diff --git a/SOURCES/openssh-7.4p1-usedns-yes.patch b/SOURCES/openssh-7.4p1-usedns-yes.patch new file mode 100644 index 0000000..492e9c0 --- /dev/null +++ b/SOURCES/openssh-7.4p1-usedns-yes.patch @@ -0,0 +1,46 @@ +Revert 3cd5103c1e1aaa59bd66f7f52f6ebbcd5deb12f9 + +diff --git a/servconf.c b/servconf.c +index 475076bf2..318546290 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -308,7 +308,7 @@ fill_default_server_options(ServerOptions *options) + if (options->max_sessions == -1) + options->max_sessions = DEFAULT_SESSIONS_MAX; + if (options->use_dns == -1) +- options->use_dns = 0; ++ options->use_dns = 1; + if (options->client_alive_interval == -1) + options->client_alive_interval = 0; + if (options->client_alive_count_max == -1) +diff --git a/sshd_config b/sshd_config +index e9045bc4d..c9042ac3c 100644 +--- a/sshd_config ++++ b/sshd_config +@@ -112,7 +112,7 @@ UsePrivilegeSeparation sandbox # Default for new installations. + #ClientAliveInterval 0 + #ClientAliveCountMax 3 + #ShowPatchLevel no +-#UseDNS no ++#UseDNS yes + #PidFile /var/run/sshd.pid + #MaxStartups 10:30:100 + #PermitTunnel no +diff --git a/sshd_config.5 b/sshd_config.5 +index 4fd93d68e..cf57c609f 100644 +--- a/sshd_config.5 ++++ b/sshd_config.5 +@@ -1379,10 +1379,12 @@ should look up the remote host name and check that + should look up the remote host name, and to check that + the resolved host name for the remote IP address maps back to the + very same IP address. ++The default is ++.Dq yes . + .Pp + If this option is set to + .Cm no +-(the default) then only addresses and not host names may be used in ++then only addresses and not host names may be used in + .Pa ~/.ssh/authorized_keys + .Cm from + and diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 6f417e6..69a8ae4 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -64,7 +64,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 7.4p1 -%define openssh_rel 11 +%define openssh_rel 12 %define pam_ssh_agent_ver 0.10.3 %define pam_ssh_agent_rel 1 @@ -237,6 +237,8 @@ Patch953: openssh-7.4p1-sandbox-ppc64le.patch Patch954: openssh-7.4p1-ControlPath_too_long.patch # sandbox-seccomp for ibmca engine from upstream (#1451809) Patch955: openssh-7.4p1-sandbox-ibmca.patch +# Back to UseDNS=yes by default (#1478175) +Patch956: openssh-7.4p1-usedns-yes.patch License: BSD Group: Applications/Internet @@ -484,6 +486,7 @@ popd %patch953 -p1 -b .seccomp %patch954 -p1 -b .ControlPath %patch955 -p1 -b .ibmca +%patch956 -p1 -b .usedns %patch200 -p1 -b .audit %patch202 -p1 -b .audit-race @@ -809,6 +812,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Mon Aug 07 2017 Jakub Jelen - 7.4p1-12 + 0.10.3-1 +- Revert upstream change to UseDNS=no back to yes (#1478175) + * Mon May 22 2017 Jakub Jelen - 7.4p1-11 + 0.10.3-1 - Compiler warnings (#1341754)