From www@netbsd.org Sat May 16 06:31:34 2026 Return-Path: Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.netbsd.org", Issuer "R13" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id A1F101A923A for ; Sat, 16 May 2026 06:31:34 +0000 (UTC) Message-Id: <20260516063133.561E51A923C@mollari.NetBSD.org> Date: Sat, 16 May 2026 06:31:33 +0000 (UTC) From: jlduran@FreeBSD.org Reply-To: jlduran@FreeBSD.org To: gnats-bugs@NetBSD.org Subject: blocklist: Add back probes X-Send-Pr-Version: www-1.0 X-From4GNATS: "jlduran@FreeBSD.org via gnats" >Number: 60270 >Category: bin >Synopsis: blocklist: Add back probes >Confidential: no >Severity: serious >Priority: medium >Responsible: christos >State: open >Class: sw-bug >Submitter-Id: net >Arrival-Date: Sat May 16 02:35:00 -0400 2026 >Last-Modified: Sat May 16 09:23:54 -0400 2026 >Originator: Jose Luis Duran >Release: trunk >Organization: FreeBSD >Environment: >Description: These probes were accidentally removed in sshd-session.c,v 1.12. The banner exchange was moved to the sshd-auth process in upstream commit bb781f02d4efd178e329a62a838962bee16e3e9b. >How-To-Repeat: N/A >Fix: Subject: [PATCH] blocklist: Add back probes These probes were accidentally removed in sshd-session.c,v 1.12. The banner exchange was moved to the sshd-auth process in upstream commit bb781f02d4efd178e329a62a838962bee16e3e9b. --- crypto/external/bsd/openssh/dist/sshd-auth.c | 6 +++++- crypto/external/bsd/openssh/dist/sshd-session.c | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/external/bsd/openssh/dist/sshd-auth.c b/crypto/external/bsd/openssh/dist/sshd-auth.c index c460e4bbbc2a..a5da53173eed 100644 --- a/crypto/external/bsd/openssh/dist/sshd-auth.c +++ b/crypto/external/bsd/openssh/dist/sshd-auth.c @@ -100,6 +100,8 @@ __RCSID("$NetBSD: sshd-auth.c,v 1.5 2026/04/08 18:58:41 christos Exp $"); #include "srclimit.h" #include "dh.h" +#include "pfilter.h" + /* Privsep fds */ #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1) #define PRIVSEP_LOG_FD (STDERR_FILENO + 2) @@ -787,8 +789,10 @@ do_ssh2_kex(struct ssh *ssh) free(hkalgs); if ((r = kex_exchange_identification(ssh, -1, - options.version_addendum)) != 0) + options.version_addendum)) != 0) { + pfilter_notify(1); sshpkt_fatal(ssh, r, "banner exchange"); + } mm_sshkey_setcompat(ssh); /* tell monitor */ if ((ssh->compat & SSH_BUG_NOREKEY)) diff --git a/crypto/external/bsd/openssh/dist/sshd-session.c b/crypto/external/bsd/openssh/dist/sshd-session.c index 9cf56d786e8e..fba96b7a9feb 100644 --- a/crypto/external/bsd/openssh/dist/sshd-session.c +++ b/crypto/external/bsd/openssh/dist/sshd-session.c @@ -1342,8 +1342,10 @@ cleanup_exit(int i) } } /* Override default fatal exit value when auth was attempted */ - if (i == 255 && monitor_auth_attempted()) + if (i == 255 && monitor_auth_attempted()) { + pfilter_notify(1); _exit(EXIT_AUTH_ATTEMPTED); + } if (i == 255 && monitor_invalid_user()) _exit(EXIT_INVALID_USER); _exit(i); -- Jose Luis Duran >Release-Note: >Audit-Trail: Responsible-Changed-From-To: bin-bug-people->christos Responsible-Changed-By: riastradh@NetBSD.org Responsible-Changed-When: Sat, 16 May 2026 13:23:54 +0000 Responsible-Changed-Why: over to blocklistd maintainer >Unformatted: >Notify-List: