INN 1.5.1 Software Action Items
These are for 1.5.1 branches, including inn1.5.1corr/1.7 and 1.5.1sec2.
Note that INN 1.4xxxx probably has similar problems and even more defects.
See Also
Defect lists for INN versions 1.5.1 and later
For an overview comparison of 1.5.1, 1.5.1sec2, 1.5.2pre1, 1.6b3, and 1.5.1corr, see inn1.5.1corr/1.7
To inspect the code which changed. See Unified Sources (1.5.2pre1 is not included)
Each item is tagged with a severity. See About Severity tags for Software Action Items
for a description.
Critical: Arbitrary command execution as user news via control messages,
regardless of control.ctl settings.
Applies to:INN-1.5.1/site/parsecontrol
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1corr 1.5.1corr is a corrective release, which installs
over the top of existing inn1.5.1 to fix other defects. Apply this patch separately
Patches to use:
ftp://ftp.isc.org/isc/inn/patches/security-patch.05
Authored: James Brister, 4 Apr 1997
Versions Correct/Corrected:
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Critical: 1060 character Path header crashes innd.
Critical: Rare sequence of history file entries causes invalid history file entry.
Critical: INN hangs when processing ctlinnd addhist with massively crossposted articles
ctlinnd addhist is used by some "third-party" utilities, such as nocem.
Critical: Uses memcpy(). Argument could copy more bytes than necessary, possibly causing a segfault.
Applies to:expire/makehistory.c near line 246
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Critical: Make sure newsfeeds has exactly one ME entry. (innd needs this
to run correctly, or may crash when reloading various files.)
Applies to:innd/newsfeeds.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.6b3
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.7
1.7.1
1.7.2
Critical: Handling of error return from ARTclean()
Applies to:innd/art.c: Line 1750.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Critical: Added test to Write to history file only if Data.MessageID.
Applies to:innd/art.c: Line 1788, 3 places
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Critical: Certain newgroup control messages can crash INN.
Applies to: innd/cc.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1corr
Patches to use:
1.5.1, 1.5.1corr A fix is described in the message to the Usenet RKT subscribers: 19971010: Recent newgroup denial of service attack
Versions Correct/Corrected:
1.5.1sec2 (although 1.5.1sec2 has other vulnerabilities)
1.6b3: Although active.times will get a slightly invalid entry with those long newgroup messages..
1.7
1.7.1
1.7.2
Critical: INN corrupts the active file if ctlinnd rmgroup/ctlinnd newgroup when throttled.
See INN FAQ 6.3
Applies to:??? Not identified.
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
1.7.1
1.7.2
Patches to use:
Problem has not been identified. No fix is known.
Versions Corrected/Not present in:
Critical: String buffer overrun possibility when reporting invalid control message.
Applies to: nnrpd/post.c near line 217
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.5.1sec2 Using snprintf which can truncate response.
1.6b3 Yes, using snprintf which can truncate response.
1.7 Yes, using MaxLength() which preserves message.
1.7.1 Yes, using MaxLength() which preserves message.
1.7.2 Yes, using MaxLength() which preserves message.
Critical: String buffer overrun possibility when reporting invalid distribution
Applies to: nnrpd/post.c near line 242
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.5.1sec2 Using snprintf which can truncate response.
1.6b3 Yes, using snprintf which can truncate response.
1.7 Yes, using MaxLength() which preserves message.
1.7.1 Yes, using MaxLength() which preserves message.
1.7.2 Yes, using MaxLength() which preserves message.
Critical: String buffer overrun possibility when reporting invalid newsgroups
Applies to: nnrpd/post.c near line 627
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1corr
1.5.1sec2 Using snprintf which can truncate response.
1.6b3 Yes, using snprintf which can truncate response.
1.7 Yes, using MaxLength() which preserves message.
1.7.1 Yes, using MaxLength() which preserves message.
1.7.2 Yes, using MaxLength() which preserves message.
Critical: String buffer overrun possibility when copying "from" header. This is the string buffer overrun which opens a security hole.
Applies to: nnrpd/post.c near line 801
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Critical: String buffer overrun possibility when copying message ID
Applies to: nnrpd/post.c near line 910
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Critical: String buffer overrun possibility when copying message ID
Applies to: nnrpd/article.c near line 497
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1sec2 (uses snprintf)
1.5.1corr
1.6b3 (uses snprintf)
1.7
1.7.1
1.7.2
Critical: String buffer overrun possibility when processing NCstat for message ID's > 249 characters in length. Crashes innd.
Applies to: innd/nc.c NCstat()
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1sec2 uses snprintf, returns truncated reply
1.5.1corr (no truncation.)
1.6b3 uses snprintf, returns truncated reply
1.7 (no truncation.)
1.7.1 (no truncation.)
1.7.2 (no truncation)
Critical: INN internal buffer copy of backlogged channel fails, leading to crashes
Critical: INN can crash when processing ctlinnd feedinfo when a site is sleeping.
Applies to:innd/site.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
1.7.1
1.7.2
Patches to use:
Behavior reported 03/11/1998 by Chris van den Berg.
Fix by Forrest Cavalier. 980311b.msg
Versions Corrected/Not present in:
Critical: The CheckIncludedText() routines in frontends/inews.c and nnrpd/post.c
can walk past the end of the article buffer (sometimes resulting in a core
dump) when CHECK_INCLUDED_TEXT is DO
Applies to: nnrpd/nnrpd.c, frontends/inews.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 01/11/1998 by Craig Leres <leres@ee.lbl.gov> to inn-bugs@isc.org.
980111b.msg
Versions Correct/Corrected:
Defect:Response to HEAD, BODY, and ARTICLE, when requesting by Message ID don't comply with RFC977
Applies to: nnrpd/article.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.7
Patches to use:
None known.
Versions Correct/Corrected:
1.6b3
1.7.1
1.7.2
Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing crosspost dependencies: (all)
Missing actsync dependency: include/mydir.h
Applies to:backends/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
Patches to use:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing makehistory dependencies inndcomm.h, mydir.h
Applies to:expire/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
Patches to use:
None known. Workaround: Run make clean after config.data changes.
Details:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing clientactive.o dependencies: macros.h nntp.h
Missing clientlib.o dependency: paths.h
Extra clientlib.o dependency: macros.h
Missing getmodaddr.o dependency: nntp.h
Missing perl.o dependencies
Applies to:lib/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
Patches to use:
None known. Workaround: Run make clean after config.data changes.
Details:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing perl.o dependency: post.h
Missing post.o dependency: post.h
Applies to:nnrpd/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
Patches to use:
None known. Workaround: Run make clean after config.data changes.
Details:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Possible invalid compile if make clean is not run after config.data changes.
Missing art.o dependency: art.h
Missing his.o dependency: dbz.h
Missing nc.o dependency: dbz.h
Missing perl.o dependency: art.h
Applies to:innd/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
Patches to use:
None known. Workaround: Run make clean after config.data changes.
Details:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: make depend: rule does not include dbz.c
Applies to:expire/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
None known. Workaround: Don't run make depend
Versions Correct/Corrected:
Defect: make depend: rule does not include decode.c encode.c getlist innconfval
Applies to:frontends/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
None known. Workaround: Don't run make depend
Versions Correct/Corrected:
Defect: make depend: rule does not include inndstart.c
Applies to:innd/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
None known. Workaround: Don't run make depend
Versions Correct/Corrected:
Defect: strncpy and strcat use, but no null terminator or limit guaranteed. This is in code that is disabled.
Applies to: lib/getfqdn.c near line 50
Versions Defective/not fixed:
1.5.1
Patches to use:
None known.
Versions Correct/Corrected:
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: expireover small memory leak when there are empty headers (very rare case)
Applies to: expire/expireover.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.6b3 (when expireover-memleak patch is applied)
Patches to use:
None known.
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Posting to moderated newsgroup through inews leaves temp file.
Applies to: frontends/inews.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 01/31/1998 by J Scott Berg <jsberg@indiana.edu> to inn-bugs@isc.org.
For Versions 1.5.1corr, 1.6b3, 1.7x: 980131.msg
For other versions. None known. See the message and patch by hand.
Versions Correct/Corrected:
Defect: pstat() (for setproctitle) called incorrectly on HPUX systems.
Applies to: nnrpd/nnrpd.c on HPUX systems when HAVE_SETPROCTITLE is DO
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 12/17/1997 by John Schmitz <schmitz@vid.hp.com> to inn-bugs@isc.org.
971217.msg
Versions Correct/Corrected:
Defect: inews imposes an undocumented limit on header lines. (Approximately 50)
and inaccurately reports exceeding the limit.
Applies to: frontends/inews.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
None known. The defective code is described in a 01/11/98 message by
"Ronald F. Guilmette" <rfg@monkeys.com> to inn-bugs@isc.org.
980111c.msg
Versions Correct/Corrected:
Defect: LIKE_PULLERS DONT code does not work.
Applies to: nnrpd/article.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.7
Patches to use:
Patch for 1.5.1: Not known, inspect the code in 1.6b3, which inserts a 1 second delay if more than 100 articles have been accessed during a connection. The 1.5.1code inserted the delay before the article, the correction inserts it after, which is less annoying. Even so, this won't slow pullers down very much, who have taken to gathering 99 articles and then reconnecting.
The general work around is to set LIKE_PULLERS to DO.
Versions Correct/Corrected:
1.5.1sec2: see note above
1.6b3: see note above
1.7.1: see note above
1.7.2: see note above
Defect: nnrpd crashes with long lines in corrupt overview files
Applies to nnrpd/article.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
Patches to use:
For 1.5.1/1.7: Edward Marshall emarshal@xnet.com 29Aug1997
Versions Correct/Corrected:
Defect: actsync -I does not work properly in many cases.
Reported to inn-bugs by pmb1@york.ac.uk, 6 Nov 1997.
Applies to: backends/actsync.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
Patches to use:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: .pl scripts fail when newsmaster e-mail address contains a '@'
Applies to: innshellvars.pl
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 98/01/12 by Fabien Tassin <tassin@eerie.fr> to inn-patches@vix.com
98011c.msg
Versions Correct/Corrected:
Defect:A "hard-coded" path instead of ${UUSPOOL} is used for uucp.
Reported by Philippe Charnier <charnier@xp11.frmug.org> to inn-bugs 9 Nov 1997.
Applies to: samples/sendbatch
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
Patches to use:
Versions Correct/Corrected:
1.7.1
1.7.2
Defect: Incorrect sequencing of I/O channel operations, can cause failure to send output.
Applies to: innd/nc.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
Defect Patch for 1.5.1: Not available separately. These fixes are part of the
large patch ftp://ftp.isc.org/isc/inn/unoff-patches/1.5.1/inn-patch-apb-19970129 which contains additional features and improvements, as well as some author preferences in Makefiles, logging.
Authored: Alan Barrett, 29 Jan 1997
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Compile time problem due to use of DO_USE_UNION_WAIT instead of !defined(DONT_USE_UNION_WAIT)
Applies to: backends/actsync.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Casts to ensure long.
Applies to: backends/actsync.c near line 3391
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Code could try to MakeDir("")
Applies to:backends/archive.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Code to handle batch files of 0 length
Applies to:backends/innxbatch.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.
Applies to:frontends/inews.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Prevent the use of function call DDend() within DISPOSE(), in case your DISPOSE macro was something fancier than a single function call.
Applies to:nnrpd/post.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Compile time. __NetBSD__ added to exclusions on conditional section
Applies to:frontends/rnews.c Near line 821
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Some year 2038 fixes
Applies to:expire/makehistory.c near line 380
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Some year 2038 fixes
Applies to:expire/expire.c near line 46 and 799
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: if a header is duplicated, the first one should be used to generate overview data.
Applies to:expire/expireover.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Channel feeds (such as the one to overchan) sometimes backlog due to not being written often enough.
Defect: INN can't receive multiple XBATCH batches on the same connection.
Applies to: innd/nc.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 2/25/1998 by av@omega.ssw.de (Andreas Vogel) to inn-bugs@isc.org.
980225.msg
Versions Correct/Corrected:
Defect: backends/batcher.c can enter an infinite loop if a signal is received during a
read loop.
Applies to: backends/batcher.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 2/09/1998 by Andreas Jaeger <aj@arthur.rhein-neckar.de> to inn-bugs@isc.org, fix suggested by Don Lewis.
980209.msg
Versions Correct/Corrected:
Defect: nnrpd does not check permissions when listing newsgroups with the XGTITLE command
Applies to: nnrpd/group.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 2 Mar 1998 from Sven Paulus <sven@oops.sub.de> to inn-patches@isc.org.
980302.msg
Versions Correct/Corrected:
Defect: nnrpd does not always check permissions when listing newsgroups with the LIST ACTIVE command
Applies to: nnrpd/commands.c
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 11 Mar 1998 from Sven Paulus <sven@oops.sub.de> to inn-patches@isc.org.
980311.msg
Versions Correct/Corrected:
Defect: nnrpd does not check IP address when checking USER/PASS combinations.
Applies to: nnrpd/commands.c, nnrpd/nnrpd.c, nnrpd/nnrpd.h
Versions Defective/not fixed:
1.5.1
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 26 Feb 1998 from Martin Ostermann <ost@comnets.rwth-aachen.de> to inn-bugs@isc.org.
980226.msg
Versions Correct/Corrected:
Defect: Compile time. Compile conditional test is now DO_HAVE_SETBUFFER, instead of HAVE_SETBUFFER.
Applies to:innd/innd.c Near Line 23.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Compile time. Ownership of man pages is not set to news when run make install as root. This can prevent later updates.
Applies to:doc/Makefile
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 98/01/12 by Fabien Tassin <tassin@eerie.fr> to inn-patches@vix.com
980112.msg
Versions Correct/Corrected:
Defect: Clear IP_OPTIONS, including source routing on the socket.
Applies to:innd/rc.c. Near line 246+added function.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: initialization of the streaming flag in structure filled by reading hosts.nntp
Applies to:innd/rc.c Near line 518:
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: year 2038 fix.
Applies to:innd/his.c: Two places near line 258
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: compile time. Inclusion of <unistd.h>, <errno.h>
Applies to:innd/inndstart.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: compile time. Inclusion of <sys/resource.h> regardless of NOFILE_LIMIT
Applies to:innd/inndstart.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: String buffer overrun.
Applies to:innd/cc.c, near line 465
Versions Defective/not fixed:
1.5.1
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.5.1sec2
1.6b3
1.7
1.7.1
1.7.2
Defect: Compile-time, O/S dependent. Fixes ENOTSOCK and ENOTTY compile time tests after SetNonBlocking() fails.
Applies to:innd/chan.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Handling of case when header line starts with ': ', Not sure if this is a security issue.
Applies to:innd/art.c:Line 693.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Year 2000 fix.
Applies to:nnrpd/misc.c in function NNTPtoGMT()
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: strncpy was used without storing null terminator
Applies to:nnrpd/nnrpd.c, near line 442.
Versions Defective/not fixed:
1.5.1
Patches to use:
None known
Versions Correct/Corrected:
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: smarter handling of creating symlinks when directory had not already existed...
Applies to: backends/crosspost.c near Line 149, 171
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: optimization if client asks for !* as groups happened too late.
Applies to:nnrpd/newnews.c (two places, same patch.)
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
Patch for 1.5.1: Not known if on-line, but see message from jpc to inn-workers 9 Mar 1997
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Defect: Logs reporting pgp errors when processing control messages were going to the wrong place. Reported to inn-bugs by Mike Brudenell <pmb1@york.ac.uk>, 6 Nov 1997.
Applies to: parsecontrol
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.6b3
1.5.1corr
1.7
Patches to use:
None known.
Versions Correct/Corrected:
1.7.1
1.7.2
Annoyance: Inefficient handling of creating symlinks when directory had not already existed...
Applies to: backends/crosspost.c near Line 149, 171
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: fastrm.c Formating of Error message if unlink fails in fastrm
Applies to: expire/fastrm.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.6b3
1.5.1corr
1.7
1.7.1
1.7.2
Patches to use:
None known.
Versions Correct/Corrected:
Annoyance:Error handling after 10 attempts of actsync fail.
actsyncd.sh does not properly write an error message after 10 failed attempts (6 minutes apart) of actsync. Reported to inn-bugs by pmb1@york.ac.uk, 13 Nov 1997.
Applies to backends/actsyncd.sh
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
Patches to use:
Versions Correct/Corrected:
1.7.1
1.7.2
Annoyance: "Duplicate" message was not getting trailing newline.
Applies to:frontends/rnews.c Near line 300.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: actsync does not report group names correctly when ctlinnd fails.
(Can leave out a space.)
Applies to:backends/actsync.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
None known. The error is described in a 01/11/98 message by John Line to inn-bugs.
980111.msg
Versions Correct/Corrected:
Annoyance: Cancelled articles causing "437 Duplicate article" log entries and history records
Applies to:INN-1.5.1/innd/art.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
Patch for 1.5.1 is ftp://ftp.isc.org/isc/inn/unoff-patches/1.5.1/art.c-misc-changes.patch
Authored: J. Porter Clark, 31 Mar 1997
Note: This patch is not applied verbatim in 1.5.1corr and 1.6b3, but the code is fixed.
One optimization of if() condition order is not in 1.5.1corr nor 1.6b3.
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: skip lines containing only spaces and tabs as comments.
Applies to:innd/newsfeeds.c: Near line 97:
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: Don't append the same path twice
Applies to:innd/art.c: Line 565,
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: History DB entries for Cancelled articles are tagged with inappropriate arrival date
Annoyance: printf needs %% to print a single %
Applies to: backends/actsync.c near line 969.
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: No usage error when number of args was 3
Applies to:backends/sendxbatches.sh
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Annoyance: Compile time. getrusage() is available but not declared in header files on Solaris < v2.6
Applies to:lib/resource.c on Solaris 2.4, 2.5 when RES_RUSAGE
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Patches to use:
Reported 98/01/12 by Fabien Tassin <tassin@eerie.fr> to inn-patches@vix.com
980112b.msg
Versions Correct/Corrected:
Maintenance: ARTmakeoverview does not initialize the .Size member of a BUFFER. This is a benign bug: it could never cause invalid operation, but does violate BUFFER handling assumptions.
innd/art.c
OS: all
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
1.7.1
1.7.2
Patches to use:
None known.
Versions Correct/Corrected:
Maintenance: removal of bogus width field to %ld printf argument. not needed and doesn't do any good anyway.
Applies to: backends/actsync.c near Lines 3433, 3449
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.2
Maintenance: Two changes to static declarations of functions...
Applies to:expire/expireover.c
Versions Defective/not fixed:
1.5.1
1.5.1sec2
Patches to use:
None known
Versions Correct/Corrected:
1.5.1corr
1.6b3
1.7
1.7.1
1.7.2
Maintenance: Dummy function for fchmod() in buffchan should return 0.
backends/buffchan.c
OS: systems where config.data has HAVE_FCHMOD DONT
Versions Defective/not fixed:
1.5.1
1.5.1sec2
1.5.1corr
1.7
1.6b3
1.7.1
1.7.2
Patches to use:
None known. Insert a return 0; statement
Versions Correct/Corrected:
RKT Rapid-Links:[Search] [RKT Tips] Path: / Usenet RKT / For Providers / INN Patches / 0041.htm
You can find a summary and links related to this topic
as part of the Mib Software Usenet RKT.