[ANNOUNCE] INN 2.5.1 available

Russ Allbery rra at isc.org
Mon Oct 12 22:24:48 UTC 2009 

Internet Systems Consortium is pleased to announce that a new bug-fix
release of INN is available at:

   ftp://ftp.isc.org/isc/inn/inn-2.5.1.tar.gz

The MD5 checksum of this release is:

   e0b99d07392723b2ac2390856f7e44e5

A PGP signature and a patch from 2.5.0 to 2.5.1 are available in the same
directory.

This is a bug-fix release over 2.5.0.  Upgrading an existing INN 2.5.0
installation is as simple as building INN 2.5.1, running make update, and
restarting innd and related programs.

Many thanks to Julien ÉLIE for preparing this release.

Major changes from 2.5.0 to 2.5.1

 * Fixed a segfault in imap_connection which could occur when SASL was
   used.

 * Fixed a segfault in the keyword generation code which was assuming
   that an article was nul-terminated.  Fixed another segfault in the
   keyword generation code when an article already contained a Keywords:
   header.  Thanks to Nix for the bug reports.

 * Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library
   has slightly changed.  imap_connection and nnrpd now handle that
   change.  Otherwise, some answers are too long to be properly computed
   during SASL exchanges.

 * Fixed a memory allocation problem which caused nnrpd to die when
   retrieving via HDR/XHDR/XPAT the contents of an extra overview field
   absent from the headers of an article.  The NEWNEWS command was also
   affected on very rare cases.  Thanks to Tim Woodall for the bug
   report.

 * HDR/XHDR/XPAT answers are now robust when the overview database is
   inconsistent.  When the overview schema was modified without the
   overview database being rebuilt, wrong results could be returned for
   extra fields (especially a random portion of some other header).  The
   desired header name is now explicitly searched for in the overview
   information.

 * Fixed the source which is logged to the news log file for local
   postings when the local server is not listed in incoming.conf.  A
   wrong name was used, taken amongst known peers.  The source is now
   logged as "localhost".

 * Fixed a bug in the timecaf storage method:  only the first 65535
   articles could be retrievable in a CAF, though everything was properly
   stored.  (A Crunched Article File contains all the articles that
   arrive to the news server during 256 seconds.)

   The storage token now uses 4 bytes to store the article sequence
   number for timecaf, instead of only 2 bytes.  Thanks to Kamil Jonca
   for the bug report and also the patch.

 * Fixed a bug in both timecaf and timehash which prevented them from
   working on systems where short ints were not 16-bit integers.

 * When there is not enough space to write an entire CAF header, the
   timecaf storage manager now uses a larger blocksize.  On 32-bit
   systems, the CAF header is about 300 bytes, leaving about 200 bytes
   for the free bitmap index (the remaining of a 512-byte blocksize).  On
   64-bit systems, the size of the CAF header could exceed 512 bytes,
   thus leaving no room for the free bitmap index.  A 1 KB blocksize is
   then used, or a larger size if need be.

 * A new CNFS version has been introduced by Miquel van Smoorenburg in
   the CNFS header.  CNFSv4 uses 4 KB blocks instead of 512 bytes, which
   more particularly makes writes faster.  CNFSv4 supports
   files/partitions up to 16 TB with a 4 KB blocksize.

   Existing CNFS buffers are kept unchanged; only new CNFS buffers are
   initialized with that new version.

 * grephistory -l now returns the contents of the expires history field
   as well as the hash of the message-ID.  Besides, when the storage API
   token does not exist, grephistory -v now also returns the hash of the
   requested message-ID.

 * The check on cancel messages when *verifycancels* is set to true in
   inn.conf has been changed to verify that at least one newsgroup in the
   cancel message can be found in the article to be cancelled.  This new
   feature is from Christopher Biedl.

   The previous behaviour was to check whether the cancel message is from
   the same person as the original post, which is extremely easy to
   spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control
   messages are not required to contain From: and Sender: header fields
   matching the target message.  This requirement only encouraged cancel
   issuers to conceal their identity and provided no security".

 * The way the "/remember/" line in expire.ctl works has changed.
   History retention for an article was done according to its original
   arrival time; it is now according to its original posting date.
   Otherwise, unnecessary data may be kept too long in the history file.

   To achieve that, the HISremember() function in history API now expects
   a fourth parameter:  the article posting time.

   Note that article expiration has not changed and is still based on
   arrival time, unless the -p flag is passed to expire or expireover, in
   which case posting time is used.

 * The default value for "/remember/" has changed from 10 to 11 because
   it should be one more than the *artcutoff* parameter in inn.conf, so
   that articles posted one day into the future are properly retained in
   history.

 * auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos
   APIs.  Note that using ckpasswd with PAM support and a Kerberos PAM
   module instead of this authenticator is still recommended.

 * A new -L flag has been added by Jonathan Kamens to makehistory so as
   to specify a load average limit.  If the system load average exceeds
   the specified limit, makehistory sleeps until it goes below the limit.

 * As UTF-8 is the default character set in RFC 3977, "ctlinnd pause",
   "ctlinnd readers", "ctlinnd reject", "ctlinnd reserve", "ctlinnd
   throttle" and "nnrpd -r" commands now require the given reason to be
   encoded in UTF-8, so that it can be properly sent to news readers.
   The creator's name given to "ctlinnd newgroup" is also expected to be
   encoded in UTF-8.

 * The output of consistency checks for article storage and the history
   file no longer appears by default when "cnfsstat -a" is used.  A new
   -v flag has been added to cnfsstat so as to see it.

 * The default path for TLS certificates has changed from *pathnews*/lib
   to *pathetc*.  It only affects new INN installations or generations of
   certificates with "make cert".  Besides, a default value has been
   added to *tlscapath* because it is required by nnrpd when TLS is used.

 * gzip(1) is now the default UUCP batcher in send-uucp instead of
   compress(1) because gzip is more widely available than compress, due
   to old patent issues.  Note that there is no impact on decompression
   as it is handled by rnews.

 * cnfsheadconf now uses the Perl core module "Math::BigInt" rather than
   the deprecated bigint.pl library.  When used without specifying a CNFS
   buffer, it now properly displays the status of all CNFS buffers.

INN is discussed on <inn-workers at lists.isc.org>.  Please send any bug
reports or patches to that list.

                                                Russ Allbery
                                                rra at isc.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-announce/attachments/20091012/4d343a1e/attachment.bin>

More information about the inn-announce mailing list