Dear All,
The answer is that 4.0E is indeed a poor relation and that we shouldn't
expect any kind of support or fixes at all for it. Thanks to Claudine
Berthoud for pointing me to
http://www.tru64unix.compaq.com/supported_versions.html and thanks to Tom
Blinn for a more detailed description (see below).
So my immediate solution is to add Bind to the list of networking
products that I have to compile myself because the Compaq version is
inadequate or non-existent (ssh, tcpd, portmap, ftpd, dhcpd ...).
I guess in the summer we will upgrade to 4.0G (it had not arrived last
summer so I couldn't upgrade then. Summer is the only time we can take the
systems down long enough to do a major upgrade).
In the longer term I aim to kick out all the proprietary
Unixes and switch to Linux.
Here is Tom's answer in full:
"Maybe you missed the announcement along the way, but V4.0E is NO LONGER
supported AT ALL by Compaq. NO NEW PATCHES EVER. We no longer maintain
a build environment for V4.0E in which patches could be developed. END
OF SUPPORT LIFE.
The upgrade from V4.0E to V4.0G (the current and last release in the V4.0x
stream) is free for the cost of media. V4.0G will be support long after
V4.0D is fully retired, and long after V4.0F is fully retired. If you DO
want to continue to run a V4.0x based release and expect to get patches,
you MUST upgrade to at least V4.0F, and you be crazy to not just get to
V4.0G."
Here is my original message:
>
> I'm feeling a bit left out. Yesterday a whole load of patch announcements
> arrived, including one for the serious bind security hole (fixed by SuSE
> back in January). These announcements mention every OS from 4.0D upwards
> *except* 4.0E. Is 4.0E some kind of poor relation?
>
> The only reason we upgraded from 4.0D to 4.0E was because at the time we
> were recommended to by Compaq in order to continue getting support (yes, I
> know, 4.0E isn't fully supported either any more. But there should at lest
> be security fixes).
>
> Here is a typical extract from one of the announcements:
>
> IMPACT: Multiple Potential Security Issues in BIND
> (X-REF: CERT CA-2000-20 & CERT CA-2001-02 )
> Versions Affected: Compaq Tru64 UNIX V4.0d, V4.0f, V4.0g,
> V5.0, V5.0a, V5.1
> Versions Not Affected: TCP/IP Services for Compaq OpenVMS
>
>
> There have also been absolutely no patches to 4.0E since March 2000 which
> is rather surprising. Does anyone know whether we can still expect to
> receive security fixes for 4.0E?
Bob
==============================================================
Bob Vickers R.Vickers_at_cs.rhul.ac.uk
Dept of Computer Science, Royal Holloway, University of London
WWW:
http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691
Received on Wed Feb 28 2001 - 17:11:29 NZDT