Upgrading from 2.5 to 2.6
The following changes require your full attention because a manual intervention may be needed:
The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be.
The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.
If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs.
The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5.
The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb.
The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available.
$HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change.
Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password.
A manual review of authenticated feeds should then be done so as to ensure that they are properly working.
The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field.
The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file.
The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default).
The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters).
The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf.
Changes in 2.6.1
nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.
Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.
The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.
The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.
rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.
Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.
Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time.
Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.
OpenSSL 1.1.0 support has been added to INN.
When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.
When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.
nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.
Update from GNU Libtool 2.4.2 to 2.4.6.
Other minor bug fixes and documentation improvements.
Changes in 2.6.0
The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details.
The Lines: header is no longer generated by nnrpd at injection time.
The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf.
The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header.
A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false.
A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.
Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages.
The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time.
nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd.
The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user).
Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue.
Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed.
DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support.
When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0).
If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure.
Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled.
The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions.
Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0.
The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes.
Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery.
Other minor bug fixes and documentation improvements.
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
Newsbeuter is an open-source RSS/Atom feed reader for text terminals.
It runs on Linux, FreeBSD, Mac OS X and other Unix-like operating systems.
Newsbeuter's great configurability and vast number of features make it a
perfect choice for people that need a slick and fast feed reader that can
be completely controlled via keyboard. It's the Mutt of RSS feed readers.
Originally packaged in pkgsrc-wip by Claudio M. Alessi.
for all pkgsrc dir/file ownership rules. Fixes unprivileged
user/group names from leaking into binary packages, manifest as
non-fatal chown/chgrp failure messages at pkg_add time.
Bump respective packages' PKGREVISION.
Previously there were at least 5 different ways MACHINE_ARCH could be set,
some statically and some at run time, and in many cases these settings
differed, leading to issues at pkg_add time where there was conflict
between the setting encoded into the package and that used by pkg_install.
Instead, move to a single source of truth where the correct value based on
the host and the chosen (or default) ABI is determined in the bootstrap
script. The value can still be overridden in mk.conf if necessary, e.g.
for cross-compiling.
ABI is now set by default and if unset a default is calculated based on
MACHINE_ARCH. This fixes some OS, e.g. Linux, where the wrong default was
previously chosen.
As a result of the refactoring there is no need for LOWER_ARCH, with
references to it replaced by MACHINE_ARCH. SPARC_TARGET_ARCH is also
removed.
Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden). Existing SHA1
digests retained for now as an audit trail.
2015-05-23 iulius
* innxmit: tidy up GetMessageID buffer handling In theory, if you
could get a message with an empty message-id header through
before anything else, it would call memcpy(NULL, p, 0) which
(surprisingly) has undefined behavior. This doesn't seem a very
likely contingency but I tidied up the code to avoid it and
(hopefully) be clearer anyway.
Thanks to Richard Kettlewell for the patch.
* storage/cnfs/cnfs.c: don't read uninitialised cycbuffname
Thanks to Richard Kettlewell for the patch.
2015-05-17 iulius
* Fixed alignment issues when storing values
2015-05-14 iulius
* Add Richard Kettlewell as a contributor
* Correct remap check in tradindexed lookup
The check was off by one; and when it happened, it invalidated
the 'parent' pointer, causing a use-after-munmap (or
use-after-free) condition.
Thanks to Richard Kettlewell for the bug report.
* Correctly flush CNFS buffers when nfswriter is true in inn.conf
* Correct remap check in tradindexed group lookup
Previously the remap check had an off-by-one bug and moreover
would never be done due to the loop condition (making the
off-by-one bug moot).
This one could be a problem in real life; if creating a group
causes innd to expand the index then an already-running nnrpd
will not automatically notice, and so won't be able to find the
group.
Thanks to Richard Kettlewell for the patch.
* nnrpd/commands.c: paranoid checking of AUTHINFO GENERIC reply
Check the number of arguments returned by AUTHINFO GENERIC.
Thanks to Richard Kettlewell for the patch.
* innfeed/connection.c: avoid violating C aliasing rules
The object was written as a 'struct sockaddr' but then read as a
'struct sockaddr_storage', which violates C99 s6.5#7. The fix is
to always access it as a 'struct sockaddr' and use a union to
ensure enough space for any possible address type.
Thanks to Richard Kettlewell for the patch.
* nnrpd/commands.c: correct sense of PERMgeneric reply
The comment has always been wrong, as well as the return value
for ~15 years...
Thanks to Richard Kettlewell for the patch.
* nnrpd/perm.c: don't dereference a null pointer if there are no
access groups
Thanks to Richard Kettlewell for the patch.
* nnrpd/article.c: A wrong variable was used for vhost feature.
Since these are created by the local innd, the error should not
normally occur.
Thanks to Richard Kettlewell for the patch.
* Verify that setuid() and setgid() actually succeed
See: https://lwn.net/Articles/451985/ for a discussion of the
issues in this area.
The checks in newuser.c are probably unnecessary due to the
subsequent tests. rnews.c is straight-up broken though.
Thanks to Richard Kettlewell for the patch.
2015-05-02 iulius
* expire/fastrm.c: Fix a dereferencing issue
* configure.ac: Build fix for current Mac OS X versions
The build was failing with recent versions of Mac OS X:
clang: error: no such file or directory:
'/usr/local/news/lib/libinn.3.dylib' make[1]: *** [libinn.la]
Error 1 make: *** [all-lib] Error 2
The reason is the '-multiply_defined'-part of the command line.
This switch is marked as obsolete in ld(1):
-multiply_defined treatment Previously provided a way to warn or
error if any of the sym- bols used from a dynamic library were
also available in another linked dynamic library. This option is
obsolete.
Thanks to Dennis Preiser for the report.
* innfeed/imap_connection.c: fix support of Cyrus SASL 2.1.25 and
later
Fix how sasl_callback_ft, added with Cyrus SASL 2.1.25, was
handled by innfeed. See revision [9381] for more information.
Thanks to Dennis Preiser for the report.
* innd/art.c: Fix a dereferencing issue when parsing
Injection-Info: header field
Thanks to David Binderman for the patch.
2015-05-01 iulius
* Bump version number in FAQ for new INN 2.5.5 release
Also remove link to Elena Samsonova's web site that appears to be
defunct.
2015-04-23 iulius
* mailpost: add new -t flag to specify the default temporary
directory
Check that the database directory and the temporary directory are
writable when mailpost is run, and otherwise die with an error.
Two paths are now tried by default for the temporary directory:
pathtmp, and then /var/tmp if pathtmp is not writable.
* Fix GCC 5.1.0 warning for incompatible pointer type
Rename the "U" macro used by two tests to "SUC" (casting to
String of Unsigned Chars) because it otherwise conflicts with how
Unicode strings are declared in ISO C11, the new default mode for
the GCC 5 series.
2015-04-20 iulius
* Update TODO with references to existing patches
2015-04-05 iulius
* Mention required TLS ciphers for interoperability
* Update TODO with current state of INN 2.6.0
2015-04-02 iulius
* Update changelog to mention other changes for INN 2.5.5
* Use Sys::Hostname Perl core module instead of calling
/bin/hostname
2015-03-24 iulius
* Add two missing contrib programs in the exceptions of mkmanifest
* Typo in POD formatting
* Update copyright years (add 2015)
* Update config.guess and config.sub to upstream versions from
2015-03-08
* Update control.ctl to upstream version from 2014-06-17
2015-03-21 iulius
* scanlogs: Limit the number of lines to show from error log files
When lots of lines are present in error log files, they appear in
the news.daily verbatim, and the resulting email is so large it
is bouncing.
Restrict the number of lines to 50 (the default value for unknown
lines from news.notice).
Thanks to Jeffrey M. Vinocur for the bug report.
* nnrpd: Count write time stats when using SASL
* Improve the count of sleeping channels
The highest file descriptor of sleeping channels was not always
properly updated. A new CHANresetlastsleeping() function now does
the job when called.
Also prevent innd from crashing if a channel is supposed to sleep
but does not have a Waker set.
Thanks to Petr Novopashenniy for the bug report.
* readers.conf: improve the first example to disambiguate its
effect against loca l connections
2015-03-18 iulius
* pullnews: when giving a port along with a server name, check
there is only one ":"
Otherwise, it is very likely that the given server name is an
IPv6 address, and therefore its end should not be interpreted as
a port.
2015-01-21 iulius
* Fix the unsignedness of TMRgettime when printed
2015-01-10 eagle
* http://www.imc.org/ietf-usefor/ appears to be gone
Replace this link in HACKING with a link to the usefor mailing
list archives and to my Usenet article format pages.
2015-01-10 iulius
* Do not mention that TLS compression will be disabled in the next
INN release
As the CRIME attack is not exploitable in NNTP, disabling TLS
compression by default is pointless. No vulnerability in TLS
compression is currently known as far as NNTP is concerned.
* Add a cast to fix a gcc warning
2015-01-07 iulius
* Regenerate Makefile dependencies with gcc 4.7.2
Also adapt support/makedepend to keep the two leading spaces, as
in previous versions of gcc.
Backport commit [9566].
* Cleanup in include stuff
- Add missing BEGIN_DECLS/END_DECLS, and also use them instead of
their expansion.
- Add missing inclusion of <inn/defines.h>.
2015-01-04 eagle
* Remove dead link to nnrpkrb5auth
2014-12-16 iulius
* nnrp.access2readers.conf: add default username when none is
specified
2014-12-14 iulius
* Add new contrib/nnrp.access2readers.conf.in script
This script converts old-style nnrp.access to readers.conf.
Thanks to Jeffrey M. Vinocur for his contribution.
2014-12-07 iulius
* Update Russ's mail address
* Fix typos
2014-12-01 iulius
* Add support for choosing the elliptic curve to use with TLS
support
The new tlseccurve parameter in inn.conf takes the name of a
curve OpenSSL knows about, to use for ephemeral key exchanges.
Thanks to Christian Mock for the patch.
2014-11-23 iulius
* m4/sendmail.m4: add missing brackets
The configure script was failing when running that part of code.
2014-11-12 iulius
* inn.conf: Improve documentation about tlsprotocols and
tlscompression
2014-11-11 iulius
* Improve tuning of the SSL/TLS configuration
nnrpd's TLS support is basically using OpenSSL's defaults WRT
issues such as protocol support and cipher suites. In these days
of POODLEs and other vulnerabilities, it should be useful to be
able to have better control over what's offered. So this patch
adds a few options to inn.conf:
- tlsprotocols: allows to select the SSL/TLS versions that are
supported
- tlsciphers: allows to give an OpenSSL cipher string to tailor
the cipher suites that are offered to clients
- tlspreferserverciphers: switches on the server-side selection
of the cipher suite (TLS default is "client chooses")
- tlscompression: allows to turn off TLS compression (because of
the CRIME attack) if the OpenSSL version supports this.
Many thanks to Christian Mock for his patch.
2014-11-09 iulius
* Mention PyClean as a Python-based variant of Cleanfeed.
2014-10-28 iulius
* Update default paths for Debian and Fedora
* Fix a dependency in a build rule
2014-10-03 iulius
* innwatch: report an error when the control file is missing
2014-09-24 iulius
* rc.news: no longer explicitly sleep before starting innwatch and
cnfsstat
Instead, make these two scripts sleep by themselves.
Also update documentation: improve the list of actions done by
rc.news, and no longer mentions that innd should be throttled
before being stopped (this is not true - the shutdown process
already does the actions throttling does).
* innwatch: add -i flag to specify how many seconds to sleep at
startup
- Also fix previous commit [9651] that did not totally fix the
issue it was supposed to fix.
- Fix the behaviour of the -f flag (it wasn't doing anything).
- Fix how the -l flag was parsed (a space was required between -l
and its argument, whils it should not have been required).
- Add new POD documentation for innwatch, and update it at the
same time: document new -i flag, and document already existing -f
flag.
* cnfsstat: add -i flag to specify how many seconds to sleep at
startup
Update documentation, and homogenize POD syntax at the same time.
2014-09-24 eagle
* Re-add second $(LIBSTORAGE) when linking backends
Backend commands (such as nntpget) linked with both history and
storage libraries list $(LIBSTORAGE) in the link line twice. This
isn't a mistake; there are some unfortunate circular dependencies
that require listing $(LIBSTORAGE) both before and after
$(LIBINNHIST) in the link line or static linking will fail.
2014-09-22 iulius
* Fix build issues on AIX 7.1
mmap is redefined to mmap64 when large file support is enabled.
2014-09-21 iulius
* Fixed a warning and an unnecessary sys/stropts.h header
* Typos
* Fix build of contrib/respool.c
Remove an unused variable.
Add a link to libhistory.
* Fix build of contrib/reset-cnfs.c
Add correct include header files.
Use the right DO_LARGEFILES variable instead of LARGE_FILES.
Reformat the code (remove tabulations).
Properly exit with the right status code.
* Fix a few warnings, and update svn:ignore for contrib
* Fix build of contrib/expirectl.c
Add correct include header files, and fix a few warnings in
printf() calls.
Add portability code for statfs/statvfs support.
* Add compilation rules for contrib/auth_pass.c and
contrib/expirectl.c
Use the right socklen_t type, and add crypt.h header if
available.
* FAQ: add how to feed articles arrived between two dates to
another server
2014-09-11 iulius
* innupgrade: fix its execution
On a few systems like AIX, innupgrade failed to run during an
upgrade because "perl -T" was not explicitly called. Failure was:
"-T" is on the #! line, it must also be used on the command line
Thanks to The Doctor for his bug report.
2014-09-07 iulius
* Add missing dependency for libtest.o during the build of
nnrpd/auth-ext.t
2014-09-05 iulius
* Fix typos in INN_HAVE_SYS_BITYPES_H and
INN_MACRO_IN6_ARE_ADDR_EQUAL names
2014-08-30 iulius
* libinn documentation: update the name of the fdflag functions
* pullnews: improve logging when an error occurs during GROUP
Also rewrite a ternary condition to improve readability.
Patch from Geraint A. Edwards.
* pullnews: new -a flag (hashfeed ability)
Add a new feature to pullnews: hashfeed to split feeds. It uses
MD5 and is Diablo-compatible.
Thanks to Geraint Edwards for the patch.
* pullnews: new -B flag (header-only feeding)
Add a new feature to pullnews: header-only feeding.
If the article does not already have a Bytes: header field, one
is added. Bodies are kept only for control articles.
Thanks to Geraint Edwards for the patch.
* pullnews: bug fix to rnews when -O; improved rnews reporting
Thanks to Geraint Edwards for the patch.
* pullnews: improve wording
* When pullnews runs for the first time against a newsgroup, say
"never" instead of January, 1st 1970 as the last run date. *
Improve spaces, uppercase characters and singular forms when 1
article is retrieved. * Update the config file even when the
group is empty.
* pullnews: remove headers matching (or not) a given regexp
Enable the -m flag to remove headers matching (or not) a given
regexp.
Thanks to Geraint Edwards for the patch.
2014-08-09 iulius
* innwatch: no longer creates a child process for sleeping
innwatch creates a child process only for sleeping and then waits
on that process. The forked-off process is not killed by 'rc.news
stop' (only its parent is), and will only die after it's done
sleeping. If running under SMF on illumos/Solaris, this causes
the service to likely drop into maintenance state (since not all
processes die within timeout).
Thanks to Lauri Tirkkonen for the patch.
2014-06-04 iulius
* Bump version number to 2.5.5 for STABLE.
pkgsrc changes:
- patches/patch-a[ab] are no longer needed
Changes:
- Added IPv6 support to get_tcp_socket() using a ever-so-slightly-tweaked
patch from Olaf 'Rhialto' Seibert.
- Misc bug fixes and improvements
- Performance optimization, reported by Gary R. Schmidt.
- Fix a file descriptor leak in fetchnews.c's getbody_newno function
- When complaining that we are unable to switch the user ID, report the
current real and effective user IDs to ease debugging.
- Leafnode now enables IPv6 support by default. Use --without-ipv6 to disable.
- Leafnode now supports detecting if a peer is in a local network also
for IPv6 global addresses, providing that the host OS provides getifaddrs().
This comprises Linux, NetBSD, FreeBSD, but not, for instance, Solaris 10.
PR pkg/49126 by Leonardo Taccari.
pkgsrc changes:
o Add more mirrors to MASTER_SITES (from http://www.tin.org/mirrors.html)
Changes:
-- 2.2.1 release 20140504 "" --
004) Dennis Preiser <dennis@d--p.de>
BUG. don't stop utf8 validation on first \n
BUG. possible buffer overrun in build_gline().
BUG. missing check for art->refptr in build_tline().
ADD. handle space-stuffing from RFC 2646 4.4
ADD. tweak URL_REGEX, dont stop befor closing ) if there was an
opening ( in the url.
ADD. allow editing of captured URL befor spwaning viewer
FIX. cook.c, misc.c, page.c, rfc2046.c, select.c, thread.c, rfc2046.h
tin.h
003) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
002) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
001) Urs Janssen <urs@tin.org>
ADD. config.guess, config.sub update
ADD. updated german translation
ADD. no-c-format hint for xgettext
BUG. hypothetic 1 byte buffer overrun in read_newsrc_active_file() with
newsgoup names longer than 511 bytes (RFC 3977 guarantees them to
be 497 bytes max).
BUG. hypothetic out of bounds write in msg_add_header() if more than
MAX_MSG_HEADERS are added automatically
BUG. don't null strings will illegal multibyte sequences, just replace
eveything after the fist illegal sequence with ?
FIX. active.c, config.c, feed.c, lang.c, page.c, post.c, read.c,
rfc2046.c, string.c, config.guess, config.sub, de.po
-- 2.2.0 release 20131224 "Lochindaal" --
U025) Joe Hansen <joedalton2@yahoo.dk>
ADD. updated danish translation
FIX. da.po
U024) Thomas E. Dickey <dickey@invisible-island.net>
ADD. update configure macros
FIX. aclocal.m4, configure.in
U023) Dennis Preiser <dennis@d--p.de>
BUG. do not truncate long subjects in group level if they
fit on the screen
FIX. group.c
U022) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
U021) Urs Janssen <urs@tin.org>
ADD. removed some useless initializations
ADD. config.guess update
BUG. don't give error message for manually aborted saves
BUG. fixed a possible free(NULL) if linked against libgsasl
BUG. forged cancels (-DFORGERY) didn't include all original headers
in the body as it was done before tin 2.0.0
BUG. memleak in pos_group_in_newsrc() when moving a group to new position
FIX. active.c, auth.c, curses.c, feed.c, group.c, inews.c, lang.c, mail.c
main.c, misc.c, newsrc.c, page.c, post.c, prompt.c, save.c, select.c
string.c, thread.c, xref.c, config.guess
U020) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
-- 2.1.5 release 20131126 "Meadowburn" --
U019) Dennis Preiser <dennis@d--p.de>
BUG. possible dereference null return value
BUG. fixed various uncritical resource leeks
BUG. possible wrong position of %U and %f with user defined screen
layout
FIX. select.c, string.c, tin.h
U018) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
U017) Urs Janssen <urs@tin.org>
ADD. updated german translation
ADD. remove FWS from Newsgroups and Followup-To when posting a followup
ADD. allow new gTLDs xn--ngbc5azd, xn--80asehdb, xn--80aswg, xn--unup4y
ADD. allow new IDN ccTLD of Iran
ADD. allow new gTLDs graphics, contractors, gallery, sexy, construction
tattoo, technology, estate, land, bike, ventures, camera, clothing
lighting, singles, voyage, guru, holdings, equipment
ADD. make the filter debug output somewhat more readable
ADD. more verbose "LIST OVERVIEW.FMT" debugging
ADD. updated mbox and mmdf manpage
ADD. set default of disable_gnksa_domain_check to TRUE
ADD. mention mailaddress on the posting summary screen for mailgroups
BUG. in mailgroups the posting summary screen wasn't updated after
editing the article
BUG. fixed various uncritical resource leeks
BUG. fixed various hypothetic buffer overruns
BUG. removed some dead code
BUG. in -n case a valid group could be treated as invalid on RFC 3977
servers
FIX. active.c, art.c, config.c, debug.c, feed.c, filter.c, getline.c
group.c, header.c, help.c, inews.c, init.c, keymap.c, lang.c, lock.c
main.c, memory.c, misc.c, my_tmpfile.c, newsrc.c, nntplib.c, page.c
pgp.c, post.c, read.c, refs.c, rfc1524.c rfc2046.c, rfc2047.c
save.c, search.c, select.c, sigfile.c, version.c, xface.c, xref.c
extern.h, policy.h, proto.h, de.po, mbox.5, mmdf.5
U016) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
-- 2.1.4 release 20131019 "Killarow" --
U015) Dennis Preiser <dennis@d--p.de>
ADD. user defined screen layout at selection, group and thread level
(debian bug #63877)
BUG. the code for genetaring initials (used for quote_chars) was not
multibyte safe
FIX. attrib.c, config.c, group.c, init.c, lang.c, memory.c, misc.c
options_menu.c, page.c, post.c, save.c, screen.c, select.c, string.c
thread.c, tincfg.tbl, extern.h, proto.h, tin.h, tinrc.h, version.h
tin.1, tin.5
U014) Urs Janssen <urs@tin.org>
BUG. off by one error when checking for valid ISO2ASC settings
BUG. current article was not recooked if changing
news_headers_to_display and/or news_headers_to_not_display
in the attributes menu
BUG. used 'K' instead of 'k' as kilo SI suffix when shortening large
numbers
ADD. skip "Can't find base article" message if not running in
DEBUG_FILTER or DEBUG_REFS mode
ADD. allow new IDN ccTLD of Mongolia
ADD. allow gTLD post.
ADD. tweaked manpage
ADD. make traget install_nls_man for translated manpages
ADD. config.guess update
FIX. charset.c, config.c, init.c, options_menu.c, string.c, policy.h
Makefile, Makefile.in, tin.1, tin.5, config.guess
-- 2.1.3 release 20130812 "Scarabus" --
U013) Dennis Preiser <dennis@d--p.de>
BUG. contents of Supersedes header was shown mime decoded in pager
FIX. cook.c
U012) Wei-Lun Chao <chaoweilun@gmail.com>
ADD. updated chinese translation
FIX. zh_TW.po
UO11) Dennis Grevenstein <dennis@pcde.inka.de>
BUG. used strdup() instead of my_strdup() (strdup is not mandatory
in ANSI-C)
FIX. art.c
U010) Joe Hansen <joedalton2@yahoo.dk>
ADD. updated danish translation
FIX. da.po
U009) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
U008) Urs Janssen <urs@tin.org>
BUG. interactive prompting for username/password in batch-mode
BUG. don't generate Cancel-Lock if cancel secret is empty
BUG. used strdup() instead of my_strdup()
ADD. prefer $XDG_RUNTIME_DIR over $HOME for fifos used by xface
ADD. allow new IDN ccTLD of Ukraine
ADD. allow new ccTLD of Sint Maarten
ADD. config.guess, config.sub update
ADD. avoid charset conversion if the local charset is the same as
the network charset
ADD. mention $TIN_NOVFILENAME in man pages
FIX. auth.c, debug.c, lang.c, misc.c, post.c, prompt.c, xface.c, bool.h
extern.h, policy.h, Makefile, config.guess, config.sub, tin.[15]
-- 2.1.2 release 20121224 "Langholm" --
U007) Vincent Lefevre <vincent@vinc17.net>
BUG. doubled % in some description strings where single % are needed
(debian bug #684587)
FIX. lang.c
U006) Urs Janssen <urs@tin.org>
BUG. possible printf with null pointer in check_moderated() when trying
to post an article to a non existent group
ADD. config.guess, config.sub update
ADD. allow new IDN ccTLDs of Oman and Malaysia
BUG. username and password wasn't converted to UTF-8 for SASL AUTH PLAIN
BUG. missing square brackets in gsasl.h check
FIX. auth.c, post.c, policy.h, configure[.in], config.guess, config.sub
U005) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
-- 2.1.1 release 20120623 "Mulindry" --
007) Urs Janssen <urs@tin.org>
ADD. allow new IDN ccTLD of Kazakhstan and new ccTLD of Curacao
FIX. policy.h
006) Wei-Lun Chao <chaoweilun@gmail.com>
ADD. chinese translation
FIX. zh_TW.po
005) Dennis Preiser <dennis@d--p.de>
BUG. in read groups with show_only_unread_arts base article was invalid
but should be displayed after 'M'enu
FIX. group.c, options_menu.c, page.c, post.c, select.c, thread.c, proto.h
U004) Thomas E. Dickey <dickey@invisible-island.net>
ADD. update configure macros
ADD. --enable-heapsort configure switch
ADD. 'M'enu option for sort_function if --enable-heapsort
FIX. art.c, config.c, heapsort.c, init.c, lang.c, options_menu.c
tcurses.c, tincfg.tbl, extern.h, proto.h, tin.h, tinrc.h
configure[.in], autoconf.h[in], aclocal.m4
U003) Urs Janssen <urs@tin.org>
ADD. config.guess, config.sub update
ADD. heapsort.c fallback
ADD. compile heapsort.c and xface.c conditionaly
ADD. configure check for libunistring if libicuuc is not found
ADD. configure check for setvbug
ADD. prefer libicuuc for idna2003 decoding over libidn
ADD. use NFC instead of NFKC as default normalization if possible
ADD. swapped args for append_file() to match order of copy_fp()
BUG. creation of several temporary files could fail if $TMPDIR didn't
end with /
BUG. doubled % in some description strings where single % are needed
BUG. used strftime() instead of my_strftime() in debug.c
BUG. cached overview wasn't converted to undeclared_charset if set for
the group and post_8bit_header was active
FIX. art.c, config.c, debug.c, heapsort.c, inews.c, init.c, lang.c
mail.c, misc.c, nntplib.c, pgp.c, post.c, refs.c, select.c
string.c extern.h, proto.h, tin.h, autoconf.h[in], configure[.in]
config.guess, config.sub, Makefile, tin.1, tin.5, *.po
-- 2.1.0 release 20111224 "Bridgend" --
004) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
003) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
U002) Dennis Preiser <dennis@d--p.de>
ADD. support for article numbers > 2^31 (--enable-long-article-numbers)
ADD. reduce memory usage if getart_limit is set
ADD. store superseds in posted_articles_file
FIX. active.c, art.c, debug.c, group.c, lang.c, mail.c, memory.c
newsrc.c, page.c, post.c, rfc2046.c, save.c, screen.c, select.c
string.c, thread.c, xref.c, extern.h, proto.h, tin.h, autoconf.h[in]
configure[.in]
002) Dennis Preiser <dennis@d--p.de>
BUG. buggy error-message for attributes with no scope
BUG. abbreviated group names might get unnecessary cut off
BUG. OPT_MONO_* options were shown in menu when use_color is enabled
BUG. in some cases huge article numbers might get corrupted due to
the use of atoi()
BUG. possible uninitialized ext_color member in cchar_t (new in ncurses6)
FIX. art.c, attrib.c, lang.c, options_menu.c, select.c, tcurses.c
extern.h, tincfg.tbl
U001) Urs Janssen <urs@tin.org>
ADD. some more debugging output
ADD. timestamps to debugging output
ADD. configure check for libidnkit (IDNA 2008)
ADD. configure check for clock_gettime(2)
ADD. updated german translation, switch to UTF-8 encoding
ADD. configure check for inet_ntoa in libnsl
ADD. configure check for idna_strerro in libidn
ADD. use range in LISTGROUP if getart_limit is set
FIX. active.c, art.c, debug.c, filter.c, group.c, lang.c, mail.c, misc.c
nntplib.c, screen.c, signal.c, xref.c, proto.h, tin.h, tin.1, tin.5
Makefile[.in], configure[.in] autoconf.h[in], aclocal.m4, de.po
001) Urs Janssen <urs@tin.org>
ADD. config.guess, config.sub update
BUG. crash when entering scope menu without active group
FIX. select.c, config.guess, config.sub
Based on PR pkg/49129 by Leonardo Taccari.
Changes since 1.0.0
1. An issue with the wrap_width variable was fixed.
Changes since 0.9.9p1
1. src/charset.c: Avoid using CODESET if it is not defined.
2. doc/slrn.1: Remove blank line at top of file. (Ignatios Souvatzis)
3. src/Makefile.in: /bin/sh on solaris does not like empty lists in a
for loop causing make install to fail. Workaround added
(Petr Sumbera).
4. src/mime.c: rewrote much of the email address encoding/decoding so
that only comment fields in email addresses are encoded/decoded.
slrn is also smarted in encoding/decoding other headers (based on
patch from Robert Grimm).
5. autoconf/Makefile.in: Added dependencies such that if the
Makefile.in and config.in files have been modified, the user is
told to re-run the configure script.
6. Updated the copyright years to 2009.
7. src/mime.c: Omit the mime headers if the content is pure 7bit.
Also, if mime-headers already exist, do not add append additional
ones.
8. configure: Added the configuration option --with-non-gnu-iconv that
can be used to indicate that local version of iconv is not
compatible with GNU iconv (Piotr 'aniou' Meyer).
9. src/charset.c: Upon failure, slrn_test_convert_lines will return the line
that caused it to fail.
10. src/charset.c: If the --debug option is given, slrn will write the
strings that iconv failed to convert to the log file.
11. src/post.c: Skip long line checks between verbatim marks. (Robert
Grimm).
12. src/nntplib.h: Removed duplicate declarations of nntp_server_cmd
and nntp_server_vcmd. (Li Hong).
13. src/decode.c: If an output file already exists, create a new one
by appending an integer to the name.
14. src/slrn.c: work around a SLang_getkey bug that arises when the
underlying read system call is interrupted, and the interrupt hook
creates a different read descriptor.
15. src/misc.c: All error messages (including slang tracebacks) are
logged to the --debug output file.
16. src/art.c,etc: If an article has invalid headers, clear the error
but give the article an initial score of -1000. This number may
be customized using the "invalid_header_score" variable.
17. src/mime.c: In slrn_mime_process_article, decode headers even if
Content-Type is not understood and metamail is needed.
18. src/art.c: Avoid a buffer overflow when reconstructing huge
threads. Thanks to Robert Grimm for finding the problem.
19. src/version.c: %d format was used to print a long integer.
20. src/nntplib.c: slrn user "narke" discovered that his server will
disconnect if an attempt is made to post an empty body. slrn does
this after authenticating with the server to verify that posting
is possible. As a work-around, the response comment from the
AUTHINFO command is parsed.
21. src/sltcp.c: Add support for gnutls logging functions.
22. src/chkslang.c: Fixed a sscanf format issue involving long long
integers.
23. src/sltcp.c: Change 21 needed #ifdef SLTCP_HAS_GNUTLS_SUPPORT.
24. src/nntplib.c: A comparison in #20 should have used != instead of
==.
25. doc/slrn.rc: "utf8" changed to "utf-8" (Thomas Wiegner).
26. src/art_misc.c: Increased the search range for a pgp signature.
27. src/misc.c: The rline_update callback function was not handling
the case where no prompt (prompt==NULL) was associated with the
readline object. (M. G. Berberich)
28. src/vfile.c: Add explicit void* to char* cast for better C++
compliance.
29. doc/tm/: Updated the Makefile and rebuilt the docs
30. src/interp.c, art.c: Added support for an optional argument to the
replace_article function that dictates if the article should be
mime processed.
31. src/*: Updated copyright year and trimmed extra whitespace.
32. macros/mime.sl: Added initial support for multipart mime messages.
See macros/mime.sl for additional information.
33. macros/mime.sl;src/*.c: More support for processing multipart mime
messages, including the ability to save/view the various parts of
a message.
34. src/misc.c:generic_read_input: If point is negative, regard it as
an offset from the end of the string. Changes were also made to
the callers of this function accordingly.
35. macros/mailcap.sl: If an executable does not exist on the search
path, skip the mailcap entry.
36. src/interp.c: Added "replace_cooked_article", which is like
to "replace_article", but does not affect the raw lines. mime.sl
was updated to use this.
37. macros/mime.sl: Added an option to the browse menu that permits
the full raw article to be viewed.
38. macros/mime.sl: Added a more informative message when a mime
article is encountered.
39. src/mime.c: A couple of strncmp calls used the wrong length (Patched
by Thomas Wiegner).
40. macros/mime.sl: The boundary subkeyword was not being detected in a
case-insensitive way. Also the wrong filename was mentioned in
the usage comments. (Christian Ebert)
41. macros/mime.sl: Add an option to view all parts of a mime
multipart message.
42. Added a top-level win32 directory containing scripts for building
slrn using MinGW on a Windows system. See doc/INSTALL.w32 for
details.
43. src/*.c: Various win32-specific tweaks to avoid some warnings
generated by MinGW's gcc.
44. win32/msinstall.sl: Use $prefix/share/man instead of $prefix/man
for the directory where man pages are installed.
45. doc/THANKS updated.
46. updated autoconf/config.guess and autoconf/config.sub
47. doc/THANKS rearranged.
48. src/art_misc.c: New config variable: "wrap_width", which sets the
width that will trigger wrapping.
49. doc/: Updated txt docs from slrn doc project's svn repos.
50. Version 1.0 released [Dec 21, 2012].
Changes in 2.5.4
* An up-to-date control.ctl file is provided with this release. You
should manually update your control.ctl file with the new information
recorded about Usenet hierarchies.
* A test has been improved in innwatch.ctl so that innwatch no longer
throttles innd when no overview directory exists. You should manually
update your innwatch.ctl file to get this improvement.
* Fixed a long-standing limitation on how controlchan and pgpverify were
checking the signer of control messages. They now properly handle the
case of several UIDs being defined on a single PGP key, as well as the
presence of spaces into UIDs. In previous versions of INN, a few
valid control messages got ignored because of that limitation
(fido.ger.* and grisbi.* were for instance impacted).
* As the name of the radius.conf configuration file shipped with INN for
the nnrpd authenticator against a RADIUS server conflicts with the
libradius package, this file is renamed to inn-radius.conf (innupgrade
takes care of the rename during the update).
* The attributes hash is now accessible to nnrpd Perl posting filter.
As a result, filter_nnrpd.pl can make use of it. Only authentication
and access Perl hooks could previously use the attributes hash.
Thanks to Steve Crook for this addition.
* INN now properly builds fine with flex 2.5.36 (this version introduced
a change of type for a variable used by INN).
* When using funnel feeds, innfeed log files were open forever, which
resulted in empty log files, once rotated by scanlogs. innfeed now
reopens its log files upon receiving a HUP signal; this signal is in
particular sent by scanlogs during log rotation. Thanks to Florian
Schlichting for the patch.
* Exploder and process channels are now reopened when "ctlinnd
flushlogs" is used. Otherwise, they could hold open an already
deleted errlog file. The issue affected in particular controlchan or
ninpaths, running as such channels.
* Fixed a buffer overflow when using imapfeed with more than a million
commands during the same IMAP session. Thanks to David Binderman for
the bug report.
* Fixed a segfault occurring in innd on systems where time_t is a 64-bit
integer. Thanks to S.P. Zeidler for the patch.
* Fixed a segfault occurring in nnrpd when a res block was used in
readers.conf without the program: key.
* Fixed an issue where users were denied posting because of an
overlapping buffer copy in a check nnrpd was doing. Thanks to Florian
Schlichting for the patch.
* Fixed a regression that occurred in INN 2.5.3 regarding the path used
by default by pullnews for its configuration file. Instead of looking
in the running user's home directory, it was looking in the *pathnews*
directory set in inn.conf. Thanks to Tony Evans for the bug report.
* When neither wget nor ncftpget nor ncftp was found at configure time,
the path to the simpleftp substitution program shipped with INN was
not properly set in innshellvars, innshellvars.pl, and the
"INN::Config" Perl module. Thanks to Christian Garbs for the bug
report.
* ckpasswd no longer tries to use the ndbm compatibility layer provided
by Berkeley DB if Berkeley DB has been built without ndbm support.
Also add support for gdbm libraries in ckpasswd.
* Fixed a Perl warning in inncheck; using "defined(@array)" has been
deprecated since Perl 5.16.
* Fixed the occurrence of an unexpected "cant select" error generated by
innd. Thanks to Paul Tomblin for having caught that long-standing
issue.
* When building INN with Berkeley DB support, no longer add -L/usr/lib
to the linker include flags; unconditionally adding it may break the
build on systems using lib32 and lib64 directories.
* On a fresh INN install, motd.innd and motd.nnrpd are no longer
installed by default. Instead, samples for these files are provided
in *pathetc*, named differently so that their default contents are not
displayed to news clients before they get customised.
* Other minor bug fixes and documentation improvements (like the
addition in the readers.conf man page of the log: and program:
parameters in res blocks, and the include directive).
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Revert it. Bump PKGREVISION.
Module Name: pkgsrc
Committed By: joerg
Date: Sun Jun 16 20:44:24 UTC 2013
Modified Files:
pkgsrc/news/pan: Makefile distinfo
Added Files:
pkgsrc/news/pan/patches: patch-pan_data-impl_article-filter.cc
patch-pan_data-impl_groups.cc patch-pan_data-impl_rules-filter.cc
patch-pan_general_log.cc patch-pan_general_log.h
patch-pan_general_macros.h patch-pan_gui_header-pane.cc
patch-pan_gui_log-ui.cc patch-pan_usenet-utils_filter-info.cc
patch-pan_usenet-utils_filter-info.h
patch-pan_usenet-utils_rules-info.cc
patch-pan_usenet-utils_rules-info.h
patch-pan_usenet-utils_scorefile.cc
Log Message:
ISO C++ is explicit that deque requires a fully defined type, so it is
not portable to embeded a deque in the same type.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
While we are touching it, fix PR/45986 with the patch supplied therein
(thanks)
Changes from 2.5.2 to 2.5.3:
* When HDR/XHDR/XPAT were used on a new article coming into a newsgroup,
requesting a header not present in the overview database, the first
subsequent OVER/XOVER command did not show that article. A remap of
the overview data file was missing in nnrpd. Thanks to Sam
Varshavchik for the bug report.
* When a header field appeared more than once in an article, it was
missing from the overview data. OVER/XOVER, as well as HDR/XHDR/XPAT
using the overview, were therefore returning an empty field. The
content of the first occurrence is now returned, in accordance with
RFC 3977.
Perl and Python filters for innd now also properly initialize their
header variables with the first occurrence of header fields. (It is
still the last occurrence for the Perl filter for nnrpd.)
* Fixed a possible plaintext command injection during the negotiation of
a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the
STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer
upon a successful negotiation of a TLS layer. It prevents malicious
commands, sent unencrypted, from being executed in the new encrypted
state of the session.
* Fixed a regression that occurred in INN 2.5.0 when leading whitespace
characters have been made significant in header field bodies. It
could lead INN to drop articles and throttle itself when running as a
slave because Xref: header fields generated by other news servers, or
even INN 2.4.6, could contain (valid) leading whitespace. Thanks to
Matija Nalis for having caught this bug.
* Fixed an invalid 431 response to CHECK commands when innd is paused:
the message-ID of the article to defer was missing. Also fixed
another issue in the messages innd replied; when an error occurred
during a write on a channel, a trailing extra junk byte was added to
the reply. Thanks to River Tarnell for these bug reports.
* It is now possible to properly generate daily statistics with
sendinpaths thanks to the new -k and -r flags that permit to control
the interval of days for processing dump files. The new -c flag
permits to send a copy of the generated e-mail to the newsmaster.
Also fixed an issue with statistics that could be missing or
duplicated for a couple of days when monthly sent.
The documentation has been updated and mentions a preferred daily run
of sendinpaths. This script is a complete rewrite in Perl, and is
based on Mohan Kokal's initial work.
* cnfsheadconf now properly recognizes continuation lines in
cycbuff.conf, that is to say lines ending with a backslash ("\").
Thanks to John F. Morse for the bug report.
* The order of CNFS buffers in a metacycbuff is now properly read and
written by cnfsheadconf. There previously was a confusion between
hexadecimal and decimal values. Thanks again to John F. Morse.
* When the -l flag is given to cnfsstat, the cycbuff.conf and
storage.conf files are now reloaded if they have been modified since
the previous output of cnfsstat.
* A single header field line is limited to 998 bytes, per RFC 5536.
innd was previously accepting, and also generating Xref: header field
lines, up to 1022 bytes. Now, nnrpd (acting as an injecting agent)
rejects articles which contain header field lines whose length exceeds
998 bytes. And innd (acting as a relaying or serving agent) no longer
checks that.
* nnrpd advertises the COUNTS, DISTRIBUTIONS, MODERATORS, MOTD and
SUBSCRIPTIONS variants of the LIST command in response to
CAPABILITIES. These commands already existed in nnrpd but RFC 6048
had not yet been published.
* Add support for LIST MOTD in innd. Consequently, the motd.news
configuration file which was previously used only by nnrpd is renamed
to motd.nnrpd (innupgrade takes care of the rename). innd uses the
new motd.innd file in *pathetc* for its message of the day.
* Fixed an issue at configure time that made INN wrongly assume that
OpenBSD (4.6) didn't support Unix-domain sockets. Thanks to Wim Lewis
for the patch.
* Fixed an issue on systems which do not have a working flock(2)
function (Solaris, for instance). mailpost and pullnews are reported
not to be usable on such systems. Many thanks to Dennis Davis for the
bug report.
A wrapper around shlock is now called in Perl scripts. The
INN::Utils::Shlock module has been added for that use.
* Fixed an issue in the Python access hook for nnrpd: it has not been
working since Python 2.5 on 64-bit platforms, owing to a change to
Python's C API, using a new Py_ssize_t type definition instead of int.
Thanks to Raphael Barrois for the patch.
* Improve the stability of the Perl filters for innd and nnrpd: properly
save and restore the stack pointer when needed.
* The Injection-Date: header, when present, is now used by innd and
makehistory to determine the posting date of an article. Otherwise,
the Date: header is used.
* controlchan now imposes a date cutoff on processing control articles.
The *artcutoff* parameter set in inn.conf is used. Otherwise, without
that cutoff, old control articles could be maliciously reinjected into
Usenet, and replayed. (An unsigned Injection-Date: header field could
be added to an article that only had a Date: header field.) A new -c
flag has been added to controlchan to disable the cutoff check, if
needed (usually when manually invoking the program).
* nnrpd no longer adds or updates the Path: header field when an article
is forwarded to a moderator. It could otherwise lead to rejects at
injection time when the article was approved by the moderator.
* The X-Trace: header field was not properly generated when an article
was locally posted. The field mentioning the IP address was skipped,
resulting in a wrong syntax for this header. The local "127.0.0.1" IP
address is now used. Besides, "localhost" is now mentioned instead of
an obscure "stdin" in injection header fields.
* Fixed a bug in the frequency innfeed logs its status: too many
useless lines were written to news.notice. Thanks to Florian
Schlichting for the fix.
* When unset in innfeed.conf, the *dynamic-method* parameter now
properly defaults to 3 (instead of 0) and *use-mmap* to false (instead
of true). These two values were already the recommended ones in the
documentation and the sample file. Note that *use-mmap* is only used
when innfeed is given file names to send instead of storage API
tokens, which is a fairly rare use case.
* innfeed no longer generates an error message (logged in news.err) when
a parameter is not defined in innfeed.conf. All the parameters have a
default value, so there is no need to warn the user if they are not
present in innfeed.conf. Thanks to Dieter Stussy for having reported
this problem.
* Implement an upper limit to the number of file descriptors innd can
handle. At most (FD_SETSIZE-1) file descriptors can be used. This
upper limit now overrides any superior number set with *rlimitnofile*
in inn.conf. Thanks to Steve Crook for the bug report.
* A default timeout on outgoing sockets (using NNTPconnect) has been
added by Florian Schlichting. For a long time, there have been
occasional problems with actsync (and probably other programs) that
would hang until manually killed or restarted.
* The flag -S has been added to innd by Florian Schlichting. When used,
innd reports the errors found in incoming.conf and exits.
* pullnews no longer stops processing newsgroups when an error occur
during its run (for instance when a newsgroup mentioned in the
configuration file is removed from an upstream server). Besides, it
can now use authentication when posting to the downstream server.
A few other minor bugs have been fixed as for the way pullnews counts
the articles.
* Fixed the way innreport handles leap years. It now properly generates
HTML reports; dates were assumed to be relative to the current year,
which may break their computation during for instance the whole 2012
leap year. Please note that no HTML reports have been lost, and that
they will appear when INN is updated to this new version.
* A new parameter has been added to inn.conf to determine whether the
status file that innd can write out (depending on the value of the
*status* parameter) is plain text or wrapped in HTML. It previously
only was a compile-time option, set to true by default. Florian
Schlichting added the *htmlstatus* parameter to provide a configurable
behaviour.
* It is now possible to run a script at the end of the execution of
innshellvars scripts. If a file named innshellvars.local,
innshellvars.pl.local or innshellvars.tcl.local is present and
executable in *pathetc*, then it will be executed by the corresponding
innshellvars script (respectively shell, INN::Config Perl module, and
Tcl). A typical use is to add or override variables.
* Add support for wire-formatted articles in scanspool.
* A lot of work on cleaning old perl4-style code has been done by
Florian Schlichting.
* inncheck now generates a proper non-zero exit value when errors are
found, and allows quiet mode with the -q flag. Florian Schlichting
has greatly improved this script in many regards, especially with a
config-syntax parser for incoming.conf, innfeed.conf, readers.conf and
storage.conf.
* inncheck now properly finds the boundaries of substituted variables in
newsfeeds thanks to Alexander Bartolich.
* docheckgroups no longer uses awk. On a few systems, the script was
failing because of the presence of an old version of awk that has a
limit in the size of the input it can handle. Processing large
newsgroups files was consequently impossible. docheckgroups now uses
Perl instead of awk, which solves the issue reported by John F. Morse.
* Other minor bug fixes and documentation improvements. In particular,
the *debug-shrinking*, *fast-exit* and *initial-sleep* keys in
innfeed.conf are now documented. The function "filter_end()", called
when Perl filtering is turned off, is also documented for the innd and
nnrpd Perl filters.
There have been several packages with patches that directly change an
iconv function without the use of a __NetBSD__ macro. This is a NetBSD-
specific modification and changing iconv to match the NetBSD prototype
breaks the package on other platforms.
0.138 "Der Geraet"
* Hotkey for showing/hiding signatures in the article body. (Heinrich Müller,
#350496)
* Keep position on selected item on re-order. (Heinrich Müller, #443702)
* Remember last read post. (Heinrich Müller, #448416)
* Open url in browser. (Heinrich Müller, #464335)
* Signature printed double when line needs to be wrapped. (Heinrich Müller,
#533178)
* Tasks marked "Stopped" should also remain stopped when pan restarted.
(Heinrich Müller, #543319)
* "Save at" options other then %g and %G. (Heinrich Müller, #550007)
* Filter Cross-posters. (Heinrich Müller, #587585)
* 136 using secure ssl and get continuous popups for certs but no connection.
(Heinrich Müller, #673927)
* PO message very difficult to translate. (Heinrich Müller, #675953)
* Pan crashes while fetching new headers. (Heinrich Müller, #677741)
* Updated translations: Spanish (Daniel Mustieles), French (Bruno Brouard),
Czech (Petr Kovar), Slovenian (Martin Srebotnjak, Andrej Žnidaršič, Matej
Urbančič).
0.137 "The Mattel and Mars Bar Quick Energy Chocobot Hour"
* Bugfix release for errors regarding segfaults etc. with thread handling.
* Colorize group names. (Heinrich Müller)
* Fix three-horizontal-pane layout between sessions. (Heinrich Müller)
* Stop tasks when there is no space left on device. (Heinrich Müller)
* Honour default attachments folder setting if group folder is not set. (Heinrich Müller)
* libXp was used by Xaw8, but it had been obsolated, and in pkgsrc,
x11/libXaw/buildlink3.mk had been switched to pick up Xaw7 by default.
* With x11/xorg-cf-files, libXp was offered with XawClientLibs,
but updated to 1.0.4, it was removed.
* And pkgsrc had been switched to use always xorg-cf-files and imake from pkgsrc,
so all platforms should not require libXp from libXaw with Imake.
Bump PKGREVISION.
This release introduces a plethora of bugfixes and improvements, everybody
using older versions of Pan is encouraged to upgrade. This version supports
binary uploading, TLS (SSL) connections, PGP handling and other nice
features.
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
This is only required for gcc 4.4 (I think) and up where otherwise cpp
doesn't preserve whitespace, but it should be harmless for all gcc
versions ranging back to the prehistorical.
Fixes problems caused by running cpp on makefiles.
(while here, clean up and fix dependencies)
== LottaNZB 0.4.1 - January 27, 2009 ==
* For those who initially used the Ubuntu package of LottaNZB 0.3, this
release fixes a severe problem with the automatic extraction of downloaded
archives. LottaNZB now always uses 'unrar' instead of 'unrar-free' because
unfortunately, the free alternative isn't capable of extracting a majority
of downloads. We recommend you to reenable the automatic extraction in the
preferences window.
* Hebrew, Indonesian, Italian, Norwegian Bokmal and Spanish translation
updated.
* Turkish translation added.
* Bug fixed that prevented LottaNZB from working properly on machines with
Turkish locale. (LP: #318328)
* Remove unwanted leading and trailing whitespaces from category and
download directory names for downloads that were added to the download
queue using an older version of LottaNZB (thanks to Mikal Krogstad for
reporting this).
* A bunch of Debian/Ubuntu package improvements, which were necessary to
make LottaNZB ready for the Debian and Ubuntu package repositories:
E. g. a new man page and an application menu entry on Debian.
* LICENSE=modified-bsd.
* no need to buildlink with obsolated py-xml, add py-expat to DEPENDS instead.
* distutils pkg, so switch to use python/distutils.mk.
Bump PKGREVISION.
-- 2.0.1 release 20111224 "Achenvoir" --
004) Matt Anton <tin@syrius.org>
ADD. updated french translation
FIX. fr.po
003) Toomas Soome <Toomas.Soome@microlink.ee>
ADD. updated estonian translation
FIX. et.po
002) Dennis Preiser <dennis@d--p.de>
BUG. buggy error-message for attributes with no scope
BUG. abbreviated group names might get unnecessary cut off
BUG. OPT_MONO_* options were shown in menu when use_color is enabled
BUG. in some cases huge article numbers might get corrupted due to
the use of atoi()
BUG. possible uninitialized ext_color member in cchar_t (new in ncurses6)
FIX. art.c, attrib.c, lang.c, options_menu.c, select.c, tcurses.c
extern.h, tincfg.tbl
001) Urs Janssen <urs@tin.org>
ADD. config.guess, config.sub update
BUG. crash when entering scope menu without active group
FIX. select.c, config.guess, config.sub