CHANGELOG

WendzelNNTPd ChangeLog:

----------------- version 2.x ------------------

2.2-alpha1 "Giersleben" : t.b.d.
 --- This is expected to become a new major release once the TODO
 --- tasks are finished in circa late-2024.
***TODO***:
 - Make sure the server still runs on Net/Open/FreeBSD.
 - Check functioning of "posting (not) allowed" flag when using the
   MySQL database.
 - Excessive testing of the POST function because of the removed
   memory leaks.
ADDED FEATURES:
 - Finally, the "posting allowed" flag is considered in POST :)
 - New configuration with dedicated connectors
 - TLS 1.0-1.3 with native connectors and STARTTLS (including mTLS and
   CRL), thanks to Sven Liebert (@SvenLie).
 - Docker environment for development purposes was provided by
   @SvenLie -- thanks for that!
 - EXPERIMENTAL:
   - EXP: Added Postgres database support (experimental), thanks to
     Christian Barthel for providing a massive patch!
   - EXP: Added option to store unique message ID and message body in
     the DB (postgres only), thanks to Christian Barthel for providing
     the patch!
FIXES:
 - Fixed some memory leaks during postings that would occur on rather
   rare errors.
 - Once xhdr requested "date", all following responses were interpreted
   as "date" format, too.  Solved this by resettting inf->speccmd = 0;
 - Make sure that Sqlite3 statements with quotes are double-escaped to
   prevent SQL injections. *** security fix ***
 - Fix database check in src/include/main.h, thx to @Christian Barthel.
 - Improved error handling in multiple locations.
 - Fix OpenBSD compiler error and use cc instead of gcc under Open/Net/
   FreeBSD.
 - Signal handler was improved. Some uncaught signals killed the server
   (thanks to @SvenLie)
MISC:
 - Applied NetBSD pkgsrc patch for err feature and for lexer/parser
   functions from Michael Baeuerle; thx for that!
   (reference: https://github.com/jgoerzen/libnbcompat)
 - Applied NetBSD pkgsrc patch to handle VERSION macro definition that
   is also introduced by libmash from Michael Baeuerle; thx for that!
 - Updated SBo script to work with v. 2.1.3; fixed bug that made
   /usr/doc/wendzelnntpd-$ver/docs inaccessible (+x permission was
   missing)
 - Shifted manpages to docs/
 - Prevent usernames with non-alphanumeric characters and newsgroups
   with non-alphanumeric/./- letters.
 - Whitespacing cleanup (thanks to @Christian Barthel for providing a
   patch!)
 - 'configure' script enhancements and cleanup (thanks to @Christian
   Barthel for providing a patch!)
 - Tried clang instead of gcc, just for fun. Seems to work if you
   just replace "gcc" with "clang" in Makefile.inc. Note that clang is
   not officially supported.
 - Fixed some typos in CHANGELOG and HISTORY files.
 - Improved the documentation.
 - Installed atomic switches for SIGTERM and SIGHUP. It is now a 
   statefull kill. SIGHUP can be used to signal conditions in future.
   Thanks to @SvenLie for the patch.

2.1.3-stable "Friedrichroda" : 17-Apr-2021:
 As usual, every new release gets named after a nice travel location.
 This time it is Friedrichroda, Germany.
FIXES:
 - Do not exit on SIG_PIPE (broken pipe) *** security fix (DoS) ***.
    This would be exploitable easily by "echo | telnet hostname port"!
    The fix requires support for the send() flag MSG_NOSIGNAL. Seems
    to be present in *BSD and Linux (at least).
 - Modified regex checks during POST command:
   - Prevent postings to Newsgroups: ,,,
   - Prevent sender '@'
   - Prevent \r\n\t in subjects
   - Unified structure of regex tests with macros
 - Minor fix in documentation for ACL management.
ADDED FEATURES:
 - Created the manpages `wendzelnntpd(8)` and `wendzelnntpadm(8)`.
 - The make target "install" now installs manpages, too.
MISC:
 - Listen on ::1 per default, too (in addition to 127.0.0.1).
 - Slackware build script does not require `make install` anymore,
   which makes the whole process much cleaner. Also, this is quicker.
 - Added additional meta-data for Slackbuild.com compatibility (beta).
 - Applied several adjustments and improvements from SBo's repository.
 - Improved some comments in the code.

2.1.2-stable "Sydney/Waverton" : 29-Mar-2021
 ADDED_FEATURES:
 - Slackware package for amd64 was added (beta!)
 - Added support for parameters -h and -v now to check for the version.
 - init (rc.d) script is now patched to desired DESTDIR in configure.
 FIXES:
 - Incorrect path for database files from create_code_pkg.sh was used
   in the last tarball (support for this script now dropped; see MISC).
 MISC:
 - Improved wording/fixed some typos.
 - Dropped create_code_pkg.sh because of path inconsistency; we now
   use github for this job.

2.1.1-stable "Sydney/Crows Nest" : 05-Jan-2021
 MISC:
 - Updated documentation to better reflect the new 2.1 sub-version.
 - Tiny adjustments of provided text files.
 - Removed "OSE (Open Source Edition)" string as there is no (nor ever
   was!) a non-free edition of this software.

2.1.0-stable "Sydney (Post-NYE Release 2021)" : 04-Jan-2021
 FIXES:
 - Improved error handling in database.c:
   - Removed a memory leak and unclosed file handles in case of errors
 - Improved error handling in db_sqlite3.c:
   - *Explicitly* use zero body length if length of body is zero
     (should not be possible but this makes the code safer).
 ADDED_FEATURES:
 - Finally, passwords are saved using a hash function (SHA2, 256 bits).
   The hashed string is a concatenation of a configurable system-wide
   salt, the username and the password. This is not a perfect solution
   since it would be better to have unique salts per user (currently
   the "unique salt" is just the username), but it is at least a start.
 MISC:
 - Improved documentation, thanks to @deavmi
 - Default max size for postings is now 20 MBytes in config file.
 - Tiny improvements of coding style

2.0.9-stable "Bergen, Christmas Release 2017" : 18-Dec-2017
 FIXES:
 - 'configure' script did not check whether the `install' tool is
   present. The tool's presence is now also checked.
 MISC:
 - Old RFC 850 mentions YY (two-digit) yearly format. However, INNd
   uses YYYY (four-digit) yearly format. WendzelNNTPd now does the
   same.
 - Tiny code cleanup (removed two doubled prototype definitions).
 - Ran WendzelNNTPd with lib efence, just to see whether memory leaks
   would be detected. Executed (hopefully) all possible NNTP commands.
   No memory leaks were revealed. However, tested only Sqlite3 setup,
   not MySQL.

2.0.8-stable "Oslo" : 31-Jan-2017
 ADDED_FEATURES:
 - *BSD support: Add comment how to install WendzelNNTPd under FreeBSD
   and other BSD derivates in documentation and also adjust the Makefile
   accordingly since group `root' is called `wheel' there. Now use "0:0"
   instead of "root:root" in install/upgrade targets of the Makefile.
 MISC:
 - Slight improvement of the documentation (how to start/stop/restart
   the service and how to install the startup script) and in the expla-
   nation of the default config file (wendzelnntpd.conf).
 - Slight improvement of help output and comments in configure script
   and Makefile.
 - Tiny code e-mail address clean-up

2.0.7-stable "Berlin" : 26-Oct-2015
 FIXES:
 - If an XHDR command is requested for a header that is either not
   present or not implemented, return code 221 instead of 211 (this is
   conforming to RFC 2980).
 MISC:
 - Improve error reporting for chk_file_sec() as it can also return -1
   if a file does not exist.
 - Some tiny code cleanups

2.0.6-stable "Miami" : 26-Sep-2015
 ADDED_FEATURES:
 - Added max-size-of-postings as an optional parameter to the
   configuration file to allow increasing/decreasing the size of
   allowed postings. (thx @pintman for feature request)
 MISC:
 - Improved the 1.4.x -> 2.0.x upgrade documentation (thx to @Ann).
 - Performed other tiny improvements in the documentation.
 - Dont show 'read uselessinput' when asking for RETURN in make upgrade
 - Improved hints in ./configure for disabling MySQL and SQLite3 support
 - Performed a cleanup of several text files in base directory

2.0.5-stable "Auckland" : 28-Mar-2015
 SECURITY FIXES:
 - Shut down connection in case peer disconnects while the posting
   is received to prevent loops. However, no Usenet client is known
   to me that does this. It must be explicitely caused by an
   attacker or a client-side software failure.
   This is a security-fix release and published immediately after the
   problem was recognized.

2.0.4-stable "Bamberg" : 28-Mar-2015
 ADDED_FEATURES:
 - Introduced an upgrade functionality (make upgrade) to upgrade
   from 2.0.x to 2.0.y.
 - Added a short section to the documentation that describes how to
   upgrade from 2.0.x to 2.0.y.
 - Integrated functionality for compiling WendzelNNTPd without MySQL
   or without SQlite support, what eliminates the need for the
   related MySQL/SQlite libraries when only support for *one* data-
   base is desired.
 - Added a quick-and-dirty chapter to the documentation on how to
   upgrade from v.1.4.x to 2.0.x while keeping your database file.
   However, this solution is only for those who need it and if
   feasible for you, please do not upgrade and start with an empty
   2.0.x database file from scratch! (thx to @Ann for testing this
   on CentOS).
 - Some clients like PAN request postings which are not there by simply
   requesting a huge range of 1000 postings. Return at least the
   postings within this range now.
 - Allow clients to send multiple commands per request (e.g. Xana-News)
 MISC:
 - tiny code clean-ups
 FIXES:
 - At least indicate that a header line is not present when xhdr is used
   but WendzelNNTPd does not support that particular header line
   (instead of telling the client that the article is not existing).
 - Fixed NNTP protocol implementation for LIST NEWSGROUPS (return all
   newsgroups if no wildmat is given)
 - Fixed mistakes in the documentation (thx @Ann for pointing this out).
 - Fixed various typos in the documentation

2.0.3-stable "Tuebingen" : 27-Aug-2012
 NOTES:
 - Improved create_code_pkg.sh (only useful for developers); current
   version has to be defined only in /src/include/main.h for future
   releases instead of additionally defining the verison in
   create_code_pkg.sh.
 MISC:
 - Be nice to TELNET posters -- the select() timeout value of 1s was
   definetly too low. Now a better algorithm for receiving posting data
   was implemented.
 - Let 'make clean' also remove unneded files in docs/ and docs/docs/.
 FIXES:
 - Fixed a bug related to the MySQL db_abstraction that could cause
   the server to exit. (thx to @rk for reporting this bug)
 - Insert the "USE" command in the MySQL table creation script to
   prevent end-user problems.

2.0.2-stable "Valletta" : 14-Aug-2012
 NOTES:
 - removed code redundancies in the init.d script.
 FIXES:
 - Fixed a problem with the "restart" parameter of the init.d script.
 - Fixed two bugs for (at least unlikely) conditions. Thx to @rk
   for reporting these two bugs found by static analysis.

2.0.1-stable "Vienna" : 12-Aug-2012
 NOTES:
 - *Small* performance improvement for the slow file retrieving
   process.
 FIXES:
 - Fixed an important segfault in the posting buffer receive loop.
   This bug additionally lead to corrupted postings (broken post-
   ing attachments).
 - Don't forget to include getver.sh in the main tarball created
   by create_code_pkg.sh
 - Change SQLite data types from STRING to TEXT after users
   reported problems with STRING.

2.0.0-stable "Stockholm" : 20-Jun-2011
 NOTES:
 - No bugs where discovered since 2.0.0-beta.
 MISC:
 - Added a short hardening section to the documentation.

2.0.0-beta "Stockholm-pre" : 26-Feb-2011
 NOTES:
 - This release includes many fixes, many important new features,
   and some important removed features. The main target was to make
   WendzelNNTPd more stable and more dynamic.
 FIXES:
 - Accept "From:"-lines with names that contain special characters
   like é, á, ß and the like.
 - Some corrections s/RSS/xml/ in the default wendzelnntpd.conf file.
 - Don't increment a newsgroups 'high' value if the newsgroup was
   targetet multiple times in the 'Newsgroups:' header area to stay
   uniform to the code that catches such double posts by only posting
   a message once.
 - Many memory management improvements including different fixes and
   including a HUGE memory cleanup of docmd_post (the thread with all
   the associated heap memory is now killed by phtread itself in case
   of a calloc() NULL-return to fix remaining problems. docmd_post()
   and the rest of the code is now easier to understand and more
   robust.
 - Fixed a format string where an unsigned int was included using %i
   instead of %u.
 - Fixed GROUP behaviour (now the first article in the group is auto-
   selected like RFC 977 wants it)
 - Fixed cathing 'LIST NEWSGROUPS' -> returns 502 now
 - NEWNEWS command is now catched and returns 502 since not implemented
   instead of 500.
 - Fixed HELP output and added missing commands
 - If the server is not configured to use authentification, and a user
   tries to authentify nevertheless, and the authentification fails,
   then don't behave like the server is in auth mode for this client
   and the client is not able to execute the usual NNTP commands.
   Instead catch this behavior and act as configured.
 - fixed parameter parsing bugs in AUTHINFO USER|PASS and other
   commands and also now use 501 code for missing parameters.
 - Fixed lots of lots of other bugs.
 ADDED_FEATURES:
 - Implemented ACL (Access Control Lists) in wendzelnntpd and database
   as well as in wendzelnntpadm.
 - Implemented more advanced role-based ACL too.
 - Implemented "invisible" newsgroups.
 - Implemented a database abstraction layer
 - Ported existing WendzelNNTPd sqlite3 implementation to database
   abstraction layer
 - Developed new MySQL support for WendzelNNTPd :-)
 - Added LISTGROUP [groupname] command from RFC 2980
 - Added LIST OVERVIEW.FMT command from RFC 2980
 - Added LIST NEWSGROUPS command as well as XGTITLE command (which is,
   like described in the RFC, equal in its result and differs only in
   the NNTP response code). Both commands are based on the regex lib
   and are not 100% compatible to the NNTP wildmat format, but as good
   as ;-)
 - Added LaTeX, PDF & HTML documentation
 REMOVED FEATURES:
 - Windows port (will maybe come back, but at the moment I neither have
   time for that nor the will to write Windows code). The compatibility
   code is still there, one just needs to port the MySQL code parts to
   Windows, I think.
 - Removed the Qt based GUI
 - Removed XML output feature. This information is easy to get by
   using the database. I know nobody who used that feature.
 MISC:
 - Renamed WendzelNNTPd to WendzelNNTPd-OSE (OSE=Open Source Edition)
 - Added images/wendzelnntpd_powered{,2}.png file :)
 - Improved the files 'HISTORY' and 'CONTRIBUTE'.

----------------- version 1.x ------------------

[[ADD_NEW_1.4.x_CHANGELOG_ENTRIES_HERE_IF_THEY_OCCUR]]

1.4.7-stable "Pluto" : 14-Aug-2012
 SELECTED BACKPORT FIXES FROM 2.0.x:
 - *** Fixed an important segfault in the posting buffer receive loop.
   This bug additionally led to corrupted postings (broken post-
   ing attachments). ***
 - Fixed two bugs for (at least unlikely) conditions. Thx to @rk
   for reporting these two bugs found by static analysis.
 - Fixed a problem with the "restart" parameter of the init.d script.
 MISC:
 - Added a pdf copy of the online documentation to the tarball.

1.4.6-stable "Jupiter" : 05-Mar-2010
 FIXES:
  - Accept "From:" lines with mutations too (backport fix from 2.0.0
     development branch).

1.4.5-stable "Do not feed ninja rabbits from outa space!" : 14-Dec-2009
 FIXES:
 - Always calloc() an additional byte of memory for the message ID
   to prevent an buffer overflow. One would need to create millions of
   millions of postings to overfill the buffer. I think this is as good
   as impossible to exploit.
 ADDED_FEATURES:
 - Make it possible to use anonymized message IDs
 - Windows version: Create links in Start -> Programms -> WendzelNNTPd
 - Added the scripts/ directory that currently contains only a new init.d
   script I tested on Ubuntu
 MISC:
 - Added a new file including hints for contribution
 - Added upgrade hints in the 'INSTALL' file for Linux/BSD/*nix

1.4.4-stable "Kempten Allgaeu, Germany" : 19-Sep-2009
 FIXES:
 - GUI: The Qt GUI WendzelNNTPd still used the old rss-output syntax
   of the configuration file instead of output-xml-*.
 - GUI: Check fread() return value when reading the config file.
 - GUI: compile script needs to check for ../../Makefile.inc to pre-
   vent an empty CONFDIR value if Makefile.inc does not exist (this
   occours if someone tries to build the GUI before running configure).
 ADDED FEATURES:
 - 'wendzelnntpadm delete <newsgroup>' now deletes all postings that
   are associated with this newsgroup only(!) too as well as all
   association entries of the newsgroup in the table ngposts.
 - 'make install' now installs the documentation files too.
 - Added a new 'verbose-mode' config file keyword. If set, all log
   strings are written to stderr too. This is useful for debugging
   and testing. GUI extension to handle 'verbose-mode' was also
   implemented.
 MISC:
 - GUI: improved adjustment of elements
 - Added a HISTORY file
 - Tiny code cleanup was done; tiny_doc.txt added (lists internal
   functions I don't wan't to forget)
 - Added a README file that includes the URL to the documentation

1.4.3-stable "Alice's Adventures in Crashdump Land II" : 16-Aug-2009
 ADDED FEATURES:
 - Add a 'Path:' line to the header while processing a POST command
 - Inform the client if the posting was too big or the max. post #
   was exceeded.
 - Make wendzelnntpadm able to use a password parameter to make it
   easier to auto-generate accounts using scripts.
 FIXES:
 - Don't write the doubled quotes which prevent SQL injections into
   the filesystem where they aren't needed. Remove them within the
   function database.c/filebackend_savebody() to prevent ugly doubled
   quotes on msg body request. Thanks to @Ann Lynnworth for reporting
   this bug.
 - Don't write to LOGFILE if it was not possible to do fopen() with
   mode "a+" on it in src/log.c:logstr(). This lead to coredumps.
   Thanks to @Ann Lynnworth for reporting this bug.
 - Don't forget to close a file descriptor (two times) in the Qt GUI
 - Use strftime() %z flag instead of %Z flag under Win32 too. Thanks
   to @Ann Lynnworth for reporting this bug.
 MISC:
 - Unique RSS_OUTPUT file definition. Use the Non-Windows filename
   for Windows too to prevent confused users.
 - Renamed RSS feature to XML output feature because it is no real
   RSS output, it is XML output one can use to integrate in a web-
   site and such things.

1.4.2-stable "Alice's Adventures in Crashdump Land" : 12-May-2009
 ADDED FEATURES:
 - Accepted and rejected authentications are now logged (including
   their (tried) username and their IP)
 FIXES:
 - do not make usernames, passwords and other NNTP dynamic parameters
   lower case. This lead to a problem that upper case usernames/pass-
   words weren't accepted. Thanks to @Nils Dabrock for reporting this
   bug.
 - output the correct function name in db_check() on startup if an
   error occurs.
 MISC:
 - implemented a useful string concatenation function
 - implemented correct function name handlings in system logging macro
   DO_SYSL() by using __func__. This increases the quality of the
   logging system and prevents copy-n-pase errors.
 - find qmake-qt4 binary for gui/src/compile too

1.4.1-stable "Heisse Schokolade mit Kokos" : 08-Feb-2009
 ADDED FEATURES:
 - Log IP addresses of accepted and closed connections
 FIXES:
 - Added a stack for all newsgroups selected in the 'Newsgroups:'
   line of a postings body to check for newsgroups selected mul-
   tiple times. This code posts a posting only once to a group
   what also prevents errors for duplicated primary keys in
   sqlite and prevents a client connection shutdown as a result
   of such an error.
 - Make wendzelnntpd compile under OpenSolaris 2008-11 too by
   providing a strndup() function. Note: The Makefile only works
   with GNU Make, what is an extra package on OpenSolaris and
   means that you have to run 'gmake' instead of 'make'.
 - while(1) denial of service bug, that happens if the servers
   logfile is unavailable what leads to a report and this again leads
   to a logstr() call what checks for the file security of the
   logfile, what returns in an error again and what again calls
   logstr() and so on :-)
   This happens only when the first connection is established and
   the server tries to log the IP address of the client (this feature
   was added with this new version 1.4.1 and the bug was detected
   before the new version was released).
 - Prepare the correct /bin/install parameter for the user (-o/-u)
   in configure (OpenSolaris uses '-u' *argh*!).
 - rewrite parts of the 'install' target in the Makefile to prevent
   damn problems with /bin/install due to the fact that OpenSolaris
   needs '-f $DEST_DIR ...' instead of '... $DEST_DIR'.
 - Output the trailing \n on DATE command on OpenSolaris
 - Use correct %z (Timezone) specification on all systems which support
   it (old __svr4__ Solaris 8 didn't support it but now configure
   checks for it).
 MISC:
  - configure now checks for strndup() what should work on all
   systems. If strndup() is not available, the wendzelnntpd in-
   cluded version of it will be used to compile the server.
 - The 'install' target of the Makefile now works with Open-
   Solaris 2008-11 too.

1.4.0-stable "Back to some of our roots!" : 05-Oct-2008
 IMPROVEMENTS:
 - now storing the posting body in files what makes SQLite faster
   and prevents the need for a 2.0.0-mysql release since we only
   use SQLite3 for meta information (header information, newsgroup
   meta data and the like).
 - instead of 120.000 bytes a posting can now have a much bigger
   size (16 kbyte header, like before) and a 20 M huge body (one
   can change this in src/include/wendzelnntpdpath.h)
 FIXES:
 - improved some error handling in database.c/server.c
 - ported code to windows once again
 - tiny URL fix to our new website (wendzel.de) in configure script

1.3.0-stable "Aliens ate my pet!" : 24-Sep-2008
   *** NOTE: You have to generate a new database to use a new ***
   ***       1.3.0 (or newer) version since the database      ***
   ***       format has changed!                              ***
   *** You can find a converter tool on the project website.  ***
   *** It was submitted by Kristijan Smiljanic and is written ***
   *** in PHP.                                                ***

 ADDED FEATURES:
 - added DATE command
 - added XHDR command to "help" output
 - added <msgid> parameter support for the xhdr cmd and also added
   a check for the existence of this message ID in the currently
   selected group by adding a new database.c function for that feature
 - storing the UNIX time() num in the DB instead of a string to make
   sorting based on this value possibly in future
 FIXES:
 - fixed some database sql string messages
 MISC:
 - implemented a new nntp command line parser (or better: tokenizer)
   what made the implementations of most of the nntp commands easier

1.2.1-stable "keep savin memory" : 16-Aug-2008
 FIXES:
 - fixed a memory leak on startup code in w32trial.c
 - fixed a memory leak on startup code in config.y
 - fixed memory leaks while runtime in server.c (sql string buffers)
 - fixed an installation problem in the Makefile while backup'ing old
   usenet.db file but chmod'ing still the old file

1.2.0-stable "my cat ate my computer" : 21-Apr-2008
 ADDED FEATURES:
 - added XHDR command (supports only ranges, not message IDs)
 FIXES:
 - server: wrote a regex check function to reduce redundant header
   checking code
 - server recv() bugfix: received message was corrupted if sent within
   fragments by the client

1.1.0-stable "The IKNZ ninja wants more orange juice!!!" : 11-Dec-2007
 ADDED FEATURES:
 - server: added support for RSS output
 - gui: added rss config part to the GUI
 - gui: added a message box that informs the user about updates of the
   config file
 FIXES:
 - Makefile: don't create dirs that we've already created before while
   executing for 'install' target
 MISC:
 - Makefile: always create directories we need when calling install by
   doing an 'install -d <dir>' before.
 - Makefile: add timestamp to the backuped database files
 - INSTALL: add Win32 compile hints to the INSTALL file too

1.0.5-fixed-stable "Who cares about IKNZ?" release : 06-Dec-2007
***fix-release (only sf.net news update + new source code upload)***
 FIXES:
 - server+gui: fixed config file bug (not /usr/local/etc/etc/...,
   only /usr/local/etc/... should be the base conf dir in the de-
   fault case)
 - Makefile: fix install target etc/ path too
 - Makefile: don't break up 'install' target if the newsgroup does
   already exist.

1.0.5-stable "Who cares about IKNZ?" release : 05-Dec-2007
 FIXES:
 - added an important bugfix (discovered and patch sent by Kristijan
   Smiljanic to prevent that wendzelnntpd stops working after 27
   posted messages because of a read error on windoze. Win needs a "b"
   for the binary mode when fopen'ing files.
 MISC:
 - added environment var support to configure script, Makefile and
   the path header file to make it possibly to place installations
   in /usr/local, /usr+/etc and such things. (run configure -h to
   get more information)
 - also make fake installations (useful for writing ports and
   packages for Linux/*BSD) possibly by letting the user set the env
   variable FAKECDIR (what places the config file in a the specified
   dir but the daemon will look for it on the real place specified in
   CONFDIR). Normal users do normaly NOT need that but I plan to
   provide an OpenBSD port and this will help me a lot with it.
 - removing installer script install.sh
 - added 'install' target to the Makefile
 - gui: try to use qmake4, if available (what makes the gui compile
   fine under OpenBSD-current)

1.0.4-stable "IKNZ for everybody!" release : 23-Nov-2007
 MISC:
 - improve error message if an unsupported option was given
 - use $(LIBDIRS) in the Makefile (what fixes the compile on OpenBSD)
 - when checking for libsqlite3 in configure, use -I/usr/local/include
   and -L/usr/local/lib (what fixes the configure on OpenBSD)

1.0.3-stable "IKNZ knows more than you!" release : 01-Nov-2007
 FIXES:
 - fix error msg in the case of an error while pthread_create for a
   tcp incoming socket connection on do_server()
 MISC:
 - remove commercial comment stuff in install.sh and change urls
   s/wendzel.de/doomed-reality.org/g
 - clean gui/src too when run 'make clean'

1.0.2-stable "IKNZ knows everything!" release : 02-Sep-2007
 MISC:
 - make all functions only used within a file 'static'
 - removed two unneded functions (welcome() and getopenfilelen()) from
   xyria.c, what left xyria.c empty ;-) -> I removed xyria.c from the
   project.
 - merged libCDPStrings into the main code for the win32 version too
   (what only rquired to change the cdpstrings.c file path in the Make-
   file)
 - replace pthread_exit() calls with my kill_thread() call what takes
   care about some cleanup things and improves error handling a bit.
   The Send() function still uses pthread_exit() but this is the ONLY
   function left!
 - removed two unused global vars in server.c
 - remove two unneded -lt zero checks for unsigned vars min+max in
   docmd_xover (atoi() only returns >= 0 too, what makes this check
   senseless)
 - in w32trial.c: only count the newsgroups to check if we have a
   DB connection. A count of the newsgroups table should be faster
   than a count of all postings and should improve the startup time
   because of this.
 - print more information for the admin while he has to enter the
   password of a new user in wendzelnntpadm
 - configure: don't check for g++ since it is not needed by the server
 - INSTALL: add some comments for the user

1.0.1-stable "IKNZ still knows best!" release : 10-Jul-2007
 FIXES:
 - prevent error messages during first installation of WendzelNNTPd
   when removing non-existent tables in usenet.db file.
 MISC:
 - switched WendzelNNTPd/WendzelNNTPadm/WendzelNNTPGUI license to GPLv3
 - merged libCDPStrings into the main WendzelNNTPd code and changed its
   license from GPLv2 to GPLv3

1.0.0-stable "IKNZ knows best" release : 03-Jul-2007
 FIXES:
 - fixed off-by-one ptr incrementation problem in group command
 MISC:
 - changed to stable state
 - using ADDITIONAL FEATURES/FIXES/MISC tags from now on in the
   CHANGELOG file [added backwards while working on version 1.4.2]
 - removed patchlevel in version number since the 3rd num in the ver-
   sion number should be enough
 - use reentrant strtok_r() instead of strtok() in all Non-Win32 OSes

1.0.0-beta8 "IKNZ knows best" release : 28-Jun-2007
 - set secure chmod for gui binary too and remove gui's install.sh be-
   cause the main install.sh now fully includes all of its features
 - set a more secure umask() while running as a daemon
 - don't exit the whole server if the MSGID file creation is making
   problems, only report it and abort the posting
 - implement file permission checks for all files the server opens
   using fopen(). Also check if the file is a symbolic link to pre-
   vent symlink attacks (or at least report it to the admin)
 - remove all unneded trailing \n's in DO_SYSL calls since \n is
   auto-generated
 - bugfix: allow multiple newsgroups per posting within the 'News-
   groups:' line of the NNTP header
 - installer now includes lots of new files (dlls, the GUI.exe,
   a batch file to start the server, a LICENSE.txt file and a readme
   file for win32 users)

1.0.0-beta7 "IKNZ knows best" release : 26-Jun-2007
 - added a Qt based GUI
 - remove trial version code and provide the full version without this
   limitation on Win32 too
 - print out better error information, if there was no 'listen' in the
   config file
 - make the code look better: if(a==b) -> if (a == b)
 - always bzero() the password 'wendzelnntpadm adduser' just read in
 - run 'pause' on win32 on startup errors (excepting some mem errors)
 - to make ' in postings possible (and of course to prevent SQL
   injections) use sqlite3_mprintf() on a buffer before checking the
   buffer
 - install.sh now also installs the GUI executable (if available)

2007a-beta6 : 16-Jun-2007
 - removed auth-user + auth-pass
 - implemented multi-user authentication trough SQL backend
 - added user management functionality in wendzelnntpadm
 - log entries now include the date wihin the timestamp

2007a-beta5: 12-Jun-2007
 - Win32 fix for the nextmsg id file
 - added ADD_CFLAGS & ADD_LNKFLAGS var in configure+Makefile to make
   this possibly:
    CFLAGS="-march=... .... ..." LDFLAGS="-pie ..." ./configure
 - Code cleanup (removed src/include/database.h)

2007a-beta4: 11-Jun-2007
 - added support for -fstack-protector in configure script
 - don't check for openssl/libssl in configure since we currently don't
   use it
 - all commands in the config file now have the same grammar (no :'s or
   underscores anymore)
 - new command: 'port' to specify the port to listen on

2007a-beta3: 10-Jun-2007
 - WISHLIST file added
 - installer fix: also create usenet.db if this is the first install
 - syslog logging for all systems != Win32 implemented

2007a-beta2: 09-Jun-2007
 - fix logfile name under *nix/Linux/BSD
 - add an empty usenet.db file to the archive to make ppl who compile
   WendzelNNTPd under Win32 an easier life
 - change eMail address in help output
 - remove debugging flags from Makefile
 - strip binary
 - compile with with optimization now

2007a-beta: 08-Jun-2007
 - this release is BETA-BETA-BETA!
 - renamed cdpNNTPd to WendzelNNTPd
 - rewrote the whole network child process model to use pthreads
   because Win32 does not know about fork()... Windows sux so much.
 - ported the whole code to Win32 (but without the IPv6 support)
 - kicked out the file backend and rewrote it. it is now based on
   SQLite3
 - new logging system (central logfile for every supported O.S.)

----------------- version 0.x ------------------

0.1.10: 19-Feb-2006, 0 bugfixes, 0 security fixes
 - setting chmod 0600 for files created at runtime via database
   functions
 - improved syslog-logging during file I/O

0.1.9, 17-Feb-2006, 1 bugfix, 0 security fixes
 - included the libCDPstrings library directly in xyria
 - replaced some code via functions from libCDPstrings
 - re-implemented the functionality of v. 0.1.8: only search the
   header (and not the body too) for header-lines like 'From:'
 - fixed a memory allocation bug in 'xover' command
 - replaced getlinevalue() function (what also increases the
   performance of the xover command)
 - compiling with -O2 instead of -O now.

0.1.8p1:
 - removed all changes from 0.1.8 because of a bug.

0.1.8: 11.01.2006; 1 bugfix, 0 security fix(es)
 - The check for the needed lines included in the posting header
    included the whole body. I now fixed this. I only check the
    header-lines now.

0.1.7: 23.10.2005; 0 bugfix(es), 0 security fix(es)
 - changed syslog(LOG_NOTICE, ...) to syslog(XY_SYSL_NOTICE,
   ... what is equal to LOG_NOTICE|LOG_DAEMON

0.1.6: 30.07.2005; 1 bugfix(es), 0 security fix(es)
 - implemented authentication via AUTHINFO USER and AUTHINFO
   PASS
 - added authentication keywords to configuration syntax
 - fixed a startup-bug: there was a "&s" what took no effect
   in a format-string. i changed it to "%s". now the correct
   ip-address is displayed when an error occurs.
 - improved syslog-usage
 - code cleanup

0.1.5: 30.07.2005; 0 bugfix(es), 0 security fix(es)
 - removed the 'found newsgroup' output in database.c -> now
   onxxdebug()
 - removed development-lines from default-config file because
   they're not implemented @the moment what not everybody
   knows ;)

------- old beta versions -------

0.1.4-beta: 22.05.2005; 2667 loc
 - switched to beta state
 - tested it under solaris and linux (thanks to killerfox)
   -> SUN Sparc seems to have some problems with the code but x86
      is supported very well.

------- old alpha versions -------

0.1.3-alpha: 18.05.2005; 2665 loc
 - added the bsd license lines in every source file
 - implemented HEAD, BODY and STAT

0.1.2-alpha: 18.05.2005; 2357 loc
 - cdpnntpadm is now able to delete newsgroups (in newsgroup
   file and the whole group-dir)

0.1.1-alpha: 18.05.2005; 2274 loc
 - improved sending function
 - fixed a bug i found while running cdpnntpd under solaris
   (porting your software to other unix(-like) systems seems to
   be very good)
 - outlook express 5 sux. why does this prog send "list \r\n"
   instead of "list\r\n"? listing is now implemented for this
   ***** client too.
 - implemented the daemon mode (use option '-d')

0.1.0-alpha: 10.05.2005; 2239 loc
 - onxxdebugm() implemented
 - ARTICLE cmd fully implemented
 - cdpnntpd is now ready to run and provide the most basic
   functions needed in usenet!

0.0.8-alpha: 04.04.2005; 1899 loc
 - XOVER cmd implemented
 - new global func in log.c: onxxdebug(char *str);
 - improved error messageing in admintool
 - implemented ToSend(), now sylpheed plays with us too and we
   also get more speed ;-)

0.0.7-alpha: 12.12.2004; 1713 loc
 - "Line: %i" is now added to the posting-header (see version
   0.0.6-alpha)

0.0.6-alpha: 09.12.2004; 1689 loc
 - remove the Date-Line and Line-Count-Line from the Client (do
   not trust the client)
 - Date-Line is now inserted in new postings (rfc 850 std.)

0.0.5-alpha: 13.11.2004; 1524 loc
 - newsgroup-data in newsgroups-file is now incremented after
   posting to the server
 - Message-IDs from client are now replaced with the ones of the
   server (do not trust the one of the client)
 - Headers without Message-ID field are now getting one

0.0.4-alpha: 12.11.2004; 1374 loc
 - posting command is initially implemented.
 - added database.c to the project
 - added a function for writing posts to a file
 - added a function to get and set the message-ids
 - added a function to get and set the local group-message-ids
 - check if newsgroup names are realy valid

0.0.3-alpha: 23.10.2004; 1102 loc
 - admin-tool with 'create' function for newsgroups
 - binary file-format for 'newsgroups'-file implemented
 - rewrote list-command
 - group command implemented
 - first part of the post-command implemented
 	- some regular expressions for the header-check
 
0.0.2-alpha: 19.10.2004; ~650 loc
 - forking childs
 - implemented 'quit' cmd and command mainloop for childs
 - help command
 - welcome message (only posting allowed (200))
 - list command

0.0.1-alpha: 18.10.2004; ~300 loc
 - basic configuration setup (IPs), basic flex+yacc stuff
 - signal handling
 - socket init
 - most part of the mainloop implementation