Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id DEB8FA65E2 for ; Sat, 22 Aug 2015 19:10:53 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 1231214A27A; Sat, 22 Aug 2015 19:10:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 4C5B514A279 for ; Sat, 22 Aug 2015 19:10:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 6zsHUXpzW6dW for ; Sat, 22 Aug 2015 19:10:50 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id D04B314A267 for ; Sat, 22 Aug 2015 19:10:50 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id BBD9498; Sat, 22 Aug 2015 19:10:50 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sat, 22 Aug 2015 19:10:50 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/news/inn To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20150822191050.BBD9498@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: wiz Date: Sat Aug 22 19:10:50 UTC 2015 Modified Files: pkgsrc/news/inn: Makefile distinfo Log Message: Update to 2.5.5, from Benedek Gergely on pkgsrc-users. 2015-05-23 iulius * innxmit: tidy up GetMessageID buffer handling In theory, if you could get a message with an empty message-id header through before anything else, it would call memcpy(NULL, p, 0) which (surprisingly) has undefined behavior. This doesn't seem a very likely contingency but I tidied up the code to avoid it and (hopefully) be clearer anyway. Thanks to Richard Kettlewell for the patch. * storage/cnfs/cnfs.c: don't read uninitialised cycbuffname Thanks to Richard Kettlewell for the patch. 2015-05-17 iulius * Fixed alignment issues when storing values 2015-05-14 iulius * Add Richard Kettlewell as a contributor * Correct remap check in tradindexed lookup The check was off by one; and when it happened, it invalidated the 'parent' pointer, causing a use-after-munmap (or use-after-free) condition. Thanks to Richard Kettlewell for the bug report. * Correctly flush CNFS buffers when nfswriter is true in inn.conf * Correct remap check in tradindexed group lookup Previously the remap check had an off-by-one bug and moreover would never be done due to the loop condition (making the off-by-one bug moot). This one could be a problem in real life; if creating a group causes innd to expand the index then an already-running nnrpd will not automatically notice, and so won't be able to find the group. Thanks to Richard Kettlewell for the patch. * nnrpd/commands.c: paranoid checking of AUTHINFO GENERIC reply Check the number of arguments returned by AUTHINFO GENERIC. Thanks to Richard Kettlewell for the patch. * innfeed/connection.c: avoid violating C aliasing rules The object was written as a 'struct sockaddr' but then read as a 'struct sockaddr_storage', which violates C99 s6.5#7. The fix is to always access it as a 'struct sockaddr' and use a union to ensure enough space for any possible address type. Thanks to Richard Kettlewell for the patch. * nnrpd/commands.c: correct sense of PERMgeneric reply The comment has always been wrong, as well as the return value for ~15 years... Thanks to Richard Kettlewell for the patch. * nnrpd/perm.c: don't dereference a null pointer if there are no access groups Thanks to Richard Kettlewell for the patch. * nnrpd/article.c: A wrong variable was used for vhost feature. Since these are created by the local innd, the error should not normally occur. Thanks to Richard Kettlewell for the patch. * Verify that setuid() and setgid() actually succeed See: https://lwn.net/Articles/451985/ for a discussion of the issues in this area. The checks in newuser.c are probably unnecessary due to the subsequent tests. rnews.c is straight-up broken though. Thanks to Richard Kettlewell for the patch. 2015-05-02 iulius * expire/fastrm.c: Fix a dereferencing issue * configure.ac: Build fix for current Mac OS X versions The build was failing with recent versions of Mac OS X: clang: error: no such file or directory: '/usr/local/news/lib/libinn.3.dylib' make[1]: *** [libinn.la] Error 1 make: *** [all-lib] Error 2 The reason is the '-multiply_defined'-part of the command line. This switch is marked as obsolete in ld(1): -multiply_defined treatment Previously provided a way to warn or error if any of the sym- bols used from a dynamic library were also available in another linked dynamic library. This option is obsolete. Thanks to Dennis Preiser for the report. * innfeed/imap_connection.c: fix support of Cyrus SASL 2.1.25 and later Fix how sasl_callback_ft, added with Cyrus SASL 2.1.25, was handled by innfeed. See revision [9381] for more information. Thanks to Dennis Preiser for the report. * innd/art.c: Fix a dereferencing issue when parsing Injection-Info: header field Thanks to David Binderman for the patch. 2015-05-01 iulius * Bump version number in FAQ for new INN 2.5.5 release Also remove link to Elena Samsonova's web site that appears to be defunct. 2015-04-23 iulius * mailpost: add new -t flag to specify the default temporary directory Check that the database directory and the temporary directory are writable when mailpost is run, and otherwise die with an error. Two paths are now tried by default for the temporary directory: pathtmp, and then /var/tmp if pathtmp is not writable. * Fix GCC 5.1.0 warning for incompatible pointer type Rename the "U" macro used by two tests to "SUC" (casting to String of Unsigned Chars) because it otherwise conflicts with how Unicode strings are declared in ISO C11, the new default mode for the GCC 5 series. 2015-04-20 iulius * Update TODO with references to existing patches 2015-04-05 iulius * Mention required TLS ciphers for interoperability * Update TODO with current state of INN 2.6.0 2015-04-02 iulius * Update changelog to mention other changes for INN 2.5.5 * Use Sys::Hostname Perl core module instead of calling /bin/hostname 2015-03-24 iulius * Add two missing contrib programs in the exceptions of mkmanifest * Typo in POD formatting * Update copyright years (add 2015) * Update config.guess and config.sub to upstream versions from 2015-03-08 * Update control.ctl to upstream version from 2014-06-17 2015-03-21 iulius * scanlogs: Limit the number of lines to show from error log files When lots of lines are present in error log files, they appear in the news.daily verbatim, and the resulting email is so large it is bouncing. Restrict the number of lines to 50 (the default value for unknown lines from news.notice). Thanks to Jeffrey M. Vinocur for the bug report. * nnrpd: Count write time stats when using SASL * Improve the count of sleeping channels The highest file descriptor of sleeping channels was not always properly updated. A new CHANresetlastsleeping() function now does the job when called. Also prevent innd from crashing if a channel is supposed to sleep but does not have a Waker set. Thanks to Petr Novopashenniy for the bug report. * readers.conf: improve the first example to disambiguate its effect against loca l connections 2015-03-18 iulius * pullnews: when giving a port along with a server name, check there is only one ":" Otherwise, it is very likely that the given server name is an IPv6 address, and therefore its end should not be interpreted as a port. 2015-01-21 iulius * Fix the unsignedness of TMRgettime when printed 2015-01-10 eagle * http://www.imc.org/ietf-usefor/ appears to be gone Replace this link in HACKING with a link to the usefor mailing list archives and to my Usenet article format pages. 2015-01-10 iulius * Do not mention that TLS compression will be disabled in the next INN release As the CRIME attack is not exploitable in NNTP, disabling TLS compression by default is pointless. No vulnerability in TLS compression is currently known as far as NNTP is concerned. * Add a cast to fix a gcc warning 2015-01-07 iulius * Regenerate Makefile dependencies with gcc 4.7.2 Also adapt support/makedepend to keep the two leading spaces, as in previous versions of gcc. Backport commit [9566]. * Cleanup in include stuff - Add missing BEGIN_DECLS/END_DECLS, and also use them instead of their expansion. - Add missing inclusion of . 2015-01-04 eagle * Remove dead link to nnrpkrb5auth 2014-12-16 iulius * nnrp.access2readers.conf: add default username when none is specified 2014-12-14 iulius * Add new contrib/nnrp.access2readers.conf.in script This script converts old-style nnrp.access to readers.conf. Thanks to Jeffrey M. Vinocur for his contribution. 2014-12-07 iulius * Update Russ's mail address * Fix typos 2014-12-01 iulius * Add support for choosing the elliptic curve to use with TLS support The new tlseccurve parameter in inn.conf takes the name of a curve OpenSSL knows about, to use for ephemeral key exchanges. Thanks to Christian Mock for the patch. 2014-11-23 iulius * m4/sendmail.m4: add missing brackets The configure script was failing when running that part of code. 2014-11-12 iulius * inn.conf: Improve documentation about tlsprotocols and tlscompression 2014-11-11 iulius * Improve tuning of the SSL/TLS configuration nnrpd's TLS support is basically using OpenSSL's defaults WRT issues such as protocol support and cipher suites. In these days of POODLEs and other vulnerabilities, it should be useful to be able to have better control over what's offered. So this patch adds a few options to inn.conf: - tlsprotocols: allows to select the SSL/TLS versions that are supported - tlsciphers: allows to give an OpenSSL cipher string to tailor the cipher suites that are offered to clients - tlspreferserverciphers: switches on the server-side selection of the cipher suite (TLS default is "client chooses") - tlscompression: allows to turn off TLS compression (because of the CRIME attack) if the OpenSSL version supports this. Many thanks to Christian Mock for his patch. 2014-11-09 iulius * Mention PyClean as a Python-based variant of Cleanfeed. 2014-10-28 iulius * Update default paths for Debian and Fedora * Fix a dependency in a build rule 2014-10-03 iulius * innwatch: report an error when the control file is missing 2014-09-24 iulius * rc.news: no longer explicitly sleep before starting innwatch and cnfsstat Instead, make these two scripts sleep by themselves. Also update documentation: improve the list of actions done by rc.news, and no longer mentions that innd should be throttled before being stopped (this is not true - the shutdown process already does the actions throttling does). * innwatch: add -i flag to specify how many seconds to sleep at startup - Also fix previous commit [9651] that did not totally fix the issue it was supposed to fix. - Fix the behaviour of the -f flag (it wasn't doing anything). - Fix how the -l flag was parsed (a space was required between -l and its argument, whils it should not have been required). - Add new POD documentation for innwatch, and update it at the same time: document new -i flag, and document already existing -f flag. * cnfsstat: add -i flag to specify how many seconds to sleep at startup Update documentation, and homogenize POD syntax at the same time. 2014-09-24 eagle * Re-add second $(LIBSTORAGE) when linking backends Backend commands (such as nntpget) linked with both history and storage libraries list $(LIBSTORAGE) in the link line twice. This isn't a mistake; there are some unfortunate circular dependencies that require listing $(LIBSTORAGE) both before and after $(LIBINNHIST) in the link line or static linking will fail. 2014-09-22 iulius * Fix build issues on AIX 7.1 mmap is redefined to mmap64 when large file support is enabled. 2014-09-21 iulius * Fixed a warning and an unnecessary sys/stropts.h header * Typos * Fix build of contrib/respool.c Remove an unused variable. Add a link to libhistory. * Fix build of contrib/reset-cnfs.c Add correct include header files. Use the right DO_LARGEFILES variable instead of LARGE_FILES. Reformat the code (remove tabulations). Properly exit with the right status code. * Fix a few warnings, and update svn:ignore for contrib * Fix build of contrib/expirectl.c Add correct include header files, and fix a few warnings in printf() calls. Add portability code for statfs/statvfs support. * Add compilation rules for contrib/auth_pass.c and contrib/expirectl.c Use the right socklen_t type, and add crypt.h header if available. * FAQ: add how to feed articles arrived between two dates to another server 2014-09-11 iulius * innupgrade: fix its execution On a few systems like AIX, innupgrade failed to run during an upgrade because "perl -T" was not explicitly called. Failure was: "-T" is on the #! line, it must also be used on the command line Thanks to The Doctor for his bug report. 2014-09-07 iulius * Add missing dependency for libtest.o during the build of nnrpd/auth-ext.t 2014-09-05 iulius * Fix typos in INN_HAVE_SYS_BITYPES_H and INN_MACRO_IN6_ARE_ADDR_EQUAL names 2014-08-30 iulius * libinn documentation: update the name of the fdflag functions * pullnews: improve logging when an error occurs during GROUP Also rewrite a ternary condition to improve readability. Patch from Geraint A. Edwards. * pullnews: new -a flag (hashfeed ability) Add a new feature to pullnews: hashfeed to split feeds. It uses MD5 and is Diablo-compatible. Thanks to Geraint Edwards for the patch. * pullnews: new -B flag (header-only feeding) Add a new feature to pullnews: header-only feeding. If the article does not already have a Bytes: header field, one is added. Bodies are kept only for control articles. Thanks to Geraint Edwards for the patch. * pullnews: bug fix to rnews when -O; improved rnews reporting Thanks to Geraint Edwards for the patch. * pullnews: improve wording * When pullnews runs for the first time against a newsgroup, say "never" instead of January, 1st 1970 as the last run date. * Improve spaces, uppercase characters and singular forms when 1 article is retrieved. * Update the config file even when the group is empty. * pullnews: remove headers matching (or not) a given regexp Enable the -m flag to remove headers matching (or not) a given regexp. Thanks to Geraint Edwards for the patch. 2014-08-09 iulius * innwatch: no longer creates a child process for sleeping innwatch creates a child process only for sleeping and then waits on that process. The forked-off process is not killed by 'rc.news stop' (only its parent is), and will only die after it's done sleeping. If running under SMF on illumos/Solaris, this causes the service to likely drop into maintenance state (since not all processes die within timeout). Thanks to Lauri Tirkkonen for the patch. 2014-06-04 iulius * Bump version number to 2.5.5 for STABLE. To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 pkgsrc/news/inn/Makefile cvs rdiff -u -r1.33 -r1.34 pkgsrc/news/inn/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.