2009-10-10 iulius * * Mention --enable-keywords and --with-openssl in the default inn.conf configuration file. * No need to regenerate the overview when the keyword generation code is used. * * Mention the OVER command instead of XOVER. * Mention the --enable-keywords configure option in inn.conf for keyword generation. * * The "will" keyword was checked twice. * Fix a gcc warning (a signed/unsigned cast). * Fix a segfault in the keyword generation code for articles already containing a Keywords: header. Thanks to Nix for the patch. 2009-10-09 iulius * Remove duplicate contents in news.daily, as for the run of expire and expireover. Also add a warning when the "lowmark" keyword is used without "expireover". Thanks to D. Stussy for the patch. 2009-10-03 iulius * Mention the bug-fix in the keyword generation code. * inndstart is no longer used (it was removed in INN 2.5.0) so we mention it in our FAQ. * Fix a GNUism in news.daily (a directory and "-print" are needed). Thanks to S.P. Zeidler for the patch. 2009-10-01 eagle * Update keyword code to match current article handling We no longer copy the article out of the channel and nul-terminate it, but the keyword generation code was assuming that the article was nul-terminated. Modify KEYgenerate to take an article length and use xmalloc/memcpy to make a copy rather than strdup. Thanks to Nix for the report. 2009-09-29 iulius * Bump version to INN 2.5.1. * Mention in Perl and Python hooks that UTF-8 should be used for reject messages. 2009-09-28 iulius * Mention that active.times and distrib.pats should be encoded in UTF-8, as well as ctlinnd and nnrpd arguments. * Add a function to validate the encoding of UTF-8 strings. "ctlinnd pause", "ctlinnd readers", "ctlinnd reject", "ctlinnd reserve", "ctlinnd throttle" and "nnrpd -r" commands now expect a properly encoded reason. 2009-09-11 iulius * Update support files for autoconf to their last stable version. * Update control.ctl to its last version. 2009-09-09 iulius * Use new Autoconf 2.60 macros AC_TYPE_UINT16_T, AC_TYPE_UINT32_T, AC_TYPE_LONG_LONG_INT and AC_TYPE_SSIZE_T. We do not need m4/int32.m4 any longer to define uint32_t (int32_t is not used). * Improve the changelog wording. compress does not have patent issues any longer. 2009-09-07 iulius * Check that a CAF header contains at least 128 bytes for the free bitmap header. Otherwise, increase the blocksize. On 64-bit systems, a CAF header can exceed the size of the default bitmap, which prevents timecaf from working. * Update the maximum size of a CAF. Limits are 3.5GB or 262144 articles in a CAF. * Remove trailing spaces. * Fix a documentation error about timecaf: it does not work per newsgroup (though it used to). FreeZoneIndexBytes does not exist; it is FreeZoneIndexSize. Also remove trailing spaces. * Support for sequence numbers higher than 65535 (216-1) in the timecaf storage method. We can now integrate up to (232-1) articles in a mere CAF. A CAF contains all the articles that arrive during 256 seconds. Thanks to Kamil Jonca for the bug report and his patch. Also explain how to decode timecaf tokens and paths. And use fixed 16-bit and 32-bit numbers for tokens; timecaf did not work on systems where short ints were not 16-bit integers. * Explain how to decode cnfs tokens. Also remove trailing spaces. * Remove trailing spaces. * Convert tabs to spaces. * Explain how to decode tradspool tokens and paths. Also remove trailing spaces. * ts.ng.db no longer exists; it is tradspool.map. Also remove trailing spaces. * Explain how to decode timehash tokens and paths. Also use fixed 16-bit and 32-bit numbers for tokens; timehash did not work on systems where short ints were not 16-bit integers. * Do not send 205 on exit when the client does not send QUIT. * Increase the CNFS blocksize from 512 bytes to 4096 bytes and the size limit for a buffer from 1 TB to 16 TB. Currently the CNFS storage method uses a 512 byte (1 sector)- granularity for its "filesystem". That was great in the nineties, but nowadays that is very limiting: - most filesystems use 4K blocks, so a write to a 512 byte- CNFS block can result in a read-modify-write cycle, slowing down writes enormously (effectively making them synchronous) - With larger devices, the block-bitmap at the start balloons in size - The size limit of a CNFS file/partition is 2^31 * 512 = 1 TB. (the block-offset is stored in the CNFS token as a signed integer..) So I have updated storage/cnfs/ to use 4K blocks. This introduces a new CNFS version in the CNFS header, version 4. The header now includes a blocksize member, which is 4K by default. The block offset is now encoded in the CNFS token as a unsigned int. CNFSv4 supports files/partitions up to 16 TB with a 4K blocksize. If we want to support > 16TB with 4K blocks, that is doable by stealing a few bits from the 'cycnum' value in the CNFS token. The code was updated so that for CNFSv4 and up the cyclenumber wraps on 2^24 instead of 2^32 (with one wrap per day, that's good for 45000 years, so there is no problems there). So we have 8 bits for that, but the rest of the code has not been written yet. The code works fine with existing CNFSv3 files/partitions. cnfsstat and cnfsheadconf have also been updated to understand CNFSv4. Right now a new CNFS file/device is always initialized with 4K blocksize, but it would be trivial to make that configurable. With larger blocksizes we might want to look at the CNFS write padding though it is perhaps not useful to pad CNFS writes to larger blocks than 4K. It doesn't do any harm though. Thanks to Miquel van Smoorenburg for the CNFSv4 patch. 2009-08-22 iulius * Silent gcc warnings for a possibly uninitialized variable. 2009-08-21 iulius * Use Autoconf quadrigraphs to properly encode brackets. * Mention ckpasswd(8) in the "see also" section of the documentation for auth_krb5. 2009-08-20 eagle * Avoid using markup in prunehistory NAME section Avoid POD markup in the prunehistory NAME section. Not all versions of pod2man will strip this markup when generating the man page, and *roff markup in NAME confuses some man implementations. * Recommend against using auth_krb5 In the auth_krb5 man page, recommend using ckpasswd with PAM support and a Kerberos PAM module instead of this authenticator. * Rewrite auth_krb5 to use modern Kerberos APIs Use krb5_get_init_creds_password and the current APIs and remove a bunch of cruft that's unnecessary and uninteresting. The library defaults will take care of things like building the correct service principal. Add a call to krb5_verify_init_creds, although this will only work if nnrpd is pointed to a keytab that it can read or if it's run as root. Looking in a different keytab for a local key with which to validate the credentials is left as future work and requires additional configuration to point to the correct keytab. * Strict aliasing cleanups in innd network code gcc 4.4 is now stricter about aliasing checks and doesn't like taking variables of type struct sockaddr_storage and casting them or assigning pointers to them to other struct types and then dereferencing or storing through those other pointers. It may optimize the stores away, which would be bad. The primary affected code is the inetd query code. There, allocate memory from the heap instead of the stack and use a variable of type struct sockaddr *, which is cast to other pointer types. gcc knows how to deal with that. Elsewhere, eliminate RCaddressmatch in favor of network_sockaddr_equal, which does the same thing but is aliasing-clean. Stop using SA_LEN to get the length of an address for memcpy and instead just copy the full size of a sockaddr_storage, which given that both the source and the destination are sockaddr_storage variables will be safe. 2009-08-20 iulius * Convert makedbz(8) and prunehistory(8) documentation to POD. 2009-08-19 iulius * Add examples in grephistory documentation. 2009-08-18 iulius * * Return the contents of the expires history field when "grephistory -l" is used. It was always empty. Also returns the hash of the requested message-ID. * Mention in documentation that "grephistory -l" returns nothing when the storage API token does not exist. * Fixed "grephistory -v" which does not work as expected when the storage API token does not exist. * Convert expire(8) and expirerm(8) documentation to POD. * Various fixes and homogenizations. * * History retention is now done, when possible, on posting times and not arrival times. Otherwise, articles may be kept too long in history. * HISremember in history API now has a fourth argument (the article posting date). * The default value for /remember/ is now 11 (artcutoff + 1 in order to take into account articles posted one day into the future). * Documentation rewording and improvements. * Various homogenizations. 2009-08-15 iulius * Typo for logstatus, an inn.conf parameter. * Typo: occurance -> occurrence. 2009-08-14 iulius * A patch from Christopher Biedl to alter ARTcancelverify to check whether at least one group in the cancel message can be found in the article to be cancelled. The check for matching Sender: and From: headers is useless and removed. * Add a restrictive umask before generating TLS certificates. * Typo: interpretor -> interpreter. 2009-08-05 iulius * The README files provided with snapshots were still mentioning the inn-bugs mailing-list instead of inn-workers. * A wrong source was logged to the news log for local postings, especially when the local server was not listed in incoming.conf (RChostname() then returned a wrong static buffer and ARTlog() also did not handle the case of a local connection). Also fix the initialization of data->FeedsiteLength when needed. * Move dbz.h into the public inn directory (it is for instance used by suck). However, it should be noted that if another history file format is implemented in the future, it might cause problems to external programs. 2009-07-18 iulius * Log a checkgroups only once in innreport. Now that all control.ctl matching lines are used, they were all logged by innreport as a checkgroups. We only count for several doit actions. * Do not act on a checkgroups when there isn't any matching newsgroup. 2009-07-08 iulius * If innfeed is not used, news.daily reports an error message when it tries to find out the pid of all the running instances of innfeed. We now check for that. Thanks to Andreas M. Kirchwitz for the patch. 2009-07-03 iulius * Convert the cnfsheadconf man page into POD. * When "-c" is not specified, cnfsheadconf exits. It now displays the status of all CNFS buffers, as written in its documentation. * * Use Math::BigInt rather than bigint.pl. * Use Math::BigFloat not to wrongly truncate numbers. 2009-06-28 iulius * * Add a "-v" flag to cnfsstat to see the output of consistency checks for article storage and history. * Convert the cnfsstat man page into POD. * Update the NoCeM sample file. * Use gzip instead of compress as the default UUCP batcher. 2009-06-23 iulius * Add the -L flag to makehistory in order to specify a maximum load average. If exceeded, the rebuild is paused until it decreases below the specified load. Patch by Jonathan Kamens. 2009-06-21 iulius * Regenerate dependencies after commit 8531. 2009-06-21 eagle * inn/storage.h depends on inn/defines.h and inn/options.h. 2009-06-20 iulius * Fix a bug in how perl-nocem parses its configuration file. A condition was not right. * sasl.conf does not exist any longer. * * Change the default value for TLS certificates from <pathlib> to <pathetc>. * Add a default value to tlscapath: because it is required by nnrpd when TLS is used. * Improve the TLS documentation. * * Fixed a segfault in imap_connection which can occur when SASL is used (overflow in strlcpy). * Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library has slightly changed. imap_connection and nnrpd now handle that change. Otherwise, some answers are too long to be properly computed during SASL exchanges (because of a new null character added by sasl_encode64). * The distributions file was not installed. It was an oversight. * * Fixed a memory allocation problem when retrieving via HDR/XHDR/XPAT the contents of an extra overview field absent from the headers of an article. The NEWNEWS command was also affected on very rare cases. Thanks to Tim Woodall for the bug report. * HDR/XHDR/XPAT answers are now robust when the overview database is inconsistent. When the overview schema was modified without the overview database being rebuilt, wrong results could be returned for extra fields (especially a random portion of some other header). The desired header name is now explicitly searched in the overview information. In order to achieve that, the overview_getheader() function was split into overview_get_standard_header() and overview_get_extra_header(). It allows to search by index for standard headers and to walk extra overview fields. * Fixed a memory leak when requesting metadata information (:bytes and :lines). 2009-06-17 iulius * Typo: "to precede" instead of "to preceede". * Mention to update install-sh to its last version. * Typos. * * Fix an inaccuracy in the count of overview stats. * Also fix a potential segfault in case overview_getheader() returns a NULL pointer (though it should not for the Message-ID). 2009-06-11 eagle * Link tinyleaf with $(LIBS), needed for networking libraries on Solaris. 2009-06-09 iulius * Update the release date of INN 2.5.0. 2009-06-06 iulius * Clarify a sentence about the difference between doit and mail for a checkgroups. * * Import new versions of a few m4 files provided by rra-c-util 1.0. * getaddrinfo.m4 is merged into socket.m4. * inncheck now recognizes the new "/maxdocheckgroups/" keyword in control.ctl. * Use AS_HELP_STRING instead of obsolete AC_HELP_STRING. * * Use AC_COMPILE_IFELSE instead of AC_EGREP_CPP. * Use AC_CACHE_CHECK instead of AC_MSG_CHECKING, AC_CACHE_VAL and AC_MSG_RESULT. 2009-05-24 iulius * Bump version numbers of STABLE (2.5.0 -> 2.5.1). * Better wording for the creation of <pathetc>/pgp/ncmring.gpg.