--- /dev/null
+--- openssh-7.5p1/configure.ac.orig 2017-04-17 10:38:47.458291317 +0200
++++ openssh-7.5p1/configure.ac 2017-04-17 11:03:41.491607590 +0200
+@@ -1479,15 +1479,15 @@
+ ldns=""
+ if test "x$withval" = "xyes" ; then
+ AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
+- if test "x$PKGCONFIG" = "xno"; then
++ if test "x$LDNSCONFIG" = "xno"; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
+ LIBS="-lldns $LIBS"
+- ldns=yes
+ else
+ LIBS="$LIBS `$LDNSCONFIG --libs`"
+ CPPFLAGS="$CPPFLAGS `$LDNSCONFIG --cflags`"
+ fi
++ ldns=yes
+ elif test "x$withval" != "xno" ; then
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
+ LDFLAGS="$LDFLAGS -L${withval}/lib"
#
# Conditional build:
%bcond_without audit # sshd audit support
-%bcond_with gnome # with gnome-askpass (GNOME 1.x) utility
-%bcond_without gtk # without GTK+ (2.x)
-%bcond_without ldap # with ldap support
-%bcond_without libedit # without libedit (editline/history support in sftp client)
-%bcond_without kerberos5 # without kerberos5 support
-%bcond_without selinux # build without SELinux support
+%bcond_with gnome # gnome-askpass (GNOME 1.x) utility
+%bcond_without gtk # gnome-askpass (GTK+ 2.x) utility
+%bcond_without ldap # LDAP support
+%bcond_with ldns # DNSSEC support via libldns
+%bcond_without libedit # libedit (editline/history support in sftp client)
+%bcond_without kerberos5 # Kerberos5 support
+%bcond_without selinux # SELinux support
%bcond_without libseccomp # use libseccomp for seccomp privsep (requires 3.5 kernel)
%bcond_with hpn # High Performance SSH/SCP - HPN-SSH including Cipher NONE (broken too often)
-%bcond_without tests
+%bcond_without tests # test suite
# gtk2-based gnome-askpass means no gnome1-based
%{?with_gtk:%undefine with_gnome}
Source10: sshd-keygen
Source11: sshd.socket
Source12: sshd@.service
+Patch0: %{name}-ldns.patch
Patch1: %{name}-tests-reuseport.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
%{?with_gnome:BuildRequires: gnome-libs-devel}
%{?with_gtk:BuildRequires: gtk+2-devel}
%{?with_kerberos5:BuildRequires: heimdal-devel >= 0.7}
+%{?with_ldns:BuildRequires: ldns-devel}
%{?with_libedit:BuildRequires: libedit-devel}
BuildRequires: libseccomp-devel
%{?with_selinux:BuildRequires: libselinux-devel}
%prep
%setup -q
+%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%{__sed} -i -e 's,/usr/libexec/openssh/ssh-ldap-helper,%{_libexecdir}/ssh-ldap-helper,'
# prevent being ovewritten by aclocal calls
-mv aclocal.m4 acinclude.m4
+%{__mv} aclocal.m4 acinclude.m4
%build
cp /usr/share/automake/config.sub .
--with-ipaddr-display \
%{?with_kerberos5:--with-kerberos5=/usr} \
--with-ldap%{!?with_ldap:=no} \
+ %{?with_ldns:--with-ldns} \
%{?with_libedit:--with-libedit} \
--with-mantype=man \
--with-md5-passwords \