INN 2.5.1 release
Julien ÉLIE
julien at trigofacile.com
Mon Sep 7 09:16:05 UTC 2009
Hi,
Maybe it is time to prepare a release of INN 2.5.1; we have already
accumulated a lot of changes since INN 2.5.0.
If anyone has pending patches for INN 2.5.1, please send them.
Changes in 2.5.1
* Fixed a segfault in imap_connection which could occur when SASL was
used.
* Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library
has slightly changed. imap_connection and nnrpd now handle that
change. Otherwise, some answers are too long to be properly computed
during SASL exchanges.
* Fixed a memory allocation problem which caused nnrpd to die when
retrieving via HDR/XHDR/XPAT the contents of an extra overview field
absent from the headers of an article. The NEWNEWS command was also
affected on very rare cases. Thanks to Tim Woodall for the bug
report.
* HDR/XHDR/XPAT answers are now robust when the overview database is
inconsistent. When the overview schema was modified without the
overview database being rebuilt, wrong results could be returned for
extra fields (especially a random portion of some other header). The
desired header name is now explicitly searched in the overview
information.
* Fixed the source which is logged to the news log file for local
postings when the local server is not listed in incoming.conf. A
wrong name was used, taken amongst known peers. The source is now
logged as "localhost".
* Fixed a bug in the timecaf storage method: only the first 65535
articles could be retrievable in a CAF, though everything was properly
stored. (A Crunched Article File contains all the articles that
arrive to the news server during 256 seconds.)
The storage token now uses 4 bytes to store the article sequence
number for timecaf, instead of only 2 bytes. Thanks to Kamil Jonca
for the bug report and also the patch.
* Fixed a bug in both timecaf and timehash which prevented them from
working on systems where short ints were not 16-bit integers.
* When there is not enough space to write a CAF header, the timecaf
storage manager now uses a larger blocksize. On 32-bit systems, the
CAF header is about 300 bytes, leaving about 200 bytes for the free
bitmap index (the remaining of a 512-byte blocksize). On 64-bit
systems, the size of the CAF header could exceed 512 bytes, thus
leaving no room for the free bitmap index. A 1 KB blocksize is then
used, or a larger size if need be.
* A new CNFS version has been introduced by Miquel van Smoorenburg in
the CNFS header. CNFSv4 uses 4 KB blocks instead of 512 bytes, which
more particularly makes writes faster. CNFSv4 supports
files/partitions up to 16 TB with a 4 KB blocksize.
Existing CNFS buffers are kept unchanged; only new CNFS buffers are
initialized with that new version.
* grephistory -l now returns the contents of the expires history field
as well as the hash of the message-ID. Besides, when the storage API
token does not exist, grephistory -v now also returns the hash of the
requested message-ID.
* The check on cancel messages when *verifycancels* is set to true in
inn.conf has been changed to verify that at least one newsgroup in the
cancel message can be found in the article to be cancelled. This new
feature is from Christopher Biedl.
The previous behaviour was to check whether the cancel message is from
the same person as the original post, which is extremely easy to
spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control
messages are not required to contain From: and Sender: header fields
matching the target message. This requirement only encouraged cancel
issuers to conceal their identity and provided no security".
* The way the "/remember/" line in expire.ctl works has changed.
History retention for an article was done according to its original
arrival time; it is now according to its original posting date.
Otherwise, unnecessary data may be kept too long in the history file.
To achieve that, the HISremember() function in history API now expects
a fourth parameter: the article posting time.
Note that article expiration has not changed and is still based on
arrival time, unless the -p flag is passed to expire or expireover, in
which case posting time is used.
* The default value for "/remember/" has changed from 10 to 11 because
it should be one more than the *artcutoff* parameter in inn.conf, so
that articles posted one day into the future are properly retained in
history.
* auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos
APIs. Note that using ckpasswd with PAM support and a Kerberos PAM
module instead of this authenticator is still recommended.
* A new -L flag has been added by Jonathan Kamens to makehistory so as
to specify a load average limit. If the system load average exceeds
the specified limit, makehistory sleeps until it goes below the limit.
* The output of consistency checks for article storage and the history
file no longer appears by default when "cnfsstat -a" is used. A new
-v flag has been added to cnfsstat so as to see it.
* The default path for TLS certificates has changed from *pathnews*/lib
to *pathetc*. It only affects new INN installations or generations of
certificates with "make cert". Besides, a default value has been
added to *tlscapath* because it is required by nnrpd when TLS is used.
* gzip(1) is now the default UUCP batcher in send-uucp, instead of
compress(1) whose algorithm has patent issues.
* cnfsheadconf now uses the Perl core module "Math::BigInt" rather than
the deprecated bigint.pl library. When used without specifying a CNFS
buffer, it properly displays the status of all CNFS buffers.
--
Julien ÉLIE
« -- Que lui est-il arrivé ? Un choc moral ?
-- Oui, avec un menhir. » (Astérix)
More information about the inn-workers
mailing list