12021-01-21 iulius 2 3 * Time to release 2.6.4! 4 52021-01-20 iulius 6 7 * INSTALL: a bit of clean-up, and update the list of tested OS 8 9 * Update to latest upstream files 10 11 control.ctl, pgpverify, Libtool, pkg-config, config.guess and 12 config.sub 13 14 * Improve NEWS and add the new year in LICENSE 15 16 * Update links to external repositories 17 18 * Compare space usage of our 3 overview storage methods 19 202021-01-17 iulius 21 22 * Add support for systemd socket activation 23 24 Thanks to Marco d'Itri for that new feature! 25 26 * m4/krb5.m4: fix the detection of Kerberos V5 support 27 28 Kerberos V5 was considered available even though C headers were 29 not present. Now fixed that by probing both the existence of 30 headers and libraries. 31 32 * m4/python.m4: fix the detection of old Python 2.x versions 33 34 The current code for probing the presence of Python only workq 35 with Python 2.7+ and 3.1+ because the "major" attribute to 36 sys.version_info was only added in these versions. 37 38 Also, the construct 'x for y in z' is too recent and not known by 39 Python 2.3.0, the minimum version required for INN, so I changed 40 it to a classic map(). If two arguments were not given to the m4 41 macro, the script also failed. Now fixed. 42 43 * Use AS_ECHO instead of echo in Autoconf macros 44 45 AS_ECHO is more portable. The echo shell function may not be 46 reliable in the calls we do, with variables containing "-" or 47 other characters. 48 492021-01-15 iulius 50 51 * innd: add systemd notifications for xexec and shutdown 52 53 * inndf: report buffindexed usage with 2 decimals 54 55 Output was truncated at the inferior number (e.g. 37.00%). 56 572021-01-11 iulius 58 59 * Do not run the check for POD syntax if Test::POD is too old 60 61 Test::POD versions prior to 1.50 may not ignore directories like 62 .libs set in the ignore_dirs hash (due to a bug). This causes the 63 test to fail whereas POD syntax is OK. 64 65 * Improve sample init systemd script 66 67 Thanks to Marco d'Itri, Debian packager of INN, for the ideas. 68 Also enable notify type. 69 70 * rc.news: start innd last when using systemd 71 72 innd must be started last with exec to keep the same PID of this 73 script. 74 75 Patch from Marco d'Itri. 76 772021-01-05 iulius 78 79 * Detail and homogenize the description of our 3 overview methods 80 81 * Makefile: Remove useless flags for the linker when just compiling 82 lib/perl.c 83 84 Use condensed $(LIBLD) variable. 85 86 * Add -fstack-protector-strong for linking if recognized 87 88 Building innd on Solaris fails if the compiler does not have 89 amongst its flags -fstack-protector-strong for linking. 90 91 Undefined first referenced symbol in file __stack_chk_fail art.o 92 __stack_chk_guard art.o ld: fatal: symbol referencing errors 93 94 Also, if the compiler does not support -fstack-protector-strong 95 for linking, assume it will not work, and remove that flag even 96 for compiling (AIX typically does not have libssp_nonshared). 97 982021-01-04 iulius 99 100 * configure: also change CC_WARNINGS when CFLAGS is changed 101 102 * Fix build issue when using "make warnings" 103 104 -fPIE was not present when needed when using "make warnings", 105 causing various problems. 106 107 * Move to configure.ac the logic to undefine AM_CONDITIONAL 108 109 * Added preliminary support for systemd notifications 110 111 Integrate necessary Autoconf macros and portability headers to 112 use systemd. Right now, only notifications of innd startup and 113 mode changes are notified to the unit system. 114 115 Thanks to Marco d'Itri for this first systemd integration into 116 INN. 117 1182021-01-03 iulius 119 120 * Add a comment in configure.ac and fix POD typo from previous 121 commits 122 123 * Fix build of fseeko replacement 124 125 AC_FUNC_FSEEKO needs being called unconditionally out of 126 consistency with the logic in clibrary.h (first looking for 127 !HAVE_FSEEKO before DO_LARGEFILES, and not the contrary). 128 129 * inn.conf: Mention how to disable the process of cancel messages 130 1312020-12-31 eagle 132 133 * Add detail for rejected header 134 135 When nnrpd rejects a posting because of an invalid header that 136 isn't part of the header table, include the name of the header as 137 an aid in debugging, or the full header if no colon could be 138 found or if the line starts with a colon. 139 140 Reported by Adam Sjøgren and Lars Ingebrigtsen. 141 1422020-12-24 eagle 143 144 * Fix some subtle errors with nnrpd external auth 145 146 If nnrpd saw EOF on the stderr file descriptor from an external 147 auth program, it would ignore any further output on stdout. This 148 was the cause of the maddeningly intermittant nnrpd/auth-ext test 149 failures for tests 56 and 59. Sometimes the closure of stderr 150 would be seen before the flush of output on stdout, causing the 151 code to fail to see the username. 152 153 Fix this problem with more explicit state tracking for stderr. If 154 we see EOF or an error in the stderr file descriptor, remove it 155 from the select set but continue processing stdout until we also 156 see an EOF or error there. 157 158 Add a new test that explicitly closes stderr. This failed 159 consistently with the previous code and passes consistently with 160 this code. 161 162 Also close the read and error file descriptors for the external 163 authentication program in nnrpd. Previously, we were leaking 164 those file descriptors. 165 166 * Switch nnrpd/auth-ext to the new test API 167 168 Use the new test API so that failures will be reported with more 169 detail in the hope that this will help track down the 170 intermittant failure. 171 172 * Fix GCC warnings in tests/lib/date-t.c 173 174 GCC 10.2.1 rightfully complains that the snprintf invocations in 175 this test may overflow the buffer length and truncate. Use 176 basprintf instead to avoid having to size buffers. 177 1782020-12-22 iulius 179 180 * pgpverify: add a comment about requirements for GnuPG 1.4.20 or 181 2.1.0 182 1832020-12-19 eagle 184 185 * Use a fixed buffer size for QIO 186 187 The buffer size for QIO is also a limit on the length of an 188 overview line, and the previous complex approach resulted in a 189 buffer size of 8KB on nearly all systems, which was too small in 190 practice. 191 192 Stop attempting to be clever and size according to the file 193 system block size, which is generally small, and instead use a 194 fixed and predictable buffer size of 32KB, which shouldn't be a 195 problem on any modern system. 196 1972020-12-09 iulius 198 199 * INSTALL: Document the need of shared libraries or 200 position-independent static libraries 201 202 * Update new name of macOS 203 204 * Typo in last commit 205 206 * Mention that lines in header field bodies are separated by mere 207 LF in Perl nnrpd filter 208 209 * Update to latest rra-c-util upstream version 210 211 Specific fixes for INN builds on Alpine and BSD: * In the 212 getnameinfo replacement, handle musl libc's gethostbyaddr, which 213 returns the string conversion of the IP address if the host 214 doesn't resolve. This only affects the test suite, since musl 215 libc supports IPv6 and thus doesn't need this replacement. 216 217 * NetBSD prefers reallocarr to reallocarray and only prototypes 218 the latter if _OPENBSD_SOURCE is defined, which is not one of the 219 macros Autoconf defines by default. Work around this by checking 220 whether reallocarray is declared, not only whether it's 221 available, and protyping it if it's not declared. This uses the 222 semi-hidden deprecated symbol on NetBSD. 223 224 * configure.ac: use new Autoconf 2.70 syntax for AC_PROG_LEX 225 226 Use 'noyywrap' for AC_PROG_LEX. Use AC_CONFIG_HEADERS instead of 227 obsolete AC_CONFIG_HEADER. 228 229 >From Autoconf 2.70 documentation: AC_PROG_LEX now takes one 230 argument, which may be either 'yywrap' or 'noyywrap'. If it is 231 'noyywrap', AC_PROG_LEX will only set LEXLIB to '-lfl' or '-ll' 232 if a scanner that defines both main and yywrap itself still needs 233 something else from that library. On the other hand, if it is 234 'yywrap', AC_PROG_LEX will fail (setting LEX to ':' and LEXLIB to 235 nothing) if it can't find a library that defines yywrap. 236 237 In the absence of arguments, AC_PROG_LEX's behavior is 238 bug-compatible with 2.69, which did neither of the above things. 239 This mode is deprecated. 240 241 Prior to Autoconf 2.70, AC_PROG_LEX did not take any arguments, 242 and its behavior was different from either of the above 243 possibilities: it would search for a library that defines 244 'yywrap', and would set 'LEXLIB' to that library if it finds one. 245 However, if a library that defines this function could not be 246 found, 'LEXLIB' would be left empty and 'LEX' would _not_ be 247 reset. This behavior was due to a bug. 248 249 * Improve logs when Python filters are not installed 250 2512020-12-06 eagle 252 253 * Update URL for Postfilter 254 255 code.google.com is no more. This seems to be the new location on 256 GitHub. 257 2582020-12-01 iulius 259 260 * Fix build issue in linker feature probing 261 262 Thanks to Bo Lindbergh for the report. 263 264 * Improve sample init systemd service unit 265 266 Apply more protections. Sample shared by Russ Allbery. 267 2682020-11-24 iulius 269 270 * Fix other circular dependencies in builds 271 2722020-11-22 iulius 273 274 * Bump revision numbers in INN libraries 275 276 * Add a check in configure to prevent a build with shared non-PIC 277 libraries 278 279 * Add support for hardening build flags 280 281 New --enable-hardening-flags option to configure, enabled by 282 default. 283 284 It currently adds -fPIE, -fstack-protector-strong at build time, 285 and -z relro as well as -z now at link time. More flags will 286 eventually be added in future releases. 287 288 This option can easily be disabled if the compiler or the 289 platform does not support them well. 290 291 * Update to latest control.ctl upstream file 292 2932020-11-21 iulius 294 295 * Fix spurious errors when verifying POD syntax 296 297 Exclude the directory of the test suite. 298 299 * Fix build with static libraries 300 301 The ACTIVE parameter is no longer shared between expire.c and 302 ov.c, so it no longer has to be exposed in ovinterface.h. Its 303 removal fixes the naming conflict with another ACTIVE parameter 304 in nnrpd. 305 306 * Update to latest Libtool and install-sh upstream versions 307 308 Libtool => use Debian-2.4.6-14 version 309 310 install-sh => upstream has integrated local modifications we had 311 carried for years in INN. Parameters have been integrated with 312 different names, so update Makefile accordingly (-c is now -p; -B 313 is now -S) as well as documentation 314 315 * Update to latest config.guess and config.sub upstream versions 316 317 * Typo fixes 318 319 * Fix build with static libraries 320 321 Circular dependencies were not correctly resolved by the linker. 322 Seems to be a bug in the --preserve-dup-deps Libtool flag, that 323 does not do what it is supposed to do. Fixed in a local 324 modification in ltmain.sh, reported to upstream. 325 326 * sm: support reading and storing wire-format articles 327 328 Any number of articles can now be given in wire format to sm on 329 its standard input when both "-s" and "-R" are used. Only native 330 format was previously possible. 331 332 This might be useful for certain types of internal migrations. 333 334 Thanks to Bo Lindbergh for the patch. 335 3362020-11-12 iulius 337 338 * innd: make SIGTERM behave exactly like "ctlinnd shutdown" 339 340 Patch from Marco d'Itri. 341 342 * perl-nocem: document the use of gpg1 to import old PGP keys 343 344 * docs/pod.t: Fix path to Perl interpreter in test suite 345 346 Thanks to Bo Lindbergh for the bug report. 347 348 * Add missing header files to silent gcc warning 349 350 Fix build on a few systems like MacOS (warnings may make the 351 system consider the configure test failed). 352 353 Thanks to Bo Lindbergh for the bug report. 354 355 * Update to latest rra-c-util and C TAP Harness upstream versions 356 357 * Fix syntax in Makefile 358 359 GNU make 4.3 emits the following warning: "ignoring prerequisites 360 on suffix rule definition". 361 362 In previous versions, no warning was emitted and a suffix rule 363 was created, however all prerequisites were ignored and were not 364 part of the suffix rule. Starting with GNU make 4.3, the 365 behaviour is the same, and in addition a warning is generated. 366 This commit fixes the syntax. 367 368 * Fix yacc declaration for types 369 370 POSIX yacc reserves %type to nonterminals. Found with new -Wyacc 371 warning option in Bison 3.5. 372 3732020-06-14 iulius 374 375 * innreport: silent normal behaviour from rnews 376 377 - Only "bad_article missing Message-ID" was skipped whereas other 378 header fields are also checked. Change to "bad_article missing ". 379 380 - Skip all "rejected 437" and "rejected 439" because responses 381 could be different with other news servers. 382 3832020-06-13 iulius 384 385 * innreport: externalize CSS 386 387 Inline styles are not allowed by a (good) Content-Security-Policy 388 because they're vulnerable to XSS. It has become common practice 389 to always externalize all CSS into a separate file. 390 391 External CSS is also more cacheable though this isn't the primary 392 motivation here. 393 394 Patch adapted from a suggestion of Richard Kettlewell. 395 396 * innreport: use INN version instead of legacy 3.1.0 version 397 398 * innreport: modernize HTML 399 400 No insecure external content. Remove icons for W3C XHTML and CSS 401 validation. The reason is to avoid errors when serving innreport 402 output via HTTPS). Thanks to Richard Kettlewell for the patch. 403 4042020-05-24 iulius 405 406 * rnews: new -d flag to log duplicates 407 408 When -d is used, rnews will syslog the message-ID and the Path 409 header value of each article rejected as a duplicate by the 410 server. 411 412 It was previously only a compile-time option (DO_RNEWS_LOG_DUPS 413 in options.h), which I am unsure worked fine because there were 414 several wordings in the rnews code: DONT_RNEWS_LOG_DUPS, 415 SYSLOG_RNEWS_LOG_DUPS, FILE_RNEWS_LOG_DUPS. 416 417 Remove INN_PATH_RNEWS_DUP_LOG (hard-coded to "/dev/null"). One 418 can now parameter its syslog configuration to obtain that 419 information, if needed. 420 421 * Typo fix in a variable name 422 423 Should have done a rebuild before committing! 424 425 * rnews: new -a flag to configure the use of additional unpackers 426 427 Added a new "-a" flag to rnews to disallow, if needed, the use of 428 additional unpackers from "<pathbin>/rnews.libexec"; only "rnews" 429 and "cunbatch" will then be recognized as valid batch commands. 430 431 It was previously only a compile-time option (DO_RNEWSPROGS). 432 433 * rnews: add -b flag to back up badly formatted articles 434 435 This new -b flag to rnews permits saving rejected articles in the 436 "bad" sub-directory of <pathincoming>. Otherwise, rnews just logs 437 and discards any articles that are rejected or cannot be parsed 438 for some reason. 439 440 This feature was previously available only via the compile-time 441 option DO_RNEWS_SAVE_BAD. 442 443 Thanks to Herbert Xu for the proposal of making it easily 444 available. 445 4462020-05-21 iulius 447 448 * Clarify nnrpd TLS instructions 449 450 Thanks to Richard Kettlewell for the suggestion. 451 4522020-05-10 iulius 453 454 * Fix build with GCC 10.1 455 456 Ensure that ser_line is at least 4-byte long. And that there is 457 enough room in buff to copy the path. 458 459 * innd: remove unused filterPath variable 460 461 Variable unused since 2001 (removal forgotten in commit 4435). 462 4632020-03-08 eagle 464 465 * Change readme.pod links to https 466 467 Prefer https where available for links to supporting software. 468 4692020-01-07 eagle 470 471 * Suppress (spurious) uninitialized warnings 472 473 GCC 8.3 thinks that some variables in buffindexed/buffindexed.c 474 could be used uninitialized. Initialize them to silence the 475 compiler. 476 4772019-10-31 eagle 478 479 * Make IOV_MAX Autoconf check more cross-compile-friendly 480 481 The IOV_MAX Autoconf check always compiled and ran a program and 482 relied on the output from that program to indicate that IOV_MAX 483 was set in limits.h, which causes problems with 484 cross-compilation. Instead, use AC_CHECK_DECL to check for the 485 common case that IOV_MAX is defined in limits.h, and only compile 486 and run a program for the uncommon case that this fails. 487 488 Tested only on Linux, but by changing the probe to look for 489 something other than IOV_MAX and then for something other than 490 UIO_MAXIOV, to make sure all the branches work. 491 492 Thanks, Helmut Grohne. 493 4942019-10-27 iulius 495 496 * cnfsstat: output information about retired CNFS buffers 497 498 When not in a metacycbuff, CNFS buffers still mentioned in 499 cycbuff were not displayed. 500 5012019-09-17 iulius 502 503 * nnrpd: fix the selection of DH parameters 504 505 When the parameters have already been initialized, the callback 506 returns NULL instead of the previously loaded buffer. 507 508 Fix to previous commit 10344. 509 510 Thanks to Adam D. Barratt for having caught the issue. 511 5122019-05-31 iulius 513 514 * nnrpd: Adapt the length of DH parameters depending on security 515 level 516 517 Remove hard-coded 512 and 1024-bit DH parameters to only use more 518 secure DH parameters taken from a more recent RFC 7919. 519 520 When OpenSSL is configured with a security level beyond 1 (which 521 is the case with Debian Buster for instance), shorter parameters 522 might not be accepted. Negotiations for ciphersuites using DHE 523 key exchange then fail. 524 525 From OpenSSL documentation: "Previous versions of the callback 526 used is_export and keylength parameters to control parameter 527 generation for export and non-export cipher suites. Modern 528 servers that do not support export cipher suites are advised to 529 either use SSL_CTX_set_tmp_dh() or alternatively, use the 530 callback but ignore keylength and is_export and simply supply at 531 least 2048-bit parameters in the callback." 532 533 Thanks to Michael Baeuerle for the bug report. 534 5352019-05-30 iulius 536 537 * Fix string operation warnings with GCC 9 538 539 Also use CNFSNASIZ when appropriate (for buffer names). 540 541 * nnrpd: fix build issue with LibreSSL 542 543 LibreSSL defines itself as version 2 of OpenSSL, though not 544 implementing the same API. 545 5462019-03-09 eagle 547 548 * Update URL for suck, remove newsx 549 550 suck has a new usptream on GitHub. newsx appears to be thoroughly 551 gone and has been removed from Debian, so remove it from README. 552 5532019-02-13 iulius 554 555 * Bump revision numbers to next release 556