79 lines
4.6 KiB
Plaintext
79 lines
4.6 KiB
Plaintext
news/inn: Update to 2.6.3
|
||
|
||
Changes in 2.6.3
|
||
================
|
||
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or later;
|
||
NIST P-256 was enforced instead of using the most secure curve.
|
||
* A new inn.conf parameter has been added to fine-tune the cipher suites to use
|
||
with TLS 1.3: the tlsciphers13 now permits configuring them. A separate cipher
|
||
suite configuration parameter is needed for TLS 1.3 because TLS 1.3 cipher
|
||
suites are not compatible with TLS 1.2, and vice-versa. In order to avoid
|
||
issues where legacy TLS 1.2 cipher suite configuration configured in the
|
||
tlsciphers parameter would inadvertently disable all TLS 1.3 cipher suites,
|
||
the inn.conf configuration has been separated out.
|
||
* Fixed a regression since INN 2.6.1 that prevented articles with
|
||
internationalized header fields (that is to say encoded in UTF-8) from being
|
||
posted.
|
||
* Support for Python 3 has been added to INN. Embedded Python filtering and
|
||
authentication hooks for innd and nnrpd can now use version 3.3.0 or later of
|
||
the Python interpreter. In the 2.x series, version 2.3.0 or later is still
|
||
supported.
|
||
When configuring INN with the --with-python flag, the PYTHON environment
|
||
variable, when set, is used to select the interpreter to embed. Otherwise,
|
||
it is searched in standard paths.
|
||
In case you change the Python interpreter to embed, make sure that the Python
|
||
scripts you use are written in the expected syntax for that version of the
|
||
Python interpreter. Notably, buffer objects have been replaced with memoryview
|
||
objects in Python 3, and UTF-8 encoding now really matters for string literals
|
||
(Python 3 uses bytes and Unicode objects).
|
||
INN documentation and samples of Python hooks have been updated to provide
|
||
more examples.
|
||
* When a Python or Perl filter hook rejects an article, innd now mentions the
|
||
reason in response to CHECK and TAKETHIS commands. Previously, the reason was
|
||
given only for the IHAVE command.
|
||
* nnrpd now properly logs the hostname of clients whose connection failed owing
|
||
to an issue during the negotiation of a TLS session or high load average.
|
||
|
||
Changes in 2.6.2
|
||
================
|
||
* A new syntaxchecks parameter has been added in inn.conf. It permits
|
||
controlling the level of checks performed by innd and nnrpd. Up to now, only
|
||
one check can be enabled/disabled: when laxmid is mentioned in the values of
|
||
this new parameter, INN accepts Message-IDs that contain .. in the left part,
|
||
as well as Message-IDs with two @ (such Message-IDs would otherwise be
|
||
considered as syntactically invalid). See the inn.conf(5) man page for more
|
||
details.
|
||
The check is disabled by default (no-laxmid), which corresponds to the legacy
|
||
behaviour of INN 2.6.1 and earlier.
|
||
* Use of the ovdb_server helper server is now the default when using the ovdb
|
||
overview method, that is to say the default value for the readserver parameter
|
||
in ovdb.conf is now set to true. It improves stability and avoids deadlocks,
|
||
timing issues and corrupted ovdb databases.
|
||
* mailpost now removes empty header fields before attempting to post articles,
|
||
and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly generated header
|
||
field body. Also, mailpost now sanitizes header fields with regards to empty
|
||
continuation header lines. Thanks to Kamil Jonca for these bug reports.
|
||
* A new -z parameter has been added to mailpost to mention a list of header
|
||
fields to remove from the gated message. Thanks to Dieter Stussy for the
|
||
patch.
|
||
* Fixed a bug in inews that was rejecting articles containing header fields
|
||
whose length exceeded 998 bytes. This limitation is for the length of a single
|
||
line of a header field (and not for the length of the whole header field, as
|
||
it was wrongly the case).
|
||
* Added support for GnuPG's gpg binary (in addition to gpgv) in pgpverify.
|
||
Indeed, gpg still validates signatures made with weak digest algorithms like
|
||
MD5 whereas gpgv no longer do. Thanks to Thomas Hochstein for the patch,
|
||
which permits validating control articles for hierarchies that are still
|
||
using old PGP keys.
|
||
* Added similar support for GnuPG's gpg binary in perl-nocem to validate NoCeM
|
||
notices from issuers who are still using old PGP keys.
|
||
* A few commands listed in the "Control commands to INND" section in daily
|
||
Usenet reports were appearing as a mere letter; all of them are now properly
|
||
converted to meaningful words.
|
||
* The tlsprotocols parameter in inn.conf now recognizes the TLSv1.3 value
|
||
(for OpenSSL versions implementing TLS 1.3, that is to say starting from
|
||
OpenSSL 1.1.1).
|
||
* The buffindexed overview method will now hopefully work properly on systems
|
||
with a native page size larger than 16KB.
|
||
* Other minor bug fixes and documentation improvements.
|