Upstream changes:
2017-04-14: Marc Bradshaw <marc@marcbradshaw.net>
* commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:53:53 2017 +1100
Avoid use of $_ in read loop
RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
* commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:44:44 2017 +1100
Ensure PrivateKey file is closed properly.
Store PrivateKey file handle in lexical variable and close it
once we are done.
RT 120638: Mail::DKIM::PrivateKey does not close FILE
* commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Feb 27 12:08:11 2015 +1100
Allow greater control over signed headers
* commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Jan 23 09:54:02 2015 +1100
Allow greater control over which headers are signed by Signer
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
* New/changed functionality:
* a single DNS resolver is created for the lifetime of the program,
rather than reinitializing the resolver for each new query.
* bugfixes:
* fix the error message given when an invalid algorithm is
specified in the construction of Mail::DKIM::Signer.
* avoid Perl warning about use of an undefined value in several
places (rt.cpan.org issue #82913).
* speed- improved performance of parsing the message into lines
(rt.cpan.org issue #77902). Patch by Mark Martinec.
* fix DNS queries to use the correct method (txtdata) of Net::DNS
(rt.cpan.org issue #83170). Patch by Mark Martinec.
* fix issue with getting wrong error codes when q= tag is empty
(issue #3011005)
* anti-abuse- prevent a message with thousands of signatures from
thrashing the whole computer (issue #3010997)
* memory usage- significantly reduced memory footprint for
processing a message with a large header and many signatures
* fix error message given when no KeyFile has been specified
(issue #1889690)
* API changes:
* global subroutines resolver() or enable_EDNS0() in module
Mail::DKIM::DNS can be called to specify non-default options
to Net::DNS::Resolver (see also rt.cpan.org issue #80425).
* the Canonicalization::finish_header() method now expects a
argument to be passed to it. In the unusual case that you are
using this method from your own code, please update your code.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
* lib/Mail/DKIM/DkSignature.pm, Signature.pm: avoid calling lc() on
an undefined value (this generates warnings in Perl 5.12.x).
* lib/Mail/DKIM/PrivateKey.pm (load): fix bug where a private key file
named '0' could not be loaded
* lib/Mail/DKIM/DkSignature.pm (new): accept Key parameter when
constructing a DomainKey signature object
* t/external_signer.t: test use of an alternate object for Key
during a "sign" operation
* lib/Mail/DKIM/Signer.pm: document use of an alternate object for
PrivateKey objects
* lib/Mail/DKIM/Signer.pm: import PrivateKey.pm in this module,
rather than in the Algorithm modules
* lib/Mail/DKIM/PrivateKey.pm: document the sign_digest() method
* lib/Mail/DKIM/Algorithm/*: use sign_digest() rather than
sign_sha1_digest()
* t/public_key.t: test that DNS failure reason is given, when
DNS returns no results
* lib/Mail/DKIM/DNS.pm: bugfix (introduced by async_dns branch):
preserve $@ in case of no error
* lib/Mail/DKIM/{DNS,Signature,PublicKey,Policy}.pm: merged my
"async dns" branch
* lib/Mail/DKIM/Policy.pm: new fetch_async method, seems to work
* lib/Mail/DKIM/Signature.pm: new fetch_public_key method,
which starts an asynchronous query for the public key
referenced by this signature; redesign get_public_key to
know how to complete the query
* lib/Mail/DKIM/PublicKey.pm: new fetch_async method: starts a
query and returns a subref that when called will complete the
query
* lib/Mail/DKIM/DNS.pm: new query_async method: starts a query and
returns a subref that when called will complete the query
* MANIFEST: include sample_mime_lite.pl script in tarball
* lib/Mail/DKIM/DNS.pm: restart timer after a DNS lookup
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
Pkgsrc changes:
- Added LICENSE
Relevant changes since version 0.32:
====================================
Version 0.37 - released 2009-09-08
* New/changed functionality:
* ADSP records now check whether the domain itself exists, in
accordance to the ADSP specification
* bugfixes:
* fixed regexp used to detect header field names (issue #2803465)
* various fixes to ADSP checking
Version 0.36 - released 2009-06-02
* API changes:
* restore the as_string() method which was accidentally removed
in version 0.34
Version 0.35 - released 2009-05-22
* bugfixes:
* fixed a runaway regular expression in the canonicalization
routines (patch provided by Mark Martinec)
Version 0.34 - released 2009-05-20
* New/changed functionality:
* support for ADSP (author-domain-signing-practices) records
* removed support for pre-standardized DKIM signatures (i.e. these
are DKIM signatures without a v= or bh= tag).
* DNS resolver errors are detected and reported as such
* API changes:
* renamed Mail::DKIM::Policy to Mail::DKIM::DkPolicy. Programs using
the former name to create policy objects directly (though it would
be more expected to fetch the objects through
Mail::DKIM::Verifier) should update their code
* new policies() method in Mail::DKIM::Verifier for fetching all
applicable sender/author signing policies
* bugfixes:
* Signer object would die if first line of input wasn't a header
(rt.cpan.org issue #46179)
Version 0.33 - released 2009-03-10
* bugfixes:
* signature wrapping would sometimes cause improper preparation of
DKIM signatures, with "simple" canonicalization (issue #2257046)
* test scripts:
* the included corpus is now verified using a fake-DNS resolver,
which means the test corpus can validate even when your DNS
servers are really slow
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
Thanks to Julian Dunn in PR pkg/39031 for the notice. Since June CPAN-daily
messages were utf-8/base64 encoded and my procmail recipes did not handle
that...
Pkgsrc changes:
- Does not require security/p5-Digest-SHA1 anymore.
- Does not require devel/p5-Error anymore (already unnecessary for 0.29).
Changes since version 0.30:
===========================
Version 0.32 - released 2008-06-03
* removed requirement for Digest::SHA1 (issue #1832549).
We now use the more capable Digest::SHA module for SHA-1 and SHA-256.
* bugfixes:
* granularity checking should be case-sensitive (issue #1938112).
* identity tag now uses quoted-printable encoding (issue #1839015).
* API improvement:
* implemented identity_source() for DkSignature objects
Version 0.31 - released 2008-04-14
* some error detail messages were changed (see ChangeLog, 2008-01-10 entry)
* by default, and when possible, DKIM signatures now omit c= and q= tags
(they are optional tags) (issue #1878518)
* DKIM and DomainKey signatures are now wrapped so that line breaks
occur before colon (':') separators instead of after; this avoids
confusing some broken MUAs (issue #1868648)
* bugfixes:
* "undef value" error when DKIM signature appears at end of header
(issue #1878954)
* use proper regexp for splitting email address (issue #1878994)
* API improvements:
* can specify a domain for fetch_author_policy() (issue #1879197)
* can access a signature's public-key object (issue #1879215)
* can specify an OpenSSL-private-key object for PrivateKey->new()
(issue #1879209)
Version 0.30.1 - released 2008-01-24
* bugfix:
* email from cisco.com was failing to verify (issue #1878523)
Pkgsrc changes:
- none
Changes since version 0.29:
===========================
Version 0.30 - released 2008-01-10
* includes speed-up optimizations by Mark Martinec
* DomainKeys, implement proper identity matching...
a DomainKey-Signature's domain should match the From/Sender address
* several more test cases
* API improvements:
* accept additional arguments when creating Signer/Signature
* bugfixes:
* DomainKey-Signature headers were not "prettified"
* granularity ending with '*' was not checked correctly
* DomainKey-Signature granularity was checked against the wrong value
Pkgsrc changes:
- none
Relevant changes since version 0.28:
====================================
Version 0.29 - released 2007-11-08
* verifiers can now access all parsed signatures and their results,
not just signatures that were fully tested
* signer policies can now specify what private key file to use
* some other minor API improvements
* bugfixes:
* for DomainKeys signatures, fixed a compatibility issue handling
the h= tag
* for DKIM, signature expirations had been ignored
* for DKIM, signature identities did not have to match the domain
* for DKIM, public key granularity field had been ignored
Pkgsrc changes:
- Required version of p5-Crypt-OpenSSL-RSA changed to >=0.24.
Changes since version 0.26:
=====================================
Version 0.28
* fixed a bug with line-wrapping a signature at the wrong place
Version 0.27 - released 2007-07-25
* Sender signing policies are now better implemented
* Both Yahoo! DomainKeys signing policies and the under-development
IETF DKIM signing policies are supported
* Yahoo! DomainKeys policies can protect the Sender: header
* DKIM signing policies can protect the From: header
Look at Mail::DKIM::Verifier's fetch_author_policy() and
fetch_sender_policy() methods for hints.
Pkgsrc changes:
none
Changes since version 0.25:
===========================
Version 0.26 - released 2007-05-24
* recognize and generate v=1 signatures (DKIM is now RFC 4871)
Pkgsrc changes:
- Software does not accept any version of p5-Crypt-OpenSSL-RSA anymore.
Changes since version 0.24:
===========================
* we now only sign headers that IETF recommends for signing
* it's now possible to "prettify" outgoing signatures, but this feature
is not enabled by default. To enable, do a "use Mail::DKIM::TextWrap"
in your program that signs messages. (This may change in a future
release.)
Pkgsrc changes:
- Enabled DESTDIR support.
- Switched to using PERL5_SUB_INSTALLVENDORLIB (from lang/perl5/vars.mk)
instead of constructing a relative path for CHECK_INTERPRETER_SKIP myself.
Changes since version 0.22:
===========================
-- VERSION 0.24 --
2007-03-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm, lib/Mail/DKIM/Signature.pm,
lib/Mail/DKIM/KeyValueList.pm: fix for linebreaks in public key data;
provided by Mark Martinec.
* lib/Mail/DKIM/Signature.pm: fix default value q=dns/txt; this fixes a bug
for DKIM signatures without q= tags
* t/verifier.t: added six new tests that test problems with the public key
(e.g. revoked, syntax, etc.)
-- VERSION 0.23 --
2007-02-22: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: catch certain OpenSSL errors; tweak
diagnostics
* lib/Mail/DKIM/Verifier.pm: changed OpenSSL error catching code to
match that found in PublicKey; document more possible diagnostic codes
* lib/Mail/DKIM/Signature.pm: tweaked diagnostics for missing public key
* Makefile.PL: check for Test::Simple, which is required for `make test'
2007-02-21: Jason Long <jlong@messiah.edu>
* t/signer_policy.t: signature should still work even if no value is
returned from signer policy
* t/signer.t: now uses v=0.5 signature, which changes the signature
* t/verifier.t: added three tests of empty body messages
* lib/Mail/DKIM/Signer.pm: fixed bug where if signer policy was a
sub ref, and didn't return a true value, the message would get skipped
* lib/Mail/DKIM/Canonicalization/simple.pm: argh, hack for handling
empty body
* lib/Mail/DKIM/MessageParser.pm: fixed bug in handling of messages
without bodies
* lib/Mail/DKIM/Signature.pm: output v=0.5 signatures now
* scripts/dkimsign.pl: new --binary option to disable line-ending conversion
2007-02-19: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkSignature: provide default value for a= tag
(thanks to mark.martinec@ijs.si for the patch)
* t/corpus/good_dk_2.txt: test for missing q= and a= tags on DomainKey
signature
2007-02-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, DkSignature.pm: better diagnostic messages;
allow missing q= tag for domainkey signatures
(thanks to mark.martinec@ijs.si for the patch)
This version (from 0.19 and up) also recognises DomainKeys signatures in
addition to DKIM signatures.
Pkgsrc changes:
- Converted the paths of script files to be skipped during
"check-interpreter" phase from absolute to relative paths, otherwise it
wouldn't work anymore.
Changes since version 0.18:
===========================
Version 0.22 - released 2007-01-19
* fixes a couple very minor bugs
* some cosmetic changes to error messages
Version 0.21 - released 2006-11-29
* fixes two bugs, see ChangeLog for details
Version 0.20 - released 2006-10-24
* now supports verifying multiple signatures (the result returned is based
on the "best" available signature)
* now supports adding multiple signatures in one pass (to use this, you
need to create a "signer policy"; see scripts/dkimsign.pl for an example)
* now supports signing/verifying signatures for the older DomainKeys standard
* now implements Internet Draft draft-ietf-dkim-base-05, including:
* support for the version (v=) tag
* eliminated "control character detected in message" error message
Version 0.19 - released 2006-06-15
* now supports earlier versions of Perl (5.6.1 and up).
Pkgsrc changes:
- Removed p5-Crypt-RSA and p5-Crypt-OpenSSL-Bignum as direct requirements.
- Added patterns to CHECK_INTERPRETER_SKIP to avoid messages about missing
/usr/bin/perl.
Relevant changes since version 0.17:
====================================
* no longer depends on Crypt::RSA or Crypt::OpenSSL::Bignum.
Pkgsrc changes:
- The module is now available on CPAN, so changed MASTER_SITES accordingly.
- Changed HOMEPAGE to CPAN site because Jason Long's web site seems to
be down occasionally.
- Added Crypt::OpenSSL::Bignum as a requirement (listed in Makefile.PL)
because Mail::DKIM uses objects of that type (returned by
Crypt::OpenSSL::RSA::get_key_parameters).
- New requirement: security/p5-Digest-SHA
Relevant changes since version 0.14:
====================================
* implemented signing and verifying of a SHA-256 digest
* various new tests and a few bug fixes