diff -up openssh-5.8p1/configure.ac.vendor openssh-5.8p1/configure.ac

--- openssh-5.8p1/configure.ac.vendor	2011-02-04 01:42:14.000000000 +0100

+++ openssh-5.8p1/configure.ac	2011-02-09 22:39:55.000000000 +0100

@@ -4097,6 +4097,12 @@ AC_ARG_WITH(lastlog,

 		fi

 	]

 )

+AC_ARG_ENABLE(vendor-patchlevel,

+  [  --enable-vendor-patchlevel=TAG  specify a vendor patch level],

+  [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])

+   SSH_VENDOR_PATCHLEVEL="$enableval"],

+  [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])

+   SSH_VENDOR_PATCHLEVEL=none])

 dnl lastlog, [uw]tmpx? detection

 dnl  NOTE: set the paths in the platform section to avoid the

@@ -4327,6 +4333,7 @@ echo "       IP address in \$DISPLAY hac

 echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"

 echo "                  BSD Auth support: $BSD_AUTH_MSG"

 echo "              Random number source: $RAND_MSG"

+echo "                Vendor patch level: $SSH_VENDOR_PATCHLEVEL"

 if test ! -z "$USE_RAND_HELPER" ; then

 echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"

 fi

diff -up openssh-5.8p1/servconf.c.vendor openssh-5.8p1/servconf.c

--- openssh-5.8p1/servconf.c.vendor	2010-11-20 05:19:38.000000000 +0100

+++ openssh-5.8p1/servconf.c	2011-02-09 22:41:32.000000000 +0100

@@ -123,6 +123,7 @@ initialize_server_options(ServerOptions 

 	options->max_authtries = -1;

 	options->max_sessions = -1;

 	options->banner = NULL;

+	options->show_patchlevel = -1;

 	options->use_dns = -1;

 	options->client_alive_interval = -1;

 	options->client_alive_count_max = -1;

@@ -281,7 +282,9 @@ fill_default_server_options(ServerOption

 		options->ip_qos_interactive = IPTOS_LOWDELAY;

 	if (options->ip_qos_bulk == -1)

 		options->ip_qos_bulk = IPTOS_THROUGHPUT;

-

+	if (options->show_patchlevel == -1)

+ 		options->show_patchlevel = 0;

+ 

 	/* Turn privilege separation on by default */

 	if (use_privsep == -1)

 		use_privsep = 1;

@@ -319,7 +322,7 @@ typedef enum {

 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,

 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,

 	sMaxStartups, sMaxAuthTries, sMaxSessions,

-	sBanner, sUseDNS, sHostbasedAuthentication,

+	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,

 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,

 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,

 	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,

@@ -432,6 +435,7 @@ static struct {

 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },

 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },

 	{ "banner", sBanner, SSHCFG_ALL },

+	{ "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },

 	{ "usedns", sUseDNS, SSHCFG_GLOBAL },

 	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },

 	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },

@@ -1086,6 +1090,10 @@ process_server_config_line(ServerOptions

 		intptr = &use_privsep;

 		goto parse_flag;

+	case sShowPatchLevel:

+		intptr = &options->show_patchlevel;

+		goto parse_flag;

+

 	case sAllowUsers:

 		while ((arg = strdelim(&cp)) && *arg != '\0') {

 			if (options->num_allow_users >= MAX_ALLOW_USERS)

@@ -1726,6 +1734,7 @@ dump_config(ServerOptions *o)

 	dump_cfg_fmtint(sUseLogin, o->use_login);

 	dump_cfg_fmtint(sCompression, o->compression);

 	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);

+	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);

 	dump_cfg_fmtint(sUseDNS, o->use_dns);

 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);

 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);

diff -up openssh-5.8p1/servconf.h.vendor openssh-5.8p1/servconf.h

--- openssh-5.8p1/servconf.h.vendor	2010-11-20 05:19:38.000000000 +0100

+++ openssh-5.8p1/servconf.h	2011-02-09 22:39:55.000000000 +0100

@@ -134,6 +134,7 @@ typedef struct {

 	int	max_authtries;

 	int	max_sessions;

 	char   *banner;			/* SSH-2 banner message */

+	int	show_patchlevel;	/* Show vendor patch level to clients */

 	int	use_dns;

 	int	client_alive_interval;	/*

 					 * poke the client this often to

diff -up openssh-5.8p1/sshd_config.0.vendor openssh-5.8p1/sshd_config.0

--- openssh-5.8p1/sshd_config.0.vendor	2011-02-09 22:39:54.000000000 +0100

+++ openssh-5.8p1/sshd_config.0	2011-02-09 22:39:55.000000000 +0100

@@ -535,6 +535,11 @@ DESCRIPTION

              Defines the number of bits in the ephemeral protocol version 1

              server key.  The minimum value is 512, and the default is 1024.

+     ShowPatchLevel

+	     Specifies whether sshd will display the specific patch level of

+	     the binary in the server identification string.  The patch level

+	     is set at compile-time.  The default is M-bM-^@M-^\noM-bM-^@M-^].

+

      StrictModes

              Specifies whether sshd(8) should check file modes and ownership

              of the user's files and home directory before accepting login.

diff -up openssh-5.8p1/sshd_config.5.vendor openssh-5.8p1/sshd_config.5

--- openssh-5.8p1/sshd_config.5.vendor	2011-02-09 22:39:54.000000000 +0100

+++ openssh-5.8p1/sshd_config.5	2011-02-09 22:39:55.000000000 +0100

@@ -931,6 +931,14 @@ This option applies to protocol version 

 .It Cm ServerKeyBits

 Defines the number of bits in the ephemeral protocol version 1 server key.

 The minimum value is 512, and the default is 1024.

+.It Cm ShowPatchLevel 

+Specifies whether 

+.Nm sshd 

+will display the patch level of the binary in the identification string. 

+The patch level is set at compile-time. 

+The default is 

+.Dq no . 

+This option applies to protocol version 1 only. 

 .It Cm StrictModes

 Specifies whether

 .Xr sshd 8

diff -up openssh-5.8p1/sshd_config.vendor openssh-5.8p1/sshd_config

--- openssh-5.8p1/sshd_config.vendor	2011-02-09 22:39:54.000000000 +0100

+++ openssh-5.8p1/sshd_config	2011-02-09 22:39:55.000000000 +0100

@@ -112,6 +112,7 @@ X11Forwarding yes

 #Compression delayed

 #ClientAliveInterval 0

 #ClientAliveCountMax 3

+#ShowPatchLevel no

 #UseDNS yes

 #PidFile /var/run/sshd.pid

 #MaxStartups 10

diff -up openssh-5.8p1/sshd.c.vendor openssh-5.8p1/sshd.c

--- openssh-5.8p1/sshd.c.vendor	2011-02-09 22:39:55.000000000 +0100

+++ openssh-5.8p1/sshd.c	2011-02-09 22:39:55.000000000 +0100

@@ -419,7 +419,7 @@ sshd_exchange_identification(int sock_in

 		minor = PROTOCOL_MINOR_1;

 	}

 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,

-	    SSH_VERSION, newline);

+	   (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, newline);

 	server_version_string = xstrdup(buf);

 	/* Send our protocol version identification. */

@@ -1550,7 +1550,8 @@ main(int ac, char **av)

 		exit(1);

 	}

-	debug("sshd version %.100s", SSH_RELEASE);

+	debug("sshd version %.100s",

+	      (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);

 	/* Store privilege separation user for later use if required. */

 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {