INN commit: trunk (doc/pod/news.pod nnrpd/nnrpd.c)
INN Commit
Russ_Allbery at isc.org
Sun Nov 16 18:58:30 UTC 2008
Date: Sunday, November 16, 2008 @ 10:58:29
Author: iulius
Revision: 8161
Fix a bug in nnrpd: it was dropping its permissions to news too soon
(before the binding of the network socket).
Remove that remark from the upgrade process. Add a few remarks on
inn.conf instead (TLS support without sasl.conf and incominglogfrequency
parameter).
Modified:
trunk/doc/pod/news.pod
trunk/nnrpd/nnrpd.c
------------------+
doc/pod/news.pod | 16 ++++++++++------
nnrpd/nnrpd.c | 15 ++++++++-------
2 files changed, 18 insertions(+), 13 deletions(-)
Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod 2008-11-15 15:35:23 UTC (rev 8160)
+++ doc/pod/news.pod 2008-11-16 18:58:29 UTC (rev 8161)
@@ -6,12 +6,16 @@
=item *
-By default, innbind(8) refuses to bind to any port under 1024 other than 119,
-433 and 563 for security reasons. In order to run B<innd> or B<nnrpd>
-on a different port under 1024, you will have to use the B<--with-innd-port>
-configure option if there is only one supplementary port to use. Otherwise,
-you can use inetd(8), xinetd(8), or some equivalent, to achieve your need.
+The parameters used by B<nnrpd> to provide TLS support are now I<tlscafile>,
+I<tlscapath>, I<tlscertfile> and I<tlskeyfile> in F<inn.conf>. The F<sasl.conf>
+file used for that in previous versions of INN is obsolete. B<innupgrade>
+takes care of the change during C<make update>.
+=item *
+
+The I<nntpactsync> parameter has been renamed to I<incominglogfrequency>
+in F<inn.conf>; B<innupgrade> handles this renaming during the update.
+
=back
=head1 Changes in 2.5.0
@@ -1275,7 +1279,7 @@
=item *
Support for B<actsyncd> to fetch F<active> file with B<ftp>; configured by default
-to use ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z if you run B<actsyncd>.
+to use <ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z> if you run B<actsyncd>.
Be sure to read the manual page for B<actsync> to configure an F<actsync.ign>
file for your site, and test B<simpleftp> if you do not C<configure> with B<wget>
or B<ncftp>. Also see L<ftp://ftp.isc.org/pub/usenet/CONFIG/README>.
Modified: nnrpd/nnrpd.c
===================================================================
--- nnrpd/nnrpd.c 2008-11-15 15:35:23 UTC (rev 8160)
+++ nnrpd/nnrpd.c 2008-11-16 18:58:29 UTC (rev 8161)
@@ -851,13 +851,6 @@
else
NNRPACCESS = concatpath(innconf->pathetc,INN_PATH_NNRPACCESS);
- /* If started as root, switch to news uid. Unlike other parts of INN, we
- * don't die if we can't become the news user. As long as we're not
- * running as root, everything's fine; the things we write it's okay to
- * write as a member of the news group. */
- if (getuid() == 0) {
- ensure_news_user_grp(true, true);
- }
if (DaemonMode) {
if (ListenAddr6 != NULL)
@@ -869,6 +862,14 @@
if (lfd < 0)
die("can't bind to any addresses");
+ /* If started as root, switch to news uid. Unlike other parts of INN, we
+ * don't die if we can't become the news user. As long as we're not
+ * running as root, everything's fine; it's okay to write the things we
+ * write as a member of the news group. */
+ if (getuid() == 0) {
+ ensure_news_user_grp(true, true);
+ }
+
/* Detach. */
if (!ForeGroundMode) {
daemonize("/");
More information about the inn-committers
mailing list