wip filepoll poll interval variable

[innduct.git] / doc / pod / news.pod

=head1 Changes in 2.4.5

=over 2

=item *

Fixed the "alarm signal" around C<SSL_read> in B<nnrpd>:  it allows
a proper disconnection of news clients which were previously hanging
when posting an article through a SSL connection.  Moreover, the
I<clienttimeout> parameter now works on SSL connections.  Thanks to
Matija Nalis for the patch.

=item *

SO_KEEPALIVE is now implemented for SSL TCP connections on systems
which support it, allowing system detection and closing the dead
TCP SSL connections automatically after system-specified time.  Thanks
to Matija Nalis for the patch.

=item *

Fixed a segmentation fault when an article of a size greater than remaining
stack is retrieved via SSL.  Thanks to Chris Caputo for this patch.

=item *

Fixed a few segfaults and bugs which affected both Python B<innd> and B<nnrpd>
hooks.  They no longer check the existence of methods not used by the hooked
script.  An issue with Python exception handling was also fixed, as well as
a segfault fixed by Russ Allbery which happened whenever one closes and then
reopens Python in the same process.  Julien Elie also fixed a bug when reloading
Python filters (they were not always correctly reloaded) and a segfault when
generating access groups with embedded Python filters for B<nnrpd>.
Many thanks to David Hlacik for its bug reports.

=item *

The F<nnrpd.py> stub file in order to test Python B<nnrpd> hooks, as
mentioned in their documentation, is now installed; only F<INN.py> was
previously installed in I<pathfilter>.  Also fixed a bug in F<INN.py>
and add missing methods to it.

=item *

Fixed a long-standing bug in B<innreport> which prevented it from
correctly reporting B<nnrpd> and B<innfeed> log messages.

=item *

Fixed a hang in Perl hooks on (at least) HP/PA since S<Perl 5.10>.

=item *

Fixed a compilation problem on some platforms because of AF_INET6 which
was not inside a HAVE_INET6 block in B<innfeed>.

=item *

Fixed a bug in B<innfeed> which contained thrice the same IPs for each
peer; it unnecessarily slowed the peer IP rotation for B<innfeed>.  Thanks,
S<D. Stussy>, for having seen that.  Miquel van Smoorenburg provided the patch.

=item *

A new I<heavily> improved version of B<pullnews> is shipped with this
INN release.  This new version is provided by Geraint Edwards.  He added
no more than S<16 flags>, fixed some bugs and integrated the B<backupfeed>
contrib script by Kai Henningsen, adding again S<6 other> flags.  A
long-standing but very minor bug in the B<-g> option was especially fixed
and items from the to-do list implemented.  Many thanks again to Geraint Edwards.

=item *

New headers are accessible through Perl and Python B<innd> filtering
hooks.  You will find the exact list in the INN Python Filtering and
Authentication Hooks documentation (F<doc/hook-python>) and in Python
samples.  Thanks to Matija Nalis for this addition of new useful headers.

=item *

New samples for Python B<nnrpd> hooks are shipped with INN:  F<nnrpd_access.py>
for access control and F<nnrpd_dynamic.py> for dynamic access control.  The
F<nnrpd_auth.py> script is now only used for authorization control.  See the
F<readers.conf> man page for more information (especially the I<python_auth>,
I<python_access> and I<python_dynamic> parameters).  The documention about
INN Python Filtering and Authentication Hooks has also been improved by
Julien Elie.

=back

=head1 Changes in 2.4.4

=over 2

=item *

Fixed incomplete checking of packet sizes in the B<ctlinnd> interface in
the no-Unix-domain-sockets case.  This is a potential buffer overflow in
dead code since basically all systems INN builds on support Unix domain
sockets these days.  Also track the buffer size more correctly in the
client side of this interface for the Unix domain socket case.

=item *

Group blocks in F<incoming.conf> are now correctly parsed and no longer
cause segfaults when loading this file.

=item *

Fixed a problem with B<innfeed> continuously segfaulting on amd64 hardware
(and possibly on lots of 64-bit platforms).  Many thanks to Ollivier Robert
for his patch and also to Kai Gallasch for having reported the problem and
provided the FreeBSD server to debug it.

=item *

B<scanlogs> now rotates B<innfeed>'s log file, which prevents B<innfeed>
from silently dying when its log file reaches S<2 GB>.

=item *

S<Perl 5.10> support has been added to INN thanks to Jakub Bogusz.

=item *

Some news clients hang when posting an article through a SSL connection:
it seems that B<nnrpd>'s SSL routines make it wrongly wait for data
completion.  In order to fix the problem, the select() wait is now
just bypassed.  However, the IDLE timer stat is currently not collected
for such connections.  Thanks to Kachun Lee for this workaround.

=item *

Fixed a bug in the display of the used compressor (C<cunbatch> was used
if arguments were passed to B<gzip> or B<bzip2>).

=item *

Fixed a bug in B<mailpost> and B<pullnews> which prevented useful error
messages to be seen.  Also add the B<-x> flag to B<pullnews> in order
to insert Xref: headers in articles which lack one.

=item *

If compiling with S<Berkeley DB>, use its ndbm compatibility layer for
B<ckpasswd> in preference to searching for a traditional dbm library.
INN also supports S<Berkeley DB 4.4>, 4.5 and 4.6 thanks to Marco d'Itri.

=item *

B<ovdb_init> now properly closes stdin/out/err when it becomes a daemon.
The issue was reported by Viktor Pilpenok and fixed by Marco d'Itri.

=item *

Added support for Diablo quickhash and hashfeed algorithms.
It allows to distribute the messages among several peers (new B<Q> flag
for F<newsfeeds>).  Thanks to Miquel van Smoorenburg for this
implementation in INN.

=item *

B<innd> now listen on separate sockets for IPv4 and IPv6 connections
if the IPV6_V6ONLY socket option is available.  There might also be
operating systems that still have separate IPv4 and IPv6 TCP implementations,
and advanced features like TCP SACK might not be available on v6 sockets.
Thanks to Miquel van Smoorenburg for this patch.

=item *

The two configuration options I<bindaddress> and I<bindaddress6> can now
be set on a per-peer basis for B<innfeed>.  Setting I<bindaddress6>
to C<none> tells B<innfeed> to never attempt an IPv6 connection to that
host.  Thanks to Miquel van Smoorenburg for this patch.

=item *

Added a I<nnrpdflags> parameter to F<inn.conf> (modeled on the concept of
I<innflags>) to permit passing of command line arguments to instances of
B<nnrpd> spawned from B<innd>.

=item *

A new F<inn.conf> parameter called I<pathcluster> has been added:
it allows to append a common name to the Path: header
on all incoming articles.  I<pathhost> and I<pathalias> (if set)
are still appended to the path as usual, but I<pathcluster>
is always appended as the last element (e.g. on the leftmost
side of the Path: header).  Thanks to Miquel van Smoorenburg for
this feature.

=item *

B<simpleftp> has been rewritten to use C<Net::FTP>.  Indeed, F<ftp.pl>
is no longer shipped with S<Perl 5> and the script did not work.

=item *

B<perl-nocem> will now check for a timeout and re-open the socket
if required.  Additionally, B<perl-nocem> will switch to
cancel_ctlinnd in case cancel_nntp fails after sending
the Message-ID.  Thanks to Christoph Biedl for the patch.  A more
detailed documentation has also been written for perl-nocem(8).

=item *

The RADIUS configuration is now wrapped in a C<server {}> block in
F<radius.conf>.

=item *

Checkgroups when there is nothing to change no longer result in sending
a blank mail to administrators.  Besides, no mail is sent by B<controlchan>
for the creation of a newsgroup when the action is C<no change>.

=item *

Checkgroups are now properly propagated even though the news server
does not carry the groups they are posted to.

=item *

B<controlchan> and B<docheckgroups> now handle wire format messages
so that articles from the spool can be directly fed to them.

=item *

Newgroup control messages for existing groups now change their description.
If a mail is sent to administrators, it reminds them to update their
F<newsgroups> file.  It also warns when there are missing or obsolete
descriptions.  Furthermore, the F<newsgroups> file is now written prettier
(from one to three tabulations between the name of the group and its
short description) and to.* groups cannot be created.

=item *

The sample F<control.ctl> file has been extensively updated.

=item *

Fixed empty LISTGROUP replies which were not terminated.  Thanks to
David Canzi for the patch.

=item *

In response to a LIST [file] command, if the file does not exist,
we assume it is not maintained and return C<503> instead of C<215> and
an empty file.  Moreover, capability to LIST ACTIVE.TIMES for a wildmat
pattern as its third argument has been added in order to select wanted
newsgroups.

=item *

B<inews> now tries to authenticate if it does not receive a C<200> return
code after MODE READER.  Indeed, it might be able to post even with
a C<201> return code and also with another codes like C<440> or C<480>.

=item *

If creating a new F<history> file, set the ownership and mode appropriately.
B<inncheck> also expects fewer things to be private to the news user.  Most
of the configuration files will never contain private information like
passwords.

=item *

Other minor bug fixes and documentation improvements.

=back

=head1 Changes in 2.4.3

=over 2

=item *

Previous versions of INN had an optimization for handling XHDR Newsgroups
that used the Xref: header from overview.  While this does make the command
much faster, it doesn't produce accurate results and breaks the NNTP
protocol, so this optimization has been removed.

=item *

Fixed a bug in B<innd> that allowed it to accept articles with duplicated
headers if the header occurred an odd number of times.  Modified the
programs for rebuilding overview to use the last Xref: header if there
are multiple ones to avoid problems with spools that contain such invalid
articles.

=item *

Fixed yet another problem with verifying that a user has permissions to
approve posts to a moderated group.  Thanks, Jens Schlegel.

=item *

Increase the send and receive buffer on the Unix domain socket used by
B<ctlinnd>.  This should allow longer replies (particularly for B<innstat>) on
platforms with very low default Unix domain socket buffer sizes.

=item *

B<rnews>'s handling of articles with nul characters, NNTP errors, header
problems, and deferrals has been significantly improved.

=item *

Thomas Parmelan added support to B<send-uucp> for specifying the funnel or
exploder site to flush for feeds managed through one and fixed a problem
with picking up old stranded work files.

=item *

Many other more minor bug fixes, optimization improvements, and
documentation fixes.

=back

=head1 Changes in 2.4.2

=over 2

=item *

INN is now licensed under a less restrictive license (about as minimally
restrictive as possible shy of public domain), and the clause similar to
the old BSD advertising clause has been dropped.

=item *

C<make install> and C<make update> now always install the newly built binaries,
rather than only installing them if the modification times are newer.
This is the behavior that people expect.  C<make install> now also
automatically builds a new (empty) history database if one doesn't already
exist.

=item *

The embedded Tcl filter code has been disabled (and will be removed
entirely in the next major release of INN).  It hasn't worked for some
time and causes B<innd> crashes if compiled in (even if not used).  If
someone wants to step forward and maintain it, I recommend starting from
scratch and emulating the Perl and Python filters.

=item *

B<ctlinnd> should now successfully handle messages from INN up to the maximum
allowable packet size in the protocol, fixing problems sites with many
active peers were having with B<innstat> output.

=item *

Overview generation has been fixed in both B<makehistory> and B<innd> to follow
the rules in the latest NNTP draft rather than just replacing special
characters with spaces.  This means that the unfolding of folded header
lines will not introduce additional, incorrect whitespace in the overview
data.

=item *

B<nnrpd> now uniformly responds with a C<480> or C<502> status code to attempts
to read a newsgroup to which the user does not have access, depending on
whether the user has authenticated.  Previously, it returned a C<411> status
code, claiming the group didn't exist, which confuses the reactive
authentication capability of news readers.

=item *

If a user is not authorized to approve articles (using the C<A> I<access>
control in F<readers.conf>), articles that include Approved: headers will be
rejected even if posted to unmoderated groups.  Some other site may
consider that group to be moderated.

=item *

The configuration parser used for F<readers.conf> and others now correctly
handles C<#> inside quoted strings and is more robust against unmatched
double quotes.

=item *

Messages mailed to moderators had two spaces after the colons in the
headers, rather than one.  This bug has been fixed.

=item *

A bug that could cause heap corruption and random crashes in B<innd> if INN
were compiled with Python support has been fixed.

=item *

Some problems with B<innd>'s tracking of article size and enforcement of the
configured maximum article size have been fixed.

=item *

B<pgpverify> will now correctly verify signatures generated by GnuPG and
better supports GnuPG as the PGP implementation.

=item *

INN's code should now be more 64-bit clean in its handling of size_t,
pointer differences, and casting of pointers, correcting problems that
showed up on 64-bit platforms like AMD64.

=item *

Improved the error reporting in the history database code, in B<inews>, in
B<controlchan>, and in B<expire>.

=item *

Many other, more minor bugs have also been fixed.

=back

=head1 Changes in 2.4.1

=over 2

=item *

SECURITY:  Handle the special filing of control messages into per-type
newsgroups more robustly.  This closes a potentially exploitable buffer
overflow.  Thanks to Dan Riley for his excellent bug report.

=item *

Fixed article handling in B<innd> so that articles without a Path: header
(arising from peers sending malformatted articles or injecting
malformatted articles through rnews) would not cause B<innd> to crash.  (This
was not exploitable.)

=item *

Fixed a serious bug in XPAT handling, thanks to Tommy van Leeuwen.

=item *

C<configure> now looks for B<sendmail> only in F</usr/sbin> and F</usr/lib>, not on
the user's path.  This should reduce the need for B<--with-sendmail> if your
preferred sendmail is in a standard location.

=item *

The robustness of the tradindexed overview method has been further
increased, handling more edge cases arising from corrupted databases and
oddly-named newsgroups.

=item *

B<innd> now never decreases the high water mark of a newsgroup when
renumbering, which should help ameliorate overview and F<active> file
synchronization problems.

=item *

Do not close and reopen the F<history> file on B<ctlinnd> reload when the server
is paused or throttled.  This was breaking B<ctlinnd> reload all during a
server pause.

=item *

Various minor portability and compilation issues fixed.  Substantial
numbers of compiler warnings have been cleaned up, thanks largely to work
by Ilya Kovalenko.

=item *

Multiple other more minor bugs have been fixed.

=item *

Documentation and man pages have been clarified and updated.

=back

=head1 Upgrading from 2.3 to 2.4

The F<inn.conf> parser has changed between S<INN 2.3> and 2.4.  Due to that
change, options in F<inn.conf> that contain whitespace or a few other
special characters must be quoted with double quotes, and empty parameters
(parameters with no value) are not allowed.  S<INN 2.4> comes with a script,
B<innupgrade>, run automatically during C<make update>, that will attempt
to fix any problems that it finds with your F<inn.conf> file, saving the
original as F<inn.conf.OLD>.

This change is the beginning of standardization of parsing and syntax
across all of INN's configuration files.

The history subsystem now has a standard API that allows other backends to
be used.  Because of this, you now need to specify the history method in
F<inn.conf>.  Adding:

    hismethod: hisv6

will tell INN to use the same history backend as was used in previous
versions.  B<innupgrade> should take care of this for you.

ovdb is known to have some locking and timing issues related to how B<nnrpd>
shuts down (or fails to shut down) the overview databases.  If you have
stability problems with ovdb, try setting I<readserver> to C<true> in
F<ovdb.conf>.  This will funnel all ovdb reads through a single process
with a cleaner interface to the underlying S<Berkeley DB> database.

If you use Perl authentication for B<nnrpd> (if I<nnrpdperlauth> in
F<inn.conf> is C<true>), there have been major changes.  See "Changes to
Perl Authentication Support for nnrpd" in F<doc/hook-perl> for details.

Similarly, if you use Python authentication for B<nnrpd> (if
I<nnrpdpythonauth> in F<inn.conf> is C<true>), there have been major changes.
See "Changes to Python Authentication and Access Control Support for
nnrpd" in F<doc/hook-python> for details.

If you use B<send-uucp>, it has been completely rewritten and now takes a
configuration file to specify its behavior.  See its man page for more
information.  If you use B<sendbatch>, it is no longer included in INN
since the new B<send-uucp> can handle all of the same functionality.

The wildmat API has been renamed (to uwildmat and friends; see uwildmat(3)
for the interfaces) to distinguish it from Rich $alz's original version,
since it now supports UTF-8.  This may require changes in other software
packages that link against INN's libraries.

If you are upgrading from a version prior to S<INN 2.3>, see L<Upgrading
from 2.2 to 2.3>.

=head1 Changes in 2.4.0

=over 2

=item *

IPv6 support has been added, disabled by default.  If you have IPv6
connectivity, build with B<--enable-ipv6> to try it.  There are no known
bugs, but please report any problems you find (or even successes, if you
use an unusual platform).  There are a few changes of interest; further
information is available in F<doc/IPv6-info>.

=item *

The tradindexed overview method has been completely rewritten and should
be considerably more robust in the face of system crashes.  A new utility,
B<tdx-util>, is provided to examine the contents of the overview database,
repair inconsistencies, and rebuild the overview for particular groups
from a tradspool news spool.  See tdx-util(8) for more details.

=item *

The Perl and Python authentication hooks for readers have been extensively
overhauled and integrated better with F<readers.conf>.  See the Changes
sections in F<doc/hook-perl> and F<doc/hook-python> for more details.

=item *

B<nnrpd> now optionally supports article injection via IHAVE, see
readers.conf(5).  Any articles injected this way must have Date, From,
Message-ID, Newsgroups, Path, and Subject headers.  X-Trace and
X-Complaints-To headers will be added if the appropriate options are set
in F<readers.conf>, but other headers will not be modified/inserted (e.g.
NNTP-Posting-Host, NNTP-Posting-Date, Organization, Lines, Cc, Bcc, and To
headers).

=item *

B<nnrpd> now handles arbitrarily long lines in POST and IHAVE; administrators
who want to limit the length of lines in locally posted articles will need
to add this to their local filters instead.

=item *

B<nnrpd> no longer handles the poorly-specified S<RFC 977> optional fourth
argument to the NEWGROUPS command specifying the "distributions" that the
command was supposed to apply to.

Clients that use that argument will break.  There are not believed to be
any such clients, and it's easy enough to just filter the returned list of
newsgroups (which is generally fairly short) to achieve the same results.

=item *

B<nnrpd> no longer accepts UTC as a synonym for GMT for NEWGROUPS or NEWNEWS.
This usage was never portable, and was rejected by the NNTP working group.
It is being removed now in the hope that it will be caught before anyone
starts to rely on it.

=item *

B<innfeed> supports a new peer parameter, I<backlog-feed-first>, that if set
to C<true> feeds any backlog to a peer before new articles, see
innfeed.conf(5).  When used in combination with I<max-connections> set to C<1>,
this can be used to enforce in-order delivery of messages to a peer that
is doing Xref slaving, avoiding cases where a higher-numbered message is
received before a lower-numbered message in the same group.

=item *

Several other, more minor protocol issues have been fixed:  connections
rejected due to the connection rate limiting in B<innd> receive C<400> replies
instead of C<504> or C<505>, and ARTICLE without an argument will always either
retrieve the current article or return a C<423> error, never advance the
current article number to the next valid article.

See F<doc/compliance-nntp> for all of the known issues with INN's
compliance with the current NNTP draft.

=item *

All accesses to the F<history> file for all parts of INN now go through a
generic API like the storage and overview subsystems do.  This will
eventually allow new history implementations to be dropped in without
affecting the rest of INN, and will significantly improve the
encapsulation of the history subsystem.  See the libinnhist(3) man page
for the details of the interface.

=item *

INN now uses a new parser for the F<inn.conf> file.  This means that
parameters containing whitespace or other special characters must now be
quoted; see inn.conf(5).  It fixes the long-standing bug that certain
values must be included in F<inn.conf> even if using the defaults for the
use of shell or Perl scripts, and it will serve as the basis for
standardizing and cleaning up the configuration file parsing in other
parts of INN.  B<innupgrade> is run during C<make update> and should convert
an existing F<inn.conf> file for you.

=item *

B<send-uucp> has been replaced by a completely rewritten version from
Marco d'Itri, Edvard Tuinder, and Miquel van Smoorenburg, which uses a
configuration file that specifies batch sizes, compression methods, and
hours during which batches should be generated.  The old B<sendbatch>
script has been retired, since B<send-uucp> can now handle everything
that it did.

=item *

Two C<configure> options have changed names:  B<--with-tmp-path> is now
B<--with-tmp-dir>, and B<--with-largefiles> is now B<--enable-largefiles>, to
improve consistency and better match the C<autoconf> option guidelines.

=item *

Variables can now be used in the F<newsfeeds> file to make it easier to
specify many similar feeds or feed patterns.  See the newsfeeds(5) man
page for details.

=item *

Local connections to INN support a new special mode, MODE CANCEL, that
allows efficient batch cancellation of messages.  This is intended to be
the preferred interface for external spam and abuse filters like NoCeM.
See "CANCEL FEEDS" in innd(8) for details.

=item *

Two new options, I<nfsreader> and I<nfswriter>, have been added to
F<inn.conf> to aid in building NFS based shared reader/writer platforms.
On the writer server configure I<nfswriter> to C<true> and on all of the readers
configure I<nfsreader> to C<true>; these options add calls to force data out to
the NFS server and force it to be read directly from the NFS server at the
appropriate moments.  Note that it has only been tested on S<Solaris 8>,
using CNFS as the storage mechanism and tradindexed as the overview
method.

=item *

A new option, I<tradindexedmmap>, has been added to F<inn.conf>.  If set
to C<true> (the default), then the tradindexed overview method will use
mmap() to access its overview data (in 2.3 you couldn't control this; it
always used mmap).

=item *

Thanks to code contributed by CMU, B<innfeed> can now feed an IMAP server as
well as other NNTP servers.  See the man page for innfeed(8) for more
information.

=item *

An authenticator, B<auth_smb>, that checks a username and password against
a remote Samba server is now included.  See auth_smb(8) for details.

=item *

The wildmat functions in INN now support UTF-8, in a way that should allow
them to still work with most simple 8-bit character sets in widespread
use.  As part of this change, some additional wildmat interfaces are now
available and the names have changed (to uwildmat, where C<u> is for
Unicode).  See uwildmat(3) for the details.

=item *

The interface between external authenticators and B<nnrpd> is now properly
documented, in F<doc/external-auth>.  A library implementing this
interface in C is provided, which should make it easier to write
additional authenticators resolvers.  See libauth(3) for details, and any
of the existing programs in F<authprogs/> for examples.

=item *

Most (if not all) of the temporary file creation in INN now uses functions
that create temporary files properly and safely.

=back

=head1 Changes in 2.3.5

=over 2

=item *

Clients using POST are no longer permitted to provide an Injector-Info:
header.

=item *

Fixed a bug causing posts with Followup-To: set to a moderated group to be
rejected if the posting user didn't have permission to approve postings.

=item *

Fixed bugs in B<inncheck> with setuid rnews or setgid inews, in I<innconfval>
with F<inn.conf> parameters containing shell metacharacters but no spaces,
and in F<parsedate.y> with some versions of B<yacc>.  Fixed a variety of
size-related printf format warnings (e.g., C<%d> vs. C<%ld>) thanks to the work
of Winfried Szukalski.

=back

=head1 Changes in 2.3.4

=over 2

=item *

LIST ACTIVE no longer returns data when given a single group argument if
the client is not authorized to read that group.

=item *

XHDR and XPAT weren't correctly parsing article headers, resulting in
searches for the header "newsgroup" matching the header "newsgroups".

=item *

Made CNFS more robust against crashes by actually syncing the cycbuff
headers to disk as was originally intended.  Fixed a memory leak in the
tradspool code.

=item *

Two bugs in B<pgpverify> when using GnuPG were fixed:  it now correctly checks
for B<gpgv> (rather than B<pgp>) when told to use GnuPG and expects the keyring
to be F<pubring.gpg> (not F<pubring.pgp>).

=item *

Substantial updates to the sample provided F<control.ctl> file.

=item *

Compilation fixes with S<Perl 5.8.0>, S<Berkeley DB 4.x>, current versions of
Linux (including with large file support), and Tru64.  B<inndf> fixes for
ReiserFS.

=item *

Various bugs in the header handling in B<nnrpd> have been fixed, including
hangs when using virtual domains and improper processing of folded headers
under certain circumstances.

=item *

Other minor bug fixes and documentation improvements.

=back

=head1 Changes in 2.3.3

=over 2

=item *

B<pgpverify> now supports using GnuPG to check signatures (rather than PGP)
without the B<pgpgpg> wrapper.  GnuPG can check both old-style RSA signatures
and new OpenPGP signatures and is recommended over S<PGP 2.6>.  If you have
GnuPG installed, B<pgpverify> will use it rather than PGP, which means that
you may have to create a new key ring for GnuPG to use to verify signatures
if you were previously using PGP.

=item *

Users can no longer post articles containing Approved: headers to
moderated groups by default; they must be specifically given that
permission with the I<access> parameter in F<readers.conf>.  See the man page
for more details.

=item *

Two bugs in repacking overview index files and a reliability bug with
writing overview data were all fixed in the tradindexed overview method,
hopefully making it somewhat more reliable, particularly for B<makehistory>.

=item *

If F<rc.news.local> exists in the INN binary directory, it will be run with
the start or stop argument whenever B<rc.news> is run.  This is available
as a hook for local startup and shutdown code.

=item *

The default history table hash sizes were increased because a too-small
value can cause serious performance problems (whereas a too-large hash
just wastes a bit of disk space).

=item *

The sample F<control.ctl> file has been extensively updated.

=item *

Wildmat exclusions (C<@> and C<!>) should now work properly in F<storage.conf>
newsgroup patterns.

=item *

The implementation of the B<-w> flag for B<expireover> was fixed; previously,
the value given to B<-w> to change B<expireover>'s notion of the current time
was scaled by too much.

=item *

Various other more minor bug fixes, standards compliance fixes, and
documentation improvements.

=back

=head1 Changes in 2.3.2

=over 2

=item *

B<innxmit> can again handle regular filenames as input as well as storage API
tokens (allowing it to be used to import an old traditional spool).

=item *

Several problems with tagged-hash history files have been fixed thanks to
the debugging efforts of Andrew Gierth and Sang-yong Suh.

=item *

A very long-standing (since S<INN 1.0>!) NNTP protocol bug in B<nnrpd> was
fixed.  The response to an ARTICLE command retrieving a message by Message-ID
should have the Message-ID as the third word of the response, not the
fourth.  Fixing this is reported to I<possibly> cause problems with some
Netscape browsers, but other news servers correctly follow the protocol.

=item *

Some serious performance problems with expiration of tradspool should now
be at least somewhat alleviated.  tradspool and timehash now know how to
output file names for removal rather than tokens, and B<fastrm>'s ability to
remove regular files has been restored.  This should bring expiration
times for tradspool back to within a factor of two of pre-storage-API
expiration times.

=item *

Added a sample F<subscriptions> file and documentation for it and B<innmail>.

=back

=head1 Changes in 2.3.1

=over 2

=item *

B<inews> no longer downloads the F<active> file, no longer tries to send
postings to moderated groups to the moderator directly, and in general
duplicates less of the functionality of B<nnrpd>, instead letting B<nnrpd>
handle it.  This fixes the problem of B<inews> not working properly for users
other than news without being setgid.

=item *

Added a man page for B<ckpasswd>.

=item *

A serious bug in the embedded Perl authentication hooks was fixed, thanks
to Jan Rychter.

=item *

The annoying compilation problem with embedded Perl filtering on Linux
systems without libgdbm installed should be fixed.

=item *

INN now complains loudly at C<configure> time if the configured path for
temporary files is world-writeable, since this configuration can be a
security hole.

=item *

Many other varied bug fixes and documentation fixes of all sorts.

=back

=head1 Upgrading from 2.2 to 2.3

There may be additional things to watch out for not listed here; if you
run across any, please let <inn-bugs@isc.org> know about them.

Simply doing a C<make update> is not sufficient to upgrade; the history and
overview information will also have to be regenerated, since the formats
of both files have changed between 2.2 and 2.3.  Regardless of whether you
were using the storage API or traditional spool under 2.2, you'll need to
rebuild your overview and history files.  You will also need to add a
F<storage.conf> file, if you weren't using the storage API under S<INN 2.2>.  A
good default F<storage.conf> file for 2.2 users would be:

    method tradspool {
        newsgroups: *
        class: 0
    }

Create this F<storage.conf> file before rebuilding history or overview.

If you want to allow readers, or if you want to expire based on newsgroup
name, you need to tell INN to generate overview data and pick an overview
method by setting I<ovmethod> in F<inn.conf>.  See F<INSTALL> and inn.conf(5)
for more details.

The code that generates the dbz index files has been split into a separate
program, B<makedbz>.  B<makehistory> still generates the base F<history> file
and the overview information, but some of its options have been changed.
To rebuild the history and overview files, use something like:

    makehistory -b -f history.n -O -T /usr/local/news/tmp -l 600000

(change the F</usr/local/news/tmp> path to some directory that has plenty of
temporary space, and leave off B<-O> if you're running a transit-only server
and don't intend to expire based on group name, and therefore don't need
overview.)  Or if your overview is buffindexed, use:

    makehistory -b -f history.n -O -F

Both will generate a new history file as F<history.n> and rebuild overview
at the same time.  If you want to preseve a record of expired Message-IDs
in the history file, run:

    awk 'NF==2 { print; }' < history >> history.n

to append them to the new history file you created above.  Look over the
new history file and make sure it looks right, then generate the new index
files and move them into place:

    makedbz -s `wc -l < history.n` -f history.n
    mv history.n history
    mv history.n.dir history.dir
    mv history.n.hash history.hash
    mv history.n.index history.index

(Rather than F<.hash> and F<.index> files, you may have a F<.pag> file if you're
using tagged hash.)

For reader machines, F<nnrp.access> has been replaced by F<readers.conf>.
There currently isn't a program to convert between the old format and the
new format (if you'd like to contribute one, it would be welcomed
gratefully).  The new file is unfortunately considerably more complex as
a result of its new capabilities; please carefully read the example
F<readers.conf> provided and the man page when setting up your initial
configuration.  The provided commented-out examples cover the most common
installation (IP-based authentication for all machines on the local
network).

INN makes extensive use of mmap(2) for the new overview mechanisms, so at
the present time NFS-mounting the spool and overview on multiple reader
machines from one central server probably isn't feasible in this version.
mmap tends to interact poorly with NFS (at the least, NFS clients won't
see updates to the mapped files in situations where they should).  (The
preferred way to fix this would, rather than backing out the use of mmap
or making it optional, to add support for Diablo-style header feeds and
pull-on-demand of articles from a master server.)

The flags for B<overchan> have changed, plus you probably don't want to
run B<overchan> at all any more.  Letting B<innd> write overview data itself
results in somewhat slower performance, but is more reliable and has a
better failure mode under high loads.  Writing overview data directly is
the default, so in a normal upgrade from 2.2 to 2.3 you'll want to comment
out or remove your B<overchan> entry in F<newsfeeds> and set I<useoverchan> to
C<false> in F<inn.conf>.

B<crosspost> is no longer installed, and no longer works (even with
traditional spool).  If you have an entry for B<crosspost> in F<newsfeeds>,
remove it.

If you're importing a traditional spool from a pre-storage API INN server,
it's strongly recommended that you use NNTP to feed the articles to your
new server rather than trying to build overview and history directly from
the old spool.  It's more reliable and ensures that everything gets put
into the right place.  The easiest way to do this is to generate, on your
old server, a list of all of your existing article files and then feed
that list to B<innxmit>.  Further details can be found in the FAQ at
L<http://www.eyrie.org/~eagle/faqs/inn.html>.

If you are using a version of Cleanfeed that still has a line in it like:

    $lines = $hdr{'__BODY__'} =~ tr/\n/\n/;

you will need to change this line to:

    $lines = $hdr{'__LINES__'};

to work with S<INN 2.3> or later.  This is due to an internal optimization of
the interface to embedded filters that's new in S<INN 2.3>.

=head1 Changes in 2.3.0

=over 2

=item *

New F<readers.conf> file (replaces F<nnrp.access>) which allows more
flexible specification of access restrictions.  Included in the sample
implementations is a RADIUS-based authenticator.

=item *

Unified overview has been replaced with an overview API, and there are now
three separate overview implementations to choose from.  One (tradindexed)
is very like traditional overview but uses an additional index file.  The
second (buffindexed) uses large buffers rather than separate files for
each group and can handle a higher incoming article rate while still being
fast for readers.  The third (ovdb) uses S<Berkeley DB> to store overview
information (so you need to have S<Berkeley DB> installed to use it).  The
I<ovmethod> key in F<inn.conf> chooses the overview method to use.

Note that ovdb has not been as widely tested as the other overview
mechanisms and should be considered experimental.

=item *

All article storage and retrieval is now done via the storage API.
Traditional spool is now available as a storage type under the storage
API.  (Note that the current traditional spool implementation causes
nightly expire to be extremely slow for a large number of articles, so
it's not recommended that you use the tradspool storage method for the
majority of a large spool.)

=item *

The timecaf storage method has been added, similar to timehash but storing
multiple articles in a single file.  See F<INSTALL> for details on it.

=item *

INN now supports embedded Python filters as well as Perl and Tcl filters,
and supports Python authentication hooks.

=item *

There is preliminary support for news reading over SSL, using OpenSSL.

=item *

To simplify anti-abuse filtering, and to be more compliant with news
standards and proposed standards, INN now treats as control messages only
articles containing a Control: header.  A Subject: line beginning with
C<cmsg > is no longer sufficient for a message to be considered a control
message, and the Also-Control: header is no longer supported.

=item *

The INN build system no longer uses subst.  (This will be transparent to
most users; it's an improvement and modernization of how INN is
configured.)

=item *

The build and installation system has been substantially overhauled.
C<make update> now updates scripts as well as binaries and documentation,
there is better support for parallel builds (C<make -j>), there is less
C<make> recursion, and far more of the system-dependent configuration is
handled directly by C<autoconf>.  libtool build support (including shared
library support) should be better than previous releases.

=back

=head1 Changes in 2.2.3

=over 2

=item *

B<inews> is not installed setgid news and B<rnews> is not installed setuid root
by default any more.  If you need the old permissions, you have to give a
flag to configure.  See F<INSTALL> for more details.

=item *

Fixed a security hole when I<verifycancels> was enabled in F<inn.conf> (not the
default).

=item *

Message-IDs are now limited to 250 octets to prevent interoperability
problems with other servers.

=item *

Embedded Perl filters now work with S<Perl 5.6.0>.

=item *

Lots of bug fixes and changes for security paranoia.

=back

=head1 Changes in 2.2.2

=over 2

=item *

Various minor bug fixes and a Y2K bug fix.  The Y2K bug is in version
version 2.2.1 only and will show up after S<Jan 1st>, 2000 when a news reader
issues a NEWNEWS command for a date prior to the year 2000.

=back

=head1 Changes in 2.2.1

=over 2

=item *

Various bug fixes, mostly notably fixes for potential buffer overflow
security vulnerabilities.

=back

=head1 Changes in 2.2.0

=over 2

=item *

New F<storage.conf> file (replaces F<storage.ctl>).

=item *

New (optional) way of handling non-cancel control messages (B<controlchan>)
that serializes them and prevents server overload from control message
storms.

=item *

Support for B<actsyncd> to fetch F<active> file with B<ftp>; configured by default
to use L<ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z> if you run B<actsyncd>.
Be sure to read the manual page for B<actsync> to configure an F<actsync.ign>
file for your site, and test B<simpleftp> if you do not C<configure> with B<wget>
or B<ncftp>.  Also see L<ftp://ftp.isc.org/pub/usenet/CONFIG/README>.

=item *

Some options to C<configure> are now moved to F<inn.conf> (I<merge-to-groups> and
I<pgp-verify>, without the hyphen).

=item *

B<inndf>, a portable version of df(1), is supplied.

=item *

New B<cnfsstat> program to show stats of CNFS buffers.

=item *

B<news2mail> and B<mailpost> programs for gatewaying news to mail and mail to
news are supplied.

=item *

B<pullnews> program for doing a sucking feed is provided (not meant for large
feeds).

=item *

The B<innshellvars.csh.in> script is obsolete (and lives in the F<obsolete>
directory, for now).

=back

=cut