summaryrefslogtreecommitdiffstats
path: root/debian/patches/openbsd-docs.patch
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/patches/openbsd-docs.patch255
1 files changed, 255 insertions, 0 deletions
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
new file mode 100644
index 0000000..785d181
--- /dev/null
+++ b/debian/patches/openbsd-docs.patch
@@ -0,0 +1,255 @@
+From 92fdda49286532870c424f93f3d157583a921cbe Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 9 Feb 2014 16:10:09 +0000
+Subject: Adjust various OpenBSD-specific references in manual pages
+
+No single bug reference for this patch, but history includes:
+ https://bugs.debian.org/154434 (login.conf(5))
+ https://bugs.debian.org/513417 (/etc/rc)
+ https://bugs.debian.org/530692 (ssl(8))
+ https://bugs.launchpad.net/bugs/456660 (ssl(8))
+ https://bugs.debian.org/998069 (rdomain(4))
+
+Forwarded: not-needed
+Last-Update: 2023-09-02
+
+Patch-Name: openbsd-docs.patch
+---
+ moduli.5 | 4 ++--
+ ssh-keygen.1 | 12 ++++--------
+ ssh.1 | 4 ++++
+ sshd.8 | 5 ++---
+ sshd_config.5 | 40 ++--------------------------------------
+ 5 files changed, 14 insertions(+), 51 deletions(-)
+
+diff --git a/moduli.5 b/moduli.5
+index 5086a6d42..6dffdc7e6 100644
+--- a/moduli.5
++++ b/moduli.5
+@@ -21,7 +21,7 @@
+ .Nd Diffie-Hellman moduli
+ .Sh DESCRIPTION
+ The
+-.Pa /etc/moduli
++.Pa /etc/ssh/moduli
+ file contains prime numbers and generators for use by
+ .Xr sshd 8
+ in the Diffie-Hellman Group Exchange key exchange method.
+@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
+ Diffie-Hellman output to sufficiently key the selected symmetric cipher.
+ .Xr sshd 8
+ then randomly selects a modulus from
+-.Fa /etc/moduli
++.Fa /etc/ssh/moduli
+ that best meets the size requirement.
+ .Sh SEE ALSO
+ .Xr ssh-keygen 1 ,
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index c392141ea..1155cf555 100644
+--- a/ssh-keygen.1
++++ b/ssh-keygen.1
+@@ -212,9 +212,7 @@ key in
+ .Pa ~/.ssh/id_ed25519_sk
+ or
+ .Pa ~/.ssh/id_rsa .
+-Additionally, the system administrator may use this to generate host keys,
+-as seen in
+-.Pa /etc/rc .
++Additionally, the system administrator may use this to generate host keys.
+ .Pp
+ Normally this program generates the key and asks for a file in which
+ to store the private key.
+@@ -279,9 +277,7 @@ If
+ .Fl f
+ has also been specified, its argument is used as a prefix to the
+ default path for the resulting host key files.
+-This is used by
+-.Pa /etc/rc
+-to generate new host keys.
++This is used by system administration scripts to generate new host keys.
+ .It Fl a Ar rounds
+ When saving a private key, this option specifies the number of KDF
+ (key derivation function, currently
+@@ -864,7 +860,7 @@ option.
+ Valid generator values are 2, 3, and 5.
+ .Pp
+ Screened DH groups may be installed in
+-.Pa /etc/moduli .
++.Pa /etc/ssh/moduli .
+ It is important that this file contains moduli of a range of bit lengths.
+ .Pp
+ A number of options are available for moduli generation and screening via the
+@@ -1322,7 +1318,7 @@ on all machines
+ where the user wishes to log in using public key authentication.
+ There is no need to keep the contents of this file secret.
+ .Pp
+-.It Pa /etc/moduli
++.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+diff --git a/ssh.1 b/ssh.1
+index 2d07c919e..60e97dc62 100644
+--- a/ssh.1
++++ b/ssh.1
+@@ -939,6 +939,10 @@ implements public key authentication protocol automatically,
+ using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
+ The HISTORY section of
+ .Xr ssl 8
++(on non-OpenBSD systems, see
++.nh
++http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
++.hy
+ contains a brief discussion of the DSA and RSA algorithms.
+ .Pp
+ The file
+diff --git a/sshd.8 b/sshd.8
+index 8efeacdf1..6527e28a3 100644
+--- a/sshd.8
++++ b/sshd.8
+@@ -64,7 +64,7 @@ over an insecure network.
+ .Nm
+ listens for connections from clients.
+ It is normally started at boot from
+-.Pa /etc/rc .
++.Pa /etc/init.d/ssh .
+ It forks a new
+ daemon for each incoming connection.
+ The forked daemons handle
+@@ -935,7 +935,7 @@ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+ It should only be writable by root.
+ .Pp
+-.It Pa /etc/moduli
++.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
+ key exchange method.
+ The file format is described in
+@@ -1033,7 +1033,6 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
+ .Xr hosts_access 5 ,
+-.Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+ .Xr inetd 8 ,
+diff --git a/sshd_config.5 b/sshd_config.5
+index 630c18736..98bd201b0 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -993,9 +993,6 @@ for interactive sessions and
+ for non-interactive sessions.
+ .It Cm KbdInteractiveAuthentication
+ Specifies whether to allow keyboard-interactive authentication.
+-All authentication styles from
+-.Xr login.conf 5
+-are supported.
+ The default is
+ .Cm yes .
+ The argument to this keyword must be
+@@ -1099,45 +1096,33 @@ The following forms may be used:
+ .Sm off
+ .Ar hostname | address
+ .Sm on
+-.Op Cm rdomain Ar domain
+ .It
+ .Cm ListenAddress
+ .Sm off
+ .Ar hostname : port
+ .Sm on
+-.Op Cm rdomain Ar domain
+ .It
+ .Cm ListenAddress
+ .Sm off
+ .Ar IPv4_address : port
+ .Sm on
+-.Op Cm rdomain Ar domain
+ .It
+ .Cm ListenAddress
+ .Sm off
+ .Oo Ar hostname | address Oc : Ar port
+ .Sm on
+-.Op Cm rdomain Ar domain
+ .El
+ .Pp
+-The optional
+-.Cm rdomain
+-qualifier requests
+-.Xr sshd 8
+-listen in an explicit routing domain.
+ If
+ .Ar port
+ is not specified,
+ sshd will listen on the address and all
+ .Cm Port
+ options specified.
+-The default is to listen on all local addresses on the current default
+-routing domain.
++The default is to listen on all local addresses.
+ Multiple
+ .Cm ListenAddress
+ options are permitted.
+-For more information on routing domains, see
+-.Xr rdomain 4 .
+ .It Cm LoginGraceTime
+ The server disconnects after this time if the user has not
+ successfully logged in.
+@@ -1262,14 +1247,8 @@ The available criteria are
+ .Cm Host ,
+ .Cm LocalAddress ,
+ .Cm LocalPort ,
+-.Cm RDomain ,
+ and
+-.Cm Address
+-(with
+-.Cm RDomain
+-representing the
+-.Xr rdomain 4
+-on which the connection was received).
++.Cm Address .
+ .Pp
+ The match patterns may consist of single entries or comma-separated
+ lists and may use the wildcard and negation operators described in the
+@@ -1341,7 +1320,6 @@ Available keywords are
+ .Cm PubkeyAuthOptions ,
+ .Cm RekeyLimit ,
+ .Cm RevokedKeys ,
+-.Cm RDomain ,
+ .Cm SetEnv ,
+ .Cm StreamLocalBindMask ,
+ .Cm StreamLocalBindUnlink ,
+@@ -1736,15 +1714,6 @@ an OpenSSH Key Revocation List (KRL) as generated by
+ .Xr ssh-keygen 1 .
+ For more information on KRLs, see the KEY REVOCATION LISTS section in
+ .Xr ssh-keygen 1 .
+-.It Cm RDomain
+-Specifies an explicit routing domain that is applied after authentication
+-has completed.
+-The user session, as well as any forwarded or listening IP sockets,
+-will be bound to this
+-.Xr rdomain 4 .
+-If the routing domain is set to
+-.Cm \&%D ,
+-then the domain in which the incoming connection was received will be applied.
+ .It Cm SecurityKeyProvider
+ Specifies a path to a library that will be used when loading
+ FIDO authenticator-hosted keys, overriding the default of using
+@@ -2063,8 +2032,6 @@ A literal
+ Identifies the connection endpoints, containing
+ four space-separated values: client address, client port number,
+ server address, and server port number.
+-.It \&%D
+-The routing domain in which the incoming connection was received.
+ .It %F
+ The fingerprint of the CA key.
+ .It %f
+@@ -2103,9 +2070,6 @@ accepts the tokens %%, %h, %U, and %u.
+ .Pp
+ .Cm ChrootDirectory
+ accepts the tokens %%, %h, %U, and %u.
+-.Pp
+-.Cm RoutingDomain
+-accepts the token %D.
+ .Sh FILES
+ .Bl -tag -width Ds
+ .It Pa /etc/ssh/sshd_config