|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: sorry to ruin several of your evenings...
"Tony Rall" <[email protected]> writes: > It is not clear to me what incentive there is for someone running 8.2.2P7 > to upgrade to 8.3. In particular, it does not appear (from the ISC web > site or from Paul's msgs) that 8.3 fixes any security flaws in 8.2.2P7. If you look at a source diff between 8.2.2-P7 and 8.2.3, you might be scared at some of the little things that were fixed. (There's a lot of stuff added, too, as one might expect of a release and it is obviously possible that there are problems introduced within those areas too.) I can't comment about the big changes - I don't know the code well enough - but there are a number of changes like this: - if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) > size) { + if (SPRINTF((tmp, fmt, src[0], src[1], src[2], src[3])) >= size) { and - if (size < sizeof "255.") + if (size <= sizeof "255.") that make me willing to upgrade (presupposing they went the right way!) My favourite inconsequential but useful change, which someone else in this thread referred to, has to be: - "No default TTL set using SOA minimum instead"); + "No default TTL ($TTL <value>) set, using SOA minimum instead"); James.
|