INN 2.5.1 release

Julien ÉLIE julien at trigofacile.com
Mon Sep 7 09:16:05 UTC 2009


Hi,

Maybe it is time to prepare a release of INN 2.5.1; we have already
accumulated a lot of changes since INN 2.5.0.

If anyone has pending patches for INN 2.5.1, please send them.


Changes in 2.5.1

    * Fixed a segfault in imap_connection which could occur when SASL was
      used.

    * Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library
      has slightly changed.  imap_connection and nnrpd now handle that
      change.  Otherwise, some answers are too long to be properly computed
      during SASL exchanges.

    * Fixed a memory allocation problem which caused nnrpd to die when
      retrieving via HDR/XHDR/XPAT the contents of an extra overview field
      absent from the headers of an article.  The NEWNEWS command was also
      affected on very rare cases.  Thanks to Tim Woodall for the bug
      report.

    * HDR/XHDR/XPAT answers are now robust when the overview database is
      inconsistent.  When the overview schema was modified without the
      overview database being rebuilt, wrong results could be returned for
      extra fields (especially a random portion of some other header).  The
      desired header name is now explicitly searched in the overview
      information.

    * Fixed the source which is logged to the news log file for local
      postings when the local server is not listed in incoming.conf.  A
      wrong name was used, taken amongst known peers.  The source is now
      logged as "localhost".

    * Fixed a bug in the timecaf storage method:  only the first 65535
      articles could be retrievable in a CAF, though everything was properly
      stored.  (A Crunched Article File contains all the articles that
      arrive to the news server during 256 seconds.)

      The storage token now uses 4 bytes to store the article sequence
      number for timecaf, instead of only 2 bytes.  Thanks to Kamil Jonca
      for the bug report and also the patch.

    * Fixed a bug in both timecaf and timehash which prevented them from
      working on systems where short ints were not 16-bit integers.

    * When there is not enough space to write a CAF header, the timecaf
      storage manager now uses a larger blocksize.  On 32-bit systems, the
      CAF header is about 300 bytes, leaving about 200 bytes for the free
      bitmap index (the remaining of a 512-byte blocksize).  On 64-bit
      systems, the size of the CAF header could exceed 512 bytes, thus
      leaving no room for the free bitmap index.  A 1 KB blocksize is then
      used, or a larger size if need be.

    * A new CNFS version has been introduced by Miquel van Smoorenburg in
      the CNFS header.  CNFSv4 uses 4 KB blocks instead of 512 bytes, which
      more particularly makes writes faster.  CNFSv4 supports
      files/partitions up to 16 TB with a 4 KB blocksize.

      Existing CNFS buffers are kept unchanged; only new CNFS buffers are
      initialized with that new version.

    * grephistory -l now returns the contents of the expires history field
      as well as the hash of the message-ID.  Besides, when the storage API
      token does not exist, grephistory -v now also returns the hash of the
      requested message-ID.

    * The check on cancel messages when *verifycancels* is set to true in
      inn.conf has been changed to verify that at least one newsgroup in the
      cancel message can be found in the article to be cancelled.  This new
      feature is from Christopher Biedl.

      The previous behaviour was to check whether the cancel message is from
      the same person as the original post, which is extremely easy to
      spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control
      messages are not required to contain From: and Sender: header fields
      matching the target message.  This requirement only encouraged cancel
      issuers to conceal their identity and provided no security".

    * The way the "/remember/" line in expire.ctl works has changed.
      History retention for an article was done according to its original
      arrival time; it is now according to its original posting date.
      Otherwise, unnecessary data may be kept too long in the history file.

      To achieve that, the HISremember() function in history API now expects
      a fourth parameter:  the article posting time.

      Note that article expiration has not changed and is still based on
      arrival time, unless the -p flag is passed to expire or expireover, in
      which case posting time is used.

    * The default value for "/remember/" has changed from 10 to 11 because
      it should be one more than the *artcutoff* parameter in inn.conf, so
      that articles posted one day into the future are properly retained in
      history.

    * auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos
      APIs.  Note that using ckpasswd with PAM support and a Kerberos PAM
      module instead of this authenticator is still recommended.

    * A new -L flag has been added by Jonathan Kamens to makehistory so as
      to specify a load average limit.  If the system load average exceeds
      the specified limit, makehistory sleeps until it goes below the limit.

    * The output of consistency checks for article storage and the history
      file no longer appears by default when "cnfsstat -a" is used.  A new
      -v flag has been added to cnfsstat so as to see it.

    * The default path for TLS certificates has changed from *pathnews*/lib
      to *pathetc*.  It only affects new INN installations or generations of
      certificates with "make cert".  Besides, a default value has been
      added to *tlscapath* because it is required by nnrpd when TLS is used.

    * gzip(1) is now the default UUCP batcher in send-uucp, instead of
      compress(1) whose algorithm has patent issues.

    * cnfsheadconf now uses the Perl core module "Math::BigInt" rather than
      the deprecated bigint.pl library.  When used without specifying a CNFS
      buffer, it properly displays the status of all CNFS buffers.


-- 
Julien ÉLIE

« -- Que lui est-il arrivé ? Un choc moral ?
  -- Oui, avec un menhir. » (Astérix) 




More information about the inn-workers mailing list