[ANNOUNCE] INN 2.6.1 available
rra at isc.org
Sat Dec 17 20:37:33 UTC 2016
Internet Systems Consortium is pleased to announce that a new bug-fix
release of INN is available at:
The MD5 checksum of this release is:
A PGP signature, signatures of SHA-1, SHA-256, and SHA-512 checksums, and
a patch from 2.6.0 to 2.6.1 are available in the same directory.
This is a bug-fix and minor feature release over 2.6.0. Upgrading an
existing INN 2.6.0 installation is as simple as building INN 2.6.1,
running make update, and restarting innd and related programs.
Many thanks to Julien ÉLIE for preparing this release.
Changes in 2.6.1
* nnrpd now uses -0000 as the time zone for Date: and Injection-Date:
header fields it generates. It was previously using +0000, wrongly
systematically indicating a local time zone at Universal Time when
*localtime* is set to false (which is the default) in readers.conf.
The +0000 time zone will now be used only if *localtime* is set to
true and UTC is really the local time zone of the server.
* Julien Elie has implemented in nnrpd the new COMPRESS command
described in draft-murchison-nntp-compress that extends the NNTP
protocol to allow a connection to be effectively and efficiently
compressed. News clients that also support that extension will be
able to benefit from that bandwidth optimization and improvement in
speed. Moreover, using COMPRESS is more secure than TLS-level
compression, as far as authentication credentials are concerned.
* The default value for the *tlscompression* parameter in inn.conf has
changed. TLS-level compression is now disabled by default, to comply
with the best current practices for a secure use of TLS in application
protocols like NNTP. Using the new COMPRESS command is recommended.
* The *tlscompression* parameter in inn.conf now also permits to disable
TLS-level compression with OpenSSL 0.9.8. It previously had an effect
only when OpenSSL 1.0.0 or later was used.
* rnews no longer segfaults at startup when started setuid news. Thanks
to Marcus Jodorf for the bug report.
* Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY
option was unconditionally set whereas only BSD/OS systems needed it.
Thanks to Christian Mock for having discovered that.
* Articles containing a Received: or a Posted: header field are no
longer rejected by nnrpd at injection time.
* Articles containing control characters or whitespace-only content
lines in their headers are now rejected by nnrpd at injection time.
* OpenSSL 1.1.0 support has been added to INN.
* When an encryption layer is negotiated during a successful use of the
STARTTLS command, or after a successful authentication using a SASL
mechanism that negotiates an encryption layer, nnrpd now updates the
permissions of the news client according to the new secure state of
his connection (that is to say auth blocks in readers.conf using the
*require_ssl* parameter are taken into account). Previously, only
connections on a dedicated port (usually 563) were taking benefit from
that parameter. Thanks to Steve Crook for the bug report.
* When a data integrity layer was negotiated during a successful SASL
authentication, nnrpd was wrongly reseting any knowledge obtained from
the client, such as the current newsgroup and article number. This
behaviour now applies only when an encryption layer is negotiated.
* nntpsend now correctly waits until all of the child innxmit processes
exit before it does. It was causing nntpsend to fail to work properly
on systems that use systemd, because when it exits prematurely,
systemd kills all of the processes it launched, including the innxmit
processes. Thanks to Jonathan Kamens for the patch.
* Update from GNU Libtool 2.4.2 to 2.4.6.
* Other minor bug fixes and documentation improvements.
INN is discussed on <inn-workers at lists.isc.org>. Please send any bug
reports or patches to that list.
More information about the inn-announce