openssh unix dev - Aug 2025 - Followup on Inquiry about regreSSHion postmortem

This does in fact redirect as described.
> On 20. Aug 2025, at 23:02, hvjunk <hvjunk at gmail.com> wrote:
> 
>> 
>>
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
>> 
>> Redirects your browser via 301 to https://theannoyingsite.com/
> 
> don?t know where you get that, unless your own browser is compromised, and
I pointed you to the direct source to show you your malice.. apologies you?ve
now brainwashed me .. your stupidity/insanity of not investigating and asking
the right questions before jumping on the blame game bandwagon?

$ wget -S
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h'
--2025-08-20 23:31:17-- 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
Resolving cvsweb.openbsd.org (cvsweb.openbsd.org)... 128.100.17.243
Connecting to cvsweb.openbsd.org (cvsweb.openbsd.org)|128.100.17.243|:443...
connected.
HTTP request sent, awaiting response...    HTTP/1.1 301 Moved Permanently
  Connection: close
  Content-Security-Policy: default-src 'self'; style-src 'self'
'unsafe-inline';
  Content-Type: text/html
  Date: Wed, 20 Aug 2025 20:31:18 GMT
  Location: https://theannoyingsite.com/
  Server: OpenBSD httpd
  Transfer-Encoding: chunked
Location: https://theannoyingsite.com/ [following]
--2025-08-20 23:31:18--  https://theannoyingsite.com/
Resolving theannoyingsite.com (theannoyingsite.com)... 50.116.11.184
Connecting to theannoyingsite.com (theannoyingsite.com)|50.116.11.184|:443...
connected.
HTTP request sent, awaiting response... No data received.

strange, everytime I click on that link, it ?just opens the CVS diff logs??
tested on Safari and Brave
> On 20 Aug 2025, at 22:39, Martin Paljak <martin at martinpaljak.net>
wrote:
> 
> This does in fact redirect as described.
> 
>> On 20. Aug 2025, at 23:02, hvjunk <hvjunk at gmail.com> wrote:
>> 
>>> 
>>>
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
>>> 
>>> Redirects your browser via 301 to https://theannoyingsite.com/
>> 
>> don?t know where you get that, unless your own browser is compromised,
and I pointed you to the direct source to show you your malice.. apologies
you?ve now brainwashed me .. your stupidity/insanity of not investigating and
asking the right questions before jumping on the blame game bandwagon?
> 
> 
> $ wget -S
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h'
> --2025-08-20 23:31:17-- 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
> Resolving cvsweb.openbsd.org (cvsweb.openbsd.org)... 128.100.17.243
> Connecting to cvsweb.openbsd.org
(cvsweb.openbsd.org)|128.100.17.243|:443... connected.
> HTTP request sent, awaiting response...    HTTP/1.1 301 Moved Permanently
>  Connection: close
>  Content-Security-Policy: default-src 'self'; style-src
'self' 'unsafe-inline';
>  Content-Type: text/html
>  Date: Wed, 20 Aug 2025 20:31:18 GMT
>  Location: https://theannoyingsite.com/
>  Server: OpenBSD httpd
>  Transfer-Encoding: chunked
> Location: https://theannoyingsite.com/ [following]
> --2025-08-20 23:31:18--  https://theannoyingsite.com/
> Resolving theannoyingsite.com (theannoyingsite.com)... 50.116.11.184
> Connecting to theannoyingsite.com
(theannoyingsite.com)|50.116.11.184|:443... connected.
> HTTP request sent, awaiting response... No data received.
> 
> 
> 
>

Yes it does. A mildly annoying prank.

On 8/20/25 16:39, Martin Paljak wrote:
> This does in fact redirect as described.
> 
>> On 20. Aug 2025, at 23:02, hvjunk <hvjunk at gmail.com> wrote:
>>
>>>
>>>
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
>>>
>>> Redirects your browser via 301 to https://theannoyingsite.com/
>>
>> don?t know where you get that, unless your own browser is compromised,
and I pointed you to the direct source to show you your malice.. apologies
you?ve now brainwashed me .. your stupidity/insanity of not investigating and
asking the right questions before jumping on the blame game bandwagon?
> 
> 
> $ wget -S
'https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h'
> --2025-08-20 23:31:17-- 
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/log.c.diff?ipk=fF83_JCDCKqCJ85QEwn7jbP5Ag2cF3ZCTZ6QbjGp4RE&r1=1.52&r2=1.53&f=h
> Resolving cvsweb.openbsd.org (cvsweb.openbsd.org)... 128.100.17.243
> Connecting to cvsweb.openbsd.org
(cvsweb.openbsd.org)|128.100.17.243|:443... connected.
> HTTP request sent, awaiting response...    HTTP/1.1 301 Moved Permanently
>    Connection: close
>    Content-Security-Policy: default-src 'self'; style-src
'self' 'unsafe-inline';
>    Content-Type: text/html
>    Date: Wed, 20 Aug 2025 20:31:18 GMT
>    Location: https://theannoyingsite.com/
>    Server: OpenBSD httpd
>    Transfer-Encoding: chunked
> Location: https://theannoyingsite.com/ [following]
> --2025-08-20 23:31:18--  https://theannoyingsite.com/
> Resolving theannoyingsite.com (theannoyingsite.com)... 50.116.11.184
> Connecting to theannoyingsite.com
(theannoyingsite.com)|50.116.11.184|:443... connected.
> HTTP request sent, awaiting response... No data received.
> 
> 
> 
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev