NetBSD 7.0.1 发布,安全修复版本

NetBSD 7.0.1 发布,这是一个 bug 修复和安全维护版本,修复的安全方面问题包括:


  • BIND: Update to 9.10.3-P4.

  • expat: Fix CVE-2016-0718.

  • NTP: Update to 4.2.8p7.

  • OpenSSH: Fix CVE-2015-5352, CVE-2015-6565, CVE-2015-8325, and      CVE-2016-0777.

  • OpenSSL: Update to 1.0.1t.

  • xen: Fix XSA155 (CVE-2015-8550).


  • Add to ssh_known_hosts.

  • Avoid "vnconfig -l" infinite loop with netbsd-6 or older userland.

  • Avoid a crash when mounting an ados file system.

  • Avoid a panic when unplugging a mounted umass(4) device.  PR kern/50467.

  • Don't leak garbage from the kernel stack on sleep(0) and equivalents.

  • Fix ARM1136 function selection. PR port-arm/50512.

  • Fix a crash in NFS.  PR kern/50664.

  • Fix a crash when tmpfs fills up.  PR kern/50381.

  • Fix a crash with alc(4).  PR kern/50206.

  • Fix i386 PAE kernels.  PR port-i386/48196.

  • Fix sftp filename completion.  PR bin/50564.

  • Fix two crashes with gif(4).

  • ODROID-C1: Fix a problem when trying to use the network if the cable      wasn't plugged in at boot.

  • Prevent a deadlock with two null mounts on the same physical mount.  PR      kern/50375.

  • Resolve hostnames with "_".  PR lib/50367.

  • Update root.cache to 20160323.

  • Update tzdata to 2016b.

  • bozohttpd(8): Update to 20160415.  Changes:

    • add CGI support for ~user translation (-E switch)

    • add redirects to ~user translation

    • fix bugs around ~user translation

    • add schema detection for absolute redirects

    • fixed few memory leaks

    • bunch of minor tweaks

    • removed -r support

    • smarter redirects

    • fix redirection handling

    • support transport stream (.ts) and video object (.vob) files

    • directory listings show correct file sizes for large files

    • add search-word support for CGI

    • fix a security issue in CGI suffix handler support which would            allow remote code execution

    • -C option supports now CGI scripts only

  • cp(1), mv(1), restore(8), touch(1): Don't truncate at sub-microsecond      while preserving timestamps.

  • cvs(1): Remove trailing whitespace from imported messages when adding      new files.

  • drm2: Avoid NULL dereference in linux_worker_intr().  PR kern/49560.

  • hp300: Fix panic on machines without arcofi(4) audio.

  • i386: Fix booting on early 486 CPUs that don't have cpuid.

  • ndp(8): Fix ndp to ipv6 link-local addresses.

  • sparc64: Numerous fixes to compat_netbsd32.

  • terminfo: Correct the x68k's backspace key behavior.

  • x86: Add missing gptmbr.bin to ramdisk-based install media.  PR      install/50311.

  • x86: Make fix for AMD erratum 721 actually work.