From nobody Sat May 16 22:03:05 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gHyk12pkCz6d8Nk for ; Sat, 16 May 2026 22:03:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gHyk11C6dz3t8J for ; Sat, 16 May 2026 22:03:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1778968985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DXoxkCex8htvS+hTlJ5EJuIY1xQf7UjQLNKLVVUVR2w=; b=Hc2CREHGpoB4LxGYVnoKdoRhTpQDdg6pa3E1Z7SK+b/AXd34iH87bwcqC7bDw7ftLS0ox/ 5ATetgWi4mLg6ZxHVr+S8UVzhLJl39wDvVNE2UozKsLbDt09SWQFw9kuzSFLBJEURVUZeN VfTKnVqsG8m7/UYM4UY4AV5YubI7eRfULOAC7mAAEdPNKEHhZxz8fyeugJ3J6/Qld5SZ4a WQKrLp2BVQFXoNQd36KTaHoXiKO+FVPPhTkD5PFb86VorPAfZMcCTBwRICUV4bWsa7owcb SYjGQJ9okTKG7LAkAj376lbLhzcrkBf9r8S0AHVghZ7j3DrKQ3n04rHVeazEtg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1778968985; a=rsa-sha256; cv=none; b=RXXRXdlFBMF+UtPY3Raqd1XwElFGTt7ZkqfT/wJhefmeWA/U78ymzuWqscfsNuZxt85STL 1CKIcWg45iHglkUARERC+OaJ7j/47Q+wNOtEf1R3c93ZTsbxo8AxjDUFHaK/TNq9qReg4l 3yEra1uY8cwDhY2kVNpAJrFSJCdD/vg0B+Qor+G22x6MSm5aqKLu2hkDYpAdSvdxfnI4a2 oeQR9828FH9nXyECdejYQCrSfMyWe2Q7ejU+GTdZOBAdNrj3czlFD9jzkM8lPGPF3Jwf6z Kzg5uXM9g+wBMuDMQB1ecIGmE/toU6liC2BQaQwuahDuzI9nh2oATyFRdPtkZA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1778968985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=DXoxkCex8htvS+hTlJ5EJuIY1xQf7UjQLNKLVVUVR2w=; b=tIYrpN4wLN0mIntEYFmoM/ZPwiicP7fKY6MJWNZKwHueuAgjnC521IBEUDoGRTpcpSn8EN mi0VBaGuWC5YMBTaVAweZkOUkgjgyB5eAVxX29aNmMrOb/I/0b/a8zpiNbP3SfwQaKnmkH R1ukNRGGaMvPCiEcPvkn/15VK1WS5Lm3PjVXru9kBL3oWSoJii5dm5Sf84MQmcjEEVA2l+ FkmYjmRNYRjT1yqvcCgpfwRvFZR5T9dt7YoEtNITIoPjpeATTzAM8bUntBYZoZVV2tnnJW EWyFcZOIfkYIbUagAslR1/rIIao/iarJ+cw+pD9yMBIud/Jkc3QUmWUUl6KecA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gHyk10fLCz1C7x for ; Sat, 16 May 2026 22:03:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 43ff1 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Sat, 16 May 2026 22:03:05 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jose Luis Duran Subject: git: 3d246db08333 - main - blocklist: Add back probes List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jlduran X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3d246db08333c06df343281d5aaebfd07ea08252 Auto-Submitted: auto-generated Date: Sat, 16 May 2026 22:03:05 +0000 Message-Id: <6a08e999.43ff1.491de9e2@gitrepo.freebsd.org> The branch main has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=3d246db08333c06df343281d5aaebfd07ea08252 commit 3d246db08333c06df343281d5aaebfd07ea08252 Author: Jose Luis Duran AuthorDate: 2026-05-16 22:00:02 +0000 Commit: Jose Luis Duran CommitDate: 2026-05-16 22:00:02 +0000 blocklist: Add back probes The banner exchange was moved to the sshd-auth process in upstream commit bb781f02d4efd178e329a62a838962bee16e3e9b. Add it back. Add back fatal exit probe. NetBSD PR: bin/60270 (GNATS) Reviewed by: emaste Fixes: 2574974648c6 ("OpenSSH: Update to 10.3p1") Differential Revision: https://reviews.freebsd.org/D57027 --- crypto/openssh/sshd-auth.c | 5 ++++- crypto/openssh/sshd-session.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/openssh/sshd-auth.c b/crypto/openssh/sshd-auth.c index 76350a2a3501..e335bda8ee48 100644 --- a/crypto/openssh/sshd-auth.c +++ b/crypto/openssh/sshd-auth.c @@ -96,6 +96,7 @@ #include "srclimit.h" #include "ssh-sandbox.h" #include "dh.h" +#include "blocklist_client.h" /* Privsep fds */ #define PRIVSEP_MONITOR_FD (STDERR_FILENO + 1) @@ -812,8 +813,10 @@ do_ssh2_kex(struct ssh *ssh) free(hkalgs); if ((r = kex_exchange_identification(ssh, -1, - options.version_addendum)) != 0) + options.version_addendum)) != 0) { + BLOCKLIST_NOTIFY(ssh, BLOCKLIST_AUTH_FAIL, "Banner exchange"); sshpkt_fatal(ssh, r, "banner exchange"); + } mm_sshkey_setcompat(ssh); /* tell monitor */ if ((ssh->compat & SSH_BUG_NOREKEY)) diff --git a/crypto/openssh/sshd-session.c b/crypto/openssh/sshd-session.c index ae41b4d7595f..26a361fe621e 100644 --- a/crypto/openssh/sshd-session.c +++ b/crypto/openssh/sshd-session.c @@ -1369,8 +1369,11 @@ cleanup_exit(int i) audit_event(the_active_state, SSH_CONNECTION_ABANDON); #endif /* Override default fatal exit value when auth was attempted */ - if (i == 255 && monitor_auth_attempted()) + if (i == 255 && monitor_auth_attempted()) { + BLOCKLIST_NOTIFY(the_active_state, BLOCKLIST_AUTH_FAIL, + "Fatal exit"); _exit(EXIT_AUTH_ATTEMPTED); + } if (i == 255 && monitor_invalid_user()) _exit(EXIT_INVALID_USER); _exit(i);