Navigation:
Browse pkgsrc
(this page)| 2008-03-08 15:40:08 by Jukka Salmi | Files touched by this commit (2) |
Log message: add DESTDIR support |
| 2008-03-08 12:16:28 by Jukka Salmi | Files touched by this commit (5) |
Log message: Update from 2.4.4 to 2.5.0. This is a major release, adding a number of feature requests and making some changes in line with recent changes to relevant IETF specifications. In particular, one configuration file item has been renamed. Please me familiar with the changes as described below before upgrading. The formal release notes entry: 2.5.0 2008/03/06 Add "AutoRestartCount" and "AutoRestartRate" configuration parameters to limit runaway restart loops. Feature request #SF1735573: Add "AlwaysAddARHeader" option, which will add an Authentication-Results of "none" for unsigned messages from domains without a "strict" policy. Feature request #SF1807748: Reload the configuration file on receipt of SIGUSR1. Requested by Florian Sager. Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a "BodyLengthDBFile" feature, allowing a per-recipient decision on whether or not to use an "l=" tag when signing. Patch contributed by Daniel Black. Feature request #SF1841955: Add an "Include" facility to the configuration file. Feature request #SF1876941: Make the syslog facility selectable. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the job ID to be included as part of the "authserv-id" in Authentication-Results: headers. Based on a patch from Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. Feature request #SF1890581: Attempt to clean up a UNIX domain socket in the non-AutoRestart case as well. Requested by Daniel Black. Add "MilterDebug" configuration file option for requesting debugging output from the filter. Add "FixCRLF" configuration file option which activates the DKIM_LIBFLAGS_FIXCRLF flag (see below). Update to draft-ietf-dkim-ssp-03. In doing so, rename the "UseSSPDeny" configuration option to "UseASPDiscard". Handle an error from dkim_getsighdr() properly in mlfi_eom(). When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh() between dk_verify() and dk_eoh() or a segmentation fault below dk_body() could result. LIBDKIM: Feature request #SF1823059: Export key, signature and policy syntax checking capability via the API. Based on a patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Assert defaults for "c" and "q" tags when parsing signature headers. Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Better handling of truncated DNS replies; instead of just giving up if the "tc" (truncated) bit is set in the reply, see if there was enough of a reply returned to be able to complete the request. LIBDKIM: Fix recycling bug in header canonicalizations which was causing signatures other than the first one to fail in most cases. LIBDKIM: Add new dkim_chunk() interface. LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there were no valid signatures. LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked" CRs and LFs be converted to CRLFs during canonicalization when signing. LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs(). LIBAR: Eliminate a possible race condition in ar_dispatcher(). LIBAR: Timeouts passed to select() can't be bigger than 10^8. Problem noted by S. Moonesamy of Eland Systems. BUILD: Feature request #SF1876242: Install the filter in EBINDIR and everything else in UBINDIR. |
| 2008-01-27 17:25:53 by Jukka Salmi | Files touched by this commit (2) |
Log message:
Update from 2.4.3 to 2.4.4.
This is a minor patch reelase, fixing two uncommon crash bugs and tidying
up a couple of things. One of the crash bugs was introduced in 2.4.3 so
if you're running that version you should consider upgrading.
The formal release notes entry:
2.4.4 2008/01/25
In mlfi_close(), don't assume the libmilter private context pointer
is not NULL.
Fail to start up if told to load a key list which resulted in no
keys being loaded.
When "AutoRestart" is in use, the parent will now wait for the
child to terminate before exiting. Thus, something that
signals the process ID in the pid file can also wait on that
process to be gone before being sure that the service has
actually shut down.
Include the job ID when logging about Authentication-Results: headers
that can't be parsed. Problem noted by S. Moonesamy.
LIBDKIM: In dkim_policy(), skip invalid signatures during evaluation
of step 1 of SSP as the signature handle may not have been
fully populated.
|
| 2008-01-18 22:57:57 by Jukka Salmi | Files touched by this commit (2) |
Log message:
Update to 2.4.3. Changes since 2.4.2:
Request addition of an "i=" tag in the signature when signing for
subdomains. Patch from Alin Nastac.
TOOLS: Fix bug #SF1867259: "echo -n" is not portable. Problem
noted by Gary Mills.
TOOLS: Fix bug #SF1867869: Output of the "t=" value was incorrect
with respect to the "s" flag. Reported by Geoff Adams.
LIBAR: Further handling of the absence of "nameserver" lines in
resolv.conf, this time in the manual processing code.
LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c.
Patch from Geoff Adams.
LIBDKIM: Tighten up correctness of the first SSP test ("valid
originator signature") in dkim_policy(). Problem noted
by Alin Nastac.
BUILD: Fix bug #SF1818906: Update site.config.m4 to include a flag
for installing libdkim when compiling static libraries,
and installing dkim.h in either case. Requested by
Chris Behrens of Concentric Network Corporation.
|
| 2008-01-18 05:30:10 by Tobias Nygren | Files touched by this commit (174) |
Log message: Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@ |
| 2008-01-17 09:38:31 by Tobias Nygren | Files touched by this commit (1) |
Log message: wip/openssl -> security/openssl |
| 2008-01-07 18:09:33 by Jukka Salmi | Files touched by this commit (3) |
Log message: Update from 2.4.0 to 2.4.2. Changes: 2.4.2 2008/01/02 Remove "-H" from the usage message. It was meant to be a command line interface to "AlwaysSignHeaders" but was never implemented. Problem noted by Jeff Anton. LIBDKIM: Make dkim_islwsp() into a macro to drastically reduce the number of function calls made during canonicalization. LIBDKIM: Fix bug #SF1857484: Fix logic problem in dkim_policy() with the new pstate checks. Problem noted by Werner Wiethege; patch from Chris Behrens of Concentric Network Corporation. 2.4.1 2007/12/20 Update for latest Authentication-Results: header draft. Avoid a NULL dereference in dkim_get_key(). Problem noted by Chris Behrens of Concentric Network Corporation. Fix bug #SF1842970: Make the overall header byte count check configurable, and increase the default. Also, add "On-Security" (configuration file) and "security" (command line) options for controlling the default reaction to such conditions. While we're at it, add an "On-Default" and "default" option for making a global action setting. Requested by Mark Martinec. LIBAR: Fix bug #SF1852618: Handle default case of no "nameserver" lines in /etc/resolv.conf. Problem noted by Mike Markley of Bank of America. LIBDKIM: Fix bug #SF1824876: Add "dkim_pstate" and make dkim_policy() re-entrant. Requested by Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1843733, SF1843782: Tighten up header name matching in dkim_get_header() and dkim_get_sender(). Patches from Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1843788: Fix an off-by-one length bug in dkim_header(). Patch from Chris Behrens of Concentric Network Corporation. LIBDKIM: Fix bug #SF1850973: Remove MAXHDRCNT; make the arrays it previously defined dynamic. Reported by Mike Markley of Bank of America. LIBDKIM: Feature request #SF1841974: Numerous performance enhancements from Chris Behrens of Concentric Network Corporation. |
| 2007-12-05 19:56:13 by Jukka Salmi | Files touched by this commit (2) |
Log message:
actually install dkim-test{key,ssp} binaries...
|
| 2007-12-01 13:26:01 by Jukka Salmi | Files touched by this commit (5) |
Log message:
Update to 2.4.0. Changes since 2.3.2:
Take advantage of some more features that were introduced with
milter v2 in sendmail 8.14.0:
o If all canonicalizations are satisfied in terms of
length limits, advise the MTA to stop sending the
message body to reduce unneeded I/O.
o Turn off as many unnecessary SMTP protocol steps as
possible.
o Fail option negotiation if any of the milter features
required are not available.
o If specific MTA macros are to be used for making the
sign vs. verify decision, explicitly request them.
Prevent corruption in Authentication-Results: headers caused
by signatures that have explicit "i=" values.
Report "hardfail" instead of "fail" on authentication failures,
in compliance with the Authentication-Results: draft.
Amend the "-M" command line option and "MacroList" configuration
options to allow a list of possible values for each
macro.
Add _FFR_SELECTOR_HEADER, adding the means to choose which selector
(and thus which key) is used to sign based on the value
found in a particular header. Requested by Steve Jones
of Bank of America.
Add dkimf_dstring*() (dynamic string) functions and clean up some
code by making use of it.
Skip all the userid and group changes when either "-u" or \
"UserID"
is in use if the requested user is the same as the
executing user.
Fix use of "UseSSPDeny" to include handling of unsigned messages.
Fix bug #SF1834701: Log a warning and temp-fail the message if
a key list is in use that didn't match the sender for a
message which should be signed. Problem noted by Jim
Hermann.
Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do
substring replacement before signing to anticipate things
like the MTA "masquerade" and "genericstable" functions.
Requires further development.
Replace "gentxt.csh" with more robust "dkim-genkey" utility.
Feature request #SF1811962: Add new utilities "dkim-testkey" which
verifies that a public key is readable and properly formatted
and matches the locally-provided private key, and
"dkim-testssp" which retrieves a domain's sender signing
practises record and prints it in a human-readable form.
Based on code contributed by Daniel Black.
Feature request #SF1817253: Add "UMask" configuration file option.
Suggested by Daniel Black.
Feature request #SF1818863: Add a section to site.config.m4.dist
to request a build of the shared object version of libdkim.
Requested by Chris Behrens of Concentric Network Corporation.
Feature request #SF1834748: Use a more meaningful SMTP reply when
rejecting a message at the SMTP level due to SSP. Suggested
by S. Moonesamy of Eland Systems.
LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer
count comes back zero, rather than DKIM_STAT_CANTVRFY.
Problem noted by Chris Behrens of Concentric Network
Corporation.
LIBDKIM: Plug a memory leak in dkim_get_key(). Problem noted by
Chris Behrens of Concentric Network Corporation.
LIBDKIM: Replace a dicey memcpy() call with memmove(). Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback
return codes, and DKIM_STAT_CBERROR return code. Suggested
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add dkim_minbody() to determine how much more body text
is required to satisfy canonicalizations.
LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for
translation of SSP handling and policy codes into printable
strings.
LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can
be used to detect that the timestamp on a signature and the
value of the Date: header wildly differ. Incomplete.
LIBDKIM: If a message comes in with no properly-formed sender headers,
dkim_eoh() now renders the DKIM handle unusable by later
data processing calls.
LIBDKIM: Fix arithmetic in dkim_sig_expired().
LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return
from rfc2822_mailbox_split() (was previously only checking
for an error code or NULL domain). Problem noted by Chris
Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1819489: Fix signature header name check in
dkim_header(). Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Fix bug #SF1819559: Fix key granularity processing.
LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys.
LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up \
to 64 bits
since RFC4871 requires at least 40.
LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag.
LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated
list of values to parse.
LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable
so do appropriate decoding.
LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must
contain at least CRLF.
LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly
malformed signature headers. Problem noted by Chris Behrens
of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code
to use the draft-ietf-dkim-ssp-01 algorithm. Problem noted
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle
error returns from the subordinate lookup functions. Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822331: Use consistent return codes in
dkim_get_policy_dns(). Problem noted by Chris Behrens of
Concentric Network Corporation.
LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize
during verification, disregard spaces between the header name
and the colon (":") character. Problem noted by James
Sargent of AOL.
LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing
key and policy flags. Problems noted by Marc Martinec.
LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor
function for dkim_domain. Requested by Chris Behrens of
Concentric Network Corporation.
Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and
_FFR_SELECT_SIGN_HEADERS.
|
| 2007-10-21 12:58:58 by Jukka Salmi | Files touched by this commit (4) |
Log message: Update to 2.3.2. Changes since 2.3.1: Fix bug #25896: Fix a bug in parsing of "RemoveARFrom". LIBDKIM: Fix a bug in the key reuse block of dkim_get_key() which assumed that a domain and selector match guaranteed a copied key and key tag list. LIBDKIM: Fix bug #SF1812687: Fix handling check in dkim_get_policy(). Patch from Daniel Black. |
New packages: