1
1
OPENDKIM RELEASE NOTES
2
$Id: RELEASE_NOTES,v 1.24 2009/09/16 18:38:19 cm-msk Exp $
2
$Id: RELEASE_NOTES,v 1.113.2.13 2010/03/21 13:07:48 cm-msk Exp $
5
5
This listing shows the versions of the OpenDKIM package, the date of
6
6
release, and a summary of the changes in that release.
9
Fix bug #SF2964376: Don't use dkim_getsighdr() internally during
10
signing as it presumes signatures will fit within a bounded
11
character array and sometimes (e.g. with extensive data in
12
a "z=" tag) they don't, leading to signing failures on valid
13
messages. Reported by James R. Marcus.
14
Fix bug #SF2969700: Remember to NULL-terminate key data loaded from
16
Don't use MAXHOSTNAMELEN as its value is unreliable.
17
LIBOPENDKIM: Return an error from dkim_get_key_dns() if the
18
query string is too big for a hostname buffer, rather than
19
sending the truncated string to DNS anyway.
20
LIBOPENDKIM: Ensure string termination in dkim_sig_getidentity()
21
when calling dkim_qp_decode(). Patch from Stefan
23
LIBOPENDKIM: In dkim_eom_sign(), don't change the handle's overall
24
state before erroring out if the chunking state is invalid.
25
BUILD: Fix bug #SF2969812: Don't install Lua sample files or man
26
pages when "--with-lua" isn't specified. Patch from
28
BUILD: Fix bug #SF2965318: Don't define USE_LUA when LDAP is enabled.
29
Problem noted by Guillaume Castagnino.
30
LICENSE: Change from 4-clause BSD license to 3-clause BSD license.
32
2.0.0 (Eve) 2010/03/05
33
Feature request #SF2917224: Add optional OpenLDAP support.
34
Feature request #SF2920389: Add CIDR support for IPv6 addresses.
35
Feature request #SF2937428: Add "ExemptDomains" configuration item.
36
Add optional Lua support, which enables a few script hooks for
37
fine-grained policy controls when signing and verifying,
38
and "miltertest", a new Lua-based scripting tool for
39
exercising milter applications.
40
Add "-Q" command line switch, putting the filter in query test mode
41
to exercise the database code.
42
Don't overwrite the signature verification status with that of the
43
policy query status, leading to spurious "bad signature data"
44
entries in the log. Problem noted by Roman Gelfand.
45
Fix database query order for PeerList, InternalHosts, etc. so that
46
negation works properly again.
47
Fix crash-on-shutdown bug related to the crypto utilities functions.
48
Drop "KeyList" in favour of "KeyTable" and "SigningTable" in the
49
configuration file. See the opendkim.conf(5) man page
50
for details. Also, "-K" has been dropped from the command
51
line, meaning multiple key support now requires use of the
53
Fixes in DB walk code for DB 1.85.
54
Fix bug #SF2936499: Clean up numerous compiler warnings.
55
Fix bug #SF2951494: Improve logic for doing ADSP queries and reporting
57
Fix bug #SF2961161: dkim_sig_getidentity() could return successfully
58
even if the provided buffer was too small to accept the
59
decoded value. Reported by Ale Vesely.
60
LIBOPENDKIM: Adjust dkim_sign() to accept base64-encoded DER private
61
keys as well as PEM-formatted keys.
62
LIBOPENDKIM: Several performance optimizations yielded from
64
LIBOPENDKIM: Fix a length computation that caused an invalid
65
snprintf() call. From a Gentoo bug reported by Tilman Giese.
66
LIBOPENDKIM: Fix compiler complaint about multiple definitions
67
of global variables. Reported by Maarten Oelering.
68
LIBOPENDKIM: Have dkim_eom() process all signatures instead of
69
stopping after finding one good one. Also add library flag
70
DKIM_LIBFLAGS_VERIFYONE, causing dkim_eom() to short-circuit
71
after finding one good signature while verifying (i.e.
72
reproducing the pre-2.0.0 behaviour).
73
LIBOPENDKIM: Feature request #SF2961427: Add dkim_libversion().
74
Requested by Ale Vesely.
75
TOOLS: Add "opendkim-genzone" which generates a BIND zone file
76
fragment based on a KeyTable that contains all of the
77
public keys required to match the configured private keys.
78
BUILD: Add "--enable-codecoverage" to add build steps that generate
79
profiling or code coverage reports when running unit tests.
80
BUILD: Compile opendkim-testadsp with pthread libraries in case
81
"--enable-arlib" was specified.
82
BUILD: Fix an m4 quoting error that had rendered "--enable-debug"
84
BUILD: Check for functions upon which libmilter depends. Reported
86
PORTABILITY: Support for OS X from Bob Halley.
89
Fix bug #SF2916729: Fix crash when reporting on multiple signatures,
90
one of which was invalid in some way leaving its DKIM_SIGINFO
91
only partially populated. Problem noted by Ryan Burchfield.
92
Fix bug #SF2919365: A _SOCK_ADDR is just a (struct sockaddr)
93
which isn't big enough for IPv6 addresses. Use a
94
(struct sockaddr_storage) instead. Problem noted by
96
Fix initalization and processing of ODBX requests.
97
Fix DB get operations for Sleepycat versions prior to 2.0.0.
98
Set a flag when crypto initialization is done so that cleanup
99
occurs on shutdown. Problem noted by Deiva Shanmugam.
100
BUILD: Fix bug #SF2932392: Restore proper function of
101
"--without-milter". Reported by Mark Sidell.
104
Fix a disconnect in configuration regarding "On-KeyNotFound".
105
Fix a type mismatch in dkimf_db_open() with respect to Sleepycat
106
version 2 libraries, and a bug in dkimf_db_walk() with
107
respect to Sleepycat version 1 libraries.
108
Report _FFR_REPORT_INTERVALS in "-V" output.
109
LIBAR: Tidy up some compile-time warnings.
110
BUILD: Correct name of "bodylength_db" feature.
111
BUILD: Define VERIFY_DOMAINKEYS in build-config.h when
112
"--with-domainkeys" is enabled.
113
BUILD: Define USE_DB in build-config.h when "--with-db" is enabled.
116
Feature request #SF2873902: Overhaul the database backend code so that
117
features that use external files or databases can be in any
118
of several supported formats. This will make adding new
119
external data sources and formats simpler, and obviates the
120
need for a bunch of individual feature requests. This may
121
have a few backward compatibility issues with respect to
122
the configuration file. Feature requested by Daniel Black.
123
Feature request #SF2873900: Add optional support for OpenDBX for
124
connecting to ODBC and SQL backend databases. Requested
126
Add "On-PolicyError" setting, allowing continuation of processing
127
when an ADSP query fails.
128
Activate _FFR_MULTIPLE_SIGNATURES, allowing optional addition of
129
more than one signature per message passing through the
131
Add _FFR_RESIGN which allows binding of a signing handle to a
132
verifying handle so that only one body hash needs to be
133
run when a message will be re-signed as-is. Suggested
135
LIBOPENDKIM: Move VBR functions from libopendkim into their own
137
LIBOPENDKIM: Rename the rfc2822_*() parsing functions to have
138
"dkim_" prefixes, and rename their containing file
140
LIBOPENDKIM: Fixes in relaxed body canonicalization and chunk
141
processing. Problems noted by Masumi Taketomi Parekh
143
LIBOPENDKIM: New library flag DKIM_LIBFLAGS_BADSIGHANDLES which
144
asks the library to tolerate signature syntax errors and
145
make such signatures available for limited inspection
146
rather than completely ignoring them. Requested by Masumi
147
Taketomi Parekh of Yahoo!.
148
BUILD: Split up library assignments between libopendkim and opendkim,
149
taking advantage of libtool. Based on a patch by Daniel Black.
150
BUILD: When possible, limit the symbols exported as part of
151
libopendkim to only those listed in dkim.h.
152
BUILD: Generate opendkim.conf.5 man page containing all features,
153
including FFR, annotated with if they are included and their
154
experimental status (for FFRs).
155
BUILD: Improve static linking against openssl as noted by Roman
156
Gelfand. Compiles against openssl version 1.0.0-beta4 now.
157
BUILD: Provide pkg-config files {opendkim,vbr,ar}.pc for use by
159
BUILD: Fix up libresolv detection.
160
BUILD: Add pkg-config checks for openssl, tre and opendbx packages to
161
determine their installed library locations. Automate
162
versioning and deployment.
163
BUILD: Added m4 macro library directory with updated ax_pthread.m4.
164
BUILD: Moved feature, _FFR and library #defines from Makefiles to
165
build-config.h. Added macros for FFR and FEATURES.
166
BUILD: Add support for versions of libtre older than 0.8.0.
167
BUILD: Move all libopendkim tests into their own subdirectory.
170
Under _FFR_SENDER_MACRO, need to check the value of "SenderMacro"
171
in the configuration file. Noted by Daniel Black.
172
Feature request #SF2873901: Add _FFR_REDIRECT which optionally
173
redirects messages that fail verification to a specific
174
address, storing the original recipients in
175
X-Original-Recipient: header fields. Suggested by
177
LIBOPENDKIM: Have dkim_dns_set_callback() return
178
DKIM_STAT_NOTIMPLEMENT if the underlying resolver doesn't
179
have a callback facility. Suggested by Daniel Black.
180
LIBOPENDKIM: Move internal-only types and macros from dkim.h
181
to dkim-internal.h. Based on an idea from Daniel Black.
182
LIBOPENDKIM: Add in all previously optional functions so that the
183
API is invariant regardless of selected features. Add
184
dkim_libfeature() as a way to detect availability of features
185
at runtime. Suggested by Daniel Black.
186
LIBOPENDKIM: Some global namespace consolidation. Suggested by
188
BUILD: Fix bug #SF2882206, patch #SF2880986: Handle libtre
189
installations where "--enable-system-abi" was selected.
190
Reported by Stevan Bajic; patch from Daniel Black.
191
BUILD: Convert libar compilation to the libtool method.
192
Suggested by Daniel Black.
193
BUILD: Minor autoconf fixes, contributed by Daniel Black.
196
Plug a number of potential but minor memory and file handle leaks,
197
remove some dead code, guard against NULL dereferences, fix an
198
errant return code check, fix a double-free(), and several
199
other fixes found by a code analysis tool, used by courtesy
201
Change "x-dkim-adsp" to "dkim-adsp" in Authentication-Results header
202
field code now that RFC5617 is published.
203
Apply "On-DNSError" setting when policy queries fail.
204
BUILD: Some compilation fixes and type cleanup. Based on patches
205
provided by Daniel Black.
206
Add _FFR_SENDER_MACRO: Determine the message sender based on the
207
contents of a macro instead of on a header field.
208
Based on a patch from Ondrej Sury.
9
211
Feature request #SF2839110: Add _FFR_IDENTITY_HEADER, to set an
10
212
identity (i=) for signing based on the value found in a