Releasing INN 2.6.0?

Noel Butler noel.butler at ausics.net
Tue Mar 24 00:12:23 UTC 2015


 

My advice, for what it's worth, since its a "major", please consider
using the -RC way so others may test it before the true final is
published. 

On 24/03/2015 07:41, Julien ÉLIE wrote: 

> Hi all,
> 
> I believe it is time to release a new major version of INN (2.6.0).
> At the same time, a final version for the 2.5 branch can be released.
> 
> If someone has patches that would be interesting to add to either
> of these versions, please send them.
> If you are aware of bugs that need being fixed before a new release,
> please also tell.
> 
> As a major version is the right moment to do somehow "incompatible"
> changes, if you have ideas of useful such changes, do not hesitate
> to tell.
> 
> There are several reasons for doing a release soon.
> Naturally, the main reason is that we have been accumulating
> several useful improvements for 6 years (INN 2.5.0 was released
> in June 2009). The new injection header fields described
> in RFC 5536 and 5537 are for instance now generated by nnrpd.
> 
> The second reason is that the coding effort is currently very low
> for INN; it then seems smarter to release our latest changes than
> waiting for another couples of years!
> 
> And as some of you already know, I am expecting a son within
> a few weeks. It will be my first child, so I do not expect
> to have lots of hours to spend on INN these next months/years...
> At least for major changes.
> 
> Here is the current changelog for INN 2.5.5 and INN 2.6.0.
> Feel free to comment.
> 
> Changes in 2.5.5
> 
> * New inn.conf parameters used by nnrpd to fine-tune the SSL/TLS
> configuration have been added: *tlsciphers*, *tlscompression*,
> *tlseccurve*, *tlspreferserverciphers*, and *tlsprotocols*. Many
> thanks to Christian Mock for his contribution that permits to tighten
> the level of security provided by TLS/SSL.
> 
> * innwatch no longer creates a child process only for sleeping and then
> waits on that process. The forked-off process only died after it had
> done sleeping, which caused the INN service to drop into maintenance
> state when for instance running under SMF on illumos/Solaris (since
> not all processes die within timeout). Thanks to Lauri Tirkkonen for
> the patch.
> 
> * Add new -i flag to both cnfsstat and innwatch to specify how many
> seconds they should sleep at startup. It will especially be useful in
> rc.news so that these scripts are actually started and then sleep by
> themselves, instead of being started a minute after innd and therefore
> not being properly stopped if "rc.news stop" is invoked during that
> minute.
> 
> * Add new -f flag to "innwatch" to specify the configuration file to
> use, in case it is not the default innwatch.ctl file.
> 
> * Fixed how innupgrade is executed during an update of an INN
> installation; on a few systems like AIX, it fails to run because its
> taint mode was unproperly declared.
> 
> * Several improvements have been contributed to pullnews by Geraint
> Edwards: the new -a flag adds the Diablo-compatible hashfeed ability,
> the new -B flag triggers header-only feeding, the -m flag now permits
> to remove headers matching (or not) a given regexp, and rnews
> reporting is improved.
> 
> * Add the nnrp.access2readers.conf contribution script written by
> Jeffrey M. Vinocur to convert old-style nnrp.access file to
> readers.conf.
> 
> Upgrading from 2.5 to 2.6
> 
> The following changes require your full attention because a manual
> intervention may be needed:
> 
> * The name and location of the pullnews configuration file have changed.
> It is now pullnews.marks, located in *pathdb* when pullnews is run as
> the news user, or otherwise in the running user's home directory. 
> This file was previously stored in .pullnews in the running user's
> home directory (even for the news user). If you use pullnews, you
> need to manually move and rename the configuration file; otherwise, it
> will no longer work. Note that the -c flag passed to pullnews allows
> to specify another configuration file, if need be.
> 
> * If you have been using SSL/TLS with nnrpd before, be aware that the
> default value of a few inn.conf parameters have changed: the server
> now decides the preferred cipher (instead of the client), and only TLS
> protocols are allowed (using the flawed SSLv2 and SSLv3 protocols is
> now disabled). If you want to change these settings, the respective
> *tlspreferserverciphers* and *tlsprotocols* parameters can be tuned to
> your needs.
> 
> * The --with-kerberos configure flag used to add Kerberos v5 support has
> been renamed to --with-krb5.
> 
> * The --with-berkeleydb configure flag used to add Berkeley DB support
> has been renamed to --with-bdb.
> 
> * The --enable-ipv6 configure flag no longer exists. IPv6 is now
> unconditionally enabled, if available.
> 
> * $HOME is no longer exported as an environment variable by
> innshellvars, innshellvars.tcl and the Perl module "INN::Config". It
> was previously overriding the default user home directory with
> *pathnews*. If you use these scripts in your own scripts, you will
> have to take care of that change.
> 
> * Owing to the implementation of RFC 4643 (AUTHINFO USER/PASS) in innd,
> if remote peers have to authenticate in order to feed articles, they
> now have to send a username (which was previously wrongly optional),
> before sending their password. The mandatory username, though
> currently unused by innd, can be whatever the remote peer wishes. In
> previous versions of INN, inncheck was already complaining when
> passwd.nntp contained an empty username associated with a password.
> 
> A manual review of authenticated feeds should then be done so as to
> ensure that they are properly working.
> 
> * The Injection-Date: and Injection-Info: headers are now generated by
> nnrpd at injection time instead of the NNTP-Posting-Date:,
> NNTP-Posting-Host:, X-Complaints-To: and X-Trace: headers. Local
> scripts that were using (for authentication, privacy, etc.) these now
> deprecated headers should be updated. Also note that the Path: header
> of locally posted articles can also contain the contents of the
> deprecated NNTP-Posting-Host: field.
> 
> * The two *addnntppostingdate* and *addnntppostinghost* parameters in
> inn.conf have been respectively renamed to *addinjectiondate* and
> *addinjectionpostinghost*. innupgrade takes care of the modification
> only for inn.conf; a manual change will therefore be needed for
> readers.conf, if these parameters are overridden in this file.
> 
> Changes in 2.6.0
> 
> * The NNTP protocol requires a username to be sent before a password
> when authentication is used. innd was wrongly allowing only a
> password to be sent by authenticated peers. See the note above for
> more details.
> 
> * The Lines: header is no longer generated by nnrpd at injection time.
> 
> * The Injection-Date: header is now generated by nnrpd at injection time
> instead of the deprecated NNTP-Posting-Date: header, when
> *addinjectiondate* is set to true. Note that *addnntppostingdate* has
> been renamed to *addinjectiondate* in inn.conf.
> 
> * The Injection-Info: header is now generated by nnrpd at injection time
> instead of the deprecated NNTP-Posting-Host: (when
> *addinjectionpostinghost* is set to true), X-Complaints-To: and
> X-Trace: headers. Note that *addnntppostinghost* has been renamed to
> *addinjectionpostinghost* in inn.conf. The Path: header of locally
> posted articles now also contains the contents of the
> NNTP-Posting-Host: header.
> 
> * A new *addinjectionpostingaccount* parameter has been added in
> inn.conf. When set to true, the Injection-Info: header field contains
> an additional posting-account attribute that mentions the username
> assigned to the user at connection time or after authentication. The
> default value for this parameter is false.
> 
> * A few headers are now considered as obsolete by nnrpd at injection
> time: NNTP-Posting-Date:, NNTP-Posting-Host:, X-Complaints-To:,
> X-Trace:, Also-Control:, Article-Names:, Article-Updates:, and
> See-Also: headers.
> 
> Besides, nnrpd will similarly reject obsolete sendsys, senduuname and
> version control messages.
> 
> * The presence of a Subject: header field beginning with "cmsg " no
> longer causes an article to be interpreted as a control message by
> nnrpd at injection time.
> 
> * nnrpd no longer differentiates IHAVE from POST. Articles injected
> with IHAVE are now treated as though they were injected with POST. It
> means that if the previous behaviour of IHAVE was expected, innd
> should handle itself the connection instead of nnrpd.
> 
> * The name of the pullnews configuration file is now pullnews.marks
> located in *pathdb* when pullnews is run as the news user, or
> otherwise in the running user's home directory. It was previously
> stored in .pullnews in the running user's home directory (even for the
> news user).
> 
> * Building with Libtool is no longer optional. The --enable-libtool
> option to configure has been removed.
> 
> * When building INN with Berkeley DB, Cyrus SASL, Kerberos v5, OpenSSL,
> or zlib support, no longer add standard locations to compiler and
> linker include flags. Such default paths are now added only if
> explicitly given to one or more of the --with-bdb, --with-bdb-include,
> --with-bdb-lib, --with-sasl, --with-sasl-include, --with-sasl-lib,
> --with-krb5, --with-krb5-include, --with-krb5-lib, --with-openssl,
> --with-openssl-include, --with-openssl-lib, --with-zlib,
> --with-zlib-include, or --with-zlib-lib configure flags (the flags
> ending with "-include" and "-lib" are new in INN 2.6.0).
> 
> * If the Berkeley DB, Cyrus SASL, Kerberos v5, or OpenSSL SSL and crypto
> libraries are found at configure time, INN will now be built with
> support for them unless respectively the --without-bdb,
> --without-sasl, --without-krb5, or --without-openssl flags are
> explicitly passed to configure.
> 
> Note that it was already the default behaviour for zlib support when
> Berkeley DB support was also enabled.
> 
> * The configure flag --enable-reduced-depends has been added to request
> that library probes assume shared libraries are in use and
> dependencies of libraries should not be probed. It therefore tries to
> minimize the shared library dependencies of the resulting binaries on
> platforms with proper shared library dependencies. This is not
> enabled by default, and is of interest primarily to people building
> packages for distributions.
> 
> * The INN test suite driver is now fully synchronized with the upstream
> version of the C TAP Harness package maintained by Russ Allbery. 
> Keeping the INN test suite driver up-to-date will be possible thanks
> to a new getc-tap-harness script in the support directory that
> automatically fetches the latest upstream changes.
> 
> Similarly, the new getrra-c-util script permits to keep most of 
> the utility and portability functions synchronized with the upstream
> version of the rra-c-util package maintained by Russ Allbery.
> 
> * Other minor bug fixes and documentation improvements.
> 
> The next major changes would naturally be for INN 2.7.0.
> I will update accordingly Trac and TODO.
> 
> Have a nice week,

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20150324/647c91ac/attachment-0001.html>


More information about the inn-workers mailing list