PR/58369 CVS commit: [netbsd-9] src/crypto/external/bsd/openssh/dist

["Martin Husemann" <martin%netbsd.org@localhost>]

The following reply was made to PR bin/58369; it has been noted by GNATS.

From: "Martin Husemann" <martin%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/58369 CVS commit: [netbsd-9] src/crypto/external/bsd/openssh/dist
Date: Wed, 9 Oct 2024 10:23:40 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Wed Oct  9 10:23:40 UTC 2024
 
 Modified Files:
 	src/crypto/external/bsd/openssh/dist [netbsd-9]: auth.c auth2.c
 
 Log Message:
 Additionaly pull up following revision(s) (requested by rin in ticket #1893):
 
 	crypto/external/bsd/openssh/dist/auth.c: revision 1.37
 	crypto/external/bsd/openssh/dist/auth2.c: revision 1.32
 
 sshd: Finally fix spurious blocklistd activation (PR bin/58369)
 
 Drop one more pfilter_notify() call from userauth_finish(),
 for single failure in authentication attempt.
 This happens for users with multiple public keys; e.g., both
 rsa and ed25519 keys are registered into ssh-agent(1), while
 only the latter is in remote authorized_keys.
 
 Instead, it is called from auth_maxtries_exceeded(), when
 authentication process is actually failed. This function is
 called also from input_userauth_request(). But I guess this
 cannot happen frequently; this path is taken with >= 1024
 failed attempts, although MaxAuthTries is 6 by default...
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.24.2.1 -r1.24.2.2 \
     src/crypto/external/bsd/openssh/dist/auth.c
 cvs rdiff -u -r1.19.2.2 -r1.19.2.3 \
     src/crypto/external/bsd/openssh/dist/auth2.c
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.