head 1.14; access; symbols pkgsrc-2026Q1:1.14.0.24 pkgsrc-2026Q1-base:1.14 pkgsrc-2025Q4:1.14.0.22 pkgsrc-2025Q4-base:1.14 pkgsrc-2025Q3:1.14.0.20 pkgsrc-2025Q3-base:1.14 pkgsrc-2025Q2:1.14.0.18 pkgsrc-2025Q2-base:1.14 pkgsrc-2025Q1:1.14.0.16 pkgsrc-2025Q1-base:1.14 pkgsrc-2024Q4:1.14.0.14 pkgsrc-2024Q4-base:1.14 pkgsrc-2024Q3:1.14.0.12 pkgsrc-2024Q3-base:1.14 pkgsrc-2024Q2:1.14.0.10 pkgsrc-2024Q2-base:1.14 pkgsrc-2024Q1:1.14.0.8 pkgsrc-2024Q1-base:1.14 pkgsrc-2023Q4:1.14.0.6 pkgsrc-2023Q4-base:1.14 pkgsrc-2023Q3:1.14.0.4 pkgsrc-2023Q3-base:1.14 pkgsrc-2023Q2:1.14.0.2 pkgsrc-2023Q2-base:1.14 pkgsrc-2023Q1:1.13.0.8 pkgsrc-2023Q1-base:1.13 pkgsrc-2022Q4:1.13.0.6 pkgsrc-2022Q4-base:1.13 pkgsrc-2022Q3:1.13.0.4 pkgsrc-2022Q3-base:1.13 pkgsrc-2022Q2:1.13.0.2 pkgsrc-2022Q2-base:1.13 pkgsrc-2022Q1:1.12.0.62 pkgsrc-2022Q1-base:1.12 pkgsrc-2021Q4:1.12.0.60 pkgsrc-2021Q4-base:1.12 pkgsrc-2021Q3:1.12.0.58 pkgsrc-2021Q3-base:1.12 pkgsrc-2021Q2:1.12.0.56 pkgsrc-2021Q2-base:1.12 pkgsrc-2021Q1:1.12.0.54 pkgsrc-2021Q1-base:1.12 pkgsrc-2020Q4:1.12.0.52 pkgsrc-2020Q4-base:1.12 pkgsrc-2020Q3:1.12.0.50 pkgsrc-2020Q3-base:1.12 pkgsrc-2020Q2:1.12.0.46 pkgsrc-2020Q2-base:1.12 pkgsrc-2020Q1:1.12.0.26 pkgsrc-2020Q1-base:1.12 pkgsrc-2019Q4:1.12.0.48 pkgsrc-2019Q4-base:1.12 pkgsrc-2019Q3:1.12.0.44 pkgsrc-2019Q3-base:1.12 pkgsrc-2019Q2:1.12.0.42 pkgsrc-2019Q2-base:1.12 pkgsrc-2019Q1:1.12.0.40 pkgsrc-2019Q1-base:1.12 pkgsrc-2018Q4:1.12.0.38 pkgsrc-2018Q4-base:1.12 pkgsrc-2018Q3:1.12.0.36 pkgsrc-2018Q3-base:1.12 pkgsrc-2018Q2:1.12.0.34 pkgsrc-2018Q2-base:1.12 pkgsrc-2018Q1:1.12.0.32 pkgsrc-2018Q1-base:1.12 pkgsrc-2017Q4:1.12.0.30 pkgsrc-2017Q4-base:1.12 pkgsrc-2017Q3:1.12.0.28 pkgsrc-2017Q3-base:1.12 pkgsrc-2017Q2:1.12.0.24 pkgsrc-2017Q2-base:1.12 pkgsrc-2017Q1:1.12.0.22 pkgsrc-2017Q1-base:1.12 pkgsrc-2016Q4:1.12.0.20 pkgsrc-2016Q4-base:1.12 pkgsrc-2016Q3:1.12.0.18 pkgsrc-2016Q3-base:1.12 pkgsrc-2016Q2:1.12.0.16 pkgsrc-2016Q2-base:1.12 pkgsrc-2016Q1:1.12.0.14 pkgsrc-2016Q1-base:1.12 pkgsrc-2015Q4:1.12.0.12 pkgsrc-2015Q4-base:1.12 pkgsrc-2015Q3:1.12.0.10 pkgsrc-2015Q3-base:1.12 pkgsrc-2015Q2:1.12.0.8 pkgsrc-2015Q2-base:1.12 pkgsrc-2015Q1:1.12.0.6 pkgsrc-2015Q1-base:1.12 pkgsrc-2014Q4:1.12.0.4 pkgsrc-2014Q4-base:1.12 pkgsrc-2014Q3:1.12.0.2 pkgsrc-2014Q3-base:1.12 pkgsrc-2014Q2:1.11.0.40 pkgsrc-2014Q2-base:1.11 pkgsrc-2014Q1:1.11.0.38 pkgsrc-2014Q1-base:1.11 pkgsrc-2013Q4:1.11.0.36 pkgsrc-2013Q4-base:1.11 pkgsrc-2013Q3:1.11.0.34 pkgsrc-2013Q3-base:1.11 pkgsrc-2013Q2:1.11.0.32 pkgsrc-2013Q2-base:1.11 pkgsrc-2013Q1:1.11.0.30 pkgsrc-2013Q1-base:1.11 pkgsrc-2012Q4:1.11.0.28 pkgsrc-2012Q4-base:1.11 pkgsrc-2012Q3:1.11.0.26 pkgsrc-2012Q3-base:1.11 pkgsrc-2012Q2:1.11.0.24 pkgsrc-2012Q2-base:1.11 pkgsrc-2012Q1:1.11.0.22 pkgsrc-2012Q1-base:1.11 pkgsrc-2011Q4:1.11.0.20 pkgsrc-2011Q4-base:1.11 pkgsrc-2011Q3:1.11.0.18 pkgsrc-2011Q3-base:1.11 pkgsrc-2011Q2:1.11.0.16 pkgsrc-2011Q2-base:1.11 pkgsrc-2011Q1:1.11.0.14 pkgsrc-2011Q1-base:1.11 pkgsrc-2010Q4:1.11.0.12 pkgsrc-2010Q4-base:1.11 pkgsrc-2010Q3:1.11.0.10 pkgsrc-2010Q3-base:1.11 pkgsrc-2010Q2:1.11.0.8 pkgsrc-2010Q2-base:1.11 pkgsrc-2010Q1:1.11.0.6 pkgsrc-2010Q1-base:1.11 pkgsrc-2009Q4:1.11.0.4 pkgsrc-2009Q4-base:1.11 pkgsrc-2009Q3:1.11.0.2 pkgsrc-2009Q3-base:1.11 pkgsrc-2009Q2:1.10.0.14 pkgsrc-2009Q2-base:1.10 pkgsrc-2009Q1:1.10.0.12 pkgsrc-2009Q1-base:1.10 pkgsrc-2008Q4:1.10.0.10 pkgsrc-2008Q4-base:1.10 pkgsrc-2008Q3:1.10.0.8 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.6 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.10.0.4 pkgsrc-2008Q2-base:1.10 cwrapper:1.10.0.2 pkgsrc-2008Q1:1.9.0.30 pkgsrc-2008Q1-base:1.9 pkgsrc-2007Q4:1.9.0.28 pkgsrc-2007Q4-base:1.9 pkgsrc-2007Q3:1.9.0.26 pkgsrc-2007Q3-base:1.9 pkgsrc-2007Q2:1.9.0.24 pkgsrc-2007Q2-base:1.9 pkgsrc-2007Q1:1.9.0.22 pkgsrc-2007Q1-base:1.9 pkgsrc-2006Q4:1.9.0.20 pkgsrc-2006Q4-base:1.9 pkgsrc-2006Q3:1.9.0.18 pkgsrc-2006Q3-base:1.9 pkgsrc-2006Q2:1.9.0.16 pkgsrc-2006Q2-base:1.9 pkgsrc-2006Q1:1.9.0.14 pkgsrc-2006Q1-base:1.9 pkgsrc-2005Q4:1.9.0.12 pkgsrc-2005Q4-base:1.9 pkgsrc-2005Q3:1.9.0.10 pkgsrc-2005Q3-base:1.9 pkgsrc-2005Q2:1.9.0.8 pkgsrc-2005Q2-base:1.9 pkgsrc-2005Q1:1.9.0.6 pkgsrc-2005Q1-base:1.9 pkgsrc-2004Q4:1.9.0.4 pkgsrc-2004Q4-base:1.9 pkgsrc-2004Q3:1.9.0.2 pkgsrc-2004Q3-base:1.9 pkgsrc-2004Q2:1.8.0.14 pkgsrc-2004Q2-base:1.8 pkgsrc-2004Q1:1.8.0.12 pkgsrc-2004Q1-base:1.8 pkgsrc-2003Q4:1.8.0.10 pkgsrc-2003Q4-base:1.8 netbsd-1-6-1:1.8.0.6 netbsd-1-6-1-base:1.8 netbsd-1-6:1.8.0.8 netbsd-1-6-RELEASE-base:1.8 pkgviews:1.8.0.4 pkgviews-base:1.8 buildlink2:1.8.0.2 buildlink2-base:1.8 netbsd-1-5-PATCH003:1.8 netbsd-1-5-PATCH001:1.8 netbsd-1-5-RELEASE:1.7 netbsd-1-4-PATCH003:1.7 netbsd-1-4-PATCH002:1.4 comdex-fall-1999:1.4 netbsd-1-4-PATCH001:1.1 netbsd-1-4-RELEASE:1.1 netbsd-1-3-PATCH003:1.1; locks; strict; comment @# @; 1.14 date 2023.04.30.14.58.58; author spz; state Exp; branches; next 1.13; commitid EHEX0AY7pT0AU8nE; 1.13 date 2022.04.16.11.44.53; author spz; state Exp; branches; next 1.12; commitid RKpYUxWDvjN51qAD; 1.12 date 2014.08.03.17.33.34; author spz; state Exp; branches; next 1.11; commitid ZeipQVABT84TlWKx; 1.11 date 2009.09.22.13.17.00; author spz; state Exp; branches; next 1.10; 1.10 date 2008.06.23.09.10.53; author spz; state Exp; branches; next 1.9; 1.9 date 2004.07.24.23.55.28; author grant; state Exp; branches; next 1.8; 1.8 date 2001.02.08.16.23.07; author tron; state Exp; branches; next 1.7; 1.7 date 2000.09.01.20.16.59; author veego; state Exp; branches; next 1.6; 1.6 date 2000.08.17.14.00.28; author wiz; state Exp; branches; next 1.5; 1.5 date 2000.07.03.13.46.43; author veego; state Exp; branches; next 1.4; 1.4 date 99.07.29.21.15.47; author tron; state Exp; branches; next 1.3; 1.3 date 99.07.29.20.27.20; author tron; state Exp; branches; next 1.2; 1.2 date 99.07.18.23.34.13; author tron; state Exp; branches; next 1.1; 1.1 date 98.09.05.03.21.11; author garbled; state Exp; branches; next ; desc @@ 1.14 log @update inn to 2.7.1 adding canlock option kudos micha@@ upstream changelog: Changes in 2.7.1 (2023-04-16) * Added a new *groupexactcount* parameter in readers.conf to force nnrpd to report the exact number of still existing articles in newsgroups instead of an estimated count. When the estimated number of articles is strictly below *groupexactcount* (set to 5 by default), nnrpd now recounts them and reports the actual value (articles that have been cancelled or overwritten in self-expiring CNFS buffers may otherwise still be counted in the estimate). News clients will then be directly aware of empty newsgroups; they would otherwise have tried to retrieve possible articles, to finally not show anything to the user. * Programs sending mails now include, when appropriate, an Auto-Submitted header field in the message headers (either set to "auto-generated" or "auto-replied", following the recommendation in RFC 3834). Thanks to Harald Dunkel for this suggestion which will for instance help to avoid unnecessary vacation replies. * Added a new -a option to innmail to specify additional header fields to add in the headers of messages. This is notably used to internally support the addition of the Auto-Submitted header field in outgoing mails. * Added new ovsqlite-util program to perform some basic consistency checks and dump operations on an overview database using the ovsqlite method. More checks and features will be added in future releases. You'll need the "DBI" Perl module with the "DBD::SQLite" driver installed on your system to use this program. * Added TLS support in pullnews for connections to upstream servers configured in pullnews.marks, and to the downstream server in the existing -s flag. A port can now also be specified for connections to upstream servers (it was already possible for the downstream server only). * Added a new -L option to pullnews to specify the largest wanted article size in bytes. Articles whose size exceeds that value will no longer be downloaded by pullnews. * pullnews now detects a socket timeout while downloading articles from a remote peer. The download gracefully stops, and another attempt can be automatically made according to the setting given with the -t flag. Thanks to Jesse Rehmer for the bug report. * Fixed the generation and the handling of storage tokens on wrapped CNFS buffers, thanks to bug reports from Kamil Jonca: * Duplicate entries were returned by makehistory on fully wrapped cyclic buffers (the first article of the cyclic buffer appeared twice in the output). * The first article of a fully wrapped cyclic buffer was removed too soon from history (expire wrongly thought its storage token was no longer existing after a wrap). * The first article of the previous cycle number of a cyclic buffer containing articles from two different cycle numbers was wrongly considered by makehistory to belong to the current cycle number. * innd no longer dies when a newsfeeds entry has an unexpected trailing whitespace. * The size of duplicated articles was counted twice in totals, average article sizes and graphs by innreport, when parsing innd checkpoints. Thanks to Hauke Lampe for the patch to count it only once. * Customizing the domain part of Message-IDs generated by nnrpd and the server name indicated in Injection-Info header fields is now easier: the *domain* parameter in the access blocks of readers.conf can be directly used (without needing to set *virtualhost* as it was previously the case). * If the *domain* parameter is set in inn.conf or in a readers.conf access block, and has invalid characters, or if the fully qualified domain name (FQDN) of the news server has invalid characters when *domain* is unset, a fatal error is now reported at startup. It is a basic configuration error which otherwise leads to the generation of invalid article Message-IDs. * Improved the speed of article searches with HDR, LAST, NEXT, and XPAT commands when there is a (huge) gap in article numbers. On newsgroups with several millions of consecutive missing articles (which is a rare situation), these commands could take several seconds to run. * Incoming articles in newsgroups that have exceeded the maximum number of articles they can contain (2^31-1) are now correctly rejected. INN was otherwise happily accepting them but either numbers returned in NNTP responses were not right, or some news clients choked when receiving unexpected large article numbers. (The current version of the NNTP protocol only allows article numbers up to 2^31-1.) * Fixed the renumbering of reported low water marks for empty newsgroups in active after overview expiration, when using the ovsqlite method. They were set to 1 for empty newsgroups whereas they were not supposed to decrease. (These reported low water marks regained their expected values during the next overview expiration, provided that the newsgroup was no longer empty.) * The reported high water mark of empty newsgroups is now correctly set to one less than the reported low water mark in overview data. (Previously, the reported low water mark was set to one more than the reported high water mark.) * Fixed the output of the "ctlinnd feedinfo ''" command that was returning information only for the first site, and the output of the "ctlinnd name channel" command that was returning partial information for the requested channel. * The build of external programs which include inn/storage.h was failing because of the unexpected inclusion of config.h in one of the included headers. Also, a few Autoconf results were not correctly made available to external programs. This is now fixed. * Fixed the build on systems whose default shell does not completely meet the Posix standard. A few build scripts were run with the default shell instead of the one found by Autoconf and afterwards used for INN. * Use standard daemon(3) C function, when available, to daemonize innd, nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific function. Upgrading from 2.6 to 2.7 The following changes require your full attention because a manual intervention may be needed: * The *require_ssl* parameter in readers.conf has been renamed to *require_encryption* as it applies to any kind of encryption layers, including TLS and SASL security layers. Since innupgrade only takes care of the change in the file named readers.conf, you will have to manually rename that parameter in configuration files for nnrpd with an alternate name. * The innreport.conf file in *pathetc* has been split into a general configuration file (innreport.conf itself) and a display configuration file (innreport-display.conf in *pathlib*). If you made local changes in sections other than the *default* section in innreport.conf, and wish to keep them, then you need renaming the new innreport-display.conf file to another name in *pathlib*, setting this local file name in the new *display_conf_file* option in innreport.conf, and re-applying your local changes to that local display configuration file. As a matter of fact, the default display configuration file would otherwise be overwritten each time INN is updated. Bug fixes or enhancements are made from time to time to the display configuration of innreport, and previously couldn't be automatically be merged in innreport.conf on update. This new separate configuration file to parameterize the display will now permit an automatic update (if of course you use the default display configuration file). * A new inn-secrets.conf configuration file has been added in *pathetc*. The intent is that, from now on, new secrets used by INN are added to that file, and that all secrets currently stored in several other configuration files eventually move to that file. Make sure it is properly created during the upgrade, and not world-readable. It currently only stores the secrets used for the new Cancel-Lock functionality. * The -C flag given to innd to disable the execution of cancels has been deprecated and is no longer taken into account (an error message will be present in your logs if innd is started with it). Instead, a new parameter has been added in inn.conf to tune the types of cancels innd should process. If *docancels* is set to "require-auth", which is the default if INN has Cancel-Lock support, only articles originally protected by the Cancel-Lock authentication mechanism can be withdrawn by a valid authenticated cancel article or a valid authenticated supersede request. Withdrawals of articles not originally protected by Cancel-Lock will not be executed. See inn.conf(5) for more details about the different values of the new *docancels* parameter, and make sure to parameterize it according to your needs. * The *refusecybercancels* and *verifycancels* parameters have been removed from inn.conf. The first was performing an inefficient and inexact check (that should be done, if wanted, in the special "ME" entry in newsfeeds, or even better, ask your peers not to feed you articles with "cyberspam" in the Path header field body); the second check performed on the newsgroups present in cancel articles was not useful in innd (this check is relevant to posting agents). The related lines in inn.conf will be commented by innupgrade during the upgrade. * The XBATCH command is no longer enabled by default in innd. You'll have to explicitly enable that capability by setting the new *xbatch* parameter to true in incoming.conf for the peers sending you such compressed batches. * The *nolist* and *noresendid* parameters in incoming.conf have been respectively renamed to *list* and *resendid* (and the meaning of their related boolean values is now the opposite). Besides, the unused *comment* and *email* parameters in incoming.conf have been removed. innupgrade will take care of the changes (inverting the boolean values, and commenting the lines with removed parameters). * filechan is no longer shipped with INN; it was just a simple version of buffchan. All calls to "filechan" will be changed to "buffchan -u" (for its unbuffered mode) in newsfeeds by innupgrade. If you have local scripts running filechan, you will have to manually take care of the change. * send-nntp is no longer shipped with INN. If you have local scripts running it, you will have to manually adjust them to use nntpsend which basically does the same thing, better. Or, even greater, use innfeed if that is possible. * Wrappers around old Perl and Python authentication and access hooks, pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and *nnrppythonauth* parameters in inn.conf, are no longer shipped as samples in INN releases. If not already done, you should either replace old hooks with new modern hooks or use the possibilities that readers.conf and regular authenticator and resolver programs offer. * The libauth.h header file and the libstorage library have been renamed to libinnauth.h and libinnstorage to homogenize their name with existing libinnhist library. External programs building or linking against them need a manual change. If you are upgrading from a version prior to INN 2.6, see also "Upgrading from 2.5 to 2.6". Changes in 2.7.0 (2022-07-10) * Upgrading to a major release is a good time to ensure that your configuration files, that are usually kept untouched during normal updates, are up-to-date: notably control.ctl (with your local changes in a separate control.ctl.local file), new better default values in inn.conf and innfeed.conf, improvements in innreport.conf (along with innreport-display.conf) and innreport.css, fixes in innwatch.ctl, updated moderators and nocem.ctl files. You may also want to check that the PGP keys used to verify the signature of control articles and NoCeM notices are still up-to-date and working. The keys of a few hierarchies and NoCeM issuers have recently changed. * Bo Lindbergh has implemented a new overview storage method based on SQLite, known for its long-term stability and compatibility. Robust and faster at reading ranges of overview data, but somewhat slower at writing, this new SQLite-based method is a perfect choice to store overview data. To select it as your overview method, set the *ovmethod* parameter in inn.conf to "ovsqlite". Details about ovsqlite, the ovsqlite.conf configuration file and how to switch to that new modern overview storage method can be found in the ovsqlite(5) and makehistory(8) man pages. * Julien Elie has implemented Cancel-Lock support in innd and nnrpd, based on RFC 8315 and libcanlock. A new inn-secrets.conf configuration file has been added in *pathetc* wherein you can set the secrets to use for Cancel-Lock. See the inn-secrets.conf(5) man page for more details. A new -F flag is recognized by innconfval to indicate the type of file to parse (by default, "inn.conf"); just run "innconfval -F inn-secrets.conf" to get the values of that new configuration file. Another new flag, -f, permits specifying another file name to parse than the standard one. The *addcanlockuser* parameter has been added in readers.conf to deactivate the generation of user-specific hashes when several different posters have the same identity in an access group. This parameter also permits setting whether the hash, when generated, is based on the username or the (static) IP of the connection. * Added a new tool, gencancel, to help the news administrator generate authenticated cancel control messages, with the expected admin Cancel-Key hashes. See the gencancel(1) man page for more details. * A new *docancels* parameter has been added in inn.conf to define which types of cancels innd should process. The -C flag given to innd is deprecated in favour of that new parameter (you'll see in your logs the message "innd -C flag has been deprecated and has no effect; use docancels in inn.conf" in case you're passing that flag to innd). * Andreas Kempe has implemented blacklistd support in nnrpd. This daemon, available notably in FreeBSD and NetBSD, can be used to prevent brute force attacks by blocking attackers after a number of failed login attempts. When nnrpd is run with the new -B flag, and INN has been configured with the new --with-blacklist option, it will report login attempts to the blacklistd daemon for potential blocking. * Building INN with TLS support using LibreSSL is now supported (only OpenSSL was previously officially supported and tested). * Fixed the parsing of *hosts* and *localaddress* parameters in readers.conf; exclusion patterns (beginning with "!") have not been working since INN 2.5.0. * Improved the robustness of innxmit when receiving 500 or 501 response codes from peers, indicating they do not understand the NNTP command or (wrongly) think there is a syntax error. Richard Kettlewell added a proper handling of these responses, making innxmit dropping the refused article instead of keeping sending it over and over (and thus receiving each time the same error in response codes). * innreport now collects statistics from innxbatch and generates a section for them in its reports. * The innreport.conf file in *pathetc*, previously containing almost 2500 lines, has been split into a general configuration file (innreport.conf itself, still in *pathetc*, with about 60 lines) and a display configuration file (innreport-display.conf, a new separate file in *pathlib*). The name of this display configuration file can be parameterized in the new *display_conf_file* option in innreport.conf. * The -m flag given to mailpost now sets a List-ID header field instead of a Mailing-List header field. * rc.news, used to start and stop INN daemons, now checks whether it is run as the news user. It will exit if not the case, to ensure not to tamper with the ownership of files INN manipulates. * filechan has been removed; it was just a simple version of buffchan, which should now be used. * send-nntp has been removed; it was just a simple version of nntpsend, which should now be used (or, even better, innfeed). * The *refusecybercancels* and *verifycancels* parameters have been removed from inn.conf. Besides, inews no longer checks if the From or Sender header fields of a cancel or supersede request match the ones of the original article being withdrawn. All of these were either inefficient or inexact checks. * The *xbatch* parameter has been added in incoming.conf to enable the XBATCH command in innd for specific remote peers. The default is to disable the capability. * The *nolist* and *noresendid* parameters in incoming.conf have been respectively renamed to *list* and *resendid* (and the meaning of their related boolean values is now the opposite). Besides, the unused *comment* and *email* parameters in incoming.conf have been removed. * inews no longer adds a Sender header field nor overwrites an existing one in articles it processes if the new -P flag is used. The Path header field, if unset, no longer systematically contains the path identity of the local news server (you may want to add it manually with the -x flag, if needed). Finally, inews also no longer adds the obsolescent Lines header field. * A new -E flag can now be given to inews to silently discard empty articles, instead of bailing out with an error. Another new -m flag permits setting the Message-ID instead of letting inews generate one. And a third new flag, -Y, forces inews to authenticate to the remote news server even if not asked to. * signcontrol has been removed as it embeds per-site configuration which is overwritten each time INN is updated to a newer version, and it is unlikely you ever need it. Nonetheless, if you need to issue PGP-signed control messages, you can still download it from . * Support in controlchan for obsolete *sendsys*, *senduuname* and *version* control messages has been removed. These control messages, long been deprecated, should no longer be sent nor honoured nowadays. Besides, the "doifarg" keyword in control.ctl is no longer recognized (it was only used for these three kinds of control messages). * The *require_ssl* parameter in readers.conf has been renamed to *require_encryption*, which is a better name as it applies to any kind of encryption layers, including TLS and SASL security layers. * Fixed the use of a deprecated API in Kerberos V5. INN now requires version 1.6.1 or higher of MIT Kerberos v5 to build. * The libauth.h header file and the libstorage library have been renamed to libinnauth.h and libinnstorage to homogenize their name with existing libinnhist library. * All of the applicable bug fixes from the INN 2.6 STABLE series are also included in INN 2.7. @ text @$NetBSD: patch-ac,v 1.13 2022/04/16 11:44:53 spz Exp $ no file backups for subsequent install runs please --- Makefile.global.in.orig 2014-05-17 08:24:49.000000000 +0000 +++ Makefile.global.in @@@@ -340,7 +340,7 @@@@ INSTALL = $(top)/support/install-sh -c ## files like active and newsgroups that should have the same permissions as ## article files. -BACKUP_OPTION = -S .OLD +#BACKUP_OPTION = -S .OLD LI_SPRI = $(LIBTOOLINST) $(INSTALL) -o root -g $(RUNASGROUP) -m 4550 $(BACKUP_OPTION) LI_XPRI = $(LIBTOOLINST) $(INSTALL) $(OWNER) -m 0550 $(BACKUP_OPTION) @ 1.13 log @updating news/inn to 2.6.5 upstream changelog: Changes in 2.6.5 * A new step in INN development has been achieved with the migration of the INN project to GitHub. We now make use of the features GitHub provides: issue tracker, pull requests, continuous integration, a user-friendly interface to browse the code, etc. Our Subversion repository has therefore been migrated to Git, and our Trac tickets to the GitHub issue tracker. * An up-to-date nocem.ctl file is provided with this release. You should manually update your nocem.ctl file with the new information recorded about NoCeM issuers, and make sure the right PGP keys are present on your system. * Up-to-date control.ctl and moderators files are provided with this release. You should manually update them (notably for the fido7.* hierarchy). * Added a stricter validation of article numbers given in NNTP commands so that numbers superior to 2^31 are correctly considered invalid. Thanks to Richard Kettlewell for the patch. * Added a check in rc.news for the existence of the *pathrun* directory. INN won't start until this directory is writable. Previously, it bailed out quickly after starting, without clear logs about why it failed. * Fixed parallel builds using "make -j". Thanks to Richard Kettlewell for the path. * nnrpd now properly gathers timer statistics when a compression layer is active. * nnrpd now properly discards data received from a news client after a timeout when a TLS layer is active. It previously tried to read incoming data before closing the socket, leading to decoding errors from an underlying compression or SASL layer. * innfeed and ovdb_stat now generate status reports in valid HTML syntax. * Fixed a bug in the buffindexed overview that prevented it from working on several systems, amongst them FreeBSD. Unsupported, and useless, permission bits were given to semaphores. * Fixed the detection of library paths at configure time: multilib directories (lib32 or lib64) are now also used if they exist, even it the system does not use multilib. It will notably fix the detection of the OpenSSL 3.0.0 library. * The *tlscertfile* parameter in inn.conf now permits the use of a complete certificate chain, instead of necessarily having to use *tlscafile* for additional certificates. * Added support for the new OpenSSL 3.0.0 API, which deprecated a few functions. * The inn.conf default value for *tlsprotocols* no longer contains TLS versions 1.0 and 1.1, which have been deprecated by RFC 8996. * A new inn.conf parameter has been added to tune the length of the queue of pending connections to innd, nnrpd and the "ovdb" overview storage method: the *maxlisten* parameter now permits configuring their listen backlog, whose previously hard-coded values were 128 for nnrpd and 25 for the others, which was not high enough for some uses. The default value is now 128 for all of them, and configurable in inn.conf. Thanks to Kevin Bowling for the patch. * The name of seven man pages for routines built in libinn(3) are now prefixed with libinn_ so as not to consume namespace and conflict with other packages (notably, the list(3) and uwildmat(3) man pages are now named libinn_list(3) and libinn_uwildmat(3)). * Other minor bug fixes and documentation improvements, notably a revised installation checklist and a section summarizing the most used configuration at the beginning of a few complex man pages. Changes in 2.6.4 * Added support for systemd notifications and socket activation. Use of more features provided by systemd, including more notifications, will come in future releases. Thanks to Marco d'Itri for this first systemd integration into INN. * nnrpd now adapts the length of the DH parameter used during a DHE key exchange so as to comply with the security level OpenSSL 1.1.0 or later expects. Thanks to Michael Baeuerle for the bug report. * cnfsstat now also returns information about retired CNFS buffers: buffers mentioned in cycbuff.conf as a cycbuff but not declared in a metacycbuff. * Switch default innreport behaviour to the common practice of externalizing CSS into a separate file. Its name can be configured with the *html_css_url* parameter in innreport.conf. If this parameter is unset, the default innreport.css file name will be used and innreport will generate this CSS file for you. Previously generated reports are kept untouched, though, and will still contain inline CSS if you had not already set the *html_css_url* parameter in previous INN versions. Thanks to Richard Kettlewell for the patch. * sm can now read and store any number of articles given in wire format on its standard input when both -s and -R are used. Only native format was previously possible. Thanks to Bo Lindbergh for the patch. * Added new -a flag to rnews to disallow, if needed, the use of additional unpackers from the rnews.libexec sub-directory of *pathbin* (as set in inn.conf); only "rnews" and "cunbatch" will then be recognized as valid batch commands. * Added new -b flag to rnews to save rejected articles in the bad sub-directory of *pathincoming* (as set in inn.conf). Otherwise, rnews just logs and discards any articles that are rejected or cannot be parsed for some reason. * Added new -d flag to rnews to log via syslog the Message-ID and the Path header value of each article rejected as a duplicate. * Added new --enable-hardening-flags configure-time option, enabled by default, to use hardening build flags like "-fPIE" and "-fstack-protector-strong". This option can easily be disabled if the compiler or the platform does not support them well. More hardening build flags will eventually be added in future releases. q @ text @d1 3 a3 1 $NetBSD: patch-ac,v 1.12 2014/08/03 17:33:34 spz Exp $ @ 1.12 log @update INN to version 2.5.4. Excerpt from the upstream release announcement: Changes in 2.5.4 * An up-to-date control.ctl file is provided with this release. You should manually update your control.ctl file with the new information recorded about Usenet hierarchies. * A test has been improved in innwatch.ctl so that innwatch no longer throttles innd when no overview directory exists. You should manually update your innwatch.ctl file to get this improvement. * Fixed a long-standing limitation on how controlchan and pgpverify were checking the signer of control messages. They now properly handle the case of several UIDs being defined on a single PGP key, as well as the presence of spaces into UIDs. In previous versions of INN, a few valid control messages got ignored because of that limitation (fido.ger.* and grisbi.* were for instance impacted). * As the name of the radius.conf configuration file shipped with INN for the nnrpd authenticator against a RADIUS server conflicts with the libradius package, this file is renamed to inn-radius.conf (innupgrade takes care of the rename during the update). * The attributes hash is now accessible to nnrpd Perl posting filter. As a result, filter_nnrpd.pl can make use of it. Only authentication and access Perl hooks could previously use the attributes hash. Thanks to Steve Crook for this addition. * INN now properly builds fine with flex 2.5.36 (this version introduced a change of type for a variable used by INN). * When using funnel feeds, innfeed log files were open forever, which resulted in empty log files, once rotated by scanlogs. innfeed now reopens its log files upon receiving a HUP signal; this signal is in particular sent by scanlogs during log rotation. Thanks to Florian Schlichting for the patch. * Exploder and process channels are now reopened when "ctlinnd flushlogs" is used. Otherwise, they could hold open an already deleted errlog file. The issue affected in particular controlchan or ninpaths, running as such channels. * Fixed a buffer overflow when using imapfeed with more than a million commands during the same IMAP session. Thanks to David Binderman for the bug report. * Fixed a segfault occurring in innd on systems where time_t is a 64-bit integer. Thanks to S.P. Zeidler for the patch. * Fixed a segfault occurring in nnrpd when a res block was used in readers.conf without the program: key. * Fixed an issue where users were denied posting because of an overlapping buffer copy in a check nnrpd was doing. Thanks to Florian Schlichting for the patch. * Fixed a regression that occurred in INN 2.5.3 regarding the path used by default by pullnews for its configuration file. Instead of looking in the running user's home directory, it was looking in the *pathnews* directory set in inn.conf. Thanks to Tony Evans for the bug report. * When neither wget nor ncftpget nor ncftp was found at configure time, the path to the simpleftp substitution program shipped with INN was not properly set in innshellvars, innshellvars.pl, and the "INN::Config" Perl module. Thanks to Christian Garbs for the bug report. * ckpasswd no longer tries to use the ndbm compatibility layer provided by Berkeley DB if Berkeley DB has been built without ndbm support. Also add support for gdbm libraries in ckpasswd. * Fixed a Perl warning in inncheck; using "defined(@@array)" has been deprecated since Perl 5.16. * Fixed the occurrence of an unexpected "cant select" error generated by innd. Thanks to Paul Tomblin for having caught that long-standing issue. * When building INN with Berkeley DB support, no longer add -L/usr/lib to the linker include flags; unconditionally adding it may break the build on systems using lib32 and lib64 directories. * On a fresh INN install, motd.innd and motd.nnrpd are no longer installed by default. Instead, samples for these files are provided in *pathetc*, named differently so that their default contents are not displayed to news clients before they get customised. * Other minor bug fixes and documentation improvements (like the addition in the readers.conf man page of the log: and program: parameters in res blocks, and the include directive). @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.11 2009/09/22 13:17:00 spz Exp $ d5 1 a5 1 @@@@ -303,7 +303,7 @@@@ INSTALL = $(top)/support/install-sh -c d9 2 a10 2 -BACKUP_OPTION = -B .OLD +#BACKUP_OPTION = -B .OLD @ 1.11 log @Update of the INN package to the latest stable version (2.5.0). @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- Makefile.global.in.orig 2009-05-21 20:08:33.000000000 +0000 d5 1 a5 1 @@@@ -302,7 +302,7 @@@@ INSTALL = $(top)/support/install-sh -c @ 1.10 log @- bump inn version to 2.4.4 - major change of directory structure - two new options (uucp and perl now both optional) - change of maintainer @ text @d3 1 a3 1 --- Makefile.global.in.orig 2008-06-22 19:21:59.000000000 +0000 d5 1 a5 1 @@@@ -258,19 +258,19 @@@@ INSTALL = $(top)/support/install d9 2 a10 22 -LI_SPRI = $(LIBTOOL) $(INSTALL) -o root -g $(NEWSGROUP) -m 4550 -B .OLD -LI_XPRI = $(LIBTOOL) $(INSTALL) $(OWNER) -m 0550 -B .OLD -LI_XPUB = $(LIBTOOL) $(INSTALL) $(OWNER) -m 0555 -B .OLD - -LI_INEWS = $(LIBTOOL) $(INSTALL) $(OWNER) -m $(INEWSMODE) -B .OLD -LI_RNEWS = $(LIBTOOL) $(INSTALL) $(ROWNER) -m $(RNEWSMODE) -B .OLD - -CP_RPRI = $(INSTALL) $(OWNER) -m 0640 -B .OLD -CP_RPUB = $(INSTALL) $(OWNER) -m 0644 -B .OLD -CP_XPRI = $(INSTALL) $(OWNER) -m 0550 -B .OLD -CP_XPUB = $(INSTALL) $(OWNER) -m 0555 -B .OLD +LI_SPRI = $(LIBTOOL) $(INSTALL) -o root -g $(NEWSGROUP) -m 4550 +LI_XPRI = $(LIBTOOL) $(INSTALL) $(OWNER) -m 0550 +LI_XPUB = $(LIBTOOL) $(INSTALL) $(OWNER) -m 0555 + +LI_INEWS = $(LIBTOOL) $(INSTALL) $(OWNER) -m $(INEWSMODE) +LI_RNEWS = $(LIBTOOL) $(INSTALL) $(ROWNER) -m $(RNEWSMODE) + +CP_RPRI = $(INSTALL) $(OWNER) -m 0640 +CP_RPUB = $(INSTALL) $(OWNER) -m 0644 +CP_XPRI = $(INSTALL) $(OWNER) -m 0550 +CP_XPUB = $(INSTALL) $(OWNER) -m 0555 d12 2 a13 5 -CP_DATA = $(INSTALL) $(OWNER) -m $(FILEMODE) -B .OLD +CP_DATA = $(INSTALL) $(OWNER) -m $(FILEMODE) ## How to install man pages. Pick one of SOURCE, BSD4.4, NROFF-PACK, or ## NROFF-PACK-SCO. Used by doc/man/putman.sh; read that script for more @ 1.9 log @regenerate patches with pkgdiff so they apply cleanly with devel/patch. @ text @d3 1 a3 1 --- Makefile.global.in.orig 2004-01-08 09:47:19.000000000 +1100 d5 3 a7 3 @@@@ -225,10 +225,10 @@@@ PATHINBAD = $(PATHINCOMING)/bad PATHOVERVIEW = $(PATHSPOOL)/overview PATHOUTGOING = $(PATHSPOOL)/outgoing d9 22 a30 8 -MAN1 = @@mandir@@/man1 -MAN3 = @@mandir@@/man3 -MAN5 = @@mandir@@/man5 -MAN8 = @@mandir@@/man8 +MAN1 = $(LOCALBASE)/man/man1 +MAN3 = $(LOCALBASE)/man/man3 +MAN5 = $(LOCALBASE)/man/man5 +MAN8 = $(LOCALBASE)/man/man8 d32 5 a36 2 ## Installation settings. The file installation modes are determined by ## configure; inews and rnews are special and have configure flags to @ 1.8 log @Update "inn" package to version 2.3.1. Changes since version 2.2.3: INN 2.3.0 represents a significant architectural change to INN, with a completely new internal overview interface, three new overview mechanisms, two new article storage mechanisms, and the elimination of quite a few old interfaces and old code. The NetBSD package furthermore includes IPv6 support and a new style startup script with backwards compatibility. @ text @d3 3 a5 3 --- Makefile.global.in.orig Thu Jan 11 09:55:23 2001 +++ Makefile.global.in Thu Feb 8 13:58:22 2001 @@@@ -169,10 +169,10 @@@@ @ 1.7 log @Update to 2.2.3. Fixes PR#10932. Changes: - INN no longer installs inews setgid news or rnews setuid root by default. If you need the old behavior, --enable-uucp-rnews or --enable-setgid-inews must be given to configure. See INSTALL for more information. - A security hole when verifycancels is turned on in inn.conf (not the default) was fixed. - Message IDs are now limited to 250 octets to prevent interoperability problems with other servers. - Various other security paranoia fixes have been made. - Embedded Perl filters fixed to work with Perl 5.6.0. - Lots of bug fixes. @ text @d3 5 a7 5 --- Makefile.global.in Wed Jul 19 01:54:07 2000 +++ Makefile.global.in Fri Sep 1 20:59:13 2000 @@@@ -39,8 +39,8 @@@@ TCLINC = @@TCL_INC@@ EXTRA_SRC = @@EXTRA_SRC@@ d9 8 a16 8 -OWNER = -O @@NEWSUSER@@ -G @@NEWSGRP@@ -ROWNER = -O @@NEWSUSER@@ -G @@RNEWSGRP@@ +OWNER = -o @@NEWSUSER@@ -g @@NEWSGRP@@ +ROWNER = -o @@NEWSUSER@@ -g @@RNEWSGRP@@ NEWSGROUP = @@NEWSGRP@@ INEWSMODE = @@INEWSMODE@@ RNEWSMODE = @@RNEWSMODE@@ @@@@ -63,10 +63,10 @@@@ d18 2 a19 13 # Pick on of SOURCE, NROFF-PACK or NROFF-PACK-SCO MANPAGESTYLE = SOURCE -MAN1 = @@MANDIR@@/man1 -MAN3 = @@MANDIR@@/man3 -MAN5 = @@MANDIR@@/man5 -MAN8 = @@MANDIR@@/man8 +MAN1 = $(LOCALBASE)/man/man1 +MAN3 = $(LOCALBASE)/man/man3 +MAN5 = $(LOCALBASE)/man/man5 +MAN8 = $(LOCALBASE)/man/man8 LEX = @@LEX@@ YACC = @@YACC@@ @ 1.6 log @USE_PKGLIBTOOL -> USE_LIBTOOL Added hack to post-build since the package's libtool recognizes more switches for the install program than the default libtool. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.5 2000/07/03 13:46:43 veego Exp $ d3 4 a6 3 --- Makefile.global.in Mon Dec 13 14:18:37 1999 +++ Makefile.global.in Mon Jul 3 11:31:41 2000 @@@@ -40,7 +40,7 @@@@ d10 1 d12 1 a12 2 -ROWNER = -O @@NEWSUSER@@ -G uucp +ROWNER = -o @@NEWSUSER@@ -g @@NEWSGRP@@ d14 3 a16 3 PATHNEWS = @@prefix@@ @@@@ -61,10 +61,10 @@@@ @ 1.5 log @Regen patch-ac which failed to apply before. @ text @d1 1 a1 1 $NetBSD$ d8 2 a9 1 OWNER = -O @@NEWSUSER@@ -G @@NEWSGRP@@ d11 1 a11 1 +ROWNER = -O @@NEWSUSER@@ -G @@NEWSGRP@@ @ 1.4 log @Because INN fails at many places when its binaries are not installed in "${PREFIX}/bin" it gets installed to "${PREFIX}/inn" now. Only the manual pages and the configuration file examples remain at the old location. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.3 1999/07/29 20:27:20 tron Exp $ d3 3 a5 3 --- Makefile.global.in.orig Tue Oct 13 14:23:08 1998 +++ Makefile.global.in Thu Jul 29 21:18:18 1999 @@@@ -40,11 +40,11 @@@@ a13 4 PATHBIN = @@prefix@@/bin PATHETC = @@ETCDIR@@ PATHLIB = @@LIBDIR@@ PATHCONTROL = $(PATHBIN)/control @ 1.3 log @Install INN binaries to "${LOCALBASE}/libexec/inn". Only "inews" is linked to "${LOCALBASE}/bin". Fixes PR pkg/8110 by Wolfgang Rupprecht. @ text @d1 1 a1 1 $NetBSD$ d14 1 a14 2 -PATHBIN = @@prefix@@/bin +PATHBIN = @@prefix@@/libexec/inn d26 4 a29 4 +MAN1 = $(PREFIX)/man/man1 +MAN3 = $(PREFIX)/man/man3 +MAN5 = $(PREFIX)/man/man5 +MAN8 = $(PREFIX)/man/man8 @ 1.2 log @Update INN package to version 2.2. This update is based on the patches supplied by Chris Jones in PR pkg/7597. @ text @d1 1 a1 1 $NetBSD: patch-ac,v 1.1 1998/09/05 03:21:11 garbled Exp $ d3 3 a5 3 --- Makefile.global.in.orig Fri Aug 28 12:34:15 1998 +++ Makefile.global.in Fri Aug 28 12:29:51 1998 @@@@ -34,7 +34,7 @@@@ d14 6 a19 1 @@@@ -55,10 +55,10 @@@@ @ 1.1 log @Add new pkg for inn-2.1 the public release of InterNet News (INN). @ text @d1 2 a2 1 $NetBSD$ @