Changes from 2.4.2 to 2.4.3 * Previous versions of INN had an optimization for handling XHDR Newsgroups that used the Xref header from overview. While this does make the command much faster, it doesn't produce accurate results and breaks the NNTP protocol, so this optimization has been removed. * Fixed a bug in innd that allowed it to accept articles with duplicated headers if the header occurred an odd number of times. Modified the programs for rebuilding overview to use the last Xref header if there are multiple ones to avoid problems with spools that contain such invalid articles. * Fixed yet another problem with verifying that a user has permissions to approve posts to a moderated group. Thanks, Jens Schlegel. * Increase the send and receive buffer on the Unix domain socket used by ctlinnd. This should allow longer replies (particularly for innstat) on platforms with very low default Unix domain socket buffer sizes. * rnews's handling of articles with nul characters, NNTP errors, header problems, and deferrals has been significantly improved. * Thomas Parmelan added support to send-uucp for specifying the funnel or exploder site to flush for feeds managed through one and fixed a problem with picking up old stranded work files. * Many other more minor bug fixes, optimization improvements, and documentation fixes. Changes from 2.4.1 to 2.4.2 * INN is now licensed under a less restrictive license (about as minimally restrictive as possible shy of public domain), and the clause similar to the old BSD advertising clause has been dropped. * make install and make update now always install the newly built binaries, rather than only installing them if the modification times are newer. This is the behavior that people expect. make install now also automatically builds a new (empty) history database if one doesn't already exist. * The embedded Tcl filter code has been disabled (and will be removed entirely in the next major release of INN). It hasn't worked for some time and causes innd crashes if compiled in (even if not used). If someone wants to step forward and maintain it, I recommend starting from scratch and emulating the Perl and Python filters. * ctlinnd should now successfully handle messages from INN up to the maximum allowable packet size in the protocol, fixing problems sites with many active peers were having with innstat output. * Overview generation has been fixed in both makehistory and innd to follow the rules in the latest NNTP draft rather than just replacing special characters with spaces. This means that the unfolding of folded header lines will not introduce additional, incorrect whitespace in the overview data. * nnrpd now uniformly responds with a 480 or 502 status code to attempts to read a newsgroup to which the user does not have access, depending on whether the user has authenticated. Previously, it returned a 411 status code, claiming the group didn't exist, which confuses the reactive authentication capability of news readers. * If a user is not authorized to approve articles (using the A access control in readers.conf), articles that include Approved headers will be rejected even if posted to unmoderated groups. Some other site may consider that group to be moderated. * The configuration parser used for readers.conf and others now correctly handles "#" inside quoted strings and is more robust against unmatched double quotes. * Messages mailed to moderators had two spaces after the colons in the headers, rather than one. This bug has been fixed. * A bug that could cause heap corruption and random crashes in innd if INN were compiled with Python support has been fixed. * Some problems with innd's tracking of article size and enforcement of the configured maximum article size have been fixed. * pgpverify will now correctly verify signatures generated by GnuPG and better supports GnuPG as the PGP implementation. * INN's code should now be more 64-bit clean in its handling of size_t, pointer differences, and casting of pointers, correcting problems that showed up on 64-bit platforms like AMD64. * Improved the error reporting in the history database code, in inews, in controlchan, and in expire. * Many other, more minor bugs have also been fixed. Changes from 2.4.0 to 2.4.1 * SECURITY: Handle the special filing of control messages into per-type newsgroups more robustly. This closes a potentially exploitable buffer overflow. Thanks to Dan Riley for his excellent bug report. * Fixed article handling in innd so that articles without a Path header (arising from peers sending malformatted articles or injecting malformatted articles through rnews) would not cause innd to crash. (This was not exploitable.) * Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen. * configure now looks for sendmail only in /usr/sbin and /usr/lib, not on the user's path. This should reduce the need for --with-sendmail if your preferred sendmail is in a standard location. * The robustness of the tradindexed overview method has been further increased, handling more edge cases arising from corrupted databases and oddly-named newsgroups. * innd now never decreases the high water mark of a newsgroup when renumbering, which should help ameliorate overview and active file synchronization problems. * Do not close and reopen the history file on ctlinnd reload when the server is paused or throttled. This was breaking ctlinnd reload all during a server pause. * Various minor portability and compilation issues fixed. Substantial numbers of compiler warnings have been cleaned up, thanks largely to work by Ilya Kovalenko. * Multiple other more minor bugs have been fixed. * Documentation and man pages have been clarified and updated. Upgrading from 2.3 to 2.4 The inn.conf parser has changed between INN 2.3 and 2.4. Due to that change, options in inn.conf that contain whitespace or a few other special characters must be quoted with double quotes, and empty parameters (parameters with no value) are not allowed. INN 2.4 comes with a script, innupgrade, run automatically during "make update", that will attempt to fix any problems that it finds with your inn.conf file, saving the original as inn.conf.OLD. This change is the beginning of standardization of parsing and syntax across all of INN's configuration files. The history subsystem now has a standard API that allows other backends to be used. Because of this, you now need to specify the history method in inn.conf. Adding: hismethod: hisv6 will tell INN to use the same history backend as was used in previous versions. innupgrade should take care of this for you. ovdb is known to have some locking and timing issues related to how nnrpd shuts down (or fails to shut down) the overview databases. If you have stability problems with ovdb, try setting readserver to true in ovdb.conf. This will funnel all ovdb reads through a single process with a cleaner interface to the underlying BerkeleyDB database. If you use Perl authentication for nnrpd (if *nnrpdperlauth* in inn.conf is true), there have been major changes. See "Changes to Perl Authentication Support for nnrpd" in doc/hook-perl for details. Similarly, if you use Python authentication for nnrpd (if *nnrpdpythonauth* in inn.conf is true), there have been major changes. See "Changes to Python Authentication and Access Control Support for nnrpd" in doc/hook-python for details. If you use send-uucp, it has been completely rewritten and now takes a configuration file to specify its behavior. See its man page for more information. If you use sendbatch, it is no longer included in INN since the new send-uucp can handle all of the same functionality. The wildmat API has been renamed (to uwildmat and friends; see uwildmat(3) for the interfaces) to distinguish it from Rich $alz's original version, since it now supports UTF-8. This may require changes in other software packages that link against INN's libraries. If you are upgrading from a version prior to INN 2.3, see "Upgrading from 2.2 to 2.3". Changes from 2.3 to 2.4 * IPv6 support has been added, disabled by default. If you have IPv6 connectivity, build with --enable-ipv6 to try it. There are no known bugs, but please report any problems you find (or even successes, if you use an unusual platform). There are a few changes of interest; further information is available in doc/IPv6-info. * The tradindexed overview method has been completely rewritten and should be considerably more robust in the face of system crashes. A new utility, tdx-util, is provided to examine the contents of the overview database, repair inconsistencies, and rebuild the overview for particular groups from a tradspool news spool. See tdx-util(8) for more details. * The Perl and Python authentication hooks for readers have been extensively overhauled and integrated better with readers.conf. See the Changes sections in doc/hook-perl and doc/hook-python for more details. * nnrpd now optionally supports article injection via IHAVE, see readers.conf(5). Any articles injected this way must have Date, From, Message-ID, Newsgroups, Path, and Subject headers. X-Trace and X-Complaints-To headers will be added if the appropriate options are set in readers.conf, but other headers will not be modified/inserted (e.g. NNTP-Posting-Host, NNTP-Posting-Date, Organization, Lines, Cc, Bcc, and To headers). * nnrpd now handles arbitrarily long lines in POST and IHAVE; administrators who want to limit the length of lines in locally posted articles will need to add this to their local filters instead. * nnrpd no longer handles the poorly-specified RFC 977 optional fourth argument to the NEWGROUPS command specifying the "distributions" that the command was supposed to apply to. Clients that use that argument will break. There are not believed to be any such clients, and it's easy enough to just filter the returned list of newsgroups (which is generally fairly short) to achieve the same results. * nnrpd no longer accepts UTC as a synonym for GMT for NEWGROUPS or NEWNEWS. This usage was never portable, and was rejected by the NNTP working group. It is being removed now in the hope that it will be caught before anyone starts to rely on it. * innfeed supports a new peer parameter, *backlog-feed-first*, that if set to true feeds any backlog to a peer before new articles, see innfeed.conf(5). When used in combination with *max-connections: 1*, this can be used to enforce in-order delivery of messages to a peer that is doing Xref slaving, avoiding cases where a higher-numbered message is received before a lower-numbered message in the same group. * Several other, more minor protocol issues have been fixed: connections rejected due to the connection rate limiting in innd receive 400 replies instead of 504 or 505, and ARTICLE without an argument will always either retrieve the current article or return a 423 error, never advance the current article number to the next valid article. See doc/compliance-nntp for all of the known issues with INN's compliance with the current NNTP draft. * All accesses to the history file for all parts of INN now go through a generic API like the storage and overview subsystems do. This will eventually allow new history implementations to be dropped in without affecting the rest of INN, and will significantly improve the encapsulation of the history subsystem. See the libinnhist(3) man page for the details of the interface. * INN now uses a new parser for the inn.conf file. This means that parameters containing whitespace or other special characters must now be quoted; see inn.conf(5). It fixes the long-standing bug that certain values must be included in inn.conf even if using the defaults for the use of shell or Perl scripts, and it will serve as the basis for standardizing and cleaning up the configuration file parsing in other parts of INN. innupgrade is run during make update and should convert an existing inn.conf file for you. * send-uucp has been replaced by a completely rewritten version from Marco d'Itri, Edvard Tuinder, and Miquel van Smoorenburg, which uses a configuration file that specifies batch sizes, compression methods, and hours during which batches should be generated. The old sendbatch script has been retired, since send-uucp can now handle everything that it did. * Two configure options have changed names: --with-tmp-path is now --with-tmp-dir, and --with-largefiles is now --enable-largefiles, to improve consistency and better match the autoconf option guidelines. * Variables can now be used in the newsfeeds file to make it easier to specify many similar feeds or feed patterns. See the newsfeeds(5) man page for details. * Local connections to INN support a new special mode, MODE CANCEL, that allows efficient batch cancellation of messages. This is intended to be the preferred interface for external spam and abuse filters like NoCeM. See "CANCEL FEEDS" in innd(8) for details. * Two new options, *nfsreader* and *nfswriter*, have been added to inn.conf to aid in building NFS based shared reader/writer platforms. On the writer server configure nfswriter to true and on all of the readers configure nfsreader to true; these options add calls to force data out to the NFS server and force it to be read directly from the NFS server at the appropriate moments. Note that it has only been tested on Solaris 8, using CNFS as the storage mechanism and tradindexed as the overview method. * A new option, *tradindexedmmap*, has been added to inn.conf. If set to true (the default), then the tradindexed overview method will use mmap() to access its overview data (in 2.3 you couldn't control this; it always used mmap). * Thanks to code contributed by CMU, innfeed can now feed an IMAP server as well as other NNTP servers. See the man page for innfeed(8) for more information. * An authenticator, auth_smb, that checks a username and password against a remote Samba server is now included. See auth_smb(8) for details. * The wildmat functions in INN now support UTF-8, in a way that should allow them to still work with most simple 8-bit character sets in widespread use. As part of this change, some additional wildmat interfaces are now available and the names have changed (to uwildmat, where u is for Unicode). See uwildmat(3) for the details. * The interface between external authenticators and nnrpd is now properly documented, in doc/external-auth. A library implementing this interface in C is provided, which should make it easier to write additional authenticators resolvers. See libauth(3) for details, and any of the existing programs in authprogs/ for examples. * INN now checks to ensure that the configured temporary directory is not world-writeable. Additionally, most (if not all) of the temporary file creation in INN now uses functions that create temporary files properly and safely. * All of the applicable bug fixes from the INN 2.3 STABLE series are also included in INN 2.4. Upgrading from 2.2 to 2.3 There may be additional things to watch out for not listed here; if you run across any, please let inn-bugs@isc.org know about them. Simply doing a make update is not sufficient to upgrade; the history and overview information will also have to be regenerated, since the formats of both files have changed between 2.2 and 2.3. Regardless of whether you were using the storage API or traditional spool under 2.2, you'll need to rebuild your overview and history files. You will also need to add a storage.conf file, if you weren't using the storage API under INN 2.2. A good default storage.conf file for 2.2 users would be: method tradspool { newsgroups: * class: 0 } Create this storage.conf file before rebuilding history or overview. If you want to allow readers, or if you want to expire based on newsgroup name, you need to tell INN to generate overview data and pick an overview method by setting *ovmethod* in inn.conf. See INSTALL and inn.conf(5) for more details. The code that generates the dbz index files has been split into a seperate program, makedbz. makehistory still generates the base history file and the overview information, but some of its options have been changed. To rebuild the history and overview files, use something like: makehistory -b -f history.n -O -T/usr/local/news/tmp -l 600000 (change the /usr/local/news/tmp path to some directory that has plenty of temporary space, and leave off -O if you're running a transit-only server and don't intend to expire based on group name, and therefore don't need overview.) Or if your overview is buffindexed, use: makehistory -b -f history.n -O -F Both will generate a new history file as history.n and rebuild overview at the same time. If you want to preseve a record of expired message IDs in the history file, run: awk 'NF==2 { print; }' < history >> history.n to append them to the new history file you created above. Look over the new history file and make sure it looks right, then generate the new index files and move them into place: makedbz -s `wc -l if you run actsyncd. Be sure to read the manual page for actsync to configure an actsync.ign file for your site, and test simpleftp if you do not configure with wget or ncftp. Also see . * Some options to configure are now moved to inn.conf (merge-to-groups and pgp-verify). * inndf, a portable version of df(1), is supplied. * New cnfsstat program to show stats of cnfs buffers. * news2mail and mailpost programs for gatewaying news to mail and mail to news are supplied. * pullnews program for doing a sucking feed is provided (not meant for large feeds). * The innshellvars.csh.in script is obsolete (and lives in the obsolete directory, for now).