|
|
|
|
Changelog for inn-devel-2.6.5-2.2.x86_64.rpm :
* Thu Feb 22 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN. * Thu Jul 14 2022 Michael Ströder - Update to version 2.6.5: * A new step in INN development has been achieved with the migration of the INN project to GitHub. * An up-to-date nocem.ctl file is provided with this release. You should manually update your nocem.ctl file with the new information recorded about NoCeM issuers, and make sure the right PGP keys are present on your system. * Up-to-date control.ctl and moderators files are provided with this release. You should manually update them (notably for the fido7. * hierarchy). * Added a stricter validation of article numbers given in NNTP commands so that numbers superior to 2^31 are correctly considered invalid. Thanks to Richard Kettlewell for the patch. * Added a check in rc.news for the existence of the *pathrun * directory. INN won\'t start until this directory is writable. Previously, it bailed out quickly after starting, without clear logs about why it failed. * Fixed parallel builds using \"make -j\". Thanks to Richard Kettlewell for the path. * nnrpd now properly gathers timer statistics when a compression layer is active. * nnrpd now properly discards data received from a news client after a timeout when a TLS layer is active. It previously tried to read incoming data before closing the socket, leading to decoding errors from an underlying compression or SASL layer. * innfeed and ovdb_stat now generate status reports in valid HTML syntax. * Fixed a bug in the buffindexed overview that prevented it from working on several systems, amongst them FreeBSD. Unsupported, and useless, permission bits were given to semaphores. * Fixed the detection of library paths at configure time: multilib directories (lib32 or lib64) are now also used if they exist, even it the system does not use multilib. It will notably fix the detection of the OpenSSL 3.0.0 library. * The *tlscertfile * parameter in inn.conf now permits the use of a complete certificate chain, instead of necessarily having to use * tlscafile * for additional certificates. * Added support for the new OpenSSL 3.0.0 API, which deprecated a few functions. * The inn.conf default value for *tlsprotocols * no longer contains TLS versions 1.0 and 1.1, which have been deprecated by RFC 8996. * A new inn.conf parameter has been added to tune the length of the queue of pending connections to innd, nnrpd and the \"ovdb\" overview storage method: the *maxlisten * parameter now permits configuring their listen backlog, whose previously hard-coded values were 128 for nnrpd and 25 for the others, which was not high enough for some uses. The default value is now 128 for all of them, and configurable in inn.conf. Thanks to Kevin Bowling for the patch. * The name of seven man pages for routines built in libinn(3) are now prefixed with libinn_ so as not to consume namespace and conflict with other packages (notably, the list(3) and uwildmat(3) man pages are now named libinn_list(3) and libinn_uwildmat(3)). * Other minor bug fixes and documentation improvements, notably a revised installation checklist and a section summarizing the most used configuration at the beginning of a few complex man pages.- delete inn-2.6.4.diff patch- add inn-2.6.5.diff patch instead * Wed Dec 01 2021 Bjørn Lie - Update to version 2.6.4: + Bug Fix: nnrpd now adapts the length of the DH parameter used during a DHE key exchange so as to comply with the security level OpenSSL 1.1.0 or later expects. + New Features: * Added support for systemd notifications and socket activation. Use of more features provided by systemd, including more notifications, will come in future releases. * cnfsstat now also returns information about retired CNFS buffers: buffers mentioned in cycbuff.conf as a cycbuff but not declared in a metacycbuff. * Switch default innreport behaviour to the common practice of externalizing CSS into a separate file. Its name can be configured with the html_css_url parameter in innreport.conf. If this parameter is unset, the default innreport.css file name will be used and innreport will generate this CSS file for you. Previously generated reports are kept untouched, though, and will still contain inline CSS if you had not already set the html_css_url parameter in previous INN versions. * sm can now read and store any number of articles given in wire format on its standard input when both -s and -R are used. Only native format was previously possible. * Added new -a flag to rnews to disallow, if needed, the use of additional unpackers from the rnews.libexec sub-directory of pathbin (as set in inn.conf); only rnews and cunbatch will then be recognized as valid batch commands. * Added new -b flag to rnews to save rejected articles in the bad sub-directory of pathincoming (as set in inn.conf). Otherwise, rnews just logs and discards any articles that are rejected or cannot be parsed for some reason. * Added new -d flag to rnews to log via syslog the message-ID and the Path header body of each article rejected as a duplicate. * Added new --enable-hardening-flags configure-time option, enabled by default, to use hardening build flags like -fPIE and -fstack-protector-strong. This option can easily be disabled if the compiler or the platform does not support them well. More hardening build flags will eventually be added in future releases.- Rename inn-2.6.3.diff to inn-2.6.4.diff.- Use url in sources as far as possible. * Wed Sep 22 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified: * inn.service * Mon Jul 12 2021 Steve Kowalik - Switch BuildRequires to python3-devel, to build using Python 3. * Sun Dec 20 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) * Mon Nov 09 2020 mlsAATTsuse.de- rename the list.3 manpage to list-inn.3 as it conflicts with the list.3 manpage from the man-pages 5.09 package [bnc#1178534] * Sun Jun 14 2020 Lars Vogdt - update to inn-2.6.3 + Fixed the selection of the elliptic curve to use with OpenSSL 1.1.0 or later; NIST P-256 was enforced instead of using the most secure curve. + A new inn.conf parameter has been added to fine-tune the cipher suites to use with TLS 1.3: the *tlsciphers13 * now permits configuring them. A separate cipher suite configuration parameter is needed for TLS 1.3 because TLS 1.3 cipher suites are not compatible with TLS 1.2, and vice-versa. In order to avoid issues where legacy TLS 1.2 cipher suite configuration configured in the *tlsciphers * parameter would inadvertently disable all TLS 1.3 cipher suites, the inn.conf configuration has been separated out. + Fixed a regression since INN 2.6.1 that prevented articles with internationalized header fields (that is to say encoded in UTF-8) from being posted. + Support for Python 3 has been added to INN. Embedded Python filtering and authentication hooks for innd and nnrpd can now use version 3.3.0 or later of the Python interpreter. In the 2.x series, version 2.3.0 or later is still supported. + When configuring INN with the --with-python flag, the \"PYTHON\" environment variable, when set, is used to select the interpreter to embed. Otherwise, it is searched in standard paths. + In case you change the Python interpreter to embed, make sure that the Python scripts you use are written in the expected syntax for that version of the Python interpreter. Notably, buffer objects have been replaced with memoryview objects in Python 3, and UTF-8 encoding now really matters for string literals (Python 3 uses bytes and Unicode objects). + INN documentation and samples of Python hooks have been updated to provide more examples. + When a Python or Perl filter hook rejects an article, innd now mentions the reason in response to CHECK and TAKETHIS commands. Previously, the reason was given only for the IHAVE command. + nnrpd now properly logs the hostname of clients whose connection failed owing to an issue during the negotiation of a TLS session or high load average.- renamed and refreshed inn-2.6.2.diff to inn-2.6.3.diff- fix upstream URL- (build)require openssl-devel and python-devel and build with - -with-python and --with-openssl support- remove outdated/unknown configure options: - -enable-dual-socket, --enable-ipv6 and --with-etc-dir- use \'Development/Languages/C and C++\' as RPM group for the -devel package- require appropriate -devel packages for -devel package installs * Thu Jun 11 2020 Paolo Stivanin - Add -fcommon to allow building against GCC10 * Fri Jan 24 2020 mlsAATTsuse.de- change user to news before touching files in /var/log/news [bnc#1154302] [CVE-2019-3692]
|
|
|