Changes:
### SECURITY BUGFIXES
- Fetchnews did not detect timeouts while it was downloading an article
header, which malicious upstream servers could exploit to mount
a denial of service attack against the fetchnews client. See
leafnode-SA-2005-02.txt. CVE Name: CAN-2005-1911
### BUGFIXES
- Bugfix sed expression in makesubst script. (Reported by Jeff Zacharias.)
### CHANGES
- texpire now tags the message.id expired count with "message.id" rather
than "total:" to avoid misleading the user who assumes that "total:"
would have to be the sum of the group counts. See also the FAQ change
below. SourceForge bug #1215453.
- When debugmode and verbose mode are set, leafnode programs now print a
warning to stdout that the user should check syslog.conf and the
syslog output rather than the screen print for debugging and sleeps for
three seconds.
### DOCUMENTATION
- Add FAQ entry to explain discrepancies between texpire group counts
and message.id expired articles counts.
- Add FAQ entry to explain influence of Gnus' gnus-read-active-file
setting on lost subscriptions, and extend stop fetchnews from
unsubscribing FAQ. Debian bug #307685.
- Drop FAQ entry on license issues as some parts of leafnode are in fact
GPLd.
- Drop FAQ entry on why old articles aren't posted, obsolete since
1.9.33.
- INSTALL and INSTALL_de have been polished.
- Add a hint that syslog.conf must be edited to config.example.
- leafnode(8) mentions that LIST ACTIVE keeps an existing subscription
fresh. CVS:
----------------------------------------------------------------------
----------------------------------------------------------------------
distinfo CVS:
----------------------------------------------------------------------
* Fix segfault when timeout or connection reset encountered while
article header is read.
* fetchnews will no longer re-fetch the active file for a server if it
has been completely received even if fetching articles from this server
encounters a problem. Long-standing bug. Debian bug #70052.
* fetchnews will now properly mark the active for complete re-fetch if
it says so. Previously, it forgot the mark in some circumstances. A
problem fetching the active file or descriptions for a newly added
server will now mark the active for re-fetch even if articles have
successfully been retrieved from the same server.
* Fix use-after-free segfault when server dies while body is being
received.
* Support quoted strings on the right hand side of configuration lines.
* Support IPv6 in fetchnews as well.
* In LIST ACTIVE/GROUP, keep group interesting in spite of being
pseudo (which includes empty) as long as it is interesting. Avoids
unsubscription of low-traffic groups that fall empty.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
build and install.)
Update to 0.27.1 version.
Changes from ChangeLog:
2004-12-20 v0.27.1:
* Fix error in configure script when printing exceptions not found message, du
e to unquoted string. (Reported by M.J. Soft)
* Fix -G* when NGETCACHE != NGETHOME. (Reported by Steven Adeff)
* Fix midinfo and newsgroups files not honoring NGETCACHE/cachedir setting. (R
eported by Christian Marillat)
* Allow absolute paths in --text=mbox:<filename>. (Requested by Volker Wysk)
* Support tab as the field separator in XPAT results, for Newsplex server supp
ort. (Requested by Mark Blain)
* -a no longer gives an error if the server doesn't support LIST NEWSGROUPS(wh
ich retrieves newsgroup descriptions.)
* Fix printing a warning when loading newsgroups list which contains descripti
ons of groups which no server actually carries. (Reported by Frederick Bruckman)
* Fix problems loading group descriptions from newsgroups list which contain t
abs. (Reported by Frederick Bruckman)
and no taker for updating the package.
Code has diverged a lot, so making a new package for the program is probably
the same (or less) work as starting from this version.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
0. Bug fixes include:
* slrnpull's download statistics should work correctly in offline mode.
* slrn crashed on some operating systems when posting.
* slrn crashed when trying to decode base64 encoded articles without body.
* Don't destroy soft links / multiple hard links when writing newsrc file.
* Always apply scoring rules in the order given in the scorefile.
* When reading cross-posts, slrn sometimes marked additional articles in
the other group(s) as read (Joerg Lueders).
* slrnpull no longer posts backup copies (*~) of files you edited manually
in the out.going directory.
* slrnpull tries to write .headers files on interrupts.
* The "Has-Body" scoring field sometimes did not work correctly.
* When retrieving article children, headers without body were not marked.
* Ignore signature delimiters in verbatim text blocks.
* Do not choke on long header lines when replying by email.
* A workaround for a bug in INN caused problems with leafnode; only use it
when the server was recognized as INN from the logon message.
* Fixed crash when running in wide terminals (John E. Davis)
* Email address parser is more RFC2822 compliant
1. In the config file (and the corresponding intrinsic functions), the
following names now denote special function keys: <PageUp> <PageDown>
<Up> <Down> <Right> <Left> <Delete> <BackSpace> <Insert> <Home> <End>
<Enter> <Return> <Tab> <Space> <Esc> and <F1> through <F12>
If using these names does not seem to work for you, please make sure your
terminfo settings are correct.
2. In true offline mode, slrnpull can now automatically retrieve bodies of
articles that get a high score value (--fetch-score option).
3. Added Swedish translation (Johan Svedberg)
4. Make hide_pgpsignature hide GnuPGs optional "NotDashEscaped" lines.
slrn does _not_ need libiconv (thanks wiz) despite what it says during
configure stage. If package gettext-lib is not installed, slrn builds
just fine without libiconv. A fix for this is supposed to be provided
in the near future.
indirectly by gettext-lib (if USE_GNU_GETTEXT was defined elsewhere).
Why this did not show up in the bulk builds I do not know.
Thanks go to Michael van Elst for help in tracking this down.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
Based upon the package provided by Joel CARNAT in PR pkg/26134
nget is a command line nntp file grabber.
It automatically pieces together multipart postings for easy
retrieval, even substituting parts from multiple servers and
newsgroups. Handles disconnects gracefully, resuming after the
last part succesfully downloaded.
features:
* Automatic multi-part post joining
* Automatic binary decoding (using uulib)
* Caches header data for quick access
* Full multi-server support, transparently joining parts
from different servers
* Full multi-group support, transparently joining parts from
multiple newsgroups
* Automatic retries on network errors
* Resumes after the last part successfully downloaded
* Dupe file detection to avoid unneeded downloads
* Select what to retrieve based upon a regular expresson (-r),
or even a more complex expression (-R) based upon any of the
file's subject, author, lines, bytes, # of parts we have,
# of parts req, date, age, messageid, and references.
* Search for newsgroups based on their names and/or descriptions
* Automatic handling of PAR and PAR2 files retrieves only as many
recovery files as necessary to repair any missing/damaged files.
LEAFNODE_DATA_DIR, LEAFNODE_USER and LEAFNODE_GROUP, to be used by leafnode
to specify the data dir, the user and the group, defaulting to 'news'.
Note: the default is the same as for inn.
Pointed out by Georg Schwarz in mail to tech-pkg.
* nntpd will now disable ln_log()'s sending its logging to the
console (stderr usually), to prevent them from being seen by the
newsreader, which then gets confused.
* Usage fixes and usage info update
* Fix memory leaks
* Other bug fixes
For a full listing, please see the ChangeLog supplied with the source
code.
the RCD_SCRIPTS rc.d script(s) to the PLIST.
This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.
This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)
These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)
I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.
Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
hard-coded etc/rc.d. These need to be fixed.
- maybe remove from mk/${OPSYS}.pkg.dist mtree specifications too.
doesn't crash on common configuration. Fixes PR 24982 by Gary Duzan.
Also, silently try to delete the configuration directory not to wipe the
user's configuration when updating the package.
Finally, mark this package as NetBSD and SunOS only, since it will fail
on other platforms by lack of default configuration.
Bump PKGREVISION.
Patch newsx's configure so that history method auto-detection can be
bypassed, which allows build on system with unconfigured inn (such as
for bulk-builds).
Bump PKGREVISION because now newsx always use indexed method.
* Adding conf-parameter NiceServer, NiceClient, NiceClean
with the setpriority function
* Adding conf-parameter ListenTo for multihomed hosts
* Performance for big NewsCache Spools: change NewsCacheClean
from chain to table
and lots of bugfixes.
Pkgsrc changes since previous version:
* Add the news user if necessary (and be compatible with the INN package).
* Use bsd.pkg.install.mk.
Vendor changes since previous version:
(see the Changelog for more details)
* Security fix. Do not lock up when the news header ends prematurely.
* Revise some memory handling and catch out-of-memory conditions.
* Fixes to syslog handling.
* Support XOVER without argument.
* Fix SEGV in fetchnews.c.
Newsx is an NNTP client for Unix. It will connect to a remote NNTP server and
post outgoing articles batched by the news system, as well as fetch incoming
articles.
It provides the NNTP capabilities required for small local news spools on
installations with NNTP access only through limited ISP accounts. It works well
via a dialup SLIP/PPP connection.
Newsx is also well suited for large spools with normal feeds, being used for
pulling newsgroups from specific NNTP servers that are not distributed in the
usual manner. Since newsx obeys the normal news spool configuration file and
requires little or no specific configuration, the administrative burden should
be minimized.
New / changed Features:
-----------------------
. Rebindable keys
. New pager
. Searched for strings are highlighted
. GPG support
. NLS support
. Charset conversion using iconv(3)
. Indicator for articles newer than n-days
. art_mark_read, art_mark_killed, art_mark_selected are now configurable
. Piping '|' now works on the thread menu
. configurable scrolling via scroll_lines
. configurable URL handler via url_handler
. '.' sorts the newsgroup list
. Lots of bug fixes
. xref filter rules are now matched against a the reformatted xref line
. some others
Retired Features
----------------
. INDEX_DAEMON is no longer supported
. -U indexing is no longer supported
. ~/.tin/headers file is no longer directly supported. Use:
. filter rules xref_num and xref_score have been removed
. some others
PR pkg/18081.
Complete change log at http://slrn.sourceforge.net/docs/changes.html .
Changes since slrn 0.9.7.4:
-1. Changes when building on Un*x: [...]
0. Bug fixes include: [...]
1. Changes to the user interface: [...]
2. When used in combination with slrnpull, slrn now supports "true offline
reading". [...]
3. slrnpull no longer completely rewrites the overview files when expiring
articles. [...]
4. If your terminal supports it (and you are not using Win32 or OS/2), you
can now use colors and attributes at the same time. [...]
5. Set use_recommended_msg_id to 1 in your config file if you want slrn to
make use of server-proposed Message-IDs. [...]
6. Added intrinsic functions [...]
7. Custom sorting now allows you to use different criteria for sorting
initial articles of threads and articles inside threads. [...]
9. When reading in spool mode with spool_check_up_on_nov set, slrn now finds
out the number of bytes of each article, even if it is not included in
the news overview file (based on a patch by Jurriaan W Kalkman).
10. Support Cancel-Locks using the canlock library (--with-canlock) that can
be obtained from <http://cssri.meowing.net/> [...]
11. Support GNU TLS via its new OpenSSL compatibility layer (--with-gnutls).
[...]
12. New command-line option "-w0" that waits on startup, but only if a
warning or error is displayed.
13. Updated cleanscore, see contrib/NEWS.cleanscore (Felix Schueller)
14. Verbatim text can be hidden using toggle_verbatim_text (default binding
'{') or hide_verbatim_text in the config file. (Arek Sochala)
15. The "BEGIN PGP SIGNED ARTICLE" line is displayed using the "pgpsignature"
color and stripped on followups. (Emmanuele Bassi)
16. If query_read_group_cutoff is set to -n, slrn will automatically
(without prompting) download n articles when more than n are present.
17. Support Turkish characters on Win32 - set charset to "ibm857" for this.
With help from A. Alper ATICI
18. Re-structured the manual and added a chapter about slang's
pre-processing facilities. (Matthias Friedrich)
19. The config variable cc_followup_string is obsolete [...]
20. New translations: [be, fi, tr]
21. Remove duplicates when browsing URLs (Ruediger Sonderfeld)
22. IPv6 support (requires getaddrinfo; patch by J.H.M. Dassen (Ray))
23. A new, updated and more comprehensive FAQ (doc/FAQ) - it replaces the
files FAQ, SCORE_FAQ and slrnpull/FAQ (written by Matthias Friedrich and
me, based on John E. Davis' original files).
USE_GCC2 or USE_GCC3 where appropriate.
the functionality of the old gcc.buildlink2.mk has been rolled into
compiler.mk now, which is automatically used.
more changes to come later...
==============================================================================
* 1.9.43, 2003-09-04
### INCOMPATIBLE CHANGE
- In the traditional spool, newsgroups with all-numeric components show up
with a - (minus, hyphen) prefixed to the number, the newsgroup example.1234
will be stored as /var/spool/news/example/-1234.
It is believed this change does not cause troubles because news systems that
offered the traditional spool have been incapable of providing news access,
and because the count of news groups with such names is way below 0.1% on
the news servers I have access to. The gain in functionality justifies the
incompatibility.
NOTE: this only affects newsreaders that directly access the spool.
NNTP-based newsreaders will see no difference.
### BUGFIXES
- Fix leafnode.8 manual pages (EN and DE languages) to explain 0 and negative
values for expire/groupexpire.
- Avoid premature abort (that causes .overview and groupinfo files to become
stale) when the stdout becomes disconnected. Reported by Sytse van Slooten.
- Make sure that texpire fixes the groupinfo lines of groups in "archive mode"
(groupexpire -1). Reported by Sytse van Slooten.
- Repair groupexpire 0 (= use global default, rather than expire immediately).
Broken since 1.9.23.
- Make sure that fetchnews complains when a timeout happens while reading
newsgroups lists ("active file") or newsgroup descriptions. Found after a
related report from Tim Daneliuk.
- Use different fix for newsgroup names with all-numeric components that does
not require two stat() calls in XOVER handling. Tracked down and reported by
Rein Klazes.
- Remove bogus error messages "article * is below/above the *-water mark" that
occur when reading a group that fetchnews is fetching into. Reported by Rein
Klazes.
- Make sure XOVER related error messages don't show up in the NNTP client.
### CHANGES
- fetchnews puts stdout into line buffered, or -- failing that -- unbuffered
mode (Patch by Mark Brown, Debian maintainer).
- leafnode processes warn (syslog and stderr) when a groupexpire is set to 0
(which means "use the default", which some users may not be aware of).
### DOCUMENTATION
- Added FAQ item on running leafnode as nntps server.
- Mention SuSEconfig difficulties with /etc/hosts in README-FQDN*
- Clarify item #13 in INSTALL.
==============================================================================
* 1.9.42, 2003-06-27
### SECURITY RELEVANT BUGFIXES
- Fix hang when trying to download an article that lacked mandatory headers.
(Very old bug, recently found by Joshua Crawford)
NOTE: this assertion that the bug is security relevant (denial of service)
has been made after 1.9.42 release.
### BUGFIXES
- Check lastreply() against NULL, in an effort to fix obscure sporadic and
non-reproducable crashes on OpenBSD sparc64. (Reported by Bruno Rohee)
- Fix bogus "Cannot open .../interesting.group/group.name for reading" when a
group subscription has expired. (Reported by Andreas Muck)
### CHANGES
- The ChangeLog file has been split, older parts (leafnode 1.9.31.rel and
before) have moved to the "new" ChangeLog.old file.
==============================================================================
* 1.9.41, 2003-05-22
### BUGFIXES
- Fix the "leafnode keeps fetching a group I've unsubscribed from long ago"
bug that haunted leafnode since 1.9.18 at the latest and that was more
prominent with the delaybody migration fixes of 1.9.33. Reported by Andreas
Muck and Gerry Doris.
- "make clean" no longer erases t.pcre_extract
### CHANGES
- Add an EXPERIMENTAL feature, delaybody_in_situ. This may work around
problems with particular newsreaders in delaybody mode. Do not rely on this
feature for now, and do send feedback if you use it, regardless of whether
it works or not. Defaults to off (compatible with previous versions). If you
don't know what it is about, leave it off.
- Some messages in fetchnews have been reworded to make them clearer and more
helpful.
### PORTABIILTY
- Find tcpd on OpenBSD at build time. Patch by Bruno Rohee.
==============================================================================
* 1.9.40, 2003-05-08
### BUGFIX
- Leafnode no longer aborts when using the replacement snprintf function
(FreeBSD) and is about to display a pseudo article.
New Features include:
Added support for GNet2, which adds IPv6 support to Pan.
Added Baltic Windows-1257 charset support.
Display the total score for a thread when the thread is collapsed.
Added menu buttons and shortcuts for `go to next new article' and
`go to next new thread'
Also lots of bug fixes and usability improvements.
For the complete list see http://pan.rebelbase.org/ or read the ChangeLog.
Test76 is a bug-fix release that mainly fixes a potential crash
bug, but also has several other minor changes.
Test 75 provides some simple bug fixes and minor improvements that
have been simmering for quite some time.
now and not NetBSD-*-arm32. Changes include one or more of:
- Change MACHINE_ARCH == arm32 to also match arm
- Where ONLY_FOR_PLATFORM includes NetBSD-*-arm32, add NetBSD-*-arm
- Where BROKEN or worked around for arm gcc bugs, set USE_GCC3
The last may shake out a few more broken packages the next bulk build.
- Clients using POST are no longer permitted to provide an Injector-Info
header.
- Fixed a bug causing posts with Followup-To set to a moderated group to
be rejected if the posting user didn't have permission to approve
postings.
- Fixed bugs in inncheck with setuid rnews or setgid inews, in
innconfval with inn.conf parameters containing shell metacharacters
but no spaces, and in parsedate.y with some versions of yacc. Fixed a
variety of size-related printf format warnings (e.g., %d vs. %ld)
thanks to the work of Winfried Szukalski.
While INN 2.3.5 is not the latest officially released version it is the
latest one for which an IPv6 patch is available.
Supports slrn and XNews-style scorefiles.
Added sixth layout mode in the Preferences|Layout dialog.
Added a default character set to the Posting Profiles.
Faster article filters.
Lots of bugfixes.
o Bugfixes were published on the slrn website since the release
of 0.9.7.4 last year. Even though no new version was released,
they are quite needed for normal operation (specifically, I was
hit by a locale bug that makes slrn segfault when scoring).
o ${PKGLOCALEDIR} needs to be enforced both in package's Makefile
and PLIT, and in the source (po Makefile has a hard-coded path
that may not match the path used in other parts of the source
tree).
Changes:
both.c - sgetline() - changes to fix SSL bug with the select,
connect_to_nntphost() - add code to handle
host:port syntax. This fix also allows you to
specify a port number for the local host.
suck.c - to handle SIGINT in addition to SIGTERM,
build_command() fix in potential buffer overflow
testhost.c - added -Q option, to allow user to specify
NNTP authentiation via env variables.
And other bug fixes.
- LIST ACTIVE no longer returns data when given a single group argument
if the client is not authorized to read that group.
- XHDR and XPAT weren't correctly parsing article headers, resulting in
searches for the header "newsgroup" matching the header "newsgroups".
- Made CNFS more robust against crashes by actually syncing the cycbuff
headers to disk as was originally intended. Fixed a memory leak in
the tradspool code.
- Two bugs in pgpverify when using GnuPG were fixed: it now correctly
checks for gpgv (rather than pgp) when told to use GnuPG and expects
the keyring to be pubring.gpg (not pubring.pgp).
- Substantial updates to the sample provided control.ctl file.
- Compilation fixes with Perl 5.8.0, BerkeleyDB 4.x, current versions of
Linux (including with large file support), and Tru64. inndf fixes for
ReiserFS.
- Various bugs in the header handling in nnrpd have been fixed,
including hangs when using virtual domains and improper processing of
folded headers under certain circumstances.
- Other minor bug fixes and documentation improvements.
While INN 2.3.4 is not the latest officially released version it is the
latest one for which an IPv6 patch is available.
This release adds a faster task manager, faster loading of large
groups, a few major bugfixes, about a dozen minor bugfixes, fifteen
updated translations, and many usability improvements.
Summary of changes since 1.9.31:
Bug and documentation fixes including:
* fetchnews_check_date.c: Portability: don't pass time_t to
syslog(...%ld...), sizeof time_t != sizeof long on 64bit FreeBSD,
reported by Christian Weisgerber <naddy@mips.inka.de>.
* fetchnews_check_date.c: Check for overflow of time difference.
Paranoia mode, someone needs to hose his clock by at least 68 years
to run into this.
* miscutil.c, TODO: Change to spooldir at the end of initvars()
(after changing uid/gid) to avoid barfing when run from
misconfigured cron.
* pcre_extract.c: Fix abort when extracting string, introduced with
previous strlcpy -> xstrlcpy commit. Reported by Joshua Crawford
<mortarn@softhome.net> Add debug variable to conditional TEST part
to use this code standalone.
* fetchnews.c: Several bug fixes
Please see the ChangeLog file in the source distribution for more details.
Extract of changes:
-Q option to specify NNTP authentication via environment variables
Changes to allow it to use SSL.
-i option, to ignore the readonly opening response and try to post
anyway, since inn-2.3, when using authinfo, still sends 201 code
meaning readonly.
do_one_group() - added code for resetcounter
option. If remote end resets its article numbers
the normal suck response is to ignore the group
and reset the lastread counter to match the current
high counter. This option tells suck to reset
its lastread counter to the low counter, effectively
causing suck to get all articles for the group, and
use the historydb to check for dupes.
Added low_read option. This option is used in concert
with the maxread option of the sucknewsrc. Normally
when there is a maxread in the sucknewsrc, suck will
download the newest articles. This option tells suck
to download instead the oldest articles.
do_articles() - added code for show_group option.
This option will add the name of the current group
to the BPS display as you download the articles.
do_nodownload() - added, this routine allows you
to specifiy Message-IDs to never download. See the
SUCKNODOWNLOAD section in the man page.
Bugfixes and code cleanups.
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
