[ANNOUNCE] INN 2.6.3 available
rra at isc.org
Mon Feb 18 22:42:57 UTC 2019
Internet Systems Consortium is pleased to announce that a new bug-fix
release of INN is available at:
The MD5 checksum of this release is:
A PGP signature, signatures of SHA-1, SHA-256, and SHA-512 checksums, and
a patch from 2.6.2 to 2.6.3 are available in the same directory.
This is a bug-fix and minor feature release over 2.6.2. Upgrading an
existing INN 2.6.2 installation is as simple as building INN 2.6.3,
running make update, and restarting innd and related programs.
Many thanks to Julien ÉLIE for preparing this release.
Changes in 2.6.3
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
* Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
INN documentation and samples of Python hooks have been updated to
provide more examples.
* When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
INN is discussed on <inn-workers at lists.isc.org>. Please send any bug
reports or patches to that list.
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
Please post questions rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-announce