Send/accept only specific known LC_* variables, rather than using a wildcard (closes: #765633).

1 files changed, 12 insertions, 1 deletions

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 5131b2647..12ccb4f76 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -147,6 +147,13 @@ update_server_key_bits() {
 }
 
 
+update_accept_env() {
+        if [ "$(get_config_option AcceptEnv)" = 'LANG LC_*' ]; then
+                set_config_option AcceptEnv 'LANG LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL'
+        fi
+}
+
+
 create_sshdconfig() {
         if [ -e /etc/ssh/sshd_config ] ; then
             # Upgrade an existing sshd configuration.
@@ -168,6 +175,10 @@ create_sshdconfig() {
                 update_server_key_bits
             fi
 
+            if dpkg --compare-versions "$oldversion" lt 1:6.7p1-4; then
+                update_accept_env
+            fi
+
             return 0
         fi
 
@@ -246,7 +257,7 @@ TCPKeepAlive yes
 #Banner /etc/issue.net
 
 # Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
+AcceptEnv LANG LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL
 
 Subsystem sftp /usr/lib/openssh/sftp-server