Disable locale forwarding in default configurations

Related: rhbz#2002734
This commit is contained in:
Dmitry Belyavskiy 2021-10-19 15:24:12 +02:00
parent aa1b338db7
commit 6e19d4fb57
2 changed files with 7 additions and 15 deletions

View File

@ -15,7 +15,7 @@ diff -up openssh/ssh_config.redhat openssh/ssh_config
diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
--- openssh/ssh_config_redhat.redhat 2020-02-13 18:13:39.180641839 +0100 --- openssh/ssh_config_redhat.redhat 2020-02-13 18:13:39.180641839 +0100
+++ openssh/ssh_config_redhat 2020-02-13 18:13:39.180641839 +0100 +++ openssh/ssh_config_redhat 2020-02-13 18:13:39.180641839 +0100
@@ -0,0 +1,21 @@ @@ -0,0 +1,15 @@
+# The options here are in the "Match final block" to be applied as the last +# The options here are in the "Match final block" to be applied as the last
+# options and could be potentially overwritten by the user configuration +# options and could be potentially overwritten by the user configuration
+Match final all +Match final all
@ -29,12 +29,6 @@ diff -up openssh/ssh_config_redhat.redhat openssh/ssh_config_redhat
+# mode correctly we set this to yes. +# mode correctly we set this to yes.
+ ForwardX11Trusted yes + ForwardX11Trusted yes
+ +
+# Send locale-related environment variables
+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+ SendEnv XMODIFIERS
+
+# Uncomment this if you want to use .local domain +# Uncomment this if you want to use .local domain
+# Host *.local +# Host *.local
diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0 diff -up openssh/sshd_config.0.redhat openssh/sshd_config.0
@ -86,7 +80,7 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config
diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
--- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100 --- openssh/sshd_config_redhat.redhat 2020-02-13 18:14:02.268006439 +0100
+++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100 +++ openssh/sshd_config_redhat 2020-02-13 18:19:20.765035947 +0100
@@ -0,0 +1,28 @@ @@ -0,0 +1,22 @@
+# This system is following system-wide crypto policy. The changes to +# This system is following system-wide crypto policy. The changes to
+# crypto properties (Ciphers, MACs, ...) will not have any effect in +# crypto properties (Ciphers, MACs, ...) will not have any effect in
+# this or following included files. To override some configuration option, +# this or following included files. To override some configuration option,
@ -109,9 +103,3 @@ diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
+# as it is more configurable and versatile than the built-in version. +# as it is more configurable and versatile than the built-in version.
+PrintMotd no +PrintMotd no
+ +
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+AcceptEnv XMODIFIERS
+

View File

@ -51,7 +51,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1 %global openssh_ver 8.7p1
%global openssh_rel 2 %global openssh_rel 3
%global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 4 %global pam_ssh_agent_rel 4
@ -661,6 +661,10 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Tue Oct 19 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-3
- Disable locale forwarding in default configurations
Related: rhbz#2002734
* Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2 * Fri Oct 01 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-2
- Upstream fix for CVE-2021-41617 - Upstream fix for CVE-2021-41617
Related: rhbz#2008886 Related: rhbz#2008886