--- a/components/openssh/patches/007-manpages.patch Thu Oct 29 13:35:51 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,675 +0,0 @@
-# This change is Solaris-specific and thus is not being contributed back
-# to the upstream community. Details:
-#
-# OpenSSH uses the BSD/Linux man page scheme which is different from the SysV
-# man page scheme used in Solaris. In order to comply to the Solaris man page
-# policy and also use the IPS mediator to switch between SunSSH and OpenSSH man
-# pages, the section numbers of some OpenSSH man pages are changed to be the
-# same as their corresponding ones in SunSSH.
-#
-diff -pur old/moduli.5 new/moduli.5
---- old/moduli.5
-+++ new/moduli.5
-@@ -14,7 +14,7 @@
- .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .Dd $Mdocdate: September 26 2012 $
--.Dt MODULI 5
-+.Dt MODULI 4
- .Os
- .Sh NAME
- .Nm moduli
-@@ -23,7 +23,7 @@
- The
- .Pa /etc/moduli
- file contains prime numbers and generators for use by
--.Xr sshd 8
-+.Xr sshd 1M
- in the Diffie-Hellman Group Exchange key exchange method.
- .Pp
- New moduli may be generated with
-@@ -40,7 +40,7 @@ pass, using
- .Ic ssh-keygen -T ,
- provides a high degree of assurance that the numbers are prime and are
- safe for use in Diffie-Hellman operations by
--.Xr sshd 8 .
-+.Xr sshd 1M .
- This
- .Nm
- format is used as the output from each pass.
-@@ -70,7 +70,7 @@ are Sophie Germain primes (type 4).
- Further primality testing with
- .Xr ssh-keygen 1
- produces safe prime moduli (type 2) that are ready for use in
--.Xr sshd 8 .
-+.Xr sshd 1M .
- Other types are not used by OpenSSH.
- .It tests
- Decimal number indicating the type of primality tests that the number
-@@ -105,16 +105,16 @@ The modulus itself in hexadecimal.
- .El
- .Pp
- When performing Diffie-Hellman Group Exchange,
--.Xr sshd 8
-+.Xr sshd 1M
- first estimates the size of the modulus required to produce enough
- Diffie-Hellman output to sufficiently key the selected symmetric cipher.
--.Xr sshd 8
-+.Xr sshd 1M
- then randomly selects a modulus from
- .Fa /etc/moduli
- that best meets the size requirement.
- .Sh SEE ALSO
- .Xr ssh-keygen 1 ,
--.Xr sshd 8
-+.Xr sshd 1M
- .Sh STANDARDS
- .Rs
- .%A M. Friedl
-diff -pur old/sftp-server.8 new/sftp-server.8
---- old/sftp-server.8
-+++ new/sftp-server.8
-@@ -23,7 +23,7 @@
- .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .\"
- .Dd $Mdocdate: December 11 2014 $
--.Dt SFTP-SERVER 8
-+.Dt SFTP-SERVER 1M
- .Os
- .Sh NAME
- .Nm sftp-server
-@@ -47,7 +47,7 @@ is a program that speaks the server side
- to stdout and expects client requests from stdin.
- .Nm
- is not intended to be called directly, but from
--.Xr sshd 8
-+.Xr sshd 1M
- using the
- .Cm Subsystem
- option.
-@@ -58,7 +58,7 @@ should be specified in the
- .Cm Subsystem
- declaration.
- See
--.Xr sshd_config 5
-+.Xr sshd_config 4
- for more information.
- .Pp
- Valid options are:
-@@ -71,7 +71,7 @@ The pathname may contain the following t
- and %u is replaced by the username of that user.
- The default is to use the user's home directory.
- This option is useful in conjunction with the
--.Xr sshd_config 5
-+.Xr sshd_config 4
- .Cm ChrootDirectory
- option.
- .It Fl e
-@@ -152,8 +152,8 @@ establish a logging socket inside the ch
- .Sh SEE ALSO
- .Xr sftp 1 ,
- .Xr ssh 1 ,
--.Xr sshd_config 5 ,
--.Xr sshd 8
-+.Xr sshd_config 4 ,
-+.Xr sshd 1M
- .Rs
- .%A T. Ylonen
- .%A S. Lehtinen
-diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8
-+++ new/ssh-keysign.8
-@@ -23,7 +23,7 @@
- .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .\"
- .Dd $Mdocdate: December 7 2013 $
--.Dt SSH-KEYSIGN 8
-+.Dt SSH-KEYSIGN 1M
- .Os
- .Sh NAME
- .Nm ssh-keysign
-@@ -52,7 +52,7 @@ is not intended to be invoked by the use
- See
- .Xr ssh 1
- and
--.Xr sshd 8
-+.Xr sshd 1M
- for more information about host-based authentication.
- .Sh FILES
- .Bl -tag -width Ds -compact
-@@ -83,8 +83,8 @@ information corresponding with the priva
- .Sh SEE ALSO
- .Xr ssh 1 ,
- .Xr ssh-keygen 1 ,
--.Xr ssh_config 5 ,
--.Xr sshd 8
-+.Xr ssh_config 4 ,
-+.Xr sshd 1M
- .Sh HISTORY
- .Nm
- first appeared in
-diff -pur old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8
---- old/ssh-pkcs11-helper.8
-+++ new/ssh-pkcs11-helper.8
-@@ -15,7 +15,7 @@
- .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .\"
- .Dd $Mdocdate: July 16 2013 $
--.Dt SSH-PKCS11-HELPER 8
-+.Dt SSH-PKCS11-HELPER 1M
- .Os
- .Sh NAME
- .Nm ssh-pkcs11-helper
-diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5
-+++ new/ssh_config.5
-@@ -35,7 +35,7 @@
- .\"
- .\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
- .Dd $Mdocdate: August 14 2015 $
--.Dt SSH_CONFIG 5
-+.Dt SSH_CONFIG 4
- .Os
- .Sh NAME
- .Nm ssh_config
-@@ -568,7 +568,7 @@ then the master connection will remain i
- .Dq Fl O No exit
- option).
- If set to a time in seconds, or a time in any of the formats documented in
--.Xr sshd_config 5 ,
-+.Xr sshd_config 4 ,
- then the backgrounded master connection will automatically terminate
- after it has remained idle (with no client connections) for the
- specified time.
-@@ -695,7 +695,7 @@ option is also enabled.
- Specify a timeout for untrusted X11 forwarding
- using the format described in the
- TIME FORMATS section of
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- X11 connections received by
- .Xr ssh 1
- after this time will be refused.
-@@ -762,7 +762,7 @@ should hash host names and addresses whe
- These hashed names may be used normally by
- .Xr ssh 1
- and
--.Xr sshd 8 ,
-+.Xr sshd 1M ,
- but they do not reveal identifying information should the file's contents
- be disclosed.
- The default is
-@@ -1286,7 +1286,7 @@ depending on the cipher.
- The optional second value is specified in seconds and may use any of the
- units documented in the
- TIME FORMATS section of
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- The default value for
- .Cm RekeyLimit
- is
-@@ -1330,7 +1330,7 @@ Specifying a remote
- will only succeed if the server's
- .Cm GatewayPorts
- option is enabled (see
--.Xr sshd_config 5 ) .
-+.Xr sshd_config 4 ) .
- .It Cm RequestTTY
- Specifies whether to request a pseudo-tty for the session.
- The argument may be one of:
-@@ -1396,7 +1396,7 @@ pseudo-terminal is requested as it is re
- Refer to
- .Cm AcceptEnv
- in
--.Xr sshd_config 5
-+.Xr sshd_config 4
- for how to configure the server.
- Variables are specified by name, which may contain wildcard characters.
- Multiple environment variables may be separated by whitespace or spread
-diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8
-+++ new/sshd.8
-@@ -35,7 +35,7 @@
- .\"
- .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
- .Dd $Mdocdate: July 3 2015 $
--.Dt SSHD 8
-+.Dt SSHD 1M
- .Os
- .Sh NAME
- .Nm sshd
-@@ -77,7 +77,7 @@ and data exchange.
- .Nm
- can be configured using command-line options or a configuration file
- (by default
--.Xr sshd_config 5 ) ;
-+.Xr sshd_config 4 ) ;
- command-line options override values specified in the
- configuration file.
- .Nm
-@@ -204,7 +204,7 @@ Can be used to give options in the forma
- This is useful for specifying options for which there is no separate
- command-line flag.
- For full details of the options, and their values, see
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .It Fl p Ar port
- Specifies the port on which the server listens for connections
- (default 22).
-@@ -274,7 +274,7 @@ The default is to use protocol 2 only,
- though this can be changed via the
- .Cm Protocol
- option in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
- protocol 1 only supports RSA keys.
- For both protocols,
-@@ -399,7 +399,7 @@ if it exists, and users are allowed to c
- See the
- .Cm PermitUserEnvironment
- option in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .It
- Changes to user's home directory.
- .It
-@@ -549,7 +549,7 @@ The command originally supplied by the c
- environment variable.
- Note that this option applies to shell, command or subsystem execution.
- Also note that this command may be superseded by either a
--.Xr sshd_config 5
-+.Xr sshd_config 4
- .Cm ForceCommand
- directive or a command embedded in a certificate.
- .It Cm environment="NAME=value"
-@@ -570,7 +570,7 @@ Specifies that in addition to public key
- name of the remote host or its IP address must be present in the
- comma-separated list of patterns.
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .Pp
- In addition to the wildcard matching that may be applied to hostnames or
-@@ -858,7 +858,7 @@ It should only be writable by root.
- .It Pa /etc/moduli
- Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
- The file format is described in
--.Xr moduli 5 .
-+.Xr moduli 4 .
- .Pp
- .It Pa /etc/motd
- See
-@@ -919,7 +919,7 @@ should be world-readable.
- Contains configuration data for
- .Nm sshd .
- The file format and configuration options are described in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .Pp
- .It Pa /etc/ssh/sshrc
- Similar to
-@@ -954,10 +954,10 @@ The content of this file is not sensitiv
- .Xr ssh-keyscan 1 ,
- .Xr chroot 2 ,
- .Xr login.conf 5 ,
--.Xr moduli 5 ,
--.Xr sshd_config 5 ,
--.Xr inetd 8 ,
--.Xr sftp-server 8
-+.Xr moduli 4 ,
-+.Xr sshd_config 4 ,
-+.Xr inetd 1M ,
-+.Xr sftp-server 1M
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
-diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5
-+++ new/sshd_config.5
-@@ -35,7 +35,7 @@
- .\"
- .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
- .Dd $Mdocdate: August 14 2015 $
--.Dt SSHD_CONFIG 5
-+.Dt SSHD_CONFIG 4
- .Os
- .Sh NAME
- .Nm sshd_config
-@@ -43,7 +43,7 @@
- .Sh SYNOPSIS
- .Nm /etc/ssh/sshd_config
- .Sh DESCRIPTION
--.Xr sshd 8
-+.Xr sshd 1M
- reads configuration data from
- .Pa /etc/ssh/sshd_config
- (or the file specified with
-@@ -68,7 +68,7 @@ the session's
- See
- .Cm SendEnv
- in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for how to configure the client.
- Note that environment passing is only supported for protocol 2, and
- that the
-@@ -89,7 +89,7 @@ For this reason, care should be taken in
- The default is not to accept any environment variables.
- .It Cm AddressFamily
- Specifies which address family should be used by
--.Xr sshd 8 .
-+.Xr sshd 1M .
- Valid arguments are
- .Dq any ,
- .Dq inet
-@@ -122,7 +122,7 @@ and finally
- .Cm AllowGroups .
- .Pp
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .It Cm AllowTcpForwarding
- Specifies whether TCP forwarding is permitted.
-@@ -182,7 +182,7 @@ and finally
- .Cm AllowGroups .
- .Pp
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .It Cm AuthenticationMethods
- Specifies the authentication methods that must be successfully completed
-@@ -250,7 +250,7 @@ will be supplied.
- .Pp
- The program should produce on standard output zero or
- more lines of authorized_keys output (see AUTHORIZED_KEYS in
--.Xr sshd 8 ) .
-+.Xr sshd 1M ) .
- If a key supplied by AuthorizedKeysCommand does not successfully authenticate
- and authorize the user then public key authentication continues using the usual
- .Cm AuthorizedKeysFile
-@@ -273,7 +273,7 @@ for user authentication.
- The format is described in the
- AUTHORIZED_KEYS FILE FORMAT
- section of
--.Xr sshd 8 .
-+.Xr sshd 1M .
- .Cm AuthorizedKeysFile
- may contain tokens of the form %T which are substituted during connection
- setup.
-@@ -332,7 +332,7 @@ this file lists names, one of which must
- to be accepted for authentication.
- Names are listed one per line preceded by key options (as described
- in AUTHORIZED_KEYS FILE FORMAT in
--.Xr sshd 8 ) .
-+.Xr sshd 1M ) .
- Empty lines and comments starting with
- .Ql #
- are ignored.
-@@ -362,7 +362,7 @@ and is not consulted for certification a
- though the
- .Cm principals=
- key option offers a similar facility (see
--.Xr sshd 8
-+.Xr sshd 1M
- for details).
- .It Cm Banner
- The contents of the specified file are sent to the remote user before
-@@ -387,7 +387,7 @@ At session startup
- checks that all components of the pathname are root-owned directories
- which are not writable by any other user or group.
- After the chroot,
--.Xr sshd 8
-+.Xr sshd 1M
- changes the working directory to the user's home directory.
- .Pp
- The pathname may contain the following tokens that are expanded at runtime once
-@@ -490,7 +490,7 @@ with an argument of
- .It Cm ClientAliveCountMax
- Sets the number of client alive messages (see below) which may be
- sent without
--.Xr sshd 8
-+.Xr sshd 1M
- receiving any messages back from the client.
- If this threshold is reached while client alive messages are being sent,
- sshd will disconnect the client, terminating the session.
-@@ -517,7 +517,7 @@ This option applies to protocol version
- .It Cm ClientAliveInterval
- Sets a timeout interval in seconds after which if no data has been received
- from the client,
--.Xr sshd 8
-+.Xr sshd 1M
- will send a message through the encrypted
- channel to request a response from the client.
- The default
-@@ -548,7 +548,7 @@ and finally
- .Cm AllowGroups .
- .Pp
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .It Cm DenyUsers
- This keyword can be followed by a list of user name patterns, separated
-@@ -567,7 +567,7 @@ and finally
- .Cm AllowGroups .
- .Pp
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .It Cm FingerprintHash
- Specifies the hash algorithm used when logging key fingerprints.
-@@ -600,7 +600,7 @@ files when used with
- Specifies whether remote hosts are allowed to connect to ports
- forwarded for the client.
- By default,
--.Xr sshd 8
-+.Xr sshd 1M
- binds remote port forwardings to the loopback address.
- This prevents other remote hosts from connecting to forwarded ports.
- .Cm GatewayPorts
-@@ -686,7 +686,7 @@ files during
- A setting of
- .Dq yes
- means that
--.Xr sshd 8
-+.Xr sshd 1M
- uses the name supplied by the client rather than
- attempting to resolve the name from the TCP connection itself.
- The default is
-@@ -697,7 +697,7 @@ The certificate's public key must match
- by
- .Cm HostKey .
- The default behaviour of
--.Xr sshd 8
-+.Xr sshd 1M
- is not to load any certificates.
- .It Cm HostKey
- Specifies a file containing a private host key
-@@ -779,7 +779,7 @@ The default is
- .Dq yes .
- .It Cm IgnoreUserKnownHosts
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should ignore the user's
- .Pa ~/.ssh/known_hosts
- during
-@@ -914,7 +914,7 @@ If the value is 0, the key is never rege
- The default is 3600 (seconds).
- .It Cm ListenAddress
- Specifies the local addresses
--.Xr sshd 8
-+.Xr sshd 1M
- should listen on.
- The following forms may be used:
- .Pp
-@@ -954,7 +954,7 @@ If the value is 0, there is no time limi
- The default is 120 seconds.
- .It Cm LogLevel
- Gives the verbosity level that is used when logging messages from
--.Xr sshd 8 .
-+.Xr sshd 1M .
- The possible values are:
- QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
- The default is INFO.
-@@ -1059,7 +1059,7 @@ and
- The match patterns may consist of single entries or comma-separated
- lists and may use the wildcard and negation operators described in the
- PATTERNS section of
--.Xr ssh_config 5 .
-+.Xr ssh_config 4 .
- .Pp
- The patterns in an
- .Cm Address
-@@ -1148,7 +1148,7 @@ Alternatively, random early drop can be
- the three colon separated values
- .Dq start:rate:full
- (e.g. "10:30:60").
--.Xr sshd 8
-+.Xr sshd 1M
- will refuse connection attempts with a probability of
- .Dq rate/100
- (30%)
-@@ -1268,7 +1268,7 @@ and
- options in
- .Pa ~/.ssh/authorized_keys
- are processed by
--.Xr sshd 8 .
-+.Xr sshd 1M .
- The default is
- .Dq no .
- Enabling environment processing may enable users to bypass access
-@@ -1289,7 +1289,7 @@ The default is
- .Pa /var/run/sshd.pid .
- .It Cm Port
- Specifies the port number that
--.Xr sshd 8
-+.Xr sshd 1M
- listens on.
- The default is 22.
- Multiple options of this type are permitted.
-@@ -1297,14 +1297,14 @@ See also
- .Cm ListenAddress .
- .It Cm PrintLastLog
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should print the date and time of the last user login when a user logs
- in interactively.
- On Solaris this option is always ignored since pam_unix_session(5)
- reports the last login time.
- .It Cm PrintMotd
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should print
- .Pa /etc/motd
- when a user logs in interactively.
-@@ -1315,7 +1315,7 @@ The default is
- .Dq yes .
- .It Cm Protocol
- Specifies the protocol versions
--.Xr sshd 8
-+.Xr sshd 1M
- supports.
- The possible values are
- .Sq 1
-@@ -1440,7 +1440,7 @@ The default is
- .Dq no .
- .It Cm StrictModes
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should check file modes and ownership of the
- user's files and home directory before accepting login.
- This is normally desirable because novices sometimes accidentally leave their
-@@ -1474,7 +1474,7 @@ By default no subsystems are defined.
- Note that this option applies to protocol version 2 only.
- .It Cm SyslogFacility
- Gives the facility code that is used when logging messages from
--.Xr sshd 8 .
-+.Xr sshd 1M .
- The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
- LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
- The default is AUTH.
-@@ -1571,13 +1571,13 @@ or
- If
- .Cm UsePAM
- is enabled, you will not be able to run
--.Xr sshd 8
-+.Xr sshd 1M
- as a non-root user.
- The default is
- .Dq no .
- .It Cm UsePrivilegeSeparation
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- separates privileges by creating an unprivileged child process
- to deal with incoming network traffic.
- After successful authentication, another process will be created that has
-@@ -1599,7 +1599,7 @@ The default is
- .Dq none .
- .It Cm X11DisplayOffset
- Specifies the first display number available for
--.Xr sshd 8 Ns 's
-+.Xr sshd 1M Ns 's
- X11 forwarding.
- This prevents sshd from interfering with real X11 servers.
- The default is 10.
-@@ -1614,7 +1614,7 @@ The default is
- .Pp
- When X11 forwarding is enabled, there may be additional exposure to
- the server and to client displays if the
--.Xr sshd 8
-+.Xr sshd 1M
- proxy display is configured to listen on the wildcard address (see
- .Cm X11UseLocalhost
- below), though this is not the default.
-@@ -1625,7 +1625,7 @@ display server may be exposed to attack
- forwarding (see the warnings for
- .Cm ForwardX11
- in
--.Xr ssh_config 5 ) .
-+.Xr ssh_config 4 ) .
- A system administrator may have a stance in which they want to
- protect clients that may expose themselves to attack by unwittingly
- requesting X11 forwarding, which can warrant a
-@@ -1639,7 +1639,7 @@ X11 forwarding is automatically disabled
- is enabled.
- .It Cm X11UseLocalhost
- Specifies whether
--.Xr sshd 8
-+.Xr sshd 1M
- should bind the X11 forwarding server to the loopback address or to
- the wildcard address.
- By default,
-@@ -1672,7 +1672,7 @@ The default is
- .Pa /usr/X11R6/bin/xauth .
- .El
- .Sh TIME FORMATS
--.Xr sshd 8
-+.Xr sshd 1M
- command-line arguments and configuration file options that specify time
- may be expressed using a sequence of the form:
- .Sm off
-@@ -1716,12 +1716,12 @@ Time format examples:
- .Bl -tag -width Ds
- .It Pa /etc/ssh/sshd_config
- Contains configuration data for
--.Xr sshd 8 .
-+.Xr sshd 1M .
- This file should be writable by root only, but it is recommended
- (though not necessary) that it be world-readable.
- .El
- .Sh SEE ALSO
--.Xr sshd 8 ,
-+.Xr sshd 1M ,
- .Xr pam_unix_session 5
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free