From ffb1787c07ea5af2262016e80f5769291ef36087 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 23 Jan 2019 15:35:07 +0100 Subject: [PATCH] Enclose redhat specific configuration with Match final block This allows users to specify options in user configuration files overwriting the defaults we propose without ovewriting them in the shipped configuration file and without opting out from the crypto policy altogether. Resolves: rhbz#1438326 rhbz#1630166 --- openssh-7.7p1-redhat.patch | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/openssh-7.7p1-redhat.patch b/openssh-7.7p1-redhat.patch index 933796a..6fd9daf 100644 --- a/openssh-7.7p1-redhat.patch +++ b/openssh-7.7p1-redhat.patch @@ -12,15 +12,13 @@ diff -up openssh-7.7p1/ssh_config.redhat openssh-7.7p1/ssh_config diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat --- openssh-7.7p1/ssh_config_redhat.redhat 2018-07-03 10:44:06.522245125 +0200 +++ openssh-7.7p1/ssh_config_redhat 2018-07-03 10:44:06.522245125 +0200 -@@ -0,0 +1,20 @@ -+# Follow system-wide Crypto Policy, if defined: -+Include /etc/crypto-policies/back-ends/openssh.config +@@ -0,0 +1,21 @@ ++# The options here are in the "Match final block" to be applied as the last ++# options and could be potentially overwritten by the user configuration ++Match final all ++ # Follow system-wide Crypto Policy, if defined: ++ Include /etc/crypto-policies/back-ends/openssh.config + -+# Uncomment this if you want to use .local domain -+# Host *.local -+# CheckHostIP no -+ -+Host * + GSSAPIAuthentication yes + +# If this option is set to yes then remote X11 clients will have full access @@ -33,6 +31,10 @@ diff -up openssh-7.7p1/ssh_config_redhat.redhat openssh-7.7p1/ssh_config_redhat + SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE + SendEnv XMODIFIERS ++ ++# Uncomment this if you want to use .local domain ++# Host *.local ++# CheckHostIP no diff -up openssh-7.7p1/sshd_config.0.redhat openssh-7.7p1/sshd_config.0 --- openssh-7.7p1/sshd_config.0.redhat 2018-04-02 07:39:27.000000000 +0200 +++ openssh-7.7p1/sshd_config.0 2018-07-03 10:44:06.523245133 +0200