1 files changed, 148 insertions, 0 deletions
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
new file mode 100644
index 000000000..afc1fe306
--- /dev/null
+++ b/debian/patches/openbsd-docs.patch
@@ -0,0 +1,148 @@
+From 98517b1b99dceff74e4a1e50d5a345f5b569ad6f Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 9 Feb 2014 16:10:09 +0000
+Subject: Adjust various OpenBSD-specific references in manual pages
+No single bug reference for this patch, but history includes:
+ http://bugs.debian.org/154434 (login.conf(5))
+ http://bugs.debian.org/513417 (/etc/rc)
+ http://bugs.debian.org/530692 (ssl(8))
+ https://bugs.launchpad.net/bugs/456660 (ssl(8))
+Forwarded: not-needed
+Last-Update: 2013-09-14
+Patch-Name: openbsd-docs.patch
+---
+ moduli.5      |  4 ++--
+ ssh-keygen.1  | 12 ++++--------
+ ssh.1         |  4 ++++
+ sshd.8        |  5 ++---
+ sshd_config.5 |  3 +--
+ 5 files changed, 13 insertions(+), 15 deletions(-)
+diff --git a/moduli.5 b/moduli.5
+index ef0de08..149846c 100644
+--- a/moduli.5
+++ b/moduli.5
+@@ -21,7 +21,7 @@
+ .Nd Diffie-Hellman moduli
+ .Sh DESCRIPTION
+ The
+-.Pa /etc/moduli
+.Pa /etc/ssh/moduli
+ file contains prime numbers and generators for use by
+ .Xr sshd 8
+ in the Diffie-Hellman Group Exchange key exchange method.
+@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
+ Diffie-Hellman output to sufficiently key the selected symmetric cipher.
+ .Xr sshd 8
+ then randomly selects a modulus from
+-.Fa /etc/moduli
+.Fa /etc/ssh/moduli
+ that best meets the size requirement.
+ .Sh SEE ALSO
+ .Xr ssh-keygen 1 ,
+diff --git a/ssh-keygen.1 b/ssh-keygen.1
+index 144be7d..753cc62 100644
+--- a/ssh-keygen.1
+++ b/ssh-keygen.1
+@@ -171,9 +171,7 @@ key in
+ .Pa ~/.ssh/id_dsa
+ or
+ .Pa ~/.ssh/id_rsa .
+-Additionally, the system administrator may use this to generate host keys,
+-as seen in
+-.Pa /etc/rc .
+Additionally, the system administrator may use this to generate host keys.
+ .Pp
+ Normally this program generates the key and asks for a file in which
+ to store the private key.
+@@ -219,9 +217,7 @@ The options are as follows:
+ For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+ do not exist, generate the host keys with the default key file path,
+ an empty passphrase, default bits for the key type, and default comment.
+-This is used by
+-.Pa /etc/rc
+-to generate new host keys.
+This is used by system administration scripts to generate new host keys.
+ .It Fl a Ar trials
+ Specifies the number of primality tests to perform when screening DH-GEX
+ candidates using the
+@@ -605,7 +601,7 @@ option.
+ Valid generator values are 2, 3, and 5.
+ .Pp
+ Screened DH groups may be installed in
+-.Pa /etc/moduli .
+.Pa /etc/ssh/moduli .
+ It is important that this file contains moduli of a range of bit lengths and
+ that both ends of a connection share common moduli.
+ .Sh CERTIFICATES
+@@ -800,7 +796,7 @@ on all machines
+ where the user wishes to log in using public key authentication.
+ There is no need to keep the contents of this file secret.
+ .Pp
+-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for DH-GEX.
+ The file format is described in
+ .Xr moduli 5 .
+diff --git a/ssh.1 b/ssh.1
+index 0b38ae1..b3c3924 100644
+--- a/ssh.1
+++ b/ssh.1
+@@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys,
+ but protocol 2 may use any.
+ The HISTORY section of
+ .Xr ssl 8
+(on non-OpenBSD systems, see
+.nh
+http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
+.hy
+ contains a brief discussion of the DSA and RSA algorithms.
+ .Pp
+ The file
+diff --git a/sshd.8 b/sshd.8
+index a604429..6bdd219 100644
+--- a/sshd.8
+++ b/sshd.8
+@@ -70,7 +70,7 @@ over an insecure network.
+ .Nm
+ listens for connections from clients.
+ It is normally started at boot from
+-.Pa /etc/rc .
+.Pa /etc/init.d/ssh .
+ It forks a new
+ daemon for each incoming connection.
+ The forked daemons handle
+@@ -859,7 +859,7 @@ This file is for host-based authentication (see
+ .Xr ssh 1 ) .
+ It should only be writable by root.
+ .Pp
+-.It Pa /etc/moduli
+.It Pa /etc/ssh/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
+ The file format is described in
+ .Xr moduli 5 .
+@@ -957,7 +957,6 @@ The content of this file is not sensitive; it can be world-readable.
+ .Xr ssh-vulnkey 1 ,
+ .Xr chroot 2 ,
+ .Xr hosts_access 5 ,
+-.Xr login.conf 5 ,
+ .Xr moduli 5 ,
+ .Xr sshd_config 5 ,
+ .Xr inetd 8 ,
+diff --git a/sshd_config.5 b/sshd_config.5
+index eaf8d01..ec4851a 100644
+--- a/sshd_config.5
+++ b/sshd_config.5
+@@ -283,8 +283,7 @@ This option is only available for protocol version 2.
+ By default, no banner is displayed.
+ .It Cm ChallengeResponseAuthentication
+ Specifies whether challenge-response authentication is allowed (e.g. via
+-PAM or though authentication styles supported in
+-.Xr login.conf 5 )
+PAM).
+ The default is
+ .Dq yes .
+ .It Cm ChrootDirectory

diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch new file mode 100644 index 000000000..afc1fe306 --- /dev/null +++ b/debian/patches/openbsd-docs.patch
@@ -0,0 +1,148 @@
	1	From 98517b1b99dceff74e4a1e50d5a345f5b569ad6f Mon Sep 17 00:00:00 2001
	2	From: Colin Watson <cjwatson@debian.org>
	3	Date: Sun, 9 Feb 2014 16:10:09 +0000
	4	Subject: Adjust various OpenBSD-specific references in manual pages
	5
	6	No single bug reference for this patch, but history includes:
	7	http://bugs.debian.org/154434 (login.conf(5))
	8	http://bugs.debian.org/513417 (/etc/rc)
	9	http://bugs.debian.org/530692 (ssl(8))
	10	https://bugs.launchpad.net/bugs/456660 (ssl(8))
	11
	12	Forwarded: not-needed
	13	Last-Update: 2013-09-14
	14
	15	Patch-Name: openbsd-docs.patch
	16	---
	17	moduli.5 \| 4 ++--
	18	ssh-keygen.1 \| 12 ++++--------
	19	ssh.1 \| 4 ++++
	20	sshd.8 \| 5 ++---
	21	sshd_config.5 \| 3 +--
	22	5 files changed, 13 insertions(+), 15 deletions(-)
	23
	24	diff --git a/moduli.5 b/moduli.5
	25	index ef0de08..149846c 100644
	26	--- a/moduli.5
	27	+++ b/moduli.5
	28	@@ -21,7 +21,7 @@
	29	.Nd Diffie-Hellman moduli
	30	.Sh DESCRIPTION
	31	The
	32	-.Pa /etc/moduli
	33	+.Pa /etc/ssh/moduli
	34	file contains prime numbers and generators for use by
	35	.Xr sshd 8
	36	in the Diffie-Hellman Group Exchange key exchange method.
	37	@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough
	38	Diffie-Hellman output to sufficiently key the selected symmetric cipher.
	39	.Xr sshd 8
	40	then randomly selects a modulus from
	41	-.Fa /etc/moduli
	42	+.Fa /etc/ssh/moduli
	43	that best meets the size requirement.
	44	.Sh SEE ALSO
	45	.Xr ssh-keygen 1 ,
	46	diff --git a/ssh-keygen.1 b/ssh-keygen.1
	47	index 144be7d..753cc62 100644
	48	--- a/ssh-keygen.1
	49	+++ b/ssh-keygen.1
	50	@@ -171,9 +171,7 @@ key in
	51	.Pa ~/.ssh/id_dsa
	52	or
	53	.Pa ~/.ssh/id_rsa .
	54	-Additionally, the system administrator may use this to generate host keys,
	55	-as seen in
	56	-.Pa /etc/rc .
	57	+Additionally, the system administrator may use this to generate host keys.
	58	.Pp
	59	Normally this program generates the key and asks for a file in which
	60	to store the private key.
	61	@@ -219,9 +217,7 @@ The options are as follows:
	62	For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
	63	do not exist, generate the host keys with the default key file path,
	64	an empty passphrase, default bits for the key type, and default comment.
	65	-This is used by
	66	-.Pa /etc/rc
	67	-to generate new host keys.
	68	+This is used by system administration scripts to generate new host keys.
	69	.It Fl a Ar trials
	70	Specifies the number of primality tests to perform when screening DH-GEX
	71	candidates using the
	72	@@ -605,7 +601,7 @@ option.
	73	Valid generator values are 2, 3, and 5.
	74	.Pp
	75	Screened DH groups may be installed in
	76	-.Pa /etc/moduli .
	77	+.Pa /etc/ssh/moduli .
	78	It is important that this file contains moduli of a range of bit lengths and
	79	that both ends of a connection share common moduli.
	80	.Sh CERTIFICATES
	81	@@ -800,7 +796,7 @@ on all machines
	82	where the user wishes to log in using public key authentication.
	83	There is no need to keep the contents of this file secret.
	84	.Pp
	85	-.It Pa /etc/moduli
	86	+.It Pa /etc/ssh/moduli
	87	Contains Diffie-Hellman groups used for DH-GEX.
	88	The file format is described in
	89	.Xr moduli 5 .
	90	diff --git a/ssh.1 b/ssh.1
	91	index 0b38ae1..b3c3924 100644
	92	--- a/ssh.1
	93	+++ b/ssh.1
	94	@@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys,
	95	but protocol 2 may use any.
	96	The HISTORY section of
	97	.Xr ssl 8
	98	+(on non-OpenBSD systems, see
	99	+.nh
	100	+http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY)
	101	+.hy
	102	contains a brief discussion of the DSA and RSA algorithms.
	103	.Pp
	104	The file
	105	diff --git a/sshd.8 b/sshd.8
	106	index a604429..6bdd219 100644
	107	--- a/sshd.8
	108	+++ b/sshd.8
	109	@@ -70,7 +70,7 @@ over an insecure network.
	110	.Nm
	111	listens for connections from clients.
	112	It is normally started at boot from
	113	-.Pa /etc/rc .
	114	+.Pa /etc/init.d/ssh .
	115	It forks a new
	116	daemon for each incoming connection.
	117	The forked daemons handle
	118	@@ -859,7 +859,7 @@ This file is for host-based authentication (see
	119	.Xr ssh 1 ) .
	120	It should only be writable by root.
	121	.Pp
	122	-.It Pa /etc/moduli
	123	+.It Pa /etc/ssh/moduli
	124	Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
	125	The file format is described in
	126	.Xr moduli 5 .
	127	@@ -957,7 +957,6 @@ The content of this file is not sensitive; it can be world-readable.
	128	.Xr ssh-vulnkey 1 ,
	129	.Xr chroot 2 ,
	130	.Xr hosts_access 5 ,
	131	-.Xr login.conf 5 ,
	132	.Xr moduli 5 ,
	133	.Xr sshd_config 5 ,
	134	.Xr inetd 8 ,
	135	diff --git a/sshd_config.5 b/sshd_config.5
	136	index eaf8d01..ec4851a 100644
	137	--- a/sshd_config.5
	138	+++ b/sshd_config.5
	139	@@ -283,8 +283,7 @@ This option is only available for protocol version 2.
	140	By default, no banner is displayed.
	141	.It Cm ChallengeResponseAuthentication
	142	Specifies whether challenge-response authentication is allowed (e.g. via
	143	-PAM or though authentication styles supported in
	144	-.Xr login.conf 5 )
	145	+PAM).
	146	The default is
	147	.Dq yes .
	148	.It Cm ChrootDirectory