INN 2.6.3 release candidate
Julien ÉLIE
julien at trigofacile.com
Wed Jan 16 20:55:51 UTC 2019
Hi all,
A release candidate for INN 2.6.3 can be downloaded at:
https://ftp.isc.org/isc/inn/testing/inn-2.6.3rc1.tar.gz
The MD5 checksum is: a53555c58221c2eab89b4f8b4c595b70.
A patch from 2.6.2 to 2.6.3rc1 is available in the same directory.
Feel free to report any issue you may encounter.
The final release is scheduled in February.
Changes from 2.6.2 to 2.6.3
* Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
* Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
INN documentation and samples of Python hooks have been updated to
provide more examples.
* When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
--
Julien ÉLIE
« First Guy (proudly): "My wife's an angel!"
Second Guy: "You're lucky, mine's still alive." »
More information about the inn-workers
mailing list