news/inn: Update to 2.6.3

Changes in 2.6.3
================
* Fixed the selection of the elliptic curve to use with OpenSSL1.1.0 or later;
  NIST P-256 was enforced instead of using the most secure curve.
* A new inn.conf parameter has been added to fine-tune the cipher suites to use
  with TLS1.3: the tlsciphers13 now permits configuring them. A separate cipher
  suite configuration parameter is needed for TLS1.3 because TLS1.3 cipher
  suites are not compatible with TLS1.2, and vice-versa. In order to avoid
  issues where legacy TLS1.2 cipher suite configuration configured in the
  tlsciphers parameter would inadvertently disable all TLS1.3 cipher suites,
  the inn.conf configuration has been separated out.
* Fixed a regression since INN2.6.1 that prevented articles with
  internationalized header fields (that is to say encoded in UTF-8) from being
  posted.
* Support for Python3 has been added to INN. Embedded Python filtering and
  authentication hooks for innd and nnrpd can now use version3.3.0 or later of
  the Python interpreter. In the 2.x series, version2.3.0 or later is still
  supported.
  When configuring INN with the --with-python flag, the PYTHON environment
  variable, when set, is used to select the interpreter to embed. Otherwise,
  it is searched in standard paths.
  In case you change the Python interpreter to embed, make sure that the Python
  scripts you use are written in the expected syntax for that version of the
  Python interpreter. Notably, buffer objects have been replaced with memoryview
  objects in Python3, and UTF-8 encoding now really matters for string literals
  (Python3 uses bytes and Unicode objects).
  INN documentation and samples of Python hooks have been updated to provide
  more examples.
* When a Python or Perl filter hook rejects an article, innd now mentions the
  reason in response to CHECK and TAKETHIS commands. Previously, the reason was
  given only for the IHAVE command.
* nnrpd now properly logs the hostname of clients whose connection failed owing
  to an issue during the negotiation of a TLS session or high load average.

Changes in 2.6.2
================
* A new syntaxchecks parameter has been added in inn.conf. It permits
  controlling the level of checks performed by innd and nnrpd. Up to now, only
  one check can be enabled/disabled: when laxmid is mentioned in the values of
  this new parameter, INN accepts Message-IDs that contain .. in the left part,
  as well as Message-IDs with two @ (such Message-IDs would otherwise be
  considered as syntactically invalid). See the inn.conf(5) man page for more
  details.
  The check is disabled by default (no-laxmid), which corresponds to the legacy
  behaviour of INN2.6.1 and earlier.
* Use of the ovdb_server helper server is now the default when using the ovdb
  overview method, that is to say the default value for the readserver parameter
  in ovdb.conf is now set to true. It improves stability and avoids deadlocks,
  timing issues and corrupted ovdb databases.
* mailpost now removes empty header fields before attempting to post articles,
  and keeps trace of them in the X-Mailpost-Empty-Hdrs: newly generated header
  field body. Also, mailpost now sanitizes header fields with regards to empty
  continuation header lines. Thanks to Kamil Jonca for these bug reports.
* A new -z parameter has been added to mailpost to mention a list of header
  fields to remove from the gated message. Thanks to Dieter Stussy for the
  patch.
* Fixed a bug in inews that was rejecting articles containing header fields
  whose length exceeded 998 bytes. This limitation is for the length of a single
  line of a header field (and not for the length of the whole header field, as
  it was wrongly the case).
* Added support for GnuPG's gpg binary (in addition to gpgv) in pgpverify.
  Indeed, gpg still validates signatures made with weak digest algorithms like
  MD5 whereas gpgv no longer do. Thanks to Thomas Hochstein for the patch,
  which permits validating control articles for hierarchies that are still
  using old PGP keys.
* Added similar support for GnuPG's gpg binary in perl-nocem to validate NoCeM
  notices from issuers who are still using old PGP keys.
* A few commands listed in the "Control commands to INND" section in daily
  Usenet reports were appearing as a mere letter; all of them are now properly
  converted to meaningful words.
* The tlsprotocols parameter in inn.conf now recognizes the TLSv1.3 value
  (for OpenSSL versions implementing TLS1.3, that is to say starting from
  OpenSSL1.1.1).
* The buffindexed overview method will now hopefully work properly on systems
  with a native page size larger than 16KB.
* Other minor bug fixes and documentation improvements.
