* 1.9.54, 2004-05-20 ### INCOMPATIBLE CHANGE - Consistency: The lockfile timeout for checkgroups has changed to five seconds, checkgroups used to wait indefinitely. See timeout_lock and LN_LOCK_TIMEOUT below for a migration path. ### BUGFIXES - Bugfix: fetchnews and texpire would delete a lockfile held by another process when there were problems reading the configuration file. - Bugfix: when groupexpire settings were used, their memory was leaked at program exit. - Robustness: texpire is a lot more careful about mids files. Johannes Berg reported aborts related to corrupt mids files. mids files are removed at start of any leafnode program. - Documentation: Some minor formatting problems in the manual pages were corrected. Reported by Laurent Fousse. ### CHANGES - Logging: the number of duplicates that texpire has deleted is now printed. - Feature: The maximum time that programs wait for a lock file can now be configured through "timeout_lock" in the configuration file and overridden by the LN_LOCK_TIMEOUT environment variable, to simplify running fetchnews and texpire from a cron job. A workaround was suggested by Dirk-Lüder Kreie. - Feature: texpire has a new "-r" (repair) option that checks harder whether the hard links are correct. - Documentation: INSTALL reminds the user to erase the distributor package first before doing a source install. ============================================================================== * 1.9.53, 2004-05-05 ### BUGFIXES - Bugfix: do not re-authenticate if server requires authentication for the same command twice - to avoid an unterminated re-authentication loop. - Bugfix: Various error conditions now cause the problem to be logged. - Bugfix: Newly-added groups that are not in a server no longer cause fetchnews to proceed to the next server. - Bugfix: texpire did not repair the spool in archived groups (groupexpire some.news.group = -1) which caused duplicates and articles inaccessible by Message-ID after corruption. Reported by Dirk-Lüder Kreie. - Portability: One string was split for C89 conformance (string constants cannot exceed 509 characters). ### CHANGES - Feature: fetchnews supports an environment variable, LN_SKIP_GROUPS, that is treated as a comma-separated list of wildmats, any match sufficient. All matching groups are skipped, so you can skip your binary groups during daytime, for instance. Don Geddis had complained a configuration cheat he'd been using had stopped working with one of the recent fixes. Let there be an official way to do things instead. - Feature: The time zone is back in leafnode-generated Date: headers, provided that the operating system provides a tm_gmtoff member in struct tm (BSD, GNU). Systems that don't offer this use GMT and report the time zone as -0000. - Feature: The environment variable LN_DEBUG is now read as an integer. The debug level is the greater of debugmode in the config file and the contents of LN_DEBUG. - Compatibility: support forgetful servers that require re-authentication often. Reported by Andrew Cranson. - Consistency: the try_lock() debug message now goes to stdout, and only in verbose mode. It used to be printed on stderr, unlike most of the other debug messages. Reported by Kieron Dunbar. - Consistency: "skipped group.name, not in only_groups_pcre" message is now prefixed with the server name. - Documentation: If the volunteered authentication early in a connection fails, add a log that this condition may have been caused by premature authentication. NOTE: authentication implementations differ a lot. - Documentation: The server= examples in config.example were revised and are now G-rated and end in domains that are guaranteed to not exist. ============================================================================== * 1.9.52, 2004-04-03 Note: this file contains names that have been transliterated to ISO-8859-1. To see the names in their original spelling, view the CREDITS file. If /your/ name is shown in CREDITS only in the transliterated spelling, feel free to send a correction in UTF-8 character set. ### SUMMARY OF IMPORTANT CHANGES (these are detailed below) - Texpire is now robust against hard link attacks that try to prevent expiry. - Fetchnews has more complete timeout handling and a new timeout_fetchnews global configuration option. - Low-traffic, subscribed groups will not expire any more. - Time zone handling was rewritten from scratch once again and dropped in all places where it isn't essential, to fix complaints and bogus data. - A bug that cause excessive article considerations after a fetch had to be aborted fixed was fixed. - only_groups_pcre fixes for crosspostings, adds a new option only_groups_match_all. - A bug that caused active persistent re-downloads for upstreams running on a non-standard server was fixed. The NEWGROUPS range now only spans the time since the last fetchnews run. - Bugfixes were made to connecting to upstream servers with multiple IPs. - Quickmkdir is no longer part of the installation procedure. Leafnode programs will create missing directories on their own. - The user account leafnode processes run under is now configurable at compile time, to aid OpenBSD packaging. ### INCOMPATIBLE BUGFIXES AND CHANGES - Bugfix: "GROUP s" will now mark the group interesting iff it is interesting. This avoids premature unsubscription from low-traffic groups. Backported from leafnode-2. Reported by Oliver Brakmann. - Cleanup: Logging has been overhauled. It is now more consistent, prefixes are the server or group name where applicable, prefixes error: for errors and warning: for warnings. Timeout and other line reading problems now appear in the debug log with "ERROR:" on the line for easy retrieval with grep, the end of file is also logged as "< (EOF)". The "skipping (filename), not complete" message was demoted from LOG_NOTICE to LOG_INFO severity level. - Change: fetchnews now uses timeout_fetchnews rather than timeout_client when waiting for a server's NNTP status response. (this includes a documentation fix provided by David Houlden) - Cleanup: Time zone information for generated headers was unreliable and has been dropped. We'll create the Date: header in GMT. ### BUGFIXES - Bugfix: checkgroups can now read the checkgroups file from a path relative to the current working directory. - Bugfix: fetchnews will wait no more than five minutes (configurable through the new timeout_fetchnews parameter) for a server response that is not a NNTP status. - Bugfix: fetchnews will not kill the group's high watermarks when it has to abort the fetch. It will leave a snapshot file behind that is merged on the next run for the server that failed. The bug was introduced into 1.9.50 and discovered by Bastian Blank. - Bugfix: "server does not carry Newsgroups:" log message only printed the first group name rather than all. - Bugfix: when posting, the first newsgroup in a Newsgroups:-header of a cross-posted article that was NOT matched by only_groups_pcre stopped the search for further articles that might still be on the server. Reported by Joshua Crawford. - Bugfix: log exact reason why a fetchnews connection has failed. - Bugfix: try all IPs of a host even when the connection one of them failed. - Bugfix: send MODE READER first, then try to authenticate. - Bugfix: add missing error messages for NNTP connection and DATE reply handling. - Bugfix: Proceed to next IP when a server name has multiple IPs attached when the greeting doesn't arrive or the upstream runs NNTPcache V2.3. - Bugfix: Do not fetch the full newsgroup list on every fetchnews run when the upstream runs on a non-standard port. Reported by Cory C. Albrecht and confirmed by Joshua Crawford. This is a fix-up for a half-baked bugfix that went into leafnode 1.9.29 that was supposed to support multiple servers with the same name but different port (necessary for ssh tunnels for instance). - Bugfix: Plugged a memory leak, the memory allocated for a only_group_pcre compiled PCRE was never freed. - Bugfix: "illegal" articles are truncated to zero size and no longer given out, to avoid sending dangerous content to clients. - Bugfix: Zero-size check was not applied when an article was opened by Message-ID. - Bugfix: texpire relied on the hard link count to expire articles. Any user could defeat expiry by creating a hard link to an article file, preventing expiry of certain articles, so that the spool partition could fill up in the long run. However, the user who can perform this attack can usually fill up the disk directly (without instrumenting leafnode), so no security announcement shall be issued. Code has been added to force expiry via the Message-ID, rather than by hard link count. - Bugfix: the date check stopped working when DST was in effect. Replaced by timegm() function from Heimdal/Kerberos IV, calculations are now done in GMT rather than fiddling with the GMT offset. Caused lots of bogus "check your system clock" warnings. - Bugfix: Do not fetch newgroups since last full active fetch, but rather since last NEWGROUPS. - Bugfix: leafnode: do not send warnings (for instance about misconfiguration, when maxage is too large) to stderr, some super servers send them to the client. Reported by Martin Klaiber. - Cleanup: Some internal variables have been renamed to avoid name clashes with library functions (Ralf Wildenhues). - Cleanup: getline.c now includes string.h to avoid compiler warnings (Ralf Wildenhues). - Cleanup: After connection failure, the connection is properly shutdown with nntpdisconnect() or nntpquit() rather than a half-baked shutdown(2). - Portability: quickmkdir will not start the file name with a double slash. Patch sent by A. Alper Atici. ### CHANGES - Feature: The fetchnews server respone timeout is now independent of nntpd's client timeout. - Feature: New server option only_groups_match_all to make only_groups_pcre more restrictive with respect to posting, with this option on, ALL groups of a crossposting must match the PCRE rather than ANY before a post goes to the server that defines this option. - Feature: fetchnews supports a new -w option to force the XOVER updater process to run in the foreground rather than detached. - Portability: The user and group name that used to be hardcoded to "news" are now configurable, to support the OpenBSD policy of prefixing daemon and system users with an underscore character, "_". Use --with-user and --with-group options to ./configure. Based on patches by Cory C. Albrecht. - Documentation: README now explains the difference between news.debug and news.=debug in syslog.conf and recommends the former. - Safety: multiple configurations for the same server and port now cause an abort. Leafnode cannot handle fetching for multiple users per single server. - Consistency: debugmode >= 1 now logs sent NNTP commands. (debugmode = 2 was needed before for sent commands and = 1 for received replies) - Consistency: all leafnode processes will now generate needed directories on start-up. This effectively eliminates the need for quickmkdir, which will continue to be built in order not to break existing packaging scripts. Also helps Cygwin portability (which requires further patches that do not ship with leafnode and are currently maintained by A. Alper Atici). - Feature: debugmode >= 2 now logs - at LOG_DEBUG priority - decisions why an article is posted or skipped for a particular server in the light of only_groups* options. - Efficiency: the migrate() function caused a lot of unnecessary chdir() calls. - Cleanup: The signal causing fetchnews to abort will now be logged. - Cleanup: suppress 'found no server with posting permission' in fetchnews when one or more servers have not been queried, suggested by Al Bogner. - Cleanup: when any server has not been queried by fetchnews, print a warning (unless -q is given) and log it. - Cleanup: suppress 'backing up from 1 to 12345' style messages in fetchnews. - Cleanup: texpire will now fix the group low water marks for pseudo groups, so that LIST ACTIVE output matches GROUP output. - Cleanup: config.example: The expire line is first, before the server line. ============================================================================== * 1.9.51, 2004-02-20 ### BUGFIX - fetchnews did not properly detect an existing groupinfo file in all circumstances. This bug was introduced as a side effect of a fix that went into release candidate #3 of 1.9.50 on February 10th but wasn't found during release candidate testing -- it didn't show on the author's computers. Fixes SourceForge bug #900583. This bug was first reported by Thomas Zajic, then with a full analysis and patch by Adam Sampson. Thanks to both of them. ============================================================================== * 1.9.50, 2004-02-19 ### EXECUTIVE SUMMARY - Major texpire bugfixes, it repairs a lot more spool problems, including a move or copy that broke hard links; texpire now updates overview data, to recover from a fetchnews crash. - "noactive" option now works for the first time. - Checkgroups now adds groups as it should have always done. Useful in context with "noactive" to prime the news group list. ### INCOMPATIBLE BUGFIXES AND CHANGES - Bugfix: most programs now generate an active from the spool contents when they cannot read the groupinfo, to avoid bogus first/last counter resets. - Bugfix: checknews adds groups listed in the checkgroups file that aren't already in the groupinfo. Prints them on stderr with " NEW" next to them. - Cleanup: made fetchnews logging and console printing more consistent to aid debugging. Careful changes to some severities. - Conformance: texpire -h now exits 0 (it used to exit with code 1). ### BUGFIXES - Bugfix: "noactive" has never (since its introduction into 1.9.25) worked as documented and still fetched the active file when "forceactive" was set (through -f or expiry of timeout_active). Align actual behaviour with the documentation. Reported by Andrew Cranson. - Bugfix: texpire can now relink (after file system damage) crossposted articles properly. - Bugfix: texpire can now move files into the right message.id/XXX directory if they are in the wrong one, so nntpd can find them. - Bugfix: texpire now logs errors in addition to printing them. - Bugfix: Some format strings for integers in fetchnews. Harmless on 32-bit platforms but can cause crashes or bogus output/logging on 64-bit machines. - Bugfix: Plug a memory leak in checkgroups. - Bugfix: The pseudo article for an empty group now has a higher number than the last article of the group previously had, so it is actually visible in news readers. Reported by Andreas Muck. Cosmetic side effect: articles in new groups now start at number 3 rather than 2 in many configurations. This is harmless. - Bugfix: when building an active file from the news spool, use the directory's ctime as the creation date. - Bugfix: whenever an active file is built from the news spool, this will force fetchnews to download the active files completely at the next run. - Cleanup: Fetchnews quickly proceeds to the next server when serious trouble is encountered during group fetch, that is, premature server disconnect or missing credentials or authentication failure. - Cleanup: Print NNTP-connect related errors on console as well (not only to syslog). - Robustness: overview (NOV, XOVER) is now more tolerant with respect to leading whitespace, including HTAB characters. - Robustness: texpire handles Ctrl-C and "kill -TERM" more gracefully. ### PORTABILITY IMPROVEMENTS - Portability: PATH_MAX is almost gone, a POSIX system need not define it. If it is missing, we assume 4096. PATH_MAX is not used to size static array, but only gives the initial array size for dynamically sized strings that extend automatically when the size is insufficient. This should help the GNU Hurd vaporware should it ever materialize. - Portability: Skip autoconf's SETVBUF_REVERSED check on Intel C++. - If the compiler is an Intel one, ./configure refrains from adding GCC options. ### CHANGES - Documentation: README-FQDN* was updated now that news.cis.dfn.de and news.individual.net have been separated. - Documentation: Updates to texpire, leafnode, fetchnews manual pages. - Cleanup: update.sh (run by make update, to update spools written by leafnode 1.6 and older) will now remind the user he has to delete groupinfo.old. - Texpire: now updates .overview information should a previous fetchnews run have been interrupted hard. - Texpire: support -q to suppress all non-error output. - Cosmetic: texpire no longer counts unlink failures as kept articles. ============================================================================== * 1.9.49, 2004-01-09 ### REGRESSION BUGFIX - Fetchnews: the 1.9.48 security bugfix broke delaybody mode, it is now fixed. Bug reported by Berthold Höllmann. ============================================================================== * 1.9.48, 2004-01-09 ### SECURITY BUGFIX - Fetchnews: when a. minlines=0 (default) and b. delaybody=0 (default) and either c. no filterfile is configured (default) or a. and b. and d. article_despite_filter=1 are configured, an article with missing mandatory headers and without body can hang fetchnews and/or prevent the fetch of further articles from the current group or server. CVE Name: CVE-2004-2068 Reported by Toni Viemerö, SourceForge bug 873149. This was a denial-of-service bug, not one that could lead to local or remote privilege escalation. ### BUGFIX - Fetchnews: log group name when articles are skipped that match the minlines, maxlines, maxbytes or age filters, for more consistent logging. ### CHANGES - Rebuilt with autoconf 2.59. ============================================================================== * 1.9.47, 2004-01-07 ### BUGFIXES Note: many of these bugs have been long-standing. - Fetchnews: Protocol conformance: no longer ignores lines when the XOVER data obtained from the upstream server lacks the 8th field, Xref:. RFC-2980 suggests, but does not mandate this field. Reported by Brian Sammon. - Fetchnews: XOVER mode did not take maxlines, minlines and maxbytes into account. - Fetchnews: XHDR mode did not take minlines and maxlines into account. - Fetchnews: XHDR mode tried to fetch bogus articles when articles had been dropped from the fetchlist because of age or size. - Fetchnews: XHDR required that Bytes, Date and Lines had been returned in exactly the same order as the Message-ID headers and would go out of synch if it didn't - but in doubt, would fetch the article. Fixed. - Leafnode: will detect "list active.times" when trailing garbage (a group name) is present. It used to read it as "list active" instead. - Leafnode: XOVER now works without article number and returns data for current article. - Do not pass uninitialized data to setrlimit() when setting the core file size in debugmode. - Plugged a minor memory leak. - Avoid crashes in XOVER related functions when the OS cannot determine the current working directory. - Avoid crashes or data corruption in out-of-memory conditions, replacing strdup by critstrdup. - Use $(SHELL) to run ./update.sh when "make update" is typed. ### CHANGES - fetchnews now supports a new -q option that suppresses the "found no server with posting permission" warning, to avoid the "cron sends lots of mail" bug. Reported by Joey Hess of Debian. - fetchnews now supports a server-specific "noxover" option to force the use of XHDR when a server does not work with XOVER. - fetchnews will now try to match the "maxcrosspost" parameter against the Xref: overview information that, albeit optional, is returned by most servers in response to the XOVER command. This can avoid the download of some, but not all, excessively crossposted articles. - The news administrator address, as shown in the placeholder article, is now configurable via the new "newsadmin" option. It used to be hardcoded to "news@HOSTNAME", where HOSTNAME was replaced by leafnode's hostname. - Rebuilt with automake 1.8. ### DOCUMENTATION - The "port" option description in config.example and leafnode.8 has been revised to make clear that it only applies to fetchnews, not the listening port. ============================================================================== * 1.9.46, 2003-11-06 ### BUGFIXES - fix fetchnews -n regression, broken since 1.9.44.rc1. (-n was ignored) - match (and properly translate) section headers in German manual pages. ### CHANGES - report when active must be refetched and why. ### WORKAROUNDS - ntl changed the banner of their still-broken NNTP software. Apply STAT workaround also to the new banner. Reported by Grahame Cooper. ============================================================================== * 1.9.45, 2003-10-30 ### BUGFIXES - A fetchnews out-of-synch conditions was fixed, reported by Jan Knutar: fetchnews cannot handle bogus group names that start with a dot. - Fetchnews ignores newsgroups that have NULL components (start or end in a dot or have ..), since such newsgroups cannot be handled by leafnode. Such newsgroups do not exist on well-maintained servers or in well-administered hierarchies. Reported by Jan Knutar. ============================================================================== * 1.9.44, 2003-10-22 ### BUGFIXES - A texpire SIGSEGV was fixed, it struck when expiring articles from groups that were no longer in interesting.groups. (Reported by Iain D. Broadfoot.) - Interesting.groups expiry was bugfixed and streamlined, it now happens before contacting the first server. (Reported by Nikita V. Youshchenko). - Debugmode is now documented in config.example. - Debugmode has been cleaned up in fetchnews. It is now possible to log XOVER replies with debugmode=3. - One meaningless system error that was included on "illegal article:" log lines was removed from the line. (Reported by Nikita V. Youshchenko.) - Fetchnews no longer moves articles into failed.posting if the upstream server refuses the POST command (before seeing the article). - The XOVER updater no longer aborts when encountering a group when there is a sub-group with an all-numeric name. (This only happens in badly administered newsgroup hierarchies.) Reported by Dâniel Fraga. - The RPM is now more careful when handling /etc/xinetd.d/leafnode and /etc/cron.daily.leafnode, both are marked %config(noreplace) now. Reported by William Hooper. ### PORTABILITY - __attribute__ is only used with __GNUC__ (gcc), to avoid compiler trouble. ### CHANGES - Fetchnews now accepts any 2XX reply to NEWGROUPS, to work around a problem with an MC-link news server. (Reported by Paolo Amoroso.) - Texpire, when in verbose mode, will now print "Expiring message.id..." before doing just that. - The RPM installation was revised (the German manual pages are now in %_mandir/de/, cruft from doc_german was dropped, xinetd example is installed). - Leafnode excludes glibc-2.3 special ctype.h stuff to let binary compiles work on glibc-2.2. - Fetchnews has MUCH improved posting behaviour and is more verbose in case of trouble. - Fetchnews speed-up in XOVER mode: avoid stat() if the article is ignored for size or age. Reduces local I/O, particularly with -x, when recovering from crashes or after adding new servers. - function inlining is now checked for in ./configure, attributes.h is gone. ### DOCUMENTATION - There is now a new documentation file, ADD-ONS, that currently lists leafwa and Nikita V. Youshchenko's "mlgroups" patch. - A German manual page for leafnode-version(1) has been added. ============================================================================== * 1.9.43, 2003-09-04 ### INCOMPATIBLE CHANGE - In the traditional spool, newsgroups with all-numeric components show up with a - (minus, hyphen) prefixed to the number, the newsgroup example.1234 will be stored as /var/spool/news/example/-1234. It is believed this change does not cause troubles because news systems that offered the traditional spool have been incapable of providing news access, and because the count of news groups with such names is way below 0.1% on the news servers I have access to. The gain in functionality justifies the incompatibility. NOTE: this only affects newsreaders that directly access the spool. NNTP-based newsreaders will see no difference. ### BUGFIXES - Fix leafnode.8 manual pages (EN and DE languages) to explain 0 and negative values for expire/groupexpire. - Avoid premature abort (that causes .overview and groupinfo files to become stale) when the stdout becomes disconnected. Reported by Sytse van Slooten. - Make sure that texpire fixes the groupinfo lines of groups in "archive mode" (groupexpire -1). Reported by Sytse van Slooten. - Repair groupexpire 0 (= use global default, rather than expire immediately). Broken since 1.9.23. - Make sure that fetchnews complains when a timeout happens while reading newsgroups lists ("active file") or newsgroup descriptions. Found after a related report from Tim Daneliuk. - Use different fix for newsgroup names with all-numeric components that does not require two stat() calls in XOVER handling. Tracked down and reported by Rein Klazes. - Remove bogus error messages "article * is below/above the *-water mark" that occur when reading a group that fetchnews is fetching into. Reported by Rein Klazes. - Make sure XOVER related error messages don't show up in the NNTP client. ### CHANGES - fetchnews puts stdout into line buffered, or -- failing that -- unbuffered mode (Patch by Mark Brown, Debian maintainer). - leafnode processes warn (syslog and stderr) when a groupexpire is set to 0 (which means "use the default", which some users may not be aware of). ### DOCUMENTATION - Added FAQ item on running leafnode as nntps server. - Mention SuSEconfig difficulties with /etc/hosts in README-FQDN* - Clarify item #13 in INSTALL. ============================================================================== * 1.9.42, 2003-06-27 ### SECURITY RELEVANT BUGFIXES - Fix hang when trying to download an article that lacked mandatory headers. (Very old bug, recently found by Joshua Crawford) CVE Name: CVE-2003-0744 NOTE: this assertion that the bug is security relevant (denial of service) has been made after 1.9.42 release. ### BUGFIXES - Check lastreply() against NULL, in an effort to fix obscure sporadic and non-reproducable crashes on OpenBSD sparc64. (Reported by Bruno Rohee) - Fix bogus "Cannot open .../interesting.group/group.name for reading" when a group subscription has expired. (Reported by Andreas Muck) ### CHANGES - The ChangeLog file has been split, older parts (leafnode 1.9.31.rel and before) have moved to the "new" ChangeLog.old file. ============================================================================== * 1.9.41, 2003-05-22 ### BUGFIXES - Fix the "leafnode keeps fetching a group I've unsubscribed from long ago" bug that haunted leafnode since 1.9.18 at the latest and that was more prominent with the delaybody migration fixes of 1.9.33. Reported by Andreas Muck and Gerry Doris. - "make clean" no longer erases t.pcre_extract ### CHANGES - Add an EXPERIMENTAL feature, delaybody_in_situ. This may work around problems with particular newsreaders in delaybody mode. Do not rely on this feature for now, and do send feedback if you use it, regardless of whether it works or not. Defaults to off (compatible with previous versions). If you don't know what it is about, leave it off. - Some messages in fetchnews have been reworded to make them clearer and more helpful. ### PORTABIILTY - Find tcpd on OpenBSD at build time. Patch by Bruno Rohee. ============================================================================== * 1.9.40, 2003-05-08 ### BUGFIX - Leafnode no longer aborts when using the replacement snprintf function (FreeBSD) and is about to display a pseudo article. ============================================================================== * 1.9.39, 2003-05-04 ### CRITICAL BUGFIX (DATA LOSS IN LEAFNODE-TO-LEAFNODE CONVERSATION) - Leafnode returned bogus "OK" replies to "STAT " requests when the currently selected group was a pseudogroup. This caused data loss when two leafnode versions are cascaded, because the downstream thinks the upstream already has the article and discards it. Reported to Debian by Kyler Laird, forwarded by Mark Brown. ============================================================================== * 1.9.38, 2003-04-23 ### BUGFIX - The replacement snprintf trampled hash marks over digits in the output when the output length matched the minimum field width or exceeded it, in violation of Single Unix Specification. Fixed now. (Corresponding conformance testing code has been added to "make check".) ### CHANGES - The RPM spec file checks if pcre.h is in /usr/include/pcre or /usr/include. This hopefully addresses RedHat 9 RPM build failures. (The leafnode RPM should rely on the pcre RPM rather than including its own copy of PCRE files, to avoid conflicts.) This is untested because the snprintf bugfix above is critical and does not allow for further delay for testing. - The NewsCache compatibility code was changed to allow the DATE command for NewsCache 0.99.22* and 0.99.2? as well as 1.1.12 and newer. ============================================================================== * 1.9.37, 2003-04-19 ### BUGFIX - Fetchnews properly tracks when reading the active file from a server fails and retries and the next run. - The replacement snprintf has received numerous bugfixes. - Leafnode now checks if the system's snprintf function really works at build time and substitutes its own snprintf.c if the system's snprintf function is broken (or missing). - Don't use format modifiers that are unsupported by the shipped snprintf.c. - Build fixes on platforms that need special LDFLAGS (sparc64 for example), particularly when no system PCRE library is available. ### PORTABILITY - Better portability to systems that do not provide DIR and struct in the header file. ### WORKAROUND - Fetchnews no longer checks the DATE at upstream "NewsCache" servers other than version 0.99.22p1, they return local time rather than GMT. ### INCOMPATIBLE CHANGES - Leafnode programs now REQUIRE that they can read the spooldir (and not only execute it). As the spooldir has always been readable, the impact of this change is negligible. - The default lockfile location has changed to $spooldir/leaf.node/lock.file. This is meant to prevent packaging errors, as the lock file must be in a directory writable by the "news" user. --with-lockfile can be used to configure the former lock file location which used to be /var/lock/news/fetchnews.lck. - Leafnode programs now enforce a umask of 02, just to be sure. Should have no visible impact. ### CHANGES - There is now a "post_anygroup" option to skip the "is the group I post into on this server" check. Useful on servers that let you post but not read. - Fetchnews now prints an error message when saving the current working directory fails when it tries to post articles. - Fetchnews now prints the reply from the upstream server when reading the newsgroup list (all or new) fails. - The internal directory creation code has been revised. - Debugging code (assertions) has been removed from the build. ============================================================================== * 1.9.36, 2003-02-25 ### BUGFIX - Fetchnews properly ignores the body of an article when it has killed an article after sending the "ARTICLE" command rather than "HEAD". Regression in leafnode-1.9.33, found by Oliver Schwabedissen. ### DOCUMENTATION - Minor fix to texpire(8) (English version) by Bruno Rohee. ============================================================================== * 1.9.35, 2003-02-21 ### BUGFIX - Leafnode no longer aborts if an article with Message-ID header is posted. This fixes a regression introduced in leafnode-1.9.34. ============================================================================== * 1.9.34, 2003-02-19 ### BUGFIXES - Don't pass time_t to %ld formatting. (reported by Christian Weisgerber) - Check time difference for overflow when using DATE. - Change to spooldir at start-up, to avoid barfing when leafnode is started from a working directory that the "news" user has no access to, to address fetchnews -P issues when started from cron. ### DOCUMENTATION - Minor changes to manual pages and README. ================================================================================ * 1.9.33, 2003-02-03 ### BUGFIXES - Fix client hang when an article had suffered corruption and its Message-ID could not be retrieved. Also consider the article broken and unlink it. - Compatibility: leafnode 1.9.23 to 1.9.32 have used the u+x flag in out.going to mark an article "complete". This was incompatible with versions 1.9.22 and before. It has been changed to u+r, which improves compatibility, posts are no longer stuck in out.going, and even older versions won't read incomplete posts. - Switching delaybody off no longer makes bodies of article headers retrieved before the switch inaccessible. (affects leafnode, fetchnews) - Pseudo article display was fixed for newsgroups that were once there but that have expired without their article pointers reset in the groupinfo file. - Fix local article number extraction again, along the lines suggested by Fumiaki Miura. This bug marked the wrong article for download if a header of the structure "Xref: my.ser.ver abcabc:20 abc:10" was in the article. - Ralf Wildenhues fixed two subtle bugs in signal handling again, making sure we don't warp backwards in the program flow when ^C is pressed twice. - The nodesc flag was not in effect for fetchnews -f or after adding a new server, making fetchnews redownload the FULL active file over and over again. - Downloaded articles don't show up in out.going in multi-server setups any more, they did when articles to post were in out.going because fetchnews messed up its directories. ### CHANGES: documentation - Options added since 1.9.20 now appear with the leafnode version when the option was introduced in the manual pages. ### CHANGES: fetchnews - Leafnode will now use the "ARTICLE" command to download articles if no filterfile is defined or if the new "article_despite_filter" option is set and "delaybody" is off. This speeds up article download, particularly on high-latency links such as interleaved DSL or satellite links. - There is a new global option, "article_despite_filter", defaults to 0 for compatibility. - There is a new per-server option, "noread", which defaults to 0 and is therefore compatible with previous releases of leafnode. If set, the server is not queried for active files or articles (but skipped), but posting to this server is still tried. Useful to complement "nopost". Courtesy of Dmitry Samersoff . - Fetchnews compares the local clock to that of the upstream server it's talking to if the upstream supports the "DATE" command, and warns if both clocks are more than 10 minutes apart (but the program will continue for compatibility.) ### CHANGES: leafnode - The DATE command is now supported. ================================================================================ * 1.9.32, 2003-01-08 ### BUGFIXES - Fix packaging error: leafnode.cron.daily wasn't regenerated properly. - Detect maxage overflow when reading the configuration and clamp to the maximum allowed value. - Solaris portability fixes, Solaris cannot remove a directory (not even by name) when it's the current working directory. Linux or BSD are fine. Include sys/time.h and time.h before netinet/in.h. - Detect and log errors when removing empty directories in texpire or when reading overview data. ### CHANGES - fetchnews logs the child process ID ================================================================================ * 1.9.31, 2002-12-29 ### BUGFIXES - On non-BSD systems, only the first timeout was ever detected. Found and fixed by Richard van der Hoff. - General signal handling fixes. - Fix build when no system PCRE lib is available. Fix detection of -lpcre outside the system library path. - When fetchnews is restarted after a crash that prevented updating the active file, only print one "..as 12345 in de.test" line per group when storing the article. - Only fork() in fetchnews if fork() really works. Some systems (AmigaOS) only support vfork(), which is not sufficient. ================================================================================ * 1.9.30, 2002-12-04 ### SECURITY BUGFIXES - Fix subtle and rare unterminated loop (100% CPU hang) bug in doarticle(). It can only strike when an ARTICLE, HEAD, STAT or BODY command in Message-ID syntax accesses a crossposted article AFTER a GROUP command and if the group name given there is part of another group's name that the article was crossposted to. Credits to Jan Knutar for a detailed bug report. CVE Name: CVE-2002-1661 ### BUGFIXES - Only consider groups (after LIST or NEWGROUPS) that match the only_groups_pcre, if one is configured. This avoids offering groups that are never fetched. - Detect and report write errors when writing the new active ("groupinfo") file. - Whitelist STAT command for NewsCache versions 0.99.18, 0.99.19, 0.99.2?., 1.1.* - RPMs built from the included .spec file now install a "config" and "filters" file, both are marked "noreplace". This should prevent these files from being lost when a SuSE RPM is replaced by one built from this file. - Leafnode will delete duplicate newsgroups from its active file. This process is case-blind. Some badly maintained upstream servers have the same newsgroup more than once, but only differing in capitalization. Leafnode will prefer the group with LESS upper-case characters. - Fix maxage = 0 regression of leafnode 1.9.21. maxage = 0 seems not to be in wide use... ### WORKAROUNDS - Blacklist STAT for servers that contain "NNTP news cache" in their greetings, reported to be necessary for NTL (UK) by Robert Marshall. ### CHANGES - Leafnode now ships with a leafnode.cron.daily file. See INSTALL. - Leafnode now ships with a filters.example file that was taken from the SuSE 7.3 RPM. ### DOCUMENTATION - The newsq manual page was reworked and is more comprehensive now. - README-FQDN was corrected in respect to the dfncis.de host name. - FAQ has information on the Red Hat inetd vs. xinetd issue. ================================================================================ * 1.9.29, 2002-10-23 ### BUGFIXES - Fix fetchnews SIGSEGV that happens when new groups are added. Thanks to Ken Shan for tracking the bug and sending a patch. - Work with multiple upstreams that have the same server name, but different ports. ================================================================================ * 1.9.28, 2002-10-21 ### BUGFIXES - MacOS X 10.1 build has been fixed now (works on sourceforge Compile Farm at least). The fixes of 1.9.25 did not work. ### CHANGES - There is now a leafnode-version program that just prints the version. - Configuration file errors are now printed with the line number. - New server-specific option: only_groups_pcre, to restrict the groups that are fetched from or posted to a specific server. - The build environment has been rebuilt with automake 1.7.1 and autoconf 2.54. ================================================================================ * 1.9.27, 2002-09-24 ### BUGFIXES - Leafnode no longer goes into an infinite loop if your interface list as returned by ioctl(...SIOCGIFCONF...) is longer than 2047 bytes. This was a show-stopper bug without workaround (except unconfiguring interfaces or disabling IPv6, which is usually not an option). The bug was less likely to strike on home computers (except routers), as these tend to have less interfaces. More likely to strike bigger IPv6-enabled BSD servers. - Type issues on 64-bit machines (time_t is int) have been fixed. - RPM build: the spec file has been revamped, the documentation directory now has proper permissions again. - Leafnode builds again on non-IPv6 machines such as Solaris 2.6. ### CHANGES - Robustness: The allowstrangers option is now "stronger", enabling it defeats the "is the client on a local IP" check altogether -- to allow for workarounds should further bugs in this check strike us. - Documentation: The FAQ has been converted to DocBook XML and updated, and the TROUBLESHOOTING document that carried only two items has been merged into the FAQ. It comes now as plain text, HTML and PDF. The CREDITS file has been updated. ================================================================================ * 1.9.26, 2002-09-20 ### GENERAL - Add missing documentation LIESMICH-daemontools ### BUGFIXES - Fix paths in UNINSTALL-daemontools - fetchnews will no longer try to fork in -P (postonly) mode. (The bogus error messages around this were reported by Jan Knutar.) - fetchnews synchronizes child and parent when handing over the lock file, to prevent bogus error messages. - texpire will now skip over lost+found in the top directory and log chdir/opendir errors. (Bug reported by William Grinolds.) /var/spool/news must still be one file system and cannot be a Coda file system. ### CHANGES - newsq now prints a start banner and an explicit "the queue is empty" if it is ================================================================================ * 1.9.25, 2002-08-30 ### DEDICATION - Although only a symbolic measure and no consolation to any victim, this version is dedicated to all the people in the flooded areas of Central and Eastern Europe, particularly Austria, the Czech republic and Germany, where many cities have been drowned by the Moldau, Danube, Elbe and other rivers rivers that have turned into torrential currents by severe rainfall; whole cities in Saxony, Saxony-Anhalt and Brandenburg and the Northwestern Czech republic had to be abandoned temporarily. The material damage is immeasurable, and the personal damage considerable. Protection of the environment is important and everybody's task. ### INCOMPATIBLE - Leafnode's LIST EXTENSIONS reply no longer starts with leading whitespace. The current NNTP draft no longer wants whitespace there. - Leafnode's [X]HDR
commands now return the message-ID in front of the header, which is in conformance with RFC-2980 but contradicts draft-ietf-nntpext-base-15.txt which has expired on 2002-07-15 (which requires the article number to be printed, which is not available before GROUP or which is not in unison when the article is crossposted). ### GENERAL - Fix "configured hostname not accepted" issue: Leafnode now reads the configuration file before validating the hostname or creating the lock file, so the hostname configuration option becomes actually effective. - The lsort program is no longer installed. When updating from a previous version, then please remove it (the default location is /usr/local/sbin) -- it is only used (with explicit path) when you type "make update" and is not needed later. - Documentation updates, including tcpserver/daemontools instructions. - Build files have been regenerated with automake 1.6.2 (autoconf 2.53) - A tighter integration of the included PCRE directory into the build process. - German documentation is back. - Fix some PCRE compile issues. - The paths of the FILES sections of the manpages should now be correct. - The FAQ file now ships. - MacOS X 10.1/Darwin build fixes for -twolevel_namespace issue. We pass -flat_namespace to the linker. - Easier first-time installation: A script to aid setting up leafnode when daemontools and tcpserver is present. ### nntpd - Fix reading interface information on systems that have sa_len in struct sockaddr, such as FreeBSD. Leafnode would erroneously refuse connections from IPv4 clients on these machines when IPv6 interfaces were configured. - New allow_8bit_headers configuration option (default off) to accept unencoded 8-bit data (seems to be common in dk.* and no.* hierarchies) - Fix lots of minor bugs that splint turned up. - Fix some minor XHDR issues. - Fix LIST ACTIVE.TIMES (did not work at all and returned bogus data). - Add HDR support (same as XHDR, basically). - Redo the HELP output. - List HDR in LIST EXTENSIONS reply. - Fix crash when the client terminates the connection right after a POST command. Not exploitable, reported and fixed by Fabrizio Tironi. ### fetchnews - when updating the active file fails, set a flag to try downloading the whole active file again on the next run and keep the old active data to avoid losing group lo/hi marks. - new server-specific option "noactive = 1" to defeat downloading the full active file (newsgroups list) from this server. Courtesy of Mark Brown of Debian. ================================================================================ * 1.9.24, 2002-07-10 ### INCOMPATIBLE CHANGES: - See all "incompatible changes" sections below. ### GENERAL - there will be no more prereleases or release candidates. people don't test them. ### nntpd - no longer crashes and disconnects when a client (slrn) sends "XOVER" before "GROUP". Makes leafnode compatible again with slrn. - address resolver fixed when IPv6 enabled - fix ARTICLE/STAT/HEAD/BODY commands with implicit number ("current article pointer" ================================================================================ * 1.9.23, 2002-07-08 ### INCOMPATIBLE CHANGES: - If you update to 1.9.23 and have articles in your out.going queue, fetchnews will no longer post these. To fix, do: chmod u+x /var/spool/news/out.going/* NOTE: 1.9.33 no longer needs this, it uses the u+r flag instead, but you should never need to set the flag manually. - Access from outside the local networks (as figured from IP and netmasks of the local interfaces) is now denied by default. To restore the old behaviour, check README and config.example for a new option "allowstrangers" and how to enable it. Read config.example closely! Using this is deliberately difficult. - When a client posts, syntax and semantics of the Message-ID header are checked. These tests are essential to avoid Message-ID collisions. You can still switch off Message-ID generation in your news reader and let leafnode generate a Message-ID. - Spooldir may only contain characters from the POSIX portable path name character set. These are: the small and capital latin letters a through z, the ten digits 0 through 9 and the individual characters ".", "-", "_", "/". ### KNOWN BUGS - Leafnode does not handle embedded NUL characters in news correctly. ### GENERAL - The README now contains a new section "DEBUGGING". - The INSTALL file now has an xinetd config example. - The FQDN "linux.local" is now also rejected. - Fetchnews will no longer try to post articles that nntpd is still receiving. - Bugfixes, compile warnings fixed, memory leaks fixes, possible crashes fixed. - Treating folded headers has improved. - NEWGROUPS now really works, even across fetchnews -f. fetchnews -f is now less harmful to the group low/high marks. - There is now documentation on the fully-qualified domain name issue, in text, pod and HTML format. See the README.FQDN* files. - There is a new configuration option: "nopost" (server-specific). Set "nopost=1" just below the server line to avoid posting to the server in question. - Article number treatment has improved. This should fix "pseudo article not displayed" issues for good. - Most leafnode programs no longer see incomplete lines. Incomplete lines are lines without trailing LF character. - When a leafnode program recreates a directory in the spool dir, the owner is now properly set to "news". ### fetchnews - Fetchnews now filters on original header lines, rather than regenerated lines. - Will exit with code 2 when it could not connect to at least one upstream server. ### nntpd - The client timeout is now configurable through "timeout_client", patch courtesy of Jonathan Larmour. - No longer confuse clients with "400 Service discontinued" messages on timeout. - No longer resolve the local listening address to a name and use that as fqdn (broke Message-ID generation). Reported by Andreas Muck. - Posts with 8-bit or control data in headers or malformatted headers are now rejected. These articles are malformatted. (illegal!) Only broken newsreaders generate such headers. - Better logging when groups are subscribed to; set debugmode = 1 in your config file to enable, and look for "markinterest:" in the log. - POST now suggests a Message-ID. ### texpire - Expire groups that are not in the group.info. (This will happen when news groups are removed upstream and the active file is re-fetched.) - Set groupexpire for a particular group to -1 to let texpire ignore it. Think of this as an archive function. Patch courtesy of Andreas Meininger. ================================================================================ * 1.9.22, 2002-04-19 general: - Fix the hostname qualification logic. - No longer use fnmatch(), but use wildmat() instead. That's well-tried in leafnode 2.0b. fetchnews: - Fix the broken NewsCache workaround. ======================================================================== * 1.9.21, 2002-04-08 INCOMPATIBLE CHANGES: - leafnode never fetches articles that would be expired right away as per the current expire/groupexpire settings. Add "clamp_maxage = 0" to your configuration to restore the old behaviour. general: - no longer segfaults when the groupinfo file is empty (when the upstream servers are all unreachable). - gets time zone offset against GMT right. - overview handling now detects when articles are removed from the "middle" of a group (i. e. which are not low or high water mark) applyfilter: - no longer trashes the article high water mark. fetchnews: - leafnode never fetches articles that would be expired right away as per the current expire/groupexpire settings. - can recover state information from a SERVERINFO~ file left behind by a previous incomplete fetchnews run. ======================================================================== * 1.9.20, 2002-03-25 INCOMPATIBLE CHANGES: - leafnode REQUIRES a valid fully qualified domain name now, localhost.localdomain is invalid! Fix your /etc/hosts if leafnode programs refuse to run. - running leafnode without access control (such as tcpd from Wietse Venema's tcp_wrappers package or xinetd/tcpserver's native access control) is officially deprecated. - leafnode no longer tries to post the article to all your servers, but only to one, to prevent moderators from getting posts to moderated groups more than once. Move your most reliable news servers first in the configuration file. General: - new locking scheme, prevents groupinfo corruption, the old locking scheme was totally ineffective - manual pages now contain proper paths to programs or files - pattern matching has been fixed - no more timezone messups in logs or generated Date: headers (backport from 2.0beta) - memory and file descriptor leaks have been fixed - some more parts of NNTP chatter are subject to timeout handling - the included PCRE package was updated to v3.5 (but better, get PCRE 3.9 or newer and install that prior to configuring and installing leafnode) - maintainer builds now need ./configure --enable-maintainer-mode. Results in faster compilation for end users. fetchnews: - can now safely post to NewsCache servers, 1.9.19 and older would discard all upstream posts to NewsCache servers because NewsCache lies about the availability of an article in STAT . We use HEAD now. (workaround backported from leafnode 2.0beta) - upstream posts are now deleted as soon as they have successfully been posted. - fetchnews -P no longer segfaults - SIGPIPE now updates groupinfo and overview information, it would kill fetchnews before. - log port number in "connected to" log message - Mark Brown's workaround to "no groups available" problem with authentication failures, but after authentication failures and fixing username/password in the configuration file, run fetchnews -f once leafnode (nntpd): - buffer underrun fixed when the command consisted only of whitespace. Bug fix by Ralf Wildenhues. - log our and the peer's address (to hint someone he should really use tcpd or something similar, and to overcome "I did not order this news group" reports) - now mark the correct article for download in delaybody mode if the news reader sends BODY or ARTICLE . (only affects crossposted articles). - XOVER 1- now works on pseudogroups - XOVER -n is now supported (came for free with the previous fix ;) - STAT/HEAD/BODY/ARTICLE with "current article pointer" now work for pseudo groups - exits with 503 error message to the client if the own hostname is not configured properly newsq: - add a new -f option to show the failed.postings queue. texpire: - the man page has been finally fixed to document that we expire individual articles, not threads. Changes which are more technical and less visible: - article numbers are now unsigned long almost everywhere - out-of-memory conditions detected properly - non-exploitable buffer overruns fixed - line reading function is rock solid now, no more getaline crashes - mkstemp is now robust against broken implementations that do not look at the umask - some tuning took place, some fprintf have been replaced by fputs - mkstemp function updated from leafnode 2.0beta ========================================================================= * 1.9.19 and prior: see ChangeLog.old. A separate NEWS file was not kept. ========================================================================= vim:tw=78:ai:com=f\:-: