? scp/obj
? sftp/obj
? sftp-server/obj
? ssh/obj
? ssh-add/obj
? ssh-agent/obj
? ssh-keygen/obj
? ssh-keyscan/obj
? ssh-keysign/obj
? ssh-pkcs11-helper/obj
? ssh-sk-helper/obj
? sshd/obj
Index: sk-usbhid.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sk-usbhid.c,v
retrieving revision 1.26
diff -u -p -r1.26 sk-usbhid.c
--- sk-usbhid.c	9 Sep 2020 03:08:01 -0000	1.26
+++ sk-usbhid.c	27 Sep 2020 07:50:08 -0000
@@ -36,6 +36,17 @@
 #include <fido.h>
 #include <fido/credman.h>
 
+/* backwards compat for libfido2 */
+#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
+#define fido_dev_supports_cred_prot(x) (0)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_BEGIN
+#define fido_dev_get_touch_begin(x) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+#define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+
 #ifndef SK_STANDALONE
 # include "log.h"
 # include "xmalloc.h"
@@ -392,6 +403,11 @@ sk_select_by_touch(const fido_dev_info_t
 		}
 		goto out;
 	}
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+	skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
+	goto out;
+#endif
+
 	if (sk_touch_begin(skv, skvcnt) == -1) {
 		skdebug(__func__, "sk_touch_begin failed");
 		goto out;
@@ -707,6 +723,13 @@ sk_enroll(uint32_t alg, const uint8_t *c
 		goto out;
 	}
 	if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
+#if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \
+    !defined(HAVE_FIDO_CRED_SET_PROT)
+		skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
+		ret = SSH_SK_ERR_UNSUPPORTED;
+		goto out;
+		credprot = 0; (void)credprot; /* avoid warning */
+#endif
 		if (!fido_dev_supports_cred_prot(sk->dev)) {
 			skdebug(__func__, "%s does not support credprot, "
 			    "refusing to create unprotected "