Overview
Request 815424 superseded
- update to inn-2.6.3
+ Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
+ A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
+ Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from
being posted.
+ Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
+ When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
+ In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
+ INN documentation and samples of Python hooks have been updated to
provide more examples.
+ When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
+ nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
- renamed and refreshed inn-2.6.2.diff to inn-2.6.3.diff
- fix upstream URL
- (build)require openssl-devel and python-devel and build with
--with-python and --with-openssl support
- remove outdated/unknown configure options:
--enable-dual-socket, --enable-ipv6 and --with-etc-dir
- use 'Development/Languages/C and C++' as RPM group for the -devel
package
- require appropriate -devel packages for -devel package installs (forwarded request 814789 from lrupp)
- Created by mlschroe
- In state superseded
- Superseded by 840054
- Open review for opensuse-review-team
- Open review for factory-staging
Request History
mlschroe created request
- update to inn-2.6.3
+ Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or
later; NIST P-256 was enforced instead of using the most secure curve.
+ A new inn.conf parameter has been added to fine-tune the cipher suites
to use with TLS 1.3: the *tlsciphers13* now permits configuring them.
A separate cipher suite configuration parameter is needed for TLS 1.3
because TLS 1.3 cipher suites are not compatible with TLS 1.2, and
vice-versa. In order to avoid issues where legacy TLS 1.2 cipher
suite configuration configured in the *tlsciphers* parameter would
inadvertently disable all TLS 1.3 cipher suites, the inn.conf
configuration has been separated out.
+ Fixed a regression since INN 2.6.1 that prevented articles with
internationalized header fields (that is to say encoded in UTF-8) from
being posted.
+ Support for Python 3 has been added to INN. Embedded Python filtering
and authentication hooks for innd and nnrpd can now use version 3.3.0
or later of the Python interpreter. In the 2.x series, version 2.3.0
or later is still supported.
+ When configuring INN with the --with-python flag, the "PYTHON"
environment variable, when set, is used to select the interpreter to
embed. Otherwise, it is searched in standard paths.
+ In case you change the Python interpreter to embed, make sure that the
Python scripts you use are written in the expected syntax for that
version of the Python interpreter. Notably, buffer objects have been
replaced with memoryview objects in Python 3, and UTF-8 encoding now
really matters for string literals (Python 3 uses bytes and Unicode
objects).
+ INN documentation and samples of Python hooks have been updated to
provide more examples.
+ When a Python or Perl filter hook rejects an article, innd now
mentions the reason in response to CHECK and TAKETHIS commands.
Previously, the reason was given only for the IHAVE command.
+ nnrpd now properly logs the hostname of clients whose connection
failed owing to an issue during the negotiation of a TLS session or
high load average.
- renamed and refreshed inn-2.6.2.diff to inn-2.6.3.diff
- fix upstream URL
- (build)require openssl-devel and python-devel and build with
--with-python and --with-openssl support
- remove outdated/unknown configure options:
--enable-dual-socket, --enable-ipv6 and --with-etc-dir
- use 'Development/Languages/C and C++' as RPM group for the -devel
package
- require appropriate -devel packages for -devel package installs (forwarded request 814789 from lrupp)
dimstar_suse added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:92"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:92"
licensedigger accepted review
ok
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar declined review
%{_prefix}/lib/tmpfiles.d/inn.conf
Please use the provided macro %{_tmpfilesdir}/inn.conf
dimstar declined request
%{_prefix}/lib/tmpfiles.d/inn.conf
Please use the provided macro %{_tmpfilesdir}/inn.conf
dimstar_suse reopened request
Reopened via staging workflow.
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:adi:92"
dimstar_suse declined request
Declined via staging workflow.
superseded by 840054