Log Message:
update news/inn to version 2.6.3

Changes in 2.6.3

    * Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
      later; NIST P-256 was enforced instead of using the most secure curve.

    * A new inn.conf parameter has been added to fine-tune the cipher suites
      to use with TLS 1.3:  the *tlsciphers13* now permits configuring them.
      A separate cipher suite configuration parameter is needed for TLS 1.3
      because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
      vice-versa.  In order to avoid issues where legacy TLS 1.2 cipher
      suite configuration configured in the *tlsciphers* parameter would
      inadvertently disable all TLS 1.3 cipher suites, the inn.conf
      configuration has been separated out.

    * Fixed a regression since INN 2.6.1 that prevented articles with
      internationalized header fields (that is to say encoded in UTF-8) from
      being posted.

    * Support for Python 3 has been added to INN.  Embedded Python filtering
      and authentication hooks for innd and nnrpd can now use version 3.3.0
      or later of the Python interpreter.  In the 2.x series, version 2.3.0
      or later is still supported.

      When configuring INN with the --with-python flag, the "PYTHON"
      environment variable, when set, is used to select the interpreter to
      embed.  Otherwise, it is searched in standard paths.

      In case you change the Python interpreter to embed, make sure that the
      Python scripts you use are written in the expected syntax for that
      version of the Python interpreter.  Notably, buffer objects have been
      replaced with memoryview objects in Python 3, and UTF-8 encoding now
      really matters for string literals (Python 3 uses bytes and Unicode
      objects).

      INN documentation and samples of Python hooks have been updated to
      provide more examples.

    * When a Python or Perl filter hook rejects an article, innd now
      mentions the reason in response to CHECK and TAKETHIS commands.
      Previously, the reason was given only for the IHAVE command.

    * nnrpd now properly logs the hostname of clients whose connection
      failed owing to an issue during the negotiation of a TLS session or
      high load average.

Changes in 2.6.2

    * A new *syntaxchecks* parameter has been added in inn.conf.  It permits
      controlling the level of checks performed by innd and nnrpd.  Up to
      now, only one check can be enabled/disabled:  when *laxmid* is
      mentioned in the values of this new parameter, INN accepts Message-IDs
      that contain ".." in the left part, as well as Message-IDs with two
      "@" (such Message-IDs would otherwise be considered as syntactically
      invalid).  See the inn.conf(5) man page for more details.

      The check is disabled by default (*no-laxmid*), which corresponds to
      the legacy behaviour of INN 2.6.1 and earlier.

    * Use of the ovdb_server helper server is now the default when using the
      ovdb overview method, that is to say the default value for the
      *readserver* parameter in ovdb.conf is now set to true.  It improves
      stability and avoids deadlocks, timing issues and corrupted ovdb
      databases.

    * mailpost now removes empty header fields before attempting to post
      articles, and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly
      generated header field body.  Also, mailpost now sanitizes header
      fields with regards to empty continuation header lines.  Thanks to
      Kamil Jonca for these bug reports.

    * A new -z parameter has been added to mailpost to mention a list of
      header fields to remove from the gated message.  Thanks to Dieter
      Stussy for the patch.

    * Fixed a bug in inews that was rejecting articles containing header
      fields whose length exceeded 998 bytes.  This limitation is for the
      length of a single line of a header field (and not for the length of
      the whole header field, as it was wrongly the case).

    * Added support for GnuPG's gpg binary (in addition to gpgv) in
      pgpverify.  Indeed, gpg still validates signatures made with weak
      digest algorithms like MD5 whereas gpgv no longer do.  Thanks to
      Thomas Hochstein for the patch, which permits validating control
      articles for hierarchies that are still using old PGP keys.

    * Added similar support for GnuPG's gpg binary in perl-nocem to validate
      NoCeM notices from issuers who are still using old PGP keys.

    * A few commands listed in the "Control commands to INND" section in
      daily Usenet reports were appearing as a mere letter; all of them are
      now properly converted to meaningful words.

    * The *tlsprotocols* parameter in inn.conf now recognizes the "TLSv1.3"
      value (for OpenSSL versions implementing TLS 1.3, that is to say
      starting from OpenSSL 1.1.1).

    * The buffindexed overview method will now hopefully work properly on
      systems with a native page size larger than 16KB.

    * Other minor bug fixes and documentation improvements.