2021-01-21  iulius

	* Time to release 2.6.4!

2021-01-20  iulius

	* INSTALL: a bit of clean-up, and update the list of tested OS

	* Update to latest upstream files
	  
	  control.ctl, pgpverify, Libtool, pkg-config, config.guess and
	  config.sub

	* Improve NEWS and add the new year in LICENSE

	* Update links to external repositories

	* Compare space usage of our 3 overview storage methods

2021-01-17  iulius

	* Add support for systemd socket activation
	  
	  Thanks to Marco d'Itri for that new feature!

	* m4/krb5.m4: fix the detection of Kerberos V5 support
	  
	  Kerberos V5 was considered available even though C headers were
	  not present. Now fixed that by probing both the existence of
	  headers and libraries.

	* m4/python.m4: fix the detection of old Python 2.x versions
	  
	  The current code for probing the presence of Python only workq
	  with Python 2.7+ and 3.1+ because the "major" attribute to
	  sys.version_info was only added in these versions.
	  
	  Also, the construct 'x for y in z' is too recent and not known by
	  Python 2.3.0, the minimum version required for INN, so I changed
	  it to a classic map(). If two arguments were not given to the m4
	  macro, the script also failed. Now fixed.

	* Use AS_ECHO instead of echo in Autoconf macros
	  
	  AS_ECHO is more portable. The echo shell function may not be
	  reliable in the calls we do, with variables containing "-" or
	  other characters.

2021-01-15  iulius

	* innd: add systemd notifications for xexec and shutdown

	* inndf: report buffindexed usage with 2 decimals
	  
	  Output was truncated at the inferior number (e.g. 37.00%).

2021-01-11  iulius

	* Do not run the check for POD syntax if Test::POD is too old
	  
	  Test::POD versions prior to 1.50 may not ignore directories like
	  .libs set in the ignore_dirs hash (due to a bug). This causes the
	  test to fail whereas POD syntax is OK.

	* Improve sample init systemd script
	  
	  Thanks to Marco d'Itri, Debian packager of INN, for the ideas.
	  Also enable notify type.

	* rc.news: start innd last when using systemd
	  
	  innd must be started last with exec to keep the same PID of this
	  script.
	  
	  Patch from Marco d'Itri.

2021-01-05  iulius

	* Detail and homogenize the description of our 3 overview methods

	* Makefile: Remove useless flags for the linker when just compiling
	  lib/perl.c
	  
	  Use condensed $(LIBLD) variable.

	* Add -fstack-protector-strong for linking if recognized
	  
	  Building innd on Solaris fails if the compiler does not have
	  amongst its flags -fstack-protector-strong for linking.
	  
	  Undefined first referenced symbol in file __stack_chk_fail art.o
	  __stack_chk_guard art.o ld: fatal: symbol referencing errors
	  
	  Also, if the compiler does not support -fstack-protector-strong
	  for linking, assume it will not work, and remove that flag even
	  for compiling (AIX typically does not have libssp_nonshared).

2021-01-04  iulius

	* configure: also change CC_WARNINGS when CFLAGS is changed

	* Fix build issue when using "make warnings"
	  
	  -fPIE was not present when needed when using "make warnings",
	  causing various problems.

	* Move to configure.ac the logic to undefine AM_CONDITIONAL

	* Added preliminary support for systemd notifications
	  
	  Integrate necessary Autoconf macros and portability headers to
	  use systemd. Right now, only notifications of innd startup and
	  mode changes are notified to the unit system.
	  
	  Thanks to Marco d'Itri for this first systemd integration into
	  INN.

2021-01-03  iulius

	* Add a comment in configure.ac and fix POD typo from previous
	  commits

	* Fix build of fseeko replacement
	  
	  AC_FUNC_FSEEKO needs being called unconditionally out of
	  consistency with the logic in clibrary.h (first looking for
	  !HAVE_FSEEKO before DO_LARGEFILES, and not the contrary).

	* inn.conf: Mention how to disable the process of cancel messages

2020-12-31  eagle

	* Add detail for rejected header
	  
	  When nnrpd rejects a posting because of an invalid header that
	  isn't part of the header table, include the name of the header as
	  an aid in debugging, or the full header if no colon could be
	  found or if the line starts with a colon.
	  
	  Reported by Adam Sjøgren and Lars Ingebrigtsen.

2020-12-24  eagle

	* Fix some subtle errors with nnrpd external auth
	  
	  If nnrpd saw EOF on the stderr file descriptor from an external
	  auth program, it would ignore any further output on stdout. This
	  was the cause of the maddeningly intermittant nnrpd/auth-ext test
	  failures for tests 56 and 59. Sometimes the closure of stderr
	  would be seen before the flush of output on stdout, causing the
	  code to fail to see the username.
	  
	  Fix this problem with more explicit state tracking for stderr. If
	  we see EOF or an error in the stderr file descriptor, remove it
	  from the select set but continue processing stdout until we also
	  see an EOF or error there.
	  
	  Add a new test that explicitly closes stderr. This failed
	  consistently with the previous code and passes consistently with
	  this code.
	  
	  Also close the read and error file descriptors for the external
	  authentication program in nnrpd. Previously, we were leaking
	  those file descriptors.

	* Switch nnrpd/auth-ext to the new test API
	  
	  Use the new test API so that failures will be reported with more
	  detail in the hope that this will help track down the
	  intermittant failure.

	* Fix GCC warnings in tests/lib/date-t.c
	  
	  GCC 10.2.1 rightfully complains that the snprintf invocations in
	  this test may overflow the buffer length and truncate. Use
	  basprintf instead to avoid having to size buffers.

2020-12-22  iulius

	* pgpverify: add a comment about requirements for GnuPG 1.4.20 or
	  2.1.0

2020-12-19  eagle

	* Use a fixed buffer size for QIO
	  
	  The buffer size for QIO is also a limit on the length of an
	  overview line, and the previous complex approach resulted in a
	  buffer size of 8KB on nearly all systems, which was too small in
	  practice.
	  
	  Stop attempting to be clever and size according to the file
	  system block size, which is generally small, and instead use a
	  fixed and predictable buffer size of 32KB, which shouldn't be a
	  problem on any modern system.

2020-12-09  iulius

	* INSTALL: Document the need of shared libraries or
	  position-independent static libraries

	* Update new name of macOS

	* Typo in last commit

	* Mention that lines in header field bodies are separated by mere
	  LF in Perl nnrpd filter

	* Update to latest rra-c-util upstream version
	  
	  Specific fixes for INN builds on Alpine and BSD: * In the
	  getnameinfo replacement, handle musl libc's gethostbyaddr, which
	  returns the string conversion of the IP address if the host
	  doesn't resolve. This only affects the test suite, since musl
	  libc supports IPv6 and thus doesn't need this replacement.
	  
	  * NetBSD prefers reallocarr to reallocarray and only prototypes
	  the latter if _OPENBSD_SOURCE is defined, which is not one of the
	  macros Autoconf defines by default. Work around this by checking
	  whether reallocarray is declared, not only whether it's
	  available, and protyping it if it's not declared. This uses the
	  semi-hidden deprecated symbol on NetBSD.

	* configure.ac: use new Autoconf 2.70 syntax for AC_PROG_LEX
	  
	  Use 'noyywrap' for AC_PROG_LEX. Use AC_CONFIG_HEADERS instead of
	  obsolete AC_CONFIG_HEADER.
	  
	  >From Autoconf 2.70 documentation: AC_PROG_LEX now takes one
	  argument, which may be either 'yywrap' or 'noyywrap'. If it is
	  'noyywrap', AC_PROG_LEX will only set LEXLIB to '-lfl' or '-ll'
	  if a scanner that defines both main and yywrap itself still needs
	  something else from that library. On the other hand, if it is
	  'yywrap', AC_PROG_LEX will fail (setting LEX to ':' and LEXLIB to
	  nothing) if it can't find a library that defines yywrap.
	  
	  In the absence of arguments, AC_PROG_LEX's behavior is
	  bug-compatible with 2.69, which did neither of the above things.
	  This mode is deprecated.
	  
	  Prior to Autoconf 2.70, AC_PROG_LEX did not take any arguments,
	  and its behavior was different from either of the above
	  possibilities: it would search for a library that defines
	  'yywrap', and would set 'LEXLIB' to that library if it finds one.
	  However, if a library that defines this function could not be
	  found, 'LEXLIB' would be left empty and 'LEX' would _not_ be
	  reset. This behavior was due to a bug.

	* Improve logs when Python filters are not installed

2020-12-06  eagle

	* Update URL for Postfilter
	  
	  code.google.com is no more. This seems to be the new location on
	  GitHub.

2020-12-01  iulius

	* Fix build issue in linker feature probing
	  
	  Thanks to Bo Lindbergh for the report.

	* Improve sample init systemd service unit
	  
	  Apply more protections. Sample shared by Russ Allbery.

2020-11-24  iulius

	* Fix other circular dependencies in builds

2020-11-22  iulius

	* Bump revision numbers in INN libraries

	* Add a check in configure to prevent a build with shared non-PIC
	  libraries

	* Add support for hardening build flags
	  
	  New --enable-hardening-flags option to configure, enabled by
	  default.
	  
	  It currently adds -fPIE, -fstack-protector-strong at build time,
	  and -z relro as well as -z now at link time. More flags will
	  eventually be added in future releases.
	  
	  This option can easily be disabled if the compiler or the
	  platform does not support them well.

	* Update to latest control.ctl upstream file

2020-11-21  iulius

	* Fix spurious errors when verifying POD syntax
	  
	  Exclude the directory of the test suite.

	* Fix build with static libraries
	  
	  The ACTIVE parameter is no longer shared between expire.c and
	  ov.c, so it no longer has to be exposed in ovinterface.h. Its
	  removal fixes the naming conflict with another ACTIVE parameter
	  in nnrpd.

	* Update to latest Libtool and install-sh upstream versions
	  
	  Libtool => use Debian-2.4.6-14 version
	  
	  install-sh => upstream has integrated local modifications we had
	  carried for years in INN. Parameters have been integrated with
	  different names, so update Makefile accordingly (-c is now -p; -B
	  is now -S) as well as documentation

	* Update to latest config.guess and config.sub upstream versions

	* Typo fixes

	* Fix build with static libraries
	  
	  Circular dependencies were not correctly resolved by the linker.
	  Seems to be a bug in the --preserve-dup-deps Libtool flag, that
	  does not do what it is supposed to do. Fixed in a local
	  modification in ltmain.sh, reported to upstream.

	* sm: support reading and storing wire-format articles
	  
	  Any number of articles can now be given in wire format to sm on
	  its standard input when both "-s" and "-R" are used. Only native
	  format was previously possible.
	  
	  This might be useful for certain types of internal migrations.
	  
	  Thanks to Bo Lindbergh for the patch.

2020-11-12  iulius

	* innd: make SIGTERM behave exactly like "ctlinnd shutdown"
	  
	  Patch from Marco d'Itri.

	* perl-nocem: document the use of gpg1 to import old PGP keys

	* docs/pod.t: Fix path to Perl interpreter in test suite
	  
	  Thanks to Bo Lindbergh for the bug report.

	* Add missing header files to silent gcc warning
	  
	  Fix build on a few systems like MacOS (warnings may make the
	  system consider the configure test failed).
	  
	  Thanks to Bo Lindbergh for the bug report.

	* Update to latest rra-c-util and C TAP Harness upstream versions

	* Fix syntax in Makefile
	  
	  GNU make 4.3 emits the following warning: "ignoring prerequisites
	  on suffix rule definition".
	  
	  In previous versions, no warning was emitted and a suffix rule
	  was created, however all prerequisites were ignored and were not
	  part of the suffix rule. Starting with GNU make 4.3, the
	  behaviour is the same, and in addition a warning is generated.
	  This commit fixes the syntax.

	* Fix yacc declaration for types
	  
	  POSIX yacc reserves %type to nonterminals. Found with new -Wyacc
	  warning option in Bison 3.5.

2020-06-14  iulius

	* innreport: silent normal behaviour from rnews
	  
	  - Only "bad_article missing Message-ID" was skipped whereas other
	  header fields are also checked. Change to "bad_article missing ".
	  
	  - Skip all "rejected 437" and "rejected 439" because responses
	  could be different with other news servers.

2020-06-13  iulius

	* innreport: externalize CSS
	  
	  Inline styles are not allowed by a (good) Content-Security-Policy
	  because they're vulnerable to XSS. It has become common practice
	  to always externalize all CSS into a separate file.
	  
	  External CSS is also more cacheable though this isn't the primary
	  motivation here.
	  
	  Patch adapted from a suggestion of Richard Kettlewell.

	* innreport: use INN version instead of legacy 3.1.0 version

	* innreport: modernize HTML
	  
	  No insecure external content. Remove icons for W3C XHTML and CSS
	  validation. The reason is to avoid errors when serving innreport
	  output via HTTPS). Thanks to Richard Kettlewell for the patch.

2020-05-24  iulius

	* rnews: new -d flag to log duplicates
	  
	  When -d is used, rnews will syslog the message-ID and the Path
	  header value of each article rejected as a duplicate by the
	  server.
	  
	  It was previously only a compile-time option (DO_RNEWS_LOG_DUPS
	  in options.h), which I am unsure worked fine because there were
	  several wordings in the rnews code: DONT_RNEWS_LOG_DUPS,
	  SYSLOG_RNEWS_LOG_DUPS, FILE_RNEWS_LOG_DUPS.
	  
	  Remove INN_PATH_RNEWS_DUP_LOG (hard-coded to "/dev/null"). One
	  can now parameter its syslog configuration to obtain that
	  information, if needed.

	* Typo fix in a variable name
	  
	  Should have done a rebuild before committing!

	* rnews: new -a flag to configure the use of additional unpackers
	  
	  Added a new "-a" flag to rnews to disallow, if needed, the use of
	  additional unpackers from "<pathbin>/rnews.libexec"; only "rnews"
	  and "cunbatch" will then be recognized as valid batch commands.
	  
	  It was previously only a compile-time option (DO_RNEWSPROGS).

	* rnews: add -b flag to back up badly formatted articles
	  
	  This new -b flag to rnews permits saving rejected articles in the
	  "bad" sub-directory of <pathincoming>. Otherwise, rnews just logs
	  and discards any articles that are rejected or cannot be parsed
	  for some reason.
	  
	  This feature was previously available only via the compile-time
	  option DO_RNEWS_SAVE_BAD.
	  
	  Thanks to Herbert Xu for the proposal of making it easily
	  available.

2020-05-21  iulius

	* Clarify nnrpd TLS instructions
	  
	  Thanks to Richard Kettlewell for the suggestion.

2020-05-10  iulius

	* Fix build with GCC 10.1
	  
	  Ensure that ser_line is at least 4-byte long. And that there is
	  enough room in buff to copy the path.

	* innd: remove unused filterPath variable
	  
	  Variable unused since 2001 (removal forgotten in commit 4435).

2020-03-08  eagle

	* Change readme.pod links to https
	  
	  Prefer https where available for links to supporting software.

2020-01-07  eagle

	* Suppress (spurious) uninitialized warnings
	  
	  GCC 8.3 thinks that some variables in buffindexed/buffindexed.c
	  could be used uninitialized. Initialize them to silence the
	  compiler.

2019-10-31  eagle

	* Make IOV_MAX Autoconf check more cross-compile-friendly
	  
	  The IOV_MAX Autoconf check always compiled and ran a program and
	  relied on the output from that program to indicate that IOV_MAX
	  was set in limits.h, which causes problems with
	  cross-compilation. Instead, use AC_CHECK_DECL to check for the
	  common case that IOV_MAX is defined in limits.h, and only compile
	  and run a program for the uncommon case that this fails.
	  
	  Tested only on Linux, but by changing the probe to look for
	  something other than IOV_MAX and then for something other than
	  UIO_MAXIOV, to make sure all the branches work.
	  
	  Thanks, Helmut Grohne.

2019-10-27  iulius

	* cnfsstat: output information about retired CNFS buffers
	  
	  When not in a metacycbuff, CNFS buffers still mentioned in
	  cycbuff were not displayed.

2019-09-17  iulius

	* nnrpd: fix the selection of DH parameters
	  
	  When the parameters have already been initialized, the callback
	  returns NULL instead of the previously loaded buffer.
	  
	  Fix to previous commit 10344.
	  
	  Thanks to Adam D. Barratt for having caught the issue.

2019-05-31  iulius

	* nnrpd: Adapt the length of DH parameters depending on security
	  level
	  
	  Remove hard-coded 512 and 1024-bit DH parameters to only use more
	  secure DH parameters taken from a more recent RFC 7919.
	  
	  When OpenSSL is configured with a security level beyond 1 (which
	  is the case with Debian Buster for instance), shorter parameters
	  might not be accepted. Negotiations for ciphersuites using DHE
	  key exchange then fail.
	  
	  From OpenSSL documentation: "Previous versions of the callback
	  used is_export and keylength parameters to control parameter
	  generation for export and non-export cipher suites. Modern
	  servers that do not support export cipher suites are advised to
	  either use SSL_CTX_set_tmp_dh() or alternatively, use the
	  callback but ignore keylength and is_export and simply supply at
	  least 2048-bit parameters in the callback."
	  
	  Thanks to Michael Baeuerle for the bug report.

2019-05-30  iulius

	* Fix string operation warnings with GCC 9
	  
	  Also use CNFSNASIZ when appropriate (for buffer names).

	* nnrpd: fix build issue with LibreSSL
	  
	  LibreSSL defines itself as version 2 of OpenSSL, though not
	  implementing the same API.

2019-03-09  eagle

	* Update URL for suck, remove newsx
	  
	  suck has a new usptream on GitHub. newsx appears to be thoroughly
	  gone and has been removed from Debian, so remove it from README.

2019-02-13  iulius

	* Bump revision numbers to next release
