Release Notes of Version 2.0.0

Release Notes of Version 2.0.0 (Drafts)

Features and fixes backported to v1.x

Changes which directly affect the UI

• Support special keys for more terminals
• Support Ctrl-/Meta-/Shift- key modifiers for special keys
• Add some F* and ESC-* key shortcuts from PttBBS for editor
• Remove the useless V function of the user list UI
• Now the client will disconnect right after the disconnection message displays
• Now the client will perform the logout works before the logout message displays
• The number of failed reposts or forwarding posts will now be reported
• The key shortcut Ctrl-U of the editor now inputs the character ESC instead; please use ESC-U to bring out the user list instead
• Add key shortcuts ESC-1 - ESC-5 for pasting the text from 1-5th temporary buffer file in the editor

Fixes which directly affect the UI

• Fix nested popupmenus not being redrawn when entered
• Fix base64encode tool yields wrong results
• Fix checkemail mails to the same destination twice whenever any arguments are passed
• Fix crashes when the user repost a gem item which the user has no read permission
• Fix crashes due to writing to read-only program memory when calling getfield() in u_register()
• Fix misusing KB instead of bytes as the data size unit in x_siteinfo()
• Fix the issue that failed reposts and forwarding posts increase the personal post count
• Fix all the title of the user ranks generated by topusr becoming %s
• Fix corrupted display and crashes in the UI of the input tool of the editer, which is caused by buffer overflow
• Fix the issue that rejected board changes cause the displayed name of the currently entered board become the name of the board to be changed to
• Fix the issue that class_yank2() (the i function) is not able to list all the friend-only and hidden boards
• Fix the issue that using class_yank() (the y function) or class_yank2() (the i function) causes the user to be kicked out of the board list when there are no corresponding boards
• Fix the issue that the user cannot enter the board list if class_yank() or class_yank2() is activated and there are no corresponding boards
• Fix the hottest board listing only the board 'SYSOP'; now it lists all hot boards
• Fix the issue that an empty hottest board list prevents the user from entering the board category list
• Editor: Fix redundant prompts for file selection when using key shortcuts ESC-1-ESC-5.

Fixes for Stage 4

• Fix: VGET_* flag values conflicting with BRD_*_BIT flag values, which breaks the board-searching function.
• Fix the notification message of new mails and new personal messages NEW[MAIL|PASS]MSG being truncated when displayed on the header

Fixes for previous versions

• Replace the hardcoded path /home/bbs with the macro BBSHOME
• Fix: Accessing uninitialized variables for a while condition whenever the argument host of dns_open() is a IPv4 address, which causes halts and even crashes

Other UI fixes

• Fix the connection overload message msg_no_desc of innbbsd being truncated
• Fix the function HISfetch() being declared wrong in innbbsd/inntobbs.h

Fixes for the password security

• Refine the seeding of pseudorandom number generators
• Improve the security of newly generated/encrypted passwords by using a cryptographically secure pseudorandom number generator (CSPRNG)
• Fix a logical error which causes the user's the ID and plaintext password being mistaken as the user's origin of connection
• Now the plaintext password input by the user will be wiped out after processed
• Now the plaintext site private key for inter-site mails will be wiped out after processed

Other fixes for the system security

• Fix accessing uninitialized/garbage variable in 38 places
• Fix writing uninitialized/garbage bytes to disk files in 3 places
• Fix buffer overflows / out-of-bound accesses in 8 places
• Fix unreachable memory leaks in 9 places
• Fix memory corruptions in 4 places
• Fix file resource leaks in 7 places
• Fix invalid fclose()/close() calls in 25 places
• Fix 30 misuses of open() return value and bugs/errors introduced by them
• Fix some undefined behaviors
• Fix the global buffer ipv4addr being overflowed by IPv4 addresses with 15 characters
• Fix potential buffer overflow caused by wrong types of the arguments to format strings
• Fix undefined behaviors caused by the input and output buffers for sprintf() overlapping each other
• Minor security fixes

Fixes about pfterm

• Fix the background for popupmenu_ans2() & pmsg2() not fading out when pfterm is disabled
• Fix pmsg2() not using vmsg() to display the pausing message when the argument is NULL while pfterm is disabled
• Fix: Macros STANDOUT and STANDEND expand to multiple statements when pfterm is disabled, which causes display issues in STEALTH_NOECHO mode of vget() on the "Current" version.
• Fix pfterm misinterpreting the ANSI escape sequence ESC <ch> as ESC [ <ch> (e.g., ESC m was misinterpreted as ESC [ m)

Other fixes and improvements

• Eliminate most of -Wall warnings
• Eliminate most of -Wwrite-strings warnings, caused by over 438 places of code
• Fix incorrect indentation
• Tweak the code layout
• Other minor refactoring and bug fixes

Features and fixes for v2.0.0

Fixes which directly affects the UI

• Support SHA-256-encrypted passwords
• Support SHA-256 site signature for inter-site mail
• Increase the maximum password length to 36 characters
• Make the password fields invisible
• Allow the user to choose between the old and new password encryption methods when setting/generating new passwords
• Now the password field for POP3 authorization accepts up to 36 characters
• Now the password field for POP3 authorization is invisible
• Now the number of processors accounts for the seriousness of the heaviness of system load
• Now the number of processors is displayed together with the system load

Fixes for Stage 5 and previous versions

• Fix: The user's plaintext password is stored in a global variable whenever the compile option CHAT_SECURE is enabled
• Fix: The global variable storing the plaintext password cannot be used to login xchatd, because the variable is wiped out after verified.
• Fix the issue that DES-encrypted passwords cannot be used to login xchatd

Type safety improvements

• Remove ignored top-level cvr-qualifiers and keyword register from function declarations
• Make 14 static storage pointers point to const
• Make 374 more function result and parameter pointers point to const
• Make 26 more static storage pointers const
• Make the elements of 90 more arrays const
• Make 11 more point-to-string variables const

Improvements of the UI of the command-line tools

• Refine reports of invalid command-line usages of the tools
• Fix out-of-bound accesses when the argument for poststat is a positive integer other than 1, 2, and 100
• Fix users' song request point decreasing when the argument for addsong is negative
• Fix the maximum online user count, the maximum registered user count, the maximum login count per hour, and the maximum login count per day can be set to negative by passing negative arguments to counter w
• The tools which accept more than 2 arguments now allow parameter designation and omitting with the -? syntax

Improvements about BBS-Lua

• Rework current BBS-Lua keyboard support implement for Maple3
• Update BBS-Lua version to 0.119-DlPatch-1

WebSocket proxy support

• bbsd now allows the connection data to be passed via unix sockets, which is compatible with the WebSocket proxy module used in PttBBS
• Introduce the wsproxy module from PttBBS
• wsproxy: Replace the custom method receiveatmost() made by patching, with the official OpenResty method receiveany().

Improvements about pfterm

• Preliminary implement of the function vkey_is_typeahead(), which is used by pfterm and pmore, is now done
• Update the comments and the references of pfterm
• Add support for ANSI escape sequence ESC [ <n> d (move to <n>-th line) for pfterm
• Add support for ANSI escape sequence ESC [ 27 (reverse off) for pfterm (ESC [ 7 either turns on or turns off the reverse attribute)

Improvement about the build tools

• Refactor Makefiles
• Eliminate unnecessary loading of .include for makefiles
• Support disabling dynamic library loading

Other improvements

• Introduce some useful macros for GCC attributes from PttBBS
• Define some useful GCC attribute macros
• Other minor refactoring