From c751614a1528da5e3a31a3c1465ec7c780811855 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Fri, 21 Sep 2018 03:11:36 +0000
Subject: [PATCH] Treat connections with ProxyJump specified the same as ones
 with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't
 try to canonicalise the hostname unless CanonicalizeHostname is set to
 'always').

Patch from Sven Wegener via bz#2896
---
 usr.bin/ssh/ssh.c        | 7 +++----
 usr.bin/ssh/ssh_config.5 | 8 +++++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 358ac5a45c7..d96fba9b401 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.492 2018/09/20 03:31:49 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.493 2018/09/21 03:11:36 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1113,10 +1113,9 @@ main(int ac, char **av)
 	if (addrs == NULL && options.num_permitted_cnames != 0 && (direct ||
 	    options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
 		if ((addrs = resolve_host(host, options.port,
-		    option_clear_or_none(options.proxy_command),
-		    cname, sizeof(cname))) == NULL) {
+		    direct, cname, sizeof(cname))) == NULL) {
 			/* Don't fatal proxied host names not in the DNS */
-			if (option_clear_or_none(options.proxy_command))
+			if (direct)
 				cleanup_exit(255); /* logged in resolve_host */
 		} else
 			check_follow_cname(direct, &host, cname);
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index e8d881789d7..1bf183449f6 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.283 2018/09/20 06:58:48 jmc Exp $
-.Dd $Mdocdate: September 20 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.284 2018/09/21 03:11:36 djm Exp $
+.Dd $Mdocdate: September 21 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -290,7 +290,9 @@ hostname lookups.
 If set to
 .Cm yes
 then, for connections that do not use a
-.Cm ProxyCommand ,
+.Cm ProxyCommand
+or
+.Cm ProxyJump ,
 .Xr ssh 1
 will attempt to canonicalize the hostname specified on the command line
 using the
-- 
2.20.1