openssh/openssh-6.4p1-eal3.patch

# fix paths and references in sshd man pages

diff --git a/openssh-6.4p1/sshd.8 b/openssh-6.4p1/sshd.8
--- a/openssh-6.4p1/sshd.8
+++ b/openssh-6.4p1/sshd.8
@@ -872,17 +872,17 @@ See
 If this file exists,
 .Nm
 refuses to let anyone except root log in.
 The contents of the file
 are displayed to anyone trying to log in, and non-root connections are
 refused.
 The file should be world-readable.
 .Pp
-.It Pa /etc/shosts.equiv
+.It Pa /etc/ssh/shosts.equiv
 This file is used in exactly the same way as
 .Pa hosts.equiv ,
 but allows host-based authentication without permitting login with
 rlogin/rsh.
 .Pp
 .It Pa /etc/ssh/ssh_host_key
 .It Pa /etc/ssh/ssh_host_dsa_key
 .It Pa /etc/ssh/ssh_host_ecdsa_key
@@ -951,17 +951,17 @@ The content of this file is not sensitiv
 .Xr sftp 1 ,
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
 .Xr chroot 2 ,
 .Xr hosts_access 5 ,
-.Xr login.conf 5 ,
+.Xr login.defs 5 ,
 .Xr moduli 5 ,
 .Xr sshd_config 5 ,
 .Xr inetd 8 ,
 .Xr sftp-server 8
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free
 ssh 1.2.12 release by Tatu Ylonen.
 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
diff --git a/openssh-6.4p1/sshd_config.5 b/openssh-6.4p1/sshd_config.5
--- a/openssh-6.4p1/sshd_config.5
+++ b/openssh-6.4p1/sshd_config.5
@@ -278,18 +278,17 @@ The contents of the specified file are s
 authentication is allowed.
 If the argument is
 .Dq none
 then no banner is displayed.
 This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication
 Specifies whether challenge-response authentication is allowed (e.g. via
-PAM or though authentication styles supported in
-.Xr login.conf 5 )
+PAM)
 The default is
 .Dq yes .
 .It Cm ChrootDirectory
 Specifies the pathname of a directory to
 .Xr chroot 2
 to after authentication.
 All components of the pathname must be root-owned directories that are
 not writable by any other user or group.
@@ -565,17 +564,17 @@ and
 .Pa .shosts
 files will not be used in
 .Cm RhostsRSAAuthentication
 or
 .Cm HostbasedAuthentication .
 .Pp
 .Pa /etc/hosts.equiv
 and
-.Pa /etc/shosts.equiv
+.Pa /etc/ssh/shosts.equiv
 are still used.
 The default is
 .Dq yes .
 .It Cm IgnoreUserKnownHosts
 Specifies whether
 .Xr sshd 8
 should ignore the user's
 .Pa ~/.ssh/known_hosts
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`# fix paths and references in sshd man pages`

Accepting request 220466 from home:pcerny:factory - Update of the underlying OpenSSH to 6.4p1 - Update to 6.4p1 Features since 6.2p2: * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. * The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. * ssh(1) ability to query what cryptographic algorithms are supported in the binary. * ssh(1): ProxyCommand=- for cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): -E option to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): support resuming partial downloads with the "reget" command and on the sftp commandline or on the "get" commandline with the "-a" (append) option. * ssh(1): "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): support for submethods to be appended to required authentication methods listed via AuthenticationMethods. OBS-URL: https://build.opensuse.org/request/show/220466 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=58 2014-01-31 13:18:41 +01:00			`diff --git a/openssh-6.4p1/sshd.8 b/openssh-6.4p1/sshd.8`
			`--- a/openssh-6.4p1/sshd.8`
			`+++ b/openssh-6.4p1/sshd.8`
			`@@ -872,17 +872,17 @@ See`
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`If this file exists,`
			`.Nm`
			`refuses to let anyone except root log in.`
			`The contents of the file`
			`are displayed to anyone trying to log in, and non-root connections are`
			`refused.`
			`The file should be world-readable.`
			`.Pp`
			`-.It Pa /etc/shosts.equiv`
			`+.It Pa /etc/ssh/shosts.equiv`
			`This file is used in exactly the same way as`
			`.Pa hosts.equiv ,`
			`but allows host-based authentication without permitting login with`
			`rlogin/rsh.`
			`.Pp`
			`.It Pa /etc/ssh/ssh_host_key`
			`.It Pa /etc/ssh/ssh_host_dsa_key`
			`.It Pa /etc/ssh/ssh_host_ecdsa_key`
Accepting request 220466 from home:pcerny:factory - Update of the underlying OpenSSH to 6.4p1 - Update to 6.4p1 Features since 6.2p2: * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. * The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. * ssh(1) ability to query what cryptographic algorithms are supported in the binary. * ssh(1): ProxyCommand=- for cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): -E option to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): support resuming partial downloads with the "reget" command and on the sftp commandline or on the "get" commandline with the "-a" (append) option. * ssh(1): "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): support for submethods to be appended to required authentication methods listed via AuthenticationMethods. OBS-URL: https://build.opensuse.org/request/show/220466 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=58 2014-01-31 13:18:41 +01:00			`@@ -951,17 +951,17 @@ The content of this file is not sensitiv`
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`.Xr sftp 1 ,`
			`.Xr ssh 1 ,`
			`.Xr ssh-add 1 ,`
			`.Xr ssh-agent 1 ,`
			`.Xr ssh-keygen 1 ,`
			`.Xr ssh-keyscan 1 ,`
			`.Xr chroot 2 ,`
			`.Xr hosts_access 5 ,`
			`-.Xr login.conf 5 ,`
			`+.Xr login.defs 5 ,`
			`.Xr moduli 5 ,`
			`.Xr sshd_config 5 ,`
			`.Xr inetd 8 ,`
			`.Xr sftp-server 8`
			`.Sh AUTHORS`
			`OpenSSH is a derivative of the original and free`
			`ssh 1.2.12 release by Tatu Ylonen.`
			`Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,`
Accepting request 220466 from home:pcerny:factory - Update of the underlying OpenSSH to 6.4p1 - Update to 6.4p1 Features since 6.2p2: * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. * The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. * ssh(1) ability to query what cryptographic algorithms are supported in the binary. * ssh(1): ProxyCommand=- for cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): -E option to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): support resuming partial downloads with the "reget" command and on the sftp commandline or on the "get" commandline with the "-a" (append) option. * ssh(1): "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): support for submethods to be appended to required authentication methods listed via AuthenticationMethods. OBS-URL: https://build.opensuse.org/request/show/220466 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=58 2014-01-31 13:18:41 +01:00			`diff --git a/openssh-6.4p1/sshd_config.5 b/openssh-6.4p1/sshd_config.5`
			`--- a/openssh-6.4p1/sshd_config.5`
			`+++ b/openssh-6.4p1/sshd_config.5`
			`@@ -278,18 +278,17 @@ The contents of the specified file are s`
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`authentication is allowed.`
			`If the argument is`
			`.Dq none`
			`then no banner is displayed.`
			`This option is only available for protocol version 2.`
			`By default, no banner is displayed.`
			`.It Cm ChallengeResponseAuthentication`
			`Specifies whether challenge-response authentication is allowed (e.g. via`
			`-PAM or though authentication styles supported in`
			`-.Xr login.conf 5 )`
			`+PAM)`
			`The default is`
			`.Dq yes .`
			`.It Cm ChrootDirectory`
			`Specifies the pathname of a directory to`
			`.Xr chroot 2`
			`to after authentication.`
			`All components of the pathname must be root-owned directories that are`
			`not writable by any other user or group.`
Accepting request 220466 from home:pcerny:factory - Update of the underlying OpenSSH to 6.4p1 - Update to 6.4p1 Features since 6.2p2: * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or hostkeys on smartcards. * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client. * sshd(8): standardise logging of information during user authentication. * The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too. * ssh(1) ability to query what cryptographic algorithms are supported in the binary. * ssh(1): ProxyCommand=- for cases where stdin and stdout already point to the proxy. * ssh(1): allow IdentityFile=none * ssh(1)/sshd(8): -E option to append debugging logs to a specified file instead of stderr or syslog. * sftp(1): support resuming partial downloads with the "reget" command and on the sftp commandline or on the "get" commandline with the "-a" (append) option. * ssh(1): "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives. * sshd(8): support for submethods to be appended to required authentication methods listed via AuthenticationMethods. OBS-URL: https://build.opensuse.org/request/show/220466 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=58 2014-01-31 13:18:41 +01:00			`@@ -565,17 +564,17 @@ and`
Accepting request 199679 from home:pcerny:factory - spec file cleanup (don't pointelssly build whole OpenSSH) - spec file and patch cleanup * removing obsoleted auditing patch (openssh-%{version}-audit.patch) - added patches from SLE * GSSAPI key exchange * FIPS enablement (currently disabled) * small bugfixes - split the LDAP helper into a separate package: openssh-akc-ldap OBS-URL: https://build.opensuse.org/request/show/199679 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55 2013-09-19 06:09:33 +02:00			`.Pa .shosts`
			`files will not be used in`
			`.Cm RhostsRSAAuthentication`
			`or`
			`.Cm HostbasedAuthentication .`
			`.Pp`
			`.Pa /etc/hosts.equiv`
			`and`
			`-.Pa /etc/shosts.equiv`
			`+.Pa /etc/ssh/shosts.equiv`
			`are still used.`
			`The default is`
			`.Dq yes .`
			`.It Cm IgnoreUserKnownHosts`
			`Specifies whether`
			`.Xr sshd 8`
			`should ignore the user's`
			`.Pa ~/.ssh/known_hosts`