THIS IS AN OVERVIEW OVER THE MORE SEVERE BUGS THAT ANNOY LEAFNODE USERS This document is by no means complete. Check NEWS and ChangeLog for the full round-up on bugs fixed in leafnode - particularly, not all security bugs are listed here! Legend: TRIGG: means trigger NEW IN: describes the version when the bug was introduced. "Old" means before 1.9.20. RATE: estimates how severe the bug is. ------------------------------------------------------------------------ BUG: - connection hang while fetching header CVE: 2005-1911 RATE: MODERATE FIXED: 1.11.3 CREDIT: Adam Funk BUG: - connection abort while article is read causes fetchnews crash CVE: 2005-1453 RATE: MODERATE NEW IN: 1.9.52 FIXED: 1.11.2 BUG: - connection abort while header is read causes fetchnews crash CVE: 2005-1453 RATE: MODERATE NEW IN: 1.9.48 FIXED: 1.11.2 BUG: - fetchnews does not support IPv6 RATE: MINOR FIXED: 1.11.0 BUG: - cannot use # in passwords RATE: MINOR FIXED: 1.11.0 BUG: - empty groups expire prematurely RATE: MODERATE FIXED: 1.10.8 CREDIT: Brian Sammon BUG: - runtime failure on old systems with broken snprintf RATE: CRITICAL FIXED: 1.10.7 CREDIT: Michael Bäuerle BUG: - failing server with noactive still requests active update RATE: MODERATE FIXED: 1.10.6 CREDIT: Brian Sammon (analysis and patch) BUG: - duplicates in delaybody mode RATE: MINOR TRIGG: classic delaybody mode (delaybody_in_situ is unset) NEW IN: 1.9.50 FIXED: 1.10.5 CREDIT: Til Schubbe BUG: - lots of relinks, texpire expires too many articles RATE: CRITICAL TRIGG: running another leafnode program (except leafnode itself) while texpire is running NEW IN: 1.9.54 FIXED: 1.10.4 CREDIT: Rein Klazes BUG: - .overview.XXXXXX files prevent removal of empty group directories RATE: MINOR FIXED: 1.10.2 CREDIT: Johannes Berg BUG: - Xref information missing from overview RATE: MINOR FIXED: 1.10.1 NEW IN: 1.9.50 CREDIT: "SINNER" (news.software.readers), Jörg Lüders BUG: - texpire segfaults RATE: MODERATE TRIGG: expiring a group that has been deleted from the groupinfo but is present on disk premature abort with mids files left in the spool that texpire has written FIXED: 1.10.0 NEW IN: 1.9.52 CREDIT: Johannes Berg BUG: - fetchnews keeps fetching the full newsgroups list RATE: MODERATE TRIGG: upstream server on a non-standard port FIXED: 1.9.52 CREDIT: Cory C. Albrecht, Joshua Crawford BUG: - archived groups show errors in access RATE: MODERATE FIXED: 1.9.53 BUG: - stale .overview and groupinfo files RATE: MODERATE TRIGG: stdout disconnected prematurely, or groupexpire -1 FIXED: 1.9.43 CREDIT: Sytse van Slooten BUG: - fetchnews XOVER handling (after disconnect) is extremely slow RATE: MINOR NEW IN: 1.9.33 FIXED: 1.9.43 CREDIT: Rein Klazes (for debugging) BUG: - fetchnews hangs RATE: CRITICAL, SECURITY (remote denial of service) TRIGG: missing mandatory header NEW IN: old FIXED: 1.9.42 CREDIT: Joshua Crawford (for the first bug report to point to the bug) BUG: - fetchnews does not stop fetching a group I unsubscribed from RATE: MODERATE TRIGG: delaybody=1 before 1.9.32, unconditional since 1.9.33 NEW IN: old FIXED: 1.9.41 CREDIT: Andreas Muck, Gerry Doris BUG: - cascaded leafnode installations lose own posts to pseudogroups RATE: CRITICAL NEW IN: old FIXED: 1.9.39 CREDIT: Kyler Laird BUG: - incomplete active file RATE: SEVERE NEW IN: old FIXED: 1.9.37 BUG: - fetchnews misses lots of articles - lots of "cannot parse server reply" in the logs, with lines from article text RATE: SEVERE TRIGG: filtered articles NEW IN: 1.9.33 FIXED: 1.9.36 BUGFIX: update to >=1.9.36, then run fetchnews with -x option to fetch the missed articles, example: fetchnews -nx 1000 BUG: - newsreader hangs when accessing an article without Message-ID RATE: MODERATE TRIGG: news spool corruption FIXED: 1.9.33 BUG: - fetchnews doesn't post articles (incompatibility) RATE: IRRELEVANT TRIGG: user hasn't read UPDATING instructions properly NEW IN: 1.9.23 FIXED: 1.9.33 BUG: - fetchnews cannot access articles after switching delaybody to 0 RATE: MODERATE FIXED: 1.9.33 BUG: - not getting pseudo article when "reviving" an uninteresting group RATE: MODERATE FIXED: 1.9.33 BUG: - pressing Ctrl-C more than once confuses leafnode RATE: MODERATE FIXED: 1.9.33 CREDIT: Ralf Wildenhues (sent bugfix) BUG: - timeout not detected on non-BSD, non-Linux systems RATE: MODERATE FIXED: 1.9.31 CREDIT: Richard van der Hoff (sent bugfix) BUG: - leafnode goes 100% CPU when requesting article by message-ID RATE: CRITICAL, SECURITY (trusted host denial of service) FIXED: 1.9.33 for good, first attempt in 1.9.30 CREDIT: Jan Knutar (report) BUG: - fetchnews segfaults when new groups are on server RATE: CRITICAL FIXED: 1.9.29 CREDIT: Ken Shan BUG: - leafnode goes 100% CPU on machines with lots of network interfaces RATE: CRITICAL NEW IN: 1.9.23 FIXED: 1.9.27 BUG: - texpire chokes if /var/spool/news/lost+found exists RATE: MODERATE FIXED: 1.9.26 CREDIT: William Grinolds BUG: - leafnode: NNTP command LIST ACTIVE.TIME returns bogus data RATE: MINOR FIXED: 1.9.25 BUG: - crashes when XOVER is sent before GROUP - ARTICLE/STAT/HEAD/BODY to current article pointer fails RATE: MODERATE FIXED: 1.9.24 BUG: - incomplete article posted by fetchnews RATE: CRITICAL (data loss) TRIGG: fetchnews runs at the same time as a client posts the article FIXED: 1.9.23 BUG: - Bogus Message-ID generated for posted articles RATE: MINOR FIXED: 1.9.23 CREDIT: Andreas Muck BUG: - locking does not work at all RATE: CRITICAL (data loss) FIXED: 1.9.20 TRIGG: multiple fetchnews/texpire run at the same time