Towards INN 2.5.2

Julien ÉLIE julien at trigofacile.com
Sat Jan 23 12:30:04 UTC 2010


Hi,

I believe it is time to prepare a release of INN 2.5.2; we have already
accumulated a *lot* of changes since INN 2.5.1.

If anyone has pending patches for INN 2.5.2, please send them.

I expect a release in March (with candidate(s) in February).


Here is the current changelog.  Feel free to comment it (typos, wording,
questions?)


Changes in 2.5.2

    * Julien Elie has implemented in innd the new version of the NNTP
      protocol described in RFC 3977, RFC 4643 and RFC 4644.  Consequently,
      innd now recognizes the CAPABILITIES command.  Notwithstanding these
      standards, three commands (IHAVE, CHECK and TAKETHIS) will continue,
      for interoperability reasons, to return a reject code (respectively
      435, 438 and 439) when the command contains a syntax error (which
      normally leads to 501).  Besides, the mandatory username for
      authenticated peers will only be enforced by INN 2.6.0.

      Major improvements are:

      * innd now has a decent parser for NNTP commands.  It permits to have
        a far better grammar parser (commands like "IHAVE<mid>", without a
        space between the command and its argument, are no longer valid) and
        to allow leading and trailing whitespaces in commands.  Besides,
        innd checks the length of the NNTP command sent by the client:  if
        the command contains more than 512 bytes (or 497 bytes for an
        argument), an error is returned and the command is discarded.  Note
        that after ten unrecognized commands, innd closes the connection
        with the appropriate code (400 instead of 500).

      * The output of the HELP command specifies the arguments expected by
        NNTP commands, the same way as nnrpd does.

      * LIST ACTIVE, LIST ACTIVE.TIMES and LIST NEWSGROUPS recognize an
        optional argument:  a wildmat can now be specified to restrict the
        results of these commands to specific newsgroups.

      * When using HEAD or STAT with an article number or a range, 412 (no
        group selected) is now returned instead of 501 (syntax error).

    * Jeffrey M. Vinocur has implemented in both innd and nnrpd support for
      whitespaces in usernames/passwords provided with AUTHINFO USER/PASS.
      They were previously considered as invalid arguments, or wrongly
      parsed.  innd and nnrpd now treat everything after the first
      whitespace character following AUTHINFO USER/PASS, up to, but not
      including, the final CRLF, as the username/password, in conformity
      with RFC 4643.

    * The syntax of message-IDs is now based on RFC 5536 (USEFOR) instead of
      RFC 1036.  The major change is that quoted-pairs have been removed
      from the syntax.

    * Case-insensitive matches are now used for distributions, path
      identities, IMAP commands, header names, and control commands.
      (Newsgroups are still matched case-sensitively.)  Message-IDs are
      case-sensitively matched, except for history hashes.

    * The new Archive:, Archive-At:, Comments:, and Summary: header fields
      defined in RFC 5064 and RFC 5536 can be used in innd filters.  nnrpd
      now checks at injection time that an article does not contain an
      Injection-Info: header, that an Injection-Date: header (if provided)
      is valid, and that the Path: header does not contain ".POSTED".  Note
      that the generation of these two injection fields and the update of
      the Path: field for locally posted articles will only be for the next
      major release of INN.

    * LIST SUBSCRIPTIONS recognizes an optional argument:  a wildmat can now
      be specified to restrict the results of this command to specific
      newsgroups.

    * A new LIST variant named COUNTS is supported by nnrpd:  LIST COUNTS is
      a combination of LIST ACTIVE and GROUP.  It returns the same result as
      LIST ACTIVE except that the number of articles in a newsgroup is
      inserted before its status.

    * A new check has been added to newsfeeds entries:  "Aj", when present,
      adds the capability to feed articles accepted and filed in "junk" (due
      to *wanttrash*) to peers based on their newsfeeds feed patterns
      applied to the Newsgroups: header as though the article were accepted
      and all those groups were locally carried.  This is useful if you want
      to run INN with a minimal active file and propagate all posts.  Thanks
      to Andrew Gierth for the patch.

    * A new parameter has been added to inn.conf:  *logtrash* defines
      whether a line for articles posted to groups not locally carried by
      the news server should be added in the news log file to report
      unwanted newsgroups.  The default is true but it can be useful to set
      it to false (especially when *wanttrash* is also used).

    * A new feature has been added to sm.  When the -c flag is used, it
      shows a clear, decoded form of the storage API token.  This was
      previously done by the contrib showtoken script developed by Olaf Titz
      and Marco d'Itri.

    * The O flag in newsfeeds now relies on the contents of the
      Injection-Info: header (or X-Trace: header if there is no
      Injection-Info: header) to determine the origin of an article.

    * A new "unsigned long" type bas been added to the configuration parser.
      It will properly warn the news administrator when a variable supposed
      to be positive contains a negative integer.  It will prevent INN from
      crashing at several places where it did not expect negative values.

    * innxbatch and innxmit now recognize the new 403 code introduced by
      RFC 3977 for a problem preventing the action from being taken.

    * HDR and OVER commands now return the right 423 code (instead of 420)
      when the current article number is used but the article no longer
      exists.

    * actsync, inews, innxbatch, innxmit, nntpget and rnews can now
      authenticate on news servers which only expect a username, without
      password, in conformity with RFC 4643.

    * The keyword generation code now generates a Keywords: header only if
      the original article does not already have one.  The generated
      Keywords: header no longer begins with a comma.  Moreover, if keyword
      generation is set to true in inn.conf but the Keywords: header is not
      stored in the overview, the news administrator is warned and keyword
      generation deactivated because it would be run for nothing.

    * Fixed two segfaults in keyword generation.  The first occurred when an
      article already had a Keywords: header the length of which is greater
      than the *keylimit* parameter.  The second was caused by a possible
      invalid pointer beyond the newly allocated Keywords: header.

    * Fixed a bug in the parsing of empty lines:  innd was not properly
      discarding an empty command, and it was closing the connection upon
      receiving only whitespaces in a command.

    * Fixed a bug in how innd responded to reader commands when readers were
      not allowed.  A superfluous blank line was sent in its response.

    * Fixed a bug in TAKETHIS:  when authentication was required, a 480 code
      was directly answered without treating the whole multi-data block
      following the command from the client, which broke the NNTP protocol.

    * Fixed a bug when empty articles were fed to innd via IHAVE or
      TAKETHIS: the article terminator was not recognized.  Therefore,
      subsequent NNTP commands were eaten inside the article.

    * Fixed a bug when innd could not provide information for LIST
      ACTIVE.TIMES and LIST NEWSGROUPS:  it was giving an invalid result,
      without any response code.  The proper 503 answer code is now
      returned.

    * When an unauthenticated user tried to post an article, nnrpd replied
      440 (posting not allowed) instead of the right 480 (authentication
      required) when the user might be able to post after authentication.
      Thanks to Daniel Weber for the bug report.

    * Fixed a bug in both innd and nnrpd answers to LIST commands which did
      not check for a valid dot-stuffed output.

    * Fixed a bug to control-only feeds:  junked non-control articles were
      being fed down control-only feeds.  Besides, poisoned control groups
      were not properly handled.  Thanks to Andrew Gierth for the patch.

    * Fixed a bug in innreport which was not correctly summing innd stats
      when *hostname* was set as an IPv6 address instead of a fully
      qualified domain name.  Thanks to Petr Novopashenniy for the bug
      report.

    * Fixed a bug in nnrpd Perl filter:  a header field whose name begins
      with the name of a standardized header field was not properly taken
      into account.

    * Fixed a bug on how innd was parsing Message-ID: and Supersedes:
      headers which contained trailing whitespaces.  The article ended up
      corrupted because of an unexpected "\r" in the middle of the header.
      Besides, nnrpd now checks the syntax of the Message-ID: header, if
      present.

    * Fixed a bug in how leading whitespaces were treated in headers.  The
      HDR, XHDR and XPAT commands were not properly showing leading
      whitespaces in header values.  Besides, "\n" and "\r" were both
      changed into spaces whereas "\r\n" just was to be removed.  As for
      archive, makehistory and tdx-util, they did not keep leading
      whitespaces in headers when generating overview data, and archive did
      not change "\n" (when not preceded by "\r") into a space when
      generating overview data.

    * Fixed a bug in the generation of overview data which may corrupt
      previously generated overview data when a malicious pseudo Xref:
      header field is injected in an extra overview field.

    * Fixed a bug in the parsing of the *ovgrouppat* wildmat in inn.conf
      that prevented overview data from being generated when poisoned groups
      were specified but a latter sub-pattern made the group wanted.  A
      uwildmat expression is now correctly handled, and a potential segfault
      has been fixed.  Thanks to D. Stussy for the bug report.

    * Fixed a bug when HDR, XHDR and XPAT were used when *virtualhost* was
      set to true in readers.conf.  The Xref: header of articles posted to
      only one newsgroup appeared empty.

    * Fixed a bug in tdx-util which was not properly parsing empty overview
      fields when called with -A or -F.

    * Fixed a bug in cvtbatch which was returning only the size of the
      headers of an article when the "b" parameter was used with the -w
      flag.  It now correctly returns the size of the whole article, which
      is what "b" is supposed to do.  Besides, cvtbatch has a new "t"
      parameter which can be used with the -w flag, so as to retrieve the
      arrival time of an article.

    * batcher has not supported the retrieval of an article with its file
      name for a long time.  The -S flag is therefore removed.

    * news.daily no longer sends superfluous mails when the nomail keyword
      is given.  Mail is only sent when there is real output.  Previously,
      there would always be headings and empty lines useful to structure the
      full report, which are now ommitted.  Also, the output of programs
      executed with postexec is now included in the regular mail.  Thanks to
      Florian Schlichting for the patch.

    * innconfval no longer maps NULL string or list values to an empty
      string or list.  These values should really be undefined.  In
      particular, it fixes an issue reported by Kamil Jonca about nnrpd
      inserting an empty Organization: header when the *organization*
      parameter in inn.conf was unset.

    * Other minor bug fixes and documentation improvements.

-- 
Julien ÉLIE

« La moitié des hommes politiques sont des bons à rien.
  Les autres sont prêts à tout. » (Coluche) 




More information about the inn-workers mailing list