
+
+ \fBConnection Limit\fR
+ .sp
+-These options control the total number of connections that may be outstanding for any service at the same time\&. Normally, Ncrack tries to dynamically adjust the number of connections for each individual target by counting how many drops or connection failures happen\&. If a strange network condition occurs, that signifies that something may be going wrong, like the host dropping any new connection attempts, then Ncrack will immediately lower the total number of connections hitting the service\&. However, the caps number of the minimum or maximum connections that will take place can be overriden using these two options\&. By properly adjusting them, you can essentially optimize performance, if you can handle the tricky part of knowing or discovering your target\'s own limits\&. The convention here is that
++These options control the total number of connections that may be outstanding for any service at the same time\&. Normally, Ncrack tries to dynamically adjust the number of connections for each individual target by counting how many drops or connection failures happen\&. If a strange network condition occurs, that signifies that something may be going wrong, like the host dropping any new connection attempts, then Ncrack will immediately lower the total number of connections hitting the service\&. However, the caps number of the minimum or maximum connections that will take place can be overridden using these two options\&. By properly adjusting them, you can essentially optimize performance, if you can handle the tricky part of knowing or discovering your target\'s own limits\&. The convention here is that
+ \fBcl\fR
+ with lowercase letters is referring to the minimum connection limit, while
+ \fBCL \fR
+@@ -699,7 +699,7 @@ iteration, very common passwords might not even be tried out for certain usernam
+ .PP
+ \fB\-\-pairwise\fR (Choose usernames and passwords in pairs)
+ .RS 4
+-Enabling this option will make Ncrack iterate the username and password list by choosing them in pairs\&. For example, given the username list of "root, guest, admin" and the password list of "test, 12345, q1w2e3r4" Ncrack will go over them like this: "root:test", "guest:12345", "admin:q1w2e3r4"\&. This is particulary useful when inside knowledge of the infrastructure tested is available and special username and password lists have been made\&.
++Enabling this option will make Ncrack iterate the username and password list by choosing them in pairs\&. For example, given the username list of "root, guest, admin" and the password list of "test, 12345, q1w2e3r4" Ncrack will go over them like this: "root:test", "guest:12345", "admin:q1w2e3r4"\&. This is particularly useful when inside knowledge of the infrastructure tested is available and special username and password lists have been made\&.
+ .RE
+ .SH "OUTPUT"
+ .\" output formats
+@@ -969,7 +969,7 @@ FTP authentication is quite fast, since there is very little protocol negotiatio
+ \fBTelnet Module\fR
+ .PP
+ .RS 4
+-Telnet daemons have been largely substituded by their safer \'counterpart\' of SSH\&. However, there are many boxes, mainly routers or printers, that still rely on Telnet for remote access\&. Usually these are also easier to crack, since default passwords for them are publicly known\&. The drawback is that telnet is a rather slow protocol, so you shouldn\'t be expecting really high rates against it\&.
++Telnet daemons have been largely substituted by their safer \'counterpart\' of SSH\&. However, there are many boxes, mainly routers or printers, that still rely on Telnet for remote access\&. Usually these are also easier to crack, since default passwords for them are publicly known\&. The drawback is that telnet is a rather slow protocol, so you shouldn\'t be expecting really high rates against it\&.
+ .RE
+ .PP
+ \fBSSH Module\fR
+@@ -998,7 +998,7 @@ The SMB module currently works over raw TCP\&. NetBIOS isn\'t supported yet\&. T
+ \fBRDP Module \fR
+ .PP
+ .RS 4
+-RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft for the purpose of providing remote terminal services by transfering graphics display information from the remote computer to the user and transporting input commands from the user to the remote computer\&. Fortunately, Microsoft recently decided to open the protocol\'s internal workings to the public and has provided official documentation, which can be found at
++RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft for the purpose of providing remote terminal services by transferring graphics display information from the remote computer to the user and transporting input commands from the user to the remote computer\&. Fortunately, Microsoft recently decided to open the protocol\'s internal workings to the public and has provided official documentation, which can be found at
+ \m[blue]\fB\%http://msdn.microsoft.com/en-us/library/cc240445%28v=PROT.10%29.aspx\fR\m[]
+ .sp
+ RDP is one of the most complex protocols, requiring the exchange of many packets, even for just the authentication phase\&. For this reason, cracking it takes a lot of time and this is probably the slowest module\&. The connection phase is briefly described at
+@@ -1103,7 +1103,7 @@ Retrieve Images: This step allows a client to retrieve DICOM images\&. The most
+ \fBMQTT Module\fR
+ .PP
+ .RS 4
+-The Message Queueing Telemetry Transport (MQTT) protocol is a publish / subscribe machine to machine protocol that allows IoT clients to publish to a broker\&. Each client device subscribes to a particular topic of interest and receives messages from publishers\&. Usually MQTT authentication is optional and when enabled can be brute\-forced very easily as it only requires a single MQTT CONNECT packet to be sent for each attemped credential pair\&.
++The Message Queueing Telemetry Transport (MQTT) protocol is a publish / subscribe machine to machine protocol that allows IoT clients to publish to a broker\&. Each client device subscribes to a particular topic of interest and receives messages from publishers\&. Usually MQTT authentication is optional and when enabled can be brute\-forced very easily as it only requires a single MQTT CONNECT packet to be sent for each attempted credential pair\&.
+ .RE
+ .PP
+ \fBWordpress Module\fR
+diff --git a/docs/ncrack.usage.txt b/docs/ncrack.usage.txt
+index 9cfe591..7c12e6a 100644
+--- a/docs/ncrack.usage.txt
++++ b/docs/ncrack.usage.txt
+@@ -24,7 +24,7 @@ SERVICE SPECIFICATION:
+ domain <name>: used in modules like WinRM to specify the domain
+ TIMING AND PERFORMANCE:
+ Options which take <time> are in seconds, unless you append 'ms'
+- (miliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
++ (milliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
+ Service-specific options:
+ cl (min connection limit): minimum number of concurrent parallel connections
+ CL (max connection limit): maximum number of concurrent parallel connections
+diff --git a/ncrack.cc b/ncrack.cc
+index e8a4c19..ffc9702 100644
+--- a/ncrack.cc
++++ b/ncrack.cc
+@@ -254,7 +254,7 @@ print_usage(void)
+ " domain <name>: used in modules like WinRM to specify the domain\n"
+ "TIMING AND PERFORMANCE:\n"
+ " Options which take <time> are in seconds, unless you append 'ms'\n"
+- " (miliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m)."
++ " (milliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m)."
+ "\n"
+ " Service-specific options:\n"
+ " cl (min connection limit): minimum number of concurrent parallel "
+@@ -2298,7 +2298,7 @@ ncrack_connect_handler(nsock_pool nsp, nsock_event nse, void *mydata)
+ if (serv->failed_connections > serv->connection_retries) {
+ SG->pushServiceToList(serv, &SG->services_finished);
+ if (o.verbose)
+- log_write(LOG_STDOUT, "%s finished. Too many failed attemps. \n", hostinfo);
++ log_write(LOG_STDOUT, "%s finished. Too many failed attempts. \n", hostinfo);
+ }
+ /* Failure of connecting on first attempt means we should probably drop
+ * the service for good. */
+diff --git a/ncrack_input.cc b/ncrack_input.cc
+index 5de1838..9d3f324 100644
+--- a/ncrack_input.cc
++++ b/ncrack_input.cc
+@@ -204,7 +204,7 @@ xml_input(FILE *inputfd, char *host_spec)
+ if (!fgets(buf, 7, inputfd))
+ fatal("-iX <address> section searching fgets failure!\n");
+
+- if (!strncmp(buf, "addres", 6)) {
++ if (!strncmp(buf, "address", 6)) {
+ /* Now get the rest of the line which is in the following format:
+ * <address addr="10.0.0.100" addrtype="ipv4" /> */
+ unsigned int i = 0;
new file mode 100644
@@ -0,0 +1,13 @@
+diff -ru ncrack-0.5/ncrack_resume.cc ncrack-0.5.new/ncrack_resume.cc
+--- ncrack-0.5/ncrack_resume.cc 2016-04-10 18:56:02.000000000 +0200
++++ ncrack-0.5.new/ncrack_resume.cc 2017-04-13 17:53:09.369522756 +0200
+@@ -527,7 +527,7 @@
+
+ j = 0;
+ buf[j++] = *q;
+- while (*q != '\0' && j < sizeof(buf)) {
++ while ((q != NULL) && (j < sizeof(buf))) {
+ q++;
+ if (q - filestr >= filelen)
+ fatal("Corrupted file! Error 5\n");
+
new file mode 100644
@@ -0,0 +1,78 @@
+From 04cfc2f21c280d02b701148d93c5632c2ea80ed8 Mon Sep 17 00:00:00 2001
+From: Petr Hodina <phodina@protonmail.com>
+Date: Tue, 7 Jun 2022 12:33:01 +0200
+Subject: [PATCH] Unbundle opensshlib.
+
+
+diff --git a/Makefile.in b/Makefile.in
+index 876159c..2098298 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -14,7 +14,6 @@ ncrackdatadir = @datadir@/ncrack
+
+ export NBASEDIR = @NBASEDIR@
+ export NSOCKDIR = @NSOCKDIR@
+-export OPENSSHLIB_DIR = @OPENSSHLIB_DIR@
+
+ DEFS = @DEFS@ -DNCRACK_NAME=\"$(NCRACK_NAME)\" -DNCRACK_URL=\"$(NCRACK_URL)\" \
+ -DNCRACK_PLATFORM=\"$(NCRACK_PLATFORM)\" -DNCRACKDATADIR=\"$(ncrackdatadir)\"
+@@ -60,7 +59,7 @@ ncrack_input.o ncrack_resume.o crypto.o http.o http_digest.o xml.o ntlmssp.o
+ .cc.o :
+ $(CXX) -c $(CPPFLAGS) $(CXXFLAGS) $< -o $@
+
+-all: @NBASE_BUILD@ @NSOCK_BUILD@ @OPENSSHLIB_BUILD@ @MODULES_BUILD@
++all: @NBASE_BUILD@ @NSOCK_BUILD@ @MODULES_BUILD@
+ $(MAKE) $(TARGET)
+
+ $(TARGET): $(NSOCKDIR)/src/libnsock.a $(NBASEDIR)/libnbase.a $(OBJS) $(MOD_OBJS)
+@@ -82,12 +81,6 @@ nsock_build: $(NSOCKDIR)/src/Makefile nbase_build
+ @echo Compiling libnsock;
+ cd $(NSOCKDIR)/src && $(MAKE)
+
+-opensshlib_build: $(OPENSSHLIB_DIR)/Makefile
+- @echo Compiling openssh lib;
+- cd $(OPENSSHLIB_DIR) && $(MAKE)
+-
+-
+-
+ install: install-ncrack
+ @echo "NCRACK SUCCESSFULLY INSTALLED"
+
+@@ -112,7 +105,7 @@ uninstall-ncrack:
+
+ # cleaning stuff
+
+-clean: nsock_clean nbase_clean opensshlib_clean modules_clean my_clean
++clean: nsock_clean nbase_clean clean modules_clean my_clean
+
+ my_clean:
+ rm -f dependencies.mk makefile.dep
+@@ -121,8 +114,6 @@ nbase_clean:
+ -cd $(NBASEDIR) && $(MAKE) clean
+ nsock_clean:
+ -cd $(NSOCKDIR)/src && $(MAKE) clean
+-opensshlib_clean:
+- -cd $(OPENSSHLIB_DIR) && $(MAKE) clean
+ modules_clean:
+ -cd modules && $(MAKE) clean
+
+diff --git a/modules/ncrack_ssh.cc b/modules/ncrack_ssh.cc
+index 88f02f5..7c08462 100644
+--- a/modules/ncrack_ssh.cc
++++ b/modules/ncrack_ssh.cc
+@@ -136,9 +136,8 @@
+ #include <list>
+
+ /* OpenSSH include-files */
+-#include "opensshlib.h"
++#include <libssh2.h>
+
+-#include "ssh2.h"
+ #include "openssl/dh.h"
+ #include "buffer.h"
+ #include "sshbuf.h"
+
+base-commit: 7fab46addcb99326cbf60f41dbde22a1e87aebad
+--
+2.35.1
+
--
2.38.1