diff options
Diffstat (limited to 'main/openssh')
-rw-r--r-- | main/openssh/APKBUILD | 20 | ||||
-rw-r--r-- | main/openssh/openssh-dynwindow_noneswitch.diff | 170 |
2 files changed, 103 insertions, 87 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index 62add3136b..8c7d8702b3 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openssh -pkgver=6.1_p1 +pkgver=6.2_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=2 +pkgrel=0 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -94,9 +94,21 @@ client() { "$subpkgdir"/usr/bin/ssh-copy-id || return 1 } -md5sums="3345cbf4efe90ffb06a78670ab2d05d5 openssh-6.1p1.tar.gz -b6a71aab576d592b4645a5a4e21a9116 openssh-dynwindow_noneswitch.diff +md5sums="7b2d9dd75b5cf267ea1737ec75500316 openssh-6.2p1.tar.gz +f5f58aadd74752440e8560c398fcb3b6 openssh-dynwindow_noneswitch.diff 949ff348573438163240c60d6c3618eb openssh-peaktput.diff c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff cb0dd08c413fad346f0c594107b4a2e0 sshd.initd b35e9f3829f4cfca07168fcba98749c7 sshd.confd" +sha256sums="58690267d7455f444e87c2f8cd9be91fc686ffc0c02d1ebd0be2ab68149f7160 openssh-6.2p1.tar.gz +73654338c592b8c9ad7435d1fb9908fa730076a8d3fd51c8ed5f5a6810b218b9 openssh-dynwindow_noneswitch.diff +dab18c1fd1496c1ba4a4fe08c6c6b8cf3347fc82878d85498202f50168161f6b openssh-peaktput.diff +902ea83a9ef726f32b096280da0f1b722f4372886c65c4e28985ee57e725d95c openssh-hmac-accel.diff +3fa062fd4bfac64abf21f3c1d0548f1dfcf3c6e56e84ece14c848f53a293024e sshd.initd +29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd" +sha512sums="ffc866110f8e6c53581186f73593489fc54d75b5d193f9e9589ec484b541efa23d8ee48b28e3a0a3a0d7f8183d5de00c416c2217938a5e47211c49da7bc7a7e7 openssh-6.2p1.tar.gz +c15e6c39e897adc9fe7975c417ee2357c4f07668096bd1538e0be9395d634d95c4bf10e9a18faae4247c3d89c7d9fb503c1a8cc56b66d40797c7bc774661ec66 openssh-dynwindow_noneswitch.diff +64f2c94f41225c76428440d778b0bf5657408123d1cd7d6cb4bdf5000bfba8ad80ec5e57acd0880adc7a8ea7e2f1a64e329b83cf8be630b9aaebff6ab138d025 openssh-peaktput.diff +aaa128126400171d0755038a846672aa7b1e87340edf73a672962d403abf404ef1821466b17da51dde25f04ec7533ae4a653399ccc912ea9c4a7b1a14032e76f openssh-hmac-accel.diff +1483e2bcd700da9b02f04508d490b472c816344787bf1675fef2f7e27f72b91e4323e4e8c1db701e47d81d37d6d4b0623eaeac46b2cf589ae5ad69f363baa594 sshd.initd +b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd" diff --git a/main/openssh/openssh-dynwindow_noneswitch.diff b/main/openssh/openssh-dynwindow_noneswitch.diff index f0c7f0da1b..f8cd593386 100644 --- a/main/openssh/openssh-dynwindow_noneswitch.diff +++ b/main/openssh/openssh-dynwindow_noneswitch.diff @@ -133,7 +133,7 @@ index 0000000..72d822f + by Cisco System, Inc., the National Library of Medicine, + and the National Science Foundation. diff --git a/auth2.c b/auth2.c -index b66bef6..9e75803 100644 +index e367a10..da46852 100644 --- a/auth2.c +++ b/auth2.c @@ -49,6 +49,7 @@ @@ -154,7 +154,7 @@ index b66bef6..9e75803 100644 Authmethod *authmethods[] = { &method_none, &method_pubkey, -@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) +@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) service = packet_get_cstring(NULL); method = packet_get_cstring(NULL); debug("userauth-request for user %s service %s method %s", user, service, method); @@ -194,7 +194,7 @@ index e2a9dd1..2c0b65c 100644 u_char *buf; /* Buffer for data. */ u_int alloc; /* Number of bytes allocated for data. */ diff --git a/channels.c b/channels.c -index 7791feb..7f66ca9 100644 +index 9cf85a3..862bfd3 100644 --- a/channels.c +++ b/channels.c @@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype); @@ -359,7 +359,7 @@ index 7791feb..7f66ca9 100644 c->path = xstrdup(host); c->host_port = port_to_connect; c->listening_addr = addr == NULL ? NULL : xstrdup(addr); -@@ -3505,10 +3560,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, +@@ -3503,10 +3558,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost, *chanids = xcalloc(num_socks + 1, sizeof(**chanids)); for (n = 0; n < num_socks; n++) { sock = socks[n]; @@ -424,10 +424,10 @@ index d75b800..0a95283 100644 + #endif diff --git a/cipher.c b/cipher.c -index bb5c0ac..32ad40e 100644 +index 9ca1d00..ad57555 100644 --- a/cipher.c +++ b/cipher.c -@@ -163,7 +163,8 @@ ciphers_valid(const char *names) +@@ -180,7 +180,8 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); @@ -437,7 +437,7 @@ index bb5c0ac..32ad40e 100644 debug("bad cipher %s [%s]", p, names); xfree(cipher_list); return 0; -@@ -337,6 +338,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) +@@ -406,6 +407,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len) int evplen; switch (c->number) { @@ -445,7 +445,7 @@ index bb5c0ac..32ad40e 100644 case SSH_CIPHER_SSH2: case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: -@@ -371,6 +373,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) +@@ -442,6 +444,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv) int evplen = 0; switch (c->number) { @@ -454,10 +454,10 @@ index bb5c0ac..32ad40e 100644 case SSH_CIPHER_DES: case SSH_CIPHER_BLOWFISH: diff --git a/clientloop.c b/clientloop.c -index 1c1a770..b9910e4 100644 +index c1d1d44..15cb3a0 100644 --- a/clientloop.c +++ b/clientloop.c -@@ -1829,9 +1829,15 @@ client_request_x11(const char *request_type, int rchan) +@@ -1884,9 +1884,15 @@ client_request_x11(const char *request_type, int rchan) sock = x11_connect_display(); if (sock < 0) return NULL; @@ -473,7 +473,7 @@ index 1c1a770..b9910e4 100644 c->force_drain = 1; return c; } -@@ -1851,9 +1857,15 @@ client_request_agent(const char *request_type, int rchan) +@@ -1906,9 +1912,15 @@ client_request_agent(const char *request_type, int rchan) sock = ssh_get_authentication_socket(); if (sock < 0) return NULL; @@ -490,7 +490,7 @@ index 1c1a770..b9910e4 100644 "authentication agent connection", 1); c->force_drain = 1; return c; -@@ -1881,10 +1893,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) +@@ -1936,10 +1948,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun) return -1; } @@ -511,10 +511,10 @@ index 1c1a770..b9910e4 100644 if (options.tun_open == SSH_TUNMODE_POINTOPOINT) channel_register_filter(c->self, sys_tun_infilter, diff --git a/compat.c b/compat.c -index 0dc089f..9ab3688 100644 +index f680f4f..e9a567c 100644 --- a/compat.c +++ b/compat.c -@@ -171,6 +171,15 @@ compat_datafellows(const char *version) +@@ -173,6 +173,15 @@ compat_datafellows(const char *version) strlen(check[i].pat), 0) == 1) { debug("match: %s pat %s", version, check[i].pat); datafellows = check[i].bugs; @@ -543,7 +543,7 @@ index 3ae5d9c..6a7aeb2 100644 void enable_compat13(void); void enable_compat20(void); diff --git a/kex.c b/kex.c -index c65e28f..e99b244 100644 +index 57a79dd..1edaecb 100644 --- a/kex.c +++ b/kex.c @@ -49,6 +49,7 @@ @@ -564,9 +564,9 @@ index c65e28f..e99b244 100644 kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) { u_int i; -@@ -407,6 +409,13 @@ kex_choose_conf(Kex *kex) +@@ -418,6 +420,13 @@ kex_choose_conf(Kex *kex) int nenc, nmac, ncomp; - u_int mode, ctos, need; + u_int mode, ctos, need, authlen; int first_kex_follows, type; + int log_flag = 0; + @@ -578,13 +578,13 @@ index c65e28f..e99b244 100644 my = kex_buf2prop(&kex->my, NULL); peer = kex_buf2prop(&kex->peer, &first_kex_follows); -@@ -441,11 +450,34 @@ kex_choose_conf(Kex *kex) - choose_enc (&newkeys->enc, cprop[nenc], sprop[nenc]); - choose_mac (&newkeys->mac, cprop[nmac], sprop[nmac]); +@@ -455,11 +464,34 @@ kex_choose_conf(Kex *kex) + if (authlen == 0) + choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]); choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]); + debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name); + if (strcmp(newkeys->enc.name, "none") == 0) { -+ debug("Requesting NONE. Authflag is %d", auth_flag); ++ debug("Requesting NONE. Authflag is %d", auth_flag); + if (auth_flag == 1) { + debug("None requested post authentication."); + } else { @@ -594,7 +594,7 @@ index c65e28f..e99b244 100644 debug("kex: %s %s %s %s", ctos ? "client->server" : "server->client", newkeys->enc.name, - newkeys->mac.name, + authlen == 0 ? newkeys->mac.name : "<implicit>", newkeys->comp.name); + /* client starts withctos = 0 && log flag = 0 and no log*/ + /* 2nd client pass ctos=1 and flag = 1 so no log*/ @@ -614,10 +614,10 @@ index c65e28f..e99b244 100644 choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]); choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS], diff --git a/kex.h b/kex.h -index 7373d3c..3b4d4b5 100644 +index 46731fa..fafe115 100644 --- a/kex.h +++ b/kex.h -@@ -140,6 +140,8 @@ struct Kex { +@@ -142,6 +142,8 @@ struct Kex { int kex_names_valid(const char *); @@ -627,10 +627,10 @@ index 7373d3c..3b4d4b5 100644 void kex_finish(Kex *); diff --git a/myproposal.h b/myproposal.h -index b9b819c..429b5cb 100644 +index 99d0934..9358dc3 100644 --- a/myproposal.h +++ b/myproposal.h -@@ -95,6 +95,8 @@ +@@ -106,6 +106,8 @@ #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" @@ -640,10 +640,10 @@ index b9b819c..429b5cb 100644 static char *myproposal[PROPOSAL_MAX] = { KEX_DEFAULT_KEX, diff --git a/packet.c b/packet.c -index d0c66fe..9f6f530 100644 +index 9326dde..dc9dd8d 100644 --- a/packet.c +++ b/packet.c -@@ -838,7 +838,7 @@ packet_enable_delayed_compress(void) +@@ -841,7 +841,7 @@ packet_enable_delayed_compress(void) /* * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue) */ @@ -652,22 +652,22 @@ index d0c66fe..9f6f530 100644 packet_send2_wrapped(void) { u_char type, *cp, *macbuf = NULL; -@@ -957,11 +957,13 @@ packet_send2_wrapped(void) +@@ -972,11 +972,13 @@ packet_send2_wrapped(void) set_newkeys(MODE_OUT); else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side) packet_enable_delayed_compress(); -+ return(packet_length); ++ return len - 4; } -static void +static int packet_send2(void) { -+ static int packet_length = 0; ++ int packet_length = 0; struct packet *p; u_char type, *cp; -@@ -981,7 +983,7 @@ packet_send2(void) +@@ -996,7 +998,7 @@ packet_send2(void) sizeof(Buffer)); buffer_init(&active_state->outgoing_packet); TAILQ_INSERT_TAIL(&active_state->outgoing, p, next); @@ -676,7 +676,7 @@ index d0c66fe..9f6f530 100644 } } -@@ -989,7 +991,7 @@ packet_send2(void) +@@ -1004,7 +1006,7 @@ packet_send2(void) if (type == SSH2_MSG_KEXINIT) active_state->rekeying = 1; @@ -685,7 +685,7 @@ index d0c66fe..9f6f530 100644 /* after a NEWKEYS message we can send the complete queue */ if (type == SSH2_MSG_NEWKEYS) { -@@ -1002,19 +1004,22 @@ packet_send2(void) +@@ -1017,19 +1019,22 @@ packet_send2(void) sizeof(Buffer)); TAILQ_REMOVE(&active_state->outgoing, p, next); xfree(p); @@ -700,7 +700,7 @@ index d0c66fe..9f6f530 100644 +int packet_send(void) { -+ int packet_len = 0; ++ int packet_len = 0; if (compat20) - packet_send2(); + packet_len = packet_send2(); @@ -711,7 +711,7 @@ index d0c66fe..9f6f530 100644 } /* -@@ -1647,7 +1652,7 @@ packet_disconnect(const char *fmt,...) +@@ -1697,7 +1702,7 @@ packet_disconnect(const char *fmt,...) /* Checks if there is any buffered output, and tries to write some of the output. */ @@ -720,7 +720,7 @@ index d0c66fe..9f6f530 100644 packet_write_poll(void) { int len = buffer_len(&active_state->output); -@@ -1660,13 +1665,14 @@ packet_write_poll(void) +@@ -1710,13 +1715,14 @@ packet_write_poll(void) if (len == -1) { if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) @@ -736,7 +736,7 @@ index d0c66fe..9f6f530 100644 } /* -@@ -1867,12 +1873,24 @@ packet_send_ignore(int nbytes) +@@ -1917,12 +1923,24 @@ packet_send_ignore(int nbytes) } } @@ -761,7 +761,7 @@ index d0c66fe..9f6f530 100644 return (active_state->p_send.packets > MAX_PACKETS) || (active_state->p_read.packets > MAX_PACKETS) || -@@ -1964,3 +1982,9 @@ packet_restore_state(void) +@@ -2014,3 +2032,9 @@ packet_restore_state(void) add_recv_bytes(len); } } @@ -955,7 +955,7 @@ index be30ee0..6480539 100644 int identities_only; int server_alive_interval; diff --git a/scp.c b/scp.c -index 08587b5..c9c20f0 100644 +index 645d740..0cd0666 100644 --- a/scp.c +++ b/scp.c @@ -731,7 +731,7 @@ source(int argc, char **argv) @@ -977,10 +977,10 @@ index 08587b5..c9c20f0 100644 #define atime tv[0] diff --git a/servconf.c b/servconf.c -index ee2e531..e4af66c 100644 +index b2a60fd..0f150c5 100644 --- a/servconf.c +++ b/servconf.c -@@ -139,6 +139,10 @@ initialize_server_options(ServerOptions *options) +@@ -143,6 +143,10 @@ initialize_server_options(ServerOptions *options) options->revoked_keys_file = NULL; options->trusted_user_ca_keys = NULL; options->authorized_principals_file = NULL; @@ -991,7 +991,7 @@ index ee2e531..e4af66c 100644 options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; options->version_addendum = NULL; -@@ -147,6 +151,11 @@ initialize_server_options(ServerOptions *options) +@@ -151,6 +155,11 @@ initialize_server_options(ServerOptions *options) void fill_default_server_options(ServerOptions *options) { @@ -1003,7 +1003,7 @@ index ee2e531..e4af66c 100644 /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; -@@ -287,6 +296,40 @@ fill_default_server_options(ServerOptions *options) +@@ -291,6 +300,40 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = PRIVSEP_NOSANDBOX; @@ -1044,15 +1044,15 @@ index ee2e531..e4af66c 100644 #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " -@@ -328,6 +371,7 @@ typedef enum { +@@ -332,6 +375,7 @@ typedef enum { sUsePrivilegeSeparation, sAllowAgentForwarding, sZeroKnowledgePasswordAuthentication, sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, + sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize, sKexAlgorithms, sIPQoS, sVersionAddendum, - sDeprecated, sUnsupported - } ServerOpCodes; -@@ -451,6 +495,10 @@ static struct { + sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, + sAuthenticationMethods, +@@ -457,6 +501,10 @@ static struct { { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, @@ -1062,8 +1062,8 @@ index ee2e531..e4af66c 100644 + { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, { "ipqos", sIPQoS, SSHCFG_ALL }, - { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, -@@ -480,6 +528,7 @@ parse_token(const char *cp, const char *filename, + { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, +@@ -489,6 +537,7 @@ parse_token(const char *cp, const char *filename, for (i = 0; keywords[i].name; i++) if (strcasecmp(cp, keywords[i].name) == 0) { @@ -1071,7 +1071,7 @@ index ee2e531..e4af66c 100644 *flags = keywords[i].flags; return keywords[i].opcode; } -@@ -987,6 +1036,22 @@ process_server_config_line(ServerOptions *options, char *line, +@@ -1005,6 +1054,22 @@ process_server_config_line(ServerOptions *options, char *line, *intptr = value; break; @@ -1095,10 +1095,10 @@ index ee2e531..e4af66c 100644 intptr = &options->ignore_user_known_hosts; goto parse_flag; diff --git a/servconf.h b/servconf.h -index 096d596..714473d 100644 +index 870c709..f042fe4 100644 --- a/servconf.h +++ b/servconf.h -@@ -157,6 +157,10 @@ typedef struct { +@@ -164,6 +164,10 @@ typedef struct { char *adm_forced_command; int use_pam; /* Enable auth via PAM */ @@ -1110,7 +1110,7 @@ index 096d596..714473d 100644 int permit_tun; diff --git a/serverloop.c b/serverloop.c -index 741c5be..34b3771 100644 +index e224bd0..4d642d5 100644 --- a/serverloop.c +++ b/serverloop.c @@ -94,10 +94,10 @@ static int fdin; /* Descriptor for stdin (for writing) */ @@ -1197,7 +1197,7 @@ index 741c5be..34b3771 100644 } static void -@@ -1004,8 +1027,12 @@ server_request_tun(void) +@@ -1011,8 +1034,12 @@ server_request_tun(void) sock = tun_open(tun, mode); if (sock < 0) goto done; @@ -1210,7 +1210,7 @@ index 741c5be..34b3771 100644 c->datagram = 1; #if defined(SSH_TUN_FILTER) if (mode == SSH_TUNMODE_POINTOPOINT) -@@ -1041,6 +1068,8 @@ server_request_session(void) +@@ -1048,6 +1075,8 @@ server_request_session(void) c = channel_new("session", SSH_CHANNEL_LARVAL, -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT, 0, "server-session", 1); @@ -1220,7 +1220,7 @@ index 741c5be..34b3771 100644 debug("session open failed, free channel %d", c->self); channel_free(c); diff --git a/session.c b/session.c -index 65bf287..c74f655 100644 +index 19eaa20..57ebeca 100644 --- a/session.c +++ b/session.c @@ -236,6 +236,7 @@ auth_input_request_forwarding(struct passwd * pw) @@ -1231,7 +1231,7 @@ index 65bf287..c74f655 100644 nc = channel_new("auth socket", SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1, CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, -@@ -2278,10 +2279,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, +@@ -2286,10 +2287,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr, */ if (s->chanid == -1) fatal("no channel for session %d", s->self); @@ -1263,10 +1263,10 @@ index bcb4721..284d618 100644 Recursively copy entire directories when uploading and downloading. Note that diff --git a/sftp.c b/sftp.c -index 235c6ad..bae79f2 100644 +index 342ae7e..65dacd9 100644 --- a/sftp.c +++ b/sftp.c -@@ -69,7 +69,7 @@ typedef void EditLine; +@@ -65,7 +65,7 @@ typedef void EditLine; #include "sftp-client.h" #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */ @@ -1388,7 +1388,7 @@ index 3f61eb0..62f56de 100644 channel_send_open(c->self); diff --git a/sshconnect.c b/sshconnect.c -index 0ee7266..f90cbe2 100644 +index 07800a6..6b2b3c0 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -182,6 +182,31 @@ ssh_kill_proxy_command(void) @@ -1442,17 +1442,21 @@ index 0ee7266..f90cbe2 100644 /* Bind the socket to an alternative local IP address */ if (options.bind_address == NULL) return sock; -@@ -556,7 +586,7 @@ ssh_exchange_identification(int timeout_ms) - snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", - compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1, - compat20 ? PROTOCOL_MINOR_2 : minor1, -- SSH_VERSION, compat20 ? "\r\n" : "\n"); -+ SSH_RELEASE, compat20 ? "\r\n" : "\n"); - if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf)) - != strlen(buf)) - fatal("write: %.100s", strerror(errno)); +@@ -435,10 +465,10 @@ send_client_banner(int connection_out, int minor1) + /* Send our own protocol version identification. */ + if (compat20) { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", +- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); ++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); + } else { + xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", +- PROTOCOL_MAJOR_1, minor1, SSH_VERSION); ++ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE); + } + if (roaming_atomicio(vwrite, connection_out, client_version_string, + strlen(client_version_string)) != strlen(client_version_string)) diff --git a/sshconnect2.c b/sshconnect2.c -index 7c369d7..0b02824 100644 +index d6af0b9..9b0aea2 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -81,6 +81,12 @@ @@ -1468,7 +1472,7 @@ index 7c369d7..0b02824 100644 /* * SSH2 key exchange -@@ -420,6 +426,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, +@@ -421,6 +427,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host, pubkey_cleanup(&authctxt); dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL); @@ -1498,7 +1502,7 @@ index 7c369d7..0b02824 100644 } diff --git a/sshd.c b/sshd.c -index 9aff5e8..a42dea8 100644 +index 3e9d176..b05b2df 100644 --- a/sshd.c +++ b/sshd.c @@ -138,6 +138,9 @@ int deny_severity; @@ -1511,7 +1515,7 @@ index 9aff5e8..a42dea8 100644 extern char *__progname; /* Server configuration options. */ -@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out) +@@ -430,7 +433,7 @@ sshd_exchange_identification(int sock_in, int sock_out) } xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", @@ -1520,7 +1524,7 @@ index 9aff5e8..a42dea8 100644 *options.version_addendum == '\0' ? "" : " ", options.version_addendum, newline); -@@ -473,6 +476,9 @@ sshd_exchange_identification(int sock_in, int sock_out) +@@ -482,6 +485,9 @@ sshd_exchange_identification(int sock_in, int sock_out) } debug("Client protocol version %d.%d; client software version %.100s", remote_major, remote_minor, remote_version); @@ -1530,7 +1534,7 @@ index 9aff5e8..a42dea8 100644 compat_datafellows(remote_version); -@@ -1029,6 +1035,8 @@ server_listen(void) +@@ -1038,6 +1044,8 @@ server_listen(void) int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -1539,7 +1543,7 @@ index 9aff5e8..a42dea8 100644 for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -1069,6 +1077,11 @@ server_listen(void) +@@ -1078,6 +1086,11 @@ server_listen(void) debug("Bind to port %s on %s.", strport, ntop); @@ -1551,7 +1555,7 @@ index 9aff5e8..a42dea8 100644 /* Bind the socket to the desired port. */ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) { error("Bind to port %s on %s failed: %.200s.", -@@ -1938,6 +1951,9 @@ main(int ac, char **av) +@@ -1976,6 +1989,9 @@ main(int ac, char **av) /* Log the connection. */ verbose("Connection from %.500s port %d", remote_ip, remote_port); @@ -1561,7 +1565,7 @@ index 9aff5e8..a42dea8 100644 /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2294,9 +2310,15 @@ do_ssh2_kex(void) +@@ -2332,9 +2348,15 @@ do_ssh2_kex(void) { Kex *kex; @@ -1578,10 +1582,10 @@ index 9aff5e8..a42dea8 100644 myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); diff --git a/sshd_config b/sshd_config -index 9424ee2..04f51d6 100644 +index 9cd2fdd..27f43eb 100644 --- a/sshd_config +++ b/sshd_config -@@ -117,6 +117,20 @@ UsePrivilegeSeparation sandbox # Default for new installations. +@@ -120,6 +120,20 @@ UsePrivilegeSeparation sandbox # Default for new installations. # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server @@ -1603,11 +1607,11 @@ index 9424ee2..04f51d6 100644 #Match User anoncvs # X11Forwarding no diff --git a/version.h b/version.h -index 76adaaf..44172ac 100644 +index 784f707..c8f04d5 100644 --- a/version.h +++ b/version.h @@ -3,4 +3,5 @@ - #define SSH_VERSION "OpenSSH_6.1" + #define SSH_VERSION "OpenSSH_6.2" #define SSH_PORTABLE "p1" -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |