2004-01-07
Full changes and diff from previous release
Bug Fixes
-
SECURITY: Handle the special filing of control messages into per-type newsgroups more robustly. This closes a potentially exploitable buffer overflow. Thanks to Dan Riley for his excellent bug report.
-
Fixed article handling in innd so that articles without a Path header field (arising from peers sending malformatted articles or injecting malformatted articles through rnews) would not cause innd to crash. (This was not exploitable.)
-
Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen.
-
Do not close and reopen the history file on ctlinnd reload when the server is paused or throttled. This was breaking ctlinnd reload all during a server pause.
-
The robustness of the tradindexed overview method has been further increased, handling more edge cases arising from corrupted databases and oddly-named newsgroups.
-
Various minor portability and compilation issues fixed. Substantial numbers of compiler warnings have been cleaned up, thanks largely to work by Ilya Kovalenko.
-
Multiple other more minor bugs have been fixed.
-
Documentation and man pages have been clarified and updated.
New Features
-
configurenow looks for sendmail only in /usr/sbin and /usr/lib, not on the user's path. This should reduce the need for --with-sendmail if your preferred sendmail is in a standard location. -
innd now never decreases the high water mark of a newsgroup when renumbering, which should help ameliorate overview and active file synchronization problems.