head 1.18; access; symbols pkgsrc-2026Q1:1.18.0.24 pkgsrc-2026Q1-base:1.18 pkgsrc-2025Q4:1.18.0.22 pkgsrc-2025Q4-base:1.18 pkgsrc-2025Q3:1.18.0.20 pkgsrc-2025Q3-base:1.18 pkgsrc-2025Q2:1.18.0.18 pkgsrc-2025Q2-base:1.18 pkgsrc-2025Q1:1.18.0.16 pkgsrc-2025Q1-base:1.18 pkgsrc-2024Q4:1.18.0.14 pkgsrc-2024Q4-base:1.18 pkgsrc-2024Q3:1.18.0.12 pkgsrc-2024Q3-base:1.18 pkgsrc-2024Q2:1.18.0.10 pkgsrc-2024Q2-base:1.18 pkgsrc-2024Q1:1.18.0.8 pkgsrc-2024Q1-base:1.18 pkgsrc-2023Q4:1.18.0.6 pkgsrc-2023Q4-base:1.18 pkgsrc-2023Q3:1.18.0.4 pkgsrc-2023Q3-base:1.18 pkgsrc-2023Q2:1.18.0.2 pkgsrc-2023Q2-base:1.18 pkgsrc-2023Q1:1.17.0.48 pkgsrc-2023Q1-base:1.17 pkgsrc-2022Q4:1.17.0.46 pkgsrc-2022Q4-base:1.17 pkgsrc-2022Q3:1.17.0.44 pkgsrc-2022Q3-base:1.17 pkgsrc-2022Q2:1.17.0.42 pkgsrc-2022Q2-base:1.17 pkgsrc-2022Q1:1.17.0.40 pkgsrc-2022Q1-base:1.17 pkgsrc-2021Q4:1.17.0.38 pkgsrc-2021Q4-base:1.17 pkgsrc-2021Q3:1.17.0.36 pkgsrc-2021Q3-base:1.17 pkgsrc-2021Q2:1.17.0.34 pkgsrc-2021Q2-base:1.17 pkgsrc-2021Q1:1.17.0.32 pkgsrc-2021Q1-base:1.17 pkgsrc-2020Q4:1.17.0.30 pkgsrc-2020Q4-base:1.17 pkgsrc-2020Q3:1.17.0.28 pkgsrc-2020Q3-base:1.17 pkgsrc-2020Q2:1.17.0.24 pkgsrc-2020Q2-base:1.17 pkgsrc-2020Q1:1.17.0.4 pkgsrc-2020Q1-base:1.17 pkgsrc-2019Q4:1.17.0.26 pkgsrc-2019Q4-base:1.17 pkgsrc-2019Q3:1.17.0.22 pkgsrc-2019Q3-base:1.17 pkgsrc-2019Q2:1.17.0.20 pkgsrc-2019Q2-base:1.17 pkgsrc-2019Q1:1.17.0.18 pkgsrc-2019Q1-base:1.17 pkgsrc-2018Q4:1.17.0.16 pkgsrc-2018Q4-base:1.17 pkgsrc-2018Q3:1.17.0.14 pkgsrc-2018Q3-base:1.17 pkgsrc-2018Q2:1.17.0.12 pkgsrc-2018Q2-base:1.17 pkgsrc-2018Q1:1.17.0.10 pkgsrc-2018Q1-base:1.17 pkgsrc-2017Q4:1.17.0.8 pkgsrc-2017Q4-base:1.17 pkgsrc-2017Q3:1.17.0.6 pkgsrc-2017Q3-base:1.17 pkgsrc-2017Q2:1.17.0.2 pkgsrc-2017Q2-base:1.17 pkgsrc-2017Q1:1.16.0.22 pkgsrc-2017Q1-base:1.16 pkgsrc-2016Q4:1.16.0.20 pkgsrc-2016Q4-base:1.16 pkgsrc-2016Q3:1.16.0.18 pkgsrc-2016Q3-base:1.16 pkgsrc-2016Q2:1.16.0.16 pkgsrc-2016Q2-base:1.16 pkgsrc-2016Q1:1.16.0.14 pkgsrc-2016Q1-base:1.16 pkgsrc-2015Q4:1.16.0.12 pkgsrc-2015Q4-base:1.16 pkgsrc-2015Q3:1.16.0.10 pkgsrc-2015Q3-base:1.16 pkgsrc-2015Q2:1.16.0.8 pkgsrc-2015Q2-base:1.16 pkgsrc-2015Q1:1.16.0.6 pkgsrc-2015Q1-base:1.16 pkgsrc-2014Q4:1.16.0.4 pkgsrc-2014Q4-base:1.16 pkgsrc-2014Q3:1.16.0.2 pkgsrc-2014Q3-base:1.16 pkgsrc-2014Q2:1.15.0.16 pkgsrc-2014Q2-base:1.15 pkgsrc-2014Q1:1.15.0.14 pkgsrc-2014Q1-base:1.15 pkgsrc-2013Q4:1.15.0.12 pkgsrc-2013Q4-base:1.15 pkgsrc-2013Q3:1.15.0.10 pkgsrc-2013Q3-base:1.15 pkgsrc-2013Q2:1.15.0.8 pkgsrc-2013Q2-base:1.15 pkgsrc-2013Q1:1.15.0.6 pkgsrc-2013Q1-base:1.15 pkgsrc-2012Q4:1.15.0.4 pkgsrc-2012Q4-base:1.15 pkgsrc-2012Q3:1.15.0.2 pkgsrc-2012Q3-base:1.15 pkgsrc-2012Q2:1.14.0.8 pkgsrc-2012Q2-base:1.14 pkgsrc-2012Q1:1.14.0.6 pkgsrc-2012Q1-base:1.14 pkgsrc-2011Q4:1.14.0.4 pkgsrc-2011Q4-base:1.14 pkgsrc-2011Q3:1.14.0.2 pkgsrc-2011Q3-base:1.14 pkgsrc-2011Q2:1.13.0.14 pkgsrc-2011Q2-base:1.13 pkgsrc-2011Q1:1.13.0.12 pkgsrc-2011Q1-base:1.13 pkgsrc-2010Q4:1.13.0.10 pkgsrc-2010Q4-base:1.13 pkgsrc-2010Q3:1.13.0.8 pkgsrc-2010Q3-base:1.13 pkgsrc-2010Q2:1.13.0.6 pkgsrc-2010Q2-base:1.13 pkgsrc-2010Q1:1.13.0.4 pkgsrc-2010Q1-base:1.13 pkgsrc-2009Q4:1.13.0.2 pkgsrc-2009Q4-base:1.13 pkgsrc-2009Q3:1.12.0.2 pkgsrc-2009Q3-base:1.12 pkgsrc-2009Q2:1.11.0.6 pkgsrc-2009Q2-base:1.11 pkgsrc-2009Q1:1.11.0.4 pkgsrc-2009Q1-base:1.11 pkgsrc-2008Q4:1.11.0.2 pkgsrc-2008Q4-base:1.11 pkgsrc-2008Q3:1.10.0.4 pkgsrc-2008Q3-base:1.10 cube-native-xorg:1.10.0.2 cube-native-xorg-base:1.10 pkgsrc-2008Q2:1.9.0.4 pkgsrc-2008Q2-base:1.9 cwrapper:1.9.0.2 pkgsrc-2008Q1:1.8.0.16 pkgsrc-2008Q1-base:1.8 pkgsrc-2007Q4:1.8.0.14 pkgsrc-2007Q4-base:1.8 pkgsrc-2007Q3:1.8.0.12 pkgsrc-2007Q3-base:1.8 pkgsrc-2007Q2:1.8.0.10 pkgsrc-2007Q2-base:1.8 pkgsrc-2007Q1:1.8.0.8 pkgsrc-2007Q1-base:1.8 pkgsrc-2006Q4:1.8.0.6 pkgsrc-2006Q4-base:1.8 pkgsrc-2006Q3:1.8.0.4 pkgsrc-2006Q3-base:1.8 pkgsrc-2006Q2:1.8.0.2 pkgsrc-2006Q2-base:1.8 pkgsrc-2006Q1:1.7.0.14 pkgsrc-2006Q1-base:1.7 pkgsrc-2005Q4:1.7.0.12 pkgsrc-2005Q4-base:1.7 pkgsrc-2005Q3:1.7.0.10 pkgsrc-2005Q3-base:1.7 pkgsrc-2005Q2:1.7.0.8 pkgsrc-2005Q2-base:1.7 pkgsrc-2005Q1:1.7.0.6 pkgsrc-2005Q1-base:1.7 pkgsrc-2004Q4:1.7.0.4 pkgsrc-2004Q4-base:1.7 pkgsrc-2004Q3:1.7.0.2 pkgsrc-2004Q3-base:1.7 pkgsrc-2004Q2:1.6.0.2 pkgsrc-2004Q2-base:1.6 pkgsrc-2004Q1:1.5.0.12 pkgsrc-2004Q1-base:1.5 pkgsrc-2003Q4:1.5.0.10 pkgsrc-2003Q4-base:1.5 netbsd-1-6-1:1.5.0.6 netbsd-1-6-1-base:1.5 netbsd-1-6:1.5.0.8 netbsd-1-6-RELEASE-base:1.5 pkgviews:1.5.0.4 pkgviews-base:1.5 buildlink2:1.5.0.2 buildlink2-base:1.5 netbsd-1-5-PATCH003:1.5 netbsd-1-5-PATCH001:1.4 netbsd-1-5-RELEASE:1.3 netbsd-1-4-PATCH003:1.3 netbsd-1-4-PATCH002:1.3 comdex-fall-1999:1.3 netbsd-1-3-PATCH003:1.1; locks; strict; comment @# @; 1.18 date 2023.04.30.14.58.58; author spz; state Exp; branches; next 1.17; commitid EHEX0AY7pT0AU8nE; 1.17 date 2017.05.20.06.53.05; author spz; state Exp; branches; next 1.16; commitid JSogv69a3lQrY5Sz; 1.16 date 2014.08.03.17.33.34; author spz; state Exp; branches; next 1.15; commitid ZeipQVABT84TlWKx; 1.15 date 2012.08.23.19.00.42; author spz; state Exp; branches; next 1.14; 1.14 date 2011.09.25.13.58.32; author spz; state Exp; branches; next 1.13; 1.13 date 2009.12.16.22.10.25; author spz; state Exp; branches; next 1.12; 1.12 date 2009.09.22.13.17.00; author spz; state Exp; branches; next 1.11; 1.11 date 2008.12.21.16.00.05; author spz; state Exp; branches; next 1.10; 1.10 date 2008.09.03.21.33.29; author spz; state Exp; branches; next 1.9; 1.9 date 2008.06.23.09.10.53; author spz; state Exp; branches; next 1.8; 1.8 date 2006.03.31.17.58.40; author tron; state Exp; branches; next 1.7; 1.7 date 2004.07.24.23.55.28; author grant; state Exp; branches; next 1.6; 1.6 date 2004.06.02.11.43.55; author tron; state Exp; branches; next 1.5; 1.5 date 2001.07.10.16.02.12; author tron; state Exp; branches; next 1.4; 1.4 date 2001.02.08.16.23.07; author tron; state Exp; branches; next 1.3; 1.3 date 99.07.21.22.29.38; author tron; state Exp; branches; next 1.2; 1.2 date 98.10.18.09.53.04; author matthias; state dead; branches; next 1.1; 1.1 date 98.09.05.03.21.12; author garbled; state Exp; branches; next ; desc @@ 1.18 log @update inn to 2.7.1 adding canlock option kudos micha@@ upstream changelog: Changes in 2.7.1 (2023-04-16) * Added a new *groupexactcount* parameter in readers.conf to force nnrpd to report the exact number of still existing articles in newsgroups instead of an estimated count. When the estimated number of articles is strictly below *groupexactcount* (set to 5 by default), nnrpd now recounts them and reports the actual value (articles that have been cancelled or overwritten in self-expiring CNFS buffers may otherwise still be counted in the estimate). News clients will then be directly aware of empty newsgroups; they would otherwise have tried to retrieve possible articles, to finally not show anything to the user. * Programs sending mails now include, when appropriate, an Auto-Submitted header field in the message headers (either set to "auto-generated" or "auto-replied", following the recommendation in RFC 3834). Thanks to Harald Dunkel for this suggestion which will for instance help to avoid unnecessary vacation replies. * Added a new -a option to innmail to specify additional header fields to add in the headers of messages. This is notably used to internally support the addition of the Auto-Submitted header field in outgoing mails. * Added new ovsqlite-util program to perform some basic consistency checks and dump operations on an overview database using the ovsqlite method. More checks and features will be added in future releases. You'll need the "DBI" Perl module with the "DBD::SQLite" driver installed on your system to use this program. * Added TLS support in pullnews for connections to upstream servers configured in pullnews.marks, and to the downstream server in the existing -s flag. A port can now also be specified for connections to upstream servers (it was already possible for the downstream server only). * Added a new -L option to pullnews to specify the largest wanted article size in bytes. Articles whose size exceeds that value will no longer be downloaded by pullnews. * pullnews now detects a socket timeout while downloading articles from a remote peer. The download gracefully stops, and another attempt can be automatically made according to the setting given with the -t flag. Thanks to Jesse Rehmer for the bug report. * Fixed the generation and the handling of storage tokens on wrapped CNFS buffers, thanks to bug reports from Kamil Jonca: * Duplicate entries were returned by makehistory on fully wrapped cyclic buffers (the first article of the cyclic buffer appeared twice in the output). * The first article of a fully wrapped cyclic buffer was removed too soon from history (expire wrongly thought its storage token was no longer existing after a wrap). * The first article of the previous cycle number of a cyclic buffer containing articles from two different cycle numbers was wrongly considered by makehistory to belong to the current cycle number. * innd no longer dies when a newsfeeds entry has an unexpected trailing whitespace. * The size of duplicated articles was counted twice in totals, average article sizes and graphs by innreport, when parsing innd checkpoints. Thanks to Hauke Lampe for the patch to count it only once. * Customizing the domain part of Message-IDs generated by nnrpd and the server name indicated in Injection-Info header fields is now easier: the *domain* parameter in the access blocks of readers.conf can be directly used (without needing to set *virtualhost* as it was previously the case). * If the *domain* parameter is set in inn.conf or in a readers.conf access block, and has invalid characters, or if the fully qualified domain name (FQDN) of the news server has invalid characters when *domain* is unset, a fatal error is now reported at startup. It is a basic configuration error which otherwise leads to the generation of invalid article Message-IDs. * Improved the speed of article searches with HDR, LAST, NEXT, and XPAT commands when there is a (huge) gap in article numbers. On newsgroups with several millions of consecutive missing articles (which is a rare situation), these commands could take several seconds to run. * Incoming articles in newsgroups that have exceeded the maximum number of articles they can contain (2^31-1) are now correctly rejected. INN was otherwise happily accepting them but either numbers returned in NNTP responses were not right, or some news clients choked when receiving unexpected large article numbers. (The current version of the NNTP protocol only allows article numbers up to 2^31-1.) * Fixed the renumbering of reported low water marks for empty newsgroups in active after overview expiration, when using the ovsqlite method. They were set to 1 for empty newsgroups whereas they were not supposed to decrease. (These reported low water marks regained their expected values during the next overview expiration, provided that the newsgroup was no longer empty.) * The reported high water mark of empty newsgroups is now correctly set to one less than the reported low water mark in overview data. (Previously, the reported low water mark was set to one more than the reported high water mark.) * Fixed the output of the "ctlinnd feedinfo ''" command that was returning information only for the first site, and the output of the "ctlinnd name channel" command that was returning partial information for the requested channel. * The build of external programs which include inn/storage.h was failing because of the unexpected inclusion of config.h in one of the included headers. Also, a few Autoconf results were not correctly made available to external programs. This is now fixed. * Fixed the build on systems whose default shell does not completely meet the Posix standard. A few build scripts were run with the default shell instead of the one found by Autoconf and afterwards used for INN. * Use standard daemon(3) C function, when available, to daemonize innd, nnrpd, ovdb_server and ovsqlite-server instead of an INN-specific function. Upgrading from 2.6 to 2.7 The following changes require your full attention because a manual intervention may be needed: * The *require_ssl* parameter in readers.conf has been renamed to *require_encryption* as it applies to any kind of encryption layers, including TLS and SASL security layers. Since innupgrade only takes care of the change in the file named readers.conf, you will have to manually rename that parameter in configuration files for nnrpd with an alternate name. * The innreport.conf file in *pathetc* has been split into a general configuration file (innreport.conf itself) and a display configuration file (innreport-display.conf in *pathlib*). If you made local changes in sections other than the *default* section in innreport.conf, and wish to keep them, then you need renaming the new innreport-display.conf file to another name in *pathlib*, setting this local file name in the new *display_conf_file* option in innreport.conf, and re-applying your local changes to that local display configuration file. As a matter of fact, the default display configuration file would otherwise be overwritten each time INN is updated. Bug fixes or enhancements are made from time to time to the display configuration of innreport, and previously couldn't be automatically be merged in innreport.conf on update. This new separate configuration file to parameterize the display will now permit an automatic update (if of course you use the default display configuration file). * A new inn-secrets.conf configuration file has been added in *pathetc*. The intent is that, from now on, new secrets used by INN are added to that file, and that all secrets currently stored in several other configuration files eventually move to that file. Make sure it is properly created during the upgrade, and not world-readable. It currently only stores the secrets used for the new Cancel-Lock functionality. * The -C flag given to innd to disable the execution of cancels has been deprecated and is no longer taken into account (an error message will be present in your logs if innd is started with it). Instead, a new parameter has been added in inn.conf to tune the types of cancels innd should process. If *docancels* is set to "require-auth", which is the default if INN has Cancel-Lock support, only articles originally protected by the Cancel-Lock authentication mechanism can be withdrawn by a valid authenticated cancel article or a valid authenticated supersede request. Withdrawals of articles not originally protected by Cancel-Lock will not be executed. See inn.conf(5) for more details about the different values of the new *docancels* parameter, and make sure to parameterize it according to your needs. * The *refusecybercancels* and *verifycancels* parameters have been removed from inn.conf. The first was performing an inefficient and inexact check (that should be done, if wanted, in the special "ME" entry in newsfeeds, or even better, ask your peers not to feed you articles with "cyberspam" in the Path header field body); the second check performed on the newsgroups present in cancel articles was not useful in innd (this check is relevant to posting agents). The related lines in inn.conf will be commented by innupgrade during the upgrade. * The XBATCH command is no longer enabled by default in innd. You'll have to explicitly enable that capability by setting the new *xbatch* parameter to true in incoming.conf for the peers sending you such compressed batches. * The *nolist* and *noresendid* parameters in incoming.conf have been respectively renamed to *list* and *resendid* (and the meaning of their related boolean values is now the opposite). Besides, the unused *comment* and *email* parameters in incoming.conf have been removed. innupgrade will take care of the changes (inverting the boolean values, and commenting the lines with removed parameters). * filechan is no longer shipped with INN; it was just a simple version of buffchan. All calls to "filechan" will be changed to "buffchan -u" (for its unbuffered mode) in newsfeeds by innupgrade. If you have local scripts running filechan, you will have to manually take care of the change. * send-nntp is no longer shipped with INN. If you have local scripts running it, you will have to manually adjust them to use nntpsend which basically does the same thing, better. Or, even greater, use innfeed if that is possible. * Wrappers around old Perl and Python authentication and access hooks, pre-dating INN 2.4.0 and identifiable by the *nnrpperlauth* and *nnrppythonauth* parameters in inn.conf, are no longer shipped as samples in INN releases. If not already done, you should either replace old hooks with new modern hooks or use the possibilities that readers.conf and regular authenticator and resolver programs offer. * The libauth.h header file and the libstorage library have been renamed to libinnauth.h and libinnstorage to homogenize their name with existing libinnhist library. External programs building or linking against them need a manual change. If you are upgrading from a version prior to INN 2.6, see also "Upgrading from 2.5 to 2.6". Changes in 2.7.0 (2022-07-10) * Upgrading to a major release is a good time to ensure that your configuration files, that are usually kept untouched during normal updates, are up-to-date: notably control.ctl (with your local changes in a separate control.ctl.local file), new better default values in inn.conf and innfeed.conf, improvements in innreport.conf (along with innreport-display.conf) and innreport.css, fixes in innwatch.ctl, updated moderators and nocem.ctl files. You may also want to check that the PGP keys used to verify the signature of control articles and NoCeM notices are still up-to-date and working. The keys of a few hierarchies and NoCeM issuers have recently changed. * Bo Lindbergh has implemented a new overview storage method based on SQLite, known for its long-term stability and compatibility. Robust and faster at reading ranges of overview data, but somewhat slower at writing, this new SQLite-based method is a perfect choice to store overview data. To select it as your overview method, set the *ovmethod* parameter in inn.conf to "ovsqlite". Details about ovsqlite, the ovsqlite.conf configuration file and how to switch to that new modern overview storage method can be found in the ovsqlite(5) and makehistory(8) man pages. * Julien Elie has implemented Cancel-Lock support in innd and nnrpd, based on RFC 8315 and libcanlock. A new inn-secrets.conf configuration file has been added in *pathetc* wherein you can set the secrets to use for Cancel-Lock. See the inn-secrets.conf(5) man page for more details. A new -F flag is recognized by innconfval to indicate the type of file to parse (by default, "inn.conf"); just run "innconfval -F inn-secrets.conf" to get the values of that new configuration file. Another new flag, -f, permits specifying another file name to parse than the standard one. The *addcanlockuser* parameter has been added in readers.conf to deactivate the generation of user-specific hashes when several different posters have the same identity in an access group. This parameter also permits setting whether the hash, when generated, is based on the username or the (static) IP of the connection. * Added a new tool, gencancel, to help the news administrator generate authenticated cancel control messages, with the expected admin Cancel-Key hashes. See the gencancel(1) man page for more details. * A new *docancels* parameter has been added in inn.conf to define which types of cancels innd should process. The -C flag given to innd is deprecated in favour of that new parameter (you'll see in your logs the message "innd -C flag has been deprecated and has no effect; use docancels in inn.conf" in case you're passing that flag to innd). * Andreas Kempe has implemented blacklistd support in nnrpd. This daemon, available notably in FreeBSD and NetBSD, can be used to prevent brute force attacks by blocking attackers after a number of failed login attempts. When nnrpd is run with the new -B flag, and INN has been configured with the new --with-blacklist option, it will report login attempts to the blacklistd daemon for potential blocking. * Building INN with TLS support using LibreSSL is now supported (only OpenSSL was previously officially supported and tested). * Fixed the parsing of *hosts* and *localaddress* parameters in readers.conf; exclusion patterns (beginning with "!") have not been working since INN 2.5.0. * Improved the robustness of innxmit when receiving 500 or 501 response codes from peers, indicating they do not understand the NNTP command or (wrongly) think there is a syntax error. Richard Kettlewell added a proper handling of these responses, making innxmit dropping the refused article instead of keeping sending it over and over (and thus receiving each time the same error in response codes). * innreport now collects statistics from innxbatch and generates a section for them in its reports. * The innreport.conf file in *pathetc*, previously containing almost 2500 lines, has been split into a general configuration file (innreport.conf itself, still in *pathetc*, with about 60 lines) and a display configuration file (innreport-display.conf, a new separate file in *pathlib*). The name of this display configuration file can be parameterized in the new *display_conf_file* option in innreport.conf. * The -m flag given to mailpost now sets a List-ID header field instead of a Mailing-List header field. * rc.news, used to start and stop INN daemons, now checks whether it is run as the news user. It will exit if not the case, to ensure not to tamper with the ownership of files INN manipulates. * filechan has been removed; it was just a simple version of buffchan, which should now be used. * send-nntp has been removed; it was just a simple version of nntpsend, which should now be used (or, even better, innfeed). * The *refusecybercancels* and *verifycancels* parameters have been removed from inn.conf. Besides, inews no longer checks if the From or Sender header fields of a cancel or supersede request match the ones of the original article being withdrawn. All of these were either inefficient or inexact checks. * The *xbatch* parameter has been added in incoming.conf to enable the XBATCH command in innd for specific remote peers. The default is to disable the capability. * The *nolist* and *noresendid* parameters in incoming.conf have been respectively renamed to *list* and *resendid* (and the meaning of their related boolean values is now the opposite). Besides, the unused *comment* and *email* parameters in incoming.conf have been removed. * inews no longer adds a Sender header field nor overwrites an existing one in articles it processes if the new -P flag is used. The Path header field, if unset, no longer systematically contains the path identity of the local news server (you may want to add it manually with the -x flag, if needed). Finally, inews also no longer adds the obsolescent Lines header field. * A new -E flag can now be given to inews to silently discard empty articles, instead of bailing out with an error. Another new -m flag permits setting the Message-ID instead of letting inews generate one. And a third new flag, -Y, forces inews to authenticate to the remote news server even if not asked to. * signcontrol has been removed as it embeds per-site configuration which is overwritten each time INN is updated to a newer version, and it is unlikely you ever need it. Nonetheless, if you need to issue PGP-signed control messages, you can still download it from . * Support in controlchan for obsolete *sendsys*, *senduuname* and *version* control messages has been removed. These control messages, long been deprecated, should no longer be sent nor honoured nowadays. Besides, the "doifarg" keyword in control.ctl is no longer recognized (it was only used for these three kinds of control messages). * The *require_ssl* parameter in readers.conf has been renamed to *require_encryption*, which is a better name as it applies to any kind of encryption layers, including TLS and SASL security layers. * Fixed the use of a deprecated API in Kerberos V5. INN now requires version 1.6.1 or higher of MIT Kerberos v5 to build. * The libauth.h header file and the libstorage library have been renamed to libinnauth.h and libinnstorage to homogenize their name with existing libinnhist library. * All of the applicable bug fixes from the INN 2.6 STABLE series are also included in INN 2.7. @ text @$NetBSD: patch-ah,v 1.17 2017/05/20 06:53:05 spz Exp $ don't install in site, we're installing in samples and then doing CONF_FILES_PERMS from that --- site/Makefile.orig 2016-11-27 14:03:42.000000000 +0000 +++ site/Makefile @@@@ -75,7 +75,8 @@@@ REST = \ ALL = $(REST) -REST_INSTALLED = \ +REST_INSTALLED = +NOTUSED = \ $D$(PATH_NEWSFEEDS) $D$(PATH_INNDHOSTS) \ $D$(PATH_NNRPDTRACK) $D$(PATH_NNTPPASS) \ $D$(PATH_CONFIG) $D$(PATH_MODERATORS) \ @@@@ -102,7 +103,8 @@@@ REST_INSTALLED = \ ALL_INSTALLED = $(REST_INSTALLED) -SPECIAL = $D$(PATH_ACTIVE) $D$(PATH_ACTIVE_TIMES) \ +SPECIAL = +NOTUSED2 = $D$(PATH_ACTIVE) $D$(PATH_ACTIVE_TIMES) \ $D$(PATH_NEWSGROUPS) $D$(PATH_HISTORY) ## Get new versions of everything from samples directory. @ 1.17 log @update to 2.6.1. Excerpt from NEWS: Upgrading from 2.5 to 2.6 The following changes require your full attention because a manual intervention may be needed: The name and location of the pullnews configuration file have changed. It is now pullnews.marks, located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. This file was previously stored in .pullnews in the running user's home directory (even for the news user). If you use pullnews, you need to manually move and rename the configuration file; otherwise, it will no longer work. Note that the -c flag passed to pullnews allows to specify another configuration file, if need be. The default location of the mailpost database directory has changed from pathtmp to pathdb. If you use mailpost without an explicitly specified database directory (using the -b flag), then you should manually move your current database files mailpost-msgid.dir and mailpost-msgid.pag from pathtmp to pathdb. If you have been using TLS/SSL with nnrpd before, be aware that the default value of a few inn.conf parameters have changed: the server now decides the preferred cipher (instead of the client), and only TLS protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is now disabled). If you want to change these settings, the respective tlspreferserverciphers and tlsprotocols parameters can be tuned to your needs. The --with-kerberos configure flag used to add Kerberos v5 support has been renamed to --with-krb5. The --with-berkeleydb configure flag used to add Berkeley DB support has been renamed to --with-bdb. The --enable-ipv6 configure flag no longer exists. IPv6 is now unconditionally enabled, if available. $HOME is no longer exported as an environment variable by innshellvars, innshellvars.tcl and the Perl module INN::Config. It was previously overriding the default user home directory with pathnews. If you use these scripts in your own scripts, you will have to take care of that change. Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd, if remote peers have to authenticate in order to feed articles, they now have to send a username (which was previously wrongly optional), before sending their password. The mandatory username, though currently unused by innd, can be whatever the remote peer wishes. In previous versions of INN, inncheck was already complaining when passwd.nntp contained an empty username associated with a password. A manual review of authenticated feeds should then be done so as to ensure that they are properly working. The Injection-Date: and Injection-Info: headers are now generated by nnrpd at injection time instead of the NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local scripts that were using (for authentication, privacy, etc.) these now deprecated headers should be updated. Also note that the Path: header of locally posted articles can also contain the contents of the deprecated NNTP-Posting-Host: field. The two addnntppostingdate and addnntppostinghost parameters in inn.conf have been respectively renamed to addinjectiondate and addinjectionpostinghost. innupgrade takes care of the modification only for inn.conf; a manual change will therefore be needed for readers.conf, if these parameters are overridden in this file. The default values of a few inn.conf parameters have changed to make use of the vastly expanded storage and RAM commonly available today: datamovethreshold (from 8192 to 16384), msgidcachesize (from 16000 to 64000), overcachesize (from 64 to 128), and wireformat (now enabled by default). The generation of status reports and performance timings are now also enabled by default: logstatus and nnrpdoverstats parameters, with a frequency of 10 minutes (status and timer parameters). The default value of max-queue-size has changed from 5 to 20, and use-mmap now defaults to true for innfeed.conf. Changes in 2.6.1 nnrpd now uses -0000 as the time zone for Date: and Injection-Date: header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server. Julien Elie has implemented in nnrpd the new COMPRESS command described in draft-murchison-nntp-compress that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned. The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended. The tlscompression parameter in inn.conf now also permits to disable TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used. rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report. Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that. Articles containing a Received: or a Posted: header field are no longer rejected by nnrpd at injection time. Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time. OpenSSL 1.1.0 support has been added to INN. When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report. When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated. nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch. Update from GNU Libtool 2.4.2 to 2.4.6. Other minor bug fixes and documentation improvements. Changes in 2.6.0 The NNTP protocol requires a username to be sent before a password when authentication is used. innd was wrongly allowing only a password to be sent by authenticated peers. See the note above for more details. The Lines: header is no longer generated by nnrpd at injection time. The Injection-Date: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Date: header, when addinjectiondate is set to true. Note that addnntppostingdate has been renamed to addinjectiondate in inn.conf. The Injection-Info: header is now generated by nnrpd at injection time instead of the deprecated NNTP-Posting-Host: (when addinjectionpostinghost is set to true), X-Complaints-To: and X-Trace: headers. Note that addnntppostinghost has been renamed to addinjectionpostinghost in inn.conf. The Path: header of locally posted articles now also contains the contents of the NNTP-Posting-Host: header. A new addinjectionpostingaccount parameter has been added in inn.conf. When set to true, the Injection-Info: header field contains an additional posting-account attribute that mentions the username assigned to the user at connection time or after authentication. The default value for this parameter is false. A few headers are now considered as obsolete by nnrpd at injection time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:, X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and See-Also: headers. Besides, nnrpd will similarly reject obsolete sendsys, senduuname and version control messages. The presence of a Subject: header field beginning with cmsg no longer causes an article to be interpreted as a control message by nnrpd at injection time. nnrpd no longer differentiates IHAVE from POST. Articles injected with IHAVE are now treated as though they were injected with POST. It means that if the previous behaviour of IHAVE was expected, innd should handle itself the connection instead of nnrpd. The name of the pullnews configuration file is now pullnews.marks located in pathdb when pullnews is run as the news user, or otherwise in the running user's home directory. It was previously stored in .pullnews in the running user's home directory (even for the news user). Fixed a leak of semaphores when using buffindexed. Thanks to Richard Kettlewell for having fixed the issue. Building with Libtool is no longer optional. The --enable-libtool option to configure has been removed. DESTDIR and non-root installs are now properly supported and documented in INSTALL. The make install, make update and make cert steps properly obey DESTDIR. Besides, it is no longer a requirement that the installation step be done by the superuser, as long as the user executing the install has supplied a DESTDIR value that points to a writable directory, and the person or process performing the install corrects the file ownerships when INN is installed on the system on which it's going to run. Thanks to James Ralston for this support. When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL, or zlib support, no longer add standard locations to compiler and linker include flags. Such default paths are now added only if explicitly given to one or more of the --with-bdb, --with-bdb-include, --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib, --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl, --with-openssl-include, --with-openssl-lib, --with-zlib, --with-zlib-include, or --with-zlib-lib configure flags (the flags ending with -include and -lib are new in INN 2.6.0). If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto libraries are found at configure time, INN will now be built with support for them unless respectively the --without-bdb, --without-sasl, --without-krb5, or --without-openssl flags are explicitly passed to configure. Note that it was already the default behaviour for zlib support when Berkeley DB support was also enabled. The configure flag --enable-reduced-depends has been added to request that library probes assume shared libraries are in use and dependencies of libraries should not be probed. It therefore tries to minimize the shared library dependencies of the resulting binaries on platforms with proper shared library dependencies. This is not enabled by default, and is of interest primarily to people building packages for distributions. Building INN with Python support now requires the use of Python 2.2.0 or later as the distutils.sysconfig module used was introduced with Python 2.2.0. The INN test suite driver is now fully synchronized with the upstream version of the C TAP Harness package maintained by Russ Allbery. Keeping the INN test suite driver up-to-date will be possible thanks to a new getc-tap-harness script in the support directory that automatically fetches the latest upstream changes. Similarly, the new getrra-c-util script permits to keep most of the utility and portability functions synchronized with the upstream version of the rra-c-util package maintained by Russ Allbery. Other minor bug fixes and documentation improvements. @ text @d1 4 a4 1 $NetBSD: patch-ah,v 1.16 2014/08/03 17:33:34 spz Exp $ @ 1.16 log @update INN to version 2.5.4. Excerpt from the upstream release announcement: Changes in 2.5.4 * An up-to-date control.ctl file is provided with this release. You should manually update your control.ctl file with the new information recorded about Usenet hierarchies. * A test has been improved in innwatch.ctl so that innwatch no longer throttles innd when no overview directory exists. You should manually update your innwatch.ctl file to get this improvement. * Fixed a long-standing limitation on how controlchan and pgpverify were checking the signer of control messages. They now properly handle the case of several UIDs being defined on a single PGP key, as well as the presence of spaces into UIDs. In previous versions of INN, a few valid control messages got ignored because of that limitation (fido.ger.* and grisbi.* were for instance impacted). * As the name of the radius.conf configuration file shipped with INN for the nnrpd authenticator against a RADIUS server conflicts with the libradius package, this file is renamed to inn-radius.conf (innupgrade takes care of the rename during the update). * The attributes hash is now accessible to nnrpd Perl posting filter. As a result, filter_nnrpd.pl can make use of it. Only authentication and access Perl hooks could previously use the attributes hash. Thanks to Steve Crook for this addition. * INN now properly builds fine with flex 2.5.36 (this version introduced a change of type for a variable used by INN). * When using funnel feeds, innfeed log files were open forever, which resulted in empty log files, once rotated by scanlogs. innfeed now reopens its log files upon receiving a HUP signal; this signal is in particular sent by scanlogs during log rotation. Thanks to Florian Schlichting for the patch. * Exploder and process channels are now reopened when "ctlinnd flushlogs" is used. Otherwise, they could hold open an already deleted errlog file. The issue affected in particular controlchan or ninpaths, running as such channels. * Fixed a buffer overflow when using imapfeed with more than a million commands during the same IMAP session. Thanks to David Binderman for the bug report. * Fixed a segfault occurring in innd on systems where time_t is a 64-bit integer. Thanks to S.P. Zeidler for the patch. * Fixed a segfault occurring in nnrpd when a res block was used in readers.conf without the program: key. * Fixed an issue where users were denied posting because of an overlapping buffer copy in a check nnrpd was doing. Thanks to Florian Schlichting for the patch. * Fixed a regression that occurred in INN 2.5.3 regarding the path used by default by pullnews for its configuration file. Instead of looking in the running user's home directory, it was looking in the *pathnews* directory set in inn.conf. Thanks to Tony Evans for the bug report. * When neither wget nor ncftpget nor ncftp was found at configure time, the path to the simpleftp substitution program shipped with INN was not properly set in innshellvars, innshellvars.pl, and the "INN::Config" Perl module. Thanks to Christian Garbs for the bug report. * ckpasswd no longer tries to use the ndbm compatibility layer provided by Berkeley DB if Berkeley DB has been built without ndbm support. Also add support for gdbm libraries in ckpasswd. * Fixed a Perl warning in inncheck; using "defined(@@array)" has been deprecated since Perl 5.16. * Fixed the occurrence of an unexpected "cant select" error generated by innd. Thanks to Paul Tomblin for having caught that long-standing issue. * When building INN with Berkeley DB support, no longer add -L/usr/lib to the linker include flags; unconditionally adding it may break the build on systems using lib32 and lib64 directories. * On a fresh INN install, motd.innd and motd.nnrpd are no longer installed by default. Instead, samples for these files are provided in *pathetc*, named differently so that their default contents are not displayed to news clients before they get customised. * Other minor bug fixes and documentation improvements (like the addition in the readers.conf man page of the log: and program: parameters in res blocks, and the include directive). @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.15 2012/08/23 19:00:42 spz Exp $ d3 1 a3 1 --- site/Makefile.orig 2014-05-17 08:24:49.000000000 +0000 d5 1 a5 1 @@@@ -75,35 +75,11 @@@@ REST = \ d7 1 a7 1 ALL = $(MOST) $(REST) a9 23 - $D$(PATH_NEWSFEEDS) $D$(PATH_INNDHOSTS) \ - $D$(PATH_NNRPDTRACK) $D$(PATH_NNTPPASS) \ - $D$(PATH_CONFIG) $D$(PATH_MODERATORS) \ - $D$(PATH_CONTROLCTL) $D$(PATH_CONTROLCTLLOCAL) $D$(PATH_EXPIRECTL) \ - $D$(PATHETC)/nntpsend.ctl \ - $D$(PATHETC)/innreport.conf $D$(PATHHTTP)/innreport.css \ - $D$(PATHETC)/localgroups \ - $D$(PATH_CTLWATCH) $D$(PATH_DISTPATS) $D$(PATH_DISTRIBUTIONS) \ - $D$(PATH_ACTSYNC_CFG) $D$(PATH_ACTSYNC_IGN) \ - $D$(PATH_MOTD_INND) $D$(PATH_MOTD_NNRPD) $D$(PATH_STORAGECONF) \ - $D$(PATH_CYCBUFFCONFIG) $D$(PATH_BUFFINDEXED) \ - $D$(PATH_INNFEEDCTL) $D$(PATH_PERL_STARTUP_INND) \ - $D$(PATH_PERL_FILTER_INND) $D$(PATH_PERL_FILTER_NNRPD) \ - $D$(PATH_PYTHON_FILTER_INND) $D$(PATH_PYTHON_INN_MODULE) \ - $D$(PATH_PYTHON_NNRPD_MODULE) \ - $D$(PATH_TCL_STARTUP) $D$(PATH_TCL_FILTER) \ - $D$(PATHETC)/innshellvars.local $D$(PATHETC)/innshellvars.pl.local \ - $D$(PATHETC)/innshellvars.tcl.local \ - $D$(PATHETC)/nocem.ctl \ - $D$(PATH_NNRPAUTH) $D$(PATHETC)/news2mail.cf $D$(PATH_READERSCONF) \ - $D$(PATH_RADIUS_CONF) $D$(PATH_NNRPYAUTH) $D$(PATH_NNRPYACCESS) $D$(PATH_NNRPYDYNAMIC) \ - $D$(PATH_OVDB_CONF) \ - $D$(PATH_SENDUUCP_CF) $D$(PATH_SUBSCRIPTIONS) $D$(PATH_NNRPACCESS) d11 5 d17 1 a17 1 ALL_INSTALLED = $(MOST_INSTALLED) $(REST_INSTALLED) a19 1 - $D$(PATH_NEWSGROUPS) $D$(PATH_HISTORY) d21 2 a24 1 all: $(ALL) config @ 1.15 log @Update from 2.5.2 to 2.5.3 (fixes CVE-2011-0411). While we are touching it, fix PR/45986 with the patch supplied therein (thanks) Changes from 2.5.2 to 2.5.3: * When HDR/XHDR/XPAT were used on a new article coming into a newsgroup, requesting a header not present in the overview database, the first subsequent OVER/XOVER command did not show that article. A remap of the overview data file was missing in nnrpd. Thanks to Sam Varshavchik for the bug report. * When a header field appeared more than once in an article, it was missing from the overview data. OVER/XOVER, as well as HDR/XHDR/XPAT using the overview, were therefore returning an empty field. The content of the first occurrence is now returned, in accordance with RFC 3977. Perl and Python filters for innd now also properly initialize their header variables with the first occurrence of header fields. (It is still the last occurrence for the Perl filter for nnrpd.) * Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents malicious commands, sent unencrypted, from being executed in the new encrypted state of the session. * Fixed a regression that occurred in INN 2.5.0 when leading whitespace characters have been made significant in header field bodies. It could lead INN to drop articles and throttle itself when running as a slave because Xref: header fields generated by other news servers, or even INN 2.4.6, could contain (valid) leading whitespace. Thanks to Matija Nalis for having caught this bug. * Fixed an invalid 431 response to CHECK commands when innd is paused: the message-ID of the article to defer was missing. Also fixed another issue in the messages innd replied; when an error occurred during a write on a channel, a trailing extra junk byte was added to the reply. Thanks to River Tarnell for these bug reports. * It is now possible to properly generate daily statistics with sendinpaths thanks to the new -k and -r flags that permit to control the interval of days for processing dump files. The new -c flag permits to send a copy of the generated e-mail to the newsmaster. Also fixed an issue with statistics that could be missing or duplicated for a couple of days when monthly sent. The documentation has been updated and mentions a preferred daily run of sendinpaths. This script is a complete rewrite in Perl, and is based on Mohan Kokal's initial work. * cnfsheadconf now properly recognizes continuation lines in cycbuff.conf, that is to say lines ending with a backslash ("\"). Thanks to John F. Morse for the bug report. * The order of CNFS buffers in a metacycbuff is now properly read and written by cnfsheadconf. There previously was a confusion between hexadecimal and decimal values. Thanks again to John F. Morse. * When the -l flag is given to cnfsstat, the cycbuff.conf and storage.conf files are now reloaded if they have been modified since the previous output of cnfsstat. * A single header field line is limited to 998 bytes, per RFC 5536. innd was previously accepting, and also generating Xref: header field lines, up to 1022 bytes. Now, nnrpd (acting as an injecting agent) rejects articles which contain header field lines whose length exceeds 998 bytes. And innd (acting as a relaying or serving agent) no longer checks that. * nnrpd advertises the COUNTS, DISTRIBUTIONS, MODERATORS, MOTD and SUBSCRIPTIONS variants of the LIST command in response to CAPABILITIES. These commands already existed in nnrpd but RFC 6048 had not yet been published. * Add support for LIST MOTD in innd. Consequently, the motd.news configuration file which was previously used only by nnrpd is renamed to motd.nnrpd (innupgrade takes care of the rename). innd uses the new motd.innd file in *pathetc* for its message of the day. * Fixed an issue at configure time that made INN wrongly assume that OpenBSD (4.6) didn't support Unix-domain sockets. Thanks to Wim Lewis for the patch. * Fixed an issue on systems which do not have a working flock(2) function (Solaris, for instance). mailpost and pullnews are reported not to be usable on such systems. Many thanks to Dennis Davis for the bug report. A wrapper around shlock is now called in Perl scripts. The INN::Utils::Shlock module has been added for that use. * Fixed an issue in the Python access hook for nnrpd: it has not been working since Python 2.5 on 64-bit platforms, owing to a change to Python's C API, using a new Py_ssize_t type definition instead of int. Thanks to Raphael Barrois for the patch. * Improve the stability of the Perl filters for innd and nnrpd: properly save and restore the stack pointer when needed. * The Injection-Date: header, when present, is now used by innd and makehistory to determine the posting date of an article. Otherwise, the Date: header is used. * controlchan now imposes a date cutoff on processing control articles. The *artcutoff* parameter set in inn.conf is used. Otherwise, without that cutoff, old control articles could be maliciously reinjected into Usenet, and replayed. (An unsigned Injection-Date: header field could be added to an article that only had a Date: header field.) A new -c flag has been added to controlchan to disable the cutoff check, if needed (usually when manually invoking the program). * nnrpd no longer adds or updates the Path: header field when an article is forwarded to a moderator. It could otherwise lead to rejects at injection time when the article was approved by the moderator. * The X-Trace: header field was not properly generated when an article was locally posted. The field mentioning the IP address was skipped, resulting in a wrong syntax for this header. The local "127.0.0.1" IP address is now used. Besides, "localhost" is now mentioned instead of an obscure "stdin" in injection header fields. * Fixed a bug in the frequency innfeed logs its status: too many useless lines were written to news.notice. Thanks to Florian Schlichting for the fix. * When unset in innfeed.conf, the *dynamic-method* parameter now properly defaults to 3 (instead of 0) and *use-mmap* to false (instead of true). These two values were already the recommended ones in the documentation and the sample file. Note that *use-mmap* is only used when innfeed is given file names to send instead of storage API tokens, which is a fairly rare use case. * innfeed no longer generates an error message (logged in news.err) when a parameter is not defined in innfeed.conf. All the parameters have a default value, so there is no need to warn the user if they are not present in innfeed.conf. Thanks to Dieter Stussy for having reported this problem. * Implement an upper limit to the number of file descriptors innd can handle. At most (FD_SETSIZE-1) file descriptors can be used. This upper limit now overrides any superior number set with *rlimitnofile* in inn.conf. Thanks to Steve Crook for the bug report. * A default timeout on outgoing sockets (using NNTPconnect) has been added by Florian Schlichting. For a long time, there have been occasional problems with actsync (and probably other programs) that would hang until manually killed or restarted. * The flag -S has been added to innd by Florian Schlichting. When used, innd reports the errors found in incoming.conf and exits. * pullnews no longer stops processing newsgroups when an error occur during its run (for instance when a newsgroup mentioned in the configuration file is removed from an upstream server). Besides, it can now use authentication when posting to the downstream server. A few other minor bugs have been fixed as for the way pullnews counts the articles. * Fixed the way innreport handles leap years. It now properly generates HTML reports; dates were assumed to be relative to the current year, which may break their computation during for instance the whole 2012 leap year. Please note that no HTML reports have been lost, and that they will appear when INN is updated to this new version. * A new parameter has been added to inn.conf to determine whether the status file that innd can write out (depending on the value of the *status* parameter) is plain text or wrapped in HTML. It previously only was a compile-time option, set to true by default. Florian Schlichting added the *htmlstatus* parameter to provide a configurable behaviour. * It is now possible to run a script at the end of the execution of innshellvars scripts. If a file named innshellvars.local, innshellvars.pl.local or innshellvars.tcl.local is present and executable in *pathetc*, then it will be executed by the corresponding innshellvars script (respectively shell, INN::Config Perl module, and Tcl). A typical use is to add or override variables. * Add support for wire-formatted articles in scanspool. * A lot of work on cleaning old perl4-style code has been done by Florian Schlichting. * inncheck now generates a proper non-zero exit value when errors are found, and allows quiet mode with the -q flag. Florian Schlichting has greatly improved this script in many regards, especially with a config-syntax parser for incoming.conf, innfeed.conf, readers.conf and storage.conf. * inncheck now properly finds the boundaries of substituted variables in newsfeeds thanks to Alexander Bartolich. * docheckgroups no longer uses awk. On a few systems, the script was failing because of the presence of an old version of awk that has a limit in the size of the input it can handle. Processing large newsgroups files was consequently impossible. docheckgroups now uses Perl instead of awk, which solves the issue reported by John F. Morse. * Other minor bug fixes and documentation improvements. In particular, the *debug-shrinking*, *fast-exit* and *initial-sleep* keys in innfeed.conf are now documented. The function "filter_end()", called when Perl filtering is turned off, is also documented for the innd and nnrpd Perl filters. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- site/Makefile.orig 2012-06-15 18:25:36.000000000 +0000 @ 1.14 log @install the rest of the files from site as config files also (these are the filter scripts); this closes PR pkg/44507 @ text @d3 1 a3 1 --- site/Makefile.orig 2010-03-24 20:10:36.000000000 +0000 d5 1 a5 1 @@@@ -72,33 +72,11 @@@@ REST = \ d19 1 a19 1 - $D$(PATH_MOTD) $D$(PATH_STORAGECONF) \ d26 2 @ 1.13 log @The next minor version of INN. From the release announcement: Major changes from 2.5.0 to 2.5.1 * Fixed a segfault in imap_connection which could occur when SASL was used. * Fixed a segfault in the keyword generation code which was assuming that an article was nul-terminated. Fixed another segfault in the keyword generation code when an article already contained a Keywords: header. Thanks to Nix for the bug reports. * Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library has slightly changed. imap_connection and nnrpd now handle that change. Otherwise, some answers are too long to be properly computed during SASL exchanges. * Fixed a memory allocation problem which caused nnrpd to die when retrieving via HDR/XHDR/XPAT the contents of an extra overview field absent from the headers of an article. The NEWNEWS command was also affected on very rare cases. Thanks to Tim Woodall for the bug report. * HDR/XHDR/XPAT answers are now robust when the overview database is inconsistent. When the overview schema was modified without the overview database being rebuilt, wrong results could be returned for extra fields (especially a random portion of some other header). The desired header name is now explicitly searched for in the overview information. * Fixed the source which is logged to the news log file for local postings when the local server is not listed in incoming.conf. A wrong name was used, taken amongst known peers. The source is now logged as "localhost". * Fixed a bug in the timecaf storage method: only the first 65535 articles could be retrievable in a CAF, though everything was properly stored. (A Crunched Article File contains all the articles that arrive to the news server during 256 seconds.) The storage token now uses 4 bytes to store the article sequence number for timecaf, instead of only 2 bytes. Thanks to Kamil Jonca for the bug report and also the patch. * Fixed a bug in both timecaf and timehash which prevented them from working on systems where short ints were not 16-bit integers. * When there is not enough space to write an entire CAF header, the timecaf storage manager now uses a larger blocksize. On 32-bit systems, the CAF header is about 300 bytes, leaving about 200 bytes for the free bitmap index (the remaining of a 512-byte blocksize). On 64-bit systems, the size of the CAF header could exceed 512 bytes, thus leaving no room for the free bitmap index. A 1 KB blocksize is then used, or a larger size if need be. * A new CNFS version has been introduced by Miquel van Smoorenburg in the CNFS header. CNFSv4 uses 4 KB blocks instead of 512 bytes, which more particularly makes writes faster. CNFSv4 supports files/partitions up to 16 TB with a 4 KB blocksize. Existing CNFS buffers are kept unchanged; only new CNFS buffers are initialized with that new version. * grephistory -l now returns the contents of the expires history field as well as the hash of the message-ID. Besides, when the storage API token does not exist, grephistory -v now also returns the hash of the requested message-ID. * The check on cancel messages when *verifycancels* is set to true in inn.conf has been changed to verify that at least one newsgroup in the cancel message can be found in the article to be cancelled. This new feature is from Christopher Biedl. The previous behaviour was to check whether the cancel message is from the same person as the original post, which is extremely easy to spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control messages are not required to contain From: and Sender: header fields matching the target message. This requirement only encouraged cancel issuers to conceal their identity and provided no security". * The way the "/remember/" line in expire.ctl works has changed. History retention for an article was done according to its original arrival time; it is now according to its original posting date. Otherwise, unnecessary data may be kept too long in the history file. To achieve that, the HISremember() function in history API now expects a fourth parameter: the article posting time. Note that article expiration has not changed and is still based on arrival time, unless the -p flag is passed to expire or expireover, in which case posting time is used. * The default value for "/remember/" has changed from 10 to 11 because it should be one more than the *artcutoff* parameter in inn.conf, so that articles posted one day into the future are properly retained in history. * auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos APIs. Note that using ckpasswd with PAM support and a Kerberos PAM module instead of this authenticator is still recommended. * A new -L flag has been added by Jonathan Kamens to makehistory so as to specify a load average limit. If the system load average exceeds the specified limit, makehistory sleeps until it goes below the limit. * As UTF-8 is the default character set in RFC 3977, "ctlinnd pause", "ctlinnd readers", "ctlinnd reject", "ctlinnd reserve", "ctlinnd throttle" and "nnrpd -r" commands now require the given reason to be encoded in UTF-8, so that it can be properly sent to news readers. The creator's name given to "ctlinnd newgroup" is also expected to be encoded in UTF-8. * The output of consistency checks for article storage and the history file no longer appears by default when "cnfsstat -a" is used. A new -v flag has been added to cnfsstat so as to see it. * The default path for TLS certificates has changed from *pathnews*/lib to *pathetc*. It only affects new INN installations or generations of certificates with "make cert". Besides, a default value has been added to *tlscapath* because it is required by nnrpd when TLS is used. * gzip(1) is now the default UUCP batcher in send-uucp instead of compress(1) because gzip is more widely available than compress, due to old patent issues. Note that there is no impact on decompression as it is handled by rnews. * cnfsheadconf now uses the Perl core module "Math::BigInt" rather than the deprecated bigint.pl library. When used without specifying a CNFS buffer, it now properly displays the status of all CNFS buffers. @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.12 2009/09/22 13:17:00 spz Exp $ d3 1 a3 1 --- site/Makefile.orig 2009-05-21 20:08:33.000000000 +0000 d5 2 a6 1 @@@@ -73,32 +73,17 @@@@ d9 1 a9 1 REST_INSTALLED = \ d22 4 a25 5 + $D$(PATH_PERL_STARTUP_INND) \ $D$(PATH_PERL_FILTER_INND) $D$(PATH_PERL_FILTER_NNRPD) \ $D$(PATH_PYTHON_FILTER_INND) $D$(PATH_PYTHON_INN_MODULE) \ $D$(PATH_PYTHON_NNRPD_MODULE) \ $D$(PATH_TCL_STARTUP) $D$(PATH_TCL_FILTER) \ d31 1 a31 2 + $D$(PATH_NNRPAUTH) $D$(PATH_NNRPACCESS) \ + $D$(PATH_NNRPYAUTH) $D$(PATH_NNRPYACCESS) $D$(PATH_NNRPYDYNAMIC) @ 1.12 log @Update of the INN package to the latest stable version (2.5.0). @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 @@@@ -73,32 +73,17 @@@@ REST = \ d16 1 a16 1 - $D$(PATH_CTLWATCH) $D$(PATH_DISTPATS) \ d38 1 a38 1 +SPECIAL = @ 1.11 log @make package DESTDIR'able @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.10 2008/09/03 21:33:29 spz Exp $ d3 1 a3 1 --- site/Makefile.orig 2008-06-29 17:56:57.000000000 +0000 d5 1 a5 1 @@@@ -74,28 +74,16 @@@@ d12 5 a16 3 - $D$(PATH_CONTROLCTL) $D$(PATH_EXPIRECTL) $D$(PATHETC)/nntpsend.ctl \ - $D$(PATHETC)/innreport.conf \ - $D$(PATH_CTLWATCH) $D$(PATH_DISTPATS) $D$(PATH_SCHEMA) \ d19 1 a19 1 - $D$(PATH_OVERVIEWCTL) $D$(PATH_CYCBUFFCONFIG) $D$(PATH_BUFFINDEXED) \ d24 3 a26 1 $D$(PATH_TCL_STARTUP) $D$(PATH_TCL_FILTER) $D$(PATH_PYTHON_NNRPD_MODULE) \ d28 5 a32 4 - $D$(PATH_RADIUS_CONF) $D$(PATH_NNRPYAUTH) $D$(PATH_OVDB_CONF) \ $D$(PATH_NNRPYACCESS) $D$(PATH_NNRPYDYNAMIC) \ - $D$(PATH_SASL_CONF) $D$(PATH_SUBSCRIPTIONS) $D$(PATH_NNRPACCESS) + $D$(PATH_NNRPAUTH) $D$(PATH_NNRPYAUTH) $D$(PATH_NNRPACCESS) d38 1 a38 1 +SPECIAL = d41 1 a41 1 all: $(P) $(ALL) config @ 1.10 log @update to next tiny version @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.9 2008/06/23 09:10:53 spz Exp $ d5 1 a5 1 @@@@ -74,23 +74,12 @@@@ d25 1 a25 1 $D$(PATH_NNRPYACCESS) $D$(PATH_NNRPYDYNAMIC) \ d31 3 a33 7 @@@@ -145,7 +133,8 @@@@ chown $(NEWSUSER) $@@ chgrp $(NEWSGROUP) $@@ chmod $(FILEMODE) $@@ - $(PATHBIN)/makedbz -i -o + # makedbz wants ridiculous amounts of RAM for -s 0 + $(PATHBIN)/makedbz -i -o -s 10000 d35 2 a36 2 ## Remove files that are unchanged from the release version. clean: @ 1.9 log @- bump inn version to 2.4.4 - major change of directory structure - two new options (uucp and perl now both optional) - change of maintainer @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- site/Makefile.orig 2008-05-05 10:18:36.000000000 +0000 d5 1 a5 1 @@@@ -70,22 +70,11 @@@@ REST = \ d22 1 a22 1 $D$(PATH_TCL_STARTUP) $D$(PATH_TCL_FILTER) \ d25 1 d27 1 a27 1 + $D$(PATH_NNRPAUTH) $D$(PATH_NNRPYAUTH) $D$(PATH_NNRPACCESS) d31 1 a31 1 @@@@ -140,7 +129,8 @@@@ $D$(PATH_HISTORY): d37 1 a37 1 + $(PATHBIN)/makedbz -i -o -s 100000 @ 1.8 log @Update "inn" package to version 2.4.3. Changes since version 2.4.1: - Previous versions of INN had an optimization for handling XHDR Newsgroups that used the Xref header from overview. While this does make the command much faster, it doesn't produce accurate results and breaks the NNTP protocol, so this optimization has been removed. - Fixed a bug in innd that allowed it to accept articles with duplicated headers if the header occurred an odd number of times. Modified the programs for rebuilding overview to use the last Xref header if there are multiple ones to avoid problems with spools that contain such invalid articles. - Fixed yet another problem with verifying that a user has permissions to approve posts to a moderated group. Thanks, Jens Schlegel. - Increase the send and receive buffer on the Unix domain socket used by ctlinnd. This should allow longer replies (particularly for innstat) on platforms with very low default Unix domain socket buffer sizes. - rnews's handling of articles with nul characters, NNTP errors, header problems, and deferrals has been significantly improved. - Thomas Parmelan added support to send-uucp for specifying the funnel or exploder site to flush for feeds managed through one and fixed a problem with picking up old stranded work files. - INN is now licensed under a less restrictive license (about as minimally restrictive as possible shy of public domain), and the clause similar to the old BSD advertising clause has been dropped. - make install and make update now always install the newly built binaries, rather than only installing them if the modification times are newer. This is the behavior that people expect. make install now also automatically builds a new (empty) history database if one doesn't already exist. - The embedded Tcl filter code has been disabled (and will be removed entirely in the next major release of INN). It hasn't worked for some time and causes innd crashes if compiled in (even if not used). If someone wants to step forward and maintain it, I recommend starting from scratch and emulating the Perl and Python filters. - ctlinnd should now successfully handle messages from INN up to the maximum allowable packet size in the protocol, fixing problems sites with many active peers were having with innstat output. - Overview generation has been fixed in both makehistory and innd to follow the rules in the latest NNTP draft rather than just replacing special characters with spaces. This means that the unfolding of folded header lines will not introduce additional, incorrect whitespace in the overview data. - nnrpd now uniformly responds with a 480 or 502 status code to attempts to read a newsgroup to which the user does not have access, depending on whether the user has authenticated. Previously, it returned a 411 status code, claiming the group didn't exist, which confuses the reactive authentication capability of news readers. - If a user is not authorized to approve articles (using the A access control in readers.conf), articles that include Approved headers will be rejected even if posted to unmoderated groups. Some other site may consider that group to be moderated. - The configuration parser used for readers.conf and others now correctly handles "#" inside quoted strings and is more robust against unmatched double quotes. - Messages mailed to moderators had two spaces after the colons in the headers, rather than one. This bug has been fixed. - A bug that could cause heap corruption and random crashes in innd if INN were compiled with Python support has been fixed. - Some problems with innd's tracking of article size and enforcement of the configured maximum article size have been fixed. - pgpverify will now correctly verify signatures generated by GnuPG and better supports GnuPG as the PGP implementation. - INN's code should now be more 64-bit clean in its handling of size_t, pointer differences, and casting of pointers, correcting problems that showed up on 64-bit platforms like AMD64. - Improved the error reporting in the history database code, in inews, in controlchan, and in expire. - Many other more minor bug fixes, optimization improvements, and documentation fixes. @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.7 2004/07/24 23:55:28 grant Exp $ d3 1 a3 1 --- site/Makefile.orig 2004-01-08 09:47:19.000000000 +1100 d5 1 a5 1 @@@@ -68,22 +68,11 @@@@ REST = \ d26 1 a26 1 + $D$(PATH_NNRPAUTH) $D$(PATH_NNRPYAUTH) d30 10 @ 1.7 log @regenerate patches with pkgdiff so they apply cleanly with devel/patch. @ text @d1 1 a1 1 $NetBSD$ d25 1 a25 1 - $D$(PATH_SASL_CONF) $D$(PATH_SUBSCRIPTIONS) @ 1.6 log @Update INN package to version 2.4.1. Major changes since version 2.3.x: - builtin IPv6 support - new configuration parser - completely rewriten "send-uucp" which replaces "sendbatch" @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.5 2001/07/10 16:02:12 tron Exp $ d3 4 a6 3 --- site/Makefile.orig Thu May 3 22:27:32 2001 +++ site/Makefile Sun Jun 24 13:01:33 2001 @@@@ -85,21 +85,10 @@@@ @ 1.5 log @Update "inn" package to version 2.3.2. Changes since version 2.3.1: - innxmit can again handle regular filenames as input as well as storage API tokens (allowing it to be used to import an old traditional spool). - Several problems with tagged-hash history files have been fixed thanks to the debugging efforts of Andrew Gierth and Sang-yong Suh. - A very long-standing (since INN 1.0!) NNTP protocol bug in nnrpd was fixed. The response to an ARTICLE command retrieving a message by message ID should have the message ID as the third word of the response, not the fourth. Fixing this is reported to *possibly* cause problems with some Netscape browsers, but other news servers correctly follow the protocol. - Some serious performance problems with expiration of tradspool should now be at least somewhat alleviated. tradspool and timehash now know how to output file names for removal rather than tokens, and fastrm's ability to remove regular files has been restored. This should bring expiration times for tradspool back to within a factor of two of pre-storage-API expiration times. - An item that was actually changed in 2.3.0 but wasn't noted in NEWS when it should have been: Users can no longer post articles containing Approved: headers to moderated groups by default; they must be specifically given that permission with the access: parameter in readers.conf. See the man page for more details. - Added a sample subscriptions file and documentation for it and innmail. The changes required for this update were contributed by Bernd Ernesti in PR pkg/13299. @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.4 2001/02/08 16:23:07 tron Exp $ d5 1 a5 2 @@@@ -84,22 +84,11 @@@@ $D$(CTLBIN)/sendsys.pl $D$(CTLBIN)/senduuname.pl $D$(CTLBIN)/version.pl @ 1.4 log @Update "inn" package to version 2.3.1. Changes since version 2.2.3: INN 2.3.0 represents a significant architectural change to INN, with a completely new internal overview interface, three new overview mechanisms, two new article storage mechanisms, and the elimination of quite a few old interfaces and old code. The NetBSD package furthermore includes IPv6 support and a new style startup script with backwards compatibility. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 3 --- site/Makefile.orig Thu Jan 11 09:55:23 2001 +++ site/Makefile Tue Feb 6 14:51:11 2001 @@@@ -83,22 +83,11 @@@@ d25 1 a25 1 - $D$(PATH_SASL_CONF) @ 1.3 log @"make install" could clobber files in "${INN_DATA_DIR}/etc" while "pkg_add" worked fine. @ text @d3 3 a5 3 --- site/Makefile.orig Thu Nov 12 00:02:49 1998 +++ site/Makefile Thu Jul 22 00:10:10 1999 @@@@ -87,19 +87,10 @@@@ d10 1 a10 1 - $D$(PATH_NNRPACCESS) $D$(PATH_NNRPDTRACK) $D$(PATH_NNTPPASS) \ d13 1 a13 1 - $D$(PATHETC)/innreport.conf $D$(PATHLIB)/innreport_inn.pm \ d17 1 a17 1 - $D$(PATH_OVERVIEWCTL) $D$(PATH_CYCBUFFCONFIG) \ d19 1 a19 1 + $D$(PATHLIB)/innreport_inn.pm $D$(PATH_PERL_STARTUP_INND) \ d21 1 d23 4 a26 2 - $D$(PATH_NNRPAUTH) $D$(PATHETC)/news2mail.cf + $D$(PATH_NNRPAUTH) @ 1.2 log @Remove all patches that just remove $(LIBTOOL) from the install rules. The result of these patches was that the libtool stub got installed instead of the real binary. @ text @d1 6 a6 5 $NetBSD: patch-ah,v 1.1 1998/09/05 03:21:12 garbled Exp $ --- innfeed/Makefile.orig Fri Aug 28 13:05:16 1998 +++ innfeed/Makefile Fri Aug 28 13:05:55 1998 @@@@ -111,19 +111,19 @@@@ $(LINK.c) -o $@@ $(OBJS) version.o $(LIBNEWS) $(LIBNEWS) d8 16 a23 3 $D$(PATHBIN)/innfeed: innfeed - $(LIBTOOL) ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ + ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ d25 1 a25 3 $D$(PATHBIN)/procbatch: procbatch - $(LIBTOOL) ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ + ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ a26 13 $D$(PATHBIN)/innfeed-convcfg: innfeed-convcfg - $(LIBTOOL) ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ + ../installit.sh $(OWNER) -m 550 -b .OLD $? $@@ $(SAVEOLD) $(COPYFILE) $D$(PATHBIN)/startinnfeed: startinnfeed - -$(LIBTOOL) ../installit.sh -O root -G $(NEWSGROUP) -m 4550 -b .OLD $? $@@ + -../installit.sh -O root -G $(NEWSGROUP) -m 4550 -b .OLD $? $@@ @@ME=`(whoami || /usr/ucb/whoami) 2> /dev/null` ;\ if [ "X$$ME" = Xroot ]; then \ echo $@@ has been installed setuid root. ;\ @ 1.1 log @Add new pkg for inn-2.1 the public release of InterNet News (INN). @ text @d1 1 a1 1 $NetBSD$ @