From e0c60bf6a0065ba447b50fcb1bb171725e8bd00d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 5 Oct 2020 14:11:02 +0200
Subject: [PATCH 1/3] man: reword of fido2 key derivation

"keyed by" is indeed a bit jargony. Say " a HMAC hash of the salt combined with
an internal secret key" instead.

For #17177.
---
 man/homectl.xml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/man/homectl.xml b/man/homectl.xml
index 4b792173a6..f869b3352c 100644
--- a/man/homectl.xml
+++ b/man/homectl.xml
@@ -357,11 +357,11 @@
 
         <listitem><para>Takes a path to a Linux <literal>hidraw</literal> device
         (e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
-        <literal>hmac-secret</literal> extension, that shall be able to unlock the user account. If used, a
-        random salt value is generated on the host, which is passed to the FIDO2 device, which calculates a
-        HMAC hash of it, keyed by its internal secret key. The result is then used as key for unlocking the
-        user account. The random salt is included in the user record, so that whenever authentication is
-        needed it can be passed again to the FIDO2 token, to retrieve the actual key.</para>
+        <literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
+        value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
+        salt combined with an internal secret key. The result is then used as the key to unlock the user
+        account. The random salt is included in the user record, so that whenever authentication is needed it
+        can be passed again to the FIDO2 token again.</para>
 
         <para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
         <literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is

From e6fd398d61a9810d53a2a5a30294500718e43286 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 5 Oct 2020 14:23:19 +0200
Subject: [PATCH 2/3] man: reword the descriptions of VXLAN DestinationPort=
 and PortRange=

The usual: "empty string" is meaningless in this context. We are not assigning
DestinationPort="". Just say "unset".

Fixes #17240.
---
 man/systemd.netdev.xml | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 863fa9108f..2bb99a1885 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -711,20 +711,16 @@
       <varlistentry>
         <term><varname>DestinationPort=</varname></term>
         <listitem>
-          <para>Configures the default destination UDP port on a per-device basis.
-          If destination port is not specified then Linux kernel default will be used.
-          Set destination port 4789 to get the IANA assigned value. If not set or if the
-          destination port is assigned the empty string the default port of 4789 is used.</para>
+          <para>Configures the default destination UDP port. If the destination port is not specified then
+          Linux kernel default will be used. Set to 4789 to get the IANA assigned value.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
         <term><varname>PortRange=</varname></term>
         <listitem>
-          <para>Configures VXLAN port range. VXLAN bases source
-          UDP port based on flow to help the receiver to be able
-          to load balance based on outer header flow. It
-          restricts the port range to the normal UDP local
-          ports, and allows overriding via configuration.</para>
+          <para>Configures the source port range for the VXLAN. The kernel assigns the source UDP port based
+          on the flow to help the receiver to do load balancing. When this option is not set, the normal
+          range of local UDP ports is used.</para>
         </listitem>
       </varlistentry>
       <varlistentry>

From 41b6ae4da3d3e1360a9f78ca3e1176a3bfe2ec2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 5 Oct 2020 14:27:04 +0200
Subject: [PATCH 3/3] man: reword description of
 KillOnlyUsers=/KillExcludeUsers=

Fixes #17177.
---
 man/homectl.xml     |  6 +++---
 man/logind.conf.xml | 20 ++++++++++----------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/man/homectl.xml b/man/homectl.xml
index f869b3352c..8afe993dac 100644
--- a/man/homectl.xml
+++ b/man/homectl.xml
@@ -359,9 +359,9 @@
         (e.g. <filename>/dev/hidraw1</filename>), referring to a FIDO2 security token implementing the
         <literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
         value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
-        salt combined with an internal secret key. The result is then used as the key to unlock the user
-        account. The random salt is included in the user record, so that whenever authentication is needed it
-        can be passed again to the FIDO2 token again.</para>
+        salt using an internal secret key. The result is then used as the key to unlock the user account. The
+        random salt is included in the user record, so that whenever authentication is needed it can be
+        passed to the FIDO2 token again.</para>
 
         <para>Instead of a valid path to a FIDO2 <literal>hidraw</literal> device the special strings
         <literal>list</literal> and <literal>auto</literal> may be specified. If <literal>list</literal> is
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index 97d11da03f..7857073aca 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -125,16 +125,16 @@
         <term><varname>KillOnlyUsers=</varname></term>
         <term><varname>KillExcludeUsers=</varname></term>
 
-        <listitem><para>These settings take space-separated lists of usernames that override
-        the <varname>KillUserProcesses=</varname> setting. A user name may be added to
-        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of
-        that user from being killed even if <varname>KillUserProcesses=yes</varname> is set. If
-        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is
-        excluded by default. <varname>KillExcludeUsers=</varname> may be set to an empty value
-        to override this default. If a user is not excluded, <varname>KillOnlyUsers=</varname>
-        is checked next. If this setting is specified, only the session scopes of those users
-        will be killed. Otherwise, users are subject to the
-        <varname>KillUserProcesses=yes</varname> setting.</para></listitem>
+        <listitem><para>These settings take space-separated lists of usernames that override the
+        <varname>KillUserProcesses=</varname> setting. A user name may be added to
+        <varname>KillExcludeUsers=</varname> to exclude the processes in the session scopes of that user from
+        being killed even if <varname>KillUserProcesses=yes</varname> is set. If
+        <varname>KillExcludeUsers=</varname> is not set, the <literal>root</literal> user is excluded by
+        default. <varname>KillExcludeUsers=</varname> may be set to an empty value to override this
+        default. If a user is not excluded, <varname>KillOnlyUsers=</varname> is checked next. If this
+        setting is specified, only the processes in the session scopes of those users will be
+        killed. Otherwise, users are subject to the <varname>KillUserProcesses=yes</varname> setting.
+        </para></listitem>
       </varlistentry>
 
       <varlistentry>