Commit graph

46 commits

Author SHA1 Message Date
wiz
6eae1297d5 *: recursive bump for perl 5.34 2021-05-24 19:49:01 +00:00
manu
1fe3112dc9 Fix DKIM canonization of headers formatted as Name:\r\n\tValue
Submitted upstream as
https://github.com/trusteddomainproject/OpenDKIM/pull/119
2021-03-19 09:50:21 +00:00
wiz
00da7815c0 *: bump PKGREVISION for perl-5.32. 2020-08-31 18:06:29 +00:00
jperkin
982c63fe94 *: Remove obsolete BUILDLINK_API_DEPENDS.openssl. 2020-01-25 10:45:10 +00:00
jperkin
26c1bffc9f *: Recursive revision bump for openssl 1.1.1. 2020-01-18 21:48:19 +00:00
sborrill
12ba21475a opendkim: Fix build
Actually fix == bashism as referred to in patch's comment
2020-01-07 13:35:13 +00:00
christos
f3ea67ef8c make this work with OpenSSL-1.1 2019-11-24 23:20:40 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
wiz
93b46879c7 Recursive bump for perl5-5.28.0 2018-08-22 09:43:40 +00:00
rillig
b381c6e2f3 Sort PLIST files.
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:

  pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
2018-01-01 22:29:15 +00:00
wiz
73716d23de Bump PKGREVISION for perl-5.24.0 for everything mentioning perl. 2016-07-09 06:38:30 +00:00
jperkin
36e6903fd8 Remove the stability entity, it has no meaning outside of an official context. 2016-06-08 10:16:50 +00:00
jperkin
31ffe7cbb6 Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
2016-06-08 09:46:01 +00:00
pettai
a854379c39 2.10.3 2015/05/12
LIBOPENDKIM: Make strict header checking non-destructive.
                The last change to this code resulted in failing signatures.

2.10.2          2015/05/10
        Fix bug #221: Report a DKIM result of "policy" if MinimumKeyBits
                or UnprotectedKey cause the signature to result in a "pass"
                override.
        Fix bug #227: Revert removal of SenderHeaders configuration setting.
                Document that it is now limited to signature selection.
        LIBOPENDKIM: Fix bug #226: Deal with header fields that are
                wrapped before there's any content.
        CONTRIB: Update to contrib/systemd/opendkim.service.in
2016-03-18 06:16:18 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
agc
ddbf6ddecd Add SHA512 digests for distfiles for mail category
Problems found locating distfiles:
	Package mutt: missing distfile patch-1.5.24.rr.compressed.gz
	Package p5-Email-Valid: missing distfile Email-Valid-1.198.tar.gz
	Package pine: missing distfile fancy.patch.gz
	Package postgrey: missing distfile targrey-0.31-postgrey-1.34.patch
	Package qmail: missing distfile badrcptto.patch
	Package qmail: missing distfile outgoingip.patch
	Package qmail: missing distfile qmail-1.03-realrcptto-2006.12.10.patch
	Package qmail: missing distfile qmail-smtpd-viruscan-1.3.patch
	Package thunderbird24: missing distfile enigmail-1.7.2.tar.gz
	Package thunderbird31: missing distfile enigmail-1.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-03 23:27:00 +00:00
wiz
0982effce2 Recursive PKGREVISION bump for all packages mentioning 'perl',
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
2015-06-12 10:48:20 +00:00
pettai
1321e7dc3f 2.10.1 2015/02/03
Make DB_SIGNINGTABLE symbol available in Lua scripts.
        Fix bug #214: Handle arbitrarily large From: fields.
        LIBOPENDKIM: Fix bug #213: Remove "dkim_default_senderhdrs" from
                dkim.h.
        LIBOPENDKIM: Fix bug #219: Unresolved CNAMEs are not failures,
                according to the DNS (see RFC6604), so report them as
                NXDOMAIN or similar.

2.10.0          2014/12/27
        Feature request #182: Remove "AddAllSignatureResults".  All signature
                results will now be added via Authentication-Results header
                fields.
        Feature request #180: Rename "LDAPSoftStart" to "SoftStart" and apply
                it to SQL connections as well.
        Feature request #179: Add "IgnoreMalformedMail" option.
        Fix bug #183: Discontinue support for ADSP.  This removes the
                following configuration file items:
                AddAllSignatureResults  LocalADSP
                ADSPAction              NoDiscardableMailTo
                ADSPNoSuchDomain        On-PolicyError
                BogusPolicy             SendADSPReports
                DisableADSP             SenderHeaders
                LDAPSoftStart           UnprotectedPolicy
        Make "rrvs" and "smime" recognized Authentication-Results methods.
        LIBOPENDKIM: Feature request #157: Add dkim_mail_parse_multi().
        LIBOPENDKIM: Feature request #185: Add dkim_set_dnssec().
        LIBOPENDKIM: Fix bug #183: Discontinue support for ADSP.  This
                means all of the following:
                - the dkim_policy_t type has been removed
                - the DKIM_POLICY_* constants have been removed
                - the DKIM_PRESULT_* constants have been removed
                - passing DKIM_OPTS_SENDERHDRS to dkim_options() now
                  results in an error
                - the DKIM_PSTATE structure has been removed
                - all of the following functions have been removed:
                  dkim_policy(), dkim_policy_dnssec(),
                  dkim_policy_getqueries(), dkim_policy_getreportinfo(),
                  dkim_policy_state_free(), dkim_policy_state_new(),
                  dkim_policy_syntax(), dkim_getpolicystr(),
                  dkim_getpresult(), dkim_getpresultstr(),
                  dkim_set_policy_lookup(), dkim_test_adsp()
        LIBOPENDKIM: DKIM_LIBFLAGS_STRICTHDRS now also confirms syntactical
                validity of the From field before proceeding with a signing or
                verifying operation.
        CONTRIB: Fix bug #207: Clean up the "stats" directory.
        CONTRIB: Add "repute" directory which could eventually replace the
                PHP implementation.
        CONTRIB: Patches to systemd and init/redhat.
2015-03-15 23:02:34 +00:00
pettai
4dc6b6f9ed 2.9.3 2014/12/27
Fix bug #177: Plug leaking "result" structures when OpenLDAP is in use.
        Truncate configuration file lines at carriage return.
        Replace overlapping strlcpy() with memmove() in dkim_get_key_file().
        Patch #32: Re-arrange the execution logic to drop privileges in
                proper order.
        LIBOPENDKIM: dkim_header() is now a lot more strict about the input
                it will accept (see RFC5322 Section 2.2).
        LIBOPENDKIM: Tighten relaxed modes to break on only DKIM-defined
                whitespace characters.
        LIBOPENDKIM: Fix bug #208: If a signature fails to verify for either
                reason (header hash mismatched or body hash mismatched), set
                DKIM_SIGERROR_BADSIG so that Authentication-Results doesn't
                report a failure with "no signature error".
        TOOLS: Feature request #178: Add "-F" flag to opendkim-genzone so
                records are created with the FQDN.
        REPUTATION: Handle parameters safely in repute.php.
2015-01-04 21:52:05 +00:00
jperkin
71fa94bf01 Support builtin libmilter. 2014-09-25 13:56:50 +00:00
fhajny
cb5c01d6a9 Add SMF manifest for opendkim and default dir for key/table storage. 2014-09-10 14:01:36 +00:00
pettai
7e87ce5d06 2.9.2 2014/04/02
Fix some conflicting unit tests.
        BUILD: Fix bug #195 part II: Compile all binaries with pthreads
                support as needed by libopendkim features.
        BUILD: Fix packaging damage with autobuild.

2.9.1           2014/03/15
        Feature request #177: Add "LuaOnlySigning" so that only the Lua setup
                script makes signing requests; suppresses automatic application
                of the signing table.
        Fix bug #185: odkim.signfor() wasn't processing its arguments properly.
        Fix bug #199: Fix use of uninitialized buffer when generating
                SMTP response strings due to ADSP rejections.
        Fix infinite loop when mlfi_connect() is called with a hostname
                starting with a "." character.  Reported by Philip Guenther.
        Fix loading of refiles when trailing spaces are present in the value.
        LIBOPENDKIM: Only call dkiml_dns_close() if there was a
                dkiml_dns_service handle set by dkiml_dns_init().  Also,
                when closing, reset that handle to NULL.
        LIBOPENDKIM: The various dkim_dns_set_*() functions, when passed a
                NULL function pointer, merely store it, making the
                corresponding function a no-op.  Previously, doing
                so restored the default.
        LIBOPENDKIM: Have dkim_sig_getreportinfo() return descriptors
                (if available) regardless of the signer's reporting parameters.
        BUILD: Fix bug #188: Clean up last remnants of libstrl.
        BUILD: Fix bug #190: Check for HAVE_SUN_LEN in opendkim-db.c.
        BUILD: Fix bug #191: Better minimum version checks for libmemcached.
        BUILD: Fix bug #192: Different test for libevent.
        BUILD: Fix bug #193: Don't throw away user-provided compilation
                variables.
        BUILD: Fix bug #195: Compile opendkim-genzone with pthreads support.
        BUILD: Fix bug #202: Fix pkg-config check for GNUTLS.
        BUILD: Fix bug #203: opendkim-genzone requires pthreads.
        BUILD: Patch #29: Look for libmilter in lib64.
        BUILD: Patch #30: Include libdl when linking in Lua.
        BUILD: Don't throw away user-provided compilation variables.
                Problem noted by Quanah Gibson-Mount.
        BUILD: Rename "--with-mdb" to "--with-lmdb" for consistency
                with that package's naming conventions.
        CONTRIB: Fix bug #184: Update to contrib/systemd/opendkim.service
        MILTERTEST: Add "polite" flag to mt_disconnect().
        TOOLS: Fix bug #187: Increase buffer size for the private key in
                opendkim-testkey.
        TOOLS: Fix opendkim-spam to match the schema found in stats/mkdb.mysql.
2014-06-09 14:59:05 +00:00
wiz
7eeb51b534 Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
2014-05-29 23:35:13 +00:00
jperkin
45bc40abb4 Remove example rc.d scripts from PLISTs.
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
2014-03-11 14:04:57 +00:00
tron
73d05e2276 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:17:32 +00:00
pettai
2917402513 2.9.0 2013/12/09
NOTE: During the development cycle for this release, SourceForge
                changed their bug numbering system.  Bug numbers are recorded
                here as they were generated by the current system at the time
                they were filed.  The older ones (prefixed "SF") have since
                been renumbered or may no longer be in the system.
        Feature request #169: Discontinue libxml2 support in the reputation
                code.
        Feature request #174: Drop internal libstrl implementation.
        Feature request #175: Discontinue support for libdkimrep.
        Feature request #176: Update to the final REPUTE RFCs.
        Activate _FFR_REDIRECT.
        Fix bug #178: Add support for "dmarc" as an authentication method
                (though it hasn't been formally registered yet) and fix
                a minor Authentication-Results parsing problem.
        Fix bug #179: Correct handling of SignatureTTL.
        Fix bug #180: Drain results object when doing a DB walk of a postgresql
                table.
        Fix bug #182: Add an Authentication-Results header field even for
                messages with no valid From: field or a fatal structural
                violation.
        Teach dkimf_db_walk() about LDAP soft starting, and don't escape the
                forced "*" when walking.  Also handle incorrect attribute
                counts without causing an assertion failure.
        Call dkimf_config_free() on shutdown so that all DBs get properly
                closed and everything gets deallocated.
        LIBOPENDKIM: Fix bug #168: Report an unresolved CNAME for ADSP records
                as simply absent.
        LIBOPENDKIM: Add DKIM_LIBFLAGS_REQUESTREPORTS to request that an
                "r=y" tag be added to signatures, per RFC6651.
        TOOLS: Fix boundary condition in opendkim-testmsg.
        DOCS: Feature request #168: Improve documentation of signature
                verification failure debugging features.
        DOCS: Feature request #172: Describe socket selection procedure in
                detail, and mention selinux command to get set up.
2013-12-12 14:11:32 +00:00
pettai
59b9952c74 2.8.4 2013/07/15
Fix bug #169: Add "::1" to the default InternalHosts list.
        Fix bug #171: Escape "+" character in regex generation.
        Fix bug #172: Repair broken AutoRestartRate logic.
        Fix bug #SF3603525: Discard duplicate results from non-DKIM methods.
        Fix bug #SF3611976: Fix up quarantine option handling.
        TOOLS: Fix bug #SF3609716: Fix meaning of "-S" in opendkim-genkey.
        BUILD: Fix bug #SF3612816: Build compatibility with Lua 5.2.
2013-09-21 22:30:43 +00:00
jperkin
b091c2f172 Bump PKGREVISION of all packages which create users, to pick up change of
sysutils/user_* packages.
2013-07-12 10:44:52 +00:00
pettai
869afce50c Missed some PLIST changes in the previous commit 2013-06-15 19:19:25 +00:00
pettai
3b55b4b0bd 2.8.3 2013/05/04
Log something when refusing to sign because the private key was too
                small.  This also adds a new "On-SignatureError" handler
                setting, and a new status code DKIM_STAT_SIGGEN.
        Fix application of "On-InternalError" setting.
        Feature request #SF3609496: Don't apply reputation checks to internal
                clients.

2.8.2           2013/03/27
        Authentication-Results tokens should be checked without case
                sensitivity.
        Fix snprintf() arguments in dkimf_checkfsnode().
        CONTRIB: Patch #SF3608716: Fixes to spec/opendkim.spec.in

2.8.1           2013/03/19
        Fix bug #SF3607071: Report the reason why a key file is determined
                to be unsafe.
        Fix bug #SF3607072: When checking for key file safety, take any
                "-u" value provided on the command line into account.
        Fix bug #SF3608401: Solaris 10 doesn't have strsep().
        BUILD: Fix build for versions of libdb between 3.1 and 4.6.

2.8.0           2013/02/25
        Feature request #SF2964383: Add DKIM_LIBFLAGS_STRICTRESIGN, which
                inhibits signing of a handle tagged for resigning when the
                attached verifying handle had no valid signatures in it.
        Feature request #SF3155117: Do a more thorough check for writeable
                key files, checking more of the filesystem permission tree.
        Feature request #SF3530734: Add "LDAPDisableCache", which suppresses
                the creation of a local cache in front of LDAP queries.
        Feature request #SF3547359: If compiled with libcurl, add "SMTPURI"
                configuration option that allows direct SMTP transmission
                failure reports.
        Feature request #SF3578197: Allow per-message override of the list of
                header fields to be signed.
        Feature request #SF3590860: Combine collected reputation values into
                an overall allowed rate under _FFR_REPRRD, as is done for the
                other reputation code.
        Feature request #SF3598991: Add odkim.signfor() function to the Lua
                setup script.
        Feature request #SF3599409: Modify dkimf_checkip() to try surrounding
                the IP address part of every query with square brackets, which
                is a common way to do IP address literals in email contexts.
        Fix bug #SF3531477: Add (hopefully temporary) configuration option
                "DisableCryptoInit" so that opendkim's initialization of the
                crypto library doesn't conflict with the same work done by
                other libraries.
        Fix bug #SF3599901: Rename "InsecureKey" to "UnprotectedKey" and
                "InsecurePolicy" to "UnprotectedPolicy", as the term "insecure"
                in reference to a key is sometimes interpreted to mean "not
                enough random bits" rather than as a keyword describing the
                presence or absence of DNSSEC protection.  What's logged in
                Authentication-Results header fields has been similarly
                modified.
        Fix bug #SF3604525: Don't divide by zero when the query cache hasn't
                been used.
        Protect against handling of signatures with empty domains, which could
                cause a NULL dereference and a crash.
        Do ATPS checks when enabled even if ADSP is disabled.
        Don't fail to start on empty or null configuration files.
        Patch #SF3593422: Update for MDB 0.9.5 support.
        LIBOPENDKIM: Fix header canonicalization when DKIM_LIBFLAG_FIXCRLF is
                used in combination with dkim_chunk().
        LIBOPENDKIM: Enable dkim_getcachestats() and the underlying function
                to extract the current number of keys in the cache, and also
                provide a counter reset mechanism.
        BUILD: Feature request #SF3547151: Check for Lua package name variants
                in use on Debian.
        BUILD: Feature request #SF3599902: Change OpenSSL existence test
                to help with Debian packaging.
        BUILD: Add "--with-test-socket" to force all of the filter unit tests
                to use a specific socket.
        BUILD: Add checks for strlcat()/strlcpy() in libbsd.
        CONTRIB: Fix bug #SF3575666: Pass pid file path to killproc.
        CONTRIB: Add systemd directory.
        CONTRIB: Split out initial key generation function from
                contrib/init/redhat/opendkim.
        MILTERTEST: Don't crash in mt_connect() if the socketspec doesn't
                contain a colon.
        MILTERTEST: When connect() fails for an AF_INET socket, it apparently
                leaves the socket unusable.  Discard the socket when that
                happens and get a new one.
        MILTERTEST: Add a way to extend the mt.connect() retry interval via
                environment variables so a large test suite can be easily
                extended on slow systems.
        TOOLS: Register DNS functions before calling dkim_dns_init() in
                opendkim-testkey.
        TOOLS: Add "-K" (keep temporary files) flag for opendkim-testmsg
2013-06-15 19:03:31 +00:00
wiz
d2ca14a3f1 Bump all packages for perl-5.18, that
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package

Like last time, where this caused no complaints.
2013-05-31 12:39:57 +00:00
pettai
6052388209 2.7.4 2013/01/06
Fix bug #SF3596147: Allow arbitrarily long configuration file lines.
        Fix bug #SF3596229: Fix logging of signature errors, which logged
                the domain name twice instead of the domain name and the
                selector.
        Safely handle incoming Authentication-Results fields with large number
                of tokens.
        Avoid mixing up status codes when processing conf_logresults, leading
                to confusing log entries.
        Fix ADSP logging.
2013-03-16 00:07:02 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
pettai
6fc66a9166 2.7.3 2012/11/29
Log DB error string in dkimf_add_signrequest(), and fix a DSN handling
                error in dkimf_db_strerror().
        LIBOPENDKIM: Ignore entries in the oversign header field name list
                that are empty, and an oversign header field name list that
                is present but empty.
        LIBOPENDKIM: Allow header field lists to be empty, flushing any that
                were previously defined.
        BUILD: Improve tests for including <strl.h>.
        REPUTATION: Use lowercase for keywords in REPUTE query generation
                and handling.
        STATS: Clean up a dead link in opendkim-genstats.

2.7.2           2012/11/14
        Log the author domain name when rejecting or discarding due to ADSP.
        LIBOPENDKIM: Improve re-entrancy of dkim_eoh() when verifying.
        LIBOPENDKIM: Only do a single read attempt of a private key under
                GNUTLS to avoid hiding a useful error code.
        STATS: Add long option support for opendkim-importstats.
        STATS: Fix overly-strict domain name rules in opendkim-reportstats.
        TOOLS: Fix opendkim-genkey subdomains default.
        TOOLS: Fix opendkim-testmsg GNUTLS initialization.
        TOOLS: Add ability to assert a reporter ID to opendkim-spam.
        TOOLS: Add ability to skip a fixed number of Received: fields.
        TOOLS: Print a warning when asked to generate a key smaller than
                the recommended minimum.
        BUILD: Fix bug #SF3585163: Use a provided libstrl if detected.
        BUILD: Portability fixes for Solaris 10 from Claus Assmann and
                Leena Heino.

2.7.1           2012/10/30
        Fix bug #SF3581657: Fix faulty logic in LDAP open code.
        Fix bug #SF3581743: Properly handle NULLs returned from OpenDBX
                queries and low field counts in dkimf_db_walk().
        In the _FFR_REPUTATION code, free JSON objects when done with them.
        TOOLS: Fix argument parsing in new version of opendkim-genkey.

2.7.0           2012/10/24
        Feature request #SF2964375: Reject configuration files that have
                a SigningTable referencing a missing or malformed KeyTable
                entry.
        Feature request #SF3544764: Support for libar has been discontinued.
                For asynchronous and/or thread-safe resolver service,
                use libunbound or a suitable version of BIND.
        Feature request #SF3545658: Replace "ResolvConf" with "Nameservers"
                and add support for NS list overrides for versions of bind
                that have res_setservers().  Also rename "UnboundConfigFile"
                to "ResolverConfiguration", and make "TrustAnchorFile"
                generally available.
        Feature request #SF3547124: Skip reputation checks on passing
                signatures whose keys had a "t=y" value.
        Feature request #SF3555842: Add "ReputationTest" setting.
        Feature request #SF3556439: Update opendkim-atpszone per RFC6541.
        Feature request #SF3559744: Add library option DKIM_OPTS_MINKEYBITS
                allowing one to specify a minimum number of key bits for
                acceptable keys and signatures.  This is exposed through new
                configuration file option "MinimumKeyBits".  The default
                is 1024.
        Fix bug #SF3536414: Activate _FFR_OVERSIGN, and remove
                DKIM_OPTS_ALWAYSHDRS.
        Fix bug #SF3536655: Rename "X-Header" to "SoftwareHeader", and rename
                all header fields added that start "X-" to remove that prefix,
                per RFC6648.  The old name will be accepted through the end
                of the 2.7.x line.
        Fix bug #SF3538896: Remove antiquated CVS Id: tags, which cleans up
                some (harmless) build warnings.
        Fix bug #SF3548741: Add "ReputationTimeout" for use inside
                _FFR_REPUTATION, rather than using the built-in default
                or a hard-coded one.
        Fix bug #SF3549307: Remove _FFR_REPUTATION_CACHE, as it is redundant
                to caching code that's part of _FFR_REPUTATION already.
        Fix bug #SF3555844: Get repute client code in sync with repute.php
                (and the current REPUTE WG drafts).
        Fix bounds checking in the dstring printf functions.
        Fix loop structure in the C side of odkim.get_rcpt().
        Change all temporary directory defaults from /var/tmp to /tmp.
        Activate _FFR_LUA_GLOBALS.
        Request the milter permissions required to get _FFR_REDIRECT working.
        Add _FFR_REPRRD, which is a second approach to DKIM-based reputation
                using round robin databases and Holt-Winters foreacasting
                using rrdtool (see http://oss.oetiker.ch/rrdtool/).  Still
                experimental.
        Patch #SF3555843: With sufficient verbosity, report the default
                configuration file path.  Patch from Andreas Schulze.
        BUILD: Fix bug #SF3531658: Move the strlcat() and strlcpy()
                implementations to their own library so that programs don't
                drag in crypto and other dependencies they don't need.
                Also clean up several other unnecessary dependencies imposed
                by imprecise use of autoconf.
        BUILD: Patch #SF3555845: Add support for older versions of libcurl.
        BUILD: Install non-user things in sbin instead of bin.
        LIBOPENDKIM: Feature request #SF3565006: Add dkim_add_querymethod()
                and dkim_sig_seterror(), define DKIM_CBSTAT_DEFAULT, and
                remove an assertion in dkim_get_key_dns(), which together
                allow for applications to develop non-standard key retrieval
                mechanisms.
        LIBOPENDKIM: Fix bug #SF3559080: Log correct domains and selectors
                with SSL errors.
        LIBOPENDKIM: Add DNS functions dkim_dns_config(), dkim_dns_init(),
                dkim_dns_nslist(), dkim_dns_set_init(), dkim_dns_set_close(),
                dkim_dns_set_nslist(), dkim_dns_set_config(),
                dkim_dns_set_trustanchor(), dkim_dns_trustanchor().
        LIBOPENDKIM: Patch #SF3562496: Add DKIM_OPTS_REQUIREDHDRS to allow
                alteration of the mandatory header field set.
        LIBOPENDKIM: If "q=" is present and method "dns" is specified, it
                must be followed by "/txt", per RFC6376.
        LIBOPENDKIM: For dkim_add_xtag(), copy the provided values so the
                caller doesn't have to keep them around.
        LIBOPENDKIM: Allow dual signing of a single body with dkim_resign().
        STATS: Fix bug #SF3555847: Add "--nocircles" to opendkim-gengraphs
                to allow operation with versions of gnuplot that don't know
                what "with circles" means.
        STATS: Patch #SF3555841: Temporary table SQL correction.
        TOOLS: Feature request #SF3553918: Add "-u" flag to opendkim-atpszone
                and opendkim-genzone enabling them to produce output suitable
                for use as input to nsupdate(8).
        TOOLS: Feature request #SF3558818: Teach opendkim-testkey about the new
                "ResolverConfiguration" setting.
        TOOLS: Fix bug #SF3565013: Replace opendkim-genkey with a perl script
                that knows how to do splitting of character-strings in DNS
                TXT records.
        TOOLS: Fix bug #SF3568846: Add "-t" to opendkim-testmsg to allow
                override of the directory where temporary files go.  Also,
                clean up temporary files after creating them.
        TOOLS: Add opendkim-rephistory.

This should fix PR pkg/47370.
2013-01-05 17:05:07 +00:00
pettai
0626cc86bb corrected the patchsum 2012-11-19 18:39:34 +00:00
pettai
a6735e8680 2.6.7 2012/07/23
Fix input handling for file data sets for the macro case.
        Ensure NULL-termination of macro value tests.
        STATS: Fix hang bug in opendkim-reportstats.
        STATS: Fix bug #SF3547363: Fix "Top 10" and DNSSEC trend reports.

2.6.6           2012/07/18
        LIBAR: Fix bug #SF3544522: Not all systems define a "_len" member for
                the sockaddr structures.
        LIBOPENDKIM: Fix bug #SF3545490: If the body handed to the library was
                missing a trailing line terminator, then dkim_canon_closebody()
                would end the hashes with some data not included.  Now, if
                DKIM_LIBFLAGS_FIXCRLF is set, it will detect this condition
                and correct it; if not, an error is returned.
        LIBOPENDKIM: If the job ID passed in during handle creation includes
                slashes and temporary file creation is enabled, convert the
                slashes to dots in the temporary file template.

2.6.5           2012/07/14
        Swap order of "header.d" and "header.i" values in
                Authentication-Results fields.
        BUILD: Fix bug #SF3543282: Corrections to Darwin/libar build adjustment
                made in 2.6.3.

2.6.4           2012/07/12
        Feature request #SF3542099: Include "header.d" in all
                Authentication-Results fields, not just "header.i".  This
                makes life easier for users of OpenDMARC.
        BUILD: Fix SHA256 test on some systems.

2.6.3           2012/07/11
        Add "ResolvConf" setting, allowing the ability to pass a
                resolv.conf-like file to unbound to allow specific nameservers
                to be used instead of the default.
        LIBOPENDKIM: Return the correct error code when a SHA1-only library
                encounters a SHA1 signature that references a SHA256-only key.
        LIBAR: Add ar_resolvconf().
        BUILD: Fix bug #SF3538676: Build with -DDARWIN on MacOSX, and default
                to arlib if unbound isn't selected.

2.6.2           2012/07/02
        Fix build confusion between _FFR_RATE_LIMIT and _FFR_RESIGN.
        Fix bug #SF3538639: Fix error when --domain is not provided to
                opendkim-genrates.  Problem noted by Andreas Schulze.
        Fix bug #SF3539449: Clarify legal "Socket" values.
        Fix bug #SF3539493: Handle certain cases of data set names that
                appear to be comma-separated lists which include IPv6
                addresses.

2.6.1           2012/06/25
        Restore and activate _FFR_SELECT_CANONICALIZATION.  Also adds a
                SelectCanonicalizationHeader configuration option.
        Remove _FFR_SELECTOR_HEADER.
        Update Authentication-Results parsing to understand "dkim-atps"
                (RFC6541) and no longer understand "hardfail" (RFC6577).
        LIBAR: Fix bug #SF3309946: Ensure the dispatcher doesn't hold the
                master lock when it might enter a read wait.
        STATS: Add a database index on messages.msgtime to aid with
                expiration performance.
        TOOLS: Feature request #SF3536385: Add "-a" to opendkim-genkey to
                include a domain name in the generated TXT record.

2.6.0           2012/06/07
        Feature request #SF3502777: Log all authentication results rather than
                relying on logging of Authentication-Results header fields.
        Feature request #SF3512286: Add "LDAPSoftStart" flag so the filter
                doesn't abort on startup when LDAP is not available.
        Feature request #SF3512836: Add _FFR_SOCKETDB, which enables support
                for a generic socket data set.
        Feature request #SF3514982: Add Erlang data set support.
        Feature request #SF3516253: Update to newest "repute" working group
                documents, which mainly means adding JSON support and
                promoting application-specific extensions to the top level
                in the reputon structure.
        Feature request #SF3518593: Add support for OpenLDAP's MDB as a
                data set backend.
        Feature request #SF3519002: Put reason information inside a "reason"
                tag in Authentication-Results header fields rather than in
                comments.
        Feature request #SF3521000: Log hostname and daemon name (taken from
                macros) when logging "no MTA name match".
        Feature request #SF3524756: Add ability to request TCP keepalive
                features via the OpenLDAP client library.
        Feature request #SF3529233: Add odkim.get_envfrom() to all Lua scripts.
        Fix bug #SF3518877: Separate variable expansion from literal text in
                opendkim-genkey.
        Fix bug #SF3522883: Allow TLS for ldapi URIs.  Problem noted by
                Quanah Gibson-Mount.
        Fix bug #SF3527428: Construct the LDAP URI list properly, rather than
                only keeping the last one, and add failover code.
        Patch #SF3522895: Add contrib/ldap/opendkim.ldif.
        Activate _FFR_XTAGS.
        Remove _FFR_SELECT_CANONICALIZATION.
        LIBAR: Fix bug #SF3444318: Do proper buffer size calculations to
                avoid valgrind warnings about references to unaddressable
                space.
        LIBOPENDKIM: Fix bug #SF3496041: Remove _FFR_PARSETIME.
        LIBOPENDKIM: Fix bug #SF3516653: By default, treat a syntax error
                in an ADSP record as an NXDOMAIN.  Add new library flag
                DKIM_LIBFLAGS_REPORTBADADSP to restore the original
                behaviour.
        LIBOPENDKIM: Fix bug #SF3524865: Disallow generation of signatures
                where signer and signing domain don't match per the DKIM
                specification.  Add DKIM_LIBFLAGS_DROPSIGNER which, if set,
                will still generate signatures in that case, but with the
                signer omitted so the signature is still compliant.
        BUILD: Fix bug #SF3425384: Add missing support for compiling
                against libevent2, which is an option for unbound.
        BUILD: Fix bug #SF3475799: Don't do a manual check for libdb.a.
                Use the AC_CHECK_* macros instead.
        DOCS: Fix bug #SF3518864: The license for IETF documents is not
                compatible with free software licensing, which makes packaging
                a bit of a chore.  Replace all the text files in the "docs"
                directory with a single HTML page that includes links to
                all the things we used to include here.
        STATS: Feature request #SF3110059: Move opendkim-reportstats from
                contrib/stats to stats, making it fully supported.
        STATS: Feature request #SF3525786: Add opendkim-expire script.
        STATS: Feature request #SF3528652: Allow a specific list of domains,
                possibly read from a file, for opendkim-gengraphs and
                opendkim-genrates.
2012-11-12 19:23:35 +00:00
asau
d70c8e374b Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days. 2012-10-08 12:19:01 +00:00
pettai
ed4ff7d258 2.5.2 2012/04/09
Fix bug #SF3496208: Replace stats/opendkim-genstats with a perl
                script so it's far more efficient.
        Fix bug #SF3514793: Pass proper flags to libdb when creating
                temporary LDAP caches.  Problem noted by Sergey Romanov.
        Fix a crash bug when using LocalADSP with a message with no
                parseable From: field.  Problem noted by John Merriam.
        Fix a crash bug when using LDAP with authentication when LDAPAuthUser
                is not defined.
        STATS: Fix bug #SF3510729: Convert stats/opendkim-gengraphs to a perl
                script.

2.5.1           2012/03/15
        Fix bug #SF3496131: Fix query cache build problem.
        Fix bug #SF3500660: Add Date: header field to generated reports.
        BUILD: A few subsidiary libraries need to know about -lresolv on
                systems that need it.  Reported by Scott Kitterman.
        STATS: Add "-E" command line flag to opendkim-importstats, forcing
                an abort on any input error.

2.5.0           2012/02/29
        #####################################################################
        ###                                                               ###
        ###  This release is dedicated to the memory of J.D. Falk, a      ###
        ###  tireless champion of anti-abuse technology and collaboration ###
        ###  and a founding member of the Board of the Trusted Domain     ###
        ###  Project, a participant in related IETF work, and a long-time ###
        ###  particpant and supporter of MAAWG.  J.D. was taken by cancer ###
        ###  on November 16, 2011.  His enthusiasm and perspective for    ###
        ###  all of this work will be sorely missed.                      ###
        ###                                                               ###
        #####################################################################
        Feature request #SF3385816: Discontinue DomainKeys support.
        Feature request #SF3393282: Update ARF output per
                draft-ietf-marf-authfailure-report-03 et seq.
        Feature request #SF3406814: Add ability to invoke chroot().
        Feature request #SF3477908: Update DKIM reporting per
                draft-ietf-marf-dkim-reporting-10.
        Add "WeakSyntaxChecks" suppressing some short-circuiting error checks
                on syntax.
        Allow a set of test files to be passed via "-t" rather than just one.
        Add _FFR_REPUTATION, and several new support libraries (in the
                libut/ and reputation/ directories) for doing DKIM-based
                reputation evaluations of arriving messages.  Full
                documentation of the algorithms will appear in an upcoming
                white paper.  This also includes several new configuration
                options that make use of reputation data pulled from servers:
                        ReputationCache
                        ReputationCacheTTL
                        ReputationLimits
                        ReputationLowTime
                        ReputationMinimum
                        ReputationLimitModifiers
                        ReputationRatios
                        ReputationSpamCheck
                        ReputationTimeFactor
                For now these are briefly documented in reputation/README.
                As this subsystem matures, they will be fully documented in
                opendkim.conf(5).
        Fix bug #SF3471520: Don't crash when the first line of a configuration
                file is an "Include" instruction.
        Fix bug #SF3475149: Apply RFC2254 encoding to LDAP queries.
        LIBOPENDKIM: Feature request #SF3317160: Per RFC6376, remove
                granularity checks.
        LIBOPENDKIM: Feature request #SF3385768: Add dkim_privkey_load(),
                allowing validation of a private key before reaching
                end-of-message.
        LIBOPENDKIM: Feature request #SF3423226: Copy header field name lists
                instead of using the caller's copy.
        LIBOPENDKIM: Update list of header fields that should be signed
                per RFC6376.
        LIBOPENDKIM: Don't report the absence of "c=" as an error, since
                there is a default.
        LIBOPENDKIM: Add DKIM_SIG_CHECK() macro.  Suggested by Heikki
                Gruner.
        LIBAR: Fix bug #SF2917856: Rename "ar.h" to "async-resolv.h" since
                "ar.h" is already in common use.
        STATS: Feature request #SF3397903: Drop all support for data needed
                for the DKIM Implementation Report, as it has been completed.
                Leave stuff that's useful for reputation R&D.
        STATS: Feature request #SF3402857: Modify opendkim-spam to be able
                to write update records to statistics files.
        STATS: Feature request #SF3439384: Make opendkim-importstats more
                backend-agnostic.
        TOOLS: Add opendkim-testmsg, for signing/verifying messages without
                all the milter code being invoked.
        CONTRIB: Add LDAP documentation and examples.
2012-06-16 20:20:15 +00:00
pettai
ec7403656d 2.4.3
Fix bug #SF3400670: Send ADSP failure reports when rejecting
                a message.
        Fix bug #SF3419149: Add MaximumSignedBytes to opendkim-config.h.
        Fix bug #SF3441240: Appy ReportBccAddress when generating ADSP
                reports.
        Fix bug #SF3447199: Fix logic preventing the application of the
                BodyLengthDB.
        Fix Authentication-Results generation with "AddAllSignatureResults"
                enabled.
        Fix a crash bug when trying to handle certain malformed header fields
                in verify-only mode.
        Improve error checking in the callback provided to libunbound to
                avoid crashes.
        Cope with versions of Sleepycat DB that crash when asking for a file
                descriptor for in-memory databases.
        Don't override "On-NoSignature" when "Quarantine" is set.
        Ignore header field names that contain semi-colons, as they produce
                syntactically invalid signatures.
        LIBOPENDKIM: Fix bug #SF3465400: Don't use "new" as a parameter name
                in dkim.h since that's an error for C++.
        LIBOPENDKIM: NOERROR is the same as NXDOMAIN for the purposes of
                the ADSP existence check.  Problem noted by Todd Nagengast.
        LIBOPENDKIM: Return DKIM_STAT_SYNTAX from dkim_header() if the header
                field name contained a semi-colon.
        LIBAR: After computing a timeout, if the fractional seconds portion
                adds to exactly a second, convert that amount to seconds.
                Previous versions only converted when the fractional portion
                exceeded a second.  This led to threads that spin
                indefinitely.  Problem noted by Todd Lyons and Gary Mills;
                forensic evidence revealing the problem at long last provided
                by Todd Lyons.
        STATS: Fix a crash bug in opendkim-importstats due to improper handling
                of NULL returns from SQL.

2.4.2
        Don't apply BodyLengthDB when not signing.
        LIBOPENDKIM: Update for draft-kucherawy-dkim-atps-06.
        LIBOPENDKIM: Terminate the strings returned by dkim_sig_getsubstring()
                and dkim_sig_getidentity() whenever possible.
        CONTRIB: Change "chkconfig" instruction in RHEL init script,
                and a minor tweak to the RPM spec file.

2.4.1           2011/06/28
        Fix bug #SF3312691: Add "-e" command line switch to extract a value
                from configuration.
        Fix bug #SF3324488: Accommodate postfix's job ID generation by moving
                the BodyLengthDB check down to EOH.
        Fix bug #SF3327106: Fix mode-based short-circuit logic.
        Patch #SF3321766: Remove "-d" from usage message (not implemented).
        Print database error strings instead of just return codes in
                query test mode, and clean up error strings when extracting
                them from the layers below.
        Minor fixes related to use of OpenDBX.
        LIBOPENDKIM: Fix bug #SF3328330: Correct generation of "z=" tags.
        LIBOPENDKIM: Patch #SF3313534: Improve thread-safe use of OpenSSL
                in dkim_init() and dkim_free().
        LIBOPENDKIM: Patch #SF3314269: Change all uses of off_t to ssize_t,
                as the former is reserved for use with filesystem APIs.
        LIBOPENDKIM: Make the user context pointer (void) rather than
                (const void) since the caller is allowed to change it.
        LIBOPENDKIM: Proper handling of DKIM_CBSTAT_ERROR from the prescreen
                and final callbacks.
        LIBOPENDKIM: Fix up initialization under _FFR_OVERSIGN.
        BUILD: Adjust gprof code to accomodate systems that put profiling
                output in <binary>.gmon rather than gmon.out.

2.4.0           2011/06/06
        Feature request #SF3060140: Extension of odkim.sign() to include
                maximum signed byte count.
        Feature request #SF3171865: Add _FFR_LUA_GLOBALS, enabling a
                mechanism to maintain state between Lua scripts.
        Feature request #SF3241982: Optionally add an Authentication-Results
                field for all signatures present, not just the first good one.
        Feature request #SF3256630: Add _FFR_RATE_LIMIT, enabling hooks for
                post-verification rate controls.
        Feature request #SF3290461: Add optional support for querying a
                memcache daemon via libmemcached.
        Feature request #SF3299041: Be tougher on use of the "l=" tag by
                removing "BodyLengths", renaming "BodyLengthDBFile" to
                "BodyLengthDB", and allowing pattern matches.  This
                effectively activates _FFR_BODYLENGTH_DB as well.
        Feature request #SF3303911: Add "DisableADSP" setting.
        In the stats recording code, only check for a domain match for
                signatures that don't have errors (i.e., short circuit if
                sigerror is not zero).
        LIBOPENDKIM: Feature request #SF2969516: Teach dkim_chunk() about
                DKIM_LIBFLAGS_FIXCRLF.
        LIBOPENDKIM: Feature request #SF3123731: Extend FixCRLF to cover
                header fields.
        LIBOPENDKIM: Feature request #SF3151534: Extract DKIM reputation
                support to its own library.
        LIBOPENDKIM: Feature request #SF3279589: Add _FFR_XTAGS, adding
                support for generic extension tags in signatures.
        LIBOPENDKIM: Feature request #SF3300738: Add dkim_sig_getqueries()
                and dkim_policy_getqueries() to assist API consumers that
                have their own DNS mechanisms not directly adaptable to ours.
        LIBOPENDKIM: Return an error from dkim_getsighdr() or
                dkim_getsighdr_d() if called after a key load failure.
        LIBAR: Check that the descriptor's write socket is writable before
                calling ar_sendquery() when trying to identify open requests
                that need retransmission.
        STATS: Feature request #SF3066106: Add "opendkim-anonstats" tool.
        CONTRIB: Paths in init/redhat/opendkim are now auto-generated.
        Activate _FFR_MAXVERIFY.
2012-02-23 17:45:32 +00:00
pettai
e712827934 Fixed pidfile path 2011-06-17 13:49:35 +00:00
pettai
79babc2764 Made some corrections to the rc script 2011-06-17 13:42:04 +00:00
adam
d22c77bae6 pkglint clean-up 2011-04-29 11:48:24 +00:00
pettai
b3cf9aff1d 2.3.2 2011/04/14
Fix bug #SF3067338: Create a pool of DB handles for SQL operations
                so that queries don't all share one serially.
        Fix bug #SF3156559: Don't compile Lua scripts anew for each execution.
        Fix bug #SF3210385: Fix issue with configuration reload failures
                having some side effects on the remaining active configuration
                handle.  Reported by Andreas Schulze.
        Fix bug #SF3235131: Don't report ADSP errors as signature errors
                in Authentication-Results header fields.
        Fix bug #SF3258459: Don't send progress messages during EOH.  Problem
                reported by Gary Mills.
        Fix bug #SF3276469: When generating "z=" tags, apply omit and sign
                header field lists.  Problem noted by Todd Lyons.
        Add ADSP processing error information to A-R header fields.
        LIBOPENDKIM: Use a time_t to store TTL and clock drift options
                rather than unsigned long.  Patch from Piotr Sikora.
        LIBAR: Include class and type in debugging messages.  Suggested
                by Gary Mills.
        LIBAR: Start the dispatcher on the first query, not in ar_init().
                Allows ar_init() to be called before a fork() safely.
        CONTRIB: Adjust installed path in RedHat start script.  Patch
                from Naresh V.
        CONTRIB: Require the current libopendkim in the opendkim definition
                in the RPM spec file.  Patch from Naresh V.

2.3.1           2011/03/28
        Feature request #SF3196060: Log retrieved reputation values.
                Patch from Andreas Schulze.
        Feature request #SF3199824: Don't log "no signature data" unless
                LogWhy is enabled or the action for unsigned mail is something
                other than "accept".
        Fix bug #SF3196069: Log more detail when dkimf_config_setlib() fails.
                Problem noted by Andreas Schulze.
        Fix bug #SF3197890: Update ARF report format for DKIM verification
                failures to use what's in draft-ietf-dkim-marf-reporting.
        Fix bug #SF3204725: Add "ReplaceHeaders" data set to constrain what
                header fields are affected by "ReplaceRules".  Problem
                noted by Chris Callegari.
        Fix bug #SF3211114: Extract "BaseDirectory" from configuration
                file properly.
        Fix bug #SF3234178: Correct handling of a KeyTable entry for which the
                key data is empty.  Based on a patch from Yoshiaki Yanagihara.
        Patch #SF3205699: Make all header field name and domain name data
                sets case insensitive.  Submitted by Richard Rognlie.
        Add a case-insensitivity flag to odkim.db_open().
        Minor correction to DNS function return codes for unbound, which
                doesn't have an expired/no-reply distinction like libar does.
        LIBOPENDKIM: Fix up timeout handling with a DNS callback is in use.
        LIBOPENDKIM: Update for draft-kucherawy-dkim-atps-03.
        STATS: Fix bug #SF3195449: Omit data from reporters that are not
                currently marked "enabled" in the reporters table.
        STATS: Evaluate "i=" against the "d=" domain, not the "From" domain.
                Problem noted by Mark Martinec.
        STATS: A few more reports.
        MILTERTEST: Don't use non-standard printf() conversions.
        MILTERTEST: Get the SMFIP_HDR_LEADSPC logic right.
        TOOLS: Feature request #SF3200848: Add a backgrounding option
                (on by default) to opendkim-spam.
2011-04-28 23:00:07 +00:00
pettai
7cb6fe3dd2 2.3.0 2011/02/21
Feature request #SF2964396: Allow SignHeaders, OmitHeaders and
                SenderHeaders to be specified as deltas to the default lists.
        Feature request #SF3053094: Correct documentation and improve function
                of the AuthservID configuration setting.  Requested by
                Andreas Schulze.
        Feature request #SF3060152: Add odkim.replace_header() function.
        Feature request #SF3060161: Add odkim.del_header() function.
        Feature request #SF3061189: Add new "quarantine" option to all the
                various "On-" settings.
        Feature request #SF3066104: Add "AnonymousDomains" configuration
                option.
        Feature request #SF3074290: Add _FFR_ATPS, experimental support for
                draft-kucherawy-dkim-atps.
        Feature request #SF3076684: Add "VBR-TrustedCertifiersOnly" flag.
        Feature request #SF3080604: Add odkim.parse_field() function.
                Requested by Todd Lyons.
        Feature request #SF3081697: Add "OversignHeaders" configuration
                option.
        Feature request #SF3085536: Activate _FFR_STATS_I, providing
                statistics reporting about use of "i=" in signatures.
        Feature request #SF3096630: Add odkim.rbl_check() function.
        Feature request #SF3097083: Make SigningTable accessible from Lua.
        Feature request #SF3103095: Allow "%" in a KeyTable entry's filename
                component as well as the domain name.
        Feature request #SF3105480: Improved VBR correctness; don't conduct
                VBR checks at all if there are disagreeing "mc" values in
                multiple VBR-Info header fields.
        Feature request #SF3106132: Allow "%" in a SigningTable's value.
        Feature request #SF3109963: Add "MaximumSignaturesToVerify" setting.
                Suggested by John Wood.
        Feature request #SF3110593: Add compile-time support for GnuTLS as
                an alternative to OpenSSL.  Suggested by Alessandro Vesely.
        Feature request #SF3136772: Sign the VBR-Info header field, if added.
                Requested by Frederik Pettai.
        Fix bug #SF3134119: With AutoRestart enabled, arrange to relay
                SIGUSR1 from the parent to the child rather than terminating.
                Reported by Yoshiaki Yanagihara.
        Fix bug #SF3141313: Trim whitespace from values in in-core data
                sets.  Reported by Todd Lyons.
        Fix bug #SF3156124: More robust handling of database disconnects.
                Also add _FFR_POSTGRESQL_RECONNECT_HACK, which will hopefully
                be temporary.  Reported by Miha Vrhovnik.
        Fix bug #SF3181180: Correct handling of quoted strings containing
                parentheses (and the opposite) when parsing
                Authentication-Results header fields.  Reported by
                Mark Martinec.
        Fix back-compatibility with very old implementations of milter in MTAs.
        Fix case-insensitive matching for domain names when doing signing
                selection.  Problem noted by John Espiro.
        New configuration file options:
                - "CaptureUnknownErrors", replacing the FFR of the same name
                - "DNSConnect", requesting the resolver use TCP mode
                - "KeepAuthResults", suppressing required removal of
                  Authentication-Results header fields
                - "ResolverTracing", adding detailed logging of libar activity
                - "StrictHeaders", requesing libopendkim to assert header
                  field counts according to the standards
                - "UnboundConfigFile", passing a configuration file name to
                  libunbound (suggested by Andreas Schulze)
                - "VBR-PurgeFields", removing "X-VBR-*" fields after using them
        Trim whitespace from the end of all values in a config file, not just
                strings.  Problem noted by Reuben Farrelly.
        Assume a default location for opendkim.conf.  Suggested by Andreas
                Schulze.
        Don't needlessly demand milter features, causing aborts when they're
                not available.  Problem noted by Todd Lyons.
        Make odkim.get_clienthost(), odkim.get_clientip() and
                odkim.get_fromdomain() available in the final script.
        When "SyslogSuccess" is active, log the selector and domain used.
                Suggested by Miha Vrhovnik.
        LIBAR: Feature request #SF3115073: Add flag for fine-grained activity
                logging for debugging purposes.
        LIBAR: Add support for using poll() instead of socket().
        LIBOPENDKIM: Feature request #SF3087029: Add DKIM_LIBFLAGS_STRICTHDRS.
        LIBOPENDKIM: Feature request #SF3089990: Add dkim_sig_getsignedhdrs().
        LIBOPENDKIM: Fix bug #SF3079094: Have dkim_diffheaders() take
                canonicalization into account when generating its results
                to avoid false positives.
        LIBOPENDKIM: Fix bug #SF3184670: Add error codes for missing and empty
                "v=" tags, thus avoiding a possible assertion failure when
                DKIM_LIBFLAGS_BADSIGHANDLES is in use.  Reported by J. Coloos.
        LIBOPENDKIM: Fix up handling of multi-TXT DNS replies inside
                dkim_get_policy_dns().
        LIBOPENDKIM: Add dkim_getid().
        LIBOPENDKIM: Treat no answers as an NXDOMAIN with respect to
                retrieving ADSP records.
        LIBOPENDKIM: When an unexpected DNS type or class is received,
                log the received values.
        LIBVBR: Feature request #SF3105477: Copy the generic DNS work from
                libopendkim.
        STATS: Feature request #SF3085536: Activate _FFR_STATS_I, providing
                statistics reporting about use of "i=" in signatures.
        STATS: Feature request #SF3125701: Add "s=" key value tracking.
        STATS: Feature request #SF3137445: Track key sizes.  Suggested by
                Todd Lyons.
        MILTERTEST: When asserting negotiation state, don't forget to capture
                what was negotiated.
        TOOLS: Feature request #SF3106876: Amend opendkim-testkey to return
                the DNSSEC results as well.
        TOOLS: Fix bug #SF3143922: Command line parameters to opendkim-testkey
                now override their configuration file counterparts.
        TOOLS: Experimental new "opendkim-spam" tool to let users update a
                stats database to indicate a message is spam, for possible
                later correlation use.
        BUILD: opendkim-genzone needs LIBCRYPTO_LDFLAGS.  Reported by
                John Smith.
        Activate _FFR_CAPTURE_UNKNOWN_ERRORS.
2011-03-13 23:31:31 +00:00
pettai
3f0387de0b 2.2.2 2010/11/28
Fix bug #SF2903325: Clean up numerous signed vs. unsigned warnings.
        Fix bug #SF3095782: When VBR is enabled, only perform a query when
                the "md" domain in the VBR-Info header field matches the
                "d" field for any valid signature.
        Fix bug #SF3105993: Better handling of missing records in Lua DB
                lookups.
        When reading keys, ensure what's being read is a regular file and
                not something else.
        Complain if TrustAnchorFile names something that can't be opened
                for reading.
        LIBOPENDKIM: Don't complain about multiple records returned if one
                of them was an RRSIG.
        LIBAR: Rework some I/O logic to avoid a deadlock when the nameserver
                becomes unresponsive during response processing.
        BUILD: Move all scripts and executables except opendkim to a bin
                directory for adminstrator convenience. They were previously in
                the sbin directory.
        BUILD: Fix bug #SF3101842: Fix opendkim-genzone build when OpenDBX
                is in use.
        BUILD: opendkim-testkey can require SASL build information when used
                with OpenLDAP, or Lua information when built with Lua.
        BUILD: Dissociate libopendkim and libunbound, as this is now handled
                through the application rather than the library.
        BUILD: Convert to using git for source code management.
        STATS: Additional reporting improvements.
        STATS: Fix bug #SF3107659: Add additional diagnostic output to
                opendkim-importstats when malformed input is found.
        TOOLS: Handle input generated with and without the _FFR_STATS_I
                extensions.

2.2.1           2010/10/25
        Avoid assertion failures when using "-V" and arlib.
        Fix "refile" loading.
        Fix collision between "ReputationRoot" and "StatisticsName" in the
                configuration file.
        Convert sender's domain name to lowercase prior to doing any database
                queries with it.  This was done before, but lost during the
                database overhaul in 1.2.0.
        Fix up Authentication-Results header field generation for VBR.
                Reported by Fredrik Pettai.
        Add _FFR_STATS_I enabling statistics reporting of "i=" signature
                properties.
        LIBOPENDKIM: Fix bug #SF3081964: dkim.h requires <sys/time.h>.
        LIBOPENDKIM: Fix bug #SF3087251: Use thread-safe resolver functions
                when avaialble.
        LIBOPENDKIM: Cancel completed reputation queries.
        LIBOPENDKIM: Simplify DKIM_OPTS_ALWAYSHDRS handling.
        LIBAR: Fix bug #SF3080720: Don't compute timeouts based on completed
                or dead queries.
        LIBVBR: Fix some pointer errors causing false negatives.
        TOOLS: Write "v=" tags in key records output by opendkim-genzone.

2.2.0           2010/10/03
        Feature request #SF2874043: Add _FFR_ADSP_LISTS allowing control over
                action taken when mail is sent to known lists from
                ADSP "discardable" sources.
        Feature request #SF2964366: Allow arbitrary data set operations
                from inside Lua script hooks.
        Feature request #SF2981598: Add "NoHeaderB" and "SingleAuthResult"
                settings so that only one Authentication-Results header field
                is added, and reduce its variability.
        Feature request #SF3013084: Add "DomainKeysCompat" setting.
        Feature request #SF3017358: Allow a token in the KeyTable that gets
                replaced with the sender's domain name.
        Feature request #SF3019876: Enable registration and use of generic
                DNS functions.
        Feature request #SF3021566: Change "ADSPDiscard" to "ADSPAction",
                allowing selection of what action to take when a message is
                determined by ADSP to be "discardable".
        Feature request #SF3023232: Allow selection of a signer (for the
                signature's "i=" tag) when calling odkim.sign() or via an
                optional second parameter in the SigningTable.
        Feature request #SF3024854: Always log a warning if a key file
                has unsafe group/other read/write bits set.  Further, if the
                new "RequireSafeKeys" setting is true, refuse to use the data.
        Feature request #SF3030548: Add _FFR_DEFAULT_SENDER, adding the
                "DefaultSender" setting.
        Feature request #SF3049483: Use ReportAddress for ADSP Reports and for
                the sender envelope address.
        Feature request #SF3056571: Extend signer selection in the SigningTable
                to include a token that will be replaced by the From:
                domain.
        Feature request #SF3062077: Allow the specification of additional
                recipients when delivering DKIM/ADSP failure reports through
                a new ReportBccAddress configuration option.
        Fix bug #SF3004995: Don't apply "SenderHeaders" to the library
                as that impacts how ADSP works.
        Fix bug #SF3025856: Fix "AllowSHA1Only", which was not working at all.
        Fix bug #SF3037504: Rework database schema and tools to meet revised
                reporting requirements.
        Fix bug #SF3051536: Allow disabling of reputation queries.
        Fix bug #SF3058204: Fix numerous possible double-free() incidents in
                dkimf_config_free().
        Fix PeerList to work with IPv6 addresses.
        Fix loop boundary check in dkimf_db_close().
        Fix assertion failure in dkimf_db_get() when used with a "match both"
                operation.
        Fix "LocalADSP", which was not working at all.
        Fix some Lua test mode logic and a build issue that prevented
                "ScreenPolicyScript" from working.
        Added MTACommand for overriding default (mainly for testing).
        Ignore "Domain" and "Selector" settings if "KeyTable" is set.
        Add "On-PolicyError" to configuration tables.
        Don't automatically temp-fail messages bearing signatures that
                reference revoked keys.
        Some fixes to the "final" Lua script self-test code.
        Include libmilter version in "-V" output.
        Single-thread DB queries done via OpenDBX handles as they can't be
                used to do parallel queries.
        Attempt to reconnect after SQL disconnections.
        Revise text/plain portion of policy reports.
        Fix up DSN parsing so that it is not needlessly restrictive.
        Add _FFR_STATSEXT: Allows arbitrary local extensions to statistics
                gathering via a fourth Lua script that can cause the
                generation of additional SQL insertion operations.
        LIBOPENDKIM: Feature request #SF3026287: Add dkim_getuser() function.
        LIBOPENDKIM: Feature request #SF3065035: Apply library query
                configuration to ADSP lookups as well, mainly to support
                auotmated testing.
        LIBOPENDKIM: Fix bug #SF3071368: Fix tiny memory leak in dkim_init().
        LIBOPENDKIM: Fix bug #SF3051762: Don't error out of dkim_get_key()
                when in test mode by testing signature-specific features when
                against dummy data.
        LIBOPENDKIM: Don't build against pthread libraries if not needed.
        LIBOPENDKIM: Add dkim_get_signer(), dkim_policy_state_new() and
                dkim_policy_state_free().
        LIBOPENDKIM: Don't assert a "g=" default when processing keys so that
                statistics reporting can tell whether or not it was originally
                there.
        LIBOPENDKIM: Minor fix to internal state machine when dealing with
                unsigned messages.
        LIBOPENDKIM: Rename DKIM_PRESULT_AUTHOR to DKIM_PRESULT_FOUND.
        LIBOPENDKIM: Improved error reporting from dkim_ohdrs().
        LIBOPENDKIM: Improved re-entrancy of dkim_eoh_verify().
        LIBOPENDKIM: Undefine DKIM_FEATURE_ASYNC_DNS (obsolete).
        MILTERTEST: Feature request #SF3005002: Enable testing of
                "unspecified" protocol family connections.
        MILTERTEST: Add "-u" option to report resource usage statistics on
                completion.
        MILTERTEST: Add mt.signal() to allow signaling of filters for things
                like configuration file reloads.
        MILTERTEST: Enhance mt.connect() to accept optional retry and interval
                arguments.
        MILTERTEST: Add "-w" option to request no waiting for the child process
                to exit and report status.
        MILTERTEST: Allow partial seconds argument to mt.sleep().
        TOOLS: Feature request #SF3004335: Add support to opendkim-testkey
                to get configuration file values and validate an entire
                KeyTable.
        TOOLS: Update opendkim-genkeys script to support
                draft-ietf-marf-dkim-reporting.
        TOOLS: Flip logic of "-a" flag to opendkim-stats.
        TOOLS: Fix bug #SF3037452: Change owner/group/mode of stats database
                when resetting it to whatever the replaced file had.
        CONTRIB: Add opendkim-reportstats, contributed by John Wood.
        BUILD: Fix --with-db.
        Activate _FFR_ZTAGS.
2011-02-21 00:04:21 +00:00
pettai
6eee611b7e OpenDKIM is an open source implementation of the DKIM (Domain Keys Identified
Mail) sender authentication system proposed by the E-mail Signing Technology
Group (ESTG), now standardized by the IETF (RFC4871). It also includes
implementations of the Author Domain Signing Practises (ADSP, RFC5617) and
Vouch By Reference (VBR, RFC5518) proposed standards.

The project started from a code fork of version 2.8.3 of the open source
dkim-milter package developed and maintained by Sendmail, Inc.
2010-10-19 23:11:42 +00:00