github InterNetNews/inn 2.6.1
INN 2.6.1

latest releases: 2.7.2, 2.7.2rc1, 2.7.1...
3 years ago

2016-11-27
Full changes and diff from previous release

Bug Fixes

  • nnrpd now uses -0000 as the time zone for Date and Injection-Date header fields it generates. It was previously using +0000, wrongly systematically indicating a local time zone at Universal Time when localtime is set to false (which is the default) in readers.conf. The +0000 time zone will now be used only if localtime is set to true and UTC is really the local time zone of the server.

  • rnews no longer segfaults at startup when started setuid news. Thanks to Marcus Jodorf for the bug report.

  • Fixed slow nnrpd responses for a few NNTP commands. The TCP_NODELAY option was unconditionally set whereas only BSD/OS systems needed it. Thanks to Christian Mock for having discovered that.

  • Articles containing a Received or a Posted header field are no longer rejected by nnrpd at injection time.

  • Articles containing control characters or whitespace-only content lines in their headers are now rejected by nnrpd at injection time.

  • When an encryption layer is negotiated during a successful use of the STARTTLS command, or after a successful authentication using a SASL mechanism that negotiates an encryption layer, nnrpd now updates the permissions of the news client according to the new secure state of his connection (that is to say auth blocks in readers.conf using the require_ssl parameter are taken into account). Previously, only connections on a dedicated port (usually 563) were taking benefit from that parameter. Thanks to Steve Crook for the bug report.

  • When a data integrity layer was negotiated during a successful SASL authentication, nnrpd was wrongly reseting any knowledge obtained from the client, such as the current newsgroup and article number. This behaviour now applies only when an encryption layer is negotiated.

  • nntpsend now correctly waits until all of the child innxmit processes exit before it does. It was causing nntpsend to fail to work properly on systems that use systemd, because when it exits prematurely, systemd kills all of the processes it launched, including the innxmit processes. Thanks to Jonathan Kamens for the patch.

  • Other minor bug fixes and documentation improvements.

New Features

  • Julien Elie has implemented in nnrpd the new COMPRESS command described in the draft-murchison-nntp-compress Internet-Draft that extends the NNTP protocol to allow a connection to be effectively and efficiently compressed. News clients that also support that extension will be able to benefit from that bandwidth optimization and improvement in speed. Moreover, using COMPRESS is more secure than TLS-level compression, as far as authentication credentials are concerned.

  • The default value for the tlscompression parameter in inn.conf has changed. TLS-level compression is now disabled by default, to comply with the best current practices for a secure use of TLS in application protocols like NNTP. Using the new COMPRESS command is recommended.

  • The tlscompression parameter in inn.conf now also permits disabling TLS-level compression with OpenSSL 0.9.8. It previously had an effect only when OpenSSL 1.0.0 or later was used.

  • OpenSSL 1.1.0 support has been added to INN.

  • Update from GNU Libtool 2.4.2 to 2.4.6.

Don't miss a new inn release

NewReleases is sending notifications on new releases.