sorry to ruin several of your evenings...
James R Grinter
jrg at blodwen.demon.co.uk
Sun Jan 28 14:20:23 UTC 2001
"Tony Rall" <trall at almaden.ibm.com> writes:
> It is not clear to me what incentive there is for someone running 8.2.2P7
> to upgrade to 8.3. In particular, it does not appear (from the ISC web
> site or from Paul's msgs) that 8.3 fixes any security flaws in 8.2.2P7.
If you look at a source diff between 8.2.2-P7 and 8.2.3, you might be
scared at some of the little things that were fixed. (There's a lot of
stuff added, too, as one might expect of a release and it is obviously
possible that there are problems introduced within those areas too.)
I can't comment about the big changes - I don't know the code well
enough - but there are a number of changes like this:
- if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) {
+ if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) {
and
- if (size < sizeof "255.")
+ if (size <= sizeof "255.")
that make me willing to upgrade (presupposing they went the right way!)
My favourite inconsequential but useful change, which someone else in
this thread referred to, has to be:
- "No default TTL set using SOA minimum instead");
+ "No default TTL ($TTL <value>) set, using SOA minimum instead");
James.
More information about the NANOG
mailing list