2009-10-12
Full changes and diff from previous release
Bug Fixes
-
Fixed a segfault in imap_connection which could occur when SASL was used.
-
Fixed a segfault in the keyword generation code which was assuming that an article was nul-terminated. Fixed another segfault in the keyword generation code when an article already contained a Keywords header field. Thanks to Nix for the bug reports.
-
Fixed a memory allocation problem which caused nnrpd to die when retrieving via HDR/XHDR/XPAT the contents of an extra overview field absent from the headers of an article. The NEWNEWS command was also affected on very rare cases. Thanks to Tim Woodall for the bug report.
-
HDR/XHDR/XPAT answers are now robust when the overview database is inconsistent. When the overview schema was modified without the overview database being rebuilt, wrong results could be returned for extra fields (especially a random portion of some other header field). The desired header field name is now explicitly searched for in the overview information.
-
Fixed the source which is logged to the news log file for local postings when the local server is not listed in incoming.conf. A wrong name was used, taken amongst known peers. The source is now logged as
localhost. -
Fixed a bug in the timecaf storage method: only the first 65535 articles could be retrievable in a CAF, though everything was properly stored. (A Crunched Article File contains all the articles that arrive to the news server during 256 seconds.)
The storage token now uses 4 bytes to store the article sequence number for timecaf, instead of only 2 bytes. Thanks to Kamil Jonca for the bug report and also the patch. -
Fixed a bug in both timecaf and timehash which prevented them from working on systems where short ints were not 16-bit integers.
-
The default value for
/remember/has changed from10to11because it should be one more than the artcutoff parameter in inn.conf, so that articles posted one day into the future are properly retained in history.
New Features
-
Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL library has slightly changed. imap_connection and nnrpd now handle that change. Otherwise, some answers are too long to be properly computed during SASL exchanges.
-
When there is not enough space to write an entire CAF header, the timecaf storage manager now uses a larger blocksize. On 32-bit systems, the CAF header is about 300 bytes, leaving about 200 bytes for the free bitmap index (the remaining of a 512-byte blocksize). On 64-bit systems, the size of the CAF header could exceed 512 bytes, thus leaving no room for the free bitmap index. A 1 KB blocksize is then used, or a larger size if need be.
-
A new CNFS version has been introduced by Miquel van Smoorenburg in the CNFS header. CNFSv4 uses 4 KB blocks instead of 512 bytes, which more particularly makes writes faster. CNFSv4 supports files/partitions up to 16 TB with a 4 KB blocksize.
Existing CNFS buffers are kept unchanged; only new CNFS buffers are initialized with that new version. -
grephistory -lnow returns the contents of the expires history field as well as the hash of the Message-ID. Besides, when the storage API token does not exist,grephistory -vnow also returns the hash of the requested Message-ID. -
The check on cancel messages when verifycancels is set to true in inn.conf has been changed to verify that at least one newsgroup in the cancel message can be found in the article to be cancelled. This new feature is from Christopher Biedl.
The previous behaviour was to check whether the cancel message is from the same person as the original post, which is extremely easy to spoof; besides, RFC 5537 (USEPRO) mentions that "cancel control messages are not required to contain From and Sender header fields matching the target message. This requirement only encouraged cancel issuers to conceal their identity and provided no security". -
The way the
/remember/line in expire.ctl works has changed. History retention for an article was done according to its original arrival time; it is now according to its original posting date. Otherwise, unnecessary data may be kept too long in the history file.
To achieve that, theHISremember()function in history API now expects a fourth parameter: the article posting time.
Note that article expiration has not changed and is still based on arrival time, unless the -p flag is passed to expire or expireover, in which case posting time is used. -
auth_krb5 has been rewritten by Russ Allbery to use modern Kerberos APIs. Note that using ckpasswd with PAM support and a Kerberos PAM module instead of this authenticator is still recommended.
-
A new -L flag has been added by Jonathan Kamens to makehistory so as to specify a load average limit. If the system load average exceeds the specified limit, makehistory sleeps until it goes below the limit.
-
As UTF-8 is the default character set in RFC 3977,
ctlinnd pause,ctlinnd readers,ctlinnd reject,ctlinnd reserve,ctlinnd throttleandnnrpd -rcommands now require the given reason to be encoded in UTF-8, so that it can be properly sent to news readers. The creator's name given toctlinnd newgroupis also expected to be encoded in UTF-8. -
The output of consistency checks for article storage and the history file no longer appears by default when
cnfsstat -ais used. A new -v flag has been added to cnfsstat so as to see it. -
The default path for TLS certificates has changed from pathnews/lib to pathetc. It only affects new INN installations or generations of certificates with
make cert. Besides, a default value has been added to tlscapath because it is required by nnrpd when TLS is used. -
gzip(1) is now the default UUCP batcher in send-uucp instead of compress(1) because gzip is more widely available than compress, due to old patent issues. Note that there is no impact on decompression as it is handled by rnews.
-
cnfsheadconf now uses the Perl core module
Math::BigIntrather than the deprecated bigint.pl library. When used without specifying a CNFS buffer, it now properly displays the status of all CNFS buffers.