1 =head1 Changes in 2.4.5
7 Fixed the "alarm signal" around C<SSL_read> in B<nnrpd>: it allows
8 a proper disconnection of news clients which were previously hanging
9 when posting an article through a SSL connection. Moreover, the
10 I<clienttimeout> parameter now works on SSL connections. Thanks to
11 Matija Nalis for the patch.
15 SO_KEEPALIVE is now implemented for SSL TCP connections on systems
16 which support it, allowing system detection and closing the dead
17 TCP SSL connections automatically after system-specified time. Thanks
18 to Matija Nalis for the patch.
22 Fixed a segmentation fault when an article of a size greater than remaining
23 stack is retrieved via SSL. Thanks to Chris Caputo for this patch.
27 Fixed a few segfaults and bugs which affected both Python B<innd> and B<nnrpd>
28 hooks. They no longer check the existence of methods not used by the hooked
29 script. An issue with Python exception handling was also fixed, as well as
30 a segfault fixed by Russ Allbery which happened whenever one closes and then
31 reopens Python in the same process. Julien Elie also fixed a bug when reloading
32 Python filters (they were not always correctly reloaded) and a segfault when
33 generating access groups with embedded Python filters for B<nnrpd>.
34 Many thanks to David Hlacik for its bug reports.
38 The F<nnrpd.py> stub file in order to test Python B<nnrpd> hooks, as
39 mentioned in their documentation, is now installed; only F<INN.py> was
40 previously installed in I<pathfilter>. Also fixed a bug in F<INN.py>
41 and add missing methods to it.
45 Fixed a long-standing bug in B<innreport> which prevented it from
46 correctly reporting B<nnrpd> and B<innfeed> log messages.
50 Fixed a hang in Perl hooks on (at least) HP/PA since S<Perl 5.10>.
54 Fixed a compilation problem on some platforms because of AF_INET6 which
55 was not inside a HAVE_INET6 block in B<innfeed>.
59 Fixed a bug in B<innfeed> which contained thrice the same IPs for each
60 peer; it unnecessarily slowed the peer IP rotation for B<innfeed>. Thanks,
61 S<D. Stussy>, for having seen that. Miquel van Smoorenburg provided the patch.
65 A new I<heavily> improved version of B<pullnews> is shipped with this
66 INN release. This new version is provided by Geraint Edwards. He added
67 no more than S<16 flags>, fixed some bugs and integrated the B<backupfeed>
68 contrib script by Kai Henningsen, adding again S<6 other> flags. A
69 long-standing but very minor bug in the B<-g> option was especially fixed
70 and items from the to-do list implemented. Many thanks again to Geraint Edwards.
74 New headers are accessible through Perl and Python B<innd> filtering
75 hooks. You will find the exact list in the INN Python Filtering and
76 Authentication Hooks documentation (F<doc/hook-python>) and in Python
77 samples. Thanks to Matija Nalis for this addition of new useful headers.
81 New samples for Python B<nnrpd> hooks are shipped with INN: F<nnrpd_access.py>
82 for access control and F<nnrpd_dynamic.py> for dynamic access control. The
83 F<nnrpd_auth.py> script is now only used for authorization control. See the
84 F<readers.conf> man page for more information (especially the I<python_auth>,
85 I<python_access> and I<python_dynamic> parameters). The documention about
86 INN Python Filtering and Authentication Hooks has also been improved by
91 =head1 Changes in 2.4.4
97 Fixed incomplete checking of packet sizes in the B<ctlinnd> interface in
98 the no-Unix-domain-sockets case. This is a potential buffer overflow in
99 dead code since basically all systems INN builds on support Unix domain
100 sockets these days. Also track the buffer size more correctly in the
101 client side of this interface for the Unix domain socket case.
105 Group blocks in F<incoming.conf> are now correctly parsed and no longer
106 cause segfaults when loading this file.
110 Fixed a problem with B<innfeed> continuously segfaulting on amd64 hardware
111 (and possibly on lots of 64-bit platforms). Many thanks to Ollivier Robert
112 for his patch and also to Kai Gallasch for having reported the problem and
113 provided the FreeBSD server to debug it.
117 B<scanlogs> now rotates B<innfeed>'s log file, which prevents B<innfeed>
118 from silently dying when its log file reaches S<2 GB>.
122 S<Perl 5.10> support has been added to INN thanks to Jakub Bogusz.
126 Some news clients hang when posting an article through a SSL connection:
127 it seems that B<nnrpd>'s SSL routines make it wrongly wait for data
128 completion. In order to fix the problem, the select() wait is now
129 just bypassed. However, the IDLE timer stat is currently not collected
130 for such connections. Thanks to Kachun Lee for this workaround.
134 Fixed a bug in the display of the used compressor (C<cunbatch> was used
135 if arguments were passed to B<gzip> or B<bzip2>).
139 Fixed a bug in B<mailpost> and B<pullnews> which prevented useful error
140 messages to be seen. Also add the B<-x> flag to B<pullnews> in order
141 to insert Xref: headers in articles which lack one.
145 If compiling with S<Berkeley DB>, use its ndbm compatibility layer for
146 B<ckpasswd> in preference to searching for a traditional dbm library.
147 INN also supports S<Berkeley DB 4.4>, 4.5 and 4.6 thanks to Marco d'Itri.
151 B<ovdb_init> now properly closes stdin/out/err when it becomes a daemon.
152 The issue was reported by Viktor Pilpenok and fixed by Marco d'Itri.
156 Added support for Diablo quickhash and hashfeed algorithms.
157 It allows to distribute the messages among several peers (new B<Q> flag
158 for F<newsfeeds>). Thanks to Miquel van Smoorenburg for this
159 implementation in INN.
163 B<innd> now listen on separate sockets for IPv4 and IPv6 connections
164 if the IPV6_V6ONLY socket option is available. There might also be
165 operating systems that still have separate IPv4 and IPv6 TCP implementations,
166 and advanced features like TCP SACK might not be available on v6 sockets.
167 Thanks to Miquel van Smoorenburg for this patch.
171 The two configuration options I<bindaddress> and I<bindaddress6> can now
172 be set on a per-peer basis for B<innfeed>. Setting I<bindaddress6>
173 to C<none> tells B<innfeed> to never attempt an IPv6 connection to that
174 host. Thanks to Miquel van Smoorenburg for this patch.
178 Added a I<nnrpdflags> parameter to F<inn.conf> (modeled on the concept of
179 I<innflags>) to permit passing of command line arguments to instances of
180 B<nnrpd> spawned from B<innd>.
184 A new F<inn.conf> parameter called I<pathcluster> has been added:
185 it allows to append a common name to the Path: header
186 on all incoming articles. I<pathhost> and I<pathalias> (if set)
187 are still appended to the path as usual, but I<pathcluster>
188 is always appended as the last element (e.g. on the leftmost
189 side of the Path: header). Thanks to Miquel van Smoorenburg for
194 B<simpleftp> has been rewritten to use C<Net::FTP>. Indeed, F<ftp.pl>
195 is no longer shipped with S<Perl 5> and the script did not work.
199 B<perl-nocem> will now check for a timeout and re-open the socket
200 if required. Additionally, B<perl-nocem> will switch to
201 cancel_ctlinnd in case cancel_nntp fails after sending
202 the Message-ID. Thanks to Christoph Biedl for the patch. A more
203 detailed documentation has also been written for perl-nocem(8).
207 The RADIUS configuration is now wrapped in a C<server {}> block in
212 Checkgroups when there is nothing to change no longer result in sending
213 a blank mail to administrators. Besides, no mail is sent by B<controlchan>
214 for the creation of a newsgroup when the action is C<no change>.
218 Checkgroups are now properly propagated even though the news server
219 does not carry the groups they are posted to.
223 B<controlchan> and B<docheckgroups> now handle wire format messages
224 so that articles from the spool can be directly fed to them.
228 Newgroup control messages for existing groups now change their description.
229 If a mail is sent to administrators, it reminds them to update their
230 F<newsgroups> file. It also warns when there are missing or obsolete
231 descriptions. Furthermore, the F<newsgroups> file is now written prettier
232 (from one to three tabulations between the name of the group and its
233 short description) and to.* groups cannot be created.
237 The sample F<control.ctl> file has been extensively updated.
241 Fixed empty LISTGROUP replies which were not terminated. Thanks to
242 David Canzi for the patch.
246 In response to a LIST [file] command, if the file does not exist,
247 we assume it is not maintained and return C<503> instead of C<215> and
248 an empty file. Moreover, capability to LIST ACTIVE.TIMES for a wildmat
249 pattern as its third argument has been added in order to select wanted
254 B<inews> now tries to authenticate if it does not receive a C<200> return
255 code after MODE READER. Indeed, it might be able to post even with
256 a C<201> return code and also with another codes like C<440> or C<480>.
260 If creating a new F<history> file, set the ownership and mode appropriately.
261 B<inncheck> also expects fewer things to be private to the news user. Most
262 of the configuration files will never contain private information like
267 Other minor bug fixes and documentation improvements.
271 =head1 Changes in 2.4.3
277 Previous versions of INN had an optimization for handling XHDR Newsgroups
278 that used the Xref: header from overview. While this does make the command
279 much faster, it doesn't produce accurate results and breaks the NNTP
280 protocol, so this optimization has been removed.
284 Fixed a bug in B<innd> that allowed it to accept articles with duplicated
285 headers if the header occurred an odd number of times. Modified the
286 programs for rebuilding overview to use the last Xref: header if there
287 are multiple ones to avoid problems with spools that contain such invalid
292 Fixed yet another problem with verifying that a user has permissions to
293 approve posts to a moderated group. Thanks, Jens Schlegel.
297 Increase the send and receive buffer on the Unix domain socket used by
298 B<ctlinnd>. This should allow longer replies (particularly for B<innstat>) on
299 platforms with very low default Unix domain socket buffer sizes.
303 B<rnews>'s handling of articles with nul characters, NNTP errors, header
304 problems, and deferrals has been significantly improved.
308 Thomas Parmelan added support to B<send-uucp> for specifying the funnel or
309 exploder site to flush for feeds managed through one and fixed a problem
310 with picking up old stranded work files.
314 Many other more minor bug fixes, optimization improvements, and
319 =head1 Changes in 2.4.2
325 INN is now licensed under a less restrictive license (about as minimally
326 restrictive as possible shy of public domain), and the clause similar to
327 the old BSD advertising clause has been dropped.
331 C<make install> and C<make update> now always install the newly built binaries,
332 rather than only installing them if the modification times are newer.
333 This is the behavior that people expect. C<make install> now also
334 automatically builds a new (empty) history database if one doesn't already
339 The embedded Tcl filter code has been disabled (and will be removed
340 entirely in the next major release of INN). It hasn't worked for some
341 time and causes B<innd> crashes if compiled in (even if not used). If
342 someone wants to step forward and maintain it, I recommend starting from
343 scratch and emulating the Perl and Python filters.
347 B<ctlinnd> should now successfully handle messages from INN up to the maximum
348 allowable packet size in the protocol, fixing problems sites with many
349 active peers were having with B<innstat> output.
353 Overview generation has been fixed in both B<makehistory> and B<innd> to follow
354 the rules in the latest NNTP draft rather than just replacing special
355 characters with spaces. This means that the unfolding of folded header
356 lines will not introduce additional, incorrect whitespace in the overview
361 B<nnrpd> now uniformly responds with a C<480> or C<502> status code to attempts
362 to read a newsgroup to which the user does not have access, depending on
363 whether the user has authenticated. Previously, it returned a C<411> status
364 code, claiming the group didn't exist, which confuses the reactive
365 authentication capability of news readers.
369 If a user is not authorized to approve articles (using the C<A> I<access>
370 control in F<readers.conf>), articles that include Approved: headers will be
371 rejected even if posted to unmoderated groups. Some other site may
372 consider that group to be moderated.
376 The configuration parser used for F<readers.conf> and others now correctly
377 handles C<#> inside quoted strings and is more robust against unmatched
382 Messages mailed to moderators had two spaces after the colons in the
383 headers, rather than one. This bug has been fixed.
387 A bug that could cause heap corruption and random crashes in B<innd> if INN
388 were compiled with Python support has been fixed.
392 Some problems with B<innd>'s tracking of article size and enforcement of the
393 configured maximum article size have been fixed.
397 B<pgpverify> will now correctly verify signatures generated by GnuPG and
398 better supports GnuPG as the PGP implementation.
402 INN's code should now be more 64-bit clean in its handling of size_t,
403 pointer differences, and casting of pointers, correcting problems that
404 showed up on 64-bit platforms like AMD64.
408 Improved the error reporting in the history database code, in B<inews>, in
409 B<controlchan>, and in B<expire>.
413 Many other, more minor bugs have also been fixed.
417 =head1 Changes in 2.4.1
423 SECURITY: Handle the special filing of control messages into per-type
424 newsgroups more robustly. This closes a potentially exploitable buffer
425 overflow. Thanks to Dan Riley for his excellent bug report.
429 Fixed article handling in B<innd> so that articles without a Path: header
430 (arising from peers sending malformatted articles or injecting
431 malformatted articles through rnews) would not cause B<innd> to crash. (This
432 was not exploitable.)
436 Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen.
440 C<configure> now looks for B<sendmail> only in F</usr/sbin> and F</usr/lib>, not on
441 the user's path. This should reduce the need for B<--with-sendmail> if your
442 preferred sendmail is in a standard location.
446 The robustness of the tradindexed overview method has been further
447 increased, handling more edge cases arising from corrupted databases and
448 oddly-named newsgroups.
452 B<innd> now never decreases the high water mark of a newsgroup when
453 renumbering, which should help ameliorate overview and F<active> file
454 synchronization problems.
458 Do not close and reopen the F<history> file on B<ctlinnd> reload when the server
459 is paused or throttled. This was breaking B<ctlinnd> reload all during a
464 Various minor portability and compilation issues fixed. Substantial
465 numbers of compiler warnings have been cleaned up, thanks largely to work
470 Multiple other more minor bugs have been fixed.
474 Documentation and man pages have been clarified and updated.
478 =head1 Upgrading from 2.3 to 2.4
480 The F<inn.conf> parser has changed between S<INN 2.3> and 2.4. Due to that
481 change, options in F<inn.conf> that contain whitespace or a few other
482 special characters must be quoted with double quotes, and empty parameters
483 (parameters with no value) are not allowed. S<INN 2.4> comes with a script,
484 B<innupgrade>, run automatically during C<make update>, that will attempt
485 to fix any problems that it finds with your F<inn.conf> file, saving the
486 original as F<inn.conf.OLD>.
488 This change is the beginning of standardization of parsing and syntax
489 across all of INN's configuration files.
491 The history subsystem now has a standard API that allows other backends to
492 be used. Because of this, you now need to specify the history method in
497 will tell INN to use the same history backend as was used in previous
498 versions. B<innupgrade> should take care of this for you.
500 ovdb is known to have some locking and timing issues related to how B<nnrpd>
501 shuts down (or fails to shut down) the overview databases. If you have
502 stability problems with ovdb, try setting I<readserver> to C<true> in
503 F<ovdb.conf>. This will funnel all ovdb reads through a single process
504 with a cleaner interface to the underlying S<Berkeley DB> database.
506 If you use Perl authentication for B<nnrpd> (if I<nnrpdperlauth> in
507 F<inn.conf> is C<true>), there have been major changes. See "Changes to
508 Perl Authentication Support for nnrpd" in F<doc/hook-perl> for details.
510 Similarly, if you use Python authentication for B<nnrpd> (if
511 I<nnrpdpythonauth> in F<inn.conf> is C<true>), there have been major changes.
512 See "Changes to Python Authentication and Access Control Support for
513 nnrpd" in F<doc/hook-python> for details.
515 If you use B<send-uucp>, it has been completely rewritten and now takes a
516 configuration file to specify its behavior. See its man page for more
517 information. If you use B<sendbatch>, it is no longer included in INN
518 since the new B<send-uucp> can handle all of the same functionality.
520 The wildmat API has been renamed (to uwildmat and friends; see uwildmat(3)
521 for the interfaces) to distinguish it from Rich $alz's original version,
522 since it now supports UTF-8. This may require changes in other software
523 packages that link against INN's libraries.
525 If you are upgrading from a version prior to S<INN 2.3>, see L<Upgrading
528 =head1 Changes in 2.4.0
534 IPv6 support has been added, disabled by default. If you have IPv6
535 connectivity, build with B<--enable-ipv6> to try it. There are no known
536 bugs, but please report any problems you find (or even successes, if you
537 use an unusual platform). There are a few changes of interest; further
538 information is available in F<doc/IPv6-info>.
542 The tradindexed overview method has been completely rewritten and should
543 be considerably more robust in the face of system crashes. A new utility,
544 B<tdx-util>, is provided to examine the contents of the overview database,
545 repair inconsistencies, and rebuild the overview for particular groups
546 from a tradspool news spool. See tdx-util(8) for more details.
550 The Perl and Python authentication hooks for readers have been extensively
551 overhauled and integrated better with F<readers.conf>. See the Changes
552 sections in F<doc/hook-perl> and F<doc/hook-python> for more details.
556 B<nnrpd> now optionally supports article injection via IHAVE, see
557 readers.conf(5). Any articles injected this way must have Date, From,
558 Message-ID, Newsgroups, Path, and Subject headers. X-Trace and
559 X-Complaints-To headers will be added if the appropriate options are set
560 in F<readers.conf>, but other headers will not be modified/inserted (e.g.
561 NNTP-Posting-Host, NNTP-Posting-Date, Organization, Lines, Cc, Bcc, and To
566 B<nnrpd> now handles arbitrarily long lines in POST and IHAVE; administrators
567 who want to limit the length of lines in locally posted articles will need
568 to add this to their local filters instead.
572 B<nnrpd> no longer handles the poorly-specified S<RFC 977> optional fourth
573 argument to the NEWGROUPS command specifying the "distributions" that the
574 command was supposed to apply to.
576 Clients that use that argument will break. There are not believed to be
577 any such clients, and it's easy enough to just filter the returned list of
578 newsgroups (which is generally fairly short) to achieve the same results.
582 B<nnrpd> no longer accepts UTC as a synonym for GMT for NEWGROUPS or NEWNEWS.
583 This usage was never portable, and was rejected by the NNTP working group.
584 It is being removed now in the hope that it will be caught before anyone
585 starts to rely on it.
589 B<innfeed> supports a new peer parameter, I<backlog-feed-first>, that if set
590 to C<true> feeds any backlog to a peer before new articles, see
591 innfeed.conf(5). When used in combination with I<max-connections> set to C<1>,
592 this can be used to enforce in-order delivery of messages to a peer that
593 is doing Xref slaving, avoiding cases where a higher-numbered message is
594 received before a lower-numbered message in the same group.
598 Several other, more minor protocol issues have been fixed: connections
599 rejected due to the connection rate limiting in B<innd> receive C<400> replies
600 instead of C<504> or C<505>, and ARTICLE without an argument will always either
601 retrieve the current article or return a C<423> error, never advance the
602 current article number to the next valid article.
604 See F<doc/compliance-nntp> for all of the known issues with INN's
605 compliance with the current NNTP draft.
609 All accesses to the F<history> file for all parts of INN now go through a
610 generic API like the storage and overview subsystems do. This will
611 eventually allow new history implementations to be dropped in without
612 affecting the rest of INN, and will significantly improve the
613 encapsulation of the history subsystem. See the libinnhist(3) man page
614 for the details of the interface.
618 INN now uses a new parser for the F<inn.conf> file. This means that
619 parameters containing whitespace or other special characters must now be
620 quoted; see inn.conf(5). It fixes the long-standing bug that certain
621 values must be included in F<inn.conf> even if using the defaults for the
622 use of shell or Perl scripts, and it will serve as the basis for
623 standardizing and cleaning up the configuration file parsing in other
624 parts of INN. B<innupgrade> is run during C<make update> and should convert
625 an existing F<inn.conf> file for you.
629 B<send-uucp> has been replaced by a completely rewritten version from
630 Marco d'Itri, Edvard Tuinder, and Miquel van Smoorenburg, which uses a
631 configuration file that specifies batch sizes, compression methods, and
632 hours during which batches should be generated. The old B<sendbatch>
633 script has been retired, since B<send-uucp> can now handle everything
638 Two C<configure> options have changed names: B<--with-tmp-path> is now
639 B<--with-tmp-dir>, and B<--with-largefiles> is now B<--enable-largefiles>, to
640 improve consistency and better match the C<autoconf> option guidelines.
644 Variables can now be used in the F<newsfeeds> file to make it easier to
645 specify many similar feeds or feed patterns. See the newsfeeds(5) man
650 Local connections to INN support a new special mode, MODE CANCEL, that
651 allows efficient batch cancellation of messages. This is intended to be
652 the preferred interface for external spam and abuse filters like NoCeM.
653 See "CANCEL FEEDS" in innd(8) for details.
657 Two new options, I<nfsreader> and I<nfswriter>, have been added to
658 F<inn.conf> to aid in building NFS based shared reader/writer platforms.
659 On the writer server configure I<nfswriter> to C<true> and on all of the readers
660 configure I<nfsreader> to C<true>; these options add calls to force data out to
661 the NFS server and force it to be read directly from the NFS server at the
662 appropriate moments. Note that it has only been tested on S<Solaris 8>,
663 using CNFS as the storage mechanism and tradindexed as the overview
668 A new option, I<tradindexedmmap>, has been added to F<inn.conf>. If set
669 to C<true> (the default), then the tradindexed overview method will use
670 mmap() to access its overview data (in 2.3 you couldn't control this; it
675 Thanks to code contributed by CMU, B<innfeed> can now feed an IMAP server as
676 well as other NNTP servers. See the man page for innfeed(8) for more
681 An authenticator, B<auth_smb>, that checks a username and password against
682 a remote Samba server is now included. See auth_smb(8) for details.
686 The wildmat functions in INN now support UTF-8, in a way that should allow
687 them to still work with most simple 8-bit character sets in widespread
688 use. As part of this change, some additional wildmat interfaces are now
689 available and the names have changed (to uwildmat, where C<u> is for
690 Unicode). See uwildmat(3) for the details.
694 The interface between external authenticators and B<nnrpd> is now properly
695 documented, in F<doc/external-auth>. A library implementing this
696 interface in C is provided, which should make it easier to write
697 additional authenticators resolvers. See libauth(3) for details, and any
698 of the existing programs in F<authprogs/> for examples.
702 Most (if not all) of the temporary file creation in INN now uses functions
703 that create temporary files properly and safely.
707 =head1 Changes in 2.3.5
713 Clients using POST are no longer permitted to provide an Injector-Info:
718 Fixed a bug causing posts with Followup-To: set to a moderated group to be
719 rejected if the posting user didn't have permission to approve postings.
723 Fixed bugs in B<inncheck> with setuid rnews or setgid inews, in I<innconfval>
724 with F<inn.conf> parameters containing shell metacharacters but no spaces,
725 and in F<parsedate.y> with some versions of B<yacc>. Fixed a variety of
726 size-related printf format warnings (e.g., C<%d> vs. C<%ld>) thanks to the work
727 of Winfried Szukalski.
731 =head1 Changes in 2.3.4
737 LIST ACTIVE no longer returns data when given a single group argument if
738 the client is not authorized to read that group.
742 XHDR and XPAT weren't correctly parsing article headers, resulting in
743 searches for the header "newsgroup" matching the header "newsgroups".
747 Made CNFS more robust against crashes by actually syncing the cycbuff
748 headers to disk as was originally intended. Fixed a memory leak in the
753 Two bugs in B<pgpverify> when using GnuPG were fixed: it now correctly checks
754 for B<gpgv> (rather than B<pgp>) when told to use GnuPG and expects the keyring
755 to be F<pubring.gpg> (not F<pubring.pgp>).
759 Substantial updates to the sample provided F<control.ctl> file.
763 Compilation fixes with S<Perl 5.8.0>, S<Berkeley DB 4.x>, current versions of
764 Linux (including with large file support), and Tru64. B<inndf> fixes for
769 Various bugs in the header handling in B<nnrpd> have been fixed, including
770 hangs when using virtual domains and improper processing of folded headers
771 under certain circumstances.
775 Other minor bug fixes and documentation improvements.
779 =head1 Changes in 2.3.3
785 B<pgpverify> now supports using GnuPG to check signatures (rather than PGP)
786 without the B<pgpgpg> wrapper. GnuPG can check both old-style RSA signatures
787 and new OpenPGP signatures and is recommended over S<PGP 2.6>. If you have
788 GnuPG installed, B<pgpverify> will use it rather than PGP, which means that
789 you may have to create a new key ring for GnuPG to use to verify signatures
790 if you were previously using PGP.
794 Users can no longer post articles containing Approved: headers to
795 moderated groups by default; they must be specifically given that
796 permission with the I<access> parameter in F<readers.conf>. See the man page
801 Two bugs in repacking overview index files and a reliability bug with
802 writing overview data were all fixed in the tradindexed overview method,
803 hopefully making it somewhat more reliable, particularly for B<makehistory>.
807 If F<rc.news.local> exists in the INN binary directory, it will be run with
808 the start or stop argument whenever B<rc.news> is run. This is available
809 as a hook for local startup and shutdown code.
813 The default history table hash sizes were increased because a too-small
814 value can cause serious performance problems (whereas a too-large hash
815 just wastes a bit of disk space).
819 The sample F<control.ctl> file has been extensively updated.
823 Wildmat exclusions (C<@> and C<!>) should now work properly in F<storage.conf>
828 The implementation of the B<-w> flag for B<expireover> was fixed; previously,
829 the value given to B<-w> to change B<expireover>'s notion of the current time
830 was scaled by too much.
834 Various other more minor bug fixes, standards compliance fixes, and
835 documentation improvements.
839 =head1 Changes in 2.3.2
845 B<innxmit> can again handle regular filenames as input as well as storage API
846 tokens (allowing it to be used to import an old traditional spool).
850 Several problems with tagged-hash history files have been fixed thanks to
851 the debugging efforts of Andrew Gierth and Sang-yong Suh.
855 A very long-standing (since S<INN 1.0>!) NNTP protocol bug in B<nnrpd> was
856 fixed. The response to an ARTICLE command retrieving a message by Message-ID
857 should have the Message-ID as the third word of the response, not the
858 fourth. Fixing this is reported to I<possibly> cause problems with some
859 Netscape browsers, but other news servers correctly follow the protocol.
863 Some serious performance problems with expiration of tradspool should now
864 be at least somewhat alleviated. tradspool and timehash now know how to
865 output file names for removal rather than tokens, and B<fastrm>'s ability to
866 remove regular files has been restored. This should bring expiration
867 times for tradspool back to within a factor of two of pre-storage-API
872 Added a sample F<subscriptions> file and documentation for it and B<innmail>.
876 =head1 Changes in 2.3.1
882 B<inews> no longer downloads the F<active> file, no longer tries to send
883 postings to moderated groups to the moderator directly, and in general
884 duplicates less of the functionality of B<nnrpd>, instead letting B<nnrpd>
885 handle it. This fixes the problem of B<inews> not working properly for users
886 other than news without being setgid.
890 Added a man page for B<ckpasswd>.
894 A serious bug in the embedded Perl authentication hooks was fixed, thanks
899 The annoying compilation problem with embedded Perl filtering on Linux
900 systems without libgdbm installed should be fixed.
904 INN now complains loudly at C<configure> time if the configured path for
905 temporary files is world-writeable, since this configuration can be a
910 Many other varied bug fixes and documentation fixes of all sorts.
914 =head1 Upgrading from 2.2 to 2.3
916 There may be additional things to watch out for not listed here; if you
917 run across any, please let <inn-bugs@isc.org> know about them.
919 Simply doing a C<make update> is not sufficient to upgrade; the history and
920 overview information will also have to be regenerated, since the formats
921 of both files have changed between 2.2 and 2.3. Regardless of whether you
922 were using the storage API or traditional spool under 2.2, you'll need to
923 rebuild your overview and history files. You will also need to add a
924 F<storage.conf> file, if you weren't using the storage API under S<INN 2.2>. A
925 good default F<storage.conf> file for 2.2 users would be:
932 Create this F<storage.conf> file before rebuilding history or overview.
934 If you want to allow readers, or if you want to expire based on newsgroup
935 name, you need to tell INN to generate overview data and pick an overview
936 method by setting I<ovmethod> in F<inn.conf>. See F<INSTALL> and inn.conf(5)
939 The code that generates the dbz index files has been split into a separate
940 program, B<makedbz>. B<makehistory> still generates the base F<history> file
941 and the overview information, but some of its options have been changed.
942 To rebuild the history and overview files, use something like:
944 makehistory -b -f history.n -O -T /usr/local/news/tmp -l 600000
946 (change the F</usr/local/news/tmp> path to some directory that has plenty of
947 temporary space, and leave off B<-O> if you're running a transit-only server
948 and don't intend to expire based on group name, and therefore don't need
949 overview.) Or if your overview is buffindexed, use:
951 makehistory -b -f history.n -O -F
953 Both will generate a new history file as F<history.n> and rebuild overview
954 at the same time. If you want to preseve a record of expired Message-IDs
955 in the history file, run:
957 awk 'NF==2 { print; }' < history >> history.n
959 to append them to the new history file you created above. Look over the
960 new history file and make sure it looks right, then generate the new index
961 files and move them into place:
963 makedbz -s `wc -l < history.n` -f history.n
965 mv history.n.dir history.dir
966 mv history.n.hash history.hash
967 mv history.n.index history.index
969 (Rather than F<.hash> and F<.index> files, you may have a F<.pag> file if you're
972 For reader machines, F<nnrp.access> has been replaced by F<readers.conf>.
973 There currently isn't a program to convert between the old format and the
974 new format (if you'd like to contribute one, it would be welcomed
975 gratefully). The new file is unfortunately considerably more complex as
976 a result of its new capabilities; please carefully read the example
977 F<readers.conf> provided and the man page when setting up your initial
978 configuration. The provided commented-out examples cover the most common
979 installation (IP-based authentication for all machines on the local
982 INN makes extensive use of mmap(2) for the new overview mechanisms, so at
983 the present time NFS-mounting the spool and overview on multiple reader
984 machines from one central server probably isn't feasible in this version.
985 mmap tends to interact poorly with NFS (at the least, NFS clients won't
986 see updates to the mapped files in situations where they should). (The
987 preferred way to fix this would, rather than backing out the use of mmap
988 or making it optional, to add support for Diablo-style header feeds and
989 pull-on-demand of articles from a master server.)
991 The flags for B<overchan> have changed, plus you probably don't want to
992 run B<overchan> at all any more. Letting B<innd> write overview data itself
993 results in somewhat slower performance, but is more reliable and has a
994 better failure mode under high loads. Writing overview data directly is
995 the default, so in a normal upgrade from 2.2 to 2.3 you'll want to comment
996 out or remove your B<overchan> entry in F<newsfeeds> and set I<useoverchan> to
997 C<false> in F<inn.conf>.
999 B<crosspost> is no longer installed, and no longer works (even with
1000 traditional spool). If you have an entry for B<crosspost> in F<newsfeeds>,
1003 If you're importing a traditional spool from a pre-storage API INN server,
1004 it's strongly recommended that you use NNTP to feed the articles to your
1005 new server rather than trying to build overview and history directly from
1006 the old spool. It's more reliable and ensures that everything gets put
1007 into the right place. The easiest way to do this is to generate, on your
1008 old server, a list of all of your existing article files and then feed
1009 that list to B<innxmit>. Further details can be found in the FAQ at
1010 L<http://www.eyrie.org/~eagle/faqs/inn.html>.
1012 If you are using a version of Cleanfeed that still has a line in it like:
1014 $lines = $hdr{'__BODY__'} =~ tr/\n/\n/;
1016 you will need to change this line to:
1018 $lines = $hdr{'__LINES__'};
1020 to work with S<INN 2.3> or later. This is due to an internal optimization of
1021 the interface to embedded filters that's new in S<INN 2.3>.
1023 =head1 Changes in 2.3.0
1029 New F<readers.conf> file (replaces F<nnrp.access>) which allows more
1030 flexible specification of access restrictions. Included in the sample
1031 implementations is a RADIUS-based authenticator.
1035 Unified overview has been replaced with an overview API, and there are now
1036 three separate overview implementations to choose from. One (tradindexed)
1037 is very like traditional overview but uses an additional index file. The
1038 second (buffindexed) uses large buffers rather than separate files for
1039 each group and can handle a higher incoming article rate while still being
1040 fast for readers. The third (ovdb) uses S<Berkeley DB> to store overview
1041 information (so you need to have S<Berkeley DB> installed to use it). The
1042 I<ovmethod> key in F<inn.conf> chooses the overview method to use.
1044 Note that ovdb has not been as widely tested as the other overview
1045 mechanisms and should be considered experimental.
1049 All article storage and retrieval is now done via the storage API.
1050 Traditional spool is now available as a storage type under the storage
1051 API. (Note that the current traditional spool implementation causes
1052 nightly expire to be extremely slow for a large number of articles, so
1053 it's not recommended that you use the tradspool storage method for the
1054 majority of a large spool.)
1058 The timecaf storage method has been added, similar to timehash but storing
1059 multiple articles in a single file. See F<INSTALL> for details on it.
1063 INN now supports embedded Python filters as well as Perl and Tcl filters,
1064 and supports Python authentication hooks.
1068 There is preliminary support for news reading over SSL, using OpenSSL.
1072 To simplify anti-abuse filtering, and to be more compliant with news
1073 standards and proposed standards, INN now treats as control messages only
1074 articles containing a Control: header. A Subject: line beginning with
1075 C<cmsg > is no longer sufficient for a message to be considered a control
1076 message, and the Also-Control: header is no longer supported.
1080 The INN build system no longer uses subst. (This will be transparent to
1081 most users; it's an improvement and modernization of how INN is
1086 The build and installation system has been substantially overhauled.
1087 C<make update> now updates scripts as well as binaries and documentation,
1088 there is better support for parallel builds (C<make -j>), there is less
1089 C<make> recursion, and far more of the system-dependent configuration is
1090 handled directly by C<autoconf>. libtool build support (including shared
1091 library support) should be better than previous releases.
1095 =head1 Changes in 2.2.3
1101 B<inews> is not installed setgid news and B<rnews> is not installed setuid root
1102 by default any more. If you need the old permissions, you have to give a
1103 flag to configure. See F<INSTALL> for more details.
1107 Fixed a security hole when I<verifycancels> was enabled in F<inn.conf> (not the
1112 Message-IDs are now limited to 250 octets to prevent interoperability
1113 problems with other servers.
1117 Embedded Perl filters now work with S<Perl 5.6.0>.
1121 Lots of bug fixes and changes for security paranoia.
1125 =head1 Changes in 2.2.2
1131 Various minor bug fixes and a Y2K bug fix. The Y2K bug is in version
1132 version 2.2.1 only and will show up after S<Jan 1st>, 2000 when a news reader
1133 issues a NEWNEWS command for a date prior to the year 2000.
1137 =head1 Changes in 2.2.1
1143 Various bug fixes, mostly notably fixes for potential buffer overflow
1144 security vulnerabilities.
1148 =head1 Changes in 2.2.0
1154 New F<storage.conf> file (replaces F<storage.ctl>).
1158 New (optional) way of handling non-cancel control messages (B<controlchan>)
1159 that serializes them and prevents server overload from control message
1164 Support for B<actsyncd> to fetch F<active> file with B<ftp>; configured by default
1165 to use L<ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z> if you run B<actsyncd>.
1166 Be sure to read the manual page for B<actsync> to configure an F<actsync.ign>
1167 file for your site, and test B<simpleftp> if you do not C<configure> with B<wget>
1168 or B<ncftp>. Also see L<ftp://ftp.isc.org/pub/usenet/CONFIG/README>.
1172 Some options to C<configure> are now moved to F<inn.conf> (I<merge-to-groups> and
1173 I<pgp-verify>, without the hyphen).
1177 B<inndf>, a portable version of df(1), is supplied.
1181 New B<cnfsstat> program to show stats of CNFS buffers.
1185 B<news2mail> and B<mailpost> programs for gatewaying news to mail and mail to
1190 B<pullnews> program for doing a sucking feed is provided (not meant for large
1195 The B<innshellvars.csh.in> script is obsolete (and lives in the F<obsolete>
1196 directory, for now).