[ANNOUNCE] INN 2.6.1 available

Russ Allbery rra at isc.org
Sat Dec 17 20:37:33 UTC 2016

Internet Systems Consortium is pleased to announce that a new bug-fix
release of INN is available at:


The MD5 checksum of this release is:


A PGP signature, signatures of SHA-1, SHA-256, and SHA-512 checksums, and
a patch from 2.6.0 to 2.6.1 are available in the same directory.

This is a bug-fix and minor feature release over 2.6.0.  Upgrading an
existing INN 2.6.0 installation is as simple as building INN 2.6.1,
running make update, and restarting innd and related programs.

Many thanks to Julien ÉLIE for preparing this release.

Changes in 2.6.1

  * nnrpd now uses -0000 as the time zone for Date: and Injection-Date:
    header fields it generates.  It was previously using +0000, wrongly
    systematically indicating a local time zone at Universal Time when
    *localtime* is set to false (which is the default) in readers.conf. 
    The +0000 time zone will now be used only if *localtime* is set to
    true and UTC is really the local time zone of the server.

  * Julien Elie has implemented in nnrpd the new COMPRESS command
    described in draft-murchison-nntp-compress that extends the NNTP
    protocol to allow a connection to be effectively and efficiently
    compressed.  News clients that also support that extension will be
    able to benefit from that bandwidth optimization and improvement in
    speed.  Moreover, using COMPRESS is more secure than TLS-level
    compression, as far as authentication credentials are concerned.

  * The default value for the *tlscompression* parameter in inn.conf has
    changed.  TLS-level compression is now disabled by default, to comply
    with the best current practices for a secure use of TLS in application
    protocols like NNTP.  Using the new COMPRESS command is recommended.

  * The *tlscompression* parameter in inn.conf now also permits to disable
    TLS-level compression with OpenSSL 0.9.8.  It previously had an effect
    only when OpenSSL 1.0.0 or later was used.

  * rnews no longer segfaults at startup when started setuid news.  Thanks
    to Marcus Jodorf for the bug report.

  * Fixed slow nnrpd responses for a few NNTP commands.  The TCP_NODELAY
    option was unconditionally set whereas only BSD/OS systems needed it. 
    Thanks to Christian Mock for having discovered that.

  * Articles containing a Received: or a Posted: header field are no
    longer rejected by nnrpd at injection time.

  * Articles containing control characters or whitespace-only content
    lines in their headers are now rejected by nnrpd at injection time.

  * OpenSSL 1.1.0 support has been added to INN.

  * When an encryption layer is negotiated during a successful use of the
    STARTTLS command, or after a successful authentication using a SASL
    mechanism that negotiates an encryption layer, nnrpd now updates the
    permissions of the news client according to the new secure state of
    his connection (that is to say auth blocks in readers.conf using the
    *require_ssl* parameter are taken into account).  Previously, only
    connections on a dedicated port (usually 563) were taking benefit from
    that parameter.  Thanks to Steve Crook for the bug report.

  * When a data integrity layer was negotiated during a successful SASL
    authentication, nnrpd was wrongly reseting any knowledge obtained from
    the client, such as the current newsgroup and article number.  This
    behaviour now applies only when an encryption layer is negotiated.

  * nntpsend now correctly waits until all of the child innxmit processes
    exit before it does.  It was causing nntpsend to fail to work properly
    on systems that use systemd, because when it exits prematurely,
    systemd kills all of the processes it launched, including the innxmit
    processes.  Thanks to Jonathan Kamens for the patch.

  * Update from GNU Libtool 2.4.2 to 2.4.6.

  * Other minor bug fixes and documentation improvements.

INN is discussed on <inn-workers at lists.isc.org>.  Please send any bug
reports or patches to that list.

More information about the inn-announce mailing list