Log Message:
Update to 2.4.0. Changes since 2.3.2:

	Take advantage of some more features that were introduced with
		milter v2 in sendmail 8.14.0:
		o If all canonicalizations are satisfied in terms of
			length limits, advise the MTA to stop sending the
			message body to reduce unneeded I/O.
		o Turn off as many unnecessary SMTP protocol steps as
			possible.
		o Fail option negotiation if any of the milter features
			required are not available.
		o If specific MTA macros are to be used for making the
			sign vs. verify decision, explicitly request them.
	Prevent corruption in Authentication-Results: headers caused
		by signatures that have explicit "i=" values.
	Report "hardfail" instead of "fail" on authentication failures,
		in compliance with the Authentication-Results: draft.
	Amend the "-M" command line option and "MacroList" configuration
		options to allow a list of possible values for each
		macro.
	Add _FFR_SELECTOR_HEADER, adding the means to choose which selector
		(and thus which key) is used to sign based on the value
		found in a particular header.  Requested by Steve Jones
		of Bank of America.
	Add dkimf_dstring*() (dynamic string) functions and clean up some
		code by making use of it.
	Skip all the userid and group changes when either "-u" or \ 
"UserID"
		is in use if the requested user is the same as the
		executing user.
	Fix use of "UseSSPDeny" to include handling of unsigned messages.
	Fix bug #SF1834701: Log a warning and temp-fail the message if
		a key list is in use that didn't match the sender for a
		message which should be signed.  Problem noted by Jim
		Hermann.
	Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do
		substring replacement before signing to anticipate things
		like the MTA "masquerade" and "genericstable" functions.
		Requires further development.
	Replace "gentxt.csh" with more robust "dkim-genkey" utility.
	Feature request #SF1811962: Add new utilities "dkim-testkey" which
		verifies that a public key is readable and properly formatted
		and matches the locally-provided private key, and
		"dkim-testssp" which retrieves a domain's sender signing
		practises record and prints it in a human-readable form.
		Based on code contributed by Daniel Black.
	Feature request #SF1817253: Add "UMask" configuration file option.
		Suggested by Daniel Black.
	Feature request #SF1818863: Add a section to site.config.m4.dist
		to request a build of the shared object version of libdkim.
		Requested by Chris Behrens of Concentric Network Corporation.
	Feature request #SF1834748: Use a more meaningful SMTP reply when
		rejecting a message at the SMTP level due to SSP.  Suggested
		by S. Moonesamy of Eland Systems.
	LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer
		count comes back zero, rather than DKIM_STAT_CANTVRFY.
		Problem noted by Chris Behrens of Concentric Network
		Corporation.
	LIBDKIM: Plug a memory leak in dkim_get_key().  Problem noted by
		Chris Behrens of Concentric Network Corporation.
	LIBDKIM: Replace a dicey memcpy() call with memmove().  Problem
		noted by Chris Behrens of Concentric Network Corporation.
	LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback
		return codes, and DKIM_STAT_CBERROR return code.  Suggested
		by Chris Behrens of Concentric Network Corporation.
	LIBDKIM: Add dkim_minbody() to determine how much more body text
		is required to satisfy canonicalizations.
	LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for
		translation of SSP handling and policy codes into printable
		strings.
	LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can
		be used to detect that the timestamp on a signature and the
		value of the Date: header wildly differ.  Incomplete.
	LIBDKIM: If a message comes in with no properly-formed sender headers,
		dkim_eoh() now renders the DKIM handle unusable by later
		data processing calls.
	LIBDKIM: Fix arithmetic in dkim_sig_expired().
	LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return
		from rfc2822_mailbox_split() (was previously only checking
		for an error code or NULL domain).  Problem noted by Chris
		Behrens of Concentric Network Corporation.
	LIBDKIM: Fix bug #SF1819489: Fix signature header name check in
		dkim_header().  Patch from Chris Behrens of Concentric
		Network Corporation.
	LIBDKIM: Fix bug #SF1819559: Fix key granularity processing.
	LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys.
	LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up \ 
to 64 bits
		since RFC4871 requires at least 40.
	LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag.
	LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated
		list of values to parse.
	LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable
		so do appropriate decoding.
	LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must
		contain at least CRLF.
	LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly
		malformed signature headers.  Problem noted by Chris Behrens
		of Concentric Network Corporation.
	LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code
		to use the draft-ietf-dkim-ssp-01 algorithm.  Problem noted
		by Chris Behrens of Concentric Network Corporation.
	LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle
		error returns from the subordinate lookup functions.  Problem
		noted by Chris Behrens of Concentric Network Corporation.
	LIBDKIM: Fix bug #SF1822331: Use consistent return codes in
		dkim_get_policy_dns().  Problem noted by Chris Behrens of
		Concentric Network Corporation.
	LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize
		during verification, disregard spaces between the header name
		and the colon (":") character.  Problem noted by James
		Sargent of AOL.
	LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing
		key and policy flags.  Problems noted by Marc Martinec.
	LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor
		function for dkim_domain.  Requested by Chris Behrens of
		Concentric Network Corporation.
	Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and
		_FFR_SELECT_SIGN_HEADERS.