main/openssh: upgrade to 6.2_p1

rebase dynwindow patch.

2 files changed, 103 insertions, 87 deletions

diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
index 62add3136..8c7d8702b 100644
--- a/main/openssh/APKBUILD
+++ b/main/openssh/APKBUILD
@@ -1,8 +1,8 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=openssh
-pkgver=6.1_p1
+pkgver=6.2_p1
 _myver=${pkgver%_*}${pkgver#*_}
-pkgrel=2
+pkgrel=0
 pkgdesc="Port of OpenBSD's free SSH release"
 url="http://www.openssh.org/portable.html"
 arch="all"
@@ -94,9 +94,21 @@ client() {
 		"$subpkgdir"/usr/bin/ssh-copy-id || return 1
 }
 
-md5sums="3345cbf4efe90ffb06a78670ab2d05d5  openssh-6.1p1.tar.gz
-b6a71aab576d592b4645a5a4e21a9116  openssh-dynwindow_noneswitch.diff
+md5sums="7b2d9dd75b5cf267ea1737ec75500316  openssh-6.2p1.tar.gz
+f5f58aadd74752440e8560c398fcb3b6  openssh-dynwindow_noneswitch.diff
 949ff348573438163240c60d6c3618eb  openssh-peaktput.diff
 c65d454dc5b149647273485fc184636d  openssh-hmac-accel.diff
 cb0dd08c413fad346f0c594107b4a2e0  sshd.initd
 b35e9f3829f4cfca07168fcba98749c7  sshd.confd"
+sha256sums="58690267d7455f444e87c2f8cd9be91fc686ffc0c02d1ebd0be2ab68149f7160  openssh-6.2p1.tar.gz
+73654338c592b8c9ad7435d1fb9908fa730076a8d3fd51c8ed5f5a6810b218b9  openssh-dynwindow_noneswitch.diff
+dab18c1fd1496c1ba4a4fe08c6c6b8cf3347fc82878d85498202f50168161f6b  openssh-peaktput.diff
+902ea83a9ef726f32b096280da0f1b722f4372886c65c4e28985ee57e725d95c  openssh-hmac-accel.diff
+3fa062fd4bfac64abf21f3c1d0548f1dfcf3c6e56e84ece14c848f53a293024e  sshd.initd
+29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41  sshd.confd"
+sha512sums="ffc866110f8e6c53581186f73593489fc54d75b5d193f9e9589ec484b541efa23d8ee48b28e3a0a3a0d7f8183d5de00c416c2217938a5e47211c49da7bc7a7e7  openssh-6.2p1.tar.gz
+c15e6c39e897adc9fe7975c417ee2357c4f07668096bd1538e0be9395d634d95c4bf10e9a18faae4247c3d89c7d9fb503c1a8cc56b66d40797c7bc774661ec66  openssh-dynwindow_noneswitch.diff
+64f2c94f41225c76428440d778b0bf5657408123d1cd7d6cb4bdf5000bfba8ad80ec5e57acd0880adc7a8ea7e2f1a64e329b83cf8be630b9aaebff6ab138d025  openssh-peaktput.diff
+aaa128126400171d0755038a846672aa7b1e87340edf73a672962d403abf404ef1821466b17da51dde25f04ec7533ae4a653399ccc912ea9c4a7b1a14032e76f  openssh-hmac-accel.diff
+1483e2bcd700da9b02f04508d490b472c816344787bf1675fef2f7e27f72b91e4323e4e8c1db701e47d81d37d6d4b0623eaeac46b2cf589ae5ad69f363baa594  sshd.initd
+b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81  sshd.confd"
diff --git a/main/openssh/openssh-dynwindow_noneswitch.diff b/main/openssh/openssh-dynwindow_noneswitch.diff
index f0c7f0da1..f8cd59338 100644
--- a/main/openssh/openssh-dynwindow_noneswitch.diff
+++ b/main/openssh/openssh-dynwindow_noneswitch.diff
@@ -133,7 +133,7 @@ index 0000000..72d822f
 +         by Cisco System, Inc., the National Library of Medicine,
 +	 and the National Science Foundation.
 diff --git a/auth2.c b/auth2.c
-index b66bef6..9e75803 100644
+index e367a10..da46852 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -49,6 +49,7 @@
@@ -154,7 +154,7 @@ index b66bef6..9e75803 100644
  Authmethod *authmethods[] = {
  	&method_none,
  	&method_pubkey,
-@@ -225,6 +229,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
+@@ -227,6 +231,11 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
  	service = packet_get_cstring(NULL);
  	method = packet_get_cstring(NULL);
  	debug("userauth-request for user %s service %s method %s", user, service, method);
@@ -194,7 +194,7 @@ index e2a9dd1..2c0b65c 100644
  	u_char	*buf;		/* Buffer for data. */
  	u_int	 alloc;		/* Number of bytes allocated for data. */
 diff --git a/channels.c b/channels.c
-index 7791feb..7f66ca9 100644
+index 9cf85a3..862bfd3 100644
 --- a/channels.c
 +++ b/channels.c
 @@ -173,8 +173,14 @@ static void port_open_helper(Channel *c, char *rtype);
@@ -359,7 +359,7 @@ index 7791feb..7f66ca9 100644
  		c->path = xstrdup(host);
  		c->host_port = port_to_connect;
  		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
-@@ -3505,10 +3560,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
+@@ -3503,10 +3558,17 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
  	*chanids = xcalloc(num_socks + 1, sizeof(**chanids));
  	for (n = 0; n < num_socks; n++) {
  		sock = socks[n];
@@ -424,10 +424,10 @@ index d75b800..0a95283 100644
 +
  #endif
 diff --git a/cipher.c b/cipher.c
-index bb5c0ac..32ad40e 100644
+index 9ca1d00..ad57555 100644
 --- a/cipher.c
 +++ b/cipher.c
-@@ -163,7 +163,8 @@ ciphers_valid(const char *names)
+@@ -180,7 +180,8 @@ ciphers_valid(const char *names)
  	for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
  	    (p = strsep(&cp, CIPHER_SEP))) {
  		c = cipher_by_name(p);
@@ -437,7 +437,7 @@ index bb5c0ac..32ad40e 100644
  			debug("bad cipher %s [%s]", p, names);
  			xfree(cipher_list);
  			return 0;
-@@ -337,6 +338,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
+@@ -406,6 +407,7 @@ cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
  	int evplen;
  
  	switch (c->number) {
@@ -445,7 +445,7 @@ index bb5c0ac..32ad40e 100644
  	case SSH_CIPHER_SSH2:
  	case SSH_CIPHER_DES:
  	case SSH_CIPHER_BLOWFISH:
-@@ -371,6 +373,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
+@@ -442,6 +444,7 @@ cipher_set_keyiv(CipherContext *cc, u_char *iv)
  	int evplen = 0;
  
  	switch (c->number) {
@@ -454,10 +454,10 @@ index bb5c0ac..32ad40e 100644
  	case SSH_CIPHER_DES:
  	case SSH_CIPHER_BLOWFISH:
 diff --git a/clientloop.c b/clientloop.c
-index 1c1a770..b9910e4 100644
+index c1d1d44..15cb3a0 100644
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -1829,9 +1829,15 @@ client_request_x11(const char *request_type, int rchan)
+@@ -1884,9 +1884,15 @@ client_request_x11(const char *request_type, int rchan)
  	sock = x11_connect_display();
  	if (sock < 0)
  		return NULL;
@@ -473,7 +473,7 @@ index 1c1a770..b9910e4 100644
  	c->force_drain = 1;
  	return c;
  }
-@@ -1851,9 +1857,15 @@ client_request_agent(const char *request_type, int rchan)
+@@ -1906,9 +1912,15 @@ client_request_agent(const char *request_type, int rchan)
  	sock = ssh_get_authentication_socket();
  	if (sock < 0)
  		return NULL;
@@ -490,7 +490,7 @@ index 1c1a770..b9910e4 100644
  	    "authentication agent connection", 1);
  	c->force_drain = 1;
  	return c;
-@@ -1881,10 +1893,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
+@@ -1936,10 +1948,18 @@ client_request_tun_fwd(int tun_mode, int local_tun, int remote_tun)
  		return -1;
  	}
  
@@ -511,10 +511,10 @@ index 1c1a770..b9910e4 100644
  	if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
  		channel_register_filter(c->self, sys_tun_infilter,
 diff --git a/compat.c b/compat.c
-index 0dc089f..9ab3688 100644
+index f680f4f..e9a567c 100644
 --- a/compat.c
 +++ b/compat.c
-@@ -171,6 +171,15 @@ compat_datafellows(const char *version)
+@@ -173,6 +173,15 @@ compat_datafellows(const char *version)
  		    strlen(check[i].pat), 0) == 1) {
  			debug("match: %s pat %s", version, check[i].pat);
  			datafellows = check[i].bugs;
@@ -543,7 +543,7 @@ index 3ae5d9c..6a7aeb2 100644
  void     enable_compat13(void);
  void     enable_compat20(void);
 diff --git a/kex.c b/kex.c
-index c65e28f..e99b244 100644
+index 57a79dd..1edaecb 100644
 --- a/kex.c
 +++ b/kex.c
 @@ -49,6 +49,7 @@
@@ -564,9 +564,9 @@ index c65e28f..e99b244 100644
  kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX])
  {
  	u_int i;
-@@ -407,6 +409,13 @@ kex_choose_conf(Kex *kex)
+@@ -418,6 +420,13 @@ kex_choose_conf(Kex *kex)
  	int nenc, nmac, ncomp;
- 	u_int mode, ctos, need;
+ 	u_int mode, ctos, need, authlen;
  	int first_kex_follows, type;
 +	int log_flag = 0;
 +
@@ -578,13 +578,13 @@ index c65e28f..e99b244 100644
  
  	my   = kex_buf2prop(&kex->my, NULL);
  	peer = kex_buf2prop(&kex->peer, &first_kex_follows);
-@@ -441,11 +450,34 @@ kex_choose_conf(Kex *kex)
- 		choose_enc (&newkeys->enc,  cprop[nenc],  sprop[nenc]);
- 		choose_mac (&newkeys->mac,  cprop[nmac],  sprop[nmac]);
+@@ -455,11 +464,34 @@ kex_choose_conf(Kex *kex)
+ 		if (authlen == 0)
+ 			choose_mac(&newkeys->mac, cprop[nmac], sprop[nmac]);
  		choose_comp(&newkeys->comp, cprop[ncomp], sprop[ncomp]);
 +		debug("REQUESTED ENC.NAME is '%s'", newkeys->enc.name);
 +		if (strcmp(newkeys->enc.name, "none") == 0) {
-+				debug("Requesting NONE. Authflag is %d", auth_flag);
++			debug("Requesting NONE. Authflag is %d", auth_flag);
 +			if (auth_flag == 1) {
 +				debug("None requested post authentication.");
 +			} else {
@@ -594,7 +594,7 @@ index c65e28f..e99b244 100644
  		debug("kex: %s %s %s %s",
  		    ctos ? "client->server" : "server->client",
  		    newkeys->enc.name,
- 		    newkeys->mac.name,
+ 		    authlen == 0 ? newkeys->mac.name : "<implicit>",
  		    newkeys->comp.name);
 +		/* client starts withctos = 0 && log flag = 0 and no log*/
 +		/* 2nd client pass ctos=1 and flag = 1 so no log*/
@@ -614,10 +614,10 @@ index c65e28f..e99b244 100644
  	choose_kex(kex, cprop[PROPOSAL_KEX_ALGS], sprop[PROPOSAL_KEX_ALGS]);
  	choose_hostkeyalg(kex, cprop[PROPOSAL_SERVER_HOST_KEY_ALGS],
 diff --git a/kex.h b/kex.h
-index 7373d3c..3b4d4b5 100644
+index 46731fa..fafe115 100644
 --- a/kex.h
 +++ b/kex.h
-@@ -140,6 +140,8 @@ struct Kex {
+@@ -142,6 +142,8 @@ struct Kex {
  
  int	 kex_names_valid(const char *);
  
@@ -627,10 +627,10 @@ index 7373d3c..3b4d4b5 100644
  void	 kex_finish(Kex *);
  
 diff --git a/myproposal.h b/myproposal.h
-index b9b819c..429b5cb 100644
+index 99d0934..9358dc3 100644
 --- a/myproposal.h
 +++ b/myproposal.h
-@@ -95,6 +95,8 @@
+@@ -106,6 +106,8 @@
  #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
  #define	KEX_DEFAULT_LANG	""
  
@@ -640,10 +640,10 @@ index b9b819c..429b5cb 100644
  static char *myproposal[PROPOSAL_MAX] = {
  	KEX_DEFAULT_KEX,
 diff --git a/packet.c b/packet.c
-index d0c66fe..9f6f530 100644
+index 9326dde..dc9dd8d 100644
 --- a/packet.c
 +++ b/packet.c
-@@ -838,7 +838,7 @@ packet_enable_delayed_compress(void)
+@@ -841,7 +841,7 @@ packet_enable_delayed_compress(void)
  /*
   * Finalize packet in SSH2 format (compress, mac, encrypt, enqueue)
   */
@@ -652,22 +652,22 @@ index d0c66fe..9f6f530 100644
  packet_send2_wrapped(void)
  {
  	u_char type, *cp, *macbuf = NULL;
-@@ -957,11 +957,13 @@ packet_send2_wrapped(void)
+@@ -972,11 +972,13 @@ packet_send2_wrapped(void)
  		set_newkeys(MODE_OUT);
  	else if (type == SSH2_MSG_USERAUTH_SUCCESS && active_state->server_side)
  		packet_enable_delayed_compress();
-+	return(packet_length);
++	return len - 4;
  }
  
 -static void
 +static int
  packet_send2(void)
  {
-+	static int packet_length = 0;
++	int packet_length = 0;
  	struct packet *p;
  	u_char type, *cp;
  
-@@ -981,7 +983,7 @@ packet_send2(void)
+@@ -996,7 +998,7 @@ packet_send2(void)
  			    sizeof(Buffer));
  			buffer_init(&active_state->outgoing_packet);
  			TAILQ_INSERT_TAIL(&active_state->outgoing, p, next);
@@ -676,7 +676,7 @@ index d0c66fe..9f6f530 100644
  		}
  	}
  
-@@ -989,7 +991,7 @@ packet_send2(void)
+@@ -1004,7 +1006,7 @@ packet_send2(void)
  	if (type == SSH2_MSG_KEXINIT)
  		active_state->rekeying = 1;
  
@@ -685,7 +685,7 @@ index d0c66fe..9f6f530 100644
  
  	/* after a NEWKEYS message we can send the complete queue */
  	if (type == SSH2_MSG_NEWKEYS) {
-@@ -1002,19 +1004,22 @@ packet_send2(void)
+@@ -1017,19 +1019,22 @@ packet_send2(void)
  			    sizeof(Buffer));
  			TAILQ_REMOVE(&active_state->outgoing, p, next);
  			xfree(p);
@@ -700,7 +700,7 @@ index d0c66fe..9f6f530 100644
 +int
  packet_send(void)
  {
-+  int packet_len = 0;
++	int packet_len = 0;
  	if (compat20)
 -		packet_send2();
 +		packet_len = packet_send2();
@@ -711,7 +711,7 @@ index d0c66fe..9f6f530 100644
  }
  
  /*
-@@ -1647,7 +1652,7 @@ packet_disconnect(const char *fmt,...)
+@@ -1697,7 +1702,7 @@ packet_disconnect(const char *fmt,...)
  
  /* Checks if there is any buffered output, and tries to write some of the output. */
  
@@ -720,7 +720,7 @@ index d0c66fe..9f6f530 100644
  packet_write_poll(void)
  {
  	int len = buffer_len(&active_state->output);
-@@ -1660,13 +1665,14 @@ packet_write_poll(void)
+@@ -1710,13 +1715,14 @@ packet_write_poll(void)
  		if (len == -1) {
  			if (errno == EINTR || errno == EAGAIN ||
  			    errno == EWOULDBLOCK)
@@ -736,7 +736,7 @@ index d0c66fe..9f6f530 100644
  }
  
  /*
-@@ -1867,12 +1873,24 @@ packet_send_ignore(int nbytes)
+@@ -1917,12 +1923,24 @@ packet_send_ignore(int nbytes)
  	}
  }
  
@@ -761,7 +761,7 @@ index d0c66fe..9f6f530 100644
  	return
  	    (active_state->p_send.packets > MAX_PACKETS) ||
  	    (active_state->p_read.packets > MAX_PACKETS) ||
-@@ -1964,3 +1982,9 @@ packet_restore_state(void)
+@@ -2014,3 +2032,9 @@ packet_restore_state(void)
  		add_recv_bytes(len);
  	}
  }
@@ -955,7 +955,7 @@ index be30ee0..6480539 100644
  	int	identities_only;
  	int	server_alive_interval;
 diff --git a/scp.c b/scp.c
-index 08587b5..c9c20f0 100644
+index 645d740..0cd0666 100644
 --- a/scp.c
 +++ b/scp.c
 @@ -731,7 +731,7 @@ source(int argc, char **argv)
@@ -977,10 +977,10 @@ index 08587b5..c9c20f0 100644
  
  #define	atime	tv[0]
 diff --git a/servconf.c b/servconf.c
-index ee2e531..e4af66c 100644
+index b2a60fd..0f150c5 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -139,6 +139,10 @@ initialize_server_options(ServerOptions *options)
+@@ -143,6 +143,10 @@ initialize_server_options(ServerOptions *options)
  	options->revoked_keys_file = NULL;
  	options->trusted_user_ca_keys = NULL;
  	options->authorized_principals_file = NULL;
@@ -991,7 +991,7 @@ index ee2e531..e4af66c 100644
  	options->ip_qos_interactive = -1;
  	options->ip_qos_bulk = -1;
  	options->version_addendum = NULL;
-@@ -147,6 +151,11 @@ initialize_server_options(ServerOptions *options)
+@@ -151,6 +155,11 @@ initialize_server_options(ServerOptions *options)
  void
  fill_default_server_options(ServerOptions *options)
  {
@@ -1003,7 +1003,7 @@ index ee2e531..e4af66c 100644
  	/* Portable-specific options */
  	if (options->use_pam == -1)
  		options->use_pam = 0;
-@@ -287,6 +296,40 @@ fill_default_server_options(ServerOptions *options)
+@@ -291,6 +300,40 @@ fill_default_server_options(ServerOptions *options)
  	if (use_privsep == -1)
  		use_privsep = PRIVSEP_NOSANDBOX;
  
@@ -1044,15 +1044,15 @@ index ee2e531..e4af66c 100644
  #ifndef HAVE_MMAP
  	if (use_privsep && options->compression == 1) {
  		error("This platform does not support both privilege "
-@@ -328,6 +371,7 @@ typedef enum {
+@@ -332,6 +375,7 @@ typedef enum {
  	sUsePrivilegeSeparation, sAllowAgentForwarding,
  	sZeroKnowledgePasswordAuthentication, sHostCertificate,
  	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
 +	sNoneEnabled, sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
  	sKexAlgorithms, sIPQoS, sVersionAddendum,
- 	sDeprecated, sUnsupported
- } ServerOpCodes;
-@@ -451,6 +495,10 @@ static struct {
+ 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+ 	sAuthenticationMethods,
+@@ -457,6 +501,10 @@ static struct {
  	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
  	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
  	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
@@ -1062,8 +1062,8 @@ index ee2e531..e4af66c 100644
 +	{ "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
  	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
  	{ "ipqos", sIPQoS, SSHCFG_ALL },
- 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
-@@ -480,6 +528,7 @@ parse_token(const char *cp, const char *filename,
+ 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+@@ -489,6 +537,7 @@ parse_token(const char *cp, const char *filename,
  
  	for (i = 0; keywords[i].name; i++)
  		if (strcasecmp(cp, keywords[i].name) == 0) {
@@ -1071,7 +1071,7 @@ index ee2e531..e4af66c 100644
  			*flags = keywords[i].flags;
  			return keywords[i].opcode;
  		}
-@@ -987,6 +1036,22 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1005,6 +1054,22 @@ process_server_config_line(ServerOptions *options, char *line,
  			*intptr = value;
  		break;
  
@@ -1095,10 +1095,10 @@ index ee2e531..e4af66c 100644
  		intptr = &options->ignore_user_known_hosts;
  		goto parse_flag;
 diff --git a/servconf.h b/servconf.h
-index 096d596..714473d 100644
+index 870c709..f042fe4 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -157,6 +157,10 @@ typedef struct {
+@@ -164,6 +164,10 @@ typedef struct {
  	char   *adm_forced_command;
  
  	int	use_pam;		/* Enable auth via PAM */
@@ -1110,7 +1110,7 @@ index 096d596..714473d 100644
  	int	permit_tun;
  
 diff --git a/serverloop.c b/serverloop.c
-index 741c5be..34b3771 100644
+index e224bd0..4d642d5 100644
 --- a/serverloop.c
 +++ b/serverloop.c
 @@ -94,10 +94,10 @@ static int fdin;		/* Descriptor for stdin (for writing) */
@@ -1197,7 +1197,7 @@ index 741c5be..34b3771 100644
  }
  
  static void
-@@ -1004,8 +1027,12 @@ server_request_tun(void)
+@@ -1011,8 +1034,12 @@ server_request_tun(void)
  	sock = tun_open(tun, mode);
  	if (sock < 0)
  		goto done;
@@ -1210,7 +1210,7 @@ index 741c5be..34b3771 100644
  	c->datagram = 1;
  #if defined(SSH_TUN_FILTER)
  	if (mode == SSH_TUNMODE_POINTOPOINT)
-@@ -1041,6 +1068,8 @@ server_request_session(void)
+@@ -1048,6 +1075,8 @@ server_request_session(void)
  	c = channel_new("session", SSH_CHANNEL_LARVAL,
  	    -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
  	    0, "server-session", 1);
@@ -1220,7 +1220,7 @@ index 741c5be..34b3771 100644
  		debug("session open failed, free channel %d", c->self);
  		channel_free(c);
 diff --git a/session.c b/session.c
-index 65bf287..c74f655 100644
+index 19eaa20..57ebeca 100644
 --- a/session.c
 +++ b/session.c
 @@ -236,6 +236,7 @@ auth_input_request_forwarding(struct passwd * pw)
@@ -1231,7 +1231,7 @@ index 65bf287..c74f655 100644
  	nc = channel_new("auth socket",
  	    SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
  	    CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
-@@ -2278,10 +2279,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
+@@ -2286,10 +2287,16 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr, int ignore_fderr,
  	 */
  	if (s->chanid == -1)
  		fatal("no channel for session %d", s->self);
@@ -1263,10 +1263,10 @@ index bcb4721..284d618 100644
  Recursively copy entire directories when uploading and downloading.
  Note that
 diff --git a/sftp.c b/sftp.c
-index 235c6ad..bae79f2 100644
+index 342ae7e..65dacd9 100644
 --- a/sftp.c
 +++ b/sftp.c
-@@ -69,7 +69,7 @@ typedef void EditLine;
+@@ -65,7 +65,7 @@ typedef void EditLine;
  #include "sftp-client.h"
  
  #define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
@@ -1388,7 +1388,7 @@ index 3f61eb0..62f56de 100644
  
  	channel_send_open(c->self);
 diff --git a/sshconnect.c b/sshconnect.c
-index 0ee7266..f90cbe2 100644
+index 07800a6..6b2b3c0 100644
 --- a/sshconnect.c
 +++ b/sshconnect.c
 @@ -182,6 +182,31 @@ ssh_kill_proxy_command(void)
@@ -1442,17 +1442,21 @@ index 0ee7266..f90cbe2 100644
  	/* Bind the socket to an alternative local IP address */
  	if (options.bind_address == NULL)
  		return sock;
-@@ -556,7 +586,7 @@ ssh_exchange_identification(int timeout_ms)
- 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
- 	    compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
- 	    compat20 ? PROTOCOL_MINOR_2 : minor1,
--	    SSH_VERSION, compat20 ? "\r\n" : "\n");
-+	    SSH_RELEASE, compat20 ? "\r\n" : "\n");
- 	if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
- 	    != strlen(buf))
- 		fatal("write: %.100s", strerror(errno));
+@@ -435,10 +465,10 @@ send_client_banner(int connection_out, int minor1)
+ 	/* Send our own protocol version identification. */
+ 	if (compat20) {
+ 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+-		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++		    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+ 	} else {
+ 		xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+-		    PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
++		    PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+ 	}
+ 	if (roaming_atomicio(vwrite, connection_out, client_version_string,
+ 	    strlen(client_version_string)) != strlen(client_version_string))
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 7c369d7..0b02824 100644
+index d6af0b9..9b0aea2 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -81,6 +81,12 @@
@@ -1468,7 +1472,7 @@ index 7c369d7..0b02824 100644
  
  /*
   * SSH2 key exchange
-@@ -420,6 +426,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
+@@ -421,6 +427,28 @@ ssh_userauth2(const char *local_user, const char *server_user, char *host,
  	pubkey_cleanup(&authctxt);
  	dispatch_range(SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
  
@@ -1498,7 +1502,7 @@ index 7c369d7..0b02824 100644
  }
  
 diff --git a/sshd.c b/sshd.c
-index 9aff5e8..a42dea8 100644
+index 3e9d176..b05b2df 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -138,6 +138,9 @@ int deny_severity;
@@ -1511,7 +1515,7 @@ index 9aff5e8..a42dea8 100644
  extern char *__progname;
  
  /* Server configuration options. */
-@@ -421,7 +424,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -430,7 +433,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
  	}
  
  	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s",
@@ -1520,7 +1524,7 @@ index 9aff5e8..a42dea8 100644
  	    *options.version_addendum == '\0' ? "" : " ",
  	    options.version_addendum, newline);
  
-@@ -473,6 +476,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
+@@ -482,6 +485,9 @@ sshd_exchange_identification(int sock_in, int sock_out)
  	}
  	debug("Client protocol version %d.%d; client software version %.100s",
  	    remote_major, remote_minor, remote_version);
@@ -1530,7 +1534,7 @@ index 9aff5e8..a42dea8 100644
  
  	compat_datafellows(remote_version);
  
-@@ -1029,6 +1035,8 @@ server_listen(void)
+@@ -1038,6 +1044,8 @@ server_listen(void)
  	int ret, listen_sock, on = 1;
  	struct addrinfo *ai;
  	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
@@ -1539,7 +1543,7 @@ index 9aff5e8..a42dea8 100644
  
  	for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
  		if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
-@@ -1069,6 +1077,11 @@ server_listen(void)
+@@ -1078,6 +1086,11 @@ server_listen(void)
  
  		debug("Bind to port %s on %s.", strport, ntop);
  
@@ -1551,7 +1555,7 @@ index 9aff5e8..a42dea8 100644
  		/* Bind the socket to the desired port. */
  		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
  			error("Bind to port %s on %s failed: %.200s.",
-@@ -1938,6 +1951,9 @@ main(int ac, char **av)
+@@ -1976,6 +1989,9 @@ main(int ac, char **av)
  	/* Log the connection. */
  	verbose("Connection from %.500s port %d", remote_ip, remote_port);
  
@@ -1561,7 +1565,7 @@ index 9aff5e8..a42dea8 100644
  	/*
  	 * We don't want to listen forever unless the other side
  	 * successfully authenticates itself.  So we set up an alarm which is
-@@ -2294,9 +2310,15 @@ do_ssh2_kex(void)
+@@ -2332,9 +2348,15 @@ do_ssh2_kex(void)
  {
  	Kex *kex;
  
@@ -1578,10 +1582,10 @@ index 9aff5e8..a42dea8 100644
  	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  	    compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
 diff --git a/sshd_config b/sshd_config
-index 9424ee2..04f51d6 100644
+index 9cd2fdd..27f43eb 100644
 --- a/sshd_config
 +++ b/sshd_config
-@@ -117,6 +117,20 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
+@@ -120,6 +120,20 @@ UsePrivilegeSeparation sandbox		# Default for new installations.
  # override default of no subsystems
  Subsystem	sftp	/usr/libexec/sftp-server
  
@@ -1603,11 +1607,11 @@ index 9424ee2..04f51d6 100644
  #Match User anoncvs
  #	X11Forwarding no
 diff --git a/version.h b/version.h
-index 76adaaf..44172ac 100644
+index 784f707..c8f04d5 100644
 --- a/version.h
 +++ b/version.h
 @@ -3,4 +3,5 @@
- #define SSH_VERSION	"OpenSSH_6.1"
+ #define SSH_VERSION	"OpenSSH_6.2"
  
  #define SSH_PORTABLE	"p1"
 -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE