sshd Library order fix, not patched by freebsd-update?

[Karl Pielorz]

Hi,

A long time ago (around 2014/04/12) a number of people (including me) found 
an issue with sshd - to do with the library bind order (as best as I can 
explain) - whereby sshd would get 'stuck' and leave a lot of zombied sshd's 
hanging around. This was traced eventually to libthr being 'after' libc 
(again, as far as I can remember).

This fix, according to Konstantin Belousov:

"was committed in r265313 to stable/10, and in r265314 to stable/9,
although the later was not strictly necessary."

(Which it was)

However, on our new 10.0-RELEASE-p9 systems - this bug still exists (as I'd 
guess it is not patched by freebsd-update).

This creates a nasty denial of service issue (you can get effectively 
locked out of machines, because ssh access to an affected machine results 
in 'ssh_exchange_identification: Connection closed by remote host'.

One known trigger for this is our monthly network scans.

Is there any chance to get this fix incorporated as a 'freebsd-update' fix 
- rather than us having to take those machines to -STABLE? (with all the 
hassle that intones) - or messing around having to compile up, and replace 
sshd on affected systems.

In our eyes here - this is a security issue, as it can result in a DoS 
situation for sshd? - And there is a known good / working fix for it 
(r265313).

Obviously I have little idea of the processes involved in what does, or 
doesn't get picked up by freebsd-update, but as the saying goes - if you 
don't (politely) ask, you don't get...


Thanks,

-Karl