The NetBSD Project

CVS log for pkgsrc/news/inn/options.mk

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / news / inn

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.11: download - view: text, markup, annotated - select for diffs
Fri Nov 17 00:52:53 2023 UTC (12 months, 3 weeks ago) by sekiya
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, HEAD
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +4 -1 lines
Make perl dependencies conditional on "perl" package option.

No functional change in the default configuration case.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sun Apr 30 14:58:58 2023 UTC (19 months, 1 week ago) by spz
Branches: MAIN
CVS tags: pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +22 -9 lines
update inn to 2.7.1
adding canlock option kudos micha@

upstream changelog:
Changes in 2.7.1 (2023-04-16)

    * Added a new *groupexactcount* parameter in readers.conf to force nnrpd
      to report the exact number of still existing articles in newsgroups
      instead of an estimated count.  When the estimated number of articles
      is strictly below *groupexactcount* (set to 5 by default), nnrpd now
      recounts them and reports the actual value (articles that have been
      cancelled or overwritten in self-expiring CNFS buffers may otherwise
      still be counted in the estimate).  News clients will then be directly
      aware of empty newsgroups; they would otherwise have tried to retrieve
      possible articles, to finally not show anything to the user.

    * Programs sending mails now include, when appropriate, an
      Auto-Submitted header field in the message headers (either set to
      "auto-generated" or "auto-replied", following the recommendation in
      RFC 3834).  Thanks to Harald Dunkel for this suggestion which will for
      instance help to avoid unnecessary vacation replies.

    * Added a new -a option to innmail to specify additional header fields
      to add in the headers of messages.  This is notably used to internally
      support the addition of the Auto-Submitted header field in outgoing
      mails.

    * Added new ovsqlite-util program to perform some basic consistency
      checks and dump operations on an overview database using the ovsqlite
      method.  More checks and features will be added in future releases.
      You'll need the "DBI" Perl module with the "DBD::SQLite" driver
      installed on your system to use this program.

    * Added TLS support in pullnews for connections to upstream servers
      configured in pullnews.marks, and to the downstream server in the
      existing -s flag.  A port can now also be specified for connections to
      upstream servers (it was already possible for the downstream server
      only).

    * Added a new -L option to pullnews to specify the largest wanted
      article size in bytes.  Articles whose size exceeds that value will no
      longer be downloaded by pullnews.

    * pullnews now detects a socket timeout while downloading articles from
      a remote peer.  The download gracefully stops, and another attempt can
      be automatically made according to the setting given with the -t flag.
      Thanks to Jesse Rehmer for the bug report.

    * Fixed the generation and the handling of storage tokens on wrapped
      CNFS buffers, thanks to bug reports from Kamil Jonca:

      * Duplicate entries were returned by makehistory on fully wrapped
        cyclic buffers (the first article of the cyclic buffer appeared
        twice in the output).

      * The first article of a fully wrapped cyclic buffer was removed too
        soon from history (expire wrongly thought its storage token was no
        longer existing after a wrap).

      * The first article of the previous cycle number of a cyclic buffer
        containing articles from two different cycle numbers was wrongly
        considered by makehistory to belong to the current cycle number.

    * innd no longer dies when a newsfeeds entry has an unexpected trailing
      whitespace.

    * The size of duplicated articles was counted twice in totals, average
      article sizes and graphs by innreport, when parsing innd checkpoints.
      Thanks to Hauke Lampe for the patch to count it only once.

    * Customizing the domain part of Message-IDs generated by nnrpd and the
      server name indicated in Injection-Info header fields is now easier:
      the *domain* parameter in the access blocks of readers.conf can be
      directly used (without needing to set *virtualhost* as it was
      previously the case).

    * If the *domain* parameter is set in inn.conf or in a readers.conf
      access block, and has invalid characters, or if the fully qualified
      domain name (FQDN) of the news server has invalid characters when
      *domain* is unset, a fatal error is now reported at startup.  It is a
      basic configuration error which otherwise leads to the generation of
      invalid article Message-IDs.

    * Improved the speed of article searches with HDR, LAST, NEXT, and XPAT
      commands when there is a (huge) gap in article numbers.  On newsgroups
      with several millions of consecutive missing articles (which is a rare
      situation), these commands could take several seconds to run.

    * Incoming articles in newsgroups that have exceeded the maximum number
      of articles they can contain (2^31-1) are now correctly rejected.  INN
      was otherwise happily accepting them but either numbers returned in
      NNTP responses were not right, or some news clients choked when
      receiving unexpected large article numbers.  (The current version of
      the NNTP protocol only allows article numbers up to 2^31-1.)

    * Fixed the renumbering of reported low water marks for empty newsgroups
      in active after overview expiration, when using the ovsqlite method.
      They were set to 1 for empty newsgroups whereas they were not supposed
      to decrease.  (These reported low water marks regained their expected
      values during the next overview expiration, provided that the
      newsgroup was no longer empty.)

    * The reported high water mark of empty newsgroups is now correctly set
      to one less than the reported low water mark in overview data.
      (Previously, the reported low water mark was set to one more than the
      reported high water mark.)

    * Fixed the output of the "ctlinnd feedinfo ''" command that was
      returning information only for the first site, and the output of the
      "ctlinnd name channel" command that was returning partial information
      for the requested channel.

    * The build of external programs which include inn/storage.h was failing
      because of the unexpected inclusion of config.h in one of the included
      headers.  Also, a few Autoconf results were not correctly made
      available to external programs.  This is now fixed.

    * Fixed the build on systems whose default shell does not completely
      meet the Posix standard.  A few build scripts were run with the
      default shell instead of the one found by Autoconf and afterwards used
      for INN.

    * Use standard daemon(3) C function, when available, to daemonize innd,
      nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific
      function.

Upgrading from 2.6 to 2.7

    The following changes require your full attention because a manual
    intervention may be needed:

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption* as it applies to any kind of encryption layers,
      including TLS and SASL security layers.  Since innupgrade only takes
      care of the change in the file named readers.conf, you will have to
      manually rename that parameter in configuration files for nnrpd with
      an alternate name.

    * The innreport.conf file in *pathetc* has been split into a general
      configuration file (innreport.conf itself) and a display configuration
      file (innreport-display.conf in *pathlib*).  If you made local changes
      in sections other than the *default* section in innreport.conf, and
      wish to keep them, then you need renaming the new
      innreport-display.conf file to another name in *pathlib*, setting this
      local file name in the new *display_conf_file* option in
      innreport.conf, and re-applying your local changes to that local
      display configuration file.

      As a matter of fact, the default display configuration file would
      otherwise be overwritten each time INN is updated.  Bug fixes or
      enhancements are made from time to time to the display configuration
      of innreport, and previously couldn't be automatically be merged in
      innreport.conf on update.  This new separate configuration file to
      parameterize the display will now permit an automatic update (if of
      course you use the default display configuration file).

    * A new inn-secrets.conf configuration file has been added in *pathetc*.
      The intent is that, from now on, new secrets used by INN are added to
      that file, and that all secrets currently stored in several other
      configuration files eventually move to that file.  Make sure it is
      properly created during the upgrade, and not world-readable.  It
      currently only stores the secrets used for the new Cancel-Lock
      functionality.

    * The -C flag given to innd to disable the execution of cancels has been
      deprecated and is no longer taken into account (an error message will
      be present in your logs if innd is started with it).  Instead, a new
      parameter has been added in inn.conf to tune the types of cancels innd
      should process.  If *docancels* is set to "require-auth", which is the
      default if INN has Cancel-Lock support, only articles originally
      protected by the Cancel-Lock authentication mechanism can be withdrawn
      by a valid authenticated cancel article or a valid authenticated
      supersede request.  Withdrawals of articles not originally protected
      by Cancel-Lock will not be executed.  See inn.conf(5) for more details
      about the different values of the new *docancels* parameter, and make
      sure to parameterize it according to your needs.

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  The first was performing an inefficient and
      inexact check (that should be done, if wanted, in the special "ME"
      entry in newsfeeds, or even better, ask your peers not to feed you
      articles with "cyberspam" in the Path header field body); the second
      check performed on the newsgroups present in cancel articles was not
      useful in innd (this check is relevant to posting agents).

      The related lines in inn.conf will be commented by innupgrade during
      the upgrade.

    * The XBATCH command is no longer enabled by default in innd.  You'll
      have to explicitly enable that capability by setting the new *xbatch*
      parameter to true in incoming.conf for the peers sending you such
      compressed batches.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been
      removed.  innupgrade will take care of the changes (inverting the
      boolean values, and commenting the lines with removed parameters).

    * filechan is no longer shipped with INN; it was just a simple version
      of buffchan.  All calls to "filechan" will be changed to "buffchan -u"
      (for its unbuffered mode) in newsfeeds by innupgrade.  If you have
      local scripts running filechan, you will have to manually take care of
      the change.

    * send-nntp is no longer shipped with INN.  If you have local scripts
      running it, you will have to manually adjust them to use nntpsend
      which basically does the same thing, better.  Or, even greater, use
      innfeed if that is possible.

    * Wrappers around old Perl and Python authentication and access hooks,
      pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and
      *nnrppythonauth* parameters in inn.conf, are no longer shipped as
      samples in INN releases.  If not already done, you should either
      replace old hooks with new modern hooks or use the possibilities that
      readers.conf and regular authenticator and resolver programs offer.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.  External programs building or linking
      against them need a manual change.

    If you are upgrading from a version prior to INN 2.6, see also
    "Upgrading from 2.5 to 2.6".

Changes in 2.7.0 (2022-07-10)

    * Upgrading to a major release is a good time to ensure that your
      configuration files, that are usually kept untouched during normal
      updates, are up-to-date: notably control.ctl (with your local changes
      in a separate control.ctl.local file), new better default values in
      inn.conf and innfeed.conf, improvements in innreport.conf (along with
      innreport-display.conf) and innreport.css, fixes in innwatch.ctl,
      updated moderators and nocem.ctl files.

      You may also want to check that the PGP keys used to verify the
      signature of control articles and NoCeM notices are still up-to-date
      and working.  The keys of a few hierarchies and NoCeM issuers have
      recently changed.

    * Bo Lindbergh has implemented a new overview storage method based on
      SQLite, known for its long-term stability and compatibility.  Robust
      and faster at reading ranges of overview data, but somewhat slower at
      writing, this new SQLite-based method is a perfect choice to store
      overview data.

      To select it as your overview method, set the *ovmethod* parameter in
      inn.conf to "ovsqlite".  Details about ovsqlite, the ovsqlite.conf
      configuration file and how to switch to that new modern overview
      storage method can be found in the ovsqlite(5) and makehistory(8) man
      pages.

    * Julien Elie has implemented Cancel-Lock support in innd and nnrpd,
      based on RFC 8315 and libcanlock.  A new inn-secrets.conf
      configuration file has been added in *pathetc* wherein you can set the
      secrets to use for Cancel-Lock.  See the inn-secrets.conf(5) man page
      for more details.

      A new -F flag is recognized by innconfval to indicate the type of file
      to parse (by default, "inn.conf"); just run "innconfval -F
      inn-secrets.conf" to get the values of that new configuration file.
      Another new flag, -f, permits specifying another file name to parse
      than the standard one.

      The *addcanlockuser* parameter has been added in readers.conf to
      deactivate the generation of user-specific hashes when several
      different posters have the same identity in an access group.  This
      parameter also permits setting whether the hash, when generated, is
      based on the username or the (static) IP of the connection.

    * Added a new tool, gencancel, to help the news administrator generate
      authenticated cancel control messages, with the expected admin
      Cancel-Key hashes.  See the gencancel(1) man page for more details.

    * A new *docancels* parameter has been added in inn.conf to define which
      types of cancels innd should process.  The -C flag given to innd is
      deprecated in favour of that new parameter (you'll see in your logs
      the message "innd -C flag has been deprecated and has no effect; use
      docancels in inn.conf" in case you're passing that flag to innd).

    * Andreas Kempe has implemented blacklistd support in nnrpd.  This
      daemon, available notably in FreeBSD and NetBSD, can be used to
      prevent brute force attacks by blocking attackers after a number of
      failed login attempts.  When nnrpd is run with the new -B flag, and
      INN has been configured with the new --with-blacklist option, it will
      report login attempts to the blacklistd daemon for potential blocking.

    * Building INN with TLS support using LibreSSL is now supported (only
      OpenSSL was previously officially supported and tested).

    * Fixed the parsing of *hosts* and *localaddress* parameters in
      readers.conf; exclusion patterns (beginning with "!") have not been
      working since INN 2.5.0.

    * Improved the robustness of innxmit when receiving 500 or 501 response
      codes from peers, indicating they do not understand the NNTP command
      or (wrongly) think there is a syntax error.  Richard Kettlewell added
      a proper handling of these responses, making innxmit dropping the
      refused article instead of keeping sending it over and over (and thus
      receiving each time the same error in response codes).

    * innreport now collects statistics from innxbatch and generates a
      section for them in its reports.

    * The innreport.conf file in *pathetc*, previously containing almost
      2500 lines, has been split into a general configuration file
      (innreport.conf itself, still in *pathetc*, with about 60 lines) and a
      display configuration file (innreport-display.conf, a new separate
      file in *pathlib*).  The name of this display configuration file can
      be parameterized in the new *display_conf_file* option in
      innreport.conf.

    * The -m flag given to mailpost now sets a List-ID header field instead
      of a Mailing-List header field.

    * rc.news, used to start and stop INN daemons, now checks whether it is
      run as the news user.  It will exit if not the case, to ensure not to
      tamper with the ownership of files INN manipulates.

    * filechan has been removed; it was just a simple version of buffchan,
      which should now be used.

    * send-nntp has been removed; it was just a simple version of nntpsend,
      which should now be used (or, even better, innfeed).

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  Besides, inews no longer checks if the From or
      Sender header fields of a cancel or supersede request match the ones
      of the original article being withdrawn.  All of these were either
      inefficient or inexact checks.

    * The *xbatch* parameter has been added in incoming.conf to enable the
      XBATCH command in innd for specific remote peers.  The default is to
      disable the capability.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been
      removed.

    * inews no longer adds a Sender header field nor overwrites an existing
      one in articles it processes if the new -P flag is used.  The Path
      header field, if unset, no longer systematically contains the path
      identity of the local news server (you may want to add it manually
      with the -x flag, if needed).  Finally, inews also no longer adds the
      obsolescent Lines header field.

    * A new -E flag can now be given to inews to silently discard empty
      articles, instead of bailing out with an error.  Another new -m flag
      permits setting the Message-ID instead of letting inews generate one.
      And a third new flag, -Y, forces inews to authenticate to the remote
      news server even if not asked to.

    * signcontrol has been removed as it embeds per-site configuration which
      is overwritten each time INN is updated to a newer version, and it is
      unlikely you ever need it.  Nonetheless, if you need to issue
      PGP-signed control messages, you can still download it from
      <https://ftp.isc.org/pub/pgpcontrol/>.

    * Support in controlchan for obsolete *sendsys*, *senduuname* and
      *version* control messages has been removed.  These control messages,
      long been deprecated, should no longer be sent nor honoured nowadays.
      Besides, the "doifarg" keyword in control.ctl is no longer recognized
      (it was only used for these three kinds of control messages).

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption*, which is a better name as it applies to any kind
      of encryption layers, including TLS and SASL security layers.

    * Fixed the use of a deprecated API in Kerberos V5.  INN now requires
      version 1.6.1 or higher of MIT Kerberos v5 to build.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.

    * All of the applicable bug fixes from the INN 2.6 STABLE series are
      also included in INN 2.7.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sat Jan 2 14:18:22 2021 UTC (3 years, 11 months ago) by spz
Branches: MAIN
CVS tags: pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +29 -3 lines
update news/inn to version 2.6.3

Changes in 2.6.3

    * Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
      later; NIST P-256 was enforced instead of using the most secure curve.

    * A new inn.conf parameter has been added to fine-tune the cipher suites
      to use with TLS 1.3:  the *tlsciphers13* now permits configuring them.
      A separate cipher suite configuration parameter is needed for TLS 1.3
      because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
      vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
      suite configuration configured in the *tlsciphers* parameter would
      inadvertently disable all TLS 1.3 cipher suites, the inn.conf
      configuration has been separated out.

    * Fixed a regression since INN 2.6.1 that prevented articles with
      internationalized header fields (that is to say encoded in UTF-8) from
      being posted.

    * Support for Python 3 has been added to INN.  Embedded Python filtering
      and authentication hooks for innd and nnrpd can now use version 3.3.0
      or later of the Python interpreter.  In the 2.x series, version 2.3.0
      or later is still supported.

      When configuring INN with the --with-python flag, the "PYTHON"
      environment variable, when set, is used to select the interpreter to
      embed.  Otherwise, it is searched in standard paths.

      In case you change the Python interpreter to embed, make sure that the
      Python scripts you use are written in the expected syntax for that
      version of the Python interpreter.  Notably, buffer objects have been
      replaced with memoryview objects in Python 3, and UTF-8 encoding now
      really matters for string literals (Python 3 uses bytes and Unicode
      objects).

      INN documentation and samples of Python hooks have been updated to
      provide more examples.

    * When a Python or Perl filter hook rejects an article, innd now
      mentions the reason in response to CHECK and TAKETHIS commands.
      Previously, the reason was given only for the IHAVE command.

    * nnrpd now properly logs the hostname of clients whose connection
      failed owing to an issue during the negotiation of a TLS session or
      high load average.

Changes in 2.6.2

    * A new *syntaxchecks* parameter has been added in inn.conf.  It permits
      controlling the level of checks performed by innd and nnrpd.  Up to
      now, only one check can be enabled/disabled:  when *laxmid* is
      mentioned in the values of this new parameter, INN accepts Message-IDs
      that contain ".." in the left part, as well as Message-IDs with two
      "@" (such Message-IDs would otherwise be considered as syntactically
      invalid).  See the inn.conf(5) man page for more details.

      The check is disabled by default (*no-laxmid*), which corresponds to
      the legacy behaviour of INN 2.6.1 and earlier.

    * Use of the ovdb_server helper server is now the default when using the
      ovdb overview method, that is to say the default value for the
      *readserver* parameter in ovdb.conf is now set to true.  It improves
      stability and avoids deadlocks, timing issues and corrupted ovdb
      databases.

    * mailpost now removes empty header fields before attempting to post
      articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
      generated header field body.  Also, mailpost now sanitizes header
      fields with regards to empty continuation header lines.  Thanks to
      Kamil Jonca for these bug reports.

    * A new -z parameter has been added to mailpost to mention a list of
      header fields to remove from the gated message.  Thanks to Dieter
      Stussy for the patch.

    * Fixed a bug in inews that was rejecting articles containing header
      fields whose length exceeded 998 bytes.  This limitation is for the
      length of a single line of a header field (and not for the length of
      the whole header field, as it was wrongly the case).

    * Added support for GnuPG's gpg binary (in addition to gpgv) in
      pgpverify.  Indeed, gpg still validates signatures made with weak
      digest algorithms like MD5 whereas gpgv no longer do.  Thanks to
      Thomas Hochstein for the patch, which permits validating control
      articles for hierarchies that are still using old PGP keys.

    * Added similar support for GnuPG's gpg binary in perl-nocem to validate
      NoCeM notices from issuers who are still using old PGP keys.

    * A few commands listed in the "Control commands to INND" section in
      daily Usenet reports were appearing as a mere letter; all of them are
      now properly converted to meaningful words.

    * The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
      value (for OpenSSL versions implementing TLS 1.3, that is to say
      starting from OpenSSL 1.1.1).

    * The buffindexed overview method will now hopefully work properly on
      systems with a native page size larger than 16KB.

    * Other minor bug fixes and documentation improvements.

Revision 1.8: download - view: text, markup, annotated - select for diffs
Sun May 31 15:08:27 2020 UTC (4 years, 6 months ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +3 -10 lines
news/inn: remove unknown configure option

Revision 1.7: download - view: text, markup, annotated - select for diffs
Mon Nov 4 19:17:10 2019 UTC (5 years, 1 month ago) by rillig
Branches: MAIN
CVS tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +2 -2 lines
news: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Tue Apr 13 21:18:00 2010 UTC (14 years, 8 months ago) by spz
Branches: MAIN
CVS tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3, pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3, pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4, pkgsrc-2016Q3-base, pkgsrc-2016Q3, pkgsrc-2016Q2-base, pkgsrc-2016Q2, pkgsrc-2016Q1-base, pkgsrc-2016Q1, pkgsrc-2015Q4-base, pkgsrc-2015Q4, pkgsrc-2015Q3-base, pkgsrc-2015Q3, pkgsrc-2015Q2-base, pkgsrc-2015Q2, pkgsrc-2015Q1-base, pkgsrc-2015Q1, pkgsrc-2014Q4-base, pkgsrc-2014Q4, pkgsrc-2014Q3-base, pkgsrc-2014Q3, pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1, pkgsrc-2013Q4-base, pkgsrc-2013Q4, pkgsrc-2013Q3-base, pkgsrc-2013Q3, pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2013Q1-base, pkgsrc-2013Q1, pkgsrc-2012Q4-base, pkgsrc-2012Q4, pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2, pkgsrc-2012Q1-base, pkgsrc-2012Q1, pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -2 lines
update from 2.5.1 -> 2.5.2

Vendor update message (excerpt):

Many thanks to Julien ÉLIE for preparing this release.

Special notes:

The way checkpoints are handled by innreport for innd and innfeed has totally changed to provide more accurate daily statistics. The first Usenet report after an upgrade to INN 2.5.2 will probably contain incorrect statistics for incoming and outgoing articles because the beginning of the log files that will be used was generated by a previous version of INN.

A new version of innreport.conf is shipped with INN 2.5.2 but, in order to preserve any local changes, will not be automatically installed with make update. The changes are minor and not mandatory for the upgrade.

Changes from 2.5.1 to 2.5.2

    * Julien Elie has implemented in innd the new version of the NNTP protocol described in RFC 3977, RFC 4643 and RFC 4644, and innd now recognizes the CAPABILITIES command. Despite these standards, three commands (IHAVE, CHECK and TAKETHIS) will continue, for interoperability reasons, to return a reject code (respectively 435, 438, and 439) when the command contains a syntax error instead of 501. The mandatory username argument for authenticated peers is not enforced in INN 2.5.2 but will be be enforced by INN 2.6.0 when it is released.

Major improvements are:

    * innd now has a decent parser for NNTP commands. The parser is more correct (commands like "IHAVEZ<>", without a space between the command and its argument, are no longer valid) and allows leading and trailing whitespaces in commands. innd also now checks the length of the NNTP command sent by the client. If the command contains more than 512 bytes (or 497 bytes for an argument), an error is returned and the command is discarded. After ten unrecognized commands, innd closes the connection with the appropriate code (400 instead of 500).
    * The output of the HELP command specifies the arguments expected by NNTP commands, similar to nnrpd's HELP command.
    * LIST ACTIVE, LIST ACTIVE.TIMES and LIST NEWSGROUPS now allow an optional wildmat argument to restrict the results of those commands to specific newsgroups.
    * When using HEAD or STAT with an article number or a range, 412 (no group selected) is now returned instead of 501 (syntax error).
    * Jeffrey M. Vinocur has implemented support in both innd and nnrpd for whitespace in usernames/passwords provided with AUTHINFO USER/PASS. They were previously treated as invalid arguments or incorrectly parsed. innd and nnrpd now treat everything after the first whitespace character following AUTHINFO USER/PASS, up to, but not including, the final CRLF, as the username/password, in conformity with RFC 4643.
    * The syntax of message-IDs is now based on RFC 5536 (USEFOR) instead of RFC 1036. The major change is that quoted-pairs have been removed from the syntax.
    * The Perl and Python filters for innd now check the message-ID of articles arriving through TAKETHIS. Only CHECK and IHAVE commands previously used them.
    * Case-insensitive matches are now used for distributions, path identities, IMAP commands, header names, and control commands. (Newsgroups are still matched case-sensitively.) Message-IDs are case-sensitively matched, except for history hashes.
    * The new Archive:, Archive-At:, Comments:, and Summary: header fields defined in RFC 5064 and RFC 5536 can be used in innd filters. nnrpd now checks at injection time that an article does not contain an Injection-Info: header, that an Injection-Date: header (if provided) is valid, and that the Path: header does not contain ".POSTED". Note that INN does not yet generate these two injection fields or include the new Path: header field ".POSTED" keyword. These new features will be in the next major release of INN.
    * LIST SUBSCRIPTIONS now accepts an optional wildmat argument to restrict the results of this command to specific newsgroups.
    * nnrpd now supports a new LIST variant named COUNTS. LIST COUNTS is a combination of LIST ACTIVE and GROUP. It returns the same result as LIST ACTIVE except that the number of articles in a newsgroup is inserted before its status.
    * A new flag has been added to newsfeeds entries: "Aj", when present, says to feed articles accepted and filed in "junk" (due to *wanttrash*) to peers based on their newsfeeds feed patterns applied to the Newsgroups: header as though the article were accepted and all those groups were locally carried. This is useful if you want to run INN with a minimal active file and propagate all posts. Thanks to Andrew Gierth for the patch.
    * A new parameter has been added to inn.conf: *logtrash* defines whether a line for articles posted to groups not locally carried by the news server should be added in the news log file to report unwanted newsgroups. The default is true but it can be useful to set it to false (especially when *wanttrash* is also used).
    * The procbatchdir keyword has been added to news.daily to specify the backlog directory of innfeed. This is useful when several instances of innfeed are running or when its configuration file is not the default one.
    * sm now supports a new flag, -c, which shows a decoded form of the storage API token. This was previously done by the contrib showtoken script developed by Olaf Titz and Marco d'Itri.
    * The O flag in newsfeeds now relies on the contents of the Injection-Info: header field if it is present to determine the origin of an article. It falls back on X-Trace: if there is no Injection-Info: header field.
    * A new "unsigned long" type bas been added to the configuration parser. It will properly warn the news administrator when a variable supposed to be positive contains a negative integer. It will prevent INN from crashing due to misconfiguration at several places where it did not expect negative values.
    * innxbatch and innxmit now recognize the new 403 code introduced by RFC 3977 for a problem preventing the requested action from being taken.
    * HDR and OVER commands now return the correct 423 code (instead of 420) when the current article number is used but the article no longer exists.
    * actsync, inews, innxbatch, innxmit, nntpget and rnews can now authenticate to news servers which only expect a username, without password, conforming to RFC 4643.
    * The keyword generation code now generates a Keywords: header only if the original article does not already have one. The generated Keywords: header no longer begins with a comma. If keyword generation is set to true in inn.conf but the Keywords: header is not stored in the overview, the news administrator is warned and keyword generation deactivated, since it exists only to populate the overview data.
    * Two segfaults in keyword generation were fixed. The first occurred when an article already had a Keywords: header longer than the *keylimit* parameter. The second was caused by a possible invalid pointer beyond the newly allocated Keywords: header.
    * Fixed innd handling of empty lines. innd was not properly discarding an empty command and was closing the connection when it received only whitespace in a command.
    * Fixed a bug in how innd responded to reader commands when readers were not allowed. A superfluous blank line was sent in its response.
    * Fixed a bug in innd's response to TAKETHIS when authentication is required. Previously, 480 code was returned immediately without accepting the multi-line data block first, which broke synchronization in the NNTP protocol.
    * Fixed a bug in recognizing the article terminator when empty articles were fed to innd via IHAVE or TAKETHIS, leading to treating subsequent NNTP commands as part of the article.
    * When innd could not provide information for LIST ACTIVE.TIMES and LIST NEWSGROUPS, it was returning an invalid error message without a response code. The proper 503 answer code is now returned.
    * When an unauthenticated user tried to post an article, nnrpd replied 440 (posting not allowed) instead of the correct 480 (authentication required) response if the user might be able to post after authentication. Thanks to Daniel Weber for the bug report.
    * Fixed a bug in both innd and nnrpd answers to LIST commands where the output was not checked for valid dot stuffing.
    * Fixed a bug leading to junked non-control articles being sent to control-only feeds, and also fixed handling of poisoned control groups. Thanks to Andrew Gierth for the patch.
    * Fixed a bug in innreport leading to incorrect summing of innd stats when *hostname* was set to an IPv6 address instead of a fully-qualified domain name. Thanks to Petr Novopashenniy for the bug report.
    * Changed how innreport uses innd and innfeed checkpoint messages. Previously, connections held open for multiple days led to skewed and incorrect statistics on how many articles had been received or sent. The count is now more accurate and, for each connection of a feed, only depends on *incominglogfrequency* in inn.conf and *stats-period* in innfeed.conf.
    * Fixed a bug in nnrpd Perl filter: a header field whose name begins with the name of a standardized header field was not properly handled.
    * Fixed a bug in how innd was parsing Message-ID: and Supersedes: headers which contained trailing whitespace. The article was corrupted by an unexpected "\r" in the middle of the header. nnrpd now checks the syntax of the Message-ID: header field, if present.
    * Fixed various bugs in how leading whitespace was treated in headers. The HDR, XHDR and XPAT commands were not properly showing leading whitespace in header values. Lone "\n" and "\r" characters are now changed into spaces and "\r\n" is just removed. archive, makehistory, and tdx-util now keep leading whitespace in headers when generating overview data, and archive now changes "\n" (when not preceded by "\r") into a space when generating overview data.
    * Fixed a bug in the generation of overview data which may corrupt previously generated overview data when a pseudo Xref: header field is injected in an extra overview field.
    * Fixed a bug in the parsing of the *ovgrouppat* wildmat in inn.conf that prevented overview data from being generated when poisoned groups were specified but a latter sub-pattern matched the group. A uwildmat expression is now correctly handled, and a potential segfault has been fixed. Thanks to Dieter Stussy for the bug report.
    * Fixed a bug when HDR, XHDR and XPAT were used when *virtualhost* was set to true in readers.conf. The Xref: header of articles posted to only one newsgroup appeared empty.
    * Fixed a bug in tdx-util in parsing empty overview fields when called with -A or -F.
    * Fixed a bug in cvtbatch, which was returning only the size of the headers of an article when the "b" parameter was used with the -w flag. It now correctly returns the size of the whole article, which is what "b" was documented to do. cvtbatch also has a new "t" parameter, which can be used with the -w flag to retrieve the arrival time of an article.
    * Fixed a bug in how mailpost handles cross-posting feature. It was not properly detaching from sendmail. Thanks to Harald Dunkel for the patch.
    * Fixed a bug in the newsfeeds C flag: the count of followup groups was one less than the real number. When the value of the Followup-To: header field is "poster", it is no longer considered to be a followup. Thanks to Dieter Stussy for the patch.
    * When using tradindexed, the overview data for a cancelled article is now immediately removed from the overview. Thanks to Lars Magne Ingebrigtsen for the patch.
    * batcher has not supported the retrieval of an article with its file name for a long time. The -S flag has therefore been removed.
    * inews no longer rejects articles that contain more than 50 header fields. Thanks to Torsten Jerzembeck for the bug report.
    * news.daily no longer sends superfluous mails when the nomail keyword is given. Mail is only sent when there is real output. Previously, there would always be headings and empty lines left over from the structuring of the full report, which are now ommitted. Also, the output of programs executed with postexec is now included in the regular mail. Thanks to Florian Schlichting for the patch.
    * innconfval no longer maps NULL string or list values to an empty string or list and instead maps them to undefined values. This fixes an issue reported by Kamil Jonca: nnrpd was inserting an empty Organization: header when the *organization* parameter in inn.conf was unset.
    * Other minor bug fixes and documentation improvements.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Wed Dec 16 22:10:25 2009 UTC (14 years, 11 months ago) by spz
Branches: MAIN
CVS tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +2 -1 lines
The next minor version of INN. From the release announcement:
Major changes from 2.5.0 to 2.5.1

* Fixed a segfault in imap_connection which could occur when SASL was
used.

* Fixed a segfault in the keyword generation code which was assuming
that an article was nul-terminated. Fixed another segfault in the
keyword generation code when an article already contained a Keywords:
header. Thanks to Nix for the bug reports.

* Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library
has slightly changed. imap_connection and nnrpd now handle that
change. Otherwise, some answers are too long to be properly computed
during SASL exchanges.

* Fixed a memory allocation problem which caused nnrpd to die when
retrieving via HDR/XHDR/XPAT the contents of an extra overview field
absent from the headers of an article. The NEWNEWS command was also
affected on very rare cases. Thanks to Tim Woodall for the bug
report.

* HDR/XHDR/XPAT answers are now robust when the overview database is
inconsistent. When the overview schema was modified without the
overview database being rebuilt, wrong results could be returned for
extra fields (especially a random portion of some other header). The
desired header name is now explicitly searched for in the overview
information.

* Fixed the source which is logged to the news log file for local
postings when the local server is not listed in incoming.conf. A
wrong name was used, taken amongst known peers. The source is now
logged as "localhost".

* Fixed a bug in the timecaf storage method: only the first 65535
articles could be retrievable in a CAF, though everything was properly
stored. (A Crunched Article File contains all the articles that
arrive to the news server during 256 seconds.)

The storage token now uses 4 bytes to store the article sequence
number for timecaf, instead of only 2 bytes. Thanks to Kamil Jonca
for the bug report and also the patch.

* Fixed a bug in both timecaf and timehash which prevented them from
working on systems where short ints were not 16-bit integers.

* When there is not enough space to write an entire CAF header, the
timecaf storage manager now uses a larger blocksize. On 32-bit
systems, the CAF header is about 300 bytes, leaving about 200 bytes
for the free bitmap index (the remaining of a 512-byte blocksize). On
64-bit systems, the size of the CAF header could exceed 512 bytes,
thus leaving no room for the free bitmap index. A 1 KB blocksize is
then used, or a larger size if need be.

* A new CNFS version has been introduced by Miquel van Smoorenburg in
the CNFS header. CNFSv4 uses 4 KB blocks instead of 512 bytes, which
more particularly makes writes faster. CNFSv4 supports
files/partitions up to 16 TB with a 4 KB blocksize.

Existing CNFS buffers are kept unchanged; only new CNFS buffers are
initialized with that new version.

* grephistory -l now returns the contents of the expires history field
as well as the hash of the message-ID. Besides, when the storage API
token does not exist, grephistory -v now also returns the hash of the
requested message-ID.

* The check on cancel messages when *verifycancels* is set to true in
inn.conf has been changed to verify that at least one newsgroup in the
cancel message can be found in the article to be cancelled. This new
feature is from Christopher Biedl.

The previous behaviour was to check whether the cancel message is from
the same person as the original post, which is extremely easy to
spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control
messages are not required to contain From: and Sender: header fields
matching the target message. This requirement only encouraged cancel
issuers to conceal their identity and provided no security".

* The way the "/remember/" line in expire.ctl works has changed.
History retention for an article was done according to its original
arrival time; it is now according to its original posting date.
Otherwise, unnecessary data may be kept too long in the history file.

To achieve that, the HISremember() function in history API now expects
a fourth parameter: the article posting time.

Note that article expiration has not changed and is still based on
arrival time, unless the -p flag is passed to expire or expireover, in
which case posting time is used.

* The default value for "/remember/" has changed from 10 to 11 because
it should be one more than the *artcutoff* parameter in inn.conf, so
that articles posted one day into the future are properly retained in
history.

* auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos
APIs. Note that using ckpasswd with PAM support and a Kerberos PAM
module instead of this authenticator is still recommended.

* A new -L flag has been added by Jonathan Kamens to makehistory so as
to specify a load average limit. If the system load average exceeds
the specified limit, makehistory sleeps until it goes below the limit.

* As UTF-8 is the default character set in RFC 3977, "ctlinnd pause",
"ctlinnd readers", "ctlinnd reject", "ctlinnd reserve", "ctlinnd
throttle" and "nnrpd -r" commands now require the given reason to be
encoded in UTF-8, so that it can be properly sent to news readers.
The creator's name given to "ctlinnd newgroup" is also expected to be
encoded in UTF-8.

* The output of consistency checks for article storage and the history
file no longer appears by default when "cnfsstat -a" is used. A new
-v flag has been added to cnfsstat so as to see it.

* The default path for TLS certificates has changed from *pathnews*/lib
to *pathetc*. It only affects new INN installations or generations of
certificates with "make cert". Besides, a default value has been
added to *tlscapath* because it is required by nnrpd when TLS is used.

* gzip(1) is now the default UUCP batcher in send-uucp instead of
compress(1) because gzip is more widely available than compress, due
to old patent issues. Note that there is no impact on decompression
as it is handled by rnews.

* cnfsheadconf now uses the Perl core module "Math::BigInt" rather than
the deprecated bigint.pl library. When used without specifying a CNFS
buffer, it now properly displays the status of all CNFS buffers.

Revision 1.4: download - view: text, markup, annotated - select for diffs
Mon Jun 23 09:10:53 2008 UTC (16 years, 5 months ago) by spz
Branches: MAIN
CVS tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3, pkgsrc-2009Q2-base, pkgsrc-2009Q2, pkgsrc-2009Q1-base, pkgsrc-2009Q1, pkgsrc-2008Q4-base, pkgsrc-2008Q4, pkgsrc-2008Q3-base, pkgsrc-2008Q3, pkgsrc-2008Q2-base, pkgsrc-2008Q2, cwrapper, cube-native-xorg-base, cube-native-xorg
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +23 -3 lines
- bump inn version to 2.4.4
- major change of directory structure
- two new options (uucp and perl now both optional)
- change of maintainer

Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Sep 7 22:12:20 2007 UTC (17 years, 3 months ago) by jlam
Branches: MAIN
CVS tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1, pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +11 -4 lines
Convert packages that test and use USE_INET6 to use the options framework
and to support the "inet6" option instead.

Remaining usage of USE_INET6 was solely for the benefit of the scripts
that generate the README.html files.  Replace:

	BUILD_DEFS+=	USE_INET6
with
	BUILD_DEFS+=	IPV6_READY

and teach the README-generation tools to look for that instead.

This nukes USE_INET6 from pkgsrc proper.  We leave a tiny bit of code
to continue to support USE_INET6 for pkgsrc-wip until it has been nuked
from there as well.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Thu Feb 22 19:27:01 2007 UTC (17 years, 9 months ago) by wiz
Branches: MAIN
CVS tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2, pkgsrc-2007Q1-base, pkgsrc-2007Q1
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +2 -2 lines
Whitespace cleanup, courtesy of pkglint.
Patch provided by Sergey Svishchev in private mail.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Wed Jan 4 10:32:40 2006 UTC (18 years, 11 months ago) by tron
Branches: MAIN
CVS tags: pkgsrc-2006Q4-base, pkgsrc-2006Q4, pkgsrc-2006Q3-base, pkgsrc-2006Q3, pkgsrc-2006Q2-base, pkgsrc-2006Q2, pkgsrc-2006Q1-base, pkgsrc-2006Q1
Add optional Python support. Based on patches supplied by Anders Mundt Due
in PR pkg/32299.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>