Path to this page:
Subject: CVS commit: pkgsrc/news/inn
From: S.P.Zeidler
Date: 2017-05-20 08:53:05
Message id: 20170520065306.1034CFBE4@cvs.NetBSD.org
Log Message:
update to 2.6.1. Excerpt from NEWS:
Upgrading from 2.5 to 2.6
The following changes require your full attention because a manual intervention \
may be needed:
The name and location of the pullnews configuration file have changed. It is \
now pullnews.marks, located in pathdb when pullnews is run as the news user, or \
otherwise in the running user's home directory. This file was previously stored \
in .pullnews in the running user's home directory (even for the news user). If \
you use pullnews, you need to manually move and rename the configuration file; \
otherwise, it will no longer work. Note that the -c flag passed to pullnews \
allows to specify another configuration file, if need be.
The default location of the mailpost database directory has changed from \
pathtmp to pathdb. If you use mailpost without an explicitly specified database \
directory (using the -b flag), then you should manually move your current \
database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb.
If you have been using TLS/SSL with nnrpd before, be aware that the default \
value of a few inn.conf parameters have changed: the server now decides the \
preferred cipher (instead of the client), and only TLS protocols are allowed \
(using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to \
change these settings, the respective tlspreferserverciphers and tlsprotocols \
parameters can be tuned to your needs.
The --with-kerberos configure flag used to add Kerberos v5 support has been \
renamed to --with-krb5.
The --with-berkeleydb configure flag used to add Berkeley DB support has \
been renamed to --with-bdb.
The --enable-ipv6 configure flag no longer exists. IPv6 is now \
unconditionally enabled, if available.
$HOME is no longer exported as an environment variable by innshellvars, \
innshellvars.tcl and the Perl module INN::Config. It was previously overriding \
the default user home directory with pathnews. If you use these scripts in your \
own scripts, you will have to take care of that change.
Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if \
remote peers have to authenticate in order to feed articles, they now have to \
send a username (which was previously wrongly optional), before sending their \
password. The mandatory username, though currently unused by innd, can be \
whatever the remote peer wishes. In previous versions of INN, inncheck was \
already complaining when passwd.nntp contained an empty username associated with \
a password.
A manual review of authenticated feeds should then be done so as to ensure \
that they are properly working.
The Injection-Date: and Injection-Info: headers are now generated by nnrpd \
at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, \
X-Complaints-To: and X-Trace: headers. Local scripts that were using (for \
authentication, privacy, etc.) these now deprecated headers should be updated. \
Also note that the Path: header of locally posted articles can also contain the \
contents of the deprecated NNTP-Posting-Host: field.
The two addnntppostingdate and addnntppostinghost parameters in inn.conf \
have been respectively renamed to addinjectiondate and addinjectionpostinghost. \
innupgrade takes care of the modification only for inn.conf; a manual change \
will therefore be needed for readers.conf, if these parameters are overridden in \
this file.
The default values of a few inn.conf parameters have changed to make use of \
the vastly expanded storage and RAM commonly available today: datamovethreshold \
(from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from \
64 to 128), and wireformat (now enabled by default).
The generation of status reports and performance timings are now also \
enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of \
10 minutes (status and timer parameters).
The default value of max-queue-size has changed from 5 to 20, and use-mmap \
now defaults to true for innfeed.conf.
Changes in 2.6.1
nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header \
fields it generates. It was previously using +0000, wrongly systematically \
indicating a local time zone at Universal Time when localtime is set to false \
(which is the default) in readers.conf. The +0000 time zone will now be used \
only if localtime is set to true and UTC is really the local time zone of the \
server.
Julien Elie has implemented in nnrpd the new COMPRESS command described in \
draft-murchison-nntp-compress that extends the NNTP protocol to allow a \
connection to be effectively and efficiently compressed. News clients that also \
support that extension will be able to benefit from that bandwidth optimization \
and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level \
compression, as far as authentication credentials are concerned.
The default value for the tlscompression parameter in inn.conf has changed. \
TLS-level compression is now disabled by default, to comply with the best \
current practices for a secure use of TLS in application protocols like NNTP. \
Using the new COMPRESS command is recommended.
The tlscompression parameter in inn.conf now also permits to disable \
TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when \
OpenSSL 1.0.0 or later was used.
rnews no longer segfaults at startup when started setuid news. Thanks to \
Marcus Jodorf for the bug report.
Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option \
was unconditionally set whereas only BSD/OS systems needed it. Thanks to \
Christian Mock for having discovered that.
Articles containing a Received: or a Posted: header field are no longer \
rejected by nnrpd at injection time.
Articles containing control characters or whitespace-only content lines in \
their headers are now rejected by nnrpd at injection time.
OpenSSL 1.1.0 support has been added to INN.
When an encryption layer is negotiated during a successful use of the \
STARTTLS command, or after a successful authentication using a SASL mechanism \
that negotiates an encryption layer, nnrpd now updates the permissions of the \
news client according to the new secure state of his connection (that is to say \
auth blocks in readers.conf using the require_ssl parameter are taken into \
account). Previously, only connections on a dedicated port (usually 563) were \
taking benefit from that parameter. Thanks to Steve Crook for the bug report.
When a data integrity layer was negotiated during a successful SASL \
authentication, nnrpd was wrongly reseting any knowledge obtained from the \
client, such as the current newsgroup and article number. This behaviour now \
applies only when an encryption layer is negotiated.
nntpsend now correctly waits until all of the child innxmit processes exit \
before it does. It was causing nntpsend to fail to work properly on systems that \
use systemd, because when it exits prematurely, systemd kills all of the \
processes it launched, including the innxmit processes. Thanks to Jonathan \
Kamens for the patch.
Update from GNU Libtool 2.4.2 to 2.4.6.
Other minor bug fixes and documentation improvements.
Changes in 2.6.0
The NNTP protocol requires a username to be sent before a password when \
authentication is used. innd was wrongly allowing only a password to be sent by \
authenticated peers. See the note above for more details.
The Lines: header is no longer generated by nnrpd at injection time.
The Injection-Date: header is now generated by nnrpd at injection time \
instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is \
set to true. Note that addnntppostingdate has been renamed to addinjectiondate \
in inn.conf.
The Injection-Info: header is now generated by nnrpd at injection time \
instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is \
set to true), X-Complaints-To: and X-Trace: headers. Note that \
addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The \
Path: header of locally posted articles now also contains the contents of the \
NNTP-Posting-Host: header.
A new addinjectionpostingaccount parameter has been added in inn.conf. When \
set to true, the Injection-Info: header field contains an additional \
posting-account attribute that mentions the username assigned to the user at \
connection time or after authentication. The default value for this parameter is \
false.
A few headers are now considered as obsolete by nnrpd at injection time: \
NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, \
Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers.
Besides, nnrpd will similarly reject obsolete sendsys, senduuname and \
version control messages.
The presence of a Subject: header field beginning with cmsg no longer causes \
an article to be interpreted as a control message by nnrpd at injection time.
nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE \
are now treated as though they were injected with POST. It means that if the \
previous behaviour of IHAVE was expected, innd should handle itself the \
connection instead of nnrpd.
The name of the pullnews configuration file is now pullnews.marks located in \
pathdb when pullnews is run as the news user, or otherwise in the running user's \
home directory. It was previously stored in .pullnews in the running user's home \
directory (even for the news user).
Fixed a leak of semaphores when using buffindexed. Thanks to Richard \
Kettlewell for having fixed the issue.
Building with Libtool is no longer optional. The --enable-libtool option to \
configure has been removed.
DESTDIR and non-root installs are now properly supported and documented in \
INSTALL. The make install, make update and make cert steps properly obey \
DESTDIR. Besides, it is no longer a requirement that the installation step be \
done by the superuser, as long as the user executing the install has supplied a \
DESTDIR value that points to a writable directory, and the person or process \
performing the install corrects the file ownerships when INN is installed on the \
system on which it's going to run. Thanks to James Ralston for this support.
When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or \
zlib support, no longer add standard locations to compiler and linker include \
flags. Such default paths are now added only if explicitly given to one or more \
of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, \
--with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, \
--with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, \
--with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags \
ending with -include and -lib are new in INN 2.6.0).
If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto \
libraries are found at configure time, INN will now be built with support for \
them unless respectively the --without-bdb, --without-sasl, --without-krb5, or \
--without-openssl flags are explicitly passed to configure.
Note that it was already the default behaviour for zlib support when \
Berkeley DB support was also enabled.
The configure flag --enable-reduced-depends has been added to request that \
library probes assume shared libraries are in use and dependencies of libraries \
should not be probed. It therefore tries to minimize the shared library \
dependencies of the resulting binaries on platforms with proper shared library \
dependencies. This is not enabled by default, and is of interest primarily to \
people building packages for distributions.
Building INN with Python support now requires the use of Python 2.2.0 or \
later as the distutils.sysconfig module used was introduced with Python 2.2.0.
The INN test suite driver is now fully synchronized with the upstream \
version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN \
test suite driver up-to-date will be possible thanks to a new getc-tap-harness \
script in the support directory that automatically fetches the latest upstream \
changes.
Similarly, the new getrra-c-util script permits to keep most of the utility \
and portability functions synchronized with the upstream version of the \
rra-c-util package maintained by Russ Allbery.
Other minor bug fixes and documentation improvements.
Files: