[ANNOUNCE] INN 2.6.0 release candidate available

Russ Allbery rra at isc.org
Sat Aug 15 22:47:50 UTC 2015

Internet Systems Consortium is pleased to announce that a release
candidate version of a new major release of INN is available at:


The MD5 checksum of this release candidate is:


A PGP signature is available in the same directory.  Due to the extensive
changes between INN 2.5 and INN 2.6, no patch is available.

INN 2.6.0 is almost entirely compatible with INN 2.5, and most INN 2.5
users will be able to upgrade with a simple "make update".  A few checks
explained in the upgrade changes below should also be made.

All of the applicable bug fixes from the INN 2.5 STABLE series, including
the recent 2.5.5 release, are also included in INN 2.6.

Many thanks to Julien ÉLIE for preparing this release.

Upgrading from 2.5 to 2.6

    The following changes require your full attention because a manual
    intervention may be needed:

    * The name and location of the pullnews configuration file have changed.
      It is now pullnews.marks, located in *pathdb* when pullnews is run as
      the news user, or otherwise in the running user's home directory. 
      This file was previously stored in .pullnews in the running user's
      home directory (even for the news user).  If you use pullnews, you
      need to manually move and rename the configuration file; otherwise, it
      will no longer work.  Note that the -c flag passed to pullnews allows
      to specify another configuration file, if need be.

    * The default location of the mailpost database directory has changed
      from *pathtmp* to *pathdb*.  If you use mailpost without an explicitly
      specified database directory (using the -b flag), then you should
      manually move your current database files mailpost-msgid.dir and
      mailpost-msgid.pag from *pathtmp* to *pathdb*.

    * If you have been using SSL/TLS with nnrpd before, be aware that the
      default value of a few inn.conf parameters have changed:  the server
      now decides the preferred cipher (instead of the client), and only TLS
      protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is
      now disabled).  If you want to change these settings, the respective
      *tlspreferserverciphers* and *tlsprotocols* parameters can be tuned to
      your needs.

    * The --with-kerberos configure flag used to add Kerberos v5 support has
      been renamed to --with-krb5.

    * The --with-berkeleydb configure flag used to add Berkeley DB support
      has been renamed to --with-bdb.

    * The --enable-ipv6 configure flag no longer exists.  IPv6 is now
      unconditionally enabled, if available.

    * $HOME is no longer exported as an environment variable by
      innshellvars, innshellvars.tcl and the Perl module "INN::Config".  It
      was previously overriding the default user home directory with
      *pathnews*.  If you use these scripts in your own scripts, you will
      have to take care of that change.

    * Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd,
      if remote peers have to authenticate in order to feed articles, they
      now have to send a username (which was previously wrongly optional),
      before sending their password.  The mandatory username, though
      currently unused by innd, can be whatever the remote peer wishes.  In
      previous versions of INN, inncheck was already complaining when
      passwd.nntp contained an empty username associated with a password.

      A manual review of authenticated feeds should then be done so as to
      ensure that they are properly working.

    * The Injection-Date: and Injection-Info: headers are now generated by
      nnrpd at injection time instead of the NNTP-Posting-Date:,
      NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers.  Local
      scripts that were using (for authentication, privacy, etc.) these now
      deprecated headers should be updated.  Also note that the Path: header
      of locally posted articles can also contain the contents of the
      deprecated NNTP-Posting-Host: field.

    * The two *addnntppostingdate* and *addnntppostinghost* parameters in
      inn.conf have been respectively renamed to *addinjectiondate* and
      *addinjectionpostinghost*.  innupgrade takes care of the modification
      only for inn.conf; a manual change will therefore be needed for
      readers.conf, if these parameters are overridden in this file.

    If you are upgrading from a version prior to INN 2.5, see also
    "Upgrading from 2.4 to 2.5" in the NEWS file in the release.

Changes in 2.6.0

    * The NNTP protocol requires a username to be sent before a password
      when authentication is used.  innd was wrongly allowing only a
      password to be sent by authenticated peers.  See the note above for
      more details.

    * The Lines: header is no longer generated by nnrpd at injection time.

    * The Injection-Date: header is now generated by nnrpd at injection time
      instead of the deprecated NNTP-Posting-Date: header, when
      *addinjectiondate* is set to true.  Note that *addnntppostingdate* has
      been renamed to *addinjectiondate* in inn.conf.

    * The Injection-Info: header is now generated by nnrpd at injection time
      instead of the deprecated NNTP-Posting-Host: (when
      *addinjectionpostinghost* is set to true), X-Complaints-To: and
      X-Trace: headers.  Note that *addnntppostinghost* has been renamed to
      *addinjectionpostinghost* in inn.conf.  The Path: header of locally
      posted articles now also contains the contents of the
      NNTP-Posting-Host: header.

    * A new *addinjectionpostingaccount* parameter has been added in
      inn.conf.  When set to true, the Injection-Info: header field contains
      an additional posting-account attribute that mentions the username
      assigned to the user at connection time or after authentication.  The
      default value for this parameter is false.

    * A few headers are now considered as obsolete by nnrpd at injection
      time:  NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:,
      X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and
      See-Also: headers.

      Besides, nnrpd will similarly reject obsolete sendsys, senduuname and
      version control messages.

    * The presence of a Subject: header field beginning with "cmsg " no
      longer causes an article to be interpreted as a control message by
      nnrpd at injection time.

    * nnrpd no longer differentiates IHAVE from POST.  Articles injected
      with IHAVE are now treated as though they were injected with POST.  It
      means that if the previous behaviour of IHAVE was expected, innd
      should handle itself the connection instead of nnrpd.

    * The name of the pullnews configuration file is now pullnews.marks
      located in *pathdb* when pullnews is run as the news user, or
      otherwise in the running user's home directory.  It was previously
      stored in .pullnews in the running user's home directory (even for the
      news user).

    * Fixed a leak of semaphores when using buffindexed.  Thanks to Richard
      Kettlewell for having fixed the issue.

    * Building with Libtool is no longer optional.  The --enable-libtool
      option to configure has been removed.

    * DESTDIR and non-root installs are now properly supported and
      documented in INSTALL.  The "make install", "make update" and "make
      cert" steps properly obey DESTDIR.  Besides, it is no longer a
      requirement that the installation step be done by the superuser, as
      long as the user executing the install has supplied a DESTDIR value
      that points to a writable directory, *and* the person or process
      performing the install corrects the file ownerships when INN is
      installed on the system on which it's going to run.  Thanks to James
      Ralston for this support.

    * When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL,
      or zlib support, no longer add standard locations to compiler and
      linker include flags.  Such default paths are now added only if
      explicitly given to one or more of the --with-bdb, --with-bdb-include,
      --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib,
      --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl,
      --with-openssl-include, --with-openssl-lib, --with-zlib,
      --with-zlib-include, or --with-zlib-lib configure flags (the flags
      ending with "-include" and "-lib" are new in INN 2.6.0).

    * If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto
      libraries are found at configure time, INN will now be built with
      support for them unless respectively the --without-bdb,
      --without-sasl, --without-krb5, or --without-openssl flags are
      explicitly passed to configure.

      Note that it was already the default behaviour for zlib support when
      Berkeley DB support was also enabled.

    * The configure flag --enable-reduced-depends has been added to request
      that library probes assume shared libraries are in use and
      dependencies of libraries should not be probed.  It therefore tries to
      minimize the shared library dependencies of the resulting binaries on
      platforms with proper shared library dependencies.  This is not
      enabled by default, and is of interest primarily to people building
      packages for distributions.

    * Building INN with Python support now requires the use of Python 2.2.0
      or later as the distutils.sysconfig module used was introduced with
      Python 2.2.0.

    * The INN test suite driver is now fully synchronized with the upstream
      version of the C TAP Harness package maintained by Russ Allbery. 
      Keeping the INN test suite driver up-to-date will be possible thanks
      to a new getc-tap-harness script in the support directory that
      automatically fetches the latest upstream changes.

      Similarly, the new getrra-c-util script permits to keep most of the
      utility and portability functions synchronized with the upstream
      version of the rra-c-util package maintained by Russ Allbery.

    * Other minor bug fixes and documentation improvements.

INN is discussed on <inn-workers at lists.isc.org>.  Please send any bug
reports or patches to that list.

                                                Russ Allbery
                                                rra at isc.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 472 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/inn-announce/attachments/20150815/8ddf9559/attachment.bin>

More information about the inn-announce mailing list