rtyler
/
pkgsrc-wip
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pkgsrc-wip/inn/COMMIT_MSG

79 lines
4.6 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

news/inn: Update to 2.6.3
Changes in 2.6.3
================
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or later;
NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites to use
with TLS 1.3: the tlsciphers13 now permits configuring them. A separate cipher
suite configuration parameter is needed for TLS 1.3 because TLS 1.3 cipher
suites are not compatible with TLS 1.2, and vice-versa. In order to avoid
issues where legacy TLS 1.2 cipher suite configuration configured in the
tlsciphers parameter would inadvertently disable all TLS 1.3 cipher suites,
the inn.conf configuration has been separated out.
* Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from being
posted.
* Support for Python 3 has been added to INN. Embedded Python filtering and
authentication hooks for innd and nnrpd can now use version 3.3.0 or later of
the Python interpreter. In the 2.x series, version 2.3.0 or later is still
supported.
When configuring INN with the --with-python flag, the PYTHON environment
variable, when set, is used to select the interpreter to embed. Otherwise,
it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the Python
scripts you use are written in the expected syntax for that version of the
Python interpreter. Notably, buffer objects have been replaced with memoryview
objects in Python 3, and UTF-8 encoding now really matters for string literals
(Python 3 uses bytes and Unicode objects).
INN documentation and samples of Python hooks have been updated to provide
more examples.
* When a Python or Perl filter hook rejects an article, innd now mentions the
reason in response to CHECK and TAKETHIS commands. Previously, the reason was
given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection failed owing
to an issue during the negotiation of a TLS session or high load average.
Changes in 2.6.2
================
* A new syntaxchecks parameter has been added in inn.conf. It permits
controlling the level of checks performed by innd and nnrpd. Up to now, only
one check can be enabled/disabled: when laxmid is mentioned in the values of
this new parameter, INN accepts Message-IDs that contain .. in the left part,
as well as Message-IDs with two @ (such Message-IDs would otherwise be
considered as syntactically invalid). See the inn.conf(5) man page for more
details.
The check is disabled by default (no-laxmid), which corresponds to the legacy
behaviour of INN 2.6.1 and earlier.
* Use of the ovdb_server helper server is now the default when using the ovdb
overview method, that is to say the default value for the readserver parameter
in ovdb.conf is now set to true. It improves stability and avoids deadlocks,
timing issues and corrupted ovdb databases.
* mailpost now removes empty header fields before attempting to post articles,
and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly generated header
field body. Also, mailpost now sanitizes header fields with regards to empty
continuation header lines. Thanks to Kamil Jonca for these bug reports.
* A new -z parameter has been added to mailpost to mention a list of header
fields to remove from the gated message. Thanks to Dieter Stussy for the
patch.
* Fixed a bug in inews that was rejecting articles containing header fields
whose length exceeded 998 bytes. This limitation is for the length of a single
line of a header field (and not for the length of the whole header field, as
it was wrongly the case).
* Added support for GnuPG's gpg binary (in addition to gpgv) in pgpverify.
Indeed, gpg still validates signatures made with weak digest algorithms like
MD5 whereas gpgv no longer do. Thanks to Thomas Hochstein for the patch,
which permits validating control articles for hierarchies that are still
using old PGP keys.
* Added similar support for GnuPG's gpg binary in perl-nocem to validate NoCeM
notices from issuers who are still using old PGP keys.
* A few commands listed in the "Control commands to INND" section in daily
Usenet reports were appearing as a mere letter; all of them are now properly
converted to meaningful words.
* The tlsprotocols parameter in inn.conf now recognizes the TLSv1.3 value
(for OpenSSL versions implementing TLS 1.3, that is to say starting from
OpenSSL 1.1.1).
* The buffindexed overview method will now hopefully work properly on systems
with a native page size larger than 16KB.
* Other minor bug fixes and documentation improvements.
Reference in New Issue View Git Blame Copy Permalink