From nobody Sat May 16 22:03:05 2026 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gHyk65T7Yz6d8RY for ; Sat, 16 May 2026 22:03:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gHyk63m7Yz3t8x for ; Sat, 16 May 2026 22:03:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1778968990; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DXoxkCex8htvS+hTlJ5EJuIY1xQf7UjQLNKLVVUVR2w=; b=Ux5ibQmABtWSY2yF6mGtN2e4by+6/CeYi8XCWoQ8QdQeox0TYPpLRDVKV4Wi4jDHXAkRf6 VH5bEN68RaqxEQc2WLAsDAqmKRMXX0Sh6ktXcxr01uvaLAHUYlqACUSBHr2uLuYD9spLlz 9OY3l0OwFsBZCv4sxq8Qv2kuXR/1hsTJpX6WLeWFkZBs05uH1qwDx9QdzZ6t6tQqh7Wta4 bEyiAt3pRe6lTV/amnWPk4tXXmnd4zUikeOwDORrlcS8ZyN0HgYClx5EpFtlL66TutACBK QPuJ1O+qstFo4OYGitPud+oCyM18Tai6CgGIs/kw9int5Ee3+l/30YRbsGWc7w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778968990; a=rsa-sha256; cv=none; b=ZjWoDEMjIqvf//JRLIDkWwvEMbu4ykYvZZ3qyV3Z4fDkKTCeAQ14hFYtqNrNSdBuz3p7+F GoGlO1LmrKPNY8CKu0gjqRxvZxmQGbsrhhW9NKlopnnC7CexQN1LFddWRj4KodubCHb9b9 S/ba77MayoJP3cneSVhfV90x5xSXP+7MdophsA3mgTL2p9tK//lrpxr7d2ZWeT5g35fkxS HgazIZ4Wg0TH56zNJhjKcsmXbyxeFHqrZk0XOMCL0DibrmH3wvFSBasYB1PBqWo3ShlUL/ f42AgsbcyBkX7a7+jAOiBSWURX2U4KAR1/Rf7MNa0n8i8izH8EdD59NcDiy5MQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1778968990; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DXoxkCex8htvS+hTlJ5EJuIY1xQf7UjQLNKLVVUVR2w=; b=yRKSJ4Difdh/zYaEgcfJEEgNTEp+vVaOcYuN5+yUR9PbA6HjBNyaBVnhHl+vZ+QVCmq7E6 ulBl559CS6KN0ESl/O++CZtNayLfjKeX2PqLilhzVQ+UyjiChdteUsCNdaMzyWYGSutYLY kwy+j/lGTJxbZlu0No+2RC/mL1Ky1uP1waYZH2sKN76CwOPLSHVeP1i+PjQRqvHc6p1br3 IxHqYfHA4tRKwuO7K2eeYyDfR2kTh5TztCJ+YnYAnudB7Mo8B8/KebPsiOv1knNU/H86ta pRfv3LKKqokjbfq0aoNcI6/Lj5/xnPU6C0FYxF3jVBic+vZ0uf6mnjq1dR1lKQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gHyk63Mncz1C7c for ; Sat, 16 May 2026 22:03:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 43ff1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sat, 16 May 2026 22:03:05 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jose Luis Duran Subject: git: 3d246db08333 - main - blocklist: Add back probes List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3d246db08333c06df343281d5aaebfd07ea08252 Auto-Submitted: auto-generated Date: Sat, 16 May 2026 22:03:05 +0000 Message-Id: <6a08e999.43ff1.491de9e2@gitrepo.freebsd.org> The branch main has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=3d246db08333c06df343281d5aaebfd07ea08252 commit 3d246db08333c06df343281d5aaebfd07ea08252 Author: Jose Luis Duran AuthorDate: 2026-05-16 22:00:02 +0000 Commit: Jose Luis Duran CommitDate: 2026-05-16 22:00:02 +0000 blocklist: Add back probes The banner exchange was moved to the sshd-auth process in upstream commit bb781f02d4efd178e329a62a838962bee16e3e9b. Add it back. Add back fatal exit probe. NetBSD PR: bin/60270 (GNATS) Reviewed by: emaste Fixes: 2574974648c6 ("OpenSSH: Update to 10.3p1") Differential Revision: https://reviews.freebsd.org/D57027 --- crypto/openssh/sshd-auth.c | 5 ++++- crypto/openssh/sshd-session.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/sshd-auth.c b/crypto/openssh/sshd-auth.c index 76350a2a3501..e335bda8ee48 100644 --- a/crypto/openssh/sshd-auth.c +++ b/crypto/openssh/sshd-auth.c @@ -96,6 +96,7 @@ #include "srclimit.h" #include "ssh-sandbox.h" #include "dh.h" +#include "blocklist_client.h" /* Privsep fds */ #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1) @@ -812,8 +813,10 @@ do_ssh2_kex(struct ssh *ssh) free(hkalgs); if ((r = kex_exchange_identification(ssh, -1, - options.version_addendum)) != 0) + options.version_addendum)) != 0) { + BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, "Banner exchange"); sshpkt_fatal(ssh, r, "banner exchange"); + } mm_sshkey_setcompat(ssh); /* tell monitor */ if ((ssh->compat & SSH_BUG_NOREKEY)) diff --git a/crypto/openssh/sshd-session.c b/crypto/openssh/sshd-session.c index ae41b4d7595f..26a361fe621e 100644 --- a/crypto/openssh/sshd-session.c +++ b/crypto/openssh/sshd-session.c @@ -1369,8 +1369,11 @@ cleanup_exit(int i) audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif /* Override default fatal exit value when auth was attempted */ - if (i == 255 && monitor_auth_attempted()) + if (i == 255 && monitor_auth_attempted()) { + BLOCKLIST_NOTIFY(the_active_state, BLOCKLIST_AUTH_FAIL, + "Fatal exit"); _exit(EXIT_AUTH_ATTEMPTED); + } if (i == 255 && monitor_invalid_user()) _exit(EXIT_INVALID_USER); _exit(i);