diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
index 62add3136b39c56fc54ba95ba42871568b3b1311..8c7d8702b3efc37acd24896f03cae6c85611f3ce 100644
--- a/main/openssh/APKBUILD
+++ b/main/openssh/APKBUILD
@@ -1,8 +1,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=openssh
-pkgver=6.1_p1
+pkgver=6.2_p1
_myver=${pkgver%_*}${pkgver#*_}
-pkgrel=2
+pkgrel=0
pkgdesc="Port of OpenBSD's free SSH release"
url="http://www.openssh.org/portable.html"
arch="all"
@@ -94,9 +94,21 @@ client() {
"$subpkgdir"/usr/bin/ssh-copy-id || return 1
}
-md5sums="3345cbf4efe90ffb06a78670ab2d05d5 openssh-6.1p1.tar.gz
-b6a71aab576d592b4645a5a4e21a9116 openssh-dynwindow_noneswitch.diff
+md5sums="7b2d9dd75b5cf267ea1737ec75500316 openssh-6.2p1.tar.gz
+f5f58aadd74752440e8560c398fcb3b6 openssh-dynwindow_noneswitch.diff
949ff348573438163240c60d6c3618eb openssh-peaktput.diff
c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff
cb0dd08c413fad346f0c594107b4a2e0 sshd.initd
b35e9f3829f4cfca07168fcba98749c7 sshd.confd"
+sha256sums="58690267d7455f444e87c2f8cd9be91fc686ffc0c02d1ebd0be2ab68149f7160 openssh-6.2p1.tar.gz
+73654338c592b8c9ad7435d1fb9908fa730076a8d3fd51c8ed5f5a6810b218b9 openssh-dynwindow_noneswitch.diff
+dab18c1fd1496c1ba4a4fe08c6c6b8cf3347fc82878d85498202f50168161f6b openssh-peaktput.diff
+902ea83a9ef726f32b096280da0f1b722f4372886c65c4e28985ee57e725d95c openssh-hmac-accel.diff
+3fa062fd4bfac64abf21f3c1d0548f1dfcf3c6e56e84ece14c848f53a293024e sshd.initd
+29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd"
+sha512sums="ffc866110f8e6c53581186f73593489fc54d75b5d193f9e9589ec484b541efa23d8ee48b28e3a0a3a0d7f8183d5de00c416c2217938a5e47211c49da7bc7a7e7 openssh-6.2p1.tar.gz
+c15e6c39e897adc9fe7975c417ee2357c4f07668096bd1538e0be9395d634d95c4bf10e9a18faae4247c3d89c7d9fb503c1a8cc56b66d40797c7bc774661ec66 openssh-dynwindow_noneswitch.diff
+64f2c94f41225c76428440d778b0bf5657408123d1cd7d6cb4bdf5000bfba8ad80ec5e57acd0880adc7a8ea7e2f1a64e329b83cf8be630b9aaebff6ab138d025 openssh-peaktput.diff
+aaa128126400171d0755038a846672aa7b1e87340edf73a672962d403abf404ef1821466b17da51dde25f04ec7533ae4a653399ccc912ea9c4a7b1a14032e76f openssh-hmac-accel.diff
+1483e2bcd700da9b02f04508d490b472c816344787bf1675fef2f7e27f72b91e4323e4e8c1db701e47d81d37d6d4b0623eaeac46b2cf589ae5ad69f363baa594 sshd.initd
+b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd"
diff --git a/main/openssh/openssh-dynwindow_noneswitch.diff b/main/openssh/openssh-dynwindow_noneswitch.diff
index f0c7f0da1bafb1048c36e0ecf731b4b7440455ad..f8cd5933861cfb6c77cb5b737867dc0b7468cd9d 100644
--- a/main/openssh/openssh-dynwindow_noneswitch.diff
+++ b/main/openssh/openssh-dynwindow_noneswitch.diff
@@ -133,7 +133,7 @@ index 0000000..72d822f
+ by Cisco System, Inc., the National Library of Medicine,
+ and the National Science Foundation.
diff --git a/auth2.c b/auth2.c
-index b66bef6..9e75803 100644
+index e367a10..da46852 100644
--- a/auth2.c
+++ b/auth2.c
@@ -49,6 +49,7 @@
@@ -154,7 +154,7 @@ index b66bef6..9e75803 100644
Authmethod *authmethods[] = {
&method_none,
&method_pubkey,
-@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
service = packet_get_cstring(NULL);
method = packet_get_cstring(NULL);
debug("userauth-request for user %s service %s method %s", user, service, method);
@@ -194,7 +194,7 @@ index e2a9dd1..2c0b65c 100644
u_char *buf; /* Buffer for data. */
u_int alloc; /* Number of bytes allocated for data. */
diff --git a/channels.c b/channels.c
-index 7791feb..7f66ca9 100644
+index 9cf85a3..862bfd3 100644
--- a/channels.c
+++ b/channels.c
@@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype);
@@ -359,7 +359,7 @@ index 7791feb..7f66ca9 100644
c->path = xstrdup(host);
c->host_port = port_to_connect;
c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-@@ -3505,10 +3560,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
+@@ -3503,10 +3558,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
for (n = 0; n < num_socks; n++) {
sock = socks[n];
@@ -424,10 +424,10 @@ index d75b800..0a95283 100644
+
#endif
diff --git a/cipher.c b/cipher.c
-index bb5c0ac..32ad40e 100644
+index 9ca1d00..ad57555 100644
--- a/cipher.c
+++ b/cipher.c
-@@ -163,7 +163,8 @@ ciphers_valid(const char *names)
+@@ -180,7 +180,8 @@ ciphers_valid(const char *names)
for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
(p = strsep(&cp, CIPHER_SEP))) {
c = cipher_by_name(p);
@@ -437,7 +437,7 @@ index bb5c0ac..32ad40e 100644
debug("bad cipher %s [%s]", p, names);
xfree(cipher_list);
return 0;
-@@ -337,6 +338,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
+@@ -406,6 +407,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
int evplen;
switch (c->number) {
@@ -445,7 +445,7 @@ index bb5c0ac..32ad40e 100644
case SSH_CIPHER_SSH2:
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
-@@ -371,6 +373,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
+@@ -442,6 +444,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
int evplen = 0;
switch (c->number) {
@@ -454,10 +454,10 @@ index bb5c0ac..32ad40e 100644
case SSH_CIPHER_DES:
case SSH_CIPHER_BLOWFISH:
diff --git a/clientloop.c b/clientloop.c
-index 1c1a770..b9910e4 100644
+index c1d1d44..15cb3a0 100644
--- a/clientloop.c
+++ b/clientloop.c
-@@ -1829,9 +1829,15 @@ client_request_x11(const char *request_type, int rchan)
+@@ -1884,9 +1884,15 @@ client_request_x11(const char *request_type, int rchan)
sock = x11_connect_display();
if (sock < 0)
return NULL;
@@ -473,7 +473,7 @@ index 1c1a770..b9910e4 100644
c->force_drain = 1;
return c;
}
-@@ -1851,9 +1857,15 @@ client_request_agent(const char *request_type, int rchan)
+@@ -1906,9 +1912,15 @@ client_request_agent(const char *request_type, int rchan)
sock = ssh_get_authentication_socket();
if (sock < 0)
return NULL;
@@ -490,7 +490,7 @@ index 1c1a770..b9910e4 100644
"authentication agent connection", 1);
c->force_drain = 1;
return c;
-@@ -1881,10 +1893,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
+@@ -1936,10 +1948,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
return -1;
}
@@ -511,10 +511,10 @@ index 1c1a770..b9910e4 100644
if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
channel_register_filter(c->self, sys_tun_infilter,
diff --git a/compat.c b/compat.c
-index 0dc089f..9ab3688 100644
+index f680f4f..e9a567c 100644
--- a/compat.c
+++ b/compat.c
-@@ -171,6 +171,15 @@ compat_datafellows(const char *version)
+@@ -173,6 +173,15 @@ compat_datafellows(const char *version)
strlen(check[i].pat), 0) == 1) {
debug("match: %s pat %s", version, check[i].pat);
datafellows = check[i].bugs;
@@ -543,7 +543,7 @@ index 3ae5d9c..6a7aeb2 100644
void enable_compat13(void);
void enable_compat20(void);
diff --git a/kex.c b/kex.c
-index c65e28f..e99b244 100644
+index 57a79dd..1edaecb 100644
--- a/kex.c
+++ b/kex.c
@@ -49,6 +49,7 @@
@@ -564,9 +564,9 @@ index c65e28f..e99b244 100644
kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
{
u_int i;
-@@ -407,6 +409,13 @@ kex_choose_conf(Kex *kex)
+@@ -418,6 +420,13 @@ kex_choose_conf(Kex *kex)
int nenc, nmac, ncomp;
- u_int mode, ctos, need;
+ u_int mode, ctos, need, authlen;
int first_kex_follows, type;
+ int log_flag = 0;
+
@@ -578,13 +578,13 @@ index c65e28f..e99b244 100644
my = kex_buf2prop(&kex->my, NULL);
peer = kex_buf2prop(&kex->peer, &first_kex_follows);
-@@ -441,11 +450,34 @@ kex_choose_conf(Kex *kex)
- choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]);
- choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]);
+@@ -455,11 +464,34 @@ kex_choose_conf(Kex *kex)
+ if (authlen == 0)
+ choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
+ debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
+ if (strcmp(newkeys->enc.name, "none") == 0) {
-+ debug("Requesting NONE. Authflag is %d", auth_flag);
++ debug("Requesting NONE. Authflag is %d", auth_flag);
+ if (auth_flag == 1) {
+ debug("None requested post authentication.");
+ } else {
@@ -594,7 +594,7 @@ index c65e28f..e99b244 100644
debug("kex: %s %s %s %s",
ctos ? "client->server" : "server->client",
newkeys->enc.name,
- newkeys->mac.name,
+ authlen == 0 ? newkeys->mac.name : "<implicit>",
newkeys->comp.name);
+ /* client starts withctos = 0 && log flag = 0 and no log*/
+ /* 2nd client pass ctos=1 and flag = 1 so no log*/
@@ -614,10 +614,10 @@ index c65e28f..e99b244 100644
choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
diff --git a/kex.h b/kex.h
-index 7373d3c..3b4d4b5 100644
+index 46731fa..fafe115 100644
--- a/kex.h
+++ b/kex.h
-@@ -140,6 +140,8 @@ struct Kex {
+@@ -142,6 +142,8 @@ struct Kex {
int kex_names_valid(const char *);
@@ -627,10 +627,10 @@ index 7373d3c..3b4d4b5 100644
void kex_finish(Kex *);
diff --git a/myproposal.h b/myproposal.h
-index b9b819c..429b5cb 100644
+index 99d0934..9358dc3 100644
--- a/myproposal.h
+++ b/myproposal.h
-@@ -95,6 +95,8 @@
+@@ -106,6 +106,8 @@
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
@@ -640,10 +640,10 @@ index b9b819c..429b5cb 100644
static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
diff --git a/packet.c b/packet.c
-index d0c66fe..9f6f530 100644
+index 9326dde..dc9dd8d 100644
--- a/packet.c
+++ b/packet.c
-@@ -838,7 +838,7 @@ packet_enable_delayed_compress(void)
+@@ -841,7 +841,7 @@ packet_enable_delayed_compress(void)
/*
* Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
*/
@@ -652,22 +652,22 @@ index d0c66fe..9f6f530 100644
packet_send2_wrapped(void)
{
u_char type, *cp, *macbuf = NULL;
-@@ -957,11 +957,13 @@ packet_send2_wrapped(void)
+@@ -972,11 +972,13 @@ packet_send2_wrapped(void)
set_newkeys(MODE_OUT);
else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
packet_enable_delayed_compress();
-+ return(packet_length);
++ return len - 4;
}
-static void
+static int
packet_send2(void)
{
-+ static int packet_length = 0;
++ int packet_length = 0;
struct packet *p;
u_char type, *cp;
-@@ -981,7 +983,7 @@ packet_send2(void)
+@@ -996,7 +998,7 @@ packet_send2(void)
sizeof(Buffer));
buffer_init(&active_state->outgoing_packet);
TAILQ_INSERT_TAIL(&active_state->outgoing, p, next);
@@ -676,7 +676,7 @@ index d0c66fe..9f6f530 100644
}
}
-@@ -989,7 +991,7 @@ packet_send2(void)
+@@ -1004,7 +1006,7 @@ packet_send2(void)
if (type == SSH2_MSG_KEXINIT)
active_state->rekeying = 1;
@@ -685,7 +685,7 @@ index d0c66fe..9f6f530 100644
/* after a NEWKEYS message we can send the complete queue */
if (type == SSH2_MSG_NEWKEYS) {
-@@ -1002,19 +1004,22 @@ packet_send2(void)
+@@ -1017,19 +1019,22 @@ packet_send2(void)
sizeof(Buffer));
TAILQ_REMOVE(&active_state->outgoing, p, next);
xfree(p);
@@ -700,7 +700,7 @@ index d0c66fe..9f6f530 100644
+int
packet_send(void)
{
-+ int packet_len = 0;
++ int packet_len = 0;
if (compat20)
- packet_send2();
+ packet_len = packet_send2();
@@ -711,7 +711,7 @@ index d0c66fe..9f6f530 100644
}
/*
-@@ -1647,7 +1652,7 @@ packet_disconnect(const char *fmt,...)
+@@ -1697,7 +1702,7 @@ packet_disconnect(const char *fmt,...)
/* Checks if there is any buffered output, and tries to write some of the output. */
@@ -720,7 +720,7 @@ index d0c66fe..9f6f530 100644
packet_write_poll(void)
{
int len = buffer_len(&active_state->output);
-@@ -1660,13 +1665,14 @@ packet_write_poll(void)
+@@ -1710,13 +1715,14 @@ packet_write_poll(void)
if (len == -1) {
if (errno == EINTR || errno == EAGAIN ||
errno == EWOULDBLOCK)
@@ -736,7 +736,7 @@ index d0c66fe..9f6f530 100644
}
/*
-@@ -1867,12 +1873,24 @@ packet_send_ignore(int nbytes)
+@@ -1917,12 +1923,24 @@ packet_send_ignore(int nbytes)
}
}
@@ -761,7 +761,7 @@ index d0c66fe..9f6f530 100644
return
(active_state->p_send.packets > MAX_PACKETS) ||
(active_state->p_read.packets > MAX_PACKETS) ||
-@@ -1964,3 +1982,9 @@ packet_restore_state(void)
+@@ -2014,3 +2032,9 @@ packet_restore_state(void)
add_recv_bytes(len);
}
}
@@ -955,7 +955,7 @@ index be30ee0..6480539 100644
int identities_only;
int server_alive_interval;
diff --git a/scp.c b/scp.c
-index 08587b5..c9c20f0 100644
+index 645d740..0cd0666 100644
--- a/scp.c
+++ b/scp.c
@@ -731,7 +731,7 @@ source(int argc, char **argv)
@@ -977,10 +977,10 @@ index 08587b5..c9c20f0 100644
#define atime tv[0]
diff --git a/servconf.c b/servconf.c
-index ee2e531..e4af66c 100644
+index b2a60fd..0f150c5 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -139,6 +139,10 @@ initialize_server_options(ServerOptions *options)
+@@ -143,6 +143,10 @@ initialize_server_options(ServerOptions *options)
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
options->authorized_principals_file = NULL;
@@ -991,7 +991,7 @@ index ee2e531..e4af66c 100644
options->ip_qos_interactive = -1;
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
-@@ -147,6 +151,11 @@ initialize_server_options(ServerOptions *options)
+@@ -151,6 +155,11 @@ initialize_server_options(ServerOptions *options)
void
fill_default_server_options(ServerOptions *options)
{
@@ -1003,7 +1003,7 @@ index ee2e531..e4af66c 100644
/* Portable-specific options */
if (options->use_pam == -1)
options->use_pam = 0;
-@@ -287,6 +296,40 @@ fill_default_server_options(ServerOptions *options)
+@@ -291,6 +300,40 @@ fill_default_server_options(ServerOptions *options)
if (use_privsep == -1)
use_privsep = PRIVSEP_NOSANDBOX;
@@ -1044,15 +1044,15 @@ index ee2e531..e4af66c 100644
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
-@@ -328,6 +371,7 @@ typedef enum {
+@@ -332,6 +375,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
sKexAlgorithms, sIPQoS, sVersionAddendum,
- sDeprecated, sUnsupported
- } ServerOpCodes;
-@@ -451,6 +495,10 @@ static struct {
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+ sAuthenticationMethods,
+@@ -457,6 +501,10 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -1062,8 +1062,8 @@ index ee2e531..e4af66c 100644
+ { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
{ "ipqos", sIPQoS, SSHCFG_ALL },
- { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
-@@ -480,6 +528,7 @@ parse_token(const char *cp, const char *filename,
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+@@ -489,6 +537,7 @@ parse_token(const char *cp, const char *filename,
for (i = 0; keywords[i].name; i++)
if (strcasecmp(cp, keywords[i].name) == 0) {
@@ -1071,7 +1071,7 @@ index ee2e531..e4af66c 100644
*flags = keywords[i].flags;
return keywords[i].opcode;
}
-@@ -987,6 +1036,22 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1005,6 +1054,22 @@ process_server_config_line(ServerOptions *options, char *line,
*intptr = value;
break;
@@ -1095,10 +1095,10 @@ index ee2e531..e4af66c 100644
intptr = &options->ignore_user_known_hosts;
goto parse_flag;
diff --git a/servconf.h b/servconf.h
-index 096d596..714473d 100644
+index 870c709..f042fe4 100644
--- a/servconf.h
+++ b/servconf.h
-@@ -157,6 +157,10 @@ typedef struct {
+@@ -164,6 +164,10 @@ typedef struct {
char *adm_forced_command;
int use_pam; /* Enable auth via PAM */
@@ -1110,7 +1110,7 @@ index 096d596..714473d 100644
int permit_tun;
diff --git a/serverloop.c b/serverloop.c
-index 741c5be..34b3771 100644
+index e224bd0..4d642d5 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdin (for writing) */
@@ -1197,7 +1197,7 @@ index 741c5be..34b3771 100644
}
static void
-@@ -1004,8 +1027,12 @@ server_request_tun(void)
+@@ -1011,8 +1034,12 @@ server_request_tun(void)
sock = tun_open(tun, mode);
if (sock < 0)
goto done;
@@ -1210,7 +1210,7 @@ index 741c5be..34b3771 100644
c->datagram = 1;
#if defined(SSH_TUN_FILTER)
if (mode == SSH_TUNMODE_POINTOPOINT)
-@@ -1041,6 +1068,8 @@ server_request_session(void)
+@@ -1048,6 +1075,8 @@ server_request_session(void)
c = channel_new("session", SSH_CHANNEL_LARVAL,
-1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
0, "server-session", 1);
@@ -1220,7 +1220,7 @@ index 741c5be..34b3771 100644
debug("session open failed, free channel %d", c->self);
channel_free(c);
diff --git a/session.c b/session.c
-index 65bf287..c74f655 100644
+index 19eaa20..57ebeca 100644
--- a/session.c
+++ b/session.c
@@ -236,6 +236,7 @@ auth_input_request_forwarding(struct passwd * pw)
@@ -1231,7 +1231,7 @@ index 65bf287..c74f655 100644
nc = channel_new("auth socket",
SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-@@ -2278,10 +2279,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
+@@ -2286,10 +2287,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
*/
if (s->chanid == -1)
fatal("no channel for session %d", s->self);
@@ -1263,10 +1263,10 @@ index bcb4721..284d618 100644
Recursively copy entire directories when uploading and downloading.
Note that
diff --git a/sftp.c b/sftp.c
-index 235c6ad..bae79f2 100644
+index 342ae7e..65dacd9 100644
--- a/sftp.c
+++ b/sftp.c
-@@ -69,7 +69,7 @@ typedef void EditLine;
+@@ -65,7 +65,7 @@ typedef void EditLine;
#include "sftp-client.h"
#define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
@@ -1388,7 +1388,7 @@ index 3f61eb0..62f56de 100644
channel_send_open(c->self);
diff --git a/sshconnect.c b/sshconnect.c
-index 0ee7266..f90cbe2 100644
+index 07800a6..6b2b3c0 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -182,6 +182,31 @@ ssh_kill_proxy_command(void)
@@ -1442,17 +1442,21 @@ index 0ee7266..f90cbe2 100644
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
return sock;
-@@ -556,7 +586,7 @@ ssh_exchange_identification(int timeout_ms)
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
- compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
- compat20 ? PROTOCOL_MINOR_2 : minor1,
-- SSH_VERSION, compat20 ? "\r\n" : "\n");
-+ SSH_RELEASE, compat20 ? "\r\n" : "\n");
- if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
- != strlen(buf))
- fatal("write: %.100s", strerror(errno));
+@@ -435,10 +465,10 @@ send_client_banner(int connection_out, int minor1)
+ /* Send our own protocol version identification. */
+ if (compat20) {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+ } else {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
++ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+ }
+ if (roaming_atomicio(vwrite, connection_out, client_version_string,
+ strlen(client_version_string)) != strlen(client_version_string))
diff --git a/sshconnect2.c b/sshconnect2.c
-index 7c369d7..0b02824 100644
+index d6af0b9..9b0aea2 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -81,6 +81,12 @@
@@ -1468,7 +1472,7 @@ index 7c369d7..0b02824 100644
/*
* SSH2 key exchange
-@@ -420,6 +426,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+@@ -421,6 +427,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
pubkey_cleanup(&authctxt);
dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
@@ -1498,7 +1502,7 @@ index 7c369d7..0b02824 100644
}
diff --git a/sshd.c b/sshd.c
-index 9aff5e8..a42dea8 100644
+index 3e9d176..b05b2df 100644
--- a/sshd.c
+++ b/sshd.c
@@ -138,6 +138,9 @@ int deny_severity;
@@ -1511,7 +1515,7 @@ index 9aff5e8..a42dea8 100644
extern char *__progname;
/* Server configuration options. */
-@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -430,7 +433,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -1520,7 +1524,7 @@ index 9aff5e8..a42dea8 100644
*options.version_addendum == '\0' ? "" : " ",
options.version_addendum, newline);
-@@ -473,6 +476,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -482,6 +485,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
}
debug("Client protocol version %d.%d; client software version %.100s",
remote_major, remote_minor, remote_version);
@@ -1530,7 +1534,7 @@ index 9aff5e8..a42dea8 100644
compat_datafellows(remote_version);
-@@ -1029,6 +1035,8 @@ server_listen(void)
+@@ -1038,6 +1044,8 @@ server_listen(void)
int ret, listen_sock, on = 1;
struct addrinfo *ai;
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1539,7 +1543,7 @@ index 9aff5e8..a42dea8 100644
for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1069,6 +1077,11 @@ server_listen(void)
+@@ -1078,6 +1086,11 @@ server_listen(void)
debug("Bind to port %s on %s.", strport, ntop);
@@ -1551,7 +1555,7 @@ index 9aff5e8..a42dea8 100644
/* Bind the socket to the desired port. */
if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
error("Bind to port %s on %s failed: %.200s.",
-@@ -1938,6 +1951,9 @@ main(int ac, char **av)
+@@ -1976,6 +1989,9 @@ main(int ac, char **av)
/* Log the connection. */
verbose("Connection from %.500s port %d", remote_ip, remote_port);
@@ -1561,7 +1565,7 @@ index 9aff5e8..a42dea8 100644
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2294,9 +2310,15 @@ do_ssh2_kex(void)
+@@ -2332,9 +2348,15 @@ do_ssh2_kex(void)
{
Kex *kex;
@@ -1578,10 +1582,10 @@ index 9aff5e8..a42dea8 100644
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
diff --git a/sshd_config b/sshd_config
-index 9424ee2..04f51d6 100644
+index 9cd2fdd..27f43eb 100644
--- a/sshd_config
+++ b/sshd_config
-@@ -117,6 +117,20 @@ UsePrivilegeSeparation sandbox # Default for new installations.
+@@ -120,6 +120,20 @@ UsePrivilegeSeparation sandbox # Default for new installations.
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
@@ -1603,11 +1607,11 @@ index 9424ee2..04f51d6 100644
#Match User anoncvs
# X11Forwarding no
diff --git a/version.h b/version.h
-index 76adaaf..44172ac 100644
+index 784f707..c8f04d5 100644
--- a/version.h
+++ b/version.h
@@ -3,4 +3,5 @@
- #define SSH_VERSION "OpenSSH_6.1"
+ #define SSH_VERSION "OpenSSH_6.2"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE