Path to this page:
Subject: CVS commit: pkgsrc/news/inn
From: S.P.Zeidler
Date: 2021-01-02 15:18:22
Message id: 20210102141822.77383FA9D@cvs.NetBSD.org
Log Message:
update news/inn to version 2.6.3
Changes in 2.6.3
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
* Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from
being posted.
* Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
INN documentation and samples of Python hooks have been updated to
provide more examples.
* When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
Changes in 2.6.2
* A new *syntaxchecks* parameter has been added in inn.conf. It permits
controlling the level of checks performed by innd and nnrpd. Up to
now, only one check can be enabled/disabled: when *laxmid* is
mentioned in the values of this new parameter, INN accepts Message-IDs
that contain ".." in the left part, as well as Message-IDs with two
"@" (such Message-IDs would otherwise be considered as syntactically
invalid). See the inn.conf(5) man page for more details.
The check is disabled by default (*no-laxmid*), which corresponds to
the legacy behaviour of INN 2.6.1 and earlier.
* Use of the ovdb_server helper server is now the default when using the
ovdb overview method, that is to say the default value for the
*readserver* parameter in ovdb.conf is now set to true. It improves
stability and avoids deadlocks, timing issues and corrupted ovdb
databases.
* mailpost now removes empty header fields before attempting to post
articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
generated header field body. Also, mailpost now sanitizes header
fields with regards to empty continuation header lines. Thanks to
Kamil Jonca for these bug reports.
* A new -z parameter has been added to mailpost to mention a list of
header fields to remove from the gated message. Thanks to Dieter
Stussy for the patch.
* Fixed a bug in inews that was rejecting articles containing header
fields whose length exceeded 998 bytes. This limitation is for the
length of a single line of a header field (and not for the length of
the whole header field, as it was wrongly the case).
* Added support for GnuPG's gpg binary (in addition to gpgv) in
pgpverify. Indeed, gpg still validates signatures made with weak
digest algorithms like MD5 whereas gpgv no longer do. Thanks to
Thomas Hochstein for the patch, which permits validating control
articles for hierarchies that are still using old PGP keys.
* Added similar support for GnuPG's gpg binary in perl-nocem to validate
NoCeM notices from issuers who are still using old PGP keys.
* A few commands listed in the "Control commands to INND" section in
daily Usenet reports were appearing as a mere letter; all of them are
now properly converted to meaningful words.
* The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
value (for OpenSSL versions implementing TLS 1.3, that is to say
starting from OpenSSL 1.1.1).
* The buffindexed overview method will now hopefully work properly on
systems with a native page size larger than 16KB.
* Other minor bug fixes and documentation improvements.
Files: