Commit graph

190 commits

Author SHA1 Message Date
nia
c685c98d3e news: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
2021-10-26 11:09:34 +00:00
wiz
b5d6d92ccd *: recursive bump for heimdal 7.7.0
its buildlink3.mk now includes openssl's buildlink3.mk
2021-10-21 07:46:31 +00:00
nia
5f4bacacb8 news: Remove SHA1 hashes for distfiles 2021-10-07 14:44:57 +00:00
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
spz
14f2af1c12 update news/inn to version 2.6.3
Changes in 2.6.3

    * Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
      later; NIST P-256 was enforced instead of using the most secure curve.

    * A new inn.conf parameter has been added to fine-tune the cipher suites
      to use with TLS 1.3:  the *tlsciphers13* now permits configuring them.
      A separate cipher suite configuration parameter is needed for TLS 1.3
      because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
      vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
      suite configuration configured in the *tlsciphers* parameter would
      inadvertently disable all TLS 1.3 cipher suites, the inn.conf
      configuration has been separated out.

    * Fixed a regression since INN 2.6.1 that prevented articles with
      internationalized header fields (that is to say encoded in UTF-8) from
      being posted.

    * Support for Python 3 has been added to INN.  Embedded Python filtering
      and authentication hooks for innd and nnrpd can now use version 3.3.0
      or later of the Python interpreter.  In the 2.x series, version 2.3.0
      or later is still supported.

      When configuring INN with the --with-python flag, the "PYTHON"
      environment variable, when set, is used to select the interpreter to
      embed.  Otherwise, it is searched in standard paths.

      In case you change the Python interpreter to embed, make sure that the
      Python scripts you use are written in the expected syntax for that
      version of the Python interpreter.  Notably, buffer objects have been
      replaced with memoryview objects in Python 3, and UTF-8 encoding now
      really matters for string literals (Python 3 uses bytes and Unicode
      objects).

      INN documentation and samples of Python hooks have been updated to
      provide more examples.

    * When a Python or Perl filter hook rejects an article, innd now
      mentions the reason in response to CHECK and TAKETHIS commands.
      Previously, the reason was given only for the IHAVE command.

    * nnrpd now properly logs the hostname of clients whose connection
      failed owing to an issue during the negotiation of a TLS session or
      high load average.

Changes in 2.6.2

    * A new *syntaxchecks* parameter has been added in inn.conf.  It permits
      controlling the level of checks performed by innd and nnrpd.  Up to
      now, only one check can be enabled/disabled:  when *laxmid* is
      mentioned in the values of this new parameter, INN accepts Message-IDs
      that contain ".." in the left part, as well as Message-IDs with two
      "@" (such Message-IDs would otherwise be considered as syntactically
      invalid).  See the inn.conf(5) man page for more details.

      The check is disabled by default (*no-laxmid*), which corresponds to
      the legacy behaviour of INN 2.6.1 and earlier.

    * Use of the ovdb_server helper server is now the default when using the
      ovdb overview method, that is to say the default value for the
      *readserver* parameter in ovdb.conf is now set to true.  It improves
      stability and avoids deadlocks, timing issues and corrupted ovdb
      databases.

    * mailpost now removes empty header fields before attempting to post
      articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
      generated header field body.  Also, mailpost now sanitizes header
      fields with regards to empty continuation header lines.  Thanks to
      Kamil Jonca for these bug reports.

    * A new -z parameter has been added to mailpost to mention a list of
      header fields to remove from the gated message.  Thanks to Dieter
      Stussy for the patch.

    * Fixed a bug in inews that was rejecting articles containing header
      fields whose length exceeded 998 bytes.  This limitation is for the
      length of a single line of a header field (and not for the length of
      the whole header field, as it was wrongly the case).

    * Added support for GnuPG's gpg binary (in addition to gpgv) in
      pgpverify.  Indeed, gpg still validates signatures made with weak
      digest algorithms like MD5 whereas gpgv no longer do.  Thanks to
      Thomas Hochstein for the patch, which permits validating control
      articles for hierarchies that are still using old PGP keys.

    * Added similar support for GnuPG's gpg binary in perl-nocem to validate
      NoCeM notices from issuers who are still using old PGP keys.

    * A few commands listed in the "Control commands to INND" section in
      daily Usenet reports were appearing as a mere letter; all of them are
      now properly converted to meaningful words.

    * The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
      value (for OpenSSL versions implementing TLS 1.3, that is to say
      starting from OpenSSL 1.1.1).

    * The buffindexed overview method will now hopefully work properly on
      systems with a native page size larger than 16KB.

    * Other minor bug fixes and documentation improvements.
2021-01-02 14:18:22 +00:00
nia
f6dd9d2f87 Revbump packages with a runtime Python dep but no version prefix.
For the Python 3.8 default switch.
2020-12-04 20:44:57 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
rillig
a723d0dadc news/inn: remove unknown configure option 2020-05-31 15:08:27 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
rillig
f280ea8d4c news: align variable assignments
pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
2019-11-04 19:17:10 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
ryoon
543e538acd Recursive revbump from lang/perl5 5.26.0 2017-06-05 14:24:20 +00:00
spz
d226bed1d1 2.4.6 and NetrBSD-5 are ancient history by now (hopefully) 2017-05-20 06:56:29 +00:00
spz
8ca27218f0 update to 2.6.1. Excerpt from NEWS:
Upgrading from 2.5 to 2.6

The following changes require your full attention because a manual intervention may be needed:

    The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be.

    The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.

    If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs.

    The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5.

    The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb.

    The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available.

    $HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change.

    Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password.

    A manual review of authenticated feeds should then be done so as to ensure that they are properly working.

    The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field.

    The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file.

    The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default).

    The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters).

    The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf.

Changes in 2.6.1

    nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.

    Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.

    The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.

    The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.

    rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.

    Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.

    Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time.

    Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.

    OpenSSL 1.1.0 support has been added to INN.

    When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.

    When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.

    nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.

    Update from GNU Libtool 2.4.2 to 2.4.6.

    Other minor bug fixes and documentation improvements.
Changes in 2.6.0

    The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details.

    The Lines: header is no longer generated by nnrpd at injection time.

    The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf.

    The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header.

    A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false.

    A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.

    Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages.

    The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time.

    nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd.

    The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user).

    Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue.

    Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed.

    DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support.

    When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0).

    If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure.

    Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled.

    The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions.

    Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0.

    The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes.

    Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery.

    Other minor bug fixes and documentation improvements.
2017-05-20 06:53:05 +00:00
agc
30b55df38e Convert all occurrences (353 by my count) of
MASTER_SITES= 	site1 \
			site2

style continuation lines to be simple repeated

	MASTER_SITES+= site1
	MASTER_SITES+= site2

lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
2017-01-19 18:52:01 +00:00
wiz
86a78fce2e Bump PKGREVISION for perl-5.24. 2016-06-08 19:22:13 +00:00
joerg
aea50c92b8 Adjust checks for _USE_DESTDIR != no or incorrect references to
USE_DESTDIR.
2016-04-10 16:39:27 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
62c69b2a28 Add SHA512 digests for distfiles for news category
Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden).  Existing SHA1
digests retained for now as an audit trail.
2015-11-02 23:49:46 +00:00
wiz
569b9b4c01 Update to 2.5.5, from Benedek Gergely on pkgsrc-users.
2015-05-23  iulius

	* innxmit: tidy up GetMessageID buffer handling In theory, if you
	  could get a message with an empty message-id header through
	  before anything else, it would call memcpy(NULL, p, 0) which
	  (surprisingly) has undefined behavior. This doesn't seem a very
	  likely contingency but I tidied up the code to avoid it and
	  (hopefully) be clearer anyway.

	  Thanks to Richard Kettlewell for the patch.

	* storage/cnfs/cnfs.c: don't read uninitialised cycbuffname

	  Thanks to Richard Kettlewell for the patch.

2015-05-17  iulius

	* Fixed alignment issues when storing values

2015-05-14  iulius

	* Add Richard Kettlewell as a contributor

	* Correct remap check in tradindexed lookup

	  The check was off by one; and when it happened, it invalidated
	  the 'parent' pointer, causing a use-after-munmap (or
	  use-after-free) condition.

	  Thanks to Richard Kettlewell for the bug report.

	* Correctly flush CNFS buffers when nfswriter is true in inn.conf

	* Correct remap check in tradindexed group lookup

	  Previously the remap check had an off-by-one bug and moreover
	  would never be done due to the loop condition (making the
	  off-by-one bug moot).

	  This one could be a problem in real life; if creating a group
	  causes innd to expand the index then an already-running nnrpd
	  will not automatically notice, and so won't be able to find the
	  group.

	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/commands.c: paranoid checking of AUTHINFO GENERIC reply

	  Check the number of arguments returned by AUTHINFO GENERIC.

	  Thanks to Richard Kettlewell for the patch.

	* innfeed/connection.c: avoid violating C aliasing rules

	  The object was written as a 'struct sockaddr' but then read as a
	  'struct sockaddr_storage', which violates C99 s6.5#7. The fix is
	  to always access it as a 'struct sockaddr' and use a union to
	  ensure enough space for any possible address type.

	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/commands.c: correct sense of PERMgeneric reply

	  The comment has always been wrong, as well as the return value
	  for ~15 years...

	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/perm.c: don't dereference a null pointer if there are no
	  access groups

	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/article.c: A wrong variable was used for vhost feature.

	  Since these are created by the local innd, the error should not
	  normally occur.

	  Thanks to Richard Kettlewell for the patch.

	* Verify that setuid() and setgid() actually succeed

	  See: https://lwn.net/Articles/451985/ for a discussion of the
	  issues in this area.

	  The checks in newuser.c are probably unnecessary due to the
	  subsequent tests. rnews.c is straight-up broken though.

	  Thanks to Richard Kettlewell for the patch.

2015-05-02  iulius

	* expire/fastrm.c: Fix a dereferencing issue

	* configure.ac: Build fix for current Mac OS X versions

	  The build was failing with recent versions of Mac OS X:

	  clang: error: no such file or directory:
	  '/usr/local/news/lib/libinn.3.dylib' make[1]: *** [libinn.la]
	  Error 1 make: *** [all-lib] Error 2

	  The reason is the '-multiply_defined'-part of the command line.
	  This switch is marked as obsolete in ld(1):

	  -multiply_defined treatment Previously provided a way to warn or
	  error if any of the sym- bols used from a dynamic library were
	  also available in another linked dynamic library. This option is
	  obsolete.

	  Thanks to Dennis Preiser for the report.

	* innfeed/imap_connection.c: fix support of Cyrus SASL 2.1.25 and
	  later

	  Fix how sasl_callback_ft, added with Cyrus SASL 2.1.25, was
	  handled by innfeed. See revision [9381] for more information.

	  Thanks to Dennis Preiser for the report.

	* innd/art.c: Fix a dereferencing issue when parsing
	  Injection-Info: header field

	  Thanks to David Binderman for the patch.

2015-05-01  iulius

	* Bump version number in FAQ for new INN 2.5.5 release

	  Also remove link to Elena Samsonova's web site that appears to be
	  defunct.

2015-04-23  iulius

	* mailpost: add new -t flag to specify the default temporary
	  directory

	  Check that the database directory and the temporary directory are
	  writable when mailpost is run, and otherwise die with an error.

	  Two paths are now tried by default for the temporary directory:
	  pathtmp, and then /var/tmp if pathtmp is not writable.

	* Fix GCC 5.1.0 warning for incompatible pointer type

	  Rename the "U" macro used by two tests to "SUC" (casting to
	  String of Unsigned Chars) because it otherwise conflicts with how
	  Unicode strings are declared in ISO C11, the new default mode for
	  the GCC 5 series.

2015-04-20  iulius

	* Update TODO with references to existing patches

2015-04-05  iulius

	* Mention required TLS ciphers for interoperability

	* Update TODO with current state of INN 2.6.0

2015-04-02  iulius

	* Update changelog to mention other changes for INN 2.5.5

	* Use Sys::Hostname Perl core module instead of calling
	  /bin/hostname

2015-03-24  iulius

	* Add two missing contrib programs in the exceptions of mkmanifest

	* Typo in POD formatting

	* Update copyright years (add 2015)

	* Update config.guess and config.sub to upstream versions from
	  2015-03-08

	* Update control.ctl to upstream version from 2014-06-17

2015-03-21  iulius

	* scanlogs: Limit the number of lines to show from error log files

	  When lots of lines are present in error log files, they appear in
	  the news.daily verbatim, and the resulting email is so large it
	  is bouncing.

	  Restrict the number of lines to 50 (the default value for unknown
	  lines from news.notice).

	  Thanks to Jeffrey M. Vinocur for the bug report.

	* nnrpd: Count write time stats when using SASL

	* Improve the count of sleeping channels

	  The highest file descriptor of sleeping channels was not always
	  properly updated. A new CHANresetlastsleeping() function now does
	  the job when called.

	  Also prevent innd from crashing if a channel is supposed to sleep
	  but does not have a Waker set.

	  Thanks to Petr Novopashenniy for the bug report.

	* readers.conf: improve the first example to disambiguate its
	  effect against loca l connections

2015-03-18  iulius

	* pullnews: when giving a port along with a server name, check
	  there is only one ":"

	  Otherwise, it is very likely that the given server name is an
	  IPv6 address, and therefore its end should not be interpreted as
	  a port.

2015-01-21  iulius

	* Fix the unsignedness of TMRgettime when printed

2015-01-10  eagle

	* http://www.imc.org/ietf-usefor/ appears to be gone

	  Replace this link in HACKING with a link to the usefor mailing
	  list archives and to my Usenet article format pages.

2015-01-10  iulius

	* Do not mention that TLS compression will be disabled in the next
	  INN release

	  As the CRIME attack is not exploitable in NNTP, disabling TLS
	  compression by default is pointless. No vulnerability in TLS
	  compression is currently known as far as NNTP is concerned.

	* Add a cast to fix a gcc warning

2015-01-07  iulius

	* Regenerate Makefile dependencies with gcc 4.7.2

	  Also adapt support/makedepend to keep the two leading spaces, as
	  in previous versions of gcc.

	  Backport commit [9566].

	* Cleanup in include stuff

	  - Add missing BEGIN_DECLS/END_DECLS, and also use them instead of
	  their expansion.

	  - Add missing inclusion of <inn/defines.h>.

2015-01-04  eagle

	* Remove dead link to nnrpkrb5auth

2014-12-16  iulius

	* nnrp.access2readers.conf: add default username when none is
	  specified

2014-12-14  iulius

	* Add new contrib/nnrp.access2readers.conf.in script

	  This script converts old-style nnrp.access to readers.conf.

	  Thanks to Jeffrey M. Vinocur for his contribution.

2014-12-07  iulius

	* Update Russ's mail address

	* Fix typos

2014-12-01  iulius

	* Add support for choosing the elliptic curve to use with TLS
	  support

	  The new tlseccurve parameter in inn.conf takes the name of a
	  curve OpenSSL knows about, to use for ephemeral key exchanges.

	  Thanks to Christian Mock for the patch.

2014-11-23  iulius

	* m4/sendmail.m4: add missing brackets

	  The configure script was failing when running that part of code.

2014-11-12  iulius

	* inn.conf: Improve documentation about tlsprotocols and
	  tlscompression

2014-11-11  iulius

	* Improve tuning of the SSL/TLS configuration

	  nnrpd's TLS support is basically using OpenSSL's defaults WRT
	  issues such as protocol support and cipher suites. In these days
	  of POODLEs and other vulnerabilities, it should be useful to be
	  able to have better control over what's offered. So this patch
	  adds a few options to inn.conf:

	  - tlsprotocols: allows to select the SSL/TLS versions that are
	  supported

	  - tlsciphers: allows to give an OpenSSL cipher string to tailor
	  the cipher suites that are offered to clients

	  - tlspreferserverciphers: switches on the server-side selection
	  of the cipher suite (TLS default is "client chooses")

	  - tlscompression: allows to turn off TLS compression (because of
	  the CRIME attack) if the OpenSSL version supports this.

	  Many thanks to Christian Mock for his patch.

2014-11-09  iulius

	* Mention PyClean as a Python-based variant of Cleanfeed.

2014-10-28  iulius

	* Update default paths for Debian and Fedora

	* Fix a dependency in a build rule

2014-10-03  iulius

	* innwatch: report an error when the control file is missing

2014-09-24  iulius

	* rc.news: no longer explicitly sleep before starting innwatch and
	  cnfsstat

	  Instead, make these two scripts sleep by themselves.

	  Also update documentation: improve the list of actions done by
	  rc.news, and no longer mentions that innd should be throttled
	  before being stopped (this is not true - the shutdown process
	  already does the actions throttling does).

	* innwatch: add -i flag to specify how many seconds to sleep at
	  startup

	  - Also fix previous commit [9651] that did not totally fix the
	  issue it was supposed to fix.

	  - Fix the behaviour of the -f flag (it wasn't doing anything).

	  - Fix how the -l flag was parsed (a space was required between -l
	  and its argument, whils it should not have been required).

	  - Add new POD documentation for innwatch, and update it at the
	  same time: document new -i flag, and document already existing -f
	  flag.

	* cnfsstat: add -i flag to specify how many seconds to sleep at
	  startup

	  Update documentation, and homogenize POD syntax at the same time.

2014-09-24  eagle

	* Re-add second $(LIBSTORAGE) when linking backends

	  Backend commands (such as nntpget) linked with both history and
	  storage libraries list $(LIBSTORAGE) in the link line twice. This
	  isn't a mistake; there are some unfortunate circular dependencies
	  that require listing $(LIBSTORAGE) both before and after
	  $(LIBINNHIST) in the link line or static linking will fail.

2014-09-22  iulius

	* Fix build issues on AIX 7.1

	  mmap is redefined to mmap64 when large file support is enabled.

2014-09-21  iulius

	* Fixed a warning and an unnecessary sys/stropts.h header

	* Typos

	* Fix build of contrib/respool.c

	  Remove an unused variable.

	  Add a link to libhistory.

	* Fix build of contrib/reset-cnfs.c

	  Add correct include header files.

	  Use the right DO_LARGEFILES variable instead of LARGE_FILES.

	  Reformat the code (remove tabulations).

	  Properly exit with the right status code.

	* Fix a few warnings, and update svn:ignore for contrib

	* Fix build of contrib/expirectl.c

	  Add correct include header files, and fix a few warnings in
	  printf() calls.

	  Add portability code for statfs/statvfs support.

	* Add compilation rules for contrib/auth_pass.c and
	  contrib/expirectl.c

	  Use the right socklen_t type, and add crypt.h header if
	  available.

	* FAQ: add how to feed articles arrived between two dates to
	  another server

2014-09-11  iulius

	* innupgrade: fix its execution

	  On a few systems like AIX, innupgrade failed to run during an
	  upgrade because "perl -T" was not explicitly called. Failure was:
	  "-T" is on the #! line, it must also be used on the command line

	  Thanks to The Doctor for his bug report.

2014-09-07  iulius

	* Add missing dependency for libtest.o during the build of
	  nnrpd/auth-ext.t

2014-09-05  iulius

	* Fix typos in INN_HAVE_SYS_BITYPES_H and
	  INN_MACRO_IN6_ARE_ADDR_EQUAL names

2014-08-30  iulius

	* libinn documentation: update the name of the fdflag functions

	* pullnews: improve logging when an error occurs during GROUP

	  Also rewrite a ternary condition to improve readability.

	  Patch from Geraint A. Edwards.

	* pullnews: new -a flag (hashfeed ability)

	  Add a new feature to pullnews: hashfeed to split feeds. It uses
	  MD5 and is Diablo-compatible.

	  Thanks to Geraint Edwards for the patch.

	* pullnews: new -B flag (header-only feeding)

	  Add a new feature to pullnews: header-only feeding.

	  If the article does not already have a Bytes: header field, one
	  is added. Bodies are kept only for control articles.

	  Thanks to Geraint Edwards for the patch.

	* pullnews: bug fix to rnews when -O; improved rnews reporting

	  Thanks to Geraint Edwards for the patch.

	* pullnews: improve wording

	  * When pullnews runs for the first time against a newsgroup, say
	  "never" instead of January, 1st 1970 as the last run date. *
	  Improve spaces, uppercase characters and singular forms when 1
	  article is retrieved. * Update the config file even when the
	  group is empty.

	* pullnews: remove headers matching (or not) a given regexp

	  Enable the -m flag to remove headers matching (or not) a given
	  regexp.

	  Thanks to Geraint Edwards for the patch.

2014-08-09  iulius

	* innwatch: no longer creates a child process for sleeping

	  innwatch creates a child process only for sleeping and then waits
	  on that process. The forked-off process is not killed by 'rc.news
	  stop' (only its parent is), and will only die after it's done
	  sleeping. If running under SMF on illumos/Solaris, this causes
	  the service to likely drop into maintenance state (since not all
	  processes die within timeout).

	  Thanks to Lauri Tirkkonen for the patch.

2014-06-04  iulius

	* Bump version number to 2.5.5 for STABLE.
2015-08-22 19:10:50 +00:00
wiz
0982effce2 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:48:20 +00:00
wiz
8b765c474f Fix ``Please add a line "# used by foo/bar/Makefile" here.'' warnings. 2014-10-05 16:41:05 +00:00
spz
9de0272d23 update INN to version 2.5.4. Excerpt from the upstream release announcement:
Changes in 2.5.4

  * An up-to-date control.ctl file is provided with this release.  You
    should manually update your control.ctl file with the new information
    recorded about Usenet hierarchies.

  * A test has been improved in innwatch.ctl so that innwatch no longer
    throttles innd when no overview directory exists.  You should manually
    update your innwatch.ctl file to get this improvement.

  * Fixed a long-standing limitation on how controlchan and pgpverify were
    checking the signer of control messages.  They now properly handle the
    case of several UIDs being defined on a single PGP key, as well as the
    presence of spaces into UIDs.  In previous versions of INN, a few
    valid control messages got ignored because of that limitation
    (fido.ger.* and grisbi.* were for instance impacted).

  * As the name of the radius.conf configuration file shipped with INN for
    the nnrpd authenticator against a RADIUS server conflicts with the
    libradius package, this file is renamed to inn-radius.conf (innupgrade
    takes care of the rename during the update).

  * The attributes hash is now accessible to nnrpd Perl posting filter.
    As a result, filter_nnrpd.pl can make use of it.  Only authentication
    and access Perl hooks could previously use the attributes hash.
    Thanks to Steve Crook for this addition.

  * INN now properly builds fine with flex 2.5.36 (this version introduced
    a change of type for a variable used by INN).

  * When using funnel feeds, innfeed log files were open forever, which
    resulted in empty log files, once rotated by scanlogs.  innfeed now
    reopens its log files upon receiving a HUP signal; this signal is in
    particular sent by scanlogs during log rotation.  Thanks to Florian
    Schlichting for the patch.

  * Exploder and process channels are now reopened when "ctlinnd
    flushlogs" is used.  Otherwise, they could hold open an already
    deleted errlog file.  The issue affected in particular controlchan or
    ninpaths, running as such channels.

  * Fixed a buffer overflow when using imapfeed with more than a million
    commands during the same IMAP session.  Thanks to David Binderman for
    the bug report.

  * Fixed a segfault occurring in innd on systems where time_t is a 64-bit
    integer.  Thanks to S.P. Zeidler for the patch.

  * Fixed a segfault occurring in nnrpd when a res block was used in
    readers.conf without the program: key.

  * Fixed an issue where users were denied posting because of an
    overlapping buffer copy in a check nnrpd was doing.  Thanks to Florian
    Schlichting for the patch.

  * Fixed a regression that occurred in INN 2.5.3 regarding the path used
    by default by pullnews for its configuration file.  Instead of looking
    in the running user's home directory, it was looking in the *pathnews*
    directory set in inn.conf.  Thanks to Tony Evans for the bug report.

  * When neither wget nor ncftpget nor ncftp was found at configure time,
    the path to the simpleftp substitution program shipped with INN was
    not properly set in innshellvars, innshellvars.pl, and the
    "INN::Config" Perl module.  Thanks to Christian Garbs for the bug
    report.

  * ckpasswd no longer tries to use the ndbm compatibility layer provided
    by Berkeley DB if Berkeley DB has been built without ndbm support.
    Also add support for gdbm libraries in ckpasswd.

  * Fixed a Perl warning in inncheck; using "defined(@array)" has been
    deprecated since Perl 5.16.

  * Fixed the occurrence of an unexpected "cant select" error generated by
    innd.  Thanks to Paul Tomblin for having caught that long-standing
    issue.

  * When building INN with Berkeley DB support, no longer add -L/usr/lib
    to the linker include flags; unconditionally adding it may break the
    build on systems using lib32 and lib64 directories.

  * On a fresh INN install, motd.innd and motd.nnrpd are no longer
    installed by default.  Instead, samples for these files are provided
    in *pathetc*, named differently so that their default contents are not
    displayed to news clients before they get customised.

  * Other minor bug fixes and documentation improvements (like the
    addition in the readers.conf man page of the log: and program:
    parameters in res blocks, and the include directive).
2014-08-03 17:33:34 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
spz
ab7e1ebcce another time_t on 32bit system issue, a less fatal one. 2013-12-11 09:45:14 +00:00
spz
06a92fe52e leave a hint about overview issues 2013-11-27 10:10:37 +00:00
spz
980bfacda9 a small issue with 64bit time_t that leads to crashes in
news.daily, respectively on 'ctlinnd name ""' when peers are connected.
2013-11-27 10:02:55 +00:00
wiz
81d7c61770 Use more common pattern in dependency. 2013-06-16 21:42:00 +00:00
wiz
166d83a7cc Fix build with perl-5.18. 2013-06-16 21:38:51 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
wiz
8b5d49eb78 Bump all packages that use perl, or depend on a p5-* package, or
are called p5-*.

I hope that's all of them.
2012-10-03 21:53:53 +00:00
spz
af9289fddd Update from 2.5.2 to 2.5.3 (fixes CVE-2011-0411).
While we are touching it, fix PR/45986 with the patch supplied therein
(thanks)

Changes from 2.5.2 to 2.5.3:

  * When HDR/XHDR/XPAT were used on a new article coming into a newsgroup,
    requesting a header not present in the overview database, the first
    subsequent OVER/XOVER command did not show that article.  A remap of
    the overview data file was missing in nnrpd.  Thanks to Sam
    Varshavchik for the bug report.

  * When a header field appeared more than once in an article, it was
    missing from the overview data.  OVER/XOVER, as well as HDR/XHDR/XPAT
    using the overview, were therefore returning an empty field.  The
    content of the first occurrence is now returned, in accordance with
    RFC 3977.

    Perl and Python filters for innd now also properly initialize their
    header variables with the first occurrence of header fields.  (It is
    still the last occurrence for the Perl filter for nnrpd.)

  * Fixed a possible plaintext command injection during the negotiation of
    a TLS layer.  The vulnerability detailed in CVE-2011-0411 affects the
    STARTTLS and AUTHINFO SASL commands.  nnrpd now resets its read buffer
    upon a successful negotiation of a TLS layer.  It prevents malicious
    commands, sent unencrypted, from being executed in the new encrypted
    state of the session.

  * Fixed a regression that occurred in INN 2.5.0 when leading whitespace
    characters have been made significant in header field bodies.  It
    could lead INN to drop articles and throttle itself when running as a
    slave because Xref: header fields generated by other news servers, or
    even INN 2.4.6, could contain (valid) leading whitespace.  Thanks to
    Matija Nalis for having caught this bug.

  * Fixed an invalid 431 response to CHECK commands when innd is paused:
    the message-ID of the article to defer was missing.  Also fixed
    another issue in the messages innd replied; when an error occurred
    during a write on a channel, a trailing extra junk byte was added to
    the reply.  Thanks to River Tarnell for these bug reports.

  * It is now possible to properly generate daily statistics with
    sendinpaths thanks to the new -k and -r flags that permit to control
    the interval of days for processing dump files.  The new -c flag
    permits to send a copy of the generated e-mail to the newsmaster.

    Also fixed an issue with statistics that could be missing or
    duplicated for a couple of days when monthly sent.

    The documentation has been updated and mentions a preferred daily run
    of sendinpaths.  This script is a complete rewrite in Perl, and is
    based on Mohan Kokal's initial work.

  * cnfsheadconf now properly recognizes continuation lines in
    cycbuff.conf, that is to say lines ending with a backslash ("\").
    Thanks to John F. Morse for the bug report.

  * The order of CNFS buffers in a metacycbuff is now properly read and
    written by cnfsheadconf.  There previously was a confusion between
    hexadecimal and decimal values.  Thanks again to John F. Morse.

  * When the -l flag is given to cnfsstat, the cycbuff.conf and
    storage.conf files are now reloaded if they have been modified since
    the previous output of cnfsstat.

  * A single header field line is limited to 998 bytes, per RFC 5536.
    innd was previously accepting, and also generating Xref: header field
    lines, up to 1022 bytes.  Now, nnrpd (acting as an injecting agent)
    rejects articles which contain header field lines whose length exceeds
    998 bytes.  And innd (acting as a relaying or serving agent) no longer
    checks that.

  * nnrpd advertises the COUNTS, DISTRIBUTIONS, MODERATORS, MOTD and
    SUBSCRIPTIONS variants of the LIST command in response to
    CAPABILITIES.  These commands already existed in nnrpd but RFC 6048
    had not yet been published.

  * Add support for LIST MOTD in innd.  Consequently, the motd.news
    configuration file which was previously used only by nnrpd is renamed
    to motd.nnrpd (innupgrade takes care of the rename).  innd uses the
    new motd.innd file in *pathetc* for its message of the day.

  * Fixed an issue at configure time that made INN wrongly assume that
    OpenBSD (4.6) didn't support Unix-domain sockets.  Thanks to Wim Lewis
    for the patch.

  * Fixed an issue on systems which do not have a working flock(2)
    function (Solaris, for instance).  mailpost and pullnews are reported
    not to be usable on such systems.  Many thanks to Dennis Davis for the
    bug report.

    A wrapper around shlock is now called in Perl scripts.  The
    INN::Utils::Shlock module has been added for that use.

  * Fixed an issue in the Python access hook for nnrpd:  it has not been
    working since Python 2.5 on 64-bit platforms, owing to a change to
    Python's C API, using a new Py_ssize_t type definition instead of int.
    Thanks to Raphael Barrois for the patch.

  * Improve the stability of the Perl filters for innd and nnrpd: properly
    save and restore the stack pointer when needed.

  * The Injection-Date: header, when present, is now used by innd and
    makehistory to determine the posting date of an article.  Otherwise,
    the Date: header is used.

  * controlchan now imposes a date cutoff on processing control articles.
    The *artcutoff* parameter set in inn.conf is used.  Otherwise, without
    that cutoff, old control articles could be maliciously reinjected into
    Usenet, and replayed.  (An unsigned Injection-Date: header field could
    be added to an article that only had a Date: header field.)  A new -c
    flag has been added to controlchan to disable the cutoff check, if
    needed (usually when manually invoking the program).

  * nnrpd no longer adds or updates the Path: header field when an article
    is forwarded to a moderator.  It could otherwise lead to rejects at
    injection time when the article was approved by the moderator.

  * The X-Trace: header field was not properly generated when an article
    was locally posted.  The field mentioning the IP address was skipped,
    resulting in a wrong syntax for this header.  The local "127.0.0.1" IP
    address is now used.  Besides, "localhost" is now mentioned instead of
    an obscure "stdin" in injection header fields.

  * Fixed a bug in the frequency innfeed logs its status:  too many
    useless lines were written to news.notice.  Thanks to Florian
    Schlichting for the fix.

  * When unset in innfeed.conf, the *dynamic-method* parameter now
    properly defaults to 3 (instead of 0) and *use-mmap* to false (instead
    of true).  These two values were already the recommended ones in the
    documentation and the sample file.  Note that *use-mmap* is only used
    when innfeed is given file names to send instead of storage API
    tokens, which is a fairly rare use case.

  * innfeed no longer generates an error message (logged in news.err) when
    a parameter is not defined in innfeed.conf.  All the parameters have a
    default value, so there is no need to warn the user if they are not
    present in innfeed.conf.  Thanks to Dieter Stussy for having reported
    this problem.

  * Implement an upper limit to the number of file descriptors innd can
    handle.  At most (FD_SETSIZE-1) file descriptors can be used.  This
    upper limit now overrides any superior number set with *rlimitnofile*
    in inn.conf.  Thanks to Steve Crook for the bug report.

  * A default timeout on outgoing sockets (using NNTPconnect) has been
    added by Florian Schlichting.  For a long time, there have been
    occasional problems with actsync (and probably other programs) that
    would hang until manually killed or restarted.

  * The flag -S has been added to innd by Florian Schlichting.  When used,
    innd reports the errors found in incoming.conf and exits.

  * pullnews no longer stops processing newsgroups when an error occur
    during its run (for instance when a newsgroup mentioned in the
    configuration file is removed from an upstream server).  Besides, it
    can now use authentication when posting to the downstream server.

    A few other minor bugs have been fixed as for the way pullnews counts
    the articles.

  * Fixed the way innreport handles leap years.  It now properly generates
    HTML reports; dates were assumed to be relative to the current year,
    which may break their computation during for instance the whole 2012
    leap year.  Please note that no HTML reports have been lost, and that
    they will appear when INN is updated to this new version.

  * A new parameter has been added to inn.conf to determine whether the
    status file that innd can write out (depending on the value of the
    *status* parameter) is plain text or wrapped in HTML.  It previously
    only was a compile-time option, set to true by default.  Florian
    Schlichting added the *htmlstatus* parameter to provide a configurable
    behaviour.

  * It is now possible to run a script at the end of the execution of
    innshellvars scripts.  If a file named innshellvars.local,
    innshellvars.pl.local or innshellvars.tcl.local is present and
    executable in *pathetc*, then it will be executed by the corresponding
    innshellvars script (respectively shell, INN::Config Perl module, and
    Tcl).  A typical use is to add or override variables.

  * Add support for wire-formatted articles in scanspool.

  * A lot of work on cleaning old perl4-style code has been done by
    Florian Schlichting.

  * inncheck now generates a proper non-zero exit value when errors are
    found, and allows quiet mode with the -q flag.  Florian Schlichting
    has greatly improved this script in many regards, especially with a
    config-syntax parser for incoming.conf, innfeed.conf, readers.conf and
    storage.conf.

  * inncheck now properly finds the boundaries of substituted variables in
    newsfeeds thanks to Alexander Bartolich.

  * docheckgroups no longer uses awk.  On a few systems, the script was
    failing because of the presence of an old version of awk that has a
    limit in the size of the input it can handle.  Processing large
    newsgroups files was consequently impossible.  docheckgroups now uses
    Perl instead of awk, which solves the issue reported by John F. Morse.

  * Other minor bug fixes and documentation improvements.  In particular,
    the *debug-shrinking*, *fast-exit* and *initial-sleep* keys in
    innfeed.conf are now documented.  The function "filter_end()", called
    when Perl filtering is turned off, is also documented for the innd and
    nnrpd Perl filters.
2012-08-23 19:00:41 +00:00
shattered
26ce32cfbd PR/29576 -- Use @RCD_SCRIPTS_SHELL@ in rc.d scripts, not /bin/sh 2011-10-07 22:37:02 +00:00
spz
d11720088e fix innreport to be perl 5.12 compatible 2011-09-25 14:00:09 +00:00
spz
7fbbd442a2 install the rest of the files from site as config files also (these are
the filter scripts); this closes PR pkg/44507
2011-09-25 13:58:31 +00:00
obache
3b0f2f4d0e Revision bump after updating perl5 to 5.14.1. 2011-08-14 14:14:40 +00:00
seb
c3f1e700ad Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.

sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
2010-08-21 16:32:42 +00:00
joerg
908a1d62ce Needs user/group early in installation 2010-06-19 12:45:37 +00:00
spz
5a5e0e4ec2 update from 2.5.1 -> 2.5.2
Vendor update message (excerpt):

Many thanks to Julien ÉLIE for preparing this release.

Special notes:

The way checkpoints are handled by innreport for innd and innfeed has totally changed to provide more accurate daily statistics. The first Usenet report after an upgrade to INN 2.5.2 will probably contain incorrect statistics for incoming and outgoing articles because the beginning of the log files that will be used was generated by a previous version of INN.

A new version of innreport.conf is shipped with INN 2.5.2 but, in order to preserve any local changes, will not be automatically installed with make update. The changes are minor and not mandatory for the upgrade.

Changes from 2.5.1 to 2.5.2

    * Julien Elie has implemented in innd the new version of the NNTP protocol described in RFC 3977, RFC 4643 and RFC 4644, and innd now recognizes the CAPABILITIES command. Despite these standards, three commands (IHAVE, CHECK and TAKETHIS) will continue, for interoperability reasons, to return a reject code (respectively 435, 438, and 439) when the command contains a syntax error instead of 501. The mandatory username argument for authenticated peers is not enforced in INN 2.5.2 but will be be enforced by INN 2.6.0 when it is released.

Major improvements are:

    * innd now has a decent parser for NNTP commands. The parser is more correct (commands like "IHAVEZ<>", without a space between the command and its argument, are no longer valid) and allows leading and trailing whitespaces in commands. innd also now checks the length of the NNTP command sent by the client. If the command contains more than 512 bytes (or 497 bytes for an argument), an error is returned and the command is discarded. After ten unrecognized commands, innd closes the connection with the appropriate code (400 instead of 500).
    * The output of the HELP command specifies the arguments expected by NNTP commands, similar to nnrpd's HELP command.
    * LIST ACTIVE, LIST ACTIVE.TIMES and LIST NEWSGROUPS now allow an optional wildmat argument to restrict the results of those commands to specific newsgroups.
    * When using HEAD or STAT with an article number or a range, 412 (no group selected) is now returned instead of 501 (syntax error).
    * Jeffrey M. Vinocur has implemented support in both innd and nnrpd for whitespace in usernames/passwords provided with AUTHINFO USER/PASS. They were previously treated as invalid arguments or incorrectly parsed. innd and nnrpd now treat everything after the first whitespace character following AUTHINFO USER/PASS, up to, but not including, the final CRLF, as the username/password, in conformity with RFC 4643.
    * The syntax of message-IDs is now based on RFC 5536 (USEFOR) instead of RFC 1036. The major change is that quoted-pairs have been removed from the syntax.
    * The Perl and Python filters for innd now check the message-ID of articles arriving through TAKETHIS. Only CHECK and IHAVE commands previously used them.
    * Case-insensitive matches are now used for distributions, path identities, IMAP commands, header names, and control commands. (Newsgroups are still matched case-sensitively.) Message-IDs are case-sensitively matched, except for history hashes.
    * The new Archive:, Archive-At:, Comments:, and Summary: header fields defined in RFC 5064 and RFC 5536 can be used in innd filters. nnrpd now checks at injection time that an article does not contain an Injection-Info: header, that an Injection-Date: header (if provided) is valid, and that the Path: header does not contain ".POSTED". Note that INN does not yet generate these two injection fields or include the new Path: header field ".POSTED" keyword. These new features will be in the next major release of INN.
    * LIST SUBSCRIPTIONS now accepts an optional wildmat argument to restrict the results of this command to specific newsgroups.
    * nnrpd now supports a new LIST variant named COUNTS. LIST COUNTS is a combination of LIST ACTIVE and GROUP. It returns the same result as LIST ACTIVE except that the number of articles in a newsgroup is inserted before its status.
    * A new flag has been added to newsfeeds entries: "Aj", when present, says to feed articles accepted and filed in "junk" (due to *wanttrash*) to peers based on their newsfeeds feed patterns applied to the Newsgroups: header as though the article were accepted and all those groups were locally carried. This is useful if you want to run INN with a minimal active file and propagate all posts. Thanks to Andrew Gierth for the patch.
    * A new parameter has been added to inn.conf: *logtrash* defines whether a line for articles posted to groups not locally carried by the news server should be added in the news log file to report unwanted newsgroups. The default is true but it can be useful to set it to false (especially when *wanttrash* is also used).
    * The procbatchdir keyword has been added to news.daily to specify the backlog directory of innfeed. This is useful when several instances of innfeed are running or when its configuration file is not the default one.
    * sm now supports a new flag, -c, which shows a decoded form of the storage API token. This was previously done by the contrib showtoken script developed by Olaf Titz and Marco d'Itri.
    * The O flag in newsfeeds now relies on the contents of the Injection-Info: header field if it is present to determine the origin of an article. It falls back on X-Trace: if there is no Injection-Info: header field.
    * A new "unsigned long" type bas been added to the configuration parser. It will properly warn the news administrator when a variable supposed to be positive contains a negative integer. It will prevent INN from crashing due to misconfiguration at several places where it did not expect negative values.
    * innxbatch and innxmit now recognize the new 403 code introduced by RFC 3977 for a problem preventing the requested action from being taken.
    * HDR and OVER commands now return the correct 423 code (instead of 420) when the current article number is used but the article no longer exists.
    * actsync, inews, innxbatch, innxmit, nntpget and rnews can now authenticate to news servers which only expect a username, without password, conforming to RFC 4643.
    * The keyword generation code now generates a Keywords: header only if the original article does not already have one. The generated Keywords: header no longer begins with a comma. If keyword generation is set to true in inn.conf but the Keywords: header is not stored in the overview, the news administrator is warned and keyword generation deactivated, since it exists only to populate the overview data.
    * Two segfaults in keyword generation were fixed. The first occurred when an article already had a Keywords: header longer than the *keylimit* parameter. The second was caused by a possible invalid pointer beyond the newly allocated Keywords: header.
    * Fixed innd handling of empty lines. innd was not properly discarding an empty command and was closing the connection when it received only whitespace in a command.
    * Fixed a bug in how innd responded to reader commands when readers were not allowed. A superfluous blank line was sent in its response.
    * Fixed a bug in innd's response to TAKETHIS when authentication is required. Previously, 480 code was returned immediately without accepting the multi-line data block first, which broke synchronization in the NNTP protocol.
    * Fixed a bug in recognizing the article terminator when empty articles were fed to innd via IHAVE or TAKETHIS, leading to treating subsequent NNTP commands as part of the article.
    * When innd could not provide information for LIST ACTIVE.TIMES and LIST NEWSGROUPS, it was returning an invalid error message without a response code. The proper 503 answer code is now returned.
    * When an unauthenticated user tried to post an article, nnrpd replied 440 (posting not allowed) instead of the correct 480 (authentication required) response if the user might be able to post after authentication. Thanks to Daniel Weber for the bug report.
    * Fixed a bug in both innd and nnrpd answers to LIST commands where the output was not checked for valid dot stuffing.
    * Fixed a bug leading to junked non-control articles being sent to control-only feeds, and also fixed handling of poisoned control groups. Thanks to Andrew Gierth for the patch.
    * Fixed a bug in innreport leading to incorrect summing of innd stats when *hostname* was set to an IPv6 address instead of a fully-qualified domain name. Thanks to Petr Novopashenniy for the bug report.
    * Changed how innreport uses innd and innfeed checkpoint messages. Previously, connections held open for multiple days led to skewed and incorrect statistics on how many articles had been received or sent. The count is now more accurate and, for each connection of a feed, only depends on *incominglogfrequency* in inn.conf and *stats-period* in innfeed.conf.
    * Fixed a bug in nnrpd Perl filter: a header field whose name begins with the name of a standardized header field was not properly handled.
    * Fixed a bug in how innd was parsing Message-ID: and Supersedes: headers which contained trailing whitespace. The article was corrupted by an unexpected "\r" in the middle of the header. nnrpd now checks the syntax of the Message-ID: header field, if present.
    * Fixed various bugs in how leading whitespace was treated in headers. The HDR, XHDR and XPAT commands were not properly showing leading whitespace in header values. Lone "\n" and "\r" characters are now changed into spaces and "\r\n" is just removed. archive, makehistory, and tdx-util now keep leading whitespace in headers when generating overview data, and archive now changes "\n" (when not preceded by "\r") into a space when generating overview data.
    * Fixed a bug in the generation of overview data which may corrupt previously generated overview data when a pseudo Xref: header field is injected in an extra overview field.
    * Fixed a bug in the parsing of the *ovgrouppat* wildmat in inn.conf that prevented overview data from being generated when poisoned groups were specified but a latter sub-pattern matched the group. A uwildmat expression is now correctly handled, and a potential segfault has been fixed. Thanks to Dieter Stussy for the bug report.
    * Fixed a bug when HDR, XHDR and XPAT were used when *virtualhost* was set to true in readers.conf. The Xref: header of articles posted to only one newsgroup appeared empty.
    * Fixed a bug in tdx-util in parsing empty overview fields when called with -A or -F.
    * Fixed a bug in cvtbatch, which was returning only the size of the headers of an article when the "b" parameter was used with the -w flag. It now correctly returns the size of the whole article, which is what "b" was documented to do. cvtbatch also has a new "t" parameter, which can be used with the -w flag to retrieve the arrival time of an article.
    * Fixed a bug in how mailpost handles cross-posting feature. It was not properly detaching from sendmail. Thanks to Harald Dunkel for the patch.
    * Fixed a bug in the newsfeeds C flag: the count of followup groups was one less than the real number. When the value of the Followup-To: header field is "poster", it is no longer considered to be a followup. Thanks to Dieter Stussy for the patch.
    * When using tradindexed, the overview data for a cancelled article is now immediately removed from the overview. Thanks to Lars Magne Ingebrigtsen for the patch.
    * batcher has not supported the retrieval of an article with its file name for a long time. The -S flag has therefore been removed.
    * inews no longer rejects articles that contain more than 50 header fields. Thanks to Torsten Jerzembeck for the bug report.
    * news.daily no longer sends superfluous mails when the nomail keyword is given. Mail is only sent when there is real output. Previously, there would always be headings and empty lines left over from the structuring of the full report, which are now ommitted. Also, the output of programs executed with postexec is now included in the regular mail. Thanks to Florian Schlichting for the patch.
    * innconfval no longer maps NULL string or list values to an empty string or list and instead maps them to undefined values. This fixes an issue reported by Kamil Jonca: nnrpd was inserting an empty Organization: header when the *organization* parameter in inn.conf was unset.
    * Other minor bug fixes and documentation improvements.
2010-04-13 21:18:00 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
spz
c0dc9b8537 the patch to set the pgp path setting was both superfluous (as the path gets
reset later on) and had a typo. Add a dependency on gnupg instead to make
sure a pgp (gpg) binary is around to be used (provision should be made to
be able to use eg netpgp instead .. to be done later, hopefully after
someone else created the 'pick my favourite pgp version' infrastructure :> ).
2010-01-16 09:46:16 +00:00
spz
9e56735d16 The next minor version of INN. From the release announcement:
Major changes from 2.5.0 to 2.5.1

* Fixed a segfault in imap_connection which could occur when SASL was
used.

* Fixed a segfault in the keyword generation code which was assuming
that an article was nul-terminated. Fixed another segfault in the
keyword generation code when an article already contained a Keywords:
header. Thanks to Nix for the bug reports.

* Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library
has slightly changed. imap_connection and nnrpd now handle that
change. Otherwise, some answers are too long to be properly computed
during SASL exchanges.

* Fixed a memory allocation problem which caused nnrpd to die when
retrieving via HDR/XHDR/XPAT the contents of an extra overview field
absent from the headers of an article. The NEWNEWS command was also
affected on very rare cases. Thanks to Tim Woodall for the bug
report.

* HDR/XHDR/XPAT answers are now robust when the overview database is
inconsistent. When the overview schema was modified without the
overview database being rebuilt, wrong results could be returned for
extra fields (especially a random portion of some other header). The
desired header name is now explicitly searched for in the overview
information.

* Fixed the source which is logged to the news log file for local
postings when the local server is not listed in incoming.conf. A
wrong name was used, taken amongst known peers. The source is now
logged as "localhost".

* Fixed a bug in the timecaf storage method: only the first 65535
articles could be retrievable in a CAF, though everything was properly
stored. (A Crunched Article File contains all the articles that
arrive to the news server during 256 seconds.)

The storage token now uses 4 bytes to store the article sequence
number for timecaf, instead of only 2 bytes. Thanks to Kamil Jonca
for the bug report and also the patch.

* Fixed a bug in both timecaf and timehash which prevented them from
working on systems where short ints were not 16-bit integers.

* When there is not enough space to write an entire CAF header, the
timecaf storage manager now uses a larger blocksize. On 32-bit
systems, the CAF header is about 300 bytes, leaving about 200 bytes
for the free bitmap index (the remaining of a 512-byte blocksize). On
64-bit systems, the size of the CAF header could exceed 512 bytes,
thus leaving no room for the free bitmap index. A 1 KB blocksize is
then used, or a larger size if need be.

* A new CNFS version has been introduced by Miquel van Smoorenburg in
the CNFS header. CNFSv4 uses 4 KB blocks instead of 512 bytes, which
more particularly makes writes faster. CNFSv4 supports
files/partitions up to 16 TB with a 4 KB blocksize.

Existing CNFS buffers are kept unchanged; only new CNFS buffers are
initialized with that new version.

* grephistory -l now returns the contents of the expires history field
as well as the hash of the message-ID. Besides, when the storage API
token does not exist, grephistory -v now also returns the hash of the
requested message-ID.

* The check on cancel messages when *verifycancels* is set to true in
inn.conf has been changed to verify that at least one newsgroup in the
cancel message can be found in the article to be cancelled. This new
feature is from Christopher Biedl.

The previous behaviour was to check whether the cancel message is from
the same person as the original post, which is extremely easy to
spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control
messages are not required to contain From: and Sender: header fields
matching the target message. This requirement only encouraged cancel
issuers to conceal their identity and provided no security".

* The way the "/remember/" line in expire.ctl works has changed.
History retention for an article was done according to its original
arrival time; it is now according to its original posting date.
Otherwise, unnecessary data may be kept too long in the history file.

To achieve that, the HISremember() function in history API now expects
a fourth parameter: the article posting time.

Note that article expiration has not changed and is still based on
arrival time, unless the -p flag is passed to expire or expireover, in
which case posting time is used.

* The default value for "/remember/" has changed from 10 to 11 because
it should be one more than the *artcutoff* parameter in inn.conf, so
that articles posted one day into the future are properly retained in
history.

* auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos
APIs. Note that using ckpasswd with PAM support and a Kerberos PAM
module instead of this authenticator is still recommended.

* A new -L flag has been added by Jonathan Kamens to makehistory so as
to specify a load average limit. If the system load average exceeds
the specified limit, makehistory sleeps until it goes below the limit.

* As UTF-8 is the default character set in RFC 3977, "ctlinnd pause",
"ctlinnd readers", "ctlinnd reject", "ctlinnd reserve", "ctlinnd
throttle" and "nnrpd -r" commands now require the given reason to be
encoded in UTF-8, so that it can be properly sent to news readers.
The creator's name given to "ctlinnd newgroup" is also expected to be
encoded in UTF-8.

* The output of consistency checks for article storage and the history
file no longer appears by default when "cnfsstat -a" is used. A new
-v flag has been added to cnfsstat so as to see it.

* The default path for TLS certificates has changed from *pathnews*/lib
to *pathetc*. It only affects new INN installations or generations of
certificates with "make cert". Besides, a default value has been
added to *tlscapath* because it is required by nnrpd when TLS is used.

* gzip(1) is now the default UUCP batcher in send-uucp instead of
compress(1) because gzip is more widely available than compress, due
to old patent issues. Note that there is no impact on decompression
as it is handled by rnews.

* cnfsheadconf now uses the Perl core module "Math::BigInt" rather than
the deprecated bigint.pl library. When used without specifying a CNFS
buffer, it now properly displays the status of all CNFS buffers.
2009-12-16 22:10:25 +00:00
spz
73cb40ec15 fix GNUism in find syntax in the news.daily script source
(reported by Geoff Wing <gcw@pobox.com>)
2009-10-03 16:20:39 +00:00
spz
21a236b8e2 fix packaging bugs noted by Geoff Wing (gcw@pobox.com) (thanks) 2009-09-25 11:06:00 +00:00
spz
15ed507f60 Update of the INN package to the latest stable version (2.5.0). 2009-09-22 13:17:00 +00:00
joerg
62d1ba2bac Remove @dirrm entries from PLISTs 2009-06-14 18:03:28 +00:00