./news/inn, The public release of InterNet News (INN)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.7.1nb4, Package name: inn-2.7.1nb4, Maintainer: spz

This is the public release of InterNet News (INN). This work is
sponsored by the Internet Software Consortium.

InterNetNews is a complete Usenet system. The cornerstone of the
package is innd, an NNTP server that multiplexes all I/O. Newsreading
is handled by a separate server, nnrpd, that is spawned for each
client. Both innd and nnrpd have some slight variances from the
NNTP protocol.

You can set the environment variable INN_SPOOL to whatever you like
to change the default spool directory when building this pkg.

Required to run:
[graphics/p5-GD] [lang/perl5] [security/gnupg] [security/openssl] [mail/p5-MIME-tools]

Required to build:

Package options: canlock, gnupg2, perl

Master sites:

Filesize: 2688.799 KB

Version history: (Expand)

CVS history: (Expand)

   2023-11-17 01:52:53 by Christopher KOBAYASHI | Files touched by this commit (2)
Log message:
Make perl dependencies conditional on "perl" package option.

No functional change in the default configuration case.
   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-08-14 07:25:36 by Thomas Klausner | Files touched by this commit (1247)
Log message:
*: recursive bump for Python 3.11 as new default
   2023-07-18 00:00:25 by Nia Alarie | Files touched by this commit (28)
Log message:
*: Remove many GCC_REQD for particularly old GCCs

In many cases the reasoning is poorly documented, or the reasoning
for setting GCC_REQD is to work around a compiler bug. Practically
a c99 compiler is now required for bootstrap (in at least several
dependencies) so we can entirely rule out GCC versions before 3.0.
   2023-07-06 11:43:03 by Thomas Klausner | Files touched by this commit (2483)
Log message:
*: recursive bump for perl 5.38
   2023-06-09 14:03:59 by Michael Baeuerle | Files touched by this commit (1)
Log message:
news/inn: Set homepage to INN page from Russ Allbery

The ISC page does not contain useful information anymore.
   2023-04-30 16:58:59 by S.P.Zeidler | Files touched by this commit (13) | Package updated
Log message:
update inn to 2.7.1
adding canlock option kudos micha@

upstream changelog:
Changes in 2.7.1 (2023-04-16)

    * Added a new *groupexactcount* parameter in readers.conf to force nnrpd
      to report the exact number of still existing articles in newsgroups
      instead of an estimated count.  When the estimated number of articles
      is strictly below *groupexactcount* (set to 5 by default), nnrpd now
      recounts them and reports the actual value (articles that have been
      cancelled or overwritten in self-expiring CNFS buffers may otherwise
      still be counted in the estimate).  News clients will then be directly
      aware of empty newsgroups; they would otherwise have tried to retrieve
      possible articles, to finally not show anything to the user.

    * Programs sending mails now include, when appropriate, an
      Auto-Submitted header field in the message headers (either set to
      "auto-generated" or "auto-replied", following the \ 
recommendation in
      RFC 3834).  Thanks to Harald Dunkel for this suggestion which will for
      instance help to avoid unnecessary vacation replies.

    * Added a new -a option to innmail to specify additional header fields
      to add in the headers of messages.  This is notably used to internally
      support the addition of the Auto-Submitted header field in outgoing

    * Added new ovsqlite-util program to perform some basic consistency
      checks and dump operations on an overview database using the ovsqlite
      method.  More checks and features will be added in future releases.
      You'll need the "DBI" Perl module with the \ 
"DBD::SQLite" driver
      installed on your system to use this program.

    * Added TLS support in pullnews for connections to upstream servers
      configured in pullnews.marks, and to the downstream server in the
      existing -s flag.  A port can now also be specified for connections to
      upstream servers (it was already possible for the downstream server

    * Added a new -L option to pullnews to specify the largest wanted
      article size in bytes.  Articles whose size exceeds that value will no
      longer be downloaded by pullnews.

    * pullnews now detects a socket timeout while downloading articles from
      a remote peer.  The download gracefully stops, and another attempt can
      be automatically made according to the setting given with the -t flag.
      Thanks to Jesse Rehmer for the bug report.

    * Fixed the generation and the handling of storage tokens on wrapped
      CNFS buffers, thanks to bug reports from Kamil Jonca:

      * Duplicate entries were returned by makehistory on fully wrapped
        cyclic buffers (the first article of the cyclic buffer appeared
        twice in the output).

      * The first article of a fully wrapped cyclic buffer was removed too
        soon from history (expire wrongly thought its storage token was no
        longer existing after a wrap).

      * The first article of the previous cycle number of a cyclic buffer
        containing articles from two different cycle numbers was wrongly
        considered by makehistory to belong to the current cycle number.

    * innd no longer dies when a newsfeeds entry has an unexpected trailing

    * The size of duplicated articles was counted twice in totals, average
      article sizes and graphs by innreport, when parsing innd checkpoints.
      Thanks to Hauke Lampe for the patch to count it only once.

    * Customizing the domain part of Message-IDs generated by nnrpd and the
      server name indicated in Injection-Info header fields is now easier:
      the *domain* parameter in the access blocks of readers.conf can be
      directly used (without needing to set *virtualhost* as it was
      previously the case).

    * If the *domain* parameter is set in inn.conf or in a readers.conf
      access block, and has invalid characters, or if the fully qualified
      domain name (FQDN) of the news server has invalid characters when
      *domain* is unset, a fatal error is now reported at startup.  It is a
      basic configuration error which otherwise leads to the generation of
      invalid article Message-IDs.

    * Improved the speed of article searches with HDR, LAST, NEXT, and XPAT
      commands when there is a (huge) gap in article numbers.  On newsgroups
      with several millions of consecutive missing articles (which is a rare
      situation), these commands could take several seconds to run.

    * Incoming articles in newsgroups that have exceeded the maximum number
      of articles they can contain (2^31-1) are now correctly rejected.  INN
      was otherwise happily accepting them but either numbers returned in
      NNTP responses were not right, or some news clients choked when
      receiving unexpected large article numbers.  (The current version of
      the NNTP protocol only allows article numbers up to 2^31-1.)

    * Fixed the renumbering of reported low water marks for empty newsgroups
      in active after overview expiration, when using the ovsqlite method.
      They were set to 1 for empty newsgroups whereas they were not supposed
      to decrease.  (These reported low water marks regained their expected
      values during the next overview expiration, provided that the
      newsgroup was no longer empty.)

    * The reported high water mark of empty newsgroups is now correctly set
      to one less than the reported low water mark in overview data.
      (Previously, the reported low water mark was set to one more than the
      reported high water mark.)

    * Fixed the output of the "ctlinnd feedinfo ''" command that was
      returning information only for the first site, and the output of the
      "ctlinnd name channel" command that was returning partial information
      for the requested channel.

    * The build of external programs which include inn/storage.h was failing
      because of the unexpected inclusion of config.h in one of the included
      headers.  Also, a few Autoconf results were not correctly made
      available to external programs.  This is now fixed.

    * Fixed the build on systems whose default shell does not completely
      meet the Posix standard.  A few build scripts were run with the
      default shell instead of the one found by Autoconf and afterwards used
      for INN.

    * Use standard daemon(3) C function, when available, to daemonize innd,
      nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific

Upgrading from 2.6 to 2.7

    The following changes require your full attention because a manual
    intervention may be needed:

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption* as it applies to any kind of encryption layers,
      including TLS and SASL security layers.  Since innupgrade only takes
      care of the change in the file named readers.conf, you will have to
      manually rename that parameter in configuration files for nnrpd with
      an alternate name.

    * The innreport.conf file in *pathetc* has been split into a general
      configuration file (innreport.conf itself) and a display configuration
      file (innreport-display.conf in *pathlib*).  If you made local changes
      in sections other than the *default* section in innreport.conf, and
      wish to keep them, then you need renaming the new
      innreport-display.conf file to another name in *pathlib*, setting this
      local file name in the new *display_conf_file* option in
      innreport.conf, and re-applying your local changes to that local
      display configuration file.

      As a matter of fact, the default display configuration file would
      otherwise be overwritten each time INN is updated.  Bug fixes or
      enhancements are made from time to time to the display configuration
      of innreport, and previously couldn't be automatically be merged in
      innreport.conf on update.  This new separate configuration file to
      parameterize the display will now permit an automatic update (if of
      course you use the default display configuration file).

    * A new inn-secrets.conf configuration file has been added in *pathetc*.
      The intent is that, from now on, new secrets used by INN are added to
      that file, and that all secrets currently stored in several other
      configuration files eventually move to that file.  Make sure it is
      properly created during the upgrade, and not world-readable.  It
      currently only stores the secrets used for the new Cancel-Lock

    * The -C flag given to innd to disable the execution of cancels has been
      deprecated and is no longer taken into account (an error message will
      be present in your logs if innd is started with it).  Instead, a new
      parameter has been added in inn.conf to tune the types of cancels innd
      should process.  If *docancels* is set to "require-auth", which \ 
is the
      default if INN has Cancel-Lock support, only articles originally
      protected by the Cancel-Lock authentication mechanism can be withdrawn
      by a valid authenticated cancel article or a valid authenticated
      supersede request.  Withdrawals of articles not originally protected
      by Cancel-Lock will not be executed.  See inn.conf(5) for more details
      about the different values of the new *docancels* parameter, and make
      sure to parameterize it according to your needs.

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  The first was performing an inefficient and
      inexact check (that should be done, if wanted, in the special "ME"
      entry in newsfeeds, or even better, ask your peers not to feed you
      articles with "cyberspam" in the Path header field body); the second
      check performed on the newsgroups present in cancel articles was not
      useful in innd (this check is relevant to posting agents).

      The related lines in inn.conf will be commented by innupgrade during
      the upgrade.

    * The XBATCH command is no longer enabled by default in innd.  You'll
      have to explicitly enable that capability by setting the new *xbatch*
      parameter to true in incoming.conf for the peers sending you such
      compressed batches.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been
      removed.  innupgrade will take care of the changes (inverting the
      boolean values, and commenting the lines with removed parameters).

    * filechan is no longer shipped with INN; it was just a simple version
      of buffchan.  All calls to "filechan" will be changed to \ 
"buffchan -u"
      (for its unbuffered mode) in newsfeeds by innupgrade.  If you have
      local scripts running filechan, you will have to manually take care of
      the change.

    * send-nntp is no longer shipped with INN.  If you have local scripts
      running it, you will have to manually adjust them to use nntpsend
      which basically does the same thing, better.  Or, even greater, use
      innfeed if that is possible.

    * Wrappers around old Perl and Python authentication and access hooks,
      pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and
      *nnrppythonauth* parameters in inn.conf, are no longer shipped as
      samples in INN releases.  If not already done, you should either
      replace old hooks with new modern hooks or use the possibilities that
      readers.conf and regular authenticator and resolver programs offer.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.  External programs building or linking
      against them need a manual change.

    If you are upgrading from a version prior to INN 2.6, see also
    "Upgrading from 2.5 to 2.6".

Changes in 2.7.0 (2022-07-10)

    * Upgrading to a major release is a good time to ensure that your
      configuration files, that are usually kept untouched during normal
      updates, are up-to-date: notably control.ctl (with your local changes
      in a separate control.ctl.local file), new better default values in
      inn.conf and innfeed.conf, improvements in innreport.conf (along with
      innreport-display.conf) and innreport.css, fixes in innwatch.ctl,
      updated moderators and nocem.ctl files.

      You may also want to check that the PGP keys used to verify the
      signature of control articles and NoCeM notices are still up-to-date
      and working.  The keys of a few hierarchies and NoCeM issuers have
      recently changed.

    * Bo Lindbergh has implemented a new overview storage method based on
      SQLite, known for its long-term stability and compatibility.  Robust
      and faster at reading ranges of overview data, but somewhat slower at
      writing, this new SQLite-based method is a perfect choice to store
      overview data.

      To select it as your overview method, set the *ovmethod* parameter in
      inn.conf to "ovsqlite".  Details about ovsqlite, the ovsqlite.conf
      configuration file and how to switch to that new modern overview
      storage method can be found in the ovsqlite(5) and makehistory(8) man

    * Julien Elie has implemented Cancel-Lock support in innd and nnrpd,
      based on RFC 8315 and libcanlock.  A new inn-secrets.conf
      configuration file has been added in *pathetc* wherein you can set the
      secrets to use for Cancel-Lock.  See the inn-secrets.conf(5) man page
      for more details.

      A new -F flag is recognized by innconfval to indicate the type of file
      to parse (by default, "inn.conf"); just run "innconfval -F
      inn-secrets.conf" to get the values of that new configuration file.
      Another new flag, -f, permits specifying another file name to parse
      than the standard one.

      The *addcanlockuser* parameter has been added in readers.conf to
      deactivate the generation of user-specific hashes when several
      different posters have the same identity in an access group.  This
      parameter also permits setting whether the hash, when generated, is
      based on the username or the (static) IP of the connection.

    * Added a new tool, gencancel, to help the news administrator generate
      authenticated cancel control messages, with the expected admin
      Cancel-Key hashes.  See the gencancel(1) man page for more details.

    * A new *docancels* parameter has been added in inn.conf to define which
      types of cancels innd should process.  The -C flag given to innd is
      deprecated in favour of that new parameter (you'll see in your logs
      the message "innd -C flag has been deprecated and has no effect; use
      docancels in inn.conf" in case you're passing that flag to innd).

    * Andreas Kempe has implemented blacklistd support in nnrpd.  This
      daemon, available notably in FreeBSD and NetBSD, can be used to
      prevent brute force attacks by blocking attackers after a number of
      failed login attempts.  When nnrpd is run with the new -B flag, and
      INN has been configured with the new --with-blacklist option, it will
      report login attempts to the blacklistd daemon for potential blocking.

    * Building INN with TLS support using LibreSSL is now supported (only
      OpenSSL was previously officially supported and tested).

    * Fixed the parsing of *hosts* and *localaddress* parameters in
      readers.conf; exclusion patterns (beginning with "!") have not been
      working since INN 2.5.0.

    * Improved the robustness of innxmit when receiving 500 or 501 response
      codes from peers, indicating they do not understand the NNTP command
      or (wrongly) think there is a syntax error.  Richard Kettlewell added
      a proper handling of these responses, making innxmit dropping the
      refused article instead of keeping sending it over and over (and thus
      receiving each time the same error in response codes).

    * innreport now collects statistics from innxbatch and generates a
      section for them in its reports.

    * The innreport.conf file in *pathetc*, previously containing almost
      2500 lines, has been split into a general configuration file
      (innreport.conf itself, still in *pathetc*, with about 60 lines) and a
      display configuration file (innreport-display.conf, a new separate
      file in *pathlib*).  The name of this display configuration file can
      be parameterized in the new *display_conf_file* option in

    * The -m flag given to mailpost now sets a List-ID header field instead
      of a Mailing-List header field.

    * rc.news, used to start and stop INN daemons, now checks whether it is
      run as the news user.  It will exit if not the case, to ensure not to
      tamper with the ownership of files INN manipulates.

    * filechan has been removed; it was just a simple version of buffchan,
      which should now be used.

    * send-nntp has been removed; it was just a simple version of nntpsend,
      which should now be used (or, even better, innfeed).

    * The *refusecybercancels* and *verifycancels* parameters have been
      removed from inn.conf.  Besides, inews no longer checks if the From or
      Sender header fields of a cancel or supersede request match the ones
      of the original article being withdrawn.  All of these were either
      inefficient or inexact checks.

    * The *xbatch* parameter has been added in incoming.conf to enable the
      XBATCH command in innd for specific remote peers.  The default is to
      disable the capability.

    * The *nolist* and *noresendid* parameters in incoming.conf have been
      respectively renamed to *list* and *resendid* (and the meaning of
      their related boolean values is now the opposite).  Besides, the
      unused *comment* and *email* parameters in incoming.conf have been

    * inews no longer adds a Sender header field nor overwrites an existing
      one in articles it processes if the new -P flag is used.  The Path
      header field, if unset, no longer systematically contains the path
      identity of the local news server (you may want to add it manually
      with the -x flag, if needed).  Finally, inews also no longer adds the
      obsolescent Lines header field.

    * A new -E flag can now be given to inews to silently discard empty
      articles, instead of bailing out with an error.  Another new -m flag
      permits setting the Message-ID instead of letting inews generate one.
      And a third new flag, -Y, forces inews to authenticate to the remote
      news server even if not asked to.

    * signcontrol has been removed as it embeds per-site configuration which
      is overwritten each time INN is updated to a newer version, and it is
      unlikely you ever need it.  Nonetheless, if you need to issue
      PGP-signed control messages, you can still download it from

    * Support in controlchan for obsolete *sendsys*, *senduuname* and
      *version* control messages has been removed.  These control messages,
      long been deprecated, should no longer be sent nor honoured nowadays.
      Besides, the "doifarg" keyword in control.ctl is no longer recognized
      (it was only used for these three kinds of control messages).

    * The *require_ssl* parameter in readers.conf has been renamed to
      *require_encryption*, which is a better name as it applies to any kind
      of encryption layers, including TLS and SASL security layers.

    * Fixed the use of a deprecated API in Kerberos V5.  INN now requires
      version 1.6.1 or higher of MIT Kerberos v5 to build.

    * The libauth.h header file and the libstorage library have been renamed
      to libinnauth.h and libinnstorage to homogenize their name with
      existing libinnhist library.

    * All of the applicable bug fixes from the INN 2.6 STABLE series are
      also included in INN 2.7.