2015-09-12  iulius

	* Remove the paragraph about development versions in README

	* Branch 2.6.0 release.

	* Bump revision numbers in FAQ to reflect the new 2.6.0 release

2015-09-08  iulius

	* Add additional instruction for STABLE snapshots when making a
	  release

2015-09-05  eagle

	* Change syslog messages used by tests/innd/chan-t.c to notice
	  
	  Avoids spamming syslog when running the test suite. Using notice
	  should be equivalent for the callers of this code. (This should
	  be done more broadly across the code base, but this change will
	  quiet the immediate issue.)

2015-09-04  iulius

	* Improve documentation for RADIUS
	  
	  Better POD syntax, typo fix, and remove the comment in the
	  inn-radius.conf sample file about the impossibility to use a hash
	  tag (#) in the secret password.

2015-09-03  iulius

	* Typo fix

	* Update config.guess and config.sub to upstream versions from
	  2015-08-20

2015-09-02  iulius

	* Improve documentation about the use of htpasswd

	* Improve documentation about the use of port 119 with TLS

	* Explicitly say that the dbz config file is the .dir history file
	  
	  Thanks to Bernard Higonnet for the report.
	  
	  see #138

2015-08-28  iulius

	* Improve the documentation of makedbz as for the history.dir file

	* Silent the float-equal GCC warning for Perl XS
	  
	  See the thread [perl #125770] Unsafe comparison of floats in
	  SvTRUE in perl5-porters in August 2015.

	* Update to latest rra-c-util release 5.8

	* Update to latest C TAP Harness release 3.4
	  
	  Fix segfault in runtests with empty test list.

2015-08-10  iulius

	* Perl XS code: Clean up the use of ERRSV along with the SvTRUE
	  macro
	  
	  ERRSV macro has a getter C function internally. SvTRUE macro
	  evaluates its arguments multiple times, leading to exponential
	  calls of the getter function. ERRSV should be assigned to a SV*
	  variable before passing that SV* to SvTRUE macro.
	  
	  Thanks to bulk88 for having pointed that out in the Perl bug
	  tracker.

2015-08-09  iulius

	* innreport: Try to create HTML and IMG directories if they do not
	  exist
	  
	  It can be helful for new INN installations.

2015-08-08  iulius

	* ninpaths: Improve logging
	  
	  When fopen fails, log that the error comes from ninpaths.
	  Otherwise, the log line in the errlog file is not helpful to fix
	  the issue.

	* cnfsstat: Improve logging
	  
	  Do not write stats until the CNFS buffer has been initialized.
	  
	  Also do not write double quotes twice around group patterns.

	* Do not add a line feed in innfeed log lines

	* Fix the wording of two log lines in our documentation

2015-08-04  iulius

	* nnrpd: improve validation of e-mail addresses
	  
	  Check that if an article has a From: header field beginning with
	  '@' chars, it also has another '@' afterwards in the field.
	  
	  It will prevent From: header fields like "@a.b" or "@@@a.b" from
	  being accepted.

2015-07-14  iulius

	* Improve a few default values for innfeed.conf
	  
	  - Increase max-queue-size from 5 to 20.
	  
	  - Enable use-mmap by default.

	* Improve a few default values for inn.conf
	  
	  - Make use of the vastly expanded storage and RAM commonly
	  available today: datamovethreshold (from 8192 to 16384),
	  msgidcachesize (from 16000 to 64000), overcachesize (from 64 to
	  128), wireformat (now enabled by default).
	  
	  - Enable the generation of status reports and performance
	  timings: logstatus and nnrpdoverstats parameters, with a
	  frequency of 10 minutes (status and timer parameters).
	  
	  - Fix the definition of runasgroup and runasuser: they are not
	  necessarily "news" as they can be specified at configure time.
	  
	  - Say that the default value of dontrejectfiltered is false.
	  
	  - Say that the default value of pgpverify is false, if not
	  present in inn.conf.
	  
	  - Say that the default value of logcycles should remain 3 because
	  of privacy impact.

2015-07-12  iulius

	* nnrpd: fix the parsing of continuation lines in headers
	  
	  Empty headers were not properly parsed. Thanks to Richard
	  Kettlewell for the bug report.

	* Typo

	* Update dependencies

2015-07-11  iulius

	* Add a comment to keep in mind that nnrpd must not reject
	  proto-articles with empty headers

2015-07-07  iulius

	* Change Perl URL to use HTTPS to avoid a redirect

	* Sync with latest C TAP Harness upstream package
	  
	  Rebalance usage to avoid too-long strings master

	* Fix segfault in buffer_find_string with empty buffer
	  
	  Fix segfault in buffer_find_string if passed a buffer that's
	  never had any data. Found by Richard Kettlewell. Patch from
	  upstream rra-c-util.

	* Remove unneeded UNUSED from network support functions
	  
	  Patch from upstream rra-c-util package. Also homogenize our local
	  network-innbind library with the upstream network one.

	* Clean build with -Wmissing-format-attribute
	  
	  Add format attributes on various internal functions and a few
	  utility functions that take va_arg arguments so that all code
	  builds cleanly with -Wmissing-format-attribute.

2015-07-06  eagle

	* Change Perl URL to use HTTPS to avoid a redirect

2015-07-04  iulius

	* Check for new warnings when running "make warnings"
	  
	  Add the following flags: -Wformat=2 -Wmissing-include-dirs
	  -Wtrampolines -Wjump-misses-init -Winvalid-pch
	  
	  Using -Wformat=2 checks the use of string literals and permits to
	  detect where security should be tightened (see ticket #136).

	* Update to latest C TAP Harness version from upstream
	  
	  Document the verbose mode.

2015-06-26  iulius

	* lib/timer.c: Make sure timer arithmetic is done in unsigned types
	  
	  Some care is required. The divison must be done in the signed
	  type (otherwise the answer is wrong if usec<0) but any operation
	  that can overflow (+ and *) must be done in an unsigned type.
	  
	  In the current code the multiplication is done in the signed
	  type. If it overflows (as it will after a few weeks, on 32-bit
	  platforms) then we are already into undefined behaviour (C99
	  s6.5#5).
	  
	  The subsequent conversion to an unsigned type does not make any
	  difference - the 'working type' for the multiplication is
	  determined by the operands alone, not by the treatment of the
	  result.
	  
	  Note that overflow behaviour for unsigned types (including
	  conversion of negative values to unsigned types) is defined: the
	  result is the residue modulo 2^n (C99 s6.2.5#9).
	  
	  Thanks to Richard Kettlewell for the patch.

2015-06-25  iulius

	* Properly initialize innconf struct
	  
	  Thanks to Richard Kettlewell for the patch.

	* lib/hashtab.c: hash_size() would overflow if target=0
	  
	  Thanks to Richard Kettlewell for the patch.

2015-06-22  iulius

	* Take into account union semun when dealing with semaphores
	  
	  Improve commit [9902]. Thanks to The Doctor for the patch.

2015-06-20  iulius

	* innd: mask signals when not in select
	  
	  This excludes the possibility of a signal handler accessing data
	  that the main code is mutating.
	  
	  Rationale: When a child (say, nnrpd) terminates, innd gets
	  SIGCHLD and immediately invokes PROCreap(). This looks for the
	  process in PROCtable. However, if another child process has just
	  been started then PROCwatch() will be part way through executing
	  realloc() to expand PROCtable at the point the signal arrives. So
	  PROCreap() may see an old and possibly corrupted version of the
	  table.
	  
	  Thanks to Richard Kettlewell for the patch.

	* innd: don't reap the same process table entry more than once
	  
	  Thanks to Richard Kettlewell for the patch.

	* scanlogs: Report the contents of the news.err file
	  
	  Only errlog and news.crit were previously reported.
	  
	  Also fix the documentation for the max_unknown parameter in
	  innreport.conf that applies to news.notice and not news.err.

	* Destroy buffindexed's semaphore as well as its shared memory
	  segment
	  
	  buffindexed deletes its shared memory segment when there are no
	  more users (i.e. when shm_nattch==0), but it fails to delete the
	  semaphore at the same time.
	  
	  "make check" no longer leaks semaphores.
	  
	  % ./buffindexed.t
	  
	  cant create semaphore using ov-tmp/buffer: No space left on
	  device failed to create semaphore for ov-tmp/buffer buffindexed:
	  ovinitdisks: cant create shmem for ov-tmp/buffer len 16384: No
	  space left on device Opening the overview database failed, cannot
	  continue
	  
	  Thanks to Richard Kettlewell for the patch.

2015-06-14  iulius

	* Fix the build for Python < 2.5.0
	  
	  Fix (old) commit [9297] where Py_ssize_t was set to ssize_t for
	  Python versions anterior to 2.5.0 whereas it was an int. We
	  therefore had an incompatible pointer type when calling
	  PyDict_Next().
	  
	  As INN is supposed to work on 2.2.0, this bug is now fixed.
	  
	  Also use "0" and "1" instead of "False" and "True" that did not
	  exist in 2.2.0 for the distutils module.

	* Improve documentation for CNFS buffers larger than 2 GB
	  
	  Large-file support is useful only for 32-bit platforms (and some
	  very rare 64-bit platforms that aren't Linux).

	* Python support: use the distutils.sysconfig module at configure
	  time
	  
	  Drop support for Python 2.1 and before. It will allow to properly
	  search for the python binary (in m4/python.m4) thanks to the
	  distutils.sysconfig module which appeared in Python 2.2.0,
	  released in December 2001! So it is no longer an issue in 2015.
	  
	  For the record, Python 1.5.2 was currently enough to build INN.
	  
	  One of the issues fixed is that on several systems, the
	  /usr/lib/python2.7/config directory does not exist. It can for
	  instance be /usr/lib/python2.7/config-x86_64-linux-gnu, so the
	  build fails because "config" is hard-coded in the current way the
	  detection is coded.
	  
	  see #78

	* nnrpd: don't strlcpy with equal source/dest
	  
	  strlcpy with overlapping source & destination has undefined
	  behavior. (INN's version of the function passes the source and
	  destination to memcpy, which also has undefined behavior when
	  they overlap.)
	  
	  Thanks to Richard Kettlewell for the patch.

	* innfeed, innd: fix boring uninteresting memory leaks
	  
	  These aren't serious leaks, but do cause noise in analysis tools.
	  
	  Thanks to Richard Kettlewell for the patch.

	* innd, expire, makehistory: fix memory leak for extraoverview
	  
	  Thanks to Richard Kettlewell for the bug report and the patch.

	* innfeed: avoid underrun of endpoint array
	  
	  The underrun would happen when the last endpoint is deleted.
	  
	  Thanks to Richard Kettlewell for the patch.

	* innfeed: be more conservative about article read from disk
	  
	  Thanks to Richard Kettlewell for the patch.

	* ident: avoid buffer underrun
	  
	  Thanks to Richard Kettlewell for the patch.

	* Fix ninpaths memory leak
	  
	  Realistically this isn't very likely to cause anyone any trouble.
	  However, fixing it reduces noise that might obscure more serious
	  problems.
	  
	  Thanks to Richard Kettlewell for the patch.

2015-06-03  iulius

	* Fix a Clang warning for the test of the equality between floats
	  
	  overview_free_space returns a percentage (positive number) or -1
	  when free space is irrelevant for the overview method used.

	* Fix Clang warning for unused macros
	  
	  Also clean up the code because OVERFLOW is always defined when
	  tagged-hash is enabled.

	* Fix a gcc warning for an unused variable

	* Update NEWS to mention the upgrade to 2.6 from a version anterior
	  to 2.5

2015-05-25  iulius

	* storage/ovdb/ovdb.c: Fix build issue when Berkeley DB is not
	  available
	  
	  ovdb-private.h correctly undefines HAVE_BDB because db.h is not
	  available but as portable/socket-unix.h was included just after,
	  it was setting again HAVE_BDB owing to its definition in
	  config.h.
	  
	  Rearrange the order of the inclusions.

	* contrib/reset-cnfs.c: The status was not correctly updated
	  
	  It may have returned true even though an error occurred.

	* contrib/expirectl.c: Remove useless line (base variable was never
	  read)

	* Handle NULL argument to process_free
	  
	  This clears up a Clang warning.

	* Fix getaddrinfo test on Mac OS X
	  
	  Mac OS X uses higher-value flags than other platforms, so adjust
	  the mask so that the portability test works properly there.

	* Add missing va_end in xasprintf implementation

2015-05-24  iulius

	* storage/buffindexed/buffindexed.c: fix alignment warnings
	  
	  Given that GROUPheader is already a pointer to a GROUPHEADER,
	  just use &GROUPheader[1].
	  
	  Thanks to Russ Allbery for the patch.
	  
	  These are all problems with assigning the mmap'd address to a
	  variable that points to the first element of the structure. A
	  better way of representing this in C would have been to have a
	  pointer to GROUPENTRY be the last element of GROUPHEADER,
	  although I'm not sure what other assumptions that would break,
	  somewhere else.
	  
	  These alignment cast warnings are mostly because the way that
	  mmap'd data structures are handled are probably correct in terms
	  of code generation but aren't represented very well for the C
	  type checker.

	* doc/FAQ: reflect the release of INN 2.5.5

	* Use a preprocessor symbol to make the initialization of ARTHANDLE
	  structs easier

2015-05-23  iulius

	* innxmit: tidy up GetMessageID buffer handling
	  
	  In theory, if you could get a message with an empty message-id
	  header through before anything else, it would call memcpy(NULL,
	  p, 0) which (surprisingly) has undefined behavior. This doesn't
	  seem a very likely contingency but I tidied up the code to avoid
	  it and (hopefully) be clearer anyway.
	  
	  Thanks to Richard Kettlewell for the patch.

	* storage/cnfs/cnfs.c: don't read uninitialised cycbuffname
	  
	  Thanks to Richard Kettlewell for the patch.

	* backends/actsync.c: host argument to get_active can no longer be
	  NULL
	  
	  process_args() will call die() rather than let this happen. This
	  change cleans up the code to no longer assume that a null pointer
	  is a possibility.
	  
	  Thanks to Richard Kettlewell for the patch.

2015-05-17  iulius

	* Fixed alignment issues when storing values

2015-05-14  iulius

	* Add Richard Kettlewell as a contributor, and update NEWS

	* Correct remap check in tradindexed lookup
	  
	  The check was off by one; and when it happened, it invalidated
	  the 'parent' pointer, causing a use-after-munmap (or
	  use-after-free) condition.
	  
	  Thanks to Richard Kettlewell for the bug report.

	* Fixed Clang warning for an unused variable

	* Document the meaning of TDX_MAGIC (~(0xf1f0f33d)): "fifo feed".

	* Fixed gcc warnings for missing field 'data' initializer
	  
	  gcc warns about the new initialization { 0 }
	  (-Wmissing-field-initializers).
	  
	  Following commit [9851].

	* Verify that setuid() and setgid() actually succeed See:
	  https://lwn.net/Articles/451985/ for a discussion of the issues
	  in this area. The checks in newuser.c are probably unnecessary
	  due to the subsequent tests. rnews.c is straight-up broken
	  though.
	  
	  Thanks to Richard Kettlewell for the patch.

2015-05-08  iulius

	* Correctly flush CNFS buffers when nfswriter is true in inn.conf

2015-05-05  iulius

	* Correct remap check in tradindexed group lookup
	  
	  Previously the remap check had an off-by-one bug and moreover
	  would never be done due to the loop condition (making the
	  off-by-one bug moot).
	  
	  This one could be a problem in real life; if creating a group
	  causes innd to expand the index then an already-running nnrpd
	  will not automatically notice, and so won't be able to find the
	  group.
	  
	  Thanks to Richard Kettlewell for the patch.

	* Initialize ARTHANDLE objects before passing by value
	  
	  Uninitialised fields have indeterminate values (6.2.4#5); this
	  includes trap representations (3.17.2). The access to such fields
	  in the subsequent function calls that pass the ARTHANDLE has
	  undefined behaviour (s6.2.6.1).
	  
	  The fix relies on 6.7.8#21.
	  
	  All references to C99.
	  
	  Thanks to Richard Kettlewell for the patch.

2015-05-03  iulius

	* nnrpd/commands.c: paranoid checking of AUTHINFO GENERIC reply
	  
	  Check the number of arguments returned by AUTHINFO GENERIC.
	  
	  Thanks to Richard Kettlewell for the patch.

	* innfeed/connection.c: avoid violating C aliasing rules
	  
	  The object was written as a 'struct sockaddr' but then read as a
	  'struct sockaddr_storage', which violates C99 s6.5#7. The fix is
	  to always access it as a 'struct sockaddr' and use a union to
	  ensure enough space for any possible address type.
	  
	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/commands.c: correct sense of PERMgeneric reply
	  
	  The comment has always been wrong, as well as the return value
	  for ~15 years...
	  
	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/perm.c: don't dereference a null pointer if there are no
	  access groups
	  
	  Thanks to Richard Kettlewell for the patch.

	* nnrpd/article.c: A wrong variable was used for vhost feature.
	  
	  Since these are created by the local innd, the error should not
	  normally occur.
	  
	  Thanks to Richard Kettlewell for the patch.

2015-05-02  iulius

	* expire/fastrm.c: Fix a dereferencing issue

	* tests/lib/tst-t.c: Fix encoding (a non-ASCII char was used)

	* tests/util/inndf.t: Add support for Mac OS X

	* Fix a few Clang warnings for unused variables and style
	  improvement

	* configure.ac: Build fix for current Mac OS X versions
	  
	  The build was failing with recent versions of Mac OS X:
	  
	  clang: error: no such file or directory:
	  '/usr/local/news/lib/libinn.3.dylib' make[1]: *** [libinn.la]
	  Error 1 make: *** [all-lib] Error 2
	  
	  The reason is the '-multiply_defined'-part of the command line.
	  This switch is marked as obsolete in ld(1):
	  
	  -multiply_defined treatment Previously provided a way to warn or
	  error if any of the sym- bols used from a dynamic library were
	  also available in another linked dynamic library. This option is
	  obsolete.
	  
	  Thanks to Dennis Preiser for the report.

	* innfeed/imap_connection.c: fix support of Cyrus SASL 2.1.25 and
	  later
	  
	  Fix how sasl_callback_ft, added with Cyrus SASL 2.1.25, was
	  handled by innfeed. See revision [9381] for more information.
	  
	  Thanks to Dennis Preiser for the report.

	* innd/art.c: Fix a dereferencing issue when parsing
	  Injection-Info: header field
	  
	  Thanks to David Binderman for the patch.

2015-05-01  iulius

	* Document a few more steps to do when making a release (especially
	  a major one)

	* Improve DESTDIR support and non-root installs
	  
	  DESTDIR and non-root installs are now properly supported and
	  documented in INSTALL. The "make install", "make update" and
	  "make cert" steps properly obey DESTDIR. Besides, it is no longer
	  a requirement that the installation step be done by the
	  superuser, as long as the user executing the install has supplied
	  a DESTDIR value that points to a writable directory, *and* the
	  person or process performing the install corrects the file
	  ownerships when INN is installed on the system on which it's
	  going to run.
	  
	  chown and chgrp commands are now executed during install only if
	  the current user is root. INSTALL also documents how to disable
	  them, if needed, with the CHOWNPROG and CHGRPPROG environment
	  variables.
	  
	  makedbz is executed only if the current user is root or the news
	  user.
	  
	  innupgrade is now executed also when DESTDIR is in use.
	  
	  Thanks to James Ralston for most of the patch.
	  
	  see #29

2015-04-23  iulius

	* mailpost: change the default location of the database and the
	  temporary files
	  
	  Add new -t flag to specify the default directory to use for
	  temporary files.
	  
	  Also change the default location of the persistent database from
	  pathtmp to patdb. As a matter of fact, mailpost tries to store
	  its Message-ID database in INN's pathtmp, but since it's usually
	  running as the mail system (often daemon) rather than as news,
	  this fails.
	  
	  Check that the directories are writable when mailpost is run, and
	  otherwise die with an error.
	  
	  close #81

	* Remove unused code (the MOST variable is no longer set)
	  
	  Also add quotes around echo'ed text (otherwise, two consecutives
	  spaces are not displayed).
	  
	  Change how the test for the emptiness of the variable $D is done;
	  make was exiting if the variable is set.

	* Fix GCC 5.1.0 warning for incompatible pointer type
	  
	  Rename the "U" macro used by two tests to "SUC" (casting to
	  String of Unsigned Chars) because it otherwise conflicts with how
	  Unicode strings are declared in ISO C11, the new default mode for
	  the GCC 5 series.

2015-04-20  iulius

	* Update TODO with references to existing patches

2015-04-16  iulius

	* Update to latest c-tap-harness from upstream
	  
	  Major changes are: * Local changes for INN's docs/pod.t test are
	  now merged into upstream.
	  
	  * Add a -v command-line option that enables verbose support, and
	  rename the environment variable to C_TAP_VERBOSE.
	  
	  * C TAP Harness now compiles cleanly with Clang with -Weverything
	  -Wno-padded -pedantic-errors.

2015-04-05  iulius

	* Mention required TLS ciphers for interoperability

	* Update TODO with current state of INN 2.6.0

2015-04-02  iulius

	* Update changelog to mention other changes for INN 2.5.5

	* Use Sys::Hostname Perl core module instead of calling
	  /bin/hostname

2015-03-25  iulius

	* Re-order libinnhist and libstorage on the command line used when
	  linking
	  
	  Building fastrm was failing on Ubuntu 12.04.1 LTS with the
	  following error: libstorage.so: undefined reference to
	  `HISlookup'

2015-03-24  iulius

	* Mention getrra-c-util and documentation improvements in changelog
	  for INN 2.6.0

	* Update copyright years (add 2015)

	* Update config.guess and config.sub to upstream versions from
	  2015-03-08

	* Update control.ctl to upstream version from 2014-06-17

2015-03-21  iulius

	* scanlogs: Limit the number of lines to show from error log files
	  
	  When lots of lines are present in error log files, they appear in
	  the news.daily verbatim, and the resulting email is so large it
	  is bouncing.
	  
	  Restrict the number of lines to 50 (the default value for unknown
	  lines from news.notice).
	  
	  Thanks to Jeffrey M. Vinocur for the bug report.

	* nnrpd: Count write time stats when using SASL

	* Improve the count of sleeping channels
	  
	  The highest file descriptor of sleeping channels was not always
	  properly updated. A new CHANresetlastsleeping() function now does
	  the job when called.
	  
	  Also prevent innd from crashing if a channel is supposed to sleep
	  but does not have a Waker set.
	  
	  Thanks to Petr Novopashenniy for the bug report.

	* readers.conf: improve the first example to disambiguate its
	  effect against local connections

2015-03-18  iulius

	* pullnews: when giving a port along with a server name, check
	  there is only one ":"
	  
	  Otherwise, it is very likely that the given server name is an
	  IPv6 address, and therefore its end should not be interpreted as
	  a port.

	* Do not build with SASL, OpenSSL or zlib support if the related
	  headers are not found
	  
	  Also check for kerberosv5/com_err.h as an alternative for
	  com_err.h.

2015-03-17  iulius

	* Include inn/defines.h instead of config.h in include/inn header
	  files
	  
	  config.h should not be an installed header file.

	* Add "INN_" prefix in include/inn header files when needed

	* Update to latest rra-c-util
	  
	  Amongst the changes, the one used by INN is: - Port the Kerberos
	  Autoconf macros and portability framework to the included
	  Kerberos in Solaris 10 by adding some more entries to the header
	  search paths.

2015-01-25  iulius

	* innreport: add a new recognized entry
	  
	  When using the reject_with: keyword in an access block of
	  readers.conf, a log is generated in news.notice for readers
	  matching the corresponding access block.
	  
	  This log was reported as an unknown line in daily Usenet reports.
	  It is now filtered, and also considered as a notice level instead
	  of an error.

2015-01-21  iulius

	* Fix the unsignedness of TMRgettime when printed

2015-01-10  eagle

	* http://www.imc.org/ietf-usefor/ appears to be gone
	  
	  Replace this link in HACKING with a link to the usefor mailing
	  list archives and to my Usenet article format pages.

2015-01-10  iulius

	* Enable TLS compression by default
	  
	  As the CRIME attack is not exploitable in NNTP, do not disable
	  TLS compression by default. No vulnerability in TLS compression
	  is currently known as far as NNTP is concerned.

	* Add a cast to fix a gcc warning

2015-01-07  iulius

	* Cleanup in include stuff
	  
	  - Add missing BEGIN_DECLS/END_DECLS, and also use them instead of
	  their expansion.
	  
	  - Add missing inclusion of "inn/portable-macros.h" and
	  "inn/portable-stdbool.h".

	* Update dependencies

	* No longer include portability headers in include/inn headers
	  
	  Headers in include/inn can be used by other programs, and
	  therefore should not call headers in include/portable.
	  
	  When building INN, copy portability headers into include/inn so
	  that they can be included.

2015-01-06  iulius

	* Update to latest version of C TAP Harness
	  
	  The runtests harness now supports ignoring comments and blank
	  lines in the test list specified with -l. Leading whitespace
	  before the test name is also ignored.
	  
	  Also use the latest version of tests/docs/pod.t (no functional
	  change).

2015-01-04  eagle

	* Remove dead link to nnrpkrb5auth

2014-12-16  iulius

	* nnrp.access2readers.conf: add default username when none is
	  specified

2014-12-14  iulius

	* Add new contrib/nnrp.access2readers.conf.in script
	  
	  This script converts old-style nnrp.access to readers.conf.
	  
	  Thanks to Jeffrey M. Vinocur for his contribution.

	* Improve the sample init script for systemd

2014-12-07  iulius

	* Update Russ's mail address

	* Fix typos

	* Mark two tests for removal when switching confparse-t.c to new C
	  TAP Harness syntax
	  
	  These tests depend on the internal implementation of the vector
	  library. The functionality is already tested by the vector test
	  suite.

	* Use system.h from rra-c-util for include/clibrary.h
	  
	  Keep INN-specific stuff during the synchronization from upstream.

	* Remove super-ancient definitions of ptrdiff_t, atexit and strtoul
	  
	  These functions were missing on some pre-C89 systems like SunOS.
	  (The on_exit stuff may be for ULTRIX.) They're present on all
	  modern systems and can just be used unconditionally.
	  
	  Also, string.h is now universal. One has to go back to SunOS to
	  find a version of UNIX that doesn't have it, and it's
	  standardized by ISO C. It can be included unconditionally.
	  
	  Remove checking for stddef.h, not used in the code.

2014-12-04  iulius

	* Include portable/socket-unix.h only when HAVE_UNIX_DOMAIN_SOCKETS
	  is set

	* Rationalize the portability layer for SUN_LEN
	  
	  Add new portable/socket-unix.h portability layer that includes
	  sys/un.h and defines SUN_LEN if the implementation does not do
	  so. Remove the corresponding piece of code from clibrary.h.

	* Sync with latest upstream version of rra-c-util

2014-12-01  iulius

	* Fix a missing svn property

	* Move PIPE_READ and PIPE_WRITE from clibrary.h to inn/macros.h

	* When testing portability functions, we redefine the function to a
	  different name to not conflict with system headers. If the
	  function is implemented by the system as a macro, we have to
	  undefine it first. This was being done in some places but not in
	  others, causing compliation problems with inet_aton on FreeBSD.
	  Do this consistently everywhere.

	* BSD/OS reportedly has implementations of both but doesn't
	  prototype them in system headers, so switch the prototyping to be
	  conditional on whether they're declared rather than whether
	  they're available.

	* Windows doesn't have sys/time.h and defines struct timeval in
	  time.h. Conditionalize the inclusion of sys/time.h for Windows
	  and add an include of time.h where it was missing.

	* Add support for choosing the elliptic curve to use with TLS
	  support
	  
	  The new tlseccurve parameter in inn.conf takes the name of a
	  curve OpenSSL knows about, to use for ephemeral key exchanges.
	  
	  Thanks to Christian Mock for the patch.

2014-11-23  iulius

	* Add a missing dependency in Makefile.

	* m4/sendmail.m4: add missing brackets
	  
	  The configure script was failing when running that part of code.

	* Fix gcc warning on FreeBSD
	  
	  Casts to time_t * were causing "dereferencing type-punned pointer
	  will break strict-aliasing rules" warnings on FreeBSD.

2014-11-12  iulius

	* inn.conf: Improve documentation about tlsprotocols and
	  tlscompression

2014-11-11  iulius

	* Improve tuning of the SSL/TLS configuration
	  
	  nnrpd's TLS support is basically using OpenSSL's defaults WRT
	  issues such as protocol support and cipher suites. In these days
	  of POODLEs and other vulnerabilities, it should be useful to be
	  able to have better control over what's offered. So this patch
	  adds a few options to inn.conf:
	  
	  - tlsprotocols: allows to select the SSL/TLS versions that are
	  supported
	  
	  - tlsciphers: allows to give an OpenSSL cipher string to tailor
	  the cipher suites that are offered to clients
	  
	  - tlspreferserverciphers: switches on the server-side selection
	  of the cipher suite (TLS default is "client chooses")
	  
	  - tlscompression: allows to turn off TLS compression (because of
	  the CRIME attack) if the OpenSSL version supports this.
	  
	  Many thanks to Christian Mock for his patch.

	* Update the inn.conf sample with the new
	  addinjectionpostingaccount parameter
	  
	  Following commit [9740].

2014-11-09  iulius

	* Mention PyClean as a Python-based variant of Cleanfeed.

	* Add support for the posting-account attribute in Injection-Info:
	  header fields
	  
	  Add new addinjectionpostingaccount parameter to inn.conf. When
	  set to true, the Injection-Info: header field contains an
	  additional posting-account attribute that mentions the username
	  assigned to the user at connection time or after authentication.
	  The default value for this parameter is false.
	  
	  closes #51

2014-11-01  iulius

	* current version of the script used to keep INN in sync with
	  rra-c-util

2014-10-28  iulius

	* Update default paths for Debian and Fedora

	* Fix a dependency in a build rule

	* Fix incorrect sentence about the use of trailing slash for
	  DESTDIR

	* Build the debugging version of buffindexed and tradindexed so
	  that it can be included in a shared library if desired

2014-10-27  iulius

	* Fixed a format-nonliteral warning

	* Update to latest C TAP Harness upstream version
	  
	  Also add a missing last NULL argument to new_skip() and
	  new_skip_block() functions, kept for compatibility with tests
	  using the old syntax of C TAP Harness.

2014-10-03  iulius

	* innwatch: report an error when the control file is missing

2014-09-24  iulius

	* Update changelog to mention previous commit [9722]

	* Add two missing contrib programs in the exceptions of mkmanifest

	* rc.news: no longer explicitly sleep before starting innwatch and
	  cnfsstat
	  
	  Instead, make these two scripts sleep by themselves.
	  
	  Also update documentation: improve the list of actions done by
	  rc.news, and no longer mentions that innd should be throttled
	  before being stopped (this is not true - the shutdown process
	  already does the actions throttling does).

	* innwatch: add -i flag to specify how many seconds to sleep at
	  startup
	  
	  - Also fix previous commit [9650] that did not totally fix the
	  issue it was supposed to fix.
	  
	  - Fix the behaviour of the -f flag (it wasn't doing anything).
	  
	  - Fix how the -l flag was parsed (a space was required between -l
	  and its argument, whils it should not have been required).
	  
	  - Add new POD documentation for innwatch, and update it at the
	  same time: document new -i flag, and document already existing -f
	  flag.

	* cnfsstat: add -i flag to specify how many seconds to sleep at
	  startup
	  
	  Update documentation, and homogenize POD syntax at the same time.

2014-09-22  iulius

	* Fix build issues on AIX 7.1
	  
	  mmap is redefined to mmap64 when large file support is enabled.

2014-09-21  iulius

	* Fixed a warning and an unnecessary sys/stropts.h header

	* Do not build with Berkeley DB support if db.h is not found

	* Typos

	* Clean the contrib directory along with the other directories

	* Fix a few warnings, and update svn:ignore for contrib

	* Fix build of contrib/respool.c
	  
	  Remove an unused variable.
	  
	  Add a link to libhistory.

	* Fix build of contrib/expirectl.c
	  
	  Add correct include header files, and fix a few warnings in
	  printf() calls.
	  
	  Add portability code for statfs/statvfs support.

	* Fix build of contrib/reset-cnfs.c
	  
	  Add correct include header files.
	  
	  Use the right DO_LARGEFILES variable instead of LARGE_FILES.
	  
	  Reformat the code (remove tabulations).
	  
	  Properly exit with the right status code.

	* Fix build of contrib/newsresp.c
	  
	  Add correct include header files and prototypes.
	  
	  Remove useless variables.
	  
	  punt() now returns a bool instead of an int.
	  
	  ierror() now prints its second argument to stdout.

	* Add compilation rules for contrib/auth_pass.c
	  
	  Use the right socklen_t type, and add crypt.h header if
	  available.

	* Improve the use of the __attribute__ GCC keyword
	  
	  When __attribute__ is used, be sure to include portable/macros.h
	  so that this GCC keyword is hidden to compilers that do not
	  recognize it.
	  
	  Also use double underscores around "noreturn" and "packed".

	* FAQ: add how to feed articles arrived between two dates to
	  another server

2014-09-20  iulius

	* Fix header inclusions to match the ones from rra-c-util

	* Remove obsolescent AC_HEADER_SYS_WAIT macro, that defined
	  HAVE_SYS_WAIT_H
	  
	  According to the Autoconf manual, this macro is obsolescent.

	* Remove obsolescent AC_HEADER_TIME macro, that defined
	  TIME_WITH_SYS_TIME
	  
	  According to the Autoconf manual:
	  
	  "If a program may include both time.h and sys/time.h, define
	  TIME_WITH_SYS_TIME. On some ancient systems, sys/time.h included
	  time.h, but time.h was not protected against multiple inclusion,
	  so programs could not explicitly include both files.
	  
	  Current systems can include both sys/time.h and time.h header
	  files when they exist."

2014-09-17  iulius

	* Enable IPv6 unconditionally, if available

	* Add a new test for POD formatting

	* Add reallocarray in Makefile

	* update network functions to their latest upstream version
	  
	  Use DEFAULT_TIMEOUT (300 seconds) for getlist and ident.
	  
	  Entirely remove IP_OPTIONS and network_kill_options(), no longer
	  necessary nowadays.
	  
	  Also remove a few parts of code related to IPV6_V6ONLY, that
	  should no longer be a problem (AF_UNSPEC can be used instead of
	  specifically AF_INET when IPv6 is not available). CURRENT will
	  enable IPv6 unconditionally.
	  
	  Add a new network-innbind.c file, along with its headers, to deal
	  with network connections using innbind. These functions are
	  called by INN; in case innbind is not necessary (port >= 1024 or
	  we are root), handle the connection to the generic functions
	  provided by network.c (from rra-c-util).
	  
	  Split the network test suite into 4 specific tests (IPv4, IPv6,
	  client and server).
	  
	  Changes mentioned in rra-c-util changelogs are:
	  
	  - When binding IPv6 sockets, restrict them to only IPv6
	  connections rather than also allowing IPv4 connections where
	  possible. The default behavior, for maximum backward
	  compatibility, is for IPv6-bound sockets to accept IPv4
	  connections and expose those connections as IPv4 mapped
	  addresses. This causes various problems, however, such as with
	  reuse of bound ports (which was causing test suite failures) and
	  requirements to handle IPv4 mapped addresses. The network model
	  (also used by BSD systems) where IPv6 sockets only accept IPv6
	  connections is cleaner, even if it requires juggling multiple
	  sockets in some situations.
	  
	  - network_addr_match now always fails (returns false) if either
	  of the strings are the empty string. AIX 7.1's inet_aton treats
	  the empty string as equivalent to 0.0.0.0, but we want to treat
	  it as a syntax error since it's too easy to get an empty string
	  by accident.
	  
	  - The network_connect utility functions now take an optional
	  timeout. If non-zero, a non-blocking connect is done with that
	  timeout, rather than blocking on connect until the TCP stack
	  gives up. The network utility code now depends on the fdflag
	  code.
	  
	  - network_connect, when given a timeout, now resumes waiting for
	  the nonblocking connect after being interrupted by a signal. This
	  can mean that a connect can take longer than the timeout if
	  interrupted; hopefully both timeouts and catching signals are
	  rare enough that this won't pose a serious issue.
	  
	  - In network_read and network_write with a timeout, restart the
	  I/O attempt if a system call failed with EINTR instead of
	  aborting the operation.
	  
	  - When binding an IPv6-only socket with network_bind_ipv6 and not
	  binding to all local addresses, use IP_FREEBIND if it's
	  available. This allows binding to addresses that are not yet
	  configured, which is much more common with IPv6 given IPv6
	  autoconfiguration.
	  
	  - Add new network_accept_any() function, which takes an array of
	  file descriptors (similar to what's returned by network_bind_all)
	  and blocks accepting incoming connections on any of those file
	  descriptors.
	  
	  - Prefer reallocarray to realloc for multiplied sizes.
	  
	  - The network_bind_* functions now more reliably set the socket
	  errno on failure and log somewhat more informative error messages
	  with warn.
	  
	  - Also improve the error handling and reporting from some of the
	  other network functions, and refactor the code to avoid more
	  #ifdefs embedded in the middle of other code.
	  
	  - The network_bind_* functions now take a socket type as an
	  additional argument so that they can be used with UDP-based
	  services.
	  
	  - network_bind_all now returns a boolean, which will be false if
	  no sockets could be bound due to some error. Callers may check
	  this instead of checking if the socket count is zero.
	  
	  - Check the return status of snprintf when converting port
	  numbers to strings in network_bind_all and network_connect_host,
	  and use the correct format for the port number for the latter.

2014-09-15  iulius

	* Fix typo in INN_HAVE_SYS_BITYPES_H

2014-09-11  iulius

	* innupgrade: fix its execution
	  
	  On a few systems like AIX, innupgrade failed to run during an
	  upgrade because "perl -T" was not explicitly called. Failure was:
	  "-T" is on the #! line, it must also be used on the command line
	  
	  Thanks to The Doctor for its bug report.

2014-09-07  iulius

	* Sync message handling utilities for the TAP protocol with
	  upstream version
	  
	  Add tap/messages.c and tap/messages.h to test message handling.
	  Update our test suite to use these files instead of the hack done
	  during the synchronization of C TAP Harness (with
	  support/getc-tap-harness).
	  
	  Also fix a typo in MANIFEST (fdflag-t.c was mispelled) and a
	  missing dependency in tests/Makefile for nnrpd/auth-ext.t.

	* No longer build a special messages library for the test suite
	  
	  Further to the use of the new messages test library that no
	  longer has DEBUG parts, no longer build a special messages.o for
	  our test suite.
	  
	  Besides, fix the build line for the fdflag test suite.

	* Add a fdflag test suite
	  
	  Fetched from upstream rra-c-util.

	* Sync the messages test suite with upstream rra-c-util
	  
	  - Use calloc in preference to calculating a malloc size with
	  multiplication everywhere. In most places this caution was
	  probably not necessary, but uniformity is easier to audit and no
	  one will ever notice the speed difference between malloc and
	  calloc.
	  
	  - Add new message_handlers_reset function to the messages utility
	  API. This function resets all handlers to their defaults and
	  frees any memory allocated by the message_handlers functions.
	  This is primarily useful to allow freeing all memory when doing
	  exhaustive memory allocation testing.
	  
	  - Check the return status of vsnprintf in the syslog message
	  handlers for die, warn, and friends, and report an error with
	  warn if vsnprintf fails.
	  
	  - Drop concat from the messages library. asprintf or xasprintf,
	  provided by the portability and util libraries respectively, are
	  entirely superior alternatives to concat.
	  
	  - Improve the is_function_output TAP add-on interface to take an
	  opaque data pointer and pass it into the called function.
	  
	  - Add a new run_setup TAP add-on function that runs a given
	  command and calls bail if it fails, used for doing test setup in
	  an external command. (Some things are easier to do in shell than
	  in C.)

	* Add new portable/stdbool.h header (extracted from inn/defines.h)

2014-09-06  eagle

	* Fix reallocarray test suite to not assume errno is preserved
	  
	  errno will not be preserved across calls to ok, since it uses
	  stdio. Save errno and check the saved value instead.

2014-09-06  iulius

	* Sync the xwrite library with upstream rra-c-util
	  
	  - New inn/macros.h, inn/xwrite.h and portable/macros.h headers
	  (extracted from inn/defines.h and inn/libinn.h).
	  
	  - New portable/uio.h header.
	  
	  - Update include headers in several files to reflect these
	  changes.
	  
	  - clibrary.h now guarantees the inclusion of limits.h (to ensure
	  the availability of SIZE_TYPE on older systems).
	  
	  - Switch to bmalloc where the other xmalloc infrastructure is not
	  required. Don't bother converting tests that use xasprintf or
	  concat for the time being.
	  
	  - Use calloc in preference to calculating a malloc size with
	  multiplication everywhere. In most places this caution was
	  probably not necessary, but uniformity is easier to audit and no
	  one will ever notice the speed difference between malloc and
	  calloc.
	  
	  - Add bail or conditionals so that clang --analyze isn't worried
	  about NULL pointer dereferences in our tests.
	  
	  - Also make xwritev more robust by doing range checking on iovcnt
	  early. It's unlikely this would have caused a real problem
	  anywhere, but this is more obviously correct.
	  
	  - The number of iovs remaining can't actually be zero unless the
	  system writev call is buggy, but the math is complex enough that
	  clang --analyze can't figure that out. Add an assert to make the
	  assumption explicit.

	* Fix the generation of MANIFEST further to the addition of the
	  reallocarray test

	* Sync the vector library with latest upstream rra-c-util
	  
	  Use xreallocarray instead of xrealloc in the vector library.

2014-09-05  iulius

	* sync the xmalloc library with its latest upstream version
	  
	  Changes are: - Add xreallocarray to the xmalloc library, which is
	  a checked version of reallocarray similar to what xrealloc is for
	  realloc.
	  
	  - Prefer reallocarray to realloc for multiplied sizes in vector
	  manipulations.
	  
	  - Also change the memory thresholds so that the xmalloc test
	  works on amd64 Debian Linux again.
	  
	  - xasprintf and xvasprintf are now void functions and always call
	  the xmalloc failure handler on any error, not just on ENOMEM
	  errors. The faint chance that the underlying asprintf function
	  could return some other error isn't worth the additional code
	  complexity of still having to check the return status and then
	  probably abort anyway.
	  
	  - In xasprintf and xvasprintf, distinguish between failure to
	  allocate memory and failure to format the output. Report the
	  latter by passing 0 to the failure handler, and special-case that
	  in the default failure handler to report a different error
	  message.
	  
	  - Avoid excessive memory allocation when duplicating short
	  nul-terminated strings in xstrndup.

2014-09-04  iulius

	* sync a few tests and headers with upstream
	  
	  Better header inclusions, especially portable/socket.h instead of
	  standard netinet/in.h for inet_aton and inet_ntoa tests. Also
	  deactivate the Wformat-nonliteral warning for the snprintf test
	  suite.

	* sync the getaddrinfo test suite with upstream version
	  
	  Changes are: - Close memory and file descriptor leaks in the test
	  suite.
	  
	  - In some situations, DNS may just not work, in which case we may
	  get different error messages than host not found when looking up
	  invalid hosts. Allow for that and skip the test in those
	  situations.
	  
	  - Also change a few network tests to use is_int for comparing
	  IPv4 addresses rather than ok with equality.

	* sync the vector test suite with upstream version
	  
	  Add new string utilities for the TAP protocol. Update the vector
	  test suite with latest rra-c-util version.

2014-09-03  iulius

	* sync the vector library with its latest rra-c-util version
	  
	  Changes are:
	  
	  - Always allocate room for at least one string to be stored in
	  the vector. It simplifies some of the internal logic and, more to
	  the point, unconfuses clang, which otherwise produces tons of
	  warnings about possibly dereferencing NULL pointers since it
	  can't follow the logic.
	  
	  - Update the confparse test to expect another value for the
	  allocated size of a vector, further to the previous change.
	  
	  - Add __warn_unused_result__ to some vector functions that return
	  newly-allocated memory.
	  
	  - Add asserts to the vector library to catch incoming NULL
	  vectors. These will probably be optimized away by gcc, but they
	  also help unconfuse clang.
	  
	  - Allow NULL to be passed to (c)vector_free. It's much more
	  convenient for freeing data structures to be able to call free
	  routines unconditionally without first testing for NULL. Support
	  this in the vector interface.
	  
	  - Define *_split_space in terms of *_split_multi to save some
	  code.
	  
	  - Check for integer overflow when determining the size of the
	  results of vector_join and vector_cjoin.
	  
	  - Handle empty vectors in vector_join and cvector_join.
	  
	  - Don't check whether a pointer is NULL before passing it into
	  free and instead assume free can handle NULL pointers properly.
	  This has been true for many years.
	  
	  - Fix vector_free to support taking NULL pointers and doing
	  nothing with them.
	  
	  - Allocate memory with calloc and assume this sets pointers to
	  NULL instead of explicitly initializing them. We already had to
	  assume this in various places, and architectures where the
	  all-zero bit pattern is not the NULL pointer are exceedingly
	  rare.

	* sync with latest rra-c-util
	  
	  Add GCC attributes to util/buffer.h functions, mostly nonnull.
	  Clarify the documentation of some of the functions, particularly
	  around error reporting.
	  
	  Fix visibility for util/buffer.c functions and for inet_aton and
	  inet_ntoa replacements to match the default hidden visiblity of
	  other portability and util functions.

	* add getc-tap-harness support script to keep INN in sync with C
	  TAP Harness

	* sync the test suite driver with latest C TAP Harness 3.1
	  
	  The latest version of the C TAP Harness package is now integrated
	  into INN. The README file shipped with the test suite driver is
	  included in the tests directory. Also keep the same name as
	  upstream for file names in the news tests/tap directory. Update
	  paths to header files, and keep the INN specificities for legacy
	  tests (not yet updated to the new syntax).
	  
	  The math library is now linked only with the test that needs it.

2014-08-30  iulius

	* Sync with latest rra-c-util version
	  
	  Essentially wording improvement.

	* Do not hide functions from libinn
	  
	  Random internal utility functions are supposed to be exposed. Fix
	  getrra-c-util to remove the visibility stuff when synchronizing
	  from upstream.

	* Sync lib/fdflag.c and include/inn/fdflag.h with latest rra-c-util
	  version
	  
	  Changes are:
	  
	  - Rename lib/fdflags.c to lib/fdflag.c.
	  
	  - Add a new header file: include/inn/fdflag.h.
	  
	  - Rename the close_on_exec and nonblocking functions to
	  respectively fdflag_close_exec and fdflag_nonblocking. These
	  functions now return a boolean; fdflag_nonblocking is now
	  prototyped to take a socket_type instead of an int, but on UNIX
	  this should not make a difference.
	  
	  - Add an implementation of fdflag_nonblocking for Windows and
	  allow fdflag.c to be built on Windows.
	  
	  - Update the libinn documentation to mention these new functions
	  (old CloseOnExec and SetNonBlocking functions were still
	  documented).

2014-08-28  iulius

	* Sync lib/buffer.c and include/inn/buffer.h with latest rra-c-util
	  version
	  
	  Changes are:
	  
	  - Remove the bool arguments to buffer_sprintf and buffer_vsprintf
	  and instead introduce new buffer_append_sprintf and _vsprintf
	  functions to append to the buffer, which is what the functions
	  did with a true argument. This avoids having a bool argument to
	  functions, the meaning of which is often obscure in the calling
	  code.
	  
	  - Fix buffer_free to support taking NULL pointers and doing
	  nothing with them. Don't check whether a pointer is NULL before
	  passing it into free and instead assume free can handle NULL
	  pointers properly. This has been true for many years.
	  
	  - Allocate memory with calloc and assume this sets pointers to
	  NULL instead of explicitly initializing them. We already had to
	  assume this in various places, and architectures where the
	  all-zero bit pattern is not the NULL pointer are exceedingly
	  rare.

2014-08-25  iulius

	* pullnews: new -a flag (hashfeed ability)
	  
	  Add a new feature to pullnews: hashfeed to split feeds. It uses
	  MD5 and is Diablo-compatible.
	  
	  Thanks to Geraint Edwards for the patch.

2014-08-24  iulius

	* pullnews: new -B flag (header-only feeding)
	  
	  Add a new feature to pullnews: header-only feeding.
	  
	  If the article does not already have a Bytes: header field, one
	  is added. Bodies are kept only for control articles.
	  
	  Thanks to Geraint Edwards for the patch.

2014-08-23  iulius

	* sync with latest rra-c-util
	  
	  Avoid strlcpy in the getnameinfo replacement (use memcpy instead)
	  and the setenv replacement (use asprintf instead).

	* pullnews: bug fix to rnews when -O; improved rnews reporting
	  
	  Thanks to Geraint Edwards for the patch.

2014-08-22  iulius

	* pullnews: improve wording
	  
	  * When pullnews runs for the first time against a newsgroup, say
	  "never" instead of January, 1st 1970 as the last run date. *
	  Improve spaces, uppercase characters and singular forms when 1
	  article is retrieved. * Update the config file even when the
	  group is empty.

	* pullnews: remove headers matching (or not) a given regexp
	  
	  Enable the -m flag to remove headers matching (or not) a given
	  regexp.
	  
	  Thanks to Geraint Edwards for the patch.

2014-08-09  iulius

	* innwatch: no longer creates a child process for sleeping
	  
	  innwatch creates a child process only for sleeping and then waits
	  on that process. The forked-off process is not killed by 'rc.news
	  stop' (only its parent is), and will only die after it's done
	  sleeping. If running under SMF on illumos/Solaris, this causes
	  the service to likely drop into maintenance state (since not all
	  processes die within timeout).
	  
	  Thanks to Lauri Tirkkonen for the patch.

2014-07-05  iulius

	* Sync with latest rra-c-util 5.5
	  
	  KRB5_CPPFLAGS_GCC Makefile variable can now be used, if needed,
	  in combination with gcc warnings (such as the make warnings
	  target) to suppress warnings from Kerberos headers in non-system
	  paths.

2014-05-17  iulius

	* Typos.

	* Bump version number in FAQ for new INN 2.5.4 release

	* Mention the expected rights for ncmring.gpg in perl-nocem man
	  page

	* Update config.guess and config.sub to upstream versions from
	  2014-05-17

2014-05-14  iulius

	* Fix a few nits

	* Typo and useless new line logged in innfeed.debug

	* Document already existing res blocks functionality in
	  readers.conf
	  
	  * Document res blocks, their log: and program: keywords, and the
	  include directive in readers.conf man page.
	  
	  * Recognize res blocks and their keywords in inncheck.
	  
	  * Do not consider as errors in daily reports the lines logged in
	  news.notice by the log: keyword in readers.conf.
	  
	  * Also teach other known lines to innreport (especially the use
	  of "ctlinnd xexec" and normal rejection of nnrpd connections
	  during news.daily operations).
	  
	  * Typo in readers.conf man page (access instead of auth).

	* Recognize the no-op XYZZY keyword
	  
	  Yep, nothing new happens with that patch.

	* Prevent innwatch from throttling innd when no overview directory
	  exists
	  
	  Thanks to John F. Morse for the report.

	* Mention in news.daily documentation that lowmark requires
	  expireover
	  
	  Thanks to John F. Morse for the report.

2014-04-13  iulius

	* Update control.ctl to upstream version from 2014-04-06

2014-03-16  iulius

	* Fix typo (two "d" in "address")
	  
	  Also remove the top1000.org domain that no longer exists.

2014-03-15  iulius

	* Fix clang warnings about unused variables

	* Handle several UIDs on PGP keys when verifying control messages
	  
	  Fixed a long-standing limitation on how controlchan and pgpverify
	  were checking the signer of control messages. They now properly
	  handle the case of several UIDs being defined on a single PGP
	  key, as well as the presence of spaces into UIDs. In previous
	  versions of INN, a few valid control messages got ignored because
	  of that limitation (fido.ger.* and grisbi.* were for instance
	  impacted).

2014-03-13  iulius

	* Mention that Libtool is updated from the Debian package
	  
	  Also remove the paragraph about INN that should not be built with
	  libtool by default. Starting from INN 2.6, INN is always build
	  with libtool.

	* Add new files to be synchronized from the upstream rra-c-util
	  package

	* Update copyright years

	* Update control.ctl to upstream version from 2014-03-13

	* Update install-sh to upstream version from 2014-03-13

	* Update libtool to Debian version 2.4.2-1.7

	* Update config.guess and config.sub to upstream versions from
	  2014-03-13

2014-02-17  iulius

	* improve documentation about using storeonxref with tradspool
	  
	  Mention in the inn.conf man page that storeonxref needs being set
	  to true in case the tradspool article storage method is used.
	  
	  Though a few parts of tradspool handle both values for
	  storeonxref, the implementation when storeonxref is false is not
	  complete. For instance, CrackXref() is still called on the
	  Newsgroups: header once, which obviously fails.

	* sync with latest rra-c-util
	  
	  Don't check whether a pointer is NULL before passing it into free
	  and instead assume free can handle NULL pointers properly. This
	  has been true for many years.

	* do not install motd files by default, but only samples
	  
	  On a fresh INN install, motd.innd and motd.nnrpd are no longer
	  installed by default. Instead, samples for these files are
	  provided in >pathetc>, named differently so that their default
	  contents are not displayed to news clients before they get
	  customised.

	* readers.conf: make mandatory the program: key in res blocks
	  
	  Fixed a segfault occurring in nnrpd when a res block was used in
	  readers.conf without the program: key.
	  
	  This key is now explicitly made mandatory.

	* nnrpd: fixed an overlapping copy
	  
	  Fixed an issue where users were denied posting because of an
	  overlapping buffer copy in a check nnrpd was doing.
	  
	  The error seen was "address not in Internet syntax" while using a
	  From: address of the form <a@test1.de>. Debugging revealed that
	  nnrpd copies a buffer into itself to look at the part behind the
	  "@", and for very specific inputs on an old version of nnrpd that
	  still uses strcpy, the result did not contain the dot separating
	  the top-level domain any more.
	  
	  Thanks to Florian Schlichting for the patch.

2014-02-08  iulius

	* add a valid shell when su'ing to the news user
	  
	  Pass "-s /bin/sh" to "su news" to cope with the change of the
	  news user's shell in base-passwd 3.5.30.
	  
	  Thanks to Colin Watson for the patch.

2013-12-27  iulius

	* Use $inn_use_KRB5 instead of $KRB5_LIBS.

	* Mention that --with-sasl requires Cyrus SASL (and not SASL).

	* update m4 files for Berkeley DB and zlib support
	  
	  bdb.m4 and zlib.m4 are now part of rra-c-util.
	  
	  The "--with-berkeleydb" configure flag used to add Berkeley DB
	  support is now "--with-bdb".
	  
	  When building INN with Berkeley DB or zlib support, no longer add
	  standard locations to compiler and linker include flags. Such
	  default paths are now added only if explicitly given to one or
	  more of the "--with-bdb", "--with-bdb-include", "--with-bdb-lib",
	  "--with-zlib", "--with-zlib-include", or "--with-zlib-lib"
	  configure flags. The flags ending with "-include" and "-lib" are
	  new.
	  
	  If the Berkeley DB library is found at configure time, INN will
	  now be built with support for it unless the B"--without-bdb" flag
	  is explicitly passed to configure. Note that it was already the
	  default behaviour for zlib support when Berkeley DB support was
	  also enabled.
	  
	  Use BDB_CPPFLAGS, BDB_LDFLAGS and BDB_LIBS instead of
	  DB_CPPFLAGS, DB_LDFLAGS and DB_LIBS. Also use HAVE_BDB instead of
	  USE_BERKELEY_DB.

2013-12-19  iulius

	* rewording so as to make the documentation of noresendid clearer

	* mention innduct as a possible replacement for innfeed, innxmit
	  and nntpsend

2013-12-14  iulius

	* ckpasswd: check for both gdbm/ndbm.h and gdbm-ndbm.h headers
	  
	  libgdbm-dev in Debian provides /usr/include/gdbm-ndbm.h whereas
	  gdbm-devel in Red Hat provides /usr/include/gdbm/ndbm.h; INN then
	  has to make sure to search for the right header file when DBM
	  support is found. Define HAVE_GDBM_SLASH_NDBM_H and
	  HAVE_GDBM_HYPHEN_NDBM_H instead of HAVE_GDBM_NDBM_H to properly
	  disambiguate the two headers that are mapped to the same
	  preprocessor name by Autoconf.
	  
	  Thanks to Jesse Rehmer for the bug report.

	* auth_krb5: do not try to build it when com_err header is not
	  found
	  
	  The new krb5.m4 used by INN does not guarantee that com_err.h
	  will exist because it's no longer part of the official Kerberos
	  API. Therefore, add a special check to clear KRB5_AUTH,
	  KRB5_CPPFLAGS, KRB5_LDFLAGS, and KRB5_LIBS if neither
	  et/com_err.h nor com_err.h can be found and --with-krb5 is not
	  given.
	  
	  Thanks to Jesse Rehmer for the bug report.

2013-12-12  iulius

	* innd: fix a segfault when running news.daily
	  
	  On systems where time_t is a 64-bit integer, innd segfaults on
	  "ctlinnd name" commands (for instance when news.daily uses these
	  commands on connected peers).
	  
	  Thanks to S.P. Zeidler for the patch.

2013-12-09  iulius

	* Fix a few useless assignments (never read) reported by clang

	* Properly log as notice level Perl and Python hooks by default.

	* innd: write the first character in uppercase for error messages

	* innreport: update the pattern for "strange strings"
	  
	  The "Including strange strings" innreport section is now back in
	  daily Usenet reports. Fix regression introduced with commit
	  [8389].

2013-12-06  eagle

	* Update the URL for BerkeleyDB
	  
	  Oracle has gratuitously reorganized their web pages yet again.

2013-12-05  iulius

	* update (again) the link to ISC INN page

2013-11-26  iulius

	* update links to ISC and Trac
	  
	  * Russ' web site now lists the contributed links that were on the
	  old ISC web site (the new ISC web site is only a download page of
	  the last release). * Accessing Trac now requires a TLS
	  connection.

2013-11-21  iulius

	* properly link nnrpd with libcrypto
	  
	  Since the separation of SSL_LIBS into OPENSSL_LIBS and
	  CRYPTO_LIBS in openssl.m4, the crypto part has been missing for
	  nnrpd. Now fixed.

	* improve support for Cyrus SASL
	  
	  * new --with-sasl-include and --with-sasl-lib configure flags to
	  allow the use of non-standard paths for the Cyrus SASL library *
	  if the Cyrus SASL library is found at configure time, INN will
	  now be built with support for it unless the --without-sasl flag
	  is explicitly passed to configure * sasl.m4 is now synchronized
	  from upstream rra-c-util

	* sync with latest lib-helper.m4 and openssl.m4 from rra-c-util
	  
	  Fix a bug in the *_OPTIONAL version of all Autoconf macros using
	  lib-helper.m4 that would add yes/include and yes/lib to the
	  compiler and linker search paths.

2013-11-17  iulius

	* krb5.m4: synchronize with latest rra-c-util 4.11 release
	  
	  INN_LIB_KRB5_OPTIONAL now correctly configures the package to not
	  use Kerberos instead of failing if neither the new Kerberos error
	  APIs nor libcom_err could be found.
	  
	  Also fix the AM_CONDITIONAL that determines whether Kerberos is
	  linked with libcom_err.

	* fix the path to simpleftp in innshellvars and INN::Config
	  
	  When neither wget nor ncftpget nor ncftp was found at configure
	  time, the path to the simpleftp substitution program shipped with
	  INN was not proprely set in innshellvars, innshellvars.pl, and
	  the INN::Config Perl module.
	  
	  Thanks to Christian Garbs for the bug report.

2013-11-11  iulius

	* regenerate Makefile dependencies with gcc 4.7.2
	  
	  Also adapt support/makedepend to keep the two leading spaces, as
	  in previous versions of gcc.

2013-11-10  iulius

	* sync a few m4, lib, and include files with latest rra-c-util
	  
	  Changes to note:
	  
	  * HAVE_KRB5 is now used instead of HAVE_KERBEROS in krb5.m4 *
	  remove NETDB_SUCCESS (no longer used) from getaddrinfo.c * define
	  ARRAY_SIZE in getaddrinfo.c * fix two warnings of unused variable
	  and comparison of a floating point number with 0 in snprintf.c *
	  define UNUSED in getnameinfo.c * check the return status of
	  snprintf instead of assuming that it will always succeed in
	  getnameinfo.c * define SOCKLEN_T in socket.h instead of
	  clibrary.h * improve the definition of sockaddr_storage in
	  socket.h

	* improve OpenSSL support
	  
	  * sync with latest rra-c-util version of openssl.m4 * use
	  HAVE_OPENSSL instead of HAVE_SSL * fix how
	  --enable-reduced-depends works with OpenSSL support (that flag
	  behaves the opposite it was supposed to) * search for the dl
	  library to link with, if needed

2013-11-05  iulius

	* sync with rra-c-util

	* inet_ntop.c: sync with rra-c-util
	  
	  - Use socket_set_errno instead of assigning to errno.
	  
	  - Check the return status of snprintf in the inet_ntop
	  replacement function instead of assuming that it will always
	  succeed.

2013-11-03  iulius

	* asprintf.c: synchronize with rra-c-util
	  
	  In the vasprintf replacement, preserve errno if snprintf fails
	  when formatting the string into the newly-allocated buffer.

	* add getrra-c-util support script to help the synchronization with
	  upstream

2013-10-28  iulius

	* do not stop the build if the crypto library, when optional, is
	  not found

2013-10-26  iulius

	* use at least Autoconf 2.64 to bootstrap INN
	  
	  AC_INIT has been supporting 5 parameters since Autoconf 2.64.
	  Switch to this newer version.
	  
	  Also improve HACKING as for the files taken from other projects
	  when releasing a new version of INN: - mention the paths of these
	  files in the libtool tarball, - mention rra-c-util, and document
	  how to run a single test, as well as a pointer where to find
	  automatic build logs of INN.

	* separate m4 macros for networking and UNIX domain sockets
	  
	  Use rra-c-util socket.m4 and socket-unix.m4 files.

	* improve the build with Kerberos v5 and OpenSSL support
	  
	  * use Kerberos v5 probes from rra-c-util (new krb5-config.m4 and
	  lib-helper.m4 files, and update of krb5.m4) * use OpenSSL probes
	  from rra-c-util (update of openssl.m4) * KRB5_AUTH is now defined
	  directly in configure.ac * --with-kerberos is renamed to
	  --with-krb5 (configure flag) * --enable-reduced-depends is a new
	  configure flag, which tries to minimize the shared library
	  dependencies of the resulting binaries on platforms with proper
	  shared library dependencies; this is not enabled by default, and
	  is of interest primarily to people building packages for
	  distributions * new --with-krb5-include, --with-krb5-lib,
	  --with-openssl-include, and --with-openssl-lib configure flags to
	  allow the use of non-standard paths * if the Kerberos v5, or
	  OpenSSL SSL and crypto libraries are found at configure time, INN
	  will now be built with support for them unless respectively the
	  --without-krb5, or --without-openssl flags are explicitly passed
	  to configure * update documentation and inn.conf sample file

2013-09-22  iulius

	* fix another link to Berkeley DB in the ovdb documentation

2013-09-22  eagle

	* Fix link to BerkeleyDB in the ovdb documentation

	* Fix link for downloading Perl in the hook documentation

2013-09-21  iulius

	* update to latest upstream version of rra-c-util 4.9

	* typos

	* mention lib32 and lib64 directories when looking at Berkeley DB
	  libraries

2013-09-20  iulius

	* improve building with Berkeley DB support
	  
	  When building INN with Berkeley DB support, no longer add
	  standard locations to compiler and linker include flags;
	  unconditionally adding -L/usr/lib (for instance) may break the
	  build, especially when /usr/lib32 or /usr/lib64 are also defined.
	  Such default paths are now added only if explicitly given to one
	  or more of the --with-berkeleydb, --with-berkeleydb-include, or
	  --with-berkeleydb-lib configure flags.
	  
	  These two last flags are new in INN 2.6.0.

2013-09-03  iulius

	* pullnews: improve logging when an error occurs during GROUP
	  
	  Also rewrite a ternary condition to improve readability.
	  
	  Patch from Geraint A. Edwards.

2013-08-27  iulius

	* add const casts

	* ckpasswd: use the right prototype for PAM functions
	  
	  On AIX 7.1, security/pam_appl.h defines
	  
	  struct pam_conv { int (*conv)(int, struct pam_message **, struct
	  pam_response **, void *); void *appdata_ptr; };
	  
	  so pam_message is not a const struct **.
	  
	  Add m4/pam-const.m4 taken from rra-c-util to detect at configure
	  time whether pam_conv expects a const.

2013-08-25  iulius

	* test suite: more flexibility for inndf
	  
	  Increase the allowed difference in the result of the inndf test
	  suite. It otherwise sometimes fails when files are modified on
	  the system, outside INN.

	* fix the value of DBM_CPPFLAGS and DBM_LIBS
	  
	  It should now work (wrong fix in commit [9528]).

2013-08-24  iulius

	* fix the value of DBM_CPPFLAGS and DBM_LIBS
	  
	  Typo in a test introduced by previous commit [9525].

2013-08-08  iulius

	* test suite: add libm for linking
	  
	  On some platforms (like AIX), linking with libm is needed as the
	  test suite uses math functions. Though only lib/confparse-t.c
	  currently uses is_double()/ok_double(), add libm to the whole
	  test suite.
	  
	  Updating to the latest release of Russ' C TAP Harness will make
	  it possible to link with libm only for the relevant tests.

2013-08-07  iulius

	* do not use yyget_leng() function as it is not defined by old flex
	  versions
	  
	  Better keep using yyleng, still cast to size_t.

2013-08-06  iulius

	* improve the detection of ndbm compatibility layer
	  
	  When INN is configured with Berkeley DB support, ckpasswd tries
	  to use the ndbm compatibility layer provided by Berkeley DB even
	  though Berkeley DB was not built with ndbm support. This patch
	  fixes that, by detecting at configure time that Berkeley DB
	  really has its ndbm compatibility layer.
	  
	  Also add support for gdbm libraries in ckpasswd.

2013-08-01  iulius

	* ckpasswd: use Berkeley DB ndbm compatibility layer first
	  
	  On a few systems like Fedora 18 ppc64, the GNU dbm library
	  shipped as ndbm.h is not usable.
	  
	  ckpasswd.c: In function 'password_dbm': ckpasswd.c:165:5:
	  warning: passing argument 1 of 'dbm_open' discards 'const'
	  qualifier from pointer target type [enabled by default] database
	  = dbm_open(file, O_RDONLY, 0600); ^ In file included from
	  ckpasswd.c:30:0: /usr/include/ndbm.h:55:14: note: expected 'char
	  *' but argument is of type 'const char *' extern DBM *dbm_open
	  (char *file, int flags, int mode); ^ ckpasswd.o: In function
	  `password_dbm':
	  /home/iulius/autobuild/inn/authprogs/ckpasswd.c:165: undefined
	  reference to `dbm_open'
	  /home/iulius/autobuild/inn/authprogs/ckpasswd.c:170: undefined
	  reference to `dbm_fetch'
	  /home/iulius/autobuild/inn/authprogs/ckpasswd.c:177: undefined
	  reference to `dbm_close'
	  /home/iulius/autobuild/inn/authprogs/ckpasswd.c:172: undefined
	  reference to `dbm_close' collect2: error: ld returned 1 exit
	  status

	* fix the test suite for inndf
	  
	  When the filesystem name is lengthy, df may output two lines. "df
	  -k -P ." and "df -i -P ." (-P for a POSIX result) are not
	  available on all systems, so we just rewrite the df output on one
	  line.
	  
	  $ df -k . Filesystem 1K-blocks Used Available Use% Mounted on
	  /dev/mapper/gcc12-home 546781616 413506476 133275140 76% /home

2013-07-31  iulius

	* fix build with flex 2.5.36+
	  
	  Cast yyget_leng() to size_t because it used to be an int in flex
	  versions anterior to 2.5.35 (not included).

	* fix three casts to unsigned char when using toupper()
	  
	  GCC complains because of char-subscripts warnings.

	* fix two casts to const time_t * when using ctime()

	* fix two casts to unsigned long

	* consider that NetBSD behaves like FreeBSD for "df -i"
	  
	  Fix the test suite for inndf on NetBSD systems.

2013-07-30  iulius

	* fix cast-align warnings
	  
	  GCC on some platforms warns about casts from struct sockaddr to
	  one of the more specific subtypes on the grounds that the
	  alignment requirements increase. Restructure code in
	  getaddrinfo.c to avoid needing the casts and cast through void *
	  everywhere else to suppress the warnings. (In all cases, we are
	  assured that the underlying data is properly aligned.)
	  
	  Thanks to Russ Allbery for the patch (from rra-c-util).

2013-07-26  iulius

	* Update the URL for NoCeM

	* pullnews: fixed a Perl warning
	  
	  Latest Perl versions catch this use of uninitialized variable.
	  
	  Thanks to Tony Evans for the bug report.

	* pullnews: looks for the config file in the right home directory
	  
	  After commits [9304] and [9330], INN 2.5.3 broke the legacy
	  behaviour of pullnews looking for its configuration file in the
	  running user's home directory. Adding INN::Config changed the
	  $HOME environment variable to the news user's home directory (in
	  fact the pathnews parameter set in inn.conf). Besides, pullnews
	  was no longer useable outside INN.
	  
	  Fixed these issues by: - making INN::Config and
	  INN::Utils::Shlock optional. If these Perl modules are not
	  present, pullnews falls back to its legacy handle of locks (that
	  is unfortunately broken in Solaris); - setting the home directory
	  to the one of the running user (or to pathdb if pullnews is run
	  by the news user).
	  
	  Thanks to Tony Evans for the bug report.

2013-07-22  eagle

	* Update the URL for NoCeM

	* Update URL to download Perl in the Perl hook documentation

2013-07-03  iulius

	* disable the use of SSLv2 owing to its being unsafe

2013-07-01  iulius

	* clarify distribution restrictions in the ME entry of the
	  newsfeeds sample file
	  
	  Note in the newsfeeds sample file that restrictions on accepted
	  distributions will have no effect if the article has no
	  distribution at all.
	  
	  Follow up commit [9499].

2013-07-01  eagle

	* Clarify distribution restrictions on articles with none
	  
	  Note in the newsfeeds man page that restrictions on accepted
	  distributions will have no deffect if the article has no
	  distribution at all.

2013-06-29  eagle

	* Add tips for running INN on Mac OS X from Richard Tobin
	  
	  From <kqmc6u$30ne$1@macpro.inf.ed.ac.uk> in news.software.nntp.

2013-06-25  iulius

	* fix a few resource leaks
	  
	  A few files were remaining open.
	  
	  Thanks to David Binderman for having reported the issue.

	* imapfeed: fix buffer overflow
	  
	  Fixed a buffer overflow when using imapfeed with more than a
	  million commands during the same IMAP session.
	  
	  Thanks to David Binderman for having reported the issue.

	* fix segfault during dereferencing
	  
	  Remove a useless unlink().
	  
	  Thanks to David Binderman for having reported the issue.

2013-06-24  iulius

	* fix a Perl warning in inncheck
	  
	  defined(@array) has been deprecated since Perl 5.16.
	  
	  Thanks to Remco Rijnders for the report.

2013-06-12  iulius

	* document htpasswd and perl commands to generate the auth
	  newsusers database

2013-06-08  iulius

	* add more gcc warnings to check (based on gcc 4.4.5)

	* mention in INSTALL that CNFS buffers are compatible between LFS
	  and non-LFS versions

	* innfeed, scanlogs: reopen log files on sighup
	  
	  The recent patch [9464] to flush exploder and process channels in
	  innd, and to send 'ctlinnd flushlogs' again after log rotation
	  solved the problem of controlchan or ninpaths holding open an
	  already deleted errlog file. However this does not yet solve the
	  original issue with innfeed.log when innfeed is run as a
	  standalone daemon via a funnel-file.
	  
	  This patch implements the changes suggested by Julien Elie in
	  January 2013, to add an openLogFile() call to the sighup handler.
	  The sigusr1 handler is not available, as it is already used to
	  increase / decrease the debugging level along with sigusr2. Also,
	  reopening the log after re-reading the configuration might be a
	  good idea anyway, as the log file location may have been changed.
	  
	  Additionally, call sighup on the innfeed pid in scanlogs, and
	  document the changes briefly in innfeed(8) / innfeed.conf(5).
	  
	  Thanks to Florian Schlichting for the patch.

2013-06-06  iulius

	* properly undef two hashes used in Perl hooks

	* add the attributes hash to nnrpd Perl posting filter
	  
	  The attributes hash was only created for Perl authentication and
	  access functions. It is now accessible to Perl posting filter.
	  
	  Also update the sample filter_nnrpd.pl file.
	  
	  Thanks to Steve Crook for the patch.

2013-05-24  iulius

	* also remove obsolete man5/radius.conf.5 file

	* rename radius.conf to inn-radius.conf
	  
	  The name of the radius.conf configuration file shipped with INN
	  conflicts with the libradius package. innupgrade will take care
	  of the renaming.
	  
	  Reported by Jochen Schmitt.

2013-05-21  eagle

	* Force the actsync exit code documentation to not be a numbered
	  list
	  
	  POD has changed how it disambiguates numbered lists from
	  description lists and issues a new warning. Force the exit codes
	  to be a description list since they don't start with 1.

2013-05-21  iulius

	* fix two old style definitions

	* remove useless code

	* add a comment to remember why PACKED is needed

2013-05-20  iulius

	* fixed the occurrence of an unexpected "cant select" error
	  generated by innd
	  
	  errno was not preserved; the status hook was stuck between the
	  select and the check of its return status, so we're getting a
	  spurious EPERM from STATUSsummary, probably from some random
	  glibc internal syscall involved in fopen() that isn't actually
	  important.
	  
	  It only happens twice since it can only happen when select is
	  interrupted by a signal (triggering EINTR, which then gets
	  overwritten with EPERM), which is probably due to child processes
	  completing, which is probably only happening during specific
	  events on your server during expire.
	  
	  The solution is to rewrite this code to the order that it should
	  have been written in the first place.
	  
	  Thanks to Paul Tomblin for having caught that long-standing
	  issue.

2013-04-14  iulius

	* compilation with gcc 4.8.0
	  
	  Explicitly give the known size of a pointer used in a snprintf()
	  call in the OfferArticle() function. New
	  -Wsizeof-pointer-memaccess warning introduced in gcc 4.8.0.
	  --Cette ligne, et les suivantes ci-dessous, seront ignorées--
	  
	  M post.c

2013-03-22  iulius

	* update documentation for the new behaviour of "ctlinnd flushlogs"
	  
	  Also fix a POD error introduced by the previous commit. Thanks to
	  Florian Schlichting for having caught it.

2013-03-18  iulius

	* Rotate innfeed logs
	  
	  Exploder and process channels are now properly reopened when
	  "ctlinnd flushlogs" is used, which is in particular the command
	  invoked by scanlogs to rotate log files. It solves the issue that
	  caused the patch to be reverted by commit [9449].

	* Superfluous character in innfeed.log output

2013-02-23  eagle

	* libinn: remove HeaderFind from documentation
	  
	  It hasn't existed since 2002...
	  
	  Patch from Richard Kettlewell <rjk@terraraq.org.uk>.

	* innconf: Don't test HAVE_SSL This relieves customers of
	  /usr/include/inn from the need to guess whether INN was built
	  with SSL support in order to get a header that matches the
	  installed libraries.
	  
	  Patch from Richard Kettlewell <rjk@terraraq.org.uk>.

2013-01-16  iulius

	* test suite: remove a useless wrapped test for setenv
	  
	  Remove a test that makes the test suite fail on a few systems.
	  The code it is testing is obvious whereas getting the amount of
	  memory and the data size limits right is extremely difficult in
	  all cases. Besides, this test does not serve much purpose and is
	  not present in rra-c-util 4.7.

	* Typos.
	  
	  Thanks to Florian Schlichting for the report.

2012-12-30  eagle

	* Fix the innfeed configfile parser generation rule
	  
	  Using $? in the rule, now that the extra dependency has been
	  added, caused the wrong arguments to be passed to bison. Pass the
	  correct arguments explicitly.
	  
	  This still seems to run bison twice for reasons that I can't
	  figure out, but that should be harmless.

2012-12-29  eagle

	* Add additional dependency to de-parallelize innfeed yacc rule
	  
	  With a highly parallel make, yacc could be invoked on the innfeed
	  configuration parser twice, once to build the *.c file and once
	  to build the *.h file, leading to one of the mv commands failing.
	  Follow the recommendation in the Automake manual and add an
	  additional dependency from the *.h file to the *.c file, forcing
	  the rule to be run once.
	  
	  Reported by Remco Rijnders.

2012-12-23  eagle

	* Do not attempt to rotate innfeed logs
	  
	  innfeed with funnel feeds will hold its log files open forever,
	  so those log files cannot be safely rotated with scanlogs.
	  There's no way to signal innfeed to close the log file and open a
	  new one. Remove the code in scanlogs that attempts to deal with
	  them.
	  
	  Patch from Florian Schlichting <fschlich@CIS.FU-Berlin.DE>.

2012-12-07  eagle

	* Remove reference to reap from prunehistory man page
	  
	  The FTP site from which this program was available seems to have
	  disappeared, and it was already marked as obsolete.

2012-11-03  eagle

	* Remove link to Elena Samsonova's introduction
	  
	  This web site appears to be defunct.

2012-09-04  iulius

	* Mention CVE-2012-3523 in the NEWS file (though posterior to the
	  2.5.3 release)

2012-07-08  iulius

	* update INSTALL to mention that shared libraries are no longer
	  backed up

2012-07-07  eagle

	* Update URL for NewsPortal to one that works

2012-07-06  eagle

	* Fix the backup extensions referenced library Makefile comments

	* Stop creating backups for shared libraries
	  
	  Introduce a new LI_LPUB command and use it for shared library
	  installation. Document in Makefile.global.in why shared libraries
	  can't use the normal backup mechanism.

	* Update HACKING release instructions for signing procedure
	  
	  ISC no longer signs the releases. We do that ourselves. We also
	  now need to contact ISC to update ftp.isc.org.

	* Document library versioning in HACKING

	* Reformat HACKING POD source for consistent margins

	* Bump shared library versions
	  
	  Increase the shared library version for all the shared libraries
	  on the grounds that we've almost certainly had ABI-breaking
	  changes since 2.5 (which was a long time ago).
	  
	  Move the shard library versions to near the top of the relevant
	  Makefiles so that the version is more prominant and document how
	  the version should be maintained.

	* Reformat file lists in lib/Makefile

2012-06-15  iulius

	* typos

2012-06-14  iulius

	* prepare the 2.5.3 release
	  
	  * Typo fixed in NEWS.
	  
	  * Add the 2012 year to LICENSE.
	  
	  * Add a contributor of a recent bug fix in CONTRIBUTORS. (Sorry
	  for having forgotten to commit the file!)
	  
	  * Bump the version of the latest release in FAQ.

	* inncheck: skip warning when expected .OLD backup files are found
	  
	  Improve commit 9418 by allowing only expected .OLD backup files
	  (and not all files whose name ends with ".OLD").

	* update to latest config.guess and config.sub files

2012-06-12  iulius

	* auth_init() should be optional in perl_auth
	  
	  The documentation (doc/hook-perl) for nnrpd auth hook says:
	  
	  If a Perl function auth_init() is defined by that file, it is
	  called immediately after the file is loaded.
	  
	  And later:
	  
	  Provided the file loads without errors, auth_init() (if present)
	  runs without fatal errors, and a Perl function authenticate() is
	  defined, authenticate() will then be called
	  
	  This suggests that auth_init() is optional, but it actually
	  isn't. When it's not defined, the auth hook will fail:
	  
	  200 isis.rt.uk.eu.org InterNetNews NNRP server INN 2.5.2 ready
	  (posting ok) authinfo user test 381 Enter password authinfo pass
	  test 400 Internal error (3). Goodbye!
	  
	  It seems more sensible to not require an auth_init() function, as
	  most hooks probably won't need it.
	  
	  Thanks to River Tarnell for the bug report.

	* inncheck: skip warning when .OLD backup files are found

	* ctlinnd: check the syntax of the newsfeeds file on reload
	  
	  Add a check of the syntax of the newsfeeds file when trying to
	  reload "all", "active" and "newsfeeds". Otherwise, innd may crash
	  on reload.
	  
	  Thanks to Tim Fardell for the bug report.

	* innreport: ignore invalid dates in daily HTML reports
	  
	  Lines containing invalid dates are now skipped by innreport. The
	  behaviour of innreport was changed by the previous commit because
	  the use of Time::Local::timelocal() validates the date and fails
	  when the date is invalid. We now properly skip it.
	  
	  Thanks to Petr Novopashenniy for the bug report.

2012-06-11  iulius

	* fix the generation of HTML pages by innreport during leap years
	  
	  An illegal division by zero occurred during the generation of
	  HTML pages by innreport.
	  
	  The problem comes from the parsing of innreport.db. If you have
	  in this file a change of year for which the hours are the same
	  between Dec 31th and Jan 1st, then this error is generated.
	  
	  For instance:
	  
	  news-notice.2010.12.31-04.15.02.html|Dec 31 04:15:02 -- Jan 1
	  04:15:02|28079|2791|7.9 MB|34320|1500|4.6 MB
	  
	  There is an issue in how innreport translates these dates. The
	  ConvDate() function assumes the dates are relative to the
	  *current* year. So it thinks it has been between Dec 31th 2012
	  and Jan 1st 2012 (whereas it was Dec 31th 2010 and Jan 1st 2011).
	  As 2012 is a leap year, and Dec 31th is after Feb 28th, the
	  translated date contains an unexpected "+1 day".
	  
	  Thus, the main page of innreport HTML generation has not been
	  updated since the beginning of the year. Note that no HTML report
	  is lost. They are properly generated.
	  
	  Now, innreport makes use of Time::Local to convert dates to
	  seconds since epoch, thus modifying the behaviour of ConvDate()
	  which was converting dates to seconds since January, 1st.
	  
	  I bet innreport now runs slower, but I think it is better to
	  achieve robustness (the code using Time::Local seems easier to
	  read and maintain).

2012-05-29  iulius

	* add a sample systemd-like init script
	  
	  Include in the contrib directory a systemd-like init script for
	  INN.
	  
	  Thanks to Jochen Schmitt (co-maintainer of the inn package of the
	  Fedora project) for the proposal.

2012-05-28  iulius

	* add a releaselocks() function to INN::Utils::Shlock
	  
	  Improve how to release existing locks. lock() now keeps a trace
	  of acquired locks; releaselocks() releases all these locks.
	  Previously, unlock() had to be called on all locks.

	* add a hint to easily find out the modified line for INN in
	  ltmain.sh

2012-05-03  iulius

	* improve documentation for innflags
	  
	  Thanks to John F. Morse for the report.

2012-04-04  eagle

	* Remove old install documentation for --enable-libtool
	  
	  Keep the bits about the shared library API and move it to
	  somewhere else in the installation instructions.

2012-04-03  eagle

	* Fix a mangled comment in the configure libtool changes

	* Re-enable our special support for -B in libtool

	* Update libtool to Debian version 2.4.2-1

	* Make libtool support unconditional
	  
	  The days when this was too slow on common systems have long past,
	  and it makes the build system unnecessarily complex to support
	  having it be optional, particularly as we move forward with
	  Automake.

2012-03-04  iulius

	* fixed a trailing extra junk byte in innd answers
	  
	  When an error occurs when innd writes on a channel, a trailing
	  extra junk byte is added to the reply.
	  
	  If the write() function fails, "i" is negative and we substract
	  "i" to cp->Out->left anyway. So if for instance i=-1, we end up
	  in having cp->Out->left increased by one. Which would add an
	  extra character after a complete response. (So it appears in fact
	  before a new response.)
	  
	  Issue introduced in changeset [7418].
	  
	  Thanks to River Tarnell for the bug report.

2012-01-14  iulius

	* fix a segfault when a message does not contain a Newsgroups:
	  header field
	  
	  A bug was introduced by [9121] (also in STABLE, but not in a
	  release). The Newsgroups: header field was strdup'ed before
	  having checked the validity of all the header fields. It could
	  therefore be unset, leading to a segfault.
	  
	  The check is now done. If the Newsgroups: header field is
	  missing, this error will still be reported afterwards. And in
	  case it is set, the presence of a moderated newsgroup is properly
	  checked, and nnrpd acts accordingly (it does not add or update
	  Injection-Date:, Injection-Info: and Path: header fields in this
	  case).

2012-01-01  iulius

	* fix invalid 431 response when server is paused
	  
	  When innd is paused, its 431 response code does not comply with
	  RFC 4644. The Message-ID is missing. It is now properly present
	  as first argument to the response code.
	  
	  Thanks to River Tarnell for the bug report.

2011-12-26  iulius

	* build INN before running the test suite

	* test suite: allow the biff service to be named comsat
	  
	  On some systems, the comsat alias for biff is first, so a lookup
	  of UDP port 512 returns it instead. Thanks to Jeffrey Vinocur for
	  the report.

2011-12-26  eagle

	* Remove the Linux PAM link from the ckpasswd man page
	  
	  Remove link to the Linux PAM System Administrator's Guide from
	  the ckpasswd man page, since unfortunately it appears to not be
	  available on-line any more (except from various hosts that just
	  re-export the Debian /usr/share/doc tree, but those aren't likely
	  to be stable).

	* Fix a stray space in the FAQ so that it formats properly

2011-12-25  iulius

	* update sendinpaths to use the current top1000 addresses
	  
	  As the top1000.org domain name has been discontinued for the TOP
	  1000 Usenet stats, update our documentation and sendinpaths to
	  use top1000.anthologeek.net.

2011-10-01  iulius

	* add paths to external libraries in CFLAGS and LDFLAGS for the
	  test suite
	  
	  A few tests are failing (or not built) because of paths to
	  external headers or libraries given at configure time unset
	  during the build of the test suite.

2011-09-20  iulius

	* fix gcc warning with new Cyrus SASL version
	  
	  Cyrus SASL 2.1.25 modified the prototype of SASL callback
	  functions to fix the "function declaration isn't a prototype"
	  warning.
	  
	  <sasl/saslplug.h>: @@ -33,9 +33,10 @@ * SASL_FAIL -- unable to
	  find a callback of the requested type * SASL_INTERACT -- caller
	  must use interaction to get data */ +typedef int
	  (*sasl_callback_ft)(void); typedef int
	  sasl_getcallback_t(sasl_conn_t *conn, unsigned long callbackid, -
	  int (**pproc)(), + sasl_callback_ft * pproc, void **pcontext);
	  
	  When using callbacks, we now cast the argument:
	  (sasl_callback_ft) &getsimple to silent "initialization from
	  incompatible pointer type" warnings, and define sasl_callback_ft
	  for older Cyrus SASL versions.

2011-09-19  eagle

	* Stop using INADDR_LOOPBACK
	  
	  It looks like the byte order of INADDR_LOOPBACK is indeterminate
	  and may require htonl on some systems and not on others. Avoid
	  the issue by not using it and instead just using
	  htonl(0x7f000001UL).

2011-09-13  iulius

	* skip leading whitespace in Xref: header fields when running as a
	  slave
	  
	  Fix a regression that occurred in INN 2.5.0 when leading
	  whitespace have been made significant in header field bodies. It
	  could lead INN to drop articles and throttle itself when running
	  as a slave because Xref: header fields generated by other news
	  servers, or even INN 2.4.6, could contain (valid) leading
	  whitespace.
	  
	  Thanks to Matija Nalis for having caught this bug.

2011-09-08  iulius

	* fix signedness issues in the results of ternary constructions

	* fix the return type of main()
	  
	  Use an int for main() return type.

	* fix the end of the header in archive (it was 1 byte too long)

2011-09-04  iulius

	* add documentation for procbatch
	  
	  New documentation written by Florian Schlichting, with the help
	  of a memo by Russ Allbery.
	  
	  Add a link to this new documentation in innfeed and news.daily
	  documentation.
	  
	  Use "$INN::Config::pathtmp" instead of "INN::Config::$spooltmp"
	  in procbatch. (The two variables are the same; the first one is
	  more wide-spread.)
	  
	  Add a warning if -s is used without -c, and if -t is used without
	  -m.

2011-08-31  iulius

	* silent a log message about FD_SETSIZE
	  
	  As rlimitnofile is set to "-1" by default, innd should handle
	  silently a decrease of available file descriptors to FD_SETSIZE
	  minus 1.

2011-08-22  iulius

	* Update changelog

	* Cast the argument to toupper()
	  
	  Following the previous commit dealing with tolower(), cast the
	  argument to an unsigned char.

2011-08-21  eagle

	* Cast the argument to tolower()
	  
	  Like the other ctype.h functions, tolower takes an int, which on
	  systems with signed chars can result in unexpected type promotion
	  and broken behavior. Follow best practice of always casting the
	  argument to an unsigned char.
	  
	  Remove some dead code in the innfeed config parser.

2011-08-21  iulius

	* update MANIFEST after the removal of hstrerror

2011-08-21  eagle

	* Fix warning suppression in getnameinfo replacement
	  
	  When lengths that may be 0 are cast to unsigned before
	  subtracting one, we may get underflow. Move the subtraction to an
	  addition on the other side of the comparison. Use const void * as
	  the cast for calling gethostbyaddr, since it's more general than
	  char *.

	* Work around gcc 4.4 misdiagnosis of strict aliasing violation gcc
	  4.4 thinks part of the network test suite is a strict aliasing
	  violation because it declares a local struct sockaddr_storage and
	  then casts it to other structs. Allocate it from the heap instead
	  to work around this bug.

2011-08-20  eagle

	* Move netdb constants from portable/socket.h to lib/getaddrinfo.c
	  
	  Nothing outside of the getaddrinfo replacement function now needs
	  any of the netdb.h constants or h_errno, so remove them from
	  portable/socket.h and move them to lib/getaddrinfo.c.

	* Remove hstrerror replacement
	  
	  This is no longer used anywhere in the source tree since all
	  callers now use getaddrinfo and its corresponding error message
	  function instead.

	* Remove obsolete h_errno reference in innfeed

2011-08-20  iulius

	* strictly check the syntax of a token
	  
	  * Check that the last argument to "ctlinnd addhist" is either ''
	  or a valid token;
	  
	  * Use @000000000000000000000000000000000000@ when the token is
	  empty ('') for "ctlinnd addhist", or badly formatted for any
	  other function calling TextToToken();
	  
	  * Fix the result of the hexadecimal conversion when a lowercase
	  character is used. Transform it to an uppercase character.
	  
	  * Reject invalid tokens containing '@' or lowercase characters.
	  (They were previously wrongly accepted.)
	  
	  Previously:
	  
	  % ctlinnd addhist '<pouet>' 1312575175 1312575175 1312575175 ''
	  Ok % grephistory -e '<pouet>'
	  @95A9ADC6403A29596359BECC38B651C17020@
	  
	  % ctlinnd addhist '<pouet2>' 1312575175 1312575175 1312575175
	  '@aaaaaaaaaaaaaaaaaaaaa@' Ok % grephistory -e '<pouet2>'
	  @CACACACACACACACACACAA9BA95191402003F@
	  
	  % ctlinnd addhist '<pouet3>' 1312575175 1312575175 1312575175
	  '@a' Ok % grephistory -e '<pouet3>'
	  @CAA95191C66E8A89FC1B8B495EFE9EE9301E@
	  
	  Memory was not properly initialized.
	  
	  Now, the first command uses
	  @000000000000000000000000000000000000@ and the others are
	  rejected, as invalid.

2011-08-18  iulius

	* synchronize our libraries with rra-c-util 3.7
	  
	  * Update to the latest release of rra-c-util (3.7). Keep the
	  specific part for setenv-t.c with the run of a shell script
	  wrapper.
	  
	  * Add support for "make tests" in the tests directory.
	  
	  * Add support for $SOURCE and $BUILD in runtests.
	  
	  * mkstemp.c: add a check for (errno != EISDIR).
	  
	  * snprintf.c: remove the HAVE_LONG_DOUBLE check. All modern
	  compilers have "long double".

	* fix the libtest support files to make the new libtest format work

	* update the messages library from rra-c-util 3.7
	  
	  * New prototypes for message_handlers_* and message_log_*
	  functions: size_t for the count/len argument, instead of a signed
	  int.
	  
	  * Add a flush at the end of message_log_stdout.

	* update the vector library from rra-c-util 3.7
	  
	  * Add new vector_addn, vector_split_multi and cvector_split_multi
	  functions. (Still unused.)
	  
	  * Update to the new test suite for vector.c.

	* update xmalloc librairies from rra-c-util 3.7
	  
	  * Switch the xmalloc_fail prototype from lib/xmalloc.c to
	  include/inn/libinn.h.
	  
	  * Update tests/lib/xmalloc.t to the new shell syntax with
	  libtest.sh for the test suite.
	  
	  * Disable the check for RRA_MAINTAINER_TESTS. We'll see whether
	  we should keep it later.
	  
	  * Use 3.5MB instead of 96KB for the tests/lib/xmalloc.t failing
	  test.
	  
	  * Use RLIMIT_AS instead of RLIMIT_DATA in tests/lib/xmalloc.c.

	* update network librairies from rra-c-util 3.7
	  
	  * Change the prototype of network_bind_all to use (unsigned int
	  *) instead of (signed int *) for the count argument.
	  
	  * Adapt nnrpd to use unsigned int for lfdcount, and innd to use
	  unsigned int for chanlimit.
	  
	  * Add the network_accept_any function. (Currently unused.)
	  
	  * Define the socket_type type and INVALID_SOCKET.
	  
	  * Update dependencies.
	  
	  * Fix a typo in a comment in lib/network.c.
	  
	  * Update the test suite to use network-t.c from rra-c-util 3.7.

2011-08-16  iulius

	* docheckgroups: no longer use awk
	  
	  On a few systems, docheckgroups fails because of the use of an
	  old version of awk. A few awk implementations have a limit in the
	  size of the input they can process; it then cause issues with
	  large newsgroups files.
	  
	  Use Perl instead of awk for the time being. It solves these
	  issues. Successfully tested on a system where docheckgroups was
	  previously failing. Thanks to John F. Morse for the bug report.
	  
	  The next step will be a total rewrite of docheckgroups. It will
	  be much more maintainable as a Perl script.

	* cnfsstat: reload configuration files when modified
	  
	  cnfsstat now reloads storage.conf and cycbuff.conf if they have
	  been modified since the last iteration of the script (started
	  with the "-l" flag). Otherwise, the new configuration is not
	  taken into account by a "ctlinnd xexec" command; only rc.news
	  starts cnfsstat.
	  
	  Also change the "Cannot open CycBuff Conffile" message because it
	  is not always true. The message can be logged when an error
	  occurs during the parsing of the file. Sometimes, even when the
	  parsing was incorrect, the file was accepted. This behaviour is
	  also fixed, and the file is refused at cnfsstat startup.

	* fix an error in rc.news documentation about ovmethod and
	  docnfsstat

2011-08-10  iulius

	* improve the sample init script
	  
	  Based on the Debian package. (Current maintainer: Marco d'Itri.)

	* inncheck: allow to skip the check for certain files
	  
	  Setting an empty value to a file to check permits to skip the
	  actual check. It is useful for people who are not running all the
	  programs shipped with INN (for instance innfeed, in which case
	  innfeed.conf is unnecessary).
	  
	  Thanks to Florian Schlichting for the patch.

	* inncheck: mention that the run-away quote warning may be a false
	  positive
	  
	  Note: In cases where an option value spans more than two lines,
	  i.e. there is at least one line that doesn't even contain a
	  single double-quote, there will also be an error messages about
	  an invalid option name as well as one about a missing colon...
	  
	  Thanks to Jeffrey M. Vinocur and Florian Schlichting for this
	  suggestion.

	* pullnews: no longer modify invalid empty header fields
	  
	  pullnews MUST NOT modify header lines by default. Remove the part
	  of the code that was removing empty header lines.
	  
	  According to RFC 5537:
	  
	  3.6. Duties of a Relaying Agent
	  
	  Relaying agents MUST NOT alter, delete, or rearrange any part of
	  an article except for the Path and Xref header fields. They MUST
	  NOT modify the body of articles in any way. If an article is not
	  acceptable as is, the article MUST be rejected rather than
	  modified.
	  
	  Also, fix the first lines of the script to no longer say that
	  pullnews can be used without INN. (We use shlock.)

2011-08-06  iulius

	* upgrade to latest control.ctl file

	* confusion in the name of the "die" function

	* fix a cast to signed, and not unsigned

	* temporarily revert commit 9308 because of an unexpected "sed"
	  error appearing at configure time
	  
	  Errors appear at the end of configure:
	  
	  checking log facility for news... LOG_NEWS configure: creating
	  ./config.status Usage: /bin/sed [OPTION]...
	  {script-only-if-no-other-script} [input-file]... [...] GNU sed
	  home page: <http://www.gnu.org/software/sed/>. General help using
	  GNU software: <http://www.gnu.org/gethelp/>. ./configure: line
	  20063: /bin/sed -e 1s/^X//: No such file or directory
	  ./configure: line 20063: : command not found ./configure: line
	  20063: : command not found ./configure: line 20063: : command not
	  found ./configure: line 20063: : command not found [...]

	* update our support files to the latest libtool version (2.4)

	* update our support files to the latest automake version (HEAD)

	* update our support files to the latest autoconf version (HEAD)

	* fix compilation of tagged-hash history format when warnings are
	  on
	  
	  Variables names have changed since the last time a build in debug
	  mode was done.

2011-08-04  iulius

	* add an INN::Utils::Shlock module to wrap shlock in Perl scripts
	  
	  Calling shlock (a program shipped with INN) is more portable than
	  using flock(2) and its corresponding Perl function because this
	  function does not work as expected on all existing systems (for
	  instance on Solaris).
	  
	  This patch:
	  
	  * contains POD documentation for INN::Utils::Shlock;
	  
	  * adds support for INN::Utils::Shlock instead of flock(2) in
	  pullnews and mailpost.
	  
	  * uses INN::Utils::Shlock instead of a subfunction calling
	  shlock(1) in controlchan, thdexpire and send-uucp.
	  
	  Thanks to Dennis Davis for the bug report.

	* add POD documentation for scanspool
	  
	  Many thanks to Florian Schlichting for the creation of the POD
	  documentation.

2011-08-02  iulius

	* check for wrong leading characters in passwd (for instance a
	  commented line with //)
	  
	  Thanks to Florian Schlichting for the patch.

	* remove inncheck warning about an empty newsfeeds ME entry
	  
	  INN works without problems when the newsfeeds ME entry is empty.
	  inncheck no longer warns about an empty ME entry.
	  
	  Thanks to Florian Schlichting for the patch.

2011-08-01  iulius

	* fix an error in the order of typedef arguments in commit 9291

	* fix unsigned/signed conversions

2011-07-31  iulius

	* fix Makefile inclusion variable for Berkeley DB
	  
	  Use the right DB_CPPFLAGS variable instead of BERKELEY_DB_CFLAGS.

	* fix gcc 4.6.1 warnings about unused variables

2011-07-27  iulius

	* add missing types (used in innfeed/config_l.c)

	* fix an autoconf issue with missing brackets

	* fix issues with calls to getgroups()
	  
	  Properly check that the getgroups() functions exists and works
	  before trying to use it.
	  
	  Also use GETGROUPS_T set by configure to be whichever of gid_t or
	  int is the base type of the array argument to getgroups().

	* use new AC_CHECK_TYPE autoconf syntax
	  
	  Autoconf versions prior to 2.13 provide a now deprecated version
	  of the AC_CHECK_TYPE macro. It was doing more than a CHECK, and
	  was also defining missing types with #define instead of typedef.
	  
	  Swith to the preferred syntax with AC_CHECK_TYPES and typedef.

2011-07-25  iulius

	* include <strings.h> if available
	  
	  Do not include only <string.h> when <strings.h> is available. It
	  is required by the XSI extensions to POSIX and may be the only
	  place that strncasecmp, for instance, is prototyped on some
	  platforms like FreeBSD.

2011-07-24  iulius

	* sendinpaths: add a pattern for the dump filenames
	  
	  Only process files whose name begin with "inpaths." for legacy
	  reasons (behaviour of the previous sendinpaths shell script). It
	  will prevent issues on <pathlog>/path being symlinked to another
	  directory.
	  
	  Also abort the run of sendinpaths if we cannot chdir() to the log
	  directory.
	  
	  Thanks to The Doctor for having reported the problem.

2011-07-22  iulius

	* better documentation of the available variables in INN::Config
	  
	  Document how to obtain the existing INN::Config variables;
	  provide a Perl script that gives the list.
	  
	  Add support for the "undef" value in "innconfval -p" (Perl
	  output) so that the list could be exhaustive.
	  
	  Add a way to retrieve the real short version ("x.y.z") instead of
	  a long string ("INN x.y.z (prerelease 20110622)").
	  $INN::Config::VERSION now contains the short version.

2011-07-20  iulius

	* sendinpaths: complete rewrite in Perl
	  
	  Switch to a new sendinpaths program written in Perl. Based on
	  Mohan Kokal's work.
	  
	  No longer explicitly check for the 'inpath.*' pattern in file
	  names.
	  
	  New -c, -d and -h flags for a copy of the e-mail to the
	  newsmaster, a debug mode, and a usage information.
	  
	  close #22

2011-07-18  iulius

	* improve scripts to send Path: statistics
	  
	  Add two flags to sendinpaths: -k and -r permit to control the
	  interval of days for processing dump files. It will allow a
	  proper generation of daily statistics.
	  
	  Also fixed an issue with statistics that could be missing for a
	  couple of days when monthly sent.
	  
	  Improve our documentation.

2011-07-17  iulius

	* Update our changelog for INN 2.5.3.

2011-07-12  iulius

	* add a missing dependency to time.h for "struct timeval"
	  
	  Thanks to The Doctor for having reported the issue.

	* add a pure attribute, a noreturn attribute, and fix a typo

	* fix a compilation warning
	  
	  Make sure FD_SETSIZE is strictly positive. Cast for an unsigned
	  comparison. Fix a potential bug of affecting -1 to i in case
	  FD_SETSIZE was 0.

	* synchronize the test suite with C TAP Harness 1.7

	* homogeneize the CleanupAndExit() function of fakeinnd with the
	  real one

	* controlchan: use convdate instead of DateTime::Format::Mail
	  
	  * Adapt commit [9238] to no longer have a dependency to the Perl
	  module DateTime::Format::Mail. Use convdate instead.
	  
	  * On a date parsing failure, controlchan no longer dies and
	  rejects the message (which will be actually process only with the
	  "-c" flag disactivating the cutoff check).
	  
	  * Add a "-c" flag to controlchan to disable the cutoff check.
	  
	  * Also add a "-h" flag to print basic usage information.
	  
	  * Convert controlchan man page into POD: - mention
	  control.ctl.local; - document the "-c" and "-h" flags; - document
	  the need for the Perl modules Encode and MIME::Parser; - add an
	  example of how to manually invoke controlchan.

2011-07-11  iulius

	* tradindexed remap of index files when writes out of order
	  
	  The overview IDX files aren't being re-read after an article is
	  written to them -- the failing tests (in xref.t, in the test
	  suite) are the places where a stored overview line is read back
	  to check that it was stored correctly, except for the first time
	  each group is read (tests 2-5, 11-18) and when the high water
	  mark is advanced (7-10), which work correctly.
	  
	  There isn't any mechanism in the source code for the files to be
	  refreshed except in the case that the high water mark has been
	  advanced. On systems which don't have MMAP_MISSES_WRITES, perhaps
	  the underlying write shows up automatically (?)
	  
	  Thanks to Wim Lewis for the bug report.

	* controlchan: impose a date cutoff, block the replay of old
	  control articles
	  
	  controlchan now requires DateTime::Format::Mail to parse dates.
	  Otherwise, with the new Injection-Date: header field, old control
	  articles could be maliciously reinjected into Usenet, and
	  replayed.
	  
	  The Injection-Date: header of old control articles is not always
	  signed...
	  
	  controlchan now imposes a date cutoff.
	  
	  According to RFC 5537, a relaying agent processes an article as
	  follows:
	  
	  2. It MUST examine the Injection-Date header field or, if absent,
	  the Date header field, and reject the article if that date is
	  more than 24 hours into the future. It MAY reject articles with
	  dates in the future with a smaller margin than 24 hours.
	  
	  That is to say that the Date: header field can be set to anything
	  when an Injection-Date header field exists.

	* add a default timeout on outgoing sockets (NNTPconnect)
	  
	  For a long time, there have been occasional problems with actsync
	  syncing from certain servers: instead of erroring out and exiting
	  (with "cannot connect to server: Connection timed out" or
	  alternatively "cannot connect to server: Success"), actsync would
	  hang until manually killed, sometimes for days.
	  
	  gdb shows actsync is hanging in a call to fgets in NNTPconnect()
	  (from actsync.c:get_active()). innxmit and innxbatch can use
	  alarm() to set a timeout but other users of NNTPconnect, such as
	  nntpget, rnews, clientlib.c and nnrpd/post.c apparently don't.
	  
	  Implement SO_RCVTIMEO with the default timeout of 300 seconds
	  (set in include/inn/options.h).
	  
	  The raised error will be: "actsync: cannot connect to server:
	  Resource temporarily unavailable"
	  
	  Thanks to Florian Schlichting for the patch.

	* inncheck: INN 2.6.0 uses addinjectiondate and
	  addinjectionpostinghost for readers.conf
	  
	  The two addnntppostingdate and addnntppostinghost parameters in
	  inn.conf have been respectively renamed to addinjectiondate and
	  addinjectionpostinghost in the 2.6 branch.

	* inncheck: properly find the boundaries of substituted variables
	  in newsfeeds
	  
	  Thanks to Alexander Bartolich for the bug report, and also the
	  patch.

2011-07-10  iulius

	* check of global values vs per-peer values in innfeed.conf
	  
	  * As no keys are actually required in innfeed.conf, update
	  inncheck accordingly.
	  
	  * Update inncheck, the man page and the innfeed.conf sample file
	  to correctly mention that deliver-* keys for imapfeed must be
	  specified at global scope.
	  
	  * initial-sleep is a global value; close-period is a per-peer
	  value. Update inncheck accordingly.

2011-07-09  iulius

	* check all the default values in innfeed.conf (documentation,
	  sample, source code)
	  
	  * Change the default dynamic method from 0 to 3. It already was
	  the recommended value in the documentation, and the default value
	  in the sample innfeed.conf file.
	  
	  * Change the default use-mmap setting from true to false. It
	  already was the recommended value in the documentation. The value
	  of this parameter is only used when innfeed is given file names
	  to send instead of storage API tokens, which is a fairly rare use
	  case.
	  
	  * No longer generate an error message (logged in news.err) when a
	  parameter is not defined in innfeed.conf. It has a default value,
	  so no need to warn the user. (Also updated in innreport.)
	  
	  * Add a "noreturn" hint to the compiler for the dump_core()
	  function.
	  
	  * Homogeneize tape.c with host.c for the default values of
	  backlog-limit, backlog-factor and backlog-limit-highwater.
	  
	  * Log a few more parameters in innfeed.status: "Stats period",
	  "Stats reset", "Debug shrinking", "Fast exit", "stdio-fdmax",
	  "reconnection time", "max reconnection time", "DNS retry period",
	  "DNS expire period", "port num", "force IPv4", "backlog
	  highwater", "highwater queue".
	  
	  * Documentation fixes: - "pid-file" is relative to "pathrun", and
	  not "backlog-directory"; - "log-file" is relative to "pathlog",
	  and not "backlog-directory"; - "initial-sleep" is a global value,
	  and not per-peer; - "close-period" is a per-peer value, and not a
	  global value; - "max-reconnect-time" is mispelled once in the
	  documentation; - specify that *no* keys are mandatory. They are
	  all optional, and have a default value (all of them are now
	  mentioned in the documentation).
	  
	  * Documentation additions: - If a file named "innfeed.debug"
	  exists in the "pathlog" directory, then "debug-level" is
	  automatically set to 1. This is a cheap way of avoiding continual
	  reloading of the "newsfeeds" file when debugging. Note that debug
	  messages still go to "log-file"; - "backlog-directory" is
	  relative to "pathspool"; - "status-file" can be set to an
	  absolute path.

	* inncheck: eliminate perl4-style subroutine calls with &function
	  
	  Patch from Florian Schlichting.

	* inncheck: improve how wildmats are recognized
	  
	  Thanks to Florian Schlichting for the patch.

2011-07-08  iulius

	* inncheck: improvements in checks
	  
	  * Allow uppercase characters in IPv6 addresses. RFC 5952 section
	  4 / 4.3 says that all characters in an IPv6 address MUST be
	  textually represented in lowercase and advises that humans should
	  do so, too. At the same time, all implementations must be able to
	  accept both lowercase and uppercase.
	  
	  * Suppress (useless and misleading) error messages after an error
	  is detected, until the parser is back in sync. The drawback is
	  that it will hide two consecutive errors until the first one gets
	  fixed.
	  
	  * Allow not to specify the maximum size in storage.conf. "size:
	  16384," was treated as an error though it was totally valid and
	  meant "no upper limit".
	  
	  * Recognize inclusions in readers.conf and innfeed.conf. inncheck
	  will ignore the include statement. The drawback is that every
	  file must be self-contained on its own: a file must be a
	  "complete" set of blocks and options. In order to check the
	  included file, inncheck has to be run again on it (with for
	  instance the option "readers.conf=/path/to/included/file").
	  
	  Thanks to Florian Schlichting for the patch.

2011-07-07  iulius

	* improve checks on passwd.nntp
	  
	  Improve the error message when the parsed lined is in wrong
	  format: "Argument list too long" (E2BIG) instead of "Numerical
	  argument out of domain" (EDOM).
	  
	  Also catch a new kind of error in passwd.nntp: any line prior to
	  a matching <hostname>, which is not empty or starts with a hash,
	  but contains a third colon somewhere that is not followed by
	  "authinfo".
	  
	  Thanks to Florian Schlichting for the patch.

	* let innd -S check incoming.conf
	  
	  The fully-useful check will have to wait for the new config
	  parser being used...
	  
	  Thanks to Florian Schlichting for this new -S flag.

	* inncheck: use Getopt::Long
	  
	  Improve the way inncheck parses the command line arguments. The
	  last matching argument is taken into account (consequently,
	  "--noperm --perm --noperm" is valid, as well as "-q -v").
	  
	  As -perm is not just the opposite of -noperm, $perms is handled
	  differently. So 1 is -perm, 0 is -noperm, and -1 is neither.
	  
	  Use --fix, --perms, etc. in our documentation. Keep -fix, -perms,
	  etc. for backward compatibility.
	  
	  Thanks to Florian Schlichting for this patch.

	* inncheck: check for require_ssl and CIDR notations
	  
	  inncheck was looking for require-ssl instead of require_ssl; and
	  it wasn't accepting IPv6 addresses in CIDR notation at all.
	  
	  Patch from Florian Schlichting.

2011-07-06  iulius

	* inncheck: generate a proper exit value and allow quiet (-q)
	  operation
	  
	  Add support for a quiet mode (with the -q flag). This flag cannot
	  be used along with the exiting -v flag (verbose mode).
	  
	  Also add a non-zero exit value when errors are found.
	  
	  Thanks to Florian Schlichting for this patch.

	* innfeed.conf: fix documentation wrt. floating-point and optional
	  values
	  
	  Move bindaddress and bindaddress6 to the (newly created) optional
	  section.
	  
	  dynamic-backlog-low and dynamic-backlog-high expect
	  floating-point values, and not integer values.
	  
	  All of the special keys for imapfeed are not required.
	  
	  Thanks to Florian Schlichting for the main part of this patch.

	* inncheck: actually check incoming.conf/readers.conf, as well as
	  innfeed.conf and storage.conf (generic config-syntax parser)
	  
	  IDEA: Be more restrictive than current parsers and config-syntax
	  / lib/confparse.c combined, so that anything that passes inncheck
	  will be OK both now and in the future.
	  
	  A few notes: - cuddled braces: config-syntax says there doesn't
	  need to be white-space inside, but incoming.conf parser in
	  innd/rc.c requires it (at least after "{") => DO REQUIRE
	  WHITESPACE, as it will work everywhere - double quotes:
	  config-syntax says strings can be continued on multiple lines by
	  means of a backslash; incoming.conf parser in innd/rc.c does not
	  know about backslashes, but will continue over newlines until
	  matching " is found or 32K exceeded => DO REQUIRE strings to stay
	  on one line - comments: config-syntax says "comments at the end
	  of lines aren't permitted", but this seems to be standard
	  practice... Weird things can happen if a "#" is encountered
	  inside a string - multiple variables: config-syntax says multiple
	  variable settings can be on one line when separated by semicolon;
	  incoming.conf parser knows nothing about this - double
	  assignments: in practice, the latter takes precedence, says
	  config-syntax, though I wouldn't bet on it for current
	  incoming.conf...
	  
	  Many thanks to Florian Schlichting for this pretty useful patch.

	* inncheck: make perlcritic happy (a little bit at a time...)
	  
	  One of these is a bug: an error message was not shown (for
	  passwd.nntp).
	  
	  Thanks to Florian Schlichting for this patch.

	* clean up innd code
	  
	  Add the "noreturn" attribute to two functions.
	  
	  Fix a typo, add a comment, add an explicit comparison to NULL.

	* implement an upper limit to the number of file descriptors
	  
	  select() only handles (FD_SETSIZE-1) file descriptors at most.
	  Otherwise, macros like FD_SET have an unexpected behaviour.
	  
	  Force this upper limit right now (usually 1023). In future
	  versions of INN, hopefully libevent will deal with a larger
	  number of file descriptors.
	  
	  Thanks to Steve Crook for the bug report.

	* better check of the rights on the private key for TLS connections
	  
	  Use stat() instead of lstat(). The permissions of the symlink are
	  irrelevant; we only care about the permissions of the underlying
	  file.
	  
	  Use getegid() instead of getgid().
	  
	  The news group is fairly trusted already by INN. Ensure that if
	  the mode is 440 or 640, the group owner is the news group (to
	  prevent the failure case of having news:users as the owner and
	  group).
	  
	  In the error message, a wrong path to the key was put (cert_file
	  instead of key_file).
	  
	  Thanks to Florian Schlichting for having reported the issue, and
	  to Russ Allbery for his help on the fix.

2011-07-05  iulius

	* add 'use strict' mode to signcontrol
	  
	  Clean up these Perl scripts.
	  
	  Use LOCK_EX instead of the value 2.
	  
	  Thanks to Florian Schlichting for this patch.

	* STARTTLS / AUTHINFO SASL plaintext command injection
	  
	  Fixed a possible plaintext command injection during the
	  negotiation of a TLS layer. The vulnerability detailed in
	  CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands.
	  nnrpd now resets its read buffer upon a successful negotiation of
	  a TLS layer. It prevents malicious commands, sent unencrypted,
	  from being executed in the new encrypted state of the session.
	  
	  The issue has been present since INN 2.3.0 (when STARTTLS was
	  implemented).
	  
	  Confirmed when sending "STARTTLS\r\nDATE\r\n" with openssl:
	  
	  17:04 news@trigo ~/work/openssl/openssl-1.0.0d% apps/openssl
	  s_client -quiet -starttls smtp -connect news.trigofacile.com:119
	  didn't found starttls in server response, try anyway... depth=0 C
	  = FR, ST = news.trigofacile.com, O = news.trigofacile.com, CN =
	  news.trigofacile.com verify error:num=18:self signed certificate
	  verify return:1 depth=0 C = FR, ST = news.trigofacile.com, O =
	  news.trigofacile.com, CN = news.trigofacile.com verify return:1
	  500 What? 111 20110403150413 QUIT 205 Bye!
	  
	  The 500 artefact is because of the EHLO sent by openssl before
	  STARTTLS. We see here that the DATE command is answered.
	  
	  With this patch, here is a new attempt with openssl:
	  
	  17:06 news@trigo ~/work/openssl/openssl-1.0.0d% apps/openssl
	  s_client -quiet -starttls smtp -connect news.trigofacile.com:119
	  didn't found starttls in server response, try anyway... depth=0 C
	  = FR, ST = news.trigofacile.com, O = news.trigofacile.com, CN =
	  news.trigofacile.com verify error:num=18:self signed certificate
	  verify return:1 depth=0 C = FR, ST = news.trigofacile.com, O =
	  news.trigofacile.com, CN = news.trigofacile.com verify return:1
	  500 What? DATE 111 20110403150638 QUIT 205 Bye!
	  
	  The answer to DATE is not given after "500 What?". We had to
	  explicitly ask for it. The issue is therefore solved.

	* add 'use strict' mode to cnfsheadconf, cnfsstat, innmail and
	  procbatch
	  
	  Clean up these Perl scripts.
	  
	  Thanks to Florian Schlichting for this patch.

	* add 'use strict' mode to mod-active
	  
	  Clean up the Perl script (especially a rewrite of the eval()
	  call).
	  
	  Restart INN automatically before (and if) dying, when the old
	  active file is still present.
	  
	  Thanks to Florian Schlichting for this patch.

	* add support for wire-formatted articles in scanspool
	  
	  Remove \r from the Newsgroups: header field when parsing it.
	  Otherwise, scanspool can not properly parse articles stored in
	  wire-format, and wrongly report that the article does not belong
	  in its newsgroup.
	  
	  Also initialize two variables, and make sure a hash value exists,
	  to silent three warnings during the execution of scanspool.

	* add 'use strict' mode to scanspool
	  
	  Clean up the Perl script.
	  
	  Thanks to Florian Schlichting for this patch.

2011-06-24  iulius

	* fix compilation issues and useless prototypes
	  
	  * Remove the useless timerCallback() function.
	  
	  * Add a missing argument in a call to prepareWrite().
	  
	  * "len" should be a socklen_t and not an int.
	  
	  * "program" was not declared as a char*.
	  
	  * Better names for variables.
	  
	  * Remove useless prototypes, and make a few functions as static.
	  
	  * Typos in comments.
	  
	  Thanks for Florian Schlichting for the main part of the patch.

	* fix a bug in the frequency innfeed logs its status
	  
	  innfeed was printing lots of useless lines to news.notice.
	  
	  TMRnow() doesn't return the current time, as innfeed was assuming
	  in the code, but the readily usable number of milliseconds since
	  the last call to TMRsummary() or TMRinit().
	  
	  Thanks to Florian Schlichting for the patch.

2011-06-14  iulius

	* Build INN with the new "-Wunused-but-set-variable" GCC 4.6.0
	  warning.
	  
	  Remove unused variables.
	  
	  At the same time, do a bit of cleaning! (Useless whitespaces,
	  useful (for reading) whitespaces, one-line if conditions,
	  "conn_ret" type instead of "int".)
	  
	  Also add checks to WriteToWire_lmtpstr() results, so as to really
	  return the result (and properly disconnect the session on error),
	  instead of returning RET_OK as though everything were OK.
	  
	  Same thing for WriteToWire_imapstr() at a few places.
	  
	  No need to be in any auth step when we are about to close the
	  IMAP session after a failure of WriteToWire_imapstr().

	* Build INN with the new "-Wunused-but-set-variable" GCC 4.6.0
	  warning.
	  
	  Remove unused variable "amt", and at the same time two useless
	  TRUST_FPRINTF and NO_TRUST_STRLEN branches.

	* Build INN with the new "-Wunused-but-set-variable" and
	  "-Wunused-but-set-parameter" GCC 4.6.0 warnings.
	  
	  Remove unused variables.
	  
	  Also fix a potential issue with the incorrect handling of structs
	  when passed by value instead of by reference. Maybe a
	  compiler-specific behaviour.

	* Build INN with the new "-Wunused-but-set-variable" GCC 4.6.0
	  warning.
	  
	  Remove unused "c" variable.
	  
	  Well, better rewrite the function at the same time. Thanks to
	  Russ Allbery for the new array parsing code.

	* Build INN with the new "-Wunused-but-set-variable" and
	  "-Wunused-but-set-parameter" GCC 4.6.0 warnings.
	  
	  Remove unused variables.
	  
	  In innd/python.c, also use "wasspace" as a boolean.
	  
	  In tests/overview/api-t.c, keep the "expires" variable because it
	  is set afterwards in the code to the right expected value. Though
	  unused after being set, it is worth keeping it for the day when
	  the overview API uses the value.

2011-06-13  iulius

	* Build INN with the new "-Wunused-but-set-variable" GCC 4.6.0
	  warning. It was complaining about an unused "sv" variable.
	  
	  This commit fixes the following issues: * innd and nnrpd
	  segfaults because of a corrupted Perl stack. A copy of the Perl
	  stack pointer is saved at several places in the code but not
	  always restored the way it should be. For instance, PerlFilter()
	  calls could reallocate the Perl stack and subsequently cause
	  failures when the stack is used afterwards. Make sure that the
	  Perl stack could not be modified twice in the row without being
	  properly updated at global scope.
	  
	  * use ENTER-SAVETMPS-PUSHMARK-PUTBACK and
	  SPAGAIN-PUTBACK-FREETMPS-LEAVE macros whenever they are required.
	  Note that call_argv() does not need PUSHMARK-PUTBACK.
	  
	  * fixed two memory leaks because of a xasprintf() which was not
	  free'd.
	  
	  * documentation of the filter_end() Perl routine that is called,
	  if defined, prior to the deactivation of Perl filters. Both used
	  by innd and nnrpd when Perl filtering is turned off (either with
	  "ctlinnd perl n" or when a Perl function dies at run time).

2011-06-11  iulius

	* Use "localhost" instead of "stdin" in injection fields when an
	  article is posted from the local system.
	  
	  Suggestion from Dieter Stussy and Paolo Amoroso.

	* Fix the build on MacOS because of common variables. We just
	  declare them as non-common by adding initialisations.
	  
	  Root cause seems to be that ranlib behaves different on MacOS X.
	  By default, ranlib (actual libtool, ranlib is a symbolic link to
	  libtool) doesn't put common symbols in the index. From ranlib(1):
	  
	  -c Include common symbols as definitions with respect to the
	  table of contents. This is seldom the intended behavior for
	  linking from a library, as it forces the linking of a library
	  member just because it uses an uninitialized global that is
	  undefined at that point in the linking. This option is included
	  only because this was the original behavior of ranlib. This
	  option is not the default.
	  
	  Thanks to Dennis Preiser and vi Bo Lindbergh for the patch.
	  
	  Also remove the three now unnecessary mentions to shmem.o,
	  expire.o and ov.o in ovmethod.mk.

2011-05-11  eagle

	* Fix broken or obsolete links in install documentation
	  
	  Update the link for installing Perl to the result of the current
	  permanent redirect. Remove the paragraph about installing the
	  commercial version of PGP, since www.pgp.com now redirects to the
	  Symantec product page, which makes no mention of the PGP that
	  would be of interest to an INN installer.

2011-04-16  iulius

	* Document the format of ninpaths dump files.
	  
	  Add a symbolic link for inpaths(8) to ninpaths(8).
	  
	  Mention that INN 1.7 supports the WP newsfeeds flag.

	* The simpleftp script does not switch to binary mode before
	  transferring files.
	  
	  If it is used by actsyncd to get active.gz from ftp.isc.org, the
	  transferred archive is corrupted.
	  
	  Thanks to Matthias Meyser for the bug report.

	* OVrealnow was declared twice in storage/overinterface.h.
	  
	  Thanks to Dennis Preiser for the report.

	* On some OS (like FreeBSD), renice emits a status report to
	  STDERR.
	  
	  When using sendinpaths, which uses renice, in a cronjob, an email
	  is sent every time with that report. STDERR is now redirected to
	  /dev/null.
	  
	  Thanks to Matthias Meyser for having reported the issue.

	* Update changelog after revision 9189.

2011-03-02  iulius

	* Convert the innfeed.conf man page to POD.
	  
	  * Add backlog-highwater, news-spool and input-file in the
	  innfeed.conf sample file.
	  
	  * Add fast-exit, debug-shrinking and initial-sleep in both the
	  documentation and the sample file.
	  
	  * To match what innfeed does by default : - change
	  host-queue-highwater from 200 to 10 in the sample file - change
	  max-connections from 5 to 2 in the sample file - change
	  dynamic-backlog-low from 25.0 to 20.0 in the sample file
	  
	  * innfeed/host.c was expecting "backlog-limit-high" whereas
	  innfeed/tape.c was properly using "backlog-limit-highwater"
	  (which is the one mentioned in the innfeed.conf configuration
	  file and the documentation). It then appears that innfeed was not
	  taking the value into account and always using the default value
	  of 0.
	  
	  * Fix the documentation for the path to innfeed.status. It is
	  either pathlog or pathhttp, and not the backlog directory.
	  
	  * Fix the paragraph about imapfeed: "deliver" is not a parameter.
	  
	  * Remove the notion of version 0.9.3 and 1.0 for innfeed.
	  
	  * Remove the mention that "in previous versions of innfeed, a
	  value of 1 had a special meaning for <max-connections>. This is
	  no longer the case, 1 means a maximum of 1 connection."
	  
	  * Remove the mention that "in innfeed 0.9.3 and earlier,
	  <no-check-high> was in the range [0.0, 9.0]".
	  
	  * Remove the sample innfeed.conf file from the documentation (no
	  need to duplicate it).
	  
	  * Typos.

2011-02-12  iulius

	* Add a missing semi-colon.

	* Fix spaces.

	* Convert inncheck man page to POD.
	  
	  Update the help usage.
	  
	  Fix a few typos, and add the control.ctl.local file.

2011-02-12  eagle

	* Initialize socket structures and use SUN_LEN properly
	  
	  From Bo Lindbergh: innd failed to bind to an unprivileged socket.
	  I found the problem in lib/network.c (a sockaddr_in with
	  uninitialised spare bits in it). Then I grepped around and found
	  more instances of the same problem. I also found a sockaddr_un
	  problem (SUN_LEN not used).

2011-02-06  eagle

	* Add imapfeed to NAME section of innfeed man page

2011-02-01  eagle

	* Ensure flag is declared in innbind for IPV6_V6ONLY
	  
	  If SO_REUSEADDR were not defined but IPV6_V6ONLY were defined,
	  innbind would fail to compile because a flag variable would not
	  be declared. This is an unlikely set of supported options for a
	  network stack, but let's be fully correct. Thanks, Florian
	  Schlichting.

2011-01-30  iulius

	* Use cat, grep -v and echo instead of sed. The sed syntax is too
	  different depending on the platform.

	* Add the clibrary.h header to properly define va_list.
	  
	  Thanks to The Doctor for having pointed out the issue on FreeBSD.

2011-01-28  iulius

	* Re-add the legacy *errors to the libtest header. It was removed
	  by mistake in the last commit. (gcc 4.3 complains about it,
	  whereas gcc 4.1 does not)

	* Update our test suite to use the official C TAP Harness release
	  (version 1.6).
	  
	  Well, for the time being, use the legacy syntax for the test
	  suite. A variable named LIBTEST_NEW_FORMAT can be set at the
	  beginning of a test so as to use the new syntax.

2011-01-25  iulius

	* inncheck: run under 'use strict'.
	  
	  Also don't use hashes with package names (e.g.,
	  %control'messages) as it's an ancient form and prevents syntax
	  checking.
	  
	  Thanks to Florian Schlichting for the improvement.

	* inncheck: delete long-unsused cruft.
	  
	  innlog.pl was the precursor to innreport...
	  
	  Thanks to Florian Schlichting for the clean up.

2011-01-24  iulius

	* Mention that SASL is also used by nnrpd. Typo, and improve the
	  changelog for INN 2.5.3.

	* Add parenthesis for Python print() calls. It otherwise does not
	  work with Python 3.

	* Convert innfeed man page to POD.
	  
	  Improve the help usage (notably, adding a mention of the -o
	  flag).
	  
	  Move innfeed(1) to innfeed(8).
	  
	  Add a symbolic link for imapfeed(8) to innfeed(8).
	  
	  Fixes during the process:
	  
	  * Document the new logging (notably, "accsize", "rejsize" and the
	  "%d/%.1f" syntax for "deferred" were missing).
	  
	  * Document the -s flag in the man page. Thanks to Florian
	  Schlichting for having found it was missing and provided a
	  wording for the documentation.
	  
	  * Typos.

2011-01-23  iulius

	* Add the htmlstatus parameter to inn.conf to determine whether the
	  status file that innd can write out (depending on the value of
	  the status parameter) is plain text or wrapped in HTML. It
	  previously only was a compile-time option, set to true by
	  default. The behaviour was therefore impossible to modify without
	  compiling again INN.
	  
	  Thanks to Florian Schlichting for the patch.
	  
	  Also fix the syntax of the generated HTML file. The refresh time
	  should not end with a semi-colon. Add the English language, and
	  validate HTML 5.

	* Missing commit, related to revision 9135. I forgot to commit the
	  new documentation:
	  
	  * Add authentication to the downstream server.
	  
	  * Improve documentation (especially the example for the "-m" flag
	  that should be quoted for the shell).

	* Improve the logging of Perl and Python access hooks. The origin
	  wasn't previously mentioned:
	  
	  "syntax error in (null)(2), Expected value."
	  
	  Now, nnrpd will log:
	  
	  "syntax error in perl_access-block(2), Expected value."

2011-01-20  iulius

	* Improve the wording of the action taken after a newgroup/rmgroup
	  control article. Always use a verb.
	  
	  Thanks to Florian Schlichting for the patch.

2010-12-25  eagle

	* Fix wrapping of readers.conf parameters inherited by inn.conf

	* Document the post saving done by readertrack = true
	  
	  If readertrack is set to true, in addition to logging client
	  activity, every post made is also saved in a directory under the
	  log directory in a file named by message ID. Document this in
	  inn.conf.

2010-11-17  iulius

	* The -F flag was not working when the -P flag was not also set
	  with pullnews. The two flags can now be used separately.

	* The "-k n" flag was not working the way it should in pullnews.
	  The configuration file was not saved after every n articles
	  (right behaviour) but after every n articles in one newsgroup.
	  
	  Thanks to Edmund H. Ramm for the bug report.

	* pullnews was not properly counting the number of bytes
	  downloaded. It was not resetting the count between newsgroups;
	  consequently, the bytes count was only right for the first
	  newsgroup.
	  
	  Thanks to Edmund H. Ramm for the bug report.

2010-11-01  iulius

	* Fixed an issue in the Python access hook for nnrpd: it has not
	  been working since Python 2.5 on 64-bit platforms, owing to a
	  change to Python's C API, using a new Py_ssize_t type definition
	  instead of int.
	  
	  Thanks to Raphael Barrois for the patch.
	  
	  Define Py_ssize_t as an int for Python versions < 2.5.0.
	  
	  Also include Python.h before any standard headers are included,
	  because "Python may define some pre-processor definitions which
	  affect the standard headers on some systems".

2010-10-30  iulius

	* * Advertise the COUNTS, DISTRIBUTIONS, MODERATORS, MOTD and
	  SUBSCRIPTIONS keywords in the LIST capability for nnrpd.
	  Compliance to RFC 6048.
	  
	  * Implement the message of the day in innd, and advertise it in
	  its LIST capability.
	  
	  * The motd.news file (previously used only by nnrpd) is renamed
	  to motd.nnrpd during innupgrade.
	  
	  * A new motd.innd file is created for innd.
	  
	  * In the 501 error code for an unexpected third argument to a
	  LIST command, mention it is not necessarily a wildmat.
	  
	  * Better wording for the 503 error code in response to LIST.
	  
	  * Documentation update.
	  
	  * Symbolic links are created for motd.innd.5 and motd.nnrpd.5
	  (pointing to the legacy motd.news.5 man page).

2010-10-29  iulius

	* Before passing the submission template to snprintf(), check that
	  it is a valid one with "%" followed by only another "%" or a "s"
	  (but once only).

	* When "cnfsstat -a" is used, a Perl warning occurs if the CNFS
	  buffer has not been initialized yet or received an article. The
	  time of the oldest article is unset. We now properly take it into
	  account.
	  
	  Thanks to Florian Schlichting for the bug report.

	* Check MAXARTLINELENGTH in nnrpd, not innd.
	  
	  This patch means reverting the previous "CRwithoutLF" patch
	  [9086] and also ripping out all length checking and both unsigned
	  long length as well as data->LastCRLF.
	  
	  Thanks to Florian Schlichting for the patch.

	* Update our documentation to mention the fact that RFC 6048 now
	  exists and is implemented in INN.

2010-10-24  iulius

	* * Add authentication to the downstream server. * Improve
	  documentation (especially the example for the "-m" flag that
	  should be quoted for the shell). * Do not connect to an upstream
	  server when no newsgroups should be fetched. * Do not stop
	  processing newsgroups when an error occur (for instance when a
	  newsgroup mentioned in the configuration file has been removed
	  from the upstream server).
	  
	  Thanks to Edmund H. Ramm for the bug reports.

2010-10-03  iulius

	* Mention in the logs of innfeed that a warning may be fine when a
	  new CNFS buffer has just been set up.
	  
	  Thanks to Michael Grimm for having reported the issue.

	* Ignore in innreport when innfeed rolls its funnel file.
	  Otherwise, it shows up as "unknown entry" in the report.
	  
	  Thanks to Florian Schlichting for the patch.

2010-09-28  iulius

	* datebuff was no longer initialized... Fix commit 9127.

2010-09-26  iulius

	* Realign our inn.conf sample (because "extraoverviewadvertised"
	  and "addinjectionpostinghost" are a bit too long for the current
	  alignment).

	* Do not add an Injection-Date: header when a message-ID and a
	  posting date are already present.
	  
	  RFC 5537: If the proto-article had both a Message-ID header field
	  and a Date header field, an Injection-Date header field MUST NOT
	  be added, since the proto- article may have been multiply
	  injected by a posting agent that predates this standard.
	  Otherwise, the injecting agent MUST add an Injection-Date header
	  field containing the current date and time.

	* Do not forget to free a pointer.

	* Better check for the syntax of the posting-host attribute of the
	  Injection-Info: header field. "stdin:" without any IP was seen in
	  the wild. Fix it to only print "stdin".

	* Fix changelog from previous commit. (The issue was only in
	  CURRENT 2.6.0, not STABLE INN 2.5.3.)

	* nnrpd no longer adds or updates Injection-Date:, Injection-Info:
	  and Path: header fields when the article is forwarded to a
	  moderator. It could otherwise lead to rejects at injection time
	  when the article was approved by the moderator because these
	  fields show a previous injection (which did not occur).
	  
	  Note that if strippath is true, we will still remove the Path:
	  header. No harm done with that removal.
	  
	  Excerpt from RFC 5537:
	  
	  3.5. Duties of an Injecting Agent
	  
	  7. If the Newsgroups header contains one or more moderated groups
	  and the proto-article does not contain an Approved header field,
	  the injecting agent MUST either forward it to a moderator as
	  specified in Section 3.5.1 or, if that is not possible, reject
	  it. This forwarding MUST be done after adding the Message-ID and
	  Date headers if required, and before adding the Injection- Info
	  and Injection-Date headers.
	  
	  8. Otherwise, a Path header field with a <tail-entry> MUST be
	  added if not already present.
	  
	  9. The injecting agent MUST then update the Path header field as
	  described in Section 3.2.1.

	* Go on checking the syntax of the Date: header field, even though
	  it is not used by innd when an Injection-Date: header field
	  exists.

2010-09-25  iulius

	* No impact because the NeedHeadername member is not used in this
	  case. Yet, better put it right.

	* innd, as a relaying agent, now examines the Injection-Date:
	  header, when present. It contains the posting date (used for
	  history). makehistory now also uses it, when present. Otherwise,
	  the Date: header is used.
	  
	  nnrpd, as an injecting agent, checks whether the Date: header
	  field is not too far in the past. It is a recommendation of RFC
	  5537 since not all news servers support the Injection-Date:
	  header. (The article would then suffer from poorer propagation.)

2010-09-24  iulius

	* Update the manifest and Subversion properties after commit 9111.

	* inncheck was not substituting variables in the newsfeeds
	  configuration file. It therefore wrongly reported errors.
	  
	  For instance: $limitHI=131072
	  example/example.com:*:Ajp,Tm,<$limitHI:innfeed!
	  
	  Now fixed. This example is properly parsed by inncheck.
	  
	  Thanks to Michael Grimm for the bug report.

	* Add the possibility to run local innshellvars scripts.
	  
	  innshellvars.local, innshellvars.pl.local and
	  innshellvars.tcl.local are now executed at the end of the run of
	  the corresponding innshellvars script. A typical use is to add or
	  override variables. For instance HOME or GNUPGHOME. These local
	  scripts have to be executable; otherwise, they are not taken into
	  account.
	  
	  Thanks to Matthew Vernon for the suggestion.

2010-09-10  eagle

	* Yet another update to the Berkeley DB URL

2010-09-10  iulius

	* INN thinks that OpenBSD (4.6) doesn't support Unix-domain
	  sockets. The problem is that <sys/socket.h> doesn't include
	  cleanly unless you include <sys/types.h>, and the AF_UNIX test in
	  m4/socket.m4 doesn't include <sys/types.h>.
	  
	  It is also added to the test program for AI_ADDRCONFIG, even
	  though (a) including stdio.h happens to pull in the necessary
	  headers and (b) OpenBSD doesn't have AI_ADDRCONFIG anyway.
	  
	  Note: m4/sendfd.m4 can be left without the patch. This will
	  always fail on OpenBSD anyway, so it shouldn't matter. This will
	  only successfully compile and run on a STREAMS-based system, so
	  only SysV. It is the same for include/portable/getnameinfo.h and
	  include/portable/getaddrinfo.h: none of those currently cause
	  problems because these headers are only included by files which
	  have already included sys/types.h, and OpenBSD doesn't support
	  STREAMS at all.
	  
	  Thanks to Wim Lewis for the patch.

2010-08-11  iulius

	* Fix the Tcl innshellvars script (which has not worked since INN
	  2.3).
	  
	  A variable was unset, and the evaluation of innconfval was not
	  working.
	  
	  Also add a catch block in case the Tcl interpreter does not
	  recognize the umask command.

2010-08-10  iulius

	* Revert commit 7405 (for Debian bug #307765) to resolve another
	  Debian bug: #584234.
	  
	  We started setting HOME to try to get pgpverify to look in the
	  correct place for the keyring. Current versions of pgpverify now
	  deal with this by setting the keyring location explicitly.
	  
	  Overriding HOME breaks things. Most notably, it means that gpg
	  will try and create files in <pathnews>/.gnupg so if pathnews is
	  not the same as ~news, things like buildinnkeyring (Debian
	  specific) and gpgverify won't work.
	  
	  Thanks to Matthew Vernon for the bug report.
	  
	  We also change where pullnews looks for its configuration file.
	  It is now pullnews.marks in <pathdb>, instead of .pullnews in
	  HOME.

2010-08-05  iulius

	* Use a variable for the width within printf. Following commit
	  9092.
	  
	  Thanks to Urs Janssen for the hint.

2010-08-03  iulius

	* Use a constant (ARTNUMPRINTSIZE) for the length of a water mark.
	  It will be of help if we ever switch from 32-bit to 64-bit
	  article numbers.

2010-08-01  iulius

	* Assignment to $[ is deprecated in Perl 5.12.1. Anyway, the
	  default is 0; so we can remove our assignments.
	  
	  Thanks to Dieter Stussy for having noticed.

2010-07-30  iulius

	* Fix the name of the variable containing the information about
	  required headers. Following commit 9087.

	* Mention that Perl and Python filters for innd return the *first*
	  occurrence of header fields in the %hdr variable. Whereas it is
	  the *last* occurrence for the Perl filter for nnrpd.

	* When a header field appeared more than once in an article, it was
	  missing from the overview data. OVER/XOVER, as well as
	  HDR/XHDR/XPAT using the overview, were therefore returning an
	  empty field. The content of the first occurrence is now returned,
	  in accordance with RFC 3977.

2010-07-17  iulius

	* This patch causes both CRwithoutLF (\r) and LFwithoutCR (\n) to
	  be considered the same as CRLF (\r\n) for purposes of checking
	  allowable header line length.
	  
	  It appears that some people like to grace their articles with
	  Face: or X-Face: headers of typically 4-6k binary data. While
	  usually put into nice continuation lines of around 80 characters,
	  a few clients fail to create proper line breaks for this header,
	  inserting only a single \r or \n instead. The nnrpd in INN 2.3
	  doesn't reject or correct these mistakes for non-system headers,
	  and offending articles are still "in the wild".
	  
	  innd currently counts, logs and ignores such imperfect line
	  breaks. Alas, when checking for the maximum allowable 'physical'
	  line length, single \r or \n are not recognized, thus making the
	  whole 'virtual' (continued) header appear as a single line,
	  easily exceeding MAXARTLINELENGTH and thus causing the article to
	  be rejected.
	  
	  Thanks to Florian Schlichting for the patch.

	* Confusion between CR and LF when innd parses a body and counts
	  missing LFs.
	  
	  Thanks to Florian Schlichting for having noticed it.

	* A single header field line is limited to 998 bytes, per RFC 5536.
	  innd was previously accepting, and also generating Xref: header
	  field lines, up to 1022 bytes.
	  
	  Use new MAXARTLINELENGTH and MED_BUFFER constants instead of
	  MAXHEADERSIZE in the code.
	  
	  Update the test suite.
	  
	  Meanwhile, fix two bugs in the generation of the Xref: header
	  field:
	  
	  * When resizing the buffer, extra place for a CRLF that may be
	  added by a continuation line is not taken into account.
	  Consequently, when p[0] = '\r' and p[1] = '\n' are used, a
	  segfault may occur.
	  
	  * When comparing to MAXARTLINELENGTH, the final CRLF is not taken
	  into account ("+2" is missing in the count), so the generated
	  Xref: header field might end up with 1002 bytes!

2010-07-11  iulius

	* Remove the mention of an unnecessary (and weird) include file.
	  (See commit 8871.)

2010-07-03  eagle

	* remove broken tags / ctags make targets
	  
	  These targets have been broken for some time and wouldn't work
	  with GNU ctags anyway. Just do 'ctags -R' in the toplevel source
	  directory and put 'set tags=./tags,tags,/path/to/source/tags' in
	  your .vimrc if you want to use tags.
	  
	  Patch from Florian Schlichting.

2010-06-28  iulius

	* Mention in the documentation that e-mail addresses can be used as
	  arguments to sendinpaths.
	  
	  Thanks to Ian Jackson for the bug report.

2010-06-05  iulius

	* Fix the use of uninitialized values: storage classes and ARGV.
	  oldart was not declared as a local variable and its value was
	  then wrongly reused.

	* Allow to *not* compress logs. --with-log-compress=cat will do
	  that at configure time.
	  
	  Idea from Florian Schlichting.

2010-05-31  iulius

	* Use pre-formatted text for a better HTML and *nroff output.

	* Fix a character badly encoded.

2010-05-30  iulius

	* Convert libstorage to POD.
	  
	  Fixes during the process:
	  
	  * ARTHANDLE contains two different ways of representing article
	  data: an iovec array, and a char*/length pair. One is used by
	  SMstore and the other by SMretrieve, but this is not documented.
	  Patch from Ian Jackson to fix that.
	  
	  * OVadd has a time_t expires parameter.
	  
	  * OVexpiregroup has a struct history *h parameter.
	  
	  * OVgetartinfo does not have char **data and int *len parameters.
	  
	  * SMexplaintoken(const TOKEN token) was not documented.
	  
	  * Dot-stuffing was not clearly documented.
	  
	  * Structs and enums were not all mentioned.
	  
	  * EXPENSIVESTAT was not documented.
	  
	  * OVCACHEKEEP and OVCACHEFREE were not documented.

	* Put variables in italics (POD documentation).

2010-05-20  iulius

	* Emitting an error if nntpsend is unable to get the lock is better
	  than silently failing.
	  
	  Thanks to Matthew Vernon for his suggestion.

	* Fix the documentation of the -n flag for nntpsend.

	* No upper case to innwatch, innxmit and innreport.

	* Convert nntpsend and nntpsend.ctl documentation to POD. Better
	  nntpsend.ctl sample configuration file.
	  
	  Fixes: * The -a flag is given only when there is no size limit. *
	  The -d and -D flags were incorrectly described (reported by
	  Matthew Vernon). * The -S flag does not exist for nntpsend. *
	  When the -n flag is used, nntpsend does not sleep before spawning
	  each innxmit child. * In nntpsend.ctl documentation, trunc(1)
	  does not exist; it is shrinkfile(1).

	* Remove trailing spaces.

2010-05-08  iulius

	* The order of CNFS buffers in a metacycbuff is now properly read
	  and written by cnfsheadconf. There previoulsy was a confusion
	  between hexadecimal and decimal values.
	  
	  Thanks to John F. Morse for the bug report.

	* When HDR/XHDR/XPAT was used on a new article coming into a
	  newsgroup, requesting a header not present in the overview
	  database, the first subsequent OVER/XOVER command did not show
	  that article. A remap of the overview data file was missing in
	  nnrpd.
	  
	  Thanks to Sam Varshavchik for the bug report.
	  
	  The cached index and the cached data files were not immediately
	  remapped to reflect the change. When doing an overview search
	  with (X)OVER, both the index and data files are remapped, if need
	  be. The same for (X)HDR or XPAT *when* using the overview. Here,
	  as "(from articles)" is replied by the server, the search is done
	  in the article itself and does not call an OVopensearch(). The
	  code uses OVgetartinfo() which calls tdx_article_entry() which
	  remaps the index file but *not* the data file. Therefore, the
	  high water mark in the cached data file is still mapped to high-1
	  after (X)HDR but tdx_article_entry() updates data->high to be the
	  new high water mark... Then (X)OVER is used. It believes the
	  cached data information is right. But obviously does not find the
	  last article and the cached data file then is marked as
	  to-be-remapped. Which is done when doing the subsequent overview
	  search with (X)OVER.
	  
	  See also [8451].

	* cnfsheadconf now properly recognizes continuation lines in
	  cycbuff.conf, that is to say lines ending with a backslash (\).
	  
	  Thanks to John F. Morse for the bug report.

2010-04-12  eagle

	* Update the URL to Berkeley DB

	* Update URL for svn2cl

	* Remove the README reference to inflow
	  
	  The URL appears to be dead.

	* Fix URL for the SCO UNIX tutorial to avoid a redirect

2010-03-24  eagle

	* Rewording and editing of changes for 2.5.2

2010-03-23  iulius

	* Bump revision number.

	* Fix a call to an uninitialized value. Thanks to John F. Morse for
	  the bug report.

2010-03-21  iulius

	* Remove a superfluous space.

	* Mention that UTF-8 is needed for LIST DISTRIBUTIONS and LIST
	  MOTD.

	* Do not allow local postings to junk groups, as it has always been
	  documented in the active man page (before commit [8735]).
	  
	  Posting will be allowed in configured to in readers.conf (local
	  postings).

	* Enforce UTF-8 for LIST MOTD and LIST DISTRIBUTIONS responses.

2010-03-19  iulius

	* mailpost should trim the References: header field when it is too
	  long. Otherwise, inews rejects the article. RFC 5537 explains how
	  to trim it.
	  
	  Original patch from Harald Dunkel.

	* Assume STDC_HEADERS is always true nowadays.
	  
	  CTYPE is no longer useful; yet, as Russ Allbery hints at, we keep
	  the cast because it remains the case that passing signed
	  characters into is*() functions can cause problems on some
	  platforms. Some implementations do straight table lookups and, if
	  given what they think is a negative number, will happily
	  dereference memory off the beginning of the table.

	* actsync rejects syncing newsgroups whose components start with
	  '+', '-' or '_'. RFC 5536 in section 3.1.4 states that these MUST
	  be accepted by news servers (and innd does so), even though their
	  use is reserved.
	  
	  actsync now supports them, as well as a hierarchy name that
	  starts with one of these characters.
	  
	  Thanks to Florian Schlichting for the patch.

	* Remove obsolete AC_HEADER_DIRENT and (unused) AC_STRUCT_TM.

	* Change how innfeed logs its article counts. A checkpoint is added
	  just before a connection is closed. Checkpoints contain values
	  accumulated since the last checkpoint. This way, innreport can
	  rely on checkpoints only, so as to produce more accurate stats.
	  
	  See also commit [9002] for innd.
	  
	  close #7

2010-03-16  iulius

	* Properly show in innreport news clients that failed to post
	  articles.

	* Prevent negative values from being reported in nnrpd for the
	  number of groups read by a client.

	* Silent two warnings (gethostbyaddr and getpeername) that used not
	  to be reported. A change in nnrpd previously broke that.

	* Properly count the number of groups opened during a session, and
	  which contained at least an article.
	  
	  Previously, the count was not taken into account when groups were
	  opened with no new articles in any of them. And it was taken into
	  account for groups with no articles, provided that at least one
	  contained an article.
	  
	  The result is now more coherent.

	* innreport was not properly summing post errors: the domain count
	  was not done (though configured in innreport.conf), and the
	  reader count was not working.

	* Better report with innreport: NoCeM notices with only bad
	  messages will now be shown, innxmit feeds with no accepted
	  articles will also be shown, as well as news readers which never
	  read any article (for instance those that only post).

	* Change how innd logs its article counts. A checkpoint is added
	  just before a connection is closed. Checkpoints contain values
	  accumulated since the last checkpoint. This way, innreport can
	  rely on checkpoints only, so as to produce more accurate stats.
	  
	  see #7

2010-03-14  iulius

	* Remove the check for newsgroups containing only ASCII characters
	  when receiving a newgroup control article. Otherwise, UTF-8
	  characters would cause a reject of the control article.

	* Better wording, and a POD typo.

	* Fix a bug in tradindexed cache entries which made innd throttle
	  because the oldest cache entry couldn't be found. It thought the
	  cache was empty, kept opening copies of the same overview files,
	  and eventually ran out of available system open file descriptors.

	* Do not truncate to 9 characters the name of a host when
	  unspooling files with rnews.

	* Properly create datarootdir and pathhttp with the rights
	  associated to the news user and the news group.

	* When answering to IHAVE, innd was sending a checkpoint to the
	  remote server in case it was time to write a checkpoint to
	  syslog.

2010-02-16  iulius

	* Update the size limit of block devices. It has changed since the
	  time our documentation was written.
	  
	  Thanks to Miquel van Smoorenburg and Russ Allbery.

2010-02-15  iulius

	* Update to latest control.ctl file from ISC.

	* Update to latest version of config.guess and config.sub.

	* Update to libtool 2.2.6b.

2010-02-12  iulius

	* scanlogs was expecting the default innfeed.conf file to look for
	  the log file to rotate.
	  
	  Also fixed a bug in news.daily: procbatch was called without
	  specifying the innfeed backlog directory. See commit [8978].

2010-02-09  iulius

	* Add a new keyword to news.daily: "procbatchdir" specifies the
	  backlog directories of innfeed when several instances of innfeed
	  are running or when its configuration file is not the default
	  one.

	* Regular expression should only match at the beginning of the
	  line. Otherwise "./configure --prefix=/opt/portable" will fail on
	  test 8 because additional lines matches "port". Test 8 has to be
	  adjusted to not count and depend on comment lines.
	  
	  Besides, fix an issue of undefined domain or fromhost being
	  unset.
	  
	  Reported by Heiko Schlichting.

2010-02-08  iulius

	* tdx-util manpage does not know of -F option for correcting
	  errors.
	  
	  Patch from Heiko Schlichting.
	  
	  Also fix a few typos.

2010-02-07  iulius

	* Update the comment of the Python filter sample to mention that
	  TAKETHIS is taken into account by the message-ID filter.
	  
	  See commit [8949].

	* Variable ARTpathme is filled but not used anywhere.
	  
	  It was used in INN 2.3 so as not to process ihave and sendme
	  control messages we sent ourselves.
	  
	  Patch from Heiko Schlichting.

	* Comment corrected: arguments of ok_double() are double, not
	  integer.
	  
	  Patch from Heiko Schlichting.

	* Comment corrected: ok_article produces five test results, not
	  three.
	  
	  Patch from Heiko Schlichting.

	* expire.ctl documentation should use examples with reasonable
	  limits for min/max of Expire: headers.
	  
	  Patch from Heiko Schlichting.

	* dbzstore does return DBZSTORE_RESULT, not bool.
	  
	  Patch from Heiko Schlichting.

	* Use Perl and Python filters on message-ID when articles are given
	  to innd via TAKETHIS. The new RFC-3977 structure of the TAKETHIS
	  command easily allows such a check.

2010-02-06  iulius

	* Log the port number of a connection (nnrpd).

	* When using tradindexed, the overview data for a cancelled article
	  is now properly immediately removed from the overview.
	  
	  OVcancel was failing because the article number could be higher
	  than the cached high water mark. The overview data is now
	  reopened so as to check the actual high water mark. The article
	  number was not always parsed without error (a trailing "\r\n" may
	  be present).
	  
	  Thanks to Lars Magne Ingebrigtsen for the patch.

	* When a user is allowed to locally post articles, then LIST COUNTS
	  will return the right "y" flag (instead of "n" or "x").
	  
	  Also see commit [8945] for LIST ACTIVE.

2010-02-04  iulius

	* When a user is allowed to locally post articles, then LIST ACTIVE
	  will return the right "y" flag (instead of "n" or "x").

	* Do not hide "j" and "x" status in LIST ACTIVE answers.
	  
	  Use NF_FLAG_* macro instead of hard-coded chars for the status of
	  a newsgroup.

	* Allow "Aj" in newsfeeds (new in INN 2.5.2).

	* Fixed a bug in the newsfeeds "C" flag: the count of followup
	  groups was one less than the real number. When the value of the
	  Followup-To: header is "poster", it is no longer considered to be
	  a followup.
	  
	  Also fixed the default value of the "C" flag: 2 instead of 1.
	  
	  Thanks to Dieter Stussy for the patch.

2010-01-28  iulius

	* Revert commit [8932]. No longer check how many headers an article
	  has when posted via inews.

	* Fixed a bug in how mailpost handles cross-posting feature.
	  
	  Without this patch, mailpost does not detach from sendmail, i.e.
	  sendmail starts one mailpost after the other, instead of running
	  all mailposts for a new message in parallel.
	  
	  Thanks to Harald Dunkel for the patch.

2010-01-26  iulius

	* Fix a typo in the name of a variable.
	  
	  Thanks to Manuel Pégourié-Gonnard for the bug report.

	* Mention that when logtrash is set to false, unwanted.log is no
	  longer generated.

	* Better explanation of why SASL_CONTINUE must be changed to
	  SASL_BADPROT. Approved by Ken.

	* Clarify how posting backoff is activated.
	  
	  Thanks to Manuel Pégourié-Gonnard for the report.

	* The PID is written in nnrpd.pid when the default port is used.
	  
	  Thanks to Benoit Izac for having reported that.

2010-01-24  iulius

	* A new option has been added to inews. When the "-m" flag is
	  specified, the corresponding value will be used to determine the
	  maximum number of header fields that are accepted for an article.
	  The default was C50 and it is now configurable. Thanks to Torsten
	  Jerzembeck for the bug report.

2010-01-23  iulius

	* Updated changelog for INN 2.5.2 and INN 2.6.0.

	* Properly return 501 instead of 502 when a peer is already
	  authenticated and sends a syntactically invalid AUTHINFO command.

2010-01-22  iulius

	* Optimize how ovgrouppat is handled. Thanks to D. Stussy for the
	  suggestion.

2010-01-21  iulius

	* Add a new parameter to inn.conf: logtrash, used to add a line in
	  the news log file to report unwanted newsgroups.

	* Increase the allowed difference in the result of the inndf test
	  suite. (It periodically fails for an unkwnown reason...)

2010-01-20  iulius

	* Though it currently does no harm to use ngp here, it is better to
	  have another variable (in case the logic of the code changes in
	  the future, ngp may be used for another purpose and should not be
	  initialized here).

	* Set a value to INN_HISTORY_H.

	* See commit [8889].
	  
	  Change "feedtrash" (inn.conf) to use "Aj" (newsfeeds) so that we
	  can have a finer configuration of that behaviour, per feed.
	  Thanks to D. Stussy for the idea.

2010-01-17  iulius

	* Check whether a newsgroup has been selected, before asking for
	  authentication.
	  
	  Answer to retry later when POST is not allowed due to backoff
	  limits.

	* Fix indentation.

	* When a newsgroup is empty, use 0 for the current article number
	  (instead of the last known low water mark).

	* Update all INN code to use include/inn/nntp.h for NNTP codes and
	  eliminate include/nntp.h.

	* Revert commit 8869 (423 is the right response code to send when
	  the current article number is valid but the article no longer
	  exists).
	  
	  Besides, fix HDR and OVER to also use 423 in that case. See
	  erratum 2004 on RFC 3977.

	* Add complete support for uwildmats in ovgrouppat: negated
	  patterns "!" are now taken into account (and not considered as
	  poisoned patterns "@").
	  
	  Also fix a wrong memchr length.

2010-01-16  iulius

	* Add a new parameter to inn.conf: feedtrash, set to false by
	  default (which was the historic behaviour of INN), adds the
	  capability to feed articles accepted and filed in junk (due to
	  wanttrash) to peers based on their feed patterns (applied to the
	  Newsgroups: header as though the article were accepted and all
	  those groups were locally carried). This is useful if you want to
	  run INN with a minimal active file and propagate all posts.
	  
	  Thanks to Andrew Gierth for the patch.

	* No longer check for Comments: and Original-Sender: in nnrpd.
	  Otherwise, multiple headers for them were rejected by nnrpd,
	  which violated RFCs 5536 and 5537.
	  
	  Only CURRENT was affected.

	* innconfval no longer maps NULL string or list values to an empty
	  string or list. These values should really be undefined. In
	  particular, it fixes an issue reported by Kamil Jonca about nnrpd
	  inserting an empty Organization: header when the organization:
	  parameter in inn.conf was unset.

	* Fixed a bug in the parsing of the ovgrouppat: wildmat in inn.conf
	  that prevented overview data from being generated when poisoned
	  groups were specified but a latter sub-pattern made the group
	  wanted.
	  
	  Thanks to D. Stussy for the bug report.
	  
	  Also improve the documentation of the ovgrouppat: parameter.

	* Fixed a bug in nnrpd Perl filter: a header field whose name
	  begins with the name of a standardized header field was not
	  properly taken into account. (For instance "Organization-Test".)

	* When an unauthenticated user tried to post an article, nnrpd
	  replied 440 (posting not allowed) instead of the right 480
	  (authentication required) when the user might be able to post
	  after authentication.
	  
	  Thanks to Daniel Weber for the bug report.

	* Typos.

2010-01-04  iulius

	* Fix a segfault when virtualhosting is used in readers.conf. The
	  new Path: header was generated with an invalid pointer.

	* Typo: "correspondance" -> "correspondence".

2009-12-31  iulius

	* Injection-Info: header body is improperly folded with CRLF when
	  created. At this point in the nnrpd code, a bare LF must be used.
	  It is converted to CRLF afterwards. It was breaking mail
	  moderation (two new lines were added, so the end of the headers
	  appeared in the mail body).
	  
	  Thanks to Ray Banana for the bug report.
	  
	  Also fix how the Path: header body should be scanned for
	  ".POSTED". Same bug as above: LF begins a FWS, and not CR.

2009-12-30  iulius

	* Commit 8765 (mandatory AUTHINFO USER for authenticated peers)
	  will be only in INN 2.6.0 -- not INN 2.5.2.

	* Fix a mistake in commit 8873 to handle IHAVE like POST. Sorry!

2009-12-29  iulius

	* When adding an overview line with OVadd(), check that Xref: is at
	  the beginning of an overview field (that is to say that a
	  tabulation precedes it).
	  
	  Otherwise, if for instance one has User-Agent:full in LIST
	  OVERVIEW.FMT and an article is received with the following header
	  field: User-Agent: test Xref: server test:50 then the overview
	  data for article 50 in newsgroup test is replaced by the one of
	  this article. And the real article number of this article is
	  unknown for the overview.

	* Do not differentiate IHAVE from POST in nnrpd. Articles injected
	  with IHAVE should be treated the same way as if they were
	  injected with POST.

	* Add support for the "POSTED" diag-keyword in nnrpd, as described
	  in RFC 5537. In particular, nnrpd checks that the article does
	  not already contain a "POSTED" diag-keyword.

	* The O flag in newsfeeds now relies on the contents of the
	  Injection-Info: header (or X-Trace: header if there is no
	  Injection-Info: header) to determine the origin of an article.
	  
	  Make public the skip_cfws() function so as to skip CFWS defined
	  in RFC 5322.

	* Use ":" with chown, and not ".", as separator for group name.

2009-12-28  iulius

	* Return 420 instead of 423 when current article number is used
	  with ARTICLE, BODY, HEAD and STAT.

2009-12-27  iulius

	* Use case-insensitive matches for: - distributions, - path
	  identities, - message-IDs (except for history hashes), - IMAP
	  commands, - header names, - control commands.
	  
	  Note that newsgroups are still matched case-sensitively.

	* Contrary to RFC 1036, the presence of a Subject: header field
	  starting with the string "cmsg " MUST NOT cause an article to be
	  interpreted as a control message. (RFC 5537)

	* sendsys, senduuname and version control messages are obsolete
	  (see RFC 5537) and can no longer be sent via nnrpd or inews.

	* Mark a few headers as obsolete in nnrpd (therefore, they cannot
	  be present in posts -- it was already the case for the first four
	  headers): NNTP-Posting-Date, NNTP-Posting-Host, X-Complaints-To,
	  X-Trace, Also-Control, Article-Names, Article-Updates, See-Also.
	  
	  Also mark these two headers as obsolete in innd (it does not
	  change anything for innd): X-No-Archive, NNTP-Posting-Path.

2009-12-26  iulius

	* Fix a bug in keyword generation code: an initial comma was still
	  added at the beginning of the Keywords: header (when the first
	  word was a noised one).

	* Fixed a bug when HDR, XHDR and XPAT are used when I<virtualhost>
	  is set to true in F<readers.conf>. The Xref: header of articles
	  posted to only one newsgroup appears empty.
	  
	  The offset count is too large by one in virtual hosting.

	* Adjust the length of retlen when we have to realloc retval. Fix
	  after commit 8861.

	* Use "!!" as diag-match in the Path: header after the name of the
	  virtualhost when virtualhost: is set to true in readers.conf and
	  it is added at the beginning of the header.

2009-12-25  iulius

	* Fixed a bug to control-only feeds: junked non-control articles
	  were being fed down control-only feeds). Thanks to Andrew Gierth
	  for the patch.

2009-12-24  iulius

	* * Update protocol differences for innd, now that RFCs 3977, 4643
	  and 4644 have been implemented.
	  
	  * Mention that the -X flag is unset by default.
	  
	  * The Lines: header is not added by innd.
	  
	  * Other typos.

	* Mention new RFCs references:
	  
	  974 -> 5321 (SMTP) 822 and 2822 -> 5322 (mail) 2373 -> 4291
	  (IPv6) 2553 -> 3493 (IPv6 socket) 2060 -> 3501 (IMAP) 2279 ->
	  3629 (UTF-8)

	* Use of Injection-Info: headers.
	  
	  * nnrpd no longer generates NNTP-Posting-Date:,
	  NNTP-Posting-Host:, X-Trace: and X-Complaints-To: headers.
	  Instead, Injection-Date: and Injection-Info: are used.
	  
	  * Rename addnntppostinghost and addnntppostingdate parameters in
	  inn.conf to respectively addinjectiondate and
	  addinjectionpostinghost. innupgrade deals with that only for
	  inn.conf; a manual change will be needed for readers.conf, if
	  these parameters are overriden in this file.
	  
	  * Update the test suite, documentation and the FAQ.

	* Typos.

	* Note that the "L" reading/posting access in readers.conf is also
	  in effect for groups with status "x" (and not only "n").
	  
	  A secure layer can also be negotiated with AUTHINFO SASL.

2009-12-22  iulius

	* * Add checks for Archive:, Archived-At:, Comments:,
	  Injection-Date:, Injection-Info:, Original-Sender: and
	  User-Agent: headers.
	  
	  * No longer check for the Injector-Info: one (it was standardized
	  under Injection-Info:).
	  
	  * No longer generate a Lines: header (deprecated by RFC 5536).
	  
	  * Generate the Injection-Date: header.

	* Add access to the new header field Comments: within Perl and
	  Python hooks for innd.
	  
	  Also update the POD documentation and the Python sample.

2009-12-21  iulius

	* Typo.

	* Search for gpgv2 (besides gpgv). Otherwise, GnuPG cannot be found
	  on a few platforms like FreeBSD.

2009-12-16  iulius

	* Fix a bug in the daily Usenet report: a few lines did not appear
	  in the report whereas the total still took them into account.
	  These lines do not appear when the peer does not respond during
	  the whole day. They now appear (and every article is marked as
	  spooled).

	* Do not overwrite LOCKS from innshellvars in case someone in the
	  future expects it to have the value in innshellvars in the entire
	  script.
	  
	  Also prevent a call to LOCK afterwards in the script from
	  failing.
	  
	  Thanks to S.P.Zeidler for the patch.

2009-12-07  iulius

	* Fix the use of an uninitialized value in mailpost.
	  
	  Patch from Harald Dunkel.

2009-12-04  iulius

	* Add access to three new headers within Perl and Python hooks for
	  innd:
	  
	  * Archive [RFC 5536] * Archived-At [RFC 5064] * Summary [RFC
	  5536]
	  
	  Also update the POD documentation and the Python sample.

2009-12-03  iulius

	* Fix a typo in the name of the news.lists.filters newsgroup.
	  
	  Thanks to John Marshall for having noticed it.

2009-12-01  iulius

	* Add dependencies for tinyleaf compilation.
	  
	  It was not recompiled when changes were made to its dependencies.

2009-12-01  eagle

	* Send a space rather than a blank line in tinyleaf HELP output
	  
	  GCC format checking doesn't permit an empty format (""), which
	  meant that tinyleaf failed to compile since format checking was
	  added to nntp_send_line_noflush. Work around this for the time
	  being by sending a single space on that line.

2009-11-30  eagle

	* Fix printf attribute for x_asprintf in the non-vamacros case

2009-11-30  iulius

	* Improve gcc warnings on printf-like function calls.

	* Implement LIST COUNTS. It is a combination of LIST ACTIVE and
	  GROUP. It returns the same result as LIST ACTIVE except that the
	  number of articles in a newsgroup is inserted before its status.
	  
	  LIST COUNTS was first implemented in Highwinds products (e.g.
	  Cyclone, Tornado, Typhoon, Twister -- when they support readers).

2009-11-29  iulius

	* Typos.

	* LIST SUBSCRIPTIONS recognizes an optional argument: a wildmat can
	  now be specified to restrict the results of this command to
	  specific newsgroups.
	  
	  Also change the comment returned after the 215 code (the
	  newsgroups are now "recommended").
	  
	  Even though a user does not have any right to read groups, let
	  him see a possible message of the day (LIST MOTD).

2009-11-28  iulius

	* tdx-util was improperly considering empty overview fields as
	  malformed overview data.

2009-11-27  iulius

	* * nnrpd now checks the syntax of the Message-ID: header.
	  
	  * Fixed a bug when nnrpd sends "IHAVE <mid>\r\n" to innd.
	  Arbitrary commands could be passed to innd because nnrpd did not
	  ensure the validity of the syntax of the message-ID.
	  
	  * The permanent variable was not properly set on IHAVE rejects
	  and defers.
	  
	  * innd now accepts commands ending with only "\n".

2009-11-20  iulius

	* * Mention that the distributions file should be encoded in UTF-8.
	  
	  * Mention that the motd.news file should be encoded in UTF-8, and
	  dot-stuffed.
	  
	  * Typos.

2009-11-17  iulius

	* When processing a checkgroups, do not take into account
	  duplicated lines with localgroups.

	* Integrate showtoken into the main distribution. "sm -c" will now
	  show clear, decoded information about storage API tokens.
	  
	  A new SMexplaintoken() function has been added to the storage
	  manager.

2009-11-15  iulius

	* Add two log messages for bad commands (too long NNTP command or
	  argument) in innd.

	* No need to treat expire.log differently than other log files
	  during its rotation.
	  
	  Patch from Florian Schlichting.

	* When "lowmark" was used without "expireover" in news.daily, the
	  warning was never shown (the file it was written into was rotated
	  before being treated).

	* Update the changelog for INN 2.5.2.

2009-11-14  iulius

	* Check LIST output for correct dot-stuffing.

2009-11-11  iulius

	* news.daily: don't send superfluous mails when "nomail" is given
	  
	  Make sure that when news.daily is called with "nomail", mail is
	  only sent when there is real output. Previously, there would
	  always be headings and empty lines useful to structure the full
	  report, which are now ommitted.
	  
	  Also, postexec has been moved up to be included in the regular
	  mail, and the "nomail" definition of ${MAIL} is no longer
	  overwritten with the default.
	  
	  Thanks to Florian Schlichting for this patch.

	* This patch cleans up a little cruft (${T}, ${PROBS}) left in
	  scanlogs since its rewrite by Gary Palmer in September 1997.
	  
	  Thanks to Florian Schlichting for this patch.

2009-11-10  iulius

	* Documentation fix: a group with status "j" can receive local
	  articles.
	  
	  Mention that groups with status "n" or "x" can receive local
	  posts, if configured to.

	* Wording: "flag" -> "status" for the last field of the active
	  field.
	  
	  Also fix a typo in hook-python.

	* Confusion between DISTRIB.PATS and DISTRIBUTIONS.
	  
	  LIST ACTIVE.TIMES now accepts a third argument (newsgroups
	  wildmat).
	  
	  Mention LIST HEADERS [MSGID|RANGE].

	* It is a POST capability, not a READER one.

	* Wording of LIST answers.

	* "all" and "world" distributions should not be used according to
	  USEFOR (RFC 5536).
	  
	  Fix the doc: when the distributions file is missing, 503 is
	  returned, not an empty answer.

2009-11-08  iulius

	* innxmit currently requires the message-ID after 501.

	* RFC 3977 compliance:
	  
	  * innxbatch and innxmit now recognize 403 for a problem
	  preventing the action from being taken.
	  
	  * innxmit now also recognizes 501 when there is a syntax error
	  and considers it as a reject (IHAVE/CHECK/TAKETHIS).

	* A password is not mandatory with AUTHINFO USER/PASS. A username
	  may be enough to authenticate according to RFC 4644.

	* With AUTHINFO USER/PASS, the username is mandatory.

	* Use uppercase letters.

	* tinyleaf should use 201 and not 200 as initial greeting. Using
	  POST is not possible.

	* Streaming commands were still allowed when streaming was
	  deactivated.

	* * Fix a long-standing bug in TAKETHIS: when authentication was
	  required, a 480 code was answered before having received the
	  whole multi-data block, which broke the NNTP protocol.
	  
	  * Implement RFC 3977 and 4644 for streaming. TAKETHIS is now
	  totally RFC-compliant and checks the syntax. (However, 501 is
	  still not sent for interoperability reasons).

	* Better response when an article is cancelled.

	* When XBATCH answers 501, it is because of an invalid size, not a
	  missing size (the new parser takes care of it before calling
	  XBATCH).

	* HDR, XHDR and XPAT were not properly showing leading spaces in
	  header values.
	  
	  Besides, CR and LF were both changed to spaces. It is not what
	  should be done: CRLF should be removed and CR, LF, NUL, TAB
	  should be changed to spaces after the removal of CRLF.

	* * Add a parameter to wire_findheader() so as to keep initial
	  whitespaces, if needed. It is USEFOR-compliant (RFC 5536).
	  
	  * archive, makehistory and tdx-util now generate valid overview
	  data (with leading spaces).
	  
	  * Fix a bug in archive which did not change LF (withouth CR) into
	  spaces when generating overview data.
	  
	  * Update the test suite.

2009-11-07  iulius

	* In streaming mode, there is no code to defer an article sent via
	  TAKETHIS. When the server was paused, we used 403 (temporary
	  failure).
	  
	  However, RFC 4644 mentions that we MUST send 400 here and close
	  the connection so as not to reject the article.

	* Fix a bug introduced by commit 8437. If the Message-ID: or the
	  Supersedes: headers contains trailing white spaces, the article
	  is stored corrupted (we have a '\r' inside the header).
	  
	  Introduce more intelligence in the parsing (see a wish explained
	  in commit 6921) and retain the removed character to properly put
	  it again after the parsing.

	* If keyword generation is set to true in inn.conf but the
	  Keywords: header is not stored in the overview, warn the news
	  administrator and deactive keyword generation (because it is
	  useless and eats resources for nothing).

	* Improve syntax checks on message-IDs: nnrpd was only based on RFC
	  3977, and innd on RFC 1036. They are now both based on RFC 5536
	  (USEFOR).

2009-11-06  iulius

	* Record the extra persistant state of NNTP commands per channel
	  instead of a static global variable.

	* Fix two gcc 4.4 cast warnings.

	* Add two new files for the test suite in the MANIFEST file.

	* Update the prototype of the function for keyword generation code
	  when INN is compiled without that support.

	* * Add a new "unsigned long" type to the configuration parser. It
	  will properly warn the user when a variable contains a negative
	  integer. It will prevent INN from crashing at several places
	  (like a xmalloc(-5) which in fact allocates 4GB of memory on a
	  32-bit architecture).
	  
	  * Modify lots of casts (some are now useless, others needed).
	  
	  * Also update the test suite, adding case tests for unsigned
	  integers and lists.

	* * The keyword generation code now generates a Keywords: header
	  only if the original article does not already have one.
	  
	  * Fixed a segfault because of a possible invalid pointer beyond
	  the allocated Keywords: header.
	  
	  * In case the generated Keywords: header is empty, nothing will
	  be retained (because "Keywords: \r\n" is an invalid header).
	  
	  * The generated Keywords: header now does not begin with a comma.

2009-11-04  iulius

	* Fix a memory leak in the LISTGROUP command when the provided
	  range is invalid. And in GROUP/LISTGROUP commands when the client
	  does not have read access.

	* Fix a memory leak in the POST command when the Newsgroups: header
	  is invalid.

	* When INN is compiled without SASL support, AUTHINFO SASL is an
	  unkwnown AUTHINFO command. It should return 501 (syntax error)
	  instead of 503 (not mentioned in RFC for that case).

2009-11-03  iulius

	* Fix a bug in cvtbatch which was returning only the size of the
	  headers of an article with the "b" flag. It now correctly returns
	  the size of the whole article (which is what "b" is supposed to
	  do).
	  
	  Also add a missing free() call.

2009-11-01  iulius

	* Change a few log lines.

	* Remove dead code in batcher (it is no longer possible to use file
	  names).

	* Convert the documentation for innxmit into POD.

	* * New "t" flag for "-w" with cvtbatch, so as to retrieve the
	  arrival time of an article.
	  
	  * Convert the man page to POD. Mention the default value for
	  "-w"; it is no longer possible to use file names with cvtbatch.

	* When keyword generation was done on an article which has a
	  Keywords: header whose length is greater than the keylimit:
	  parameter, innd crashed. Change memcpy to strlcpy.

	* innreport was not correctly summing innd stats when the hostname
	  was an IPv6 address instead of a fully qualified domain name.

2009-10-28  iulius

	* Fix two gcc warnings caused by (size_t *) and (unsigned int *)
	  casts.

2009-10-25  iulius

	* After successful authentication, MODE-READER is not an available
	  capability.

	* Call the function for MODE CANCEL before the check on the length
	  of the arguments.

	* When the argument to CHECK is not valid, make sure we properly
	  answer 438 with the whole given argument.

	* * Add support for whitespaces in username/password for AUTHINFO
	  USER/PASS commands.
	  
	  * Properly retain the whole (possibly syntactically wrong)
	  message-ID of CHECK/TAKETHIS commands.

	* Implement CAPABILITIES in innd.

	* Improve authentication in innd and implement RFC 4643 (AUTHINFO
	  USER/PASS):
	  
	  * If a feeder will not be able to authenticate (because it
	  already has access to every feeder commands), 502 is returned
	  instead of letting it authenticate [and fail to].
	  
	  * Do not allow AUTHINFO PASS before having sent AUTHINFO USER.

	* Document how nnrpd differs in the implementation of RFC 3977.

2009-10-24  iulius

	* Fix the test suite because of a change of return value when an
	  article is totally empty.

	* Add support for the third wildmat argument to LIST commands.
	  
	  Also check that the output does not contain a dot on a single
	  line.

	* If ".\r\n" was put into motd.news, the result of LIST MOTD was
	  breaking the NNTP protocol.

	* When innd cannot provide information for LIST NEWSGROUPS and LIST
	  ACTIVE.TIMES, it now returns 503. It was giving an invalid result
	  (".\r\n" without any response code!).

	* Return 502 (permission denied) or 401 MODE-READER to LIST
	  commands when the feeder cannot use LIST commands.

2009-10-23  iulius

	* Fix a bug when articles were fed to innd via IHAVE or TAKETHIS
	  with an empty article: the article terminator was not recognized.
	  Therefore, subsequent NNTP commands were eaten inside the
	  article...
	  
	  See also commit 8149 for the same issue with an empty body.

	* * Return 435/438 instead of 501 to IHAVE/CHECK commands for
	  compatibility reasons.
	  
	  * When a CHECK/TAKETHIS command line is too long and no streaming
	  is allowed, 500 must be returned (these commands are unknown).

	* Remove dead code.

	* Missing to deallocate grouplist when an error occurs when
	  accessing the active file.

	* Return 412 (no group selected) instead of 501 (syntax error) when
	  using HEAD/STAT with an article number.

2009-10-21  iulius

	* * Improve logging of MODE commands in news.notice.
	  
	  * Specify that MODE READER cannot be sent after a successful
	  authentication because the client is known as a reader.

	* Improve the greeting message and say we are in transit mode with
	  innd.

	* * Add a flag to each NNTP command so as to mention whether it can
	  be used without being authenticated (AUTHINFO, HELP, MODE and
	  QUIT).
	  
	  * Eliminate the special casing of the state CSgetauth. Whether
	  the peer has authenticated is now stored in the channel rather
	  than in the channel state. It simplifies a lot the code.
	  
	  * Fix a bug in the response for reader commands: innd was
	  answering with a superfluous blank line when readers were not
	  allowed.
	  
	  close #99

	* Add support for whitespaces in usernames/passwords provided with
	  AUTHINFO USER/PASS. nnrpd was previously considering as invalid
	  passwords like "a b" (two arguments "a" and "b" when only one was
	  expected) or parsing " ab" as "ab" (stripping the leading space).
	  
	  nnrpd now treats everything after the first whitespace character
	  following AUTHINFO USER/PASS, up to, but not including, the CRLF,
	  as the username/password.
	  
	  Thanks to Jeffrey M. Vinocur for the initial patch.
	  
	  close #30

2009-10-20  iulius

	* Mention in the documentation that when "nnrpd -i" is used (for an
	  initial command), the connection is closed after the response.

2009-10-17  iulius

	* * Add a decent parser to innd for NNTP commands. It now puts into
	  a table the given arguments. It permits to have a far better
	  grammar parser (commands like "IHAVE<mid>" are no longer valid,
	  and commands like " IHAVE <mid> " are now valid).
	  
	  * The length of each NNTP command is no longer necessary to be
	  kept in memory by the command handler.
	  
	  see #99

	* Typos, and mark MAXHEADERSIZE to be fixed in innd code.

	* Do not take into account leading white spaces in NNTP commands in
	  the RTlong case.

	* Do not close the connection upon receiving an NNTP command
	  containing only spaces!

	* Ignore lines smaller than 2 bytes (that is to say lines
	  containing only "\r\n" or something else like "a\n").

	* * If the length of NNTP arguments is too long (> 497 bytes), a
	  501 error is now returned.
	  
	  * If a command is given less (or more) arguments than expected, a
	  501 error is now returned.
	  
	  * Improve the HELP output for innd, specifying expected
	  arguments.
	  
	  * HEAD answers 412 (not in a newsgroup) when requesting an
	  article number. It was previously sending 501 (syntax error in
	  mesasge-ID).

2009-10-16  iulius

	* For unimplemented NNTP commands like SLAVE, do not return 501
	  when the command line is too long, but 500.

	* NNTP compliance (RFC 3977):
	  
	  * Check whether the NNTP command sent by a news client is too
	  large (> 512 bytes). Return an error (500 or 501, depending on
	  the base command) if it is the case.
	  
	  * Send 400 instead of 500 when innd closes the connection after
	  10 (BAD_COMMAND_COUNT) unrecognized commands.

	* Use integers instead of strings for NNTP response codes (HEAD and
	  STAT).

	* Return a comment for 205 (QUIT), 235 (IHAVE OK) and 400 (failure
	  and exit) response codes. Do not use strings from include/nntp.h.

2009-10-10  iulius

	* * Mention --enable-keywords and --with-openssl in the default
	  inn.conf configuration file.
	  
	  * No need to regenerate the overview when the keyword generation
	  code is used.

	* * Mention the OVER command instead of XOVER.
	  
	  * Mention the --enable-keywords configure option in inn.conf for
	  keyword generation.

	* * The "will" keyword was checked twice.
	  
	  * Fix a gcc warning (a signed/unsigned cast).

	* Fix a segfault in the keyword generation code for articles
	  already containing a Keywords: header.
	  
	  Thanks to Nix for the patch.

2009-10-09  iulius

	* Remove duplicate contents in news.daily, as for the run of expire
	  and expireover.
	  
	  Also add a warning when the "lowmark" keyword is used without
	  "expireover".
	  
	  Thanks to D. Stussy for the patch.

2009-10-03  iulius

	* Mention the bug-fix in the keyword generation code.

	* inndstart is no longer used (it was removed in INN 2.5.0) so we
	  mention it in our FAQ.

	* Fix a GNUism in news.daily (a directory and "-print" are needed).
	  
	  Thanks to S.P. Zeidler for the patch.

2009-10-01  eagle

	* Update keyword code to match current article handling
	  
	  We no longer copy the article out of the channel and
	  nul-terminate it, but the keyword generation code was assuming
	  that the article was nul-terminated. Modify KEYgenerate to take
	  an article length and use xmalloc/memcpy to make a copy rather
	  than strdup. Thanks to Nix for the report.

2009-09-29  iulius

	* Bump version to INN 2.5.1.

	* Mention in Perl and Python hooks that UTF-8 should be used for
	  reject messages.

2009-09-28  iulius

	* Mention that active.times and distrib.pats should be encoded in
	  UTF-8, as well as ctlinnd and nnrpd arguments.

	* Add a function to validate the encoding of UTF-8 strings.
	  "ctlinnd pause", "ctlinnd readers", "ctlinnd reject", "ctlinnd
	  throttle" and "nnrpd -r" commands now expect a properly encoded
	  reason.

2009-09-11  iulius

	* Update control.ctl to its last version.

	* Update support files for autoconf to their last stable version.

2009-09-09  iulius

	* Improve the changelog wording.
	  
	  compress does not have patent issues any longer.

	* Use new Autoconf 2.60 macros AC_TYPE_UINT16_T, AC_TYPE_UINT32_T,
	  AC_TYPE_LONG_LONG_INT and AC_TYPE_SSIZE_T.
	  
	  We do not need m4/int32.m4 any longer to define uint32_t (int32_t
	  is not used).

2009-09-07  iulius

	* Check that a CAF header contains at least 128 bytes for the free
	  bitmap header. Otherwise, increase the blocksize.
	  
	  On 64-bit systems, a CAF header can exceed the size of the
	  default bitmap, which prevents timecaf from working.

2009-09-05  iulius

	* Update the maximum size of a CAF. Limits are 3.5GB or 262144
	  articles in a CAF.

	* Remove trailing spaces.

	* Fix a documentation error about timecaf: it does not work per
	  newsgroup (though it used to).
	  
	  FreeZoneIndexBytes does not exist; it is FreeZoneIndexSize.
	  
	  Also remove trailing spaces.

	* Support for sequence numbers higher than 65535 (2^16-1) in the
	  timecaf storage method. We can now integrate up to (2^32-1)
	  articles in a mere CAF. A CAF contains all the articles that
	  arrive during 256 seconds.
	  
	  Thanks to Kamil Jonca for the bug report and his patch.
	  
	  Also explain how to decode timecaf tokens and paths.
	  
	  And use fixed 16-bit and 32-bit numbers for tokens; timecaf did
	  not work on systems where short ints were not 16-bit integers.

	* Missing explanation for the hexadecimal value of the timehash
	  storage class.

	* Missing explanation for the hexadecimal value of the tradspool
	  storage class.

	* Explain how to decode cnfs tokens.
	  
	  Also remove trailing spaces.

	* Explain how to decode tradspool tokens and paths.
	  
	  Also remove trailing spaces.

	* ts.ng.db no longer exists; it is tradspool.map.
	  
	  Also remove trailing spaces.

	* Convert tabs to spaces.

	* Remove trailing spaces.

	* Explain how to decode timehash tokens and paths.
	  
	  Also use fixed 16-bit and 32-bit numbers for tokens; timehash did
	  not work on systems where short ints were not 16-bit integers.

2009-09-02  iulius

	* Do not send 205 on exit when the client does not send QUIT.

2009-08-29  iulius

	* Increase the CNFS blocksize from 512 bytes to 4096 bytes and the
	  size limit for a buffer from 1 TB to 16 TB.
	  
	  Currently the CNFS storage method uses a 512 byte (1 sector)-
	  granularity for its "filesystem". That was great in the nineties,
	  but nowadays that is very limiting:
	  
	  - most filesystems use 4K blocks, so a write to a 512 byte- CNFS
	  block can result in a read-modify-write cycle, slowing down
	  writes enormously (effectively making them synchronous) - With
	  larger devices, the block-bitmap at the start balloons in size -
	  The size limit of a CNFS file/partition is 2^31 * 512 = 1 TB.
	  (the block-offset is stored in the CNFS token as a signed
	  integer..)
	  
	  So I have updated storage/cnfs/ to use 4K blocks.
	  
	  This introduces a new CNFS version in the CNFS header, version 4.
	  The header now includes a blocksize member, which is 4K by
	  default. The block offset is now encoded in the CNFS token as a
	  unsigned int. CNFSv4 supports files/partitions up to 16 TB with a
	  4K blocksize.
	  
	  If we want to support > 16TB with 4K blocks, that is doable by
	  stealing a few bits from the 'cycnum' value in the CNFS token.
	  The code was updated so that for CNFSv4 and up the cyclenumber
	  wraps on 2^24 instead of 2^32 (with one wrap per day, that's good
	  for 45000 years, so there is no problems there). So we have 8
	  bits for that, but the rest of the code has not been written yet.
	  
	  The code works fine with existing CNFSv3 files/partitions.
	  
	  cnfsstat and cnfsheadconf have also been updated to understand
	  CNFSv4.
	  
	  Right now a new CNFS file/device is always initialized with 4K
	  blocksize, but it would be trivial to make that configurable.
	  With larger blocksizes we might want to look at the CNFS write
	  padding though it is perhaps not useful to pad CNFS writes to
	  larger blocks than 4K. It doesn't do any harm though.
	  
	  Thanks to Miquel van Smoorenburg for the CNFSv4 patch.

2009-08-22  iulius

	* Silent gcc warnings for a possibly uninitialized variable.

2009-08-21  iulius

	* Use Autoconf quadrigraphs to properly encode brackets.

	* Mention ckpasswd(8) in the "see also" section of the
	  documentation for auth_krb5.

2009-08-20  eagle

	* Avoid using markup in prunehistory NAME section
	  
	  Avoid POD markup in the prunehistory NAME section. Not all
	  versions of pod2man will strip this markup when generating the
	  man page, and *roff markup in NAME confuses some man
	  implementations.

	* Recommend against using auth_krb5
	  
	  In the auth_krb5 man page, recommend using ckpasswd with PAM
	  support and a Kerberos PAM module instead of this authenticator.

	* Rewrite auth_krb5 to use modern Kerberos APIs
	  
	  Use krb5_get_init_creds_password and the current APIs and remove
	  a bunch of cruft that's unnecessary and uninteresting. The
	  library defaults will take care of things like building the
	  correct service principal.
	  
	  Add a call to krb5_verify_init_creds, although this will only
	  work if nnrpd is pointed to a keytab that it can read or if it's
	  run as root. Looking in a different keytab for a local key with
	  which to validate the credentials is left as future work and
	  requires additional configuration to point to the correct keytab.

	* Strict aliasing cleanups in innd network code
	  
	  gcc 4.4 is now stricter about aliasing checks and doesn't like
	  taking variables of type struct sockaddr_storage and casting them
	  or assigning pointers to them to other struct types and then
	  dereferencing or storing through those other pointers. It may
	  optimize the stores away, which would be bad.
	  
	  The primary affected code is the inetd query code. There,
	  allocate memory from the heap instead of the stack and use a
	  variable of type struct sockaddr *, which is cast to other
	  pointer types. gcc knows how to deal with that.
	  
	  Elsewhere, eliminate RCaddressmatch in favor of
	  network_sockaddr_equal, which does the same thing but is
	  aliasing-clean. Stop using SA_LEN to get the length of an address
	  for memcpy and instead just copy the full size of a
	  sockaddr_storage, which given that both the source and the
	  destination are sockaddr_storage variables will be safe.

2009-08-20  iulius

	* Convert makedbz(8) and prunehistory(8) documentation to POD.

2009-08-19  iulius

	* Add examples in grephistory documentation.

2009-08-18  iulius

	* Changelog for previous commit 8578.

	* * Return the contents of the expires history field when
	  "grephistory -l" is used. It was always empty.
	  
	  * Mention in documentation that "grephistory -l" returns nothing
	  when the storage API token does not exist.
	  
	  * Fixed "grephistory -v" which does not work when the storage API
	  token does not exist.

	* Convert expire(8) and expirerm(8) documentation to POD.

	* Various fixes and homogenizations.

2009-08-17  iulius

	* * History retention is now done, when possible, on posting times
	  and not arrival times. Otherwise, articles may be kept too long
	  in history.
	  
	  * HISremember in history API now has a fourth argument (the
	  article posting date).
	  
	  * The default value for /remember/ is now 11 (artcutoff + 1 in
	  order to take into account articles posted one day into the
	  future).
	  
	  * Documentation rewording and improvements.

	* Various homogenizations.

2009-08-15  iulius

	* Typo for logstatus, an inn.conf parameter.
	  
	  close #84 (which was in fact already committed in INN 2.5.0, see
	  revision [7633])

	* Typo: occurance -> occurrence.

2009-08-14  iulius

	* A patch from Christopher Biedl to alter ARTcancelverify to check
	  whether at least one group in the cancel message can be found in
	  the article to be cancelled.
	  
	  The check for matching Sender: and From: headers is useless and
	  removed.
	  
	  close #38

	* Add a restrictive umask before generating TLS certificates.

	* Typo: interpretor -> interpreter.

2009-08-05  iulius

	* The README files provided with snapshots were still mentioning
	  the inn-bugs mailing-list instead of inn-workers.

2009-07-30  iulius

	* A wrong source was logged to the news log for local postings,
	  especially when the local server was not listed in incoming.conf
	  (RChostname() then returned a wrong static buffer and ARTlog()
	  also did not handle the case of a local connection).
	  
	  Also fix the initialization of data->FeedsiteLength when needed.
	  
	  close #15

2009-07-29  iulius

	* Move dbz.h into the public inn directory (it is for instance used
	  by suck).
	  
	  However, it should be noted that if another history file format
	  is implemented in the future, it might cause problems to external
	  programs.

2009-07-18  iulius

	* Log a checkgroups only once in innreport. Now that all
	  control.ctl matching lines are used, they were all logged by
	  innreport as a checkgroups. We only count for several doit
	  actions.

	* Do not act on a checkgroups when there isn't any matching
	  newsgroup.

2009-07-08  iulius

	* If innfeed is not used, news.daily reports an error message when
	  it tries to find out the pid of all the running instances of
	  innfeed. We now check for that.
	  
	  Thanks to Andreas M. Kirchwitz for the patch.

2009-07-03  iulius

	* Convert the cnfsheadconf man page into POD.

	* When "-c" is not specified, cnfsheadconf exits. It now displays
	  the status of all CNFS buffers, as written in its documentation.

	* * Use Math::BigInt rather than bigint.pl.
	  
	  * Use Math::BigFloat not to wrongly truncate numbers.

2009-06-28  iulius

	* * Add a "-v" flag to cnfsstat to see the output of consistency
	  checks for article storage and history.
	  
	  * Convert the cnfsstat man page into POD.

	* Update the NoCeM sample file.

	* Use gzip instead of compress as the default UUCP batcher.

2009-06-23  iulius

	* Add the -L flag to makehistory in order to specify a maximum load
	  average. If exceeded, the rebuild is paused until it decreases
	  below the specified load.
	  
	  Patch by Jonathan Kamens.

2009-06-21  iulius

	* Regenerate dependencies after commit 8530.

2009-06-21  eagle

	* inn/storage.h depends on inn/defines.h and inn/options.h.

2009-06-20  iulius

	* Fix a bug in how perl-nocem parses its configuration file.

	* sasl.conf does not exist any longer.

	* * Change the default value for TLS certificates from <pathlib> to
	  <pathetc>.
	  
	  * Add a default value to tlscapath: because it is required by
	  nnrpd when TLS is used.
	  
	  * Improve the TLS documentation.

	* * Fixed a segfault in imap_connection which can occur when SASL
	  is used (overflow in strlcpy).
	  
	  * Owing to the US-CERT vulnerability note VU#238019, Cyrus SASL
	  library has slightly changed. imap_connection and nnrpd now
	  handle that change. Otherwise, some answers are too long to be
	  properly computed during SASL exchanges (because of a new null
	  character added by sasl_encode64).

	* The distributions file was not installed. It was an oversight.

2009-06-17  iulius

	* * Fixed a segfault when retrieving via HDR/XHDR/XPAT the contents
	  of an extra overview field absent from the headers of an article.
	  The NEWNEWS command was also affected on very rare cases. Thanks
	  to Tim Woodall for the bug report.
	  
	  * HDR/XHDR/XPAT answers are now robust when the overview database
	  is inconsistent. When the overview schema was modified without
	  the overview database being rebuilt, wrong results could be
	  returned for extra fields (especially a random portion of some
	  other header). The desired header name is now explicitly searched
	  in the overview information. In order to achieve that, the
	  overview_getheader() function was split into
	  overview_get_standard_header() and overview_get_extra_header().
	  It allows to search by index for standard headers and to walk
	  extra overview fields.
	  
	  * Fixed a memory leak when requesting metadata information
	  (:bytes and :lines).

	* Typo: "to precede" instead of "to preceede".

	* Mention to update install-sh to its last version.

	* Typos.

	* * Fix an inaccuracy in the count of overview stats.
	  
	  * Also fix a potential segfault in case overview_getheader()
	  returns a NULL pointer (though it should not for the Message-ID).

2009-06-11  eagle

	* Link tinyleaf with $(LIBS), needed for networking libraries on
	  Solaris.

2009-06-09  iulius

	* Update the release date of INN 2.5.0.

2009-06-06  iulius

	* Clarify a sentence about the difference between doit and mail for
	  a checkgroups.

	* * Import new versions of a few m4 files provided by rra-c-util
	  1.0.
	  
	  * getaddrinfo.m4 is merged into socket.m4.

	* inncheck now recognizes the new "/maxdocheckgroups/" keyword in
	  control.ctl.

2009-05-24  iulius

	* Use AS_HELP_STRING instead of obsolete AC_HELP_STRING.

	* * Use AC_COMPILE_IFELSE instead of AC_EGREP_CPP.
	  
	  * Use AC_CACHE_CHECK instead of AC_MSG_CHECKING, AC_CACHE_VAL and
	  AC_MSG_RESULT.

	* Better wording for the creation of <pathetc>/pgp/ncmring.gpg.

	* Bump version numbers of TRUNK (2.5.0 -> 2.6.0).

