4 files changed, 3 insertions, 165 deletions
diff --git a/debian/changelog b/debian/changelog
index 1530329a9..c5422074e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -140,6 +140,7 @@ openssh (1:5.1p1-1) UNRELEASED; urgency=low
        when public key authentication subsequently fails (LP: #161047).
      + Fixed an UMAC alignment problem that manifested on Itanium
        platforms.
+  * Remove our local version of moduli(5) now that there's one upstream.
 -- Colin Watson <cjwatson@ubuntu.com>  Tue, 22 Jul 2008 17:34:06 +0100
diff --git a/debian/moduli.5 b/debian/moduli.5
deleted file mode 100644
index 3871e88ba..000000000
--- a/debian/moduli.5
+++ /dev/null
@@ -1,157 +0,0 @@
-.\" $OpenBSD: moduli.5,v 1.11 2007/05/31 19:19:58 jmc Exp $
-.\"
-.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"      This product includes software designed by William Allen Simpson.
-.\" 4. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd December 24 2007
-.Dt MODULI 5
-.Os
-.Sh NAME
-.Nm moduli
-.Nd system moduli file
-.Sh DESCRIPTION
-The
-.Pa /etc/ssh/moduli
-file contains the system-wide Diffie-Hellman prime moduli for
-.Xr sshd 8 .
-.Pp
-Each line in this file contains the following fields:
-Time, Type, Tests, Tries, Size, Generator, Modulus.
-The fields are separated by white space (tab or blank).
-.Pp
-.Fa Time : yyyymmddhhmmss .
-Specifies the system time that the line was appended to the file.
-The value 00000000000000 means unknown (historic).
-.\"The file is sorted in ascending order.
-.Pp
-.Fa Type : decimal .
-Specifies the internal structure of the prime modulus.
-.Pp
-.Bl -tag -width indent -offset indent -compact
-.It 0 :
-unknown;
-often learned from peer during protocol operation,
-and saved for later analysis.
-.It 1 :
-unstructured;
-a common large number.
-.It 2 :
-safe (p = 2q + 1);
-meets basic structural requirements.
-.It 3 :
-Schnorr.
-.It 4 :
-Sophie-Germain (q = (p-1)/2);
-usually generated in the process of testing safe or strong primes.
-.It 5 :
-strong;
-useful for RSA public key generation.
-.El
-.Pp
-.Fa Tests : decimal (bit field) .
-Specifies the methods used in checking for primality.
-Usually, more than one test is used.
-.Pp
-.Bl -tag -width indent -offset indent -compact
-.It 0 :
-not tested;
-often learned from peer during protocol operation,
-and saved for later analysis.
-.It 1 :
-composite;
-failed one or more tests.
-In this case, the highest bit specifies the test that failed.
-.It 2 :
-sieve;
-checked for division by a range of smaller primes.
-.It 4 :
-Miller-Rabin.
-.It 8 :
-Jacobi.
-.It 16 :
-Elliptic Curve.
-.El
-.Pp
-.Fa Tries : decimal .
-Depends on the value of the highest valid Test bit,
-where the method specified is:
-.Pp
-.Bl -tag -width indent -offset indent -compact
-.It 0 :
-not tested
-(always zero).
-.It 1 :
-composite
-(irrelevant).
-.It 2 :
-sieve;
-number of primes sieved.
-Commonly on the order of 32,000,000.
-.It 4 :
-Miller-Rabin;
-number of M-R iterations.
-Commonly on the order of 32 to 64.
-.It 8 :
-Jacobi;
-unknown
-(always zero).
-.It 16 :
-Elliptic Curve;
-unused
-(always zero).
-.El
-.Pp
-.Fa Size : decimal .
-Specifies the number of the most significant bit (0 to M).
-.Pp
-.Fa Generator : hex string .
-Specifies the best generator for a Diffie-Hellman exchange.
-0 = unknown or variable,
-2, 3, 5, etc.
-.Pp
-.Fa Modulus : hex string .
-The prime modulus.
-.Pp
-The file is searched for moduli that meet the appropriate
-Time, Size and Generator criteria.
-When more than one meet the criteria,
-the selection should be weighted toward newer moduli,
-without completely disqualifying older moduli.
-.Pp
-New moduli may be generated using the
-.Xr ssh-keygen 1
-tool.
-.Sh FILES
-.Bl -tag -width /etc/ssh/moduli -compact
-.It Pa /etc/ssh/moduli
-.El
-.Sh SEE ALSO
-.Xr ssh-keygen 1 ,
-.Xr sshd 8
diff --git a/debian/rules b/debian/rules
index 0c48082b5..5af0907c1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -177,7 +177,6 @@ install: build
        install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
        install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
-        install -m 644 debian/moduli.5 debian/openssh-client/usr/share/man/man5/moduli.5
        install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
        install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
@@ -336,11 +335,6 @@ debian/faq.html:
                sed 's,\(href="\)\(txt/\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
                > debian/faq.html
-debian/moduli.5:
-        wget -q -O - 'http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/share/man/man5/moduli.5?content-type=text/plain' | \
-                sed 's,/etc/moduli,/etc/ssh/moduli,g; s/\$$Mdocdate\$$/$(shell date +'%B %-d %Y')/' \
-                > debian/moduli.5
 .PHONY: build clean binary-indep binary-arch binary install
 .PHONY: build-deb build-udeb
 .PHONY: binary-openssh-client binary-openssh-server binary-ssh
diff --git a/moduli.5 b/moduli.5
index 4a99439cc..c64c08dfc 100644
--- a/moduli.5
+++ b/moduli.5
@@ -21,7 +21,7 @@
 .Nd Diffie Hellman moduli
 .Sh DESCRIPTION
 The
-.Pa /etc/moduli
+.Pa /etc/ssh/moduli
 file contains prime numbers and generators for use by 
 .Xr sshd 8
 in the Diffie-Hellman Group Exchange key exchange method.
@@ -111,7 +111,7 @@ first estimates the size of the modulus required to produce enough
 Diffie Hellman output to sufficiently key the selected symmetric cipher.
 .Xr sshd 8
 then randomly selects a modulus from
-.Fa /etc/moduli
+.Fa /etc/ssh/moduli
 that best meets the size requirement.
 .Pp
 .Sh SEE ALSO

diff --git a/debian/changelog b/debian/changelog index 1530329a9..c5422074e 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -140,6 +140,7 @@ openssh (1:5.1p1-1) UNRELEASED; urgency=low
140	when public key authentication subsequently fails (LP: #161047).	140	when public key authentication subsequently fails (LP: #161047).
141	+ Fixed an UMAC alignment problem that manifested on Itanium	141	+ Fixed an UMAC alignment problem that manifested on Itanium
142	platforms.	142	platforms.
		143	* Remove our local version of moduli(5) now that there's one upstream.
143		144
144	-- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Jul 2008 17:34:06 +0100	145	-- Colin Watson <cjwatson@ubuntu.com> Tue, 22 Jul 2008 17:34:06 +0100
145		146


diff --git a/debian/moduli.5 b/debian/moduli.5 deleted file mode 100644 index 3871e88ba..000000000 --- a/debian/moduli.5 +++ /dev/null
@@ -1,157 +0,0 @@
1	.\" $OpenBSD: moduli.5,v 1.11 2007/05/31 19:19:58 jmc Exp $
2	.\"
3	.\" Copyright 1997, 2000 William Allen Simpson <wsimpson@greendragon.com>
4	.\" All rights reserved.
5	.\"
6	.\" Redistribution and use in source and binary forms, with or without
7	.\" modification, are permitted provided that the following conditions
8	.\" are met:
9	.\" 1. Redistributions of source code must retain the above copyright
10	.\" notice, this list of conditions and the following disclaimer.
11	.\" 2. Redistributions in binary form must reproduce the above copyright
12	.\" notice, this list of conditions and the following disclaimer in the
13	.\" documentation and/or other materials provided with the distribution.
14	.\" 3. All advertising materials mentioning features or use of this software
15	.\" must display the following acknowledgement:
16	.\" This product includes software designed by William Allen Simpson.
17	.\" 4. The name of the author may not be used to endorse or promote products
18	.\" derived from this software without specific prior written permission.
19	.\"
20	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30	.\"
31	.\" Manual page, using -mandoc macros
32	.\"
33	.Dd December 24 2007
34	.Dt MODULI 5
35	.Os
36	.Sh NAME
37	.Nm moduli
38	.Nd system moduli file
39	.Sh DESCRIPTION
40	The
41	.Pa /etc/ssh/moduli
42	file contains the system-wide Diffie-Hellman prime moduli for
43	.Xr sshd 8 .
44	.Pp
45	Each line in this file contains the following fields:
46	Time, Type, Tests, Tries, Size, Generator, Modulus.
47	The fields are separated by white space (tab or blank).
48	.Pp
49	.Fa Time : yyyymmddhhmmss .
50	Specifies the system time that the line was appended to the file.
51	The value 00000000000000 means unknown (historic).
52	.\"The file is sorted in ascending order.
53	.Pp
54	.Fa Type : decimal .
55	Specifies the internal structure of the prime modulus.
56	.Pp
57	.Bl -tag -width indent -offset indent -compact
58	.It 0 :
59	unknown;
60	often learned from peer during protocol operation,
61	and saved for later analysis.
62	.It 1 :
63	unstructured;
64	a common large number.
65	.It 2 :
66	safe (p = 2q + 1);
67	meets basic structural requirements.
68	.It 3 :
69	Schnorr.
70	.It 4 :
71	Sophie-Germain (q = (p-1)/2);
72	usually generated in the process of testing safe or strong primes.
73	.It 5 :
74	strong;
75	useful for RSA public key generation.
76	.El
77	.Pp
78	.Fa Tests : decimal (bit field) .
79	Specifies the methods used in checking for primality.
80	Usually, more than one test is used.
81	.Pp
82	.Bl -tag -width indent -offset indent -compact
83	.It 0 :
84	not tested;
85	often learned from peer during protocol operation,
86	and saved for later analysis.
87	.It 1 :
88	composite;
89	failed one or more tests.
90	In this case, the highest bit specifies the test that failed.
91	.It 2 :
92	sieve;
93	checked for division by a range of smaller primes.
94	.It 4 :
95	Miller-Rabin.
96	.It 8 :
97	Jacobi.
98	.It 16 :
99	Elliptic Curve.
100	.El
101	.Pp
102	.Fa Tries : decimal .
103	Depends on the value of the highest valid Test bit,
104	where the method specified is:
105	.Pp
106	.Bl -tag -width indent -offset indent -compact
107	.It 0 :
108	not tested
109	(always zero).
110	.It 1 :
111	composite
112	(irrelevant).
113	.It 2 :
114	sieve;
115	number of primes sieved.
116	Commonly on the order of 32,000,000.
117	.It 4 :
118	Miller-Rabin;
119	number of M-R iterations.
120	Commonly on the order of 32 to 64.
121	.It 8 :
122	Jacobi;
123	unknown
124	(always zero).
125	.It 16 :
126	Elliptic Curve;
127	unused
128	(always zero).
129	.El
130	.Pp
131	.Fa Size : decimal .
132	Specifies the number of the most significant bit (0 to M).
133	.Pp
134	.Fa Generator : hex string .
135	Specifies the best generator for a Diffie-Hellman exchange.
136	0 = unknown or variable,
137	2, 3, 5, etc.
138	.Pp
139	.Fa Modulus : hex string .
140	The prime modulus.
141	.Pp
142	The file is searched for moduli that meet the appropriate
143	Time, Size and Generator criteria.
144	When more than one meet the criteria,
145	the selection should be weighted toward newer moduli,
146	without completely disqualifying older moduli.
147	.Pp
148	New moduli may be generated using the
149	.Xr ssh-keygen 1
150	tool.
151	.Sh FILES
152	.Bl -tag -width /etc/ssh/moduli -compact
153	.It Pa /etc/ssh/moduli
154	.El
155	.Sh SEE ALSO
156	.Xr ssh-keygen 1 ,
157	.Xr sshd 8


diff --git a/debian/rules b/debian/rules index 0c48082b5..5af0907c1 100755 --- a/debian/rules +++ b/debian/rules
@@ -177,7 +177,6 @@ install: build
177		177
178	install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id	178	install -m 755 contrib/ssh-copy-id debian/openssh-client/usr/bin/ssh-copy-id
179	install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1	179	install -m 644 -c contrib/ssh-copy-id.1 debian/openssh-client/usr/share/man/man1/ssh-copy-id.1
180	install -m 644 debian/moduli.5 debian/openssh-client/usr/share/man/man5/moduli.5
181		180
182	install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass	181	install -s -o root -g root -m 755 contrib/gnome-ssh-askpass2 debian/ssh-askpass-gnome/usr/lib/openssh/gnome-ssh-askpass
183	install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1	182	install -m 644 debian/gnome-ssh-askpass.1 debian/ssh-askpass-gnome/usr/share/man/man1/gnome-ssh-askpass.1
@@ -336,11 +335,6 @@ debian/faq.html:
336	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \	335	sed 's,\(href="\)\(txt/\\|[^":]*\.html\),\1http://www.openssh.org/\2,g' \
337	> debian/faq.html	336	> debian/faq.html
338		337
339	debian/moduli.5:
340	wget -q -O - 'http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/src/share/man/man5/moduli.5?content-type=text/plain' \| \
341	sed 's,/etc/moduli,/etc/ssh/moduli,g; s/\$$Mdocdate\$$/$(shell date +'%B %-d %Y')/' \
342	> debian/moduli.5
343
344	.PHONY: build clean binary-indep binary-arch binary install	338	.PHONY: build clean binary-indep binary-arch binary install
345	.PHONY: build-deb build-udeb	339	.PHONY: build-deb build-udeb
346	.PHONY: binary-openssh-client binary-openssh-server binary-ssh	340	.PHONY: binary-openssh-client binary-openssh-server binary-ssh


diff --git a/moduli.5 b/moduli.5 index 4a99439cc..c64c08dfc 100644 --- a/moduli.5 +++ b/moduli.5
@@ -21,7 +21,7 @@
21	.Nd Diffie Hellman moduli	21	.Nd Diffie Hellman moduli
22	.Sh DESCRIPTION	22	.Sh DESCRIPTION
23	The	23	The
24	.Pa /etc/moduli	24	.Pa /etc/ssh/moduli
25	file contains prime numbers and generators for use by	25	file contains prime numbers and generators for use by
26	.Xr sshd 8	26	.Xr sshd 8
27	in the Diffie-Hellman Group Exchange key exchange method.	27	in the Diffie-Hellman Group Exchange key exchange method.
@@ -111,7 +111,7 @@ first estimates the size of the modulus required to produce enough
111	Diffie Hellman output to sufficiently key the selected symmetric cipher.	111	Diffie Hellman output to sufficiently key the selected symmetric cipher.
112	.Xr sshd 8	112	.Xr sshd 8
113	then randomly selects a modulus from	113	then randomly selects a modulus from
114	.Fa /etc/moduli	114	.Fa /etc/ssh/moduli
115	that best meets the size requirement.	115	that best meets the size requirement.
116	.Pp	116	.Pp
117	.Sh SEE ALSO	117	.Sh SEE ALSO