diff --git a/openssh-6.2p2-audit5-session_key_destruction.patch b/openssh-6.2p2-audit5-session_key_destruction.patch
index 4e67c5a..9b767c0 100644
--- a/openssh-6.2p2-audit5-session_key_destruction.patch
+++ b/openssh-6.2p2-audit5-session_key_destruction.patch
@@ -650,7 +650,7 @@ diff --git a/openssh-6.2p2/packet.c b/openssh-6.2p2/packet.c
  packet_set_protocol_flags(u_int protocol_flags)
  {
  	active_state->remote_protocol_flags = protocol_flags;
-@@ -722,16 +733,33 @@ packet_send1(void)
+@@ -722,16 +733,35 @@ packet_send1(void)
  
  	/*
  	 * Note that the packet is now only buffered in output.  It won't be
@@ -668,7 +668,9 @@ diff --git a/openssh-6.2p2/packet.c b/openssh-6.2p2/packet.c
 +	xfree(newkeys->enc.name);
 +
 +	mac_clear(&newkeys->mac);
-+	xfree(newkeys->mac.name);
++	/* MAC may happen to be empty - if the GCM mode of AES is used */
++	if (newkeys->mac.name)
++		xfree(newkeys->mac.name);
 +
 +	xfree(newkeys->comp.name);
 +
@@ -684,7 +686,7 @@ diff --git a/openssh-6.2p2/packet.c b/openssh-6.2p2/packet.c
  	Comp *comp;
  	CipherContext *cc;
  	u_int64_t *max_blocks;
-@@ -747,31 +775,19 @@ set_newkeys(int mode)
+@@ -747,31 +777,19 @@ set_newkeys(int mode)
  	} else {
  		cc = &active_state->receive_context;
  		crypt_type = CIPHER_DECRYPT;
@@ -718,7 +720,7 @@ diff --git a/openssh-6.2p2/packet.c b/openssh-6.2p2/packet.c
  	mac  = &active_state->newkeys[mode]->mac;
  	comp = &active_state->newkeys[mode]->comp;
  	if (cipher_authlen(enc->cipher) == 0 && mac_init(mac) == 0)
-@@ -1967,54 +1983,93 @@ packet_get_output(void)
+@@ -1967,54 +1985,93 @@ packet_get_output(void)
  }
  
  void *
diff --git a/openssh-6.2p2-fingerprint_hash.patch b/openssh-6.2p2-fingerprint_hash.patch
index 41f07e8..57e4dad 100644
--- a/openssh-6.2p2-fingerprint_hash.patch
+++ b/openssh-6.2p2-fingerprint_hash.patch
@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent 3d1c0ed188101c45a132baae0b78f93a1d0e6160
+# Parent 2e71c896d924778e46e68e0c9be9a8b13e428f2f
 
 # select fingerprint hash algorithms based on the environment variable
 # SSH_FP_TYPE_ENVVAR and append it to hex and randomart fingerprints
diff --git a/openssh-6.2p2-gssapi_key_exchange.patch b/openssh-6.2p2-gssapi_key_exchange.patch
index b172ef3..f329b0a 100644
--- a/openssh-6.2p2-gssapi_key_exchange.patch
+++ b/openssh-6.2p2-gssapi_key_exchange.patch
@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent 4c530768d07db136fcc679119220a02eb28b0127
+# Parent a72dad36a987a441e9c92807b1d654e43ddee409
 
 diff --git a/openssh-6.2p2/ChangeLog.gssapi b/openssh-6.2p2/ChangeLog.gssapi
 new file mode 100644
diff --git a/openssh.changes b/openssh.changes
index c7120e0..9aed0d7 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct  4 17:50:32 UTC 2013 - pcerny@suse.com
+
+- fix server crashes when using AES-GCM
+- removed superfluous build dependency on X
+
 -------------------------------------------------------------------
 Thu Sep 19 02:02:56 UTC 2013 - pcerny@suse.com
 
diff --git a/openssh.spec b/openssh.spec
index c5d3617..a6843c6 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -84,10 +84,6 @@ BuildRequires:  systemd
 %{?systemd_requires}
 %endif
 BuildRequires:  tcpd-devel
-BuildRequires:  xorg-x11-devel
-%if %{needs_xorg_libs}
-BuildRequires:  xorg-x11-libs
-%endif
 Requires:       /bin/netstat
 PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
 Conflicts:      nonfreessh