diff options
author | Colin Watson <cjwatson@debian.org> | 2014-11-06 10:32:11 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-11-06 11:19:05 +0000 |
commit | 3877ccdad6c7ba342531508e1d41d1d816b2a7c7 (patch) | |
tree | ad411f8c5034b4e377a0be81c3cfc291b1f66afb /debian/patches/debian-config.patch | |
parent | 4b17ed4c6a5106a0f9a83e734ec67a4067ad36b5 (diff) | |
parent | 44f0937b56758f662ff388d474213107e3290863 (diff) |
Send/accept only specific known LC_* variables, rather than using a wildcard (closes: #765633).
Diffstat (limited to 'debian/patches/debian-config.patch')
-rw-r--r-- | debian/patches/debian-config.patch | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 661d30ca8..f81d731f1 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 762c062828f5a8f6ed189ed6e44ad38fd92f8b36 Mon Sep 17 00:00:00 2001 | 1 | From 44f0937b56758f662ff388d474213107e3290863 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 |
4 | Subject: Various Debian-specific configuration changes | 4 | Subject: Various Debian-specific configuration changes |
@@ -22,16 +22,16 @@ debian/openssh-server.postinst. | |||
22 | 22 | ||
23 | Author: Russ Allbery <rra@debian.org> | 23 | Author: Russ Allbery <rra@debian.org> |
24 | Forwarded: not-needed | 24 | Forwarded: not-needed |
25 | Last-Update: 2014-02-12 | 25 | Last-Update: 2014-11-06 |
26 | 26 | ||
27 | Patch-Name: debian-config.patch | 27 | Patch-Name: debian-config.patch |
28 | --- | 28 | --- |
29 | readconf.c | 2 +- | 29 | readconf.c | 2 +- |
30 | ssh_config | 7 ++++++- | 30 | ssh_config | 7 ++++++- |
31 | ssh_config.5 | 19 ++++++++++++++++++- | 31 | ssh_config.5 | 23 ++++++++++++++++++++++- |
32 | sshd_config | 1 + | 32 | sshd_config | 1 + |
33 | sshd_config.5 | 25 +++++++++++++++++++++++++ | 33 | sshd_config.5 | 29 +++++++++++++++++++++++++++++ |
34 | 5 files changed, 51 insertions(+), 3 deletions(-) | 34 | 5 files changed, 59 insertions(+), 3 deletions(-) |
35 | 35 | ||
36 | diff --git a/readconf.c b/readconf.c | 36 | diff --git a/readconf.c b/readconf.c |
37 | index 0648867..29338b6 100644 | 37 | index 0648867..29338b6 100644 |
@@ -47,7 +47,7 @@ index 0648867..29338b6 100644 | |||
47 | options->forward_x11_timeout = 1200; | 47 | options->forward_x11_timeout = 1200; |
48 | if (options->exit_on_forward_failure == -1) | 48 | if (options->exit_on_forward_failure == -1) |
49 | diff --git a/ssh_config b/ssh_config | 49 | diff --git a/ssh_config b/ssh_config |
50 | index 228e5ab..c9386aa 100644 | 50 | index 228e5ab..91be1e7 100644 |
51 | --- a/ssh_config | 51 | --- a/ssh_config |
52 | +++ b/ssh_config | 52 | +++ b/ssh_config |
53 | @@ -17,9 +17,10 @@ | 53 | @@ -17,9 +17,10 @@ |
@@ -66,15 +66,15 @@ index 228e5ab..c9386aa 100644 | |||
66 | # VisualHostKey no | 66 | # VisualHostKey no |
67 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 67 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
68 | # RekeyLimit 1G 1h | 68 | # RekeyLimit 1G 1h |
69 | + SendEnv LANG LC_* | 69 | + SendEnv LANG LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL |
70 | + HashKnownHosts yes | 70 | + HashKnownHosts yes |
71 | + GSSAPIAuthentication yes | 71 | + GSSAPIAuthentication yes |
72 | + GSSAPIDelegateCredentials no | 72 | + GSSAPIDelegateCredentials no |
73 | diff --git a/ssh_config.5 b/ssh_config.5 | 73 | diff --git a/ssh_config.5 b/ssh_config.5 |
74 | index a1005ba..da3c177 100644 | 74 | index a1005ba..5985769 100644 |
75 | --- a/ssh_config.5 | 75 | --- a/ssh_config.5 |
76 | +++ b/ssh_config.5 | 76 | +++ b/ssh_config.5 |
77 | @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more | 77 | @@ -71,6 +71,26 @@ Since the first obtained value for each parameter is used, more |
78 | host-specific declarations should be given near the beginning of the | 78 | host-specific declarations should be given near the beginning of the |
79 | file, and general defaults at the end. | 79 | file, and general defaults at the end. |
80 | .Pp | 80 | .Pp |
@@ -87,7 +87,11 @@ index a1005ba..da3c177 100644 | |||
87 | +.Pp | 87 | +.Pp |
88 | +.Bl -bullet -offset indent -compact | 88 | +.Bl -bullet -offset indent -compact |
89 | +.It | 89 | +.It |
90 | +.Cm SendEnv No LANG LC_* | 90 | +.Cm SendEnv No LANG Xo |
91 | +.No LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT | ||
92 | +.No LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME | ||
93 | +.No LC_ALL | ||
94 | +.Xc | ||
91 | +.It | 95 | +.It |
92 | +.Cm HashKnownHosts No yes | 96 | +.Cm HashKnownHosts No yes |
93 | +.It | 97 | +.It |
@@ -97,7 +101,7 @@ index a1005ba..da3c177 100644 | |||
97 | The configuration file has the following format: | 101 | The configuration file has the following format: |
98 | .Pp | 102 | .Pp |
99 | Empty lines and lines starting with | 103 | Empty lines and lines starting with |
100 | @@ -673,7 +689,8 @@ token used for the session will be set to expire after 20 minutes. | 104 | @@ -673,7 +693,8 @@ token used for the session will be set to expire after 20 minutes. |
101 | Remote clients will be refused access after this time. | 105 | Remote clients will be refused access after this time. |
102 | .Pp | 106 | .Pp |
103 | The default is | 107 | The default is |
@@ -120,10 +124,10 @@ index d9b8594..4db32f5 100644 | |||
120 | #StrictModes yes | 124 | #StrictModes yes |
121 | #MaxAuthTries 6 | 125 | #MaxAuthTries 6 |
122 | diff --git a/sshd_config.5 b/sshd_config.5 | 126 | diff --git a/sshd_config.5 b/sshd_config.5 |
123 | index 7396b23..7aa7b47 100644 | 127 | index 7396b23..09bb5fe 100644 |
124 | --- a/sshd_config.5 | 128 | --- a/sshd_config.5 |
125 | +++ b/sshd_config.5 | 129 | +++ b/sshd_config.5 |
126 | @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes | 130 | @@ -57,6 +57,35 @@ Arguments may optionally be enclosed in double quotes |
127 | .Pq \&" | 131 | .Pq \&" |
128 | in order to represent arguments containing spaces. | 132 | in order to represent arguments containing spaces. |
129 | .Pp | 133 | .Pp |
@@ -145,7 +149,11 @@ index 7396b23..7aa7b47 100644 | |||
145 | +.It | 149 | +.It |
146 | +.Cm PrintMotd No no | 150 | +.Cm PrintMotd No no |
147 | +.It | 151 | +.It |
148 | +.Cm AcceptEnv No LANG LC_* | 152 | +.Cm AcceptEnv No LANG Xo |
153 | +.No LC_ADDRESS LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT | ||
154 | +.No LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME | ||
155 | +.No LC_ALL | ||
156 | +.Xc | ||
149 | +.It | 157 | +.It |
150 | +.Cm Subsystem No sftp /usr/lib/openssh/sftp-server | 158 | +.Cm Subsystem No sftp /usr/lib/openssh/sftp-server |
151 | +.It | 159 | +.It |