1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219
|
THIS IS AN OVERVIEW OVER THE MORE SEVERE BUGS THAT ANNOY LEAFNODE USERS
This document is by no means complete. Check NEWS and ChangeLog for the
full round-up on bugs fixed in leafnode - particularly, not all security
bugs are listed here!
Legend:
TRIGG: means trigger
NEW IN: describes the version when the bug was introduced. "Old" means
before 1.9.20.
RATE: estimates how severe the bug is.
------------------------------------------------------------------------
BUG: - connection hang while fetching header
CVE: 2005-1911
RATE: MODERATE
FIXED: 1.11.3
CREDIT: Adam Funk
BUG: - connection abort while article is read causes fetchnews crash
CVE: 2005-1453
RATE: MODERATE
NEW IN: 1.9.52
FIXED: 1.11.2
BUG: - connection abort while header is read causes fetchnews crash
CVE: 2005-1453
RATE: MODERATE
NEW IN: 1.9.48
FIXED: 1.11.2
BUG: - fetchnews does not support IPv6
RATE: MINOR
FIXED: 1.11.0
BUG: - cannot use # in passwords
RATE: MINOR
FIXED: 1.11.0
BUG: - empty groups expire prematurely
RATE: MODERATE
FIXED: 1.10.8
CREDIT: Brian Sammon
BUG: - runtime failure on old systems with broken snprintf
RATE: CRITICAL
FIXED: 1.10.7
CREDIT: Michael Buerle
BUG: - failing server with noactive still requests active update
RATE: MODERATE
FIXED: 1.10.6
CREDIT: Brian Sammon (analysis and patch)
BUG: - duplicates in delaybody mode
RATE: MINOR
TRIGG: classic delaybody mode (delaybody_in_situ is unset)
NEW IN: 1.9.50
FIXED: 1.10.5
CREDIT: Til Schubbe
BUG: - lots of relinks, texpire expires too many articles
RATE: CRITICAL
TRIGG: running another leafnode program (except leafnode itself)
while texpire is running
NEW IN: 1.9.54
FIXED: 1.10.4
CREDIT: Rein Klazes
BUG: - .overview.XXXXXX files prevent removal of empty group
directories
RATE: MINOR
FIXED: 1.10.2
CREDIT: Johannes Berg
BUG: - Xref information missing from overview
RATE: MINOR
FIXED: 1.10.1
NEW IN: 1.9.50
CREDIT: "SINNER" (news.software.readers), Jrg Lders
BUG: - texpire segfaults
RATE: MODERATE
TRIGG: expiring a group that has been deleted from the groupinfo but is
present on disk
premature abort with mids files left in the spool that texpire
has written
FIXED: 1.10.0
NEW IN: 1.9.52
CREDIT: Johannes Berg
BUG: - fetchnews keeps fetching the full newsgroups list
RATE: MODERATE
TRIGG: upstream server on a non-standard port
FIXED: 1.9.52
CREDIT: Cory C. Albrecht, Joshua Crawford
BUG: - archived groups show errors in access
RATE: MODERATE
FIXED: 1.9.53
BUG: - stale .overview and groupinfo files
RATE: MODERATE
TRIGG: stdout disconnected prematurely, or groupexpire -1
FIXED: 1.9.43
CREDIT: Sytse van Slooten
BUG: - fetchnews XOVER handling (after disconnect) is extremely slow
RATE: MINOR
NEW IN: 1.9.33
FIXED: 1.9.43
CREDIT: Rein Klazes (for debugging)
BUG: - fetchnews hangs
RATE: CRITICAL, SECURITY (remote denial of service)
TRIGG: missing mandatory header
NEW IN: old
FIXED: 1.9.42
CREDIT: Joshua Crawford (for the first bug report to point to the bug)
BUG: - fetchnews does not stop fetching a group I unsubscribed from
RATE: MODERATE
TRIGG: delaybody=1 before 1.9.32, unconditional since 1.9.33
NEW IN: old
FIXED: 1.9.41
CREDIT: Andreas Muck, Gerry Doris
BUG: - cascaded leafnode installations lose own posts to pseudogroups
RATE: CRITICAL
NEW IN: old
FIXED: 1.9.39
CREDIT: Kyler Laird
BUG: - incomplete active file
RATE: SEVERE
NEW IN: old
FIXED: 1.9.37
BUG: - fetchnews misses lots of articles
- lots of "cannot parse server reply" in the logs, with lines from
article text
RATE: SEVERE
TRIGG: filtered articles
NEW IN: 1.9.33
FIXED: 1.9.36
BUGFIX: update to >=1.9.36, then run fetchnews with -x option to fetch the
missed articles, example: fetchnews -nx 1000
BUG: - newsreader hangs when accessing an article without Message-ID
RATE: MODERATE
TRIGG: news spool corruption
FIXED: 1.9.33
BUG: - fetchnews doesn't post articles (incompatibility)
RATE: IRRELEVANT
TRIGG: user hasn't read UPDATING instructions properly
NEW IN: 1.9.23
FIXED: 1.9.33
BUG: - fetchnews cannot access articles after switching delaybody to 0
RATE: MODERATE
FIXED: 1.9.33
BUG: - not getting pseudo article when "reviving" an uninteresting group
RATE: MODERATE
FIXED: 1.9.33
BUG: - pressing Ctrl-C more than once confuses leafnode
RATE: MODERATE
FIXED: 1.9.33
CREDIT: Ralf Wildenhues (sent bugfix)
BUG: - timeout not detected on non-BSD, non-Linux systems
RATE: MODERATE
FIXED: 1.9.31
CREDIT: Richard van der Hoff (sent bugfix)
BUG: - leafnode goes 100% CPU when requesting article by message-ID
RATE: CRITICAL, SECURITY (trusted host denial of service)
FIXED: 1.9.33 for good, first attempt in 1.9.30
CREDIT: Jan Knutar (report)
BUG: - fetchnews segfaults when new groups are on server
RATE: CRITICAL
FIXED: 1.9.29
CREDIT: Ken Shan
BUG: - leafnode goes 100% CPU on machines with lots of network interfaces
RATE: CRITICAL
NEW IN: 1.9.23
FIXED: 1.9.27
BUG: - texpire chokes if /var/spool/news/lost+found exists
RATE: MODERATE
FIXED: 1.9.26
CREDIT: William Grinolds
BUG: - leafnode: NNTP command LIST ACTIVE.TIME returns bogus data
RATE: MINOR
FIXED: 1.9.25
BUG: - crashes when XOVER is sent before GROUP
- ARTICLE/STAT/HEAD/BODY to current article pointer fails
RATE: MODERATE
FIXED: 1.9.24
BUG: - incomplete article posted by fetchnews
RATE: CRITICAL (data loss)
TRIGG: fetchnews runs at the same time as a client posts the article
FIXED: 1.9.23
BUG: - Bogus Message-ID generated for posted articles
RATE: MINOR
FIXED: 1.9.23
CREDIT: Andreas Muck
BUG: - locking does not work at all
RATE: CRITICAL (data loss)
FIXED: 1.9.20
TRIGG: multiple fetchnews/texpire run at the same time
|