nanog mailing list archives
Re: sorry to ruin several of your evenings...
From: jrg () blodwen demon co uk (James R Grinter)
Date: 28 Jan 2001 14:20:23 +0000
"Tony Rall" <trall () almaden ibm com> writes:
It is not clear to me what incentive there is for someone running 8.2.2P7 to upgrade to 8.3. In particular, it does not appear (from the ISC web site or from Paul's msgs) that 8.3 fixes any security flaws in 8.2.2P7.
If you look at a source diff between 8.2.2-P7 and 8.2.3, you might be scared at some of the little things that were fixed. (There's a lot of stuff added, too, as one might expect of a release and it is obviously possible that there are problems introduced within those areas too.) I can't comment about the big changes - I don't know the code well enough - but there are a number of changes like this: - if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) { + if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) { and - if (size < sizeof "255.") + if (size <= sizeof "255.") that make me willing to upgrade (presupposing they went the right way!) My favourite inconsequential but useful change, which someone else in this thread referred to, has to be: - "No default TTL set using SOA minimum instead"); + "No default TTL ($TTL <value>) set, using SOA minimum instead"); James.
Current thread:
- Re: sorry to ruin several of your evenings..., (continued)
- Re: sorry to ruin several of your evenings... Paul A Vixie (Feb 24)
- Re: sorry to ruin several of your evenings... Thomas Kernen (Feb 24)
- Re: sorry to ruin several of your evenings... Paul Vixie (Feb 24)
- Re: sorry to ruin several of your evenings... Marc MERLIN (Feb 24)
- Re: BIND-9 vs. BIND-8 config incompatabilities continued.... Greg A. Woods (Feb 24)
- Re: BIND-9 vs. BIND-8 config incompatabilities continued.... poptix (Feb 24)
- Re: sorry to ruin several of your evenings... jamie rishaw (Feb 24)
- Re: sorry to ruin several of your evenings... James R Grinter (Feb 24)