INN 2.6.1 release candidate

Julien ÉLIE julien at trigofacile.com
Mon Nov 7 21:14:15 UTC 2016 

Hi all,

A release candidate for INN 2.6.1 can be downloaded at:

   https://ftp.isc.org/isc/inn/testing/inn-2.6.1rc1.tar.gz

The MD5 checksum is: 68a0c4562d72ab077a1f764a4919f823.

A PGP signature, and a patch from 2.6.0 to 2.6.1rc1 are available in the same directory.


Feel free to report any issue you may encounter.
The release is scheduled in early December.



Changes from 2.6.0 to 2.6.1

    * nnrpd now uses -0000 as the time zone for Date: and Injection-Date:
      header fields it generates.  It was previously using +0000, wrongly
      systematically indicating a local time zone at Universal Time when
      *localtime* is set to false (which is the default) in readers.conf. 
      The +0000 time zone will now be used only if *localtime* is set to
      true and UTC is really the local time zone of the server.

    * Julien Elie has implemented in nnrpd the new COMPRESS command
      described in draft-murchison-nntp-compress that extends the NNTP
      protocol to allow a connection to be effectively and efficiently
      compressed.  News clients that also support that extension will be
      able to benefit from that bandwidth optimization and improvement in
      speed.

    * The default value for the *tlscompression* parameter in inn.conf has
      changed.  TLS-level compression is now disabled by default, to comply
      with the best current practices for a secure use of TLS in application
      protocols like NNTP.  Using the new COMPRESS command is recommended.

    * rnews no longer segfaults at startup when started setuid news.  Thanks
      to Marcus Jodorf for the bug report.

    * Fixed slow nnrpd responses for a few NNTP commands.  The TCP_NODELAY
      option was unconditionally set whereas only BSD/OS systems needed it. 
      Thanks to Christian Mock for having discovered that.

    * Articles containing a Received: or a Posted: header field are no
      longer rejected by nnrpd at injection time.

    * Articles containing control characters or whitespace-only content
      lines in their headers are now rejected by nnrpd at injection time.

    * OpenSSL 1.1.0 support has been added to INN.

    * When an encryption layer is negotiated during a successful use of the
      STARTTLS command, or after a successful authentication using a SASL
      mechanism which negotiates an encryption layer, nnrpd now updates the
      permissions of the news client according to the new secure state of
      his connection (that is to say auth blocks in readers.conf using the
      *require_ssl* parameter are taken into account).  Previously, only
      connections on a dedicated port (usually 563) were taking benefit from
      that parameter.  Thanks to Steve Crook for the bug report.

    * When a data integrity layer was negotiated during a successful SASL
      authentication, nnrpd was wrongly reseting any knowledge obtained from
      the client, such as the current newsgroup and article number.  This
      behaviour now applies only when an encryption layer is negotiated.

    * The *tlscompression* parameter in inn.conf now also permits to disable
      TLS-level compression with OpenSSL 0.9.8.  It previously had an effect
      only when OpenSSL 1.0.0 or later was used.

    * nntpsend now correctly waits until all of the child innxmit processes
      exit before it does.  It was causing nntpsend to fail to work properly
      on systems that use systemd, because when it exits prematurely,
      systemd kills all of the processes it launched, including the innxmit
      processes.  Thanks to Jonathan Kamens for the patch.

    * Update from GNU Libtool 2.4.2 to 2.4.6.

    * Other minor bug fixes and documentation improvements.



-- 
Julien ÉLIE

« Le chemin le plus court d'un point à un autre est
 la ligne droite, à condition que les deux points
 soient bien en face l'un de l'autre. » (Pierre Dac)

More information about the inn-workers mailing list