Re: [tin-dev] [tin 2.6.4] snapshots

2024-12-01 Thread Urs Janßen
The following patch fixes a double-free /  NULL pointer dereference
for quote_chars used in attributes (1st part) and memleaks for
news_headers_to_display and news_headers_to_not_display used in attributes
(2nd part).

=== modified file 'src/attrib.c'
--- old/src/attrib.c2024-11-25 19:56:05 +
+++ new/src/attrib.c2024-12-01 14:06:21 +
@@ -471,6 +471,7 @@
quote_dash_to_space(buf);
*tmp = my_strdup(buf);

set_attrib(OPT_ATTRIB_QUOTE_CHARS, scope, line, *tmp);
+   *tmp = NULL;
found = TRUE;
break;
}
@@ -837,23 +838,33 @@
SET_BOOLEAN(mark_saved_read);
 
case OPT_ATTRIB_NEWS_HEADERS_TO_DISPLAY:
-   if 
(!curr_scope->attribute->news_headers_to_display)
-   
curr_scope->attribute->news_headers_to_display = my_malloc(sizeof(char *));
-   else
-   
FreeIfNeeded(*curr_scope->attribute->news_headers_to_display);
-   *curr_scope->attribute->news_headers_to_display 
= my_strdup((char *) data);
-   build_news_headers_array(curr_scope->attribute, 
TRUE);
-   curr_scope->state->news_headers_to_display = 
TRUE;
+   {
+   char *tmp = (char *) data;
+
+   if 
(!curr_scope->attribute->news_headers_to_display)
+   
curr_scope->attribute->news_headers_to_display = my_malloc(sizeof(char *));
+   else
+   
FreeIfNeeded(*curr_scope->attribute->news_headers_to_display);
+   
*curr_scope->attribute->news_headers_to_display = my_strdup(tmp);
+   FreeAndNull(tmp);
+   
build_news_headers_array(curr_scope->attribute, TRUE);
+   
curr_scope->state->news_headers_to_display = TRUE;
+   }
break;
 
case OPT_ATTRIB_NEWS_HEADERS_TO_NOT_DISPLAY:
-   if 
(!curr_scope->attribute->news_headers_to_not_display)
-   
curr_scope->attribute->news_headers_to_not_display = my_malloc(sizeof(char *));
-   else
-   
FreeIfNeeded(*curr_scope->attribute->news_headers_to_not_display);
-   
*curr_scope->attribute->news_headers_to_not_display = my_strdup((char *) data);
-   build_news_headers_array(curr_scope->attribute, 
FALSE);
-   curr_scope->state->news_headers_to_not_display 
= TRUE;
+   {
+   char *tmp = (char *) data;
+
+   if 
(!curr_scope->attribute->news_headers_to_not_display)
+   
curr_scope->attribute->news_headers_to_not_display = my_malloc(sizeof(char *));
+   else
+   
FreeIfNeeded(*curr_scope->attribute->news_headers_to_not_display);
+   
*curr_scope->attribute->news_headers_to_not_display = my_strdup(tmp);
+   FreeAndNull(tmp);
+   
build_news_headers_array(curr_scope->attribute, FALSE);
+   
curr_scope->state->news_headers_to_not_display = TRUE;
+   }
break;
 
case OPT_ATTRIB_POS_FIRST_UNREAD:


___
tin-dev mailing list
tin-dev@tin.org
http://lists.tin.org/cgi-bin/mailman/listinfo/tin-dev


Re: [tin-dev] [tin 2.6.4] snapshots

2024-11-28 Thread Urs Janßen
New snapshots available. A few bugfixes and some new features like:
- if reading from local spool, try to read inn >= 2.3 nov-files in case
  reading traditional nov-files failed
- allow argument names for -D (case insensitive, comma separated list)
- URI syntax-check and normalization it with uriNormalizeSyntaxA() if
  liburiparser was found
- $LC_NUMERIC for RADIXCHAR (used when showing attachment sizes)
- "-F filter-file" cmd.-line option





Changes since 2.6.3:
 023) Thomas E. Dickey 
  REM. bundled-intl stuff
  ADD. disallow giving both --with-socks and --with-socks5
  ADD. try also libsocks5 and libsocksd if using --with-socks5
  FIX. intl/*, aclocal.m4, configure[.in], autoconf.hin, nntplib.h
   tcurses.h, Makefile[.in], conf-tin

 022) Enrik Berkhan 
  ADD. avoid implicit conversion
  FIX. curses.c, misc.c, nntplib.c, rfc2047.c

 021) Matt Anton 
  ADD. updated French translation
  FIX. fr.po

 020) Dennis Preiser 
  ADD. ArticleInfo-page ('\'')
  ADD. always cast arg to is*()-functions to unsigned char
  ADD. avoid implicit conversion
  ADD. formatted output for -vZ and large article counts
  ADD. avoid malloc()/free() overhead in match_group_list()
  ADD. dont_break_words tinrc option, if set don't break long
   lines inside words, just on SPACE or TAB if possible.
  ADD. charset guessing via undeclared_cs_guess in attributes
  ADD. syntax check for content subtype
  ADD. handle multiple addresses in From, Reply-To, Approved
  ADD. addresses in %T are now separated by comma instead of space
  ADD. no longer use fixed length buffers in t_cmdlineopts
  ADD. limit tinrc/attributes value strings to 1022 chars
   (they were "randomly" cut off before around 1k)
  ADD. avoid fixed length buffers in t_config, t_filter_rule and
   t_fmt
  ADD. "ternary"-operator to format-strings %F, %s, %T
  ADD. max screenwidth ('<') condition to format-strings
  ADD. avoid fixed length buffer for lines on terminal when using curses
  ADD. reorder t_config to avoid padding
  REM. MAX_MSG_HEADERS limitation
  BUG. txt_help_config_search_opt_forwards,
   txt_help_config_search_opt_forwards and
   txt_help_attrib_search_opt_backwards,
   txt_help_attrib_search_opt_forwards were mixed up
  BUG. memleak when using bsd-sockets without getservbyname()
  BUG. possible memleak on quit in version.c:upgrade_prompt_quit()
  BUG. multiple addresses in From, Reply-To, Approved (allowed since
   RFC 5536) we're not handled correct.
  FIX. active.c, art.c, attrib.c, charset.c, config.c, cook.c, debug.c
   feed.c, filter.c, getline.c, group.c, header.c, help.c, inews.c
   init.c, keymap.c, lang.c, main.c, mail.c, makecfg.c, memory.c
   misc.c, nntplib.c, nntps.c, options_menu.c, page.c, pgp.c, post.c
   prompt.c, refs.c, regex.c, rfc2046.c, rfc2047.c, save.c, screen.c
   search.c, select.c, sigfile.c, signal.c, string.c, tags.c, thread.c
   version.c, xref.c, parsdate.y, extern.h, keymap.h, newsrc.h, proto.h
   rfc2046.h, tin.h, tinrc.h, tincfg.tbl

 019) Urs Janssen 
  ADD. silence some unused parameter warnings
  ADD. avoid sscanf(3) in check_upgrade()
  ADD. avoid fixed length buffer in my_mktmp()
  ADD. configure check for buggy snprintf(3)
  ADD. changed snprintf(3) fallback implementation from Patrick Powell
   to the one by Mark Martinec
  ADD. use snprintf(3) in STRCPY macro
  ADD. config.guess, config.sub update
  ADD. avoid tmpfile(3) usage
  ADD. configure check for blockable signal-type (POSIX, BSD, SYSV, NONE)
  ADD. configure check for tiuser.h (TLI; SVR3, SVR4)
  ADD. configure check for arc4random_uniform(3), lrand48(3) and random(3)
   prefer over rand(3)
  ADD. configure check for tcflag_t
  ADD. configure check for PRIdLEAST64 and SCNdLEAST64
  ADD. configure check for ucsdet_detect() from libicui18n
  ADD. configure check for getpeername()
  ADD. configure check for uconv_open() and unicode/ucnv.h
  ADD. configure check for liburiparser
  ADD. configure check for libidn2
  ADD. simplify _Noreturn check, just note the C11 standard
  REM. configure check for varargs.h
  ADD. removed fixed buffer from copy_body()
  ADD. SASL info to connection-info ('J')
  ADD. -L cmd.line switch
  ADD. create missing newsrc-dir
  ADD. -g "[ipv6::address]"[:port] also in .newsauth and newsrctable
  ADD. check that a recipient is present in mailgroups
  ADD. mention location of files being read on startup
  ADD. only display MOTD on startup if it did change 

Re: [tin-dev] [tin 2.6.4] snapshots

2024-11-10 Thread Urs Janßen
*gnaaa*, without that dot tin builds an invalid (truncated) Sender:-header
and then complains about it and you can't post (without disbale_sender).

=== modified file 'src/header.c'
--- old/src/header.c2024-11-08 07:42:18 +
+++ new/src/header.c2024-11-10 10:31:53 +
@@ -325,7 +325,7 @@
if ((ptr = get_full_name())) /* TODO: rfc2047 encode */
snprintf(sender, sizeof(sender), ((strpbrk(ptr, 
"\".:;<>@[]()\\")) ? "\"%s\"" : "%s "), ptr);
 
-   snprintf(sender + strlen(sender), sizeof(sender) - strlen(sender), 
"<%*s@", LOGIN_NAME_MAX, userid);
+   snprintf(sender + strlen(sender), sizeof(sender) - strlen(sender), 
"<%.*s@", LOGIN_NAME_MAX, userid);
 
 #  ifdef HAVE_GETHOSTBYNAME
ptr = get_fqdn(get_host_name());


___
tin-dev mailing list
tin-dev@tin.org
http://lists.tin.org/cgi-bin/mailman/listinfo/tin-dev


Re: [tin-dev] [tin 2.6.4] snapshots

2024-11-08 Thread Urs Janßen
New snapshots available. Mainly code cleanup like t_config reordering to
avoid padding and minor bugfixing.

New features:
. try charset conversion with ICU ucnv_* (if found) in case iconv() fails or
  is not available. see [1] below.
. basic (no custom-messages) $MAILPATH support
. skip reading attributes with -Z
. skip reading filter-file with -u
. warn about -u[oXzZ] and -oZ (useless combination)
. use arc4random_uniform(3) for random-numbers (if found)

Retired features:
. %G, %P expansion in $MAILCAPS (doesn't make much sense)

[1] if you cache overviews and read groups with (lots) of exotic
charsets (which were not recognized in the past and you saw '?' all
over the place; e.g. de.test) you may think about removing the old
data and let it be rebuild (either via "-u" or when you next time enter
the group during a normal session), to find cached data you may use
something like:

tin -vV 2>&1 | grep -q UCN && \
grep -qF cache_overview_files=ON ${TIN_HOMEDIR:-"$HOME"}/.tin/tinrc && \
echo "# Consider to remove old overview caches below" && \
find "${TIN_INDEX_NEWSDIR-"${TIN_HOMEDIR-"$HOME"}/.tin"}/" \
-type d -name '.news*'





Changes since 2.6.3:
 023) Thomas E. Dickey 
  REM. bundled-intl stuff
  ADD. disallow giving both --with-socks and --with-socks5
  ADD. try also libsocks5 and libsocksd if using --with-socks5
  FIX. intl/*, aclocal.m4, configure[.in], autoconf.hin, nntplib.h
   tcurses.h, Makefile[.in], conf-tin

 022) Enrik Berkhan 
  ADD. avoid implicit conversion
  FIX. curses.c, misc.c, nntplib.c, rfc2047.c

 021) Matt Anton 
  ADD. updated French translation
  FIX. fr.po

 020) Dennis Preiser 
  ADD. ArticleInfo-page ('\'')
  ADD. always cast arg to is*()-functions to unsigned char
  ADD. avoid implicit conversion
  ADD. formatted output for -vZ and large article counts
  ADD. avoid malloc()/free() overhead in match_group_list()
  ADD. dont_break_words tinrc option, if set don't break long
   lines inside words, just on SPACE or TAB if possible.
  ADD. charset guessing via undeclared_cs_guess in attributes
  ADD. syntax check for content subtype
  ADD. handle multiple addresses in From, Reply-To, Approved
  ADD. addresses in %T are now separated by comma instead of space
  ADD. no longer use fixed length buffers in t_cmdlineopts
  ADD. limit tinrc/attributes value strings to 1022 chars
   (they were "randomly" cut off before around 1k)
  ADD. avoid fixed length buffers in t_config, t_filter_rule and
   t_fmt
  ADD. "ternary"-operator to format-strings %F, %s, %T
  ADD. max screenwidth ('<') condition to format-strings
  ADD. avoid fixed length buffer for lines on terminal when using curses
  ADD. reorder t_config to avoid padding
  REM. MAX_MSG_HEADERS limitation
  BUG. txt_help_config_search_opt_forwards,
   txt_help_config_search_opt_forwards and
   txt_help_attrib_search_opt_backwards,
   txt_help_attrib_search_opt_forwards were mixed up
  BUG. memleak when using bsd-sockets without getservbyname()
  BUG. possible memleak on quit in version.c:upgrade_prompt_quit()
  BUG. multiple addresses in From, Reply-To, Approved (allowed since
   RFC 5536) we're not handled correct.
  FIX. active.c, art.c, attrib.c, charset.c, config.c, cook.c, debug.c
   feed.c, filter.c, getline.c, group.c, header.c, help.c, inews.c
   init.c, keymap.c, lang.c, main.c, mail.c, makecfg.c, memory.c
   misc.c, nntplib.c, nntps.c, options_menu.c, page.c, pgp.c, post.c
   prompt.c, refs.c, regex.c, rfc2046.c, rfc2047.c, save.c, screen.c
   search.c, select.c, sigfile.c, signal.c, string.c, tags.c, thread.c
   version.c, xref.c, parsdate.y, extern.h, keymap.h, newsrc.h, proto.h
   rfc2046.h, tin.h, tinrc.h, tincfg.tbl

 019) Urs Janssen 
  ADD. silence some unused parameter warnings
  ADD. avoid sscanf(3) in check_upgrade()
  ADD. avoid fixed length buffer in my_mktmp()
  ADD. configure check for buggy snprintf(3)
  ADD. changed snprintf(3) fallback implementation from Patrick Powell
   to the one by Mark Martinec
  ADD. use snprintf(3) in STRCPY macro
  ADD. config.guess, config.sub update
  ADD. avoid tmpfile(3) usage
  ADD. configure check for blockable signal-type (POSIX, BSD, SYSV, NONE)
  ADD. configure check for tiuser.h (TLI; SVR3, SVR4)
  ADD. configure check for arc4random_uniform(3), lrand48(3) and random(3)
   prefer over rand(3)
  ADD. configure check for tcflag_t
  ADD. configure check for PRIdLEAST64 and SCNdLEAST64
  ADD. 

Re: [tin-dev] [tin 2.6.4] snapshots

2024-10-19 Thread Urs Janßen
In I wrote:
> New snapshots available.

the following is needed to fix the build in the !USE_CURSES case. my bad.

=== modified file 'src/screen.c'
--- old/src/screen.c2024-10-18 20:59:22 +
+++ new/src/screen.c2024-10-19 20:49:01 +
@@ -380,9 +380,10 @@
 #endif /* MULTIBYTE_ABLE && !NO_LOCALE */
my_fputs("->", stdout);
} else {
-   char *buffer, *s;
-
+   char *s;
 #ifdef USE_CURSES
+   char *buffer;
+
 #  if defined(MULTIBYTE_ABLE) && !defined(NO_LOCALE)
buffer = my_malloc(MB_CUR_MAX * (size_t) (cCOLS + 1));
 #  else
@@ -440,8 +441,10 @@
if (tinrc.draw_arrow)
my_fputs("  ", stdout);
else {
+   char *s;
 #ifdef USE_CURSES
-   char *buffer, *s;
+   char *buffer;
+
 #  if defined(MULTIBYTE_ABLE) && !defined(NO_LOCALE)
buffer = my_malloc(MB_CUR_MAX * (size_t) (cCOLS + 1));
 #  else


___
tin-dev mailing list
tin-dev@tin.org
http://lists.tin.org/cgi-bin/mailman/listinfo/tin-dev


Re: [tin-dev] [tin 2.6.4] snapshots

2024-10-19 Thread Urs Janßen
New snapshots available.  New features: "ternary"-operator for
format-strings $F, %s, %T; max screenwidth ('<') condition for
format-strings. Connection type (IPv4 / IPv6) info added to
connection-infp-page ('J') (this may not work with TLI, EXCELAN
or DECNET - tests welcome ,-). Some code cleanup incl. small memory
usage improvements by avoiding huge fixed len buffers.





Changes since 2.6.3:

 023) Thomas E. Dickey 
  REM. bundled-intl stuff
  ADD. disallow giving both --with-socks and --with-socks5
  ADD. try also libsocks5 and libsocksd if using --with-socks5
  FIX. intl/*, aclocal.m4, configure[.in], autoconf.hin, nntplib.h
   tcurses.h, Makefile[.in], conf-tin

 022) Enrik Berkhan 
  ADD. avoid implicit conversion
  FIX. curses.c, misc.c, nntplib.c, rfc2047.c

 021) Matt Anton 
  ADD. updated French translation
  FIX. fr.po

 020) Dennis Preiser 
  ADD. ArticleInfo-page ('\'')
  ADD. always cast arg to is*()-functions to unsigned char
  ADD. avoid implicit conversion
  ADD. formatted output for -vZ and large article counts
  ADD. avoid malloc()/free() overhead in match_group_list()
  ADD. dont_break_words tinrc option, if set don't break long
   lines inside words, just on SPACE or TAB if possible.
  ADD. charset guessing via undeclared_cs_guess in attributes
  ADD. syntax check for content subtype
  ADD. handle multiple addresses in From, Reply-To, Approved
  ADD. addresses in %T are now separated by comma instead of space
  ADD. no longer use fixed length buffers in t_cmdlineopts
  ADD. limit tinrc/attributes value strings to 1022 chars
   (they were "randomly" cut off before around 1k)
  ADD. avoid fixed length buffers in t_config, t_filter_rule and
   t_fmt
  ADD. "ternary"-operator to format-strings %F, %s, %T
  ADD. max screenwidth ('<') condition to format-strings
  ADD. avoid fixed length buffer for lines on terminal when using curses
  REM. MAX_MSG_HEADERS limitation
  BUG. txt_help_config_search_opt_forwards,
   txt_help_config_search_opt_forwards and
   txt_help_attrib_search_opt_backwards,
   txt_help_attrib_search_opt_forwards were mixed up
  BUG. memleak when using bsd-sockets without getservbyname()
  BUG. possible memleak on quit in version.c:upgrade_prompt_quit()
  BUG. multiple addresses in From, Reply-To, Approved (allowed since
   RFC 5536) we're not handled correct.
  FIX. active.c, art.c, attrib.c, charset.c, config.c, cook.c, debug.c
   feed.c, filter.c, getline.c, group.c, header.c, help.c, inews.c
   init.c, keymap.c, lang.c, main.c, mail.c, makecfg.c, memory.c
   misc.c, nntplib.c, nntps.c, options_menu.c, page.c, pgp.c, post.c
   prompt.c, refs.c, regex.c, rfc2046.c, rfc2047.c, save.c, screen.c
   search.c, select.c, sigfile.c, signal.c, string.c, tags.c, thread.c
   version.c, xref.c, parsdate.y, extern.h, keymap.h, newsrc.h, proto.h
   rfc2046.h, tin.h, tinrc.h, tincfg.tbl

 019) Urs Janssen 
  ADD. silence some unused parameter warnings
  ADD. avoid sscanf(3) in check_upgrade()
  ADD. avoid fixed length buffer in my_mktmp()
  ADD. configure check for buggy snprintf(3)
  ADD. changed snprintf(3) fallback implementation from Patrick Powell
   to the one by Mark Martinec
  ADD. use snprintf(3) in STRCPY macro
  ADD. config.guess, config.sub update
  ADD. avoid tmpfile(3) usage
  ADD. configure check for blockable signal-type (POSIX, BSD, SYSV, NONE)
  ADD. configure check for tiuser.h (TLI; SVR3, SVR4)
  ADD. configure check for lrand48(3) and random(3), prefer over rand(3)
  ADD. configure check for tcflag_t
  ADD. configure check for PRIdLEAST64 and SCNdLEAST64
  ADD. configure check for ucsdet_detect() from libicui18n
  ADD. configure check for getpeername()
  ADD. simplify _Noreturn check, just note the C11 standard
  REM. configure check for varargs.h
  ADD. removed fixed buffer from copy_body()
  ADD. SASL info to connection-info ('J')
  ADD. -L cmd.line switch
  ADD. create missing newsrc-dir
  ADD. -g "[ipv6::address]"[:port] also in .newsauth and newsrctable
  ADD. check that a recipient is present in mailgroups
  ADD. mention location of files being read on startup
  ADD. only display MOTD on startup if it did change since the last
   connect (use 'J' to see it anyway).
  ADD. cache MOTD during session
  ADD. REPRODUCIBLE_BUILD define to prevent recoding of __DATE__, __TIME__,
   $CFLAGS, $CPPFLAGS and $LDFLAGS in the binary if set
  ADD. disallow Distribution: all, warn about Dis