Log message:
Update to 2.8.1
2.8.1 2009/01/16
LIBDKIM: Fix bug #SF2508602: Add a translation string for
DKIM_SIGERROR_KEYREVOKED and fix dkim_eom_verify() so it
returns DKIM_STAT_REVOKED when appropriate. Problem noted
by Mike Markley of Bank of America.
2.8.0 2009/01/08
Add configuration option "EnableCoredumps" which makes an explicit
kernel request for cores on crashes. Currently only meaningful
on Linux.
Add configuration option "AuthServID" which sets the \
"authserv-id"
token to use when generating Authentication-Results header
fields.
Report "fail" instead of "hardfail" on authentication failures,
in compliance with the Authentication-Results: draft.
Add _FFR_REPORT_INTERVALS, experimental support for the "ri" tag
extension to DKIM policy and key records for specifying
reporting intervals.
Feature request #SF1985886: Add _FFR_MULTIPLE_SIGNATURES, allowing
one instance of the filter to add multiple signatures.
Suggested by Dave Crocker.
Add "TemporaryDirectory" configuration file option for requesting that
libdkim use an alternate directory for creating temporary
files, and "KeepTemporaryFiles" for requesting that libdkim
not delete those files for debugging purposes.
Add optional support for the "unbound" asynchronous resolver
library as it is DNSSEC-aware. Adds four new configuration
file items: "BogusKey", "BogusPolicy", \
"InsecureKey" and
"InsecurePolicy". Also add dkim_sig_getdnssec()
and dkim_policy_getdnssec() to libdkim so callers can tell
what the DNSSEC evaluation result was for each query.
Based on a patch from John Dickinson.
Add "BaseDirectory" configuration file option for specifying
the desired current directory of the process.
Make use of the key and policy "rs" tag, if present, when doing
SMTP rejections.
Use MTA macro "$j" as the hostname in generated reports instead of
the output of gethostname() since on some systems the latter
may not be fully-qualified.
Remove ANTICIPATE_SENDMAIL_MUNGE, replacing it with a runtime check
for the milter v2 feature which suppresses the addition of
spaces in headers.
Add _FFR_COMMAIZE which attempts to predict the reformatting
the MTA will do to certain header fields to reduce verification
failures.
Add _FFR_DKIM_REPUTATION enabling a function used to query
an open DKIM reputation service regarding the signing user
and signing domain. The service's URL is
http://www.dkim-reputation.org. (EXPERIMENTAL)
Fix preloading of configuration defaults.
Fix bug #SF2236040: Quote all of the POSIX regular expression special
characters, not just some of them. Reported by Mark Martinec.
When possible, log the selector and domain of the signature evaluated
along with any errors in the libcrypto stack.
LIBDKIM: Add "smtpbuf", "smtplen" and "interval" \
parameters to
dkim_sig_getreportinfo() and dkim_policy_getreportinfo().
Also, remove the assertion that "addr" be non-NULL.
LIBDKIM: Add DKIM_LIBFLAGS_ACCEPTDK which enables compatibility
with DomainKeys-formatted key records.
LIBDKIM: Adjust signature formatting for legibility.
LIBDKIM: Check return status from dkim_canon_getfinal() to avoid
bad dereferences. Problem noted by Chris Behrens of
Concentric Network Corporation.
LIBDKIM: Render the DKIM handle unusable in dkim_eoh_sign() if a
required header was absent.
Activate _FFR_REQUIRED_HEADERS.
2.7.2 2008/09/02
Avoid memory leaks and infinite loops when releasing thread-specific
memory. Reported by Jeff Earickson.
2.7.1 2008/08/27
Set up required callbacks for OpenSSL thread-safety. Problem
noted by Zbigniew Szalbot.
Disallow empty "t=" and "x=" tags.
Return DKIM_STAT_KEYFAIL for various DNS key retrieval failures
instead of DKIM_STAT_INTERNAL.
2.7.0 2008/07/23
Update to draft-ietf-dkim-ssp-04. In doing so, rename "ASPDiscard"
to "ADSPDiscard", "ASPNoSuchDomain" to \
"ADSPNoSuchDomain"
and "SendASPReports" to "SendADSPReports" in the configuration
file.
Feature request #29738: Add "TrustSignaturesFrom" configuration
file item allowing fine-grained control over third-party
signature handling.
Feature request #SF2018848: Add "LocalADSP" feature allowing
policy assertions from domains known to have specific policies
but which don't publish ADSP records. Suggested by
Bruno Kraychete da Costa.
LIBDKIM: Fix an off-by-one overrun check in key and policy record
decoding. Problem noted by John Dickinson.
2.6.0 2008/06/11
Remove "signaturemissing" as an old-style configuration action
as it has been superseded by "ASPDiscard" and related
functions.
Add "SendASPReports" configuration option which generates ASP failure
reports if requested by the sending domain.
Update report generation for verification failures to use the
new Abuse Reporting Format (ARF) and DKIM Reporting
draft proposals.
Add "MustBeSigned" configuration option, requiring signatures to
cover specific headers if present.
Rename "UseASPDiscard" to "ASPDiscard".
Add "ASPNoSuchDomain" configuration option which rejects mail that
appears to come from nonexistent domains as reported by the
Author Signing Practises check.
Add "ReportAddress" configuration option, used for defining the
From: header of reports mailed out.
Yet another compatibility fix with respect to Sleepycat DB.
Fix processing of "LogWhy" configuration parameter. Problem noted
by Erik Lotspeich.
Add "-n" command line flag which parses the command line arguments
and configuration file(s), then exits with an appropriate
status code.
Report DKIM and ASP results separately via the same
Authentication-Results header field. Previous versions would
alter the DKIM result based on ASP.
Fix bug #SF1976931: Restore function of "nosignature" old-style
action configuration, connected to "AlwaysAddARHeader".
Problem noted by Lucas Brasilino.
Feature request #SF1940233: Add "DontSignMailTo" configuration option,
allowing a list of recipient patterns whose mail should not
be signed. Requested by Don Hughes.
LIBDKIM: Rename dkim_reportinfo() to dkim_sig_getreportinfo(),
and add dkim_policy_getreportinfo().
LIBDKIM: Add several more signature error codes covering various
key-related errors.
LIBDKIM: Add dkim_sig_hdrsigned() utility, DKIM_OPTS_MUSTBESIGNED
option, and DKIM_SIGERROR_MBSFAILED error code.
LIBDKIM: Fix a bug in the computation of the result for
dkim_canon_minbody().
LIBDKIM: Report corrupted base64 chunks instead of quietly
tolerating them.
LIBDKIM: Tidy up the cleanup code in dkim-canon.c.
LIBDKIM: Properly handle "tag=" at the end of a data set (i.e.
the tag exists and has an empty value).
LIBDKIM: Use larger unsigned data types in dkim_sig_future() as
was done elsewhere.
LIBDKIM: Always populate a DKIM_SIGINFO with domain and selector
before there's an opportunity for other parsing
short-circuits.
LIBDKIM: Fix bug #SF1984685: Remove the "margin" parameter from
dkim_getsighdr(); make it controlled by a new function,
dkim_set_margin(), so that the signed copy and the
user-requested copy are identical.
Activate _FFR_AUTHSERV_JOBID.
2.5.5 2008/04/25
Fix bug #SF1947301: Close up a logic problem in "UseASPDiscard"
handling which could cause false rejections of mail from
domains advertising "discardable" policies. Problem noted
by Doug Kingston.
LIBDKIM: Another compatibility fix with respect to Sleepycat DB.
|
Log message:
Update to 2.5.4
- Add dkim-stats option to install dkim-stats(8) FFR
- Only install dkim-stats(8) man page if dkim-stats option has been specified
2.5.4 2008/04/17
* Skip signatures with errors in dkimf_authorsigok().
* Avoid a NULL dereference in dkimf_config_reload() when starting
without a configuration file.
* Fix an alignment problem in dkimf_checkip(). Problem reported
by Jeff A. Earickson.
* LIBDKIM: Fix bug #SF1942387: Per RFC4871, disallow "l=" values
that exceed the size of the canonicalized message body.
2.5.3 2008/04/14
* Add "AllowSHA1Only" configuration option which permits operation
of verifiers that only know about SHA1. Without this, a
filter compiled with only SHA1 support will refuse to start
in verifier mode.
* Add "LogWhy" configuration parameter and "-W" command line flag
to request detailed logging about why a message was not
signed by the filter. Intended for debugging; not intended
for normal operation.
* Another tweak to parameters passed to db->open(). Based on patches
from Jukka Salmi and S. Moonesamy.
* Fixes in ares_parse() to match the current syntax. In particular,
deal with the fact that some of our tokens can legally appear
in e-mail addresses. Problem noted by S. Moonesamy of
Eland Systems.
* LIBDKIM: Evaluate key granularity against the "i=" value rather than
the value of the From: header per RFC4871. Problem noted by
Jason Long.
* LIBDKIM: Remove the chartable stuff from dkim-tables.c as it is
not used anywhere.
* LIBDKIM: Fix bug #SF1940302: Perform stronger validation of the value
of the "h=" tag.
|