Followup on Inquiry about regreSSHion postmortem

hvjunk hvjunk at gmail.com
Wed Aug 20 22:38:48 AEST 2025 


> On 20 Aug 2025, at 13:56, Rene Malmgren <rene.malmgren at redtoken.ae> wrote:
> 
> Ok I should be clearer here, yes there are merges, but explain to me how a merge conflict would remove the two critical flags. I am not talking about surface here. I am talking about a clear step by step analysis, that shows how the flags got removed.

Let’s see, AFAIK:
 OpenSSH *main* repo (The flags were NEVER there, as it’s Linux only problem)

Picked up problem in Linux (CVE2006?)
Fixed in PORTED OpenSSH Repo (Not the main repo)

 OpenSSH *main* repo:
 Made the log -> sshlog changes, different files etc. etc. (All the Rene complains)
 NOTE: *no* #Include flags, as it is NOT a OpenBSD problem

Mass merge needed for the OpenSSH *PORTED* repo for the log file changes:
- Files changed/etc. 
-Damien blamed by Rene,
- Damien missed the two lines that where is need to be ADDED - Rene Blaming Damien for missing those flags that the OpenBSD don’t care about and was MISSED in the *PORTING*
 -Rene now claims Damien is the OpenSSH main dev, while he is *just* the porter 

And thus Rene, I think you missed the problem in the question I’ve asked you ;)



> 
> /Rene
> ________________________________
> From: Stuart Henderson <stu at spacehopper.org>
> Sent: Wednesday, August 20, 2025 3:07 PM
> To: Rene Malmgren <rene.malmgren at redtoken.ae>
> Cc: openssh-unix-dev at mindrot.org <openssh-unix-dev at mindrot.org>
> Subject: Re: Followup on Inquiry about regreSSHion postmortem
> 
> On 2025/08/20 10:41, Rene Malmgren wrote:
>> Actually, there is no evidence in the available data that such a merge even has happened
> 
> This is simply the way that cross-platform OpenSSH commits are done:
> 
> - they are first made to OpenBSD's CVS tree
> 
> - then they are later merged to openssh-portable git with an "upstream:
> XX" comment and OpenBSD-Commit-ID line (with the RCS ID line synced with
> that from the OpenBSD tree in the commit)
> 
> there is plenty of evidence of this, and nothing on the surface unusual
> about this merge commit compared with others
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list