- Add dkim-stats option to install dkim-stats(8) FFR
- Only install dkim-stats(8) man page if dkim-stats option has been specified
2.5.4 2008/04/17
* Skip signatures with errors in dkimf_authorsigok().
* Avoid a NULL dereference in dkimf_config_reload() when starting
without a configuration file.
* Fix an alignment problem in dkimf_checkip(). Problem reported
by Jeff A. Earickson.
* LIBDKIM: Fix bug #SF1942387: Per RFC4871, disallow "l=" values
that exceed the size of the canonicalized message body.
2.5.3 2008/04/14
* Add "AllowSHA1Only" configuration option which permits operation
of verifiers that only know about SHA1. Without this, a
filter compiled with only SHA1 support will refuse to start
in verifier mode.
* Add "LogWhy" configuration parameter and "-W" command line flag
to request detailed logging about why a message was not
signed by the filter. Intended for debugging; not intended
for normal operation.
* Another tweak to parameters passed to db->open(). Based on patches
from Jukka Salmi and S. Moonesamy.
* Fixes in ares_parse() to match the current syntax. In particular,
deal with the fact that some of our tokens can legally appear
in e-mail addresses. Problem noted by S. Moonesamy of
Eland Systems.
* LIBDKIM: Evaluate key granularity against the "i=" value rather than
the value of the From: header per RFC4871. Problem noted by
Jason Long.
* LIBDKIM: Remove the chartable stuff from dkim-tables.c as it is
not used anywhere.
* LIBDKIM: Fix bug #SF1940302: Perform stronger validation of the value
of the "h=" tag.
Update for draft-kucherawy-sender-auth-header-14.
Add "subject" to "should_signhdrs" per RFC4871 section 5.5.
Fix bug #SF1911328: Restore proper behaviour of SignHeaders and
OmitHeaders, broken in the prior release's configuration
overhaul. Problem reported by Jason Molzen.
Fix bug #SF1912332: Fix parameters passed to db->open(). Problem
reported by Tony Earnshaw.
Fix bug #SF1912569: Initialize mutexes before entering test mode.
Patch from Kaspar Brand.
LIBDKIM: More boundary checking fixes in dkim_canon_selecthdrs().
Problem noted by Warren Horvath.
LIBDKIM: Fix bug #SF1820084: Return DKIM_STAT_MULTIDNSREPLY
if a DNS query returns multiple records.
2.5.2 2008/03/28
Preserve the sender's domain name outside of mlfi_eoh() as it's
now needed in mlfi_eom(). Problem noted by Andy Fiddaman.
Fix bug #SF1921873: Pass "-K" command line switch into the new
configuration handling code. Problem noted by Al Smith.
TOOLS: Fix flags portion of the TXT record output by dkim-genkey.
Problem noted by Michael Carland.
BUILD: Fix bug #SF1922422: Fix linker problems when POPAUTH is
defined.
Add "AutoRestartCount" and "AutoRestartRate" configuration
parameters to limit runaway restart loops.
Feature request #SF1735573: Add "AlwaysAddARHeader" option, which
will add an Authentication-Results of "none" for unsigned
messages from domains without a "strict" policy.
Feature request #SF1807748: Reload the configuration file on
receipt of SIGUSR1. Requested by Florian Sager.
Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a
"BodyLengthDBFile" feature, allowing a per-recipient decision
on whether or not to use an "l=" tag when signing. Patch
contributed by Daniel Black.
Feature request #SF1841955: Add an "Include" facility to the
configuration file.
Feature request #SF1876941: Make the syslog facility selectable.
Based on a patch from Jose-Marcio Martins da Cruz of Ecole
des Mines de Paris.
Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the
job ID to be included as part of the "authserv-id" in
Authentication-Results: headers. Based on a patch from
Jose-Marcio Martins da Cruz of Ecole des Mines de Paris.
Feature request #SF1890581: Attempt to clean up a UNIX domain
socket in the non-AutoRestart case as well. Requested
by Daniel Black.
Add "MilterDebug" configuration file option for requesting debugging
output from the filter.
Add "FixCRLF" configuration file option which activates the
DKIM_LIBFLAGS_FIXCRLF flag (see below).
Update to draft-ietf-dkim-ssp-03. In doing so, rename the
"UseSSPDeny" configuration option to "UseASPDiscard".
Handle an error from dkim_getsighdr() properly in mlfi_eom().
When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh()
between dk_verify() and dk_eoh() or a segmentation fault below
dk_body() could result.
LIBDKIM: Feature request #SF1823059: Export key, signature and
policy syntax checking capability via the API. Based on
a patch from Chris Behrens of Concentric Network Corporation.
LIBDKIM: Assert defaults for "c" and "q" tags when parsing
signature headers. Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Better handling of truncated DNS replies; instead of
just giving up if the "tc" (truncated) bit is set in the
reply, see if there was enough of a reply returned to be able
to complete the request.
LIBDKIM: Fix recycling bug in header canonicalizations which was
causing signatures other than the first one to fail in most
cases.
LIBDKIM: Add new dkim_chunk() interface.
LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there
were no valid signatures.
LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked"
CRs and LFs be converted to CRLFs during canonicalization
when signing.
LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs().
LIBAR: Eliminate a possible race condition in ar_dispatcher().
LIBAR: Timeouts passed to select() can't be bigger than 10^8.
Problem noted by S. Moonesamy of Eland Systems.
BUILD: Feature request #SF1876242: Install the filter in EBINDIR
and everything else in UBINDIR.
* LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c.
Patch from Geoff Adams.
* Update for latest Authentication-Results: header draft.
* Take advantage of some more features that were introduced with
milter v2 in sendmail 8.14.0:
* Report "hardfail" instead of "fail" on authentication failures,
in compliance with the Authentication-Results: draft.
* Fix use of "UseSSPDeny" to include handling of unsigned messages.
* Replace "gentxt.csh" with more robust "dkim-genkey" utility.
And *lots* more (the package in pkgsrc was 2 years+ old)
See RELEASE_NOTES for all the details
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
dkim-milter consists of two parts: A milter-based application
(dkim-filter) which plugs in to Sendmail to provide DomainKeys
Identified Mail service, and a library (libdkim) which can be used to
build DKIM-compliant applications or MTAs.
