forked from rpms/openssh
Disable locale forwarding in default configurations
Related: rhbz#2002734
This commit is contained in:
Dmitry Belyavskiy
parent
aa1b338db7
commit
6e19d4fb57
@ -15,7 +15,7 @@ diff -up openssh/ssh_config.redhat openssh/ssh_config
|
|||||||
diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
|
diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
|
||||||
--- openssh/ssh_config_redhat.redhat 2020-02-13 18:13:39.180641839 +0100
|
--- openssh/ssh_config_redhat.redhat 2020-02-13 18:13:39.180641839 +0100
|
||||||
+++ openssh/ssh_config_redhat 2020-02-13 18:13:39.180641839 +0100
|
+++ openssh/ssh_config_redhat 2020-02-13 18:13:39.180641839 +0100
|
||||||
@@ -0,0 +1,21 @@
|
@@ -0,0 +1,15 @@
|
||||||
+# The options here are in the "Match final block" to be applied as the last
|
+# The options here are in the "Match final block" to be applied as the last
|
||||||
+# options and could be potentially overwritten by the user configuration
|
+# options and could be potentially overwritten by the user configuration
|
||||||
+Match final all
|
+Match final all
|
||||||
@ -29,12 +29,6 @@ diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
|
|||||||
+# mode correctly we set this to yes.
|
+# mode correctly we set this to yes.
|
||||||
+ ForwardX11Trusted yes
|
+ ForwardX11Trusted yes
|
||||||
+
|
+
|
||||||
+# Send locale-related environment variables
|
|
||||||
+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
||||||
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
||||||
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
+ SendEnv XMODIFIERS
|
|
||||||
+
|
|
||||||
+# Uncomment this if you want to use .local domain
|
+# Uncomment this if you want to use .local domain
|
||||||
+# Host *.local
|
+# Host *.local
|
||||||
diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0
|
diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0
|
||||||
@ -86,7 +80,7 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config
|
|||||||
diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
|
diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
|
||||||
--- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100
|
--- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100
|
||||||
+++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100
|
+++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100
|
||||||
@@ -0,0 +1,28 @@
|
@@ -0,0 +1,22 @@
|
||||||
+# This system is following system-wide crypto policy. The changes to
|
+# This system is following system-wide crypto policy. The changes to
|
||||||
+# crypto properties (Ciphers, MACs, ...) will not have any effect in
|
+# crypto properties (Ciphers, MACs, ...) will not have any effect in
|
||||||
+# this or following included files. To override some configuration option,
|
+# this or following included files. To override some configuration option,
|
||||||
@ -109,9 +103,3 @@ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
|
|||||||
+# as it is more configurable and versatile than the built-in version.
|
+# as it is more configurable and versatile than the built-in version.
|
||||||
+PrintMotd no
|
+PrintMotd no
|
||||||
+
|
+
|
||||||
+# Accept locale-related environment variables
|
|
||||||
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
|
|
||||||
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
|
||||||
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
|
||||||
+AcceptEnv XMODIFIERS
|
|
||||||
+
|
|
||||||
|
|||||||
@ -51,7 +51,7 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.7p1
|
%global openssh_ver 8.7p1
|
||||||
%global openssh_rel 2
|
%global openssh_rel 3
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 4
|
%global pam_ssh_agent_rel 4
|
||||||
|
|
||||||
@ -661,6 +661,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 19 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-3
|
||||||
|
- Disable locale forwarding in default configurations
|
||||||
|
Related: rhbz#2002734
|
||||||
|
|
||||||
* Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
|
* Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
|
||||||
- Upstream fix for CVE-2021-41617
|
- Upstream fix for CVE-2021-41617
|
||||||
Related: rhbz#2008886
|
Related: rhbz#2008886
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user