1 DKIM-MILTER RELEASE NOTES 2 3 4This listing shows the versions of the dkim-milter package, the date of 5release, and a summary of the changes in that release. 6 7Bug and feature request (RFE) numbers that start with "SF" were logged 8via Sourceforge (http://www.sourceforge.net) trackers. Those not so labeled 9were logged internally at Sendmail, Inc. 10 11 122.8.3 2009/05/31 13 Close the configuration file after reading it, plugging a 14 descriptor leak. 15 Release memory associated with old configuration nodes (i.e. strings) 16 as well as the nodes themselves. 17 Connect the configuration handle to its allocated data so cleanup can 18 actually be thorough. 19 Fix an error message reported inside _FFR_REPLACE_RULES. 20 Plug a memory leak in mlfi_header() tripped when errors occur. 21 Since ADSP has not yet been registered by IANA, adjust its method 22 label in Authentication-Results accordingly. 23 Include selector, domain and other text if possible when logging 24 key retrieval failures. 25 Add _FFR_SENDER_HEADERS, allowing user control over which header 26 fields are used to make the sign/verify decision and 27 perform key selection. 28 LIBDKIM: Initialize canon_lastchar in dkim_add_canon(). 29 LIBDKIM: Clean up any compiled regular expressions in dkim_close(). 30 LIBDKIM: Fix some type-related compiler warnings. 31 322.8.2 2009/02/17 33 Request a signature with an "i=" tag if signing for subdomains and 34 a keylist entry matches. Previously this only occurred when 35 using an explicit domain list. Problem noted by 36 S. Moonesamy of Eland Systems. 37 Fixes in and around dkim_socket_cleanup(). Problem noted by 38 S. Moonesamy of Eland Systems. 39 LIBDKIM: When logging a d2i_PUBKEY_bio() or EVP_PKEY_get1_RSA() 40 failure, also log the selector and domain involved so manual 41 diagnostics are possible. 42 LIBDKIM/LIBAR: Feature request #SF2380508: Add new test for 43 WITHOUT_LIBSM which removes references to libsm's sm_strl*() 44 functions, so that libdkim and libar can stand on their own 45 on systems which provide the strl*() functions. Requested by 46 Frederik Pettai. 47 LIBDKIM: Report DKIM_STAT_NOSIG if the caller commands that all 48 signatures should be ignored. 49 LIBDKIM: Plug a memory leak caused when responding to a malloc() 50 failure. 51 LIBDKIM: New signature error code DKIM_SIGERROR_KEYDECODE, used if 52 d2i_PUBKEY_BIO() or EVP_PKEY_get1_RSA fails in 53 dkim_sig_process(). 54 LIBAR: Make reference to the "_res" structure more thread-safe. 55 BUILD: Make use of conf_dkim_filter_ENVDEF since site.config.m4.dist 56 refers to it. Problem noted by S. Moonesamy of Eland Systems. 57 582.8.1 2009/01/16 59 LIBDKIM: Fix bug #SF2508602: Add a translation string for 60 DKIM_SIGERROR_KEYREVOKED and fix dkim_eom_verify() so it 61 returns DKIM_STAT_REVOKED when appropriate. Problem noted 62 by Mike Markley of Bank of America. 63 642.8.0 2009/01/08 65 Add configuration option "EnableCoredumps" which makes an explicit 66 kernel request for cores on crashes. Currently only meaningful 67 on Linux. 68 Add configuration option "AuthServID" which sets the "authserv-id" 69 token to use when generating Authentication-Results header 70 fields. 71 Report "fail" instead of "hardfail" on authentication failures, 72 in compliance with the Authentication-Results: draft. 73 Add _FFR_REPORT_INTERVALS, experimental support for the "ri" tag 74 extension to DKIM policy and key records for specifying 75 reporting intervals. 76 Feature request #SF1985886: Add _FFR_MULTIPLE_SIGNATURES, allowing 77 one instance of the filter to add multiple signatures. 78 Suggested by Dave Crocker. 79 Add "TemporaryDirectory" configuration file option for requesting that 80 libdkim use an alternate directory for creating temporary 81 files, and "KeepTemporaryFiles" for requesting that libdkim 82 not delete those files for debugging purposes. 83 Add optional support for the "unbound" asynchronous resolver 84 library as it is DNSSEC-aware. Adds four new configuration 85 file items: "BogusKey", "BogusPolicy", "InsecureKey" and 86 "InsecurePolicy". Also add dkim_sig_getdnssec() 87 and dkim_policy_getdnssec() to libdkim so callers can tell 88 what the DNSSEC evaluation result was for each query. 89 Based on a patch from John Dickinson. 90 Add "BaseDirectory" configuration file option for specifying 91 the desired current directory of the process. 92 Make use of the key and policy "rs" tag, if present, when doing 93 SMTP rejections. 94 Use MTA macro "$j" as the hostname in generated reports instead of 95 the output of gethostname() since on some systems the latter 96 may not be fully-qualified. 97 Remove ANTICIPATE_SENDMAIL_MUNGE, replacing it with a runtime check 98 for the milter v2 feature which suppresses the addition of 99 spaces in headers. 100 Add _FFR_COMMAIZE which attempts to predict the reformatting 101 the MTA will do to certain header fields to reduce verification 102 failures. 103 Add _FFR_DKIM_REPUTATION enabling a function used to query 104 an open DKIM reputation service regarding the signing user 105 and signing domain. The service's URL is 106 http://www.dkim-reputation.org. (EXPERIMENTAL) 107 Fix preloading of configuration defaults. 108 Fix bug #SF2236040: Quote all of the POSIX regular expression special 109 characters, not just some of them. Reported by Mark Martinec. 110 When possible, log the selector and domain of the signature evaluated 111 along with any errors in the libcrypto stack. 112 LIBDKIM: Add "smtpbuf", "smtplen" and "interval" parameters to 113 dkim_sig_getreportinfo() and dkim_policy_getreportinfo(). 114 Also, remove the assertion that "addr" be non-NULL. 115 LIBDKIM: Add DKIM_LIBFLAGS_ACCEPTDK which enables compatibility 116 with DomainKeys-formatted key records. 117 LIBDKIM: Adjust signature formatting for legibility. 118 LIBDKIM: Check return status from dkim_canon_getfinal() to avoid 119 bad dereferences. Problem noted by Chris Behrens of 120 Concentric Network Corporation. 121 LIBDKIM: Render the DKIM handle unusable in dkim_eoh_sign() if a 122 required header was absent. 123 Activate _FFR_REQUIRED_HEADERS. 124 1252.7.2 2008/09/02 126 Avoid memory leaks and infinite loops when releasing thread-specific 127 memory. Reported by Jeff Earickson. 128 1292.7.1 2008/08/27 130 Set up required callbacks for OpenSSL thread-safety. Problem 131 noted by Zbigniew Szalbot. 132 Disallow empty "t=" and "x=" tags. 133 Return DKIM_STAT_KEYFAIL for various DNS key retrieval failures 134 instead of DKIM_STAT_INTERNAL. 135 1362.7.0 2008/07/23 137 Update to draft-ietf-dkim-ssp-04. In doing so, rename "ASPDiscard" 138 to "ADSPDiscard", "ASPNoSuchDomain" to "ADSPNoSuchDomain" 139 and "SendASPReports" to "SendADSPReports" in the configuration 140 file. 141 Feature request #29738: Add "TrustSignaturesFrom" configuration 142 file item allowing fine-grained control over third-party 143 signature handling. 144 Feature request #SF2018848: Add "LocalADSP" feature allowing 145 policy assertions from domains known to have specific policies 146 but which don't publish ADSP records. Suggested by 147 Bruno Kraychete da Costa. 148 LIBDKIM: Fix an off-by-one overrun check in key and policy record 149 decoding. Problem noted by John Dickinson. 150 1512.6.0 2008/06/11 152 Remove "signaturemissing" as an old-style configuration action 153 as it has been superseded by "ASPDiscard" and related 154 functions. 155 Add "SendASPReports" configuration option which generates ASP failure 156 reports if requested by the sending domain. 157 Update report generation for verification failures to use the 158 new Abuse Reporting Format (ARF) and DKIM Reporting 159 draft proposals. 160 Add "MustBeSigned" configuration option, requiring signatures to 161 cover specific headers if present. 162 Rename "UseASPDiscard" to "ASPDiscard". 163 Add "ASPNoSuchDomain" configuration option which rejects mail that 164 appears to come from nonexistent domains as reported by the 165 Author Signing Practises check. 166 Add "ReportAddress" configuration option, used for defining the 167 From: header of reports mailed out. 168 Yet another compatibility fix with respect to Sleepycat DB. 169 Fix processing of "LogWhy" configuration parameter. Problem noted 170 by Erik Lotspeich. 171 Add "-n" command line flag which parses the command line arguments 172 and configuration file(s), then exits with an appropriate 173 status code. 174 Report DKIM and ASP results separately via the same 175 Authentication-Results header field. Previous versions would 176 alter the DKIM result based on ASP. 177 Fix bug #SF1976931: Restore function of "nosignature" old-style 178 action configuration, connected to "AlwaysAddARHeader". 179 Problem noted by Lucas Brasilino. 180 Feature request #SF1940233: Add "DontSignMailTo" configuration option, 181 allowing a list of recipient patterns whose mail should not 182 be signed. Requested by Don Hughes. 183 LIBDKIM: Rename dkim_reportinfo() to dkim_sig_getreportinfo(), 184 and add dkim_policy_getreportinfo(). 185 LIBDKIM: Add several more signature error codes covering various 186 key-related errors. 187 LIBDKIM: Add dkim_sig_hdrsigned() utility, DKIM_OPTS_MUSTBESIGNED 188 option, and DKIM_SIGERROR_MBSFAILED error code. 189 LIBDKIM: Fix a bug in the computation of the result for 190 dkim_canon_minbody(). 191 LIBDKIM: Report corrupted base64 chunks instead of quietly 192 tolerating them. 193 LIBDKIM: Tidy up the cleanup code in dkim-canon.c. 194 LIBDKIM: Properly handle "tag=" at the end of a data set (i.e. 195 the tag exists and has an empty value). 196 LIBDKIM: Use larger unsigned data types in dkim_sig_future() as 197 was done elsewhere. 198 LIBDKIM: Always populate a DKIM_SIGINFO with domain and selector 199 before there's an opportunity for other parsing 200 short-circuits. 201 LIBDKIM: Fix bug #SF1984685: Remove the "margin" parameter from 202 dkim_getsighdr(); make it controlled by a new function, 203 dkim_set_margin(), so that the signed copy and the 204 user-requested copy are identical. 205 Activate _FFR_AUTHSERV_JOBID. 206 2072.5.5 2008/04/25 208 Fix bug #SF1947301: Close up a logic problem in "UseASPDiscard" 209 handling which could cause false rejections of mail from 210 domains advertising "discardable" policies. Problem noted 211 by Doug Kingston. 212 LIBDKIM: Another compatibility fix with respect to Sleepycat DB. 213 2142.5.4 2008/04/17 215 Skip signatures with errors in dkimf_authorsigok(). 216 Avoid a NULL dereference in dkimf_config_reload() when starting 217 without a configuration file. 218 Fix an alignment problem in dkimf_checkip(). Problem reported 219 by Jeff A. Earickson. 220 LIBDKIM: Fix bug #SF1942387: Per RFC4871, disallow "l=" values 221 that exceed the size of the canonicalized message body. 222 2232.5.3 2008/04/14 224 Add "AllowSHA1Only" configuration option which permits operation 225 of verifiers that only know about SHA1. Without this, a 226 filter compiled with only SHA1 support will refuse to start 227 in verifier mode. 228 Add "LogWhy" configuration parameter and "-W" command line flag 229 to request detailed logging about why a message was not 230 signed by the filter. Intended for debugging; not intended 231 for normal operation. 232 Another tweak to parameters passed to db->open(). Based on patches 233 from Jukka Salmi and S. Moonesamy. 234 Fixes in ares_parse() to match the current syntax. In particular, 235 deal with the fact that some of our tokens can legally appear 236 in e-mail addresses. Problem noted by S. Moonesamy of 237 Eland Systems. 238 LIBDKIM: Evaluate key granularity against the "i=" value rather than 239 the value of the From: header per RFC4871. Problem noted by 240 Jason Long. 241 LIBDKIM: Remove the chartable stuff from dkim-tables.c as it is 242 not used anywhere. 243 LIBDKIM: Fix bug #SF1940302: Perform stronger validation of the value 244 of the "h=" tag. 245 2462.5.2 2008/03/28 247 Preserve the sender's domain name outside of mlfi_eoh() as it's 248 now needed in mlfi_eom(). Problem noted by Andy Fiddaman. 249 Fix bug #SF1921873: Pass "-K" command line switch into the new 250 configuration handling code. Problem noted by Al Smith. 251 TOOLS: Fix flags portion of the TXT record output by dkim-genkey. 252 Problem noted by Michael Carland. 253 BUILD: Fix bug #SF1922422: Fix linker problems when POPAUTH is 254 defined. 255 2562.5.1 2008/03/20 257 Update for draft-kucherawy-sender-auth-header-14. 258 Fix bug #SF1911328: Restore proper behaviour of SignHeaders and 259 OmitHeaders, broken in the prior release's configuration 260 overhaul. Problem reported by Jason Molzen. 261 Fix bug #SF1912332: Fix parameters passed to db->open(). Problem 262 reported by Tony Earnshaw. 263 Fix bug #SF1912569: Initialize mutexes before entering test mode. 264 Patch from Kaspar Brand. 265 LIBDKIM: Add "subject" to "should_signhdrs" per RFC4871 section 5.5. 266 LIBDKIM: More boundary checking fixes in dkim_canon_selecthdrs(). 267 Problem noted by Warren Horvath. 268 LIBDKIM: Fix bug #SF1820084: Return DKIM_STAT_MULTIDNSREPLY 269 if a DNS query returns multiple records. 270 2712.5.0 2008/03/06 272 Add "AutoRestartCount" and "AutoRestartRate" configuration 273 parameters to limit runaway restart loops. 274 Feature request #SF1735573: Add "AlwaysAddARHeader" option, which 275 will add an Authentication-Results of "none" for unsigned 276 messages from domains without a "strict" policy. 277 Feature request #SF1807748: Reload the configuration file on 278 receipt of SIGUSR1. Requested by Florian Sager. 279 Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a 280 "BodyLengthDBFile" feature, allowing a per-recipient decision 281 on whether or not to use an "l=" tag when signing. Patch 282 contributed by Daniel Black. 283 Feature request #SF1841955: Add an "Include" facility to the 284 configuration file. 285 Feature request #SF1876941: Make the syslog facility selectable. 286 Based on a patch from Jose-Marcio Martins da Cruz of Ecole 287 des Mines de Paris. 288 Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the 289 job ID to be included as part of the "authserv-id" in 290 Authentication-Results: headers. Based on a patch from 291 Jose-Marcio Martins da Cruz of Ecole des Mines de Paris. 292 Feature request #SF1890581: Attempt to clean up a UNIX domain 293 socket in the non-AutoRestart case as well. Requested 294 by Daniel Black. 295 Add "MilterDebug" configuration file option for requesting debugging 296 output from the filter. 297 Add "FixCRLF" configuration file option which activates the 298 DKIM_LIBFLAGS_FIXCRLF flag (see below). 299 Update to draft-ietf-dkim-ssp-03. In doing so, rename the 300 "UseSSPDeny" configuration option to "UseASPDiscard". 301 Handle an error from dkim_getsighdr() properly in mlfi_eom(). 302 When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh() 303 between dk_verify() and dk_eoh() or a segmentation fault below 304 dk_body() could result. 305 LIBDKIM: Feature request #SF1823059: Export key, signature and 306 policy syntax checking capability via the API. Based on 307 a patch from Chris Behrens of Concentric Network Corporation. 308 LIBDKIM: Assert defaults for "c" and "q" tags when parsing 309 signature headers. Patch from Chris Behrens of Concentric 310 Network Corporation. 311 LIBDKIM: Better handling of truncated DNS replies; instead of 312 just giving up if the "tc" (truncated) bit is set in the 313 reply, see if there was enough of a reply returned to be able 314 to complete the request. 315 LIBDKIM: Fix recycling bug in header canonicalizations which was 316 causing signatures other than the first one to fail in most 317 cases. 318 LIBDKIM: Add new dkim_chunk() interface. 319 LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there 320 were no valid signatures. 321 LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked" 322 CRs and LFs be converted to CRLFs during canonicalization 323 when signing. 324 LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs(). 325 LIBAR: Eliminate a possible race condition in ar_dispatcher(). 326 LIBAR: Timeouts passed to select() can't be bigger than 10^8. 327 Problem noted by S. Moonesamy of Eland Systems. 328 BUILD: Feature request #SF1876242: Install the filter in EBINDIR 329 and everything else in UBINDIR. 330 3312.4.4 2008/01/25 332 In mlfi_close(), don't assume the libmilter private context pointer 333 is not NULL. 334 Fail to start up if told to load a key list which resulted in no 335 keys being loaded. 336 When "AutoRestart" is in use, the parent will now wait for the 337 child to terminate before exiting. Thus, something that 338 signals the process ID in the pid file can also wait on that 339 process to be gone before being sure that the service has 340 actually shut down. 341 Include the job ID when logging about Authentication-Results: headers 342 that can't be parsed. Problem noted by S. Moonesamy. 343 LIBDKIM: In dkim_policy(), skip invalid signatures during evaluation 344 of step 1 of SSP as the signature handle may not have been 345 fully populated. 346 3472.4.3 2008/01/18 348 Request addition of an "i=" tag in the signature when signing for 349 subdomains. Patch from Alin Nastac. 350 TOOLS: Fix bug #SF1867259: "echo -n" is not portable. Problem 351 noted by Gary Mills. 352 TOOLS: Fix bug #SF1867869: Output of the "t=" value was incorrect 353 with respect to the "s" flag. Reported by Geoff Adams. 354 LIBAR: Further handling of the absence of "nameserver" lines in 355 resolv.conf, this time in the manual processing code. 356 LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c. 357 Patch from Geoff Adams. 358 LIBDKIM: Tighten up correctness of the first SSP test ("valid 359 originator signature") in dkim_policy(). Problem noted 360 by Alin Nastac. 361 LIBDKIM: DKIM_SIGINFO handles are now initialized with an error 362 code of DKIM_SIGERROR_UNKNOWN. The code only becomes 363 DKIM_SIGERROR_OK after the cryptographic verification 364 code returns a success result. 365 BUILD: Fix bug #SF1818906: Update site.config.m4 to include a flag 366 for installing libdkim when compiling static libraries, 367 and installing dkim.h in either case. Requested by 368 Chris Behrens of Concentric Network Corporation. 369 3702.4.2 2008/01/02 371 Remove "-H" from the usage message. It was meant to be a command 372 line interface to "AlwaysSignHeaders" but was never 373 implemented. Problem noted by Jeff Anton. 374 LIBDKIM: Make dkim_islwsp() into a macro to drastically reduce the 375 number of function calls made during canonicalization. 376 LIBDKIM: Fix bug #SF1857484: Fix logic problem in dkim_policy() with 377 the new pstate checks. Problem noted by Werner Wiethege; 378 patch from Chris Behrens of Concentric Network Corporation. 379 3802.4.1 2007/12/20 381 Update for latest Authentication-Results: header draft. 382 Avoid a NULL dereference in dkim_get_key(). Problem noted by Chris 383 Behrens of Concentric Network Corporation. 384 Fix bug #SF1842970: Make the overall header byte count check 385 configurable, and increase the default. Also, add 386 "On-Security" (configuration file) and "security" (command 387 line) options for controlling the default reaction to such 388 conditions. While we're at it, add an "On-Default" and 389 "default" option for making a global action setting. 390 Requested by Mark Martinec. 391 LIBAR: Fix bug #SF1852618: Handle default case of no "nameserver" 392 lines in /etc/resolv.conf. Problem noted by Mike Markley 393 of Bank of America. 394 LIBDKIM: Fix bug #SF1824876: Add "dkim_pstate" and make dkim_policy() 395 re-entrant. Requested by Chris Behrens of Concentric 396 Network Corporation. 397 LIBDKIM: Fix bug #SF1843733, SF1843782: Tighten up header name 398 matching in dkim_get_header() and dkim_get_sender(). Patches 399 from Chris Behrens of Concentric Network Corporation. 400 LIBDKIM: Fix bug #SF1843788: Fix an off-by-one length bug in 401 dkim_header(). Patch from Chris Behrens of Concentric 402 Network Corporation. 403 LIBDKIM: Fix bug #SF1850973: Remove MAXHDRCNT; make the arrays it 404 previously defined dynamic. Reported by Mike Markley of 405 Bank of America. 406 LIBDKIM: Feature request #SF1841974: Numerous performance enhancements 407 from Chris Behrens of Concentric Network Corporation. 408 4092.4.0 2007/11/30 410 Take advantage of some more features that were introduced with 411 milter v2 in sendmail 8.14.0: 412 o If all canonicalizations are satisfied in terms of 413 length limits, advise the MTA to stop sending the 414 message body to reduce unneeded I/O. 415 o Turn off as many unnecessary SMTP protocol steps as 416 possible. 417 o Fail option negotiation if any of the milter features 418 required are not available. 419 o If specific MTA macros are to be used for making the 420 sign vs. verify decision, explicitly request them. 421 Prevent corruption in Authentication-Results: headers caused 422 by signatures that have explicit "i=" values. 423 Report "hardfail" instead of "fail" on authentication failures, 424 in compliance with the Authentication-Results: draft. 425 Amend the "-M" command line option and "MacroList" configuration 426 options to allow a list of possible values for each 427 macro. 428 Add _FFR_SELECTOR_HEADER, adding the means to choose which selector 429 (and thus which key) is used to sign based on the value 430 found in a particular header. Requested by Steve Jones 431 of Bank of America. 432 Add dkimf_dstring*() (dynamic string) functions and clean up some 433 code by making use of it. 434 Skip all the userid and group changes when either "-u" or "UserID" 435 is in use if the requested user is the same as the 436 executing user. 437 Fix use of "UseSSPDeny" to include handling of unsigned messages. 438 Fix bug #SF1834701: Log a warning and temp-fail the message if 439 a key list is in use that didn't match the sender for a 440 message which should be signed. Problem noted by Jim 441 Hermann. 442 Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do 443 substring replacement before signing to anticipate things 444 like the MTA "masquerade" and "genericstable" functions. 445 Requires further development. 446 Replace "gentxt.csh" with more robust "dkim-genkey" utility. 447 Feature request #SF1811962: Add new utilities "dkim-testkey" which 448 verifies that a public key is readable and properly formatted 449 and matches the locally-provided private key, and 450 "dkim-testssp" which retrieves a domain's sender signing 451 practises record and prints it in a human-readable form. 452 Based on code contributed by Daniel Black. 453 Feature request #SF1817253: Add "UMask" configuration file option. 454 Suggested by Daniel Black. 455 Feature request #SF1818863: Add a section to site.config.m4.dist 456 to request a build of the shared object version of libdkim. 457 Requested by Chris Behrens of Concentric Network Corporation. 458 Feature request #SF1834748: Use a more meaningful SMTP reply when 459 rejecting a message at the SMTP level due to SSP. Suggested 460 by S. Moonesamy of Eland Systems. 461 LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer 462 count comes back zero, rather than DKIM_STAT_CANTVRFY. 463 Problem noted by Chris Behrens of Concentric Network 464 Corporation. 465 LIBDKIM: Plug a memory leak in dkim_get_key(). Problem noted by 466 Chris Behrens of Concentric Network Corporation. 467 LIBDKIM: Replace a dicey memcpy() call with memmove(). Problem 468 noted by Chris Behrens of Concentric Network Corporation. 469 LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback 470 return codes, and DKIM_STAT_CBERROR return code. Suggested 471 by Chris Behrens of Concentric Network Corporation. 472 LIBDKIM: Add dkim_minbody() to determine how much more body text 473 is required to satisfy canonicalizations. 474 LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for 475 translation of SSP handling and policy codes into printable 476 strings. 477 LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can 478 be used to detect that the timestamp on a signature and the 479 value of the Date: header wildly differ. Incomplete. 480 LIBDKIM: If a message comes in with no properly-formed sender headers, 481 dkim_eoh() now renders the DKIM handle unusable by later 482 data processing calls. 483 LIBDKIM: Fix arithmetic in dkim_sig_expired(). 484 LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return 485 from rfc2822_mailbox_split() (was previously only checking 486 for an error code or NULL domain). Problem noted by Chris 487 Behrens of Concentric Network Corporation. 488 LIBDKIM: Fix bug #SF1819489: Fix signature header name check in 489 dkim_header(). Patch from Chris Behrens of Concentric 490 Network Corporation. 491 LIBDKIM: Fix bug #SF1819559: Fix key granularity processing. 492 LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys. 493 LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up to 64 bits 494 since RFC4871 requires at least 40. 495 LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag. 496 LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated 497 list of values to parse. 498 LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable 499 so do appropriate decoding. 500 LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must 501 contain at least CRLF. 502 LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly 503 malformed signature headers. Problem noted by Chris Behrens 504 of Concentric Network Corporation. 505 LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code 506 to use the draft-ietf-dkim-ssp-01 algorithm. Problem noted 507 by Chris Behrens of Concentric Network Corporation. 508 LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle 509 error returns from the subordinate lookup functions. Problem 510 noted by Chris Behrens of Concentric Network Corporation. 511 LIBDKIM: Fix bug #SF1822331: Use consistent return codes in 512 dkim_get_policy_dns(). Problem noted by Chris Behrens of 513 Concentric Network Corporation. 514 LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize 515 during verification, disregard spaces between the header name 516 and the colon (":") character. Problem noted by James 517 Sargent of AOL. 518 LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing 519 key and policy flags. Problems noted by Marc Martinec. 520 LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor 521 function for dkim_domain. Requested by Chris Behrens of 522 Concentric Network Corporation. 523 Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and 524 _FFR_SELECT_SIGN_HEADERS. 525 5262.3.2 2007/10/19 527 Fix bug #25896: Fix a bug in parsing of "RemoveARFrom". 528 LIBDKIM: Fix a bug in the key reuse block of dkim_get_key() which 529 assumed that a domain and selector match guaranteed a copied 530 key and key tag list. 531 LIBDKIM: Fix bug #SF1812687: Fix handling check in dkim_get_policy(). 532 Patch from Daniel Black. 533 5342.3.1 2007/10/12 535 Fix header loss problem in test mode. 536 Fix bug #SF1808886: Handle missing or empty test inputs more 537 gracefully. Based on a patch from Kaspar Brand. 538 Fix bug #SF1808881: Check various integer conversions for 539 negative, overflow or inappropriate values. Suggested 540 by Kaspar Brand. 541 Feature request #SF1809239: Restore performance of test mode on 542 large messages. Requested by Kaspar Brand. 543 Patch #SF1811132: Include <stdlib.h> in test.c for malloc() 544 prototype. Patch from Daniel Black. 545 BUILD: Patch #SF1810712: Correct default location for the Tre 546 regular expression library. Suggested by Daniel Black. 547 5482.3.0 2007/10/06 549 Add "UseSSPDeny" configuration option which causes the filter 550 to reject messages which are determined to be suspicious 551 according to the new draft-ietf-dkim-ssp-01, and whose 552 sending domains advertise a recommended handling of "deny", 553 and whose SSP records are not in "test" mode. 554 Add "MaximumSignedBytes" configuration option limiting the number 555 of bytes of the message body to be signed. 556 Add "-t" command line option for reading an RFC2822-formatted 557 message from a named file and attempting to evaluate it, 558 "-F" command line option for using a fixed signing 559 time, and "-v" command line option for requesting verbose 560 output. Finally, new configuration option "StrictTestMode" 561 asserts that all lines of input must be CRLF-terminated. 562 Based on patches from Kaspar Brand. 563 Add "TestPublicKeys" setting for instructing libdkim to read public 564 keys from a file, for use during automated testing. 565 Based on a patch from Jeff Barry. 566 When using _FFR_QUERY_CACHE, periodically report cache activity 567 statistics. 568 Don't arbitrarily suppress signing of already-signed messages. 569 Fix bug #25728: When "AutoRestart" is in use, try to remove the 570 socket (if it's a UNIX domain socket) prior to trying to 571 start the child. 572 LIBDKIM: Add dkim_getmode() function. 573 LIBDKIM: Fixes to policy evaluation in dkim_policy(). Based on a 574 patch from Jeff Barry. 575 LIBDKIM: Patch #SF1796687: Add DKIM_LIBFLAGS_ACCEPTV05 which causes 576 the library to accept signatures with version strings of 577 "0.5", i.e. those based on later versions of the DKIM draft 578 specification. This does not change any other part of 579 signature validation or canonicalization, only the version 580 string test. Suggested by Jim Fenton of Cisco. 581 LIBDKIM: When closing canonicalizations, flush the temporary files 582 rather than closing them so that things like dkim_reportinfo() 583 return useful descriptors. Close the temporary files in 584 dkim_canon_free() only. Problem noted by Jeff Barry. 585 LIBDKIM: Fix variable argument processing by merging dkim_error() 586 and dkim_verror(). The previous code was causing 587 segmentation faults on selected operating systems. 588 Activate the following FFRs: 589 _FFR_KEY_REUSE 590 _FFR_SET_REPLY 591 5922.2.1 2007/09/07 593 Insert VBR headers at the top rather than appending them to be 594 sensitive to legacy DomainKeys operations. Patch from 595 S. Moonesamy of Eland Systems. 596 Discontinue use of MAXHOSTNAMELEN as the maximum size of a hostname 597 since some vendors set it to 64 (maximum size of a DNS label) 598 and some to 256 (maximum size of an FQDN). Instead, define 599 and use DKIM_MAXHOSTNAMELEN (256). Problem noted by 600 Jeff Barry. 601 LIBDKIM: Rename and update the default_signhdrs and default_skiphdrs 602 arrays to match what's in RFC4871 section 5.5 SHOULD and 603 SHOULD NOT lists. 604 LIBDKIM: Apply DKIM_OPTS_SKIPHDRS only when signing. 605 LIBDKIM: Add missing entries to prv_results, and add a 606 dkim_getresultstr() function for translating DKIM_STAT 607 result codes. Patch from Kaspar Brand. 608 Fix bug #SF1785624: Resolve build problem introduced in previous 609 version when NETINET6 is in use. Reported by Andrew Benham. 610 Fix bug #SF1786033: Resolve build problem introduced in previous 611 version affecting later versions of Solaris. Reported by 612 Andy Fiddaman. 613 Fix bug #SF1787473: Initialize the default "-i" list properly (given 614 changes made in the previous version) so that mail from 615 localhost still gets signed. Reported by Graham Murray. 616 6172.2.0 2007/08/30 618 Change format of the peerfile, internal and external host lists, etc. 619 to allow exclusion entries. See the man page for additional 620 details. 621 Amend "-u" to include the ability to name a group into which the 622 filter process should be placed. 623 Feature request #SF1783155: Make keylist pattern matching 624 case-insensitive. 625 LIBDKIM: Handle CNAMEs properly when using the standard resolver. 626 Problem noted by Jim Fenton of Cisco. 627 LIBDKIM: Fix bug #SF1782076: Adjust signature header wrapping logic 628 so that a "b=" against the margin gets wrapped consistently 629 when signing and verifying. Reported by Kaspar Brand. 630 6312.1.2 2007/08/22 632 LIBDKIM: At the end of dkim_eoh_verify(), don't overwrite any existing 633 descriptive error text before returning on verification 634 errors. Problem noted by Andy Fiddaman. 635 LIBDKIM: Remove redundant assertion of length limits in 636 dkim_canon_bodychunk(). The code in dkim_canon_write() has it 637 correct, so use that instead. Problem noted by Mark Martinec. 638 LIBDKIM: Fix bug #SF1777332: Fix "relaxed" body canonicalization. 639 Some code from the older implementation was still present 640 conflicting with the newer code. Reported by Andrey Chernov. 641 6422.1.1 2007/08/13 643 Fix bug #SF1743896 (reopened): Don't crash if a From: header with no 644 domain is found. Patch from Andy Fiddaman. 645 LIBDKIM: Fix type mismatches regarding restricted lengths. Problems 646 noted by Jukka Salmi. 647 LIBDKIM: Fix bug #SF1771520: Return an error from dkim_policy() if 648 the sender's domain name could not be determined. Patch from 649 Andy Fiddaman. 650 6512.1.0 2007/08/10 652 Update to new (draft version 06) Authentication-Results: header format. 653 Do an SSP query for any message that didn't either succeed verification 654 or cause some kind of internal error, not just those that 655 failed to verify. 656 Tighten up the logic used when checking header space allocation. 657 LIBDKIM: Heavy cleanup of dkim_eoh() and dkim_eom() via patches from 658 Chris Behrens of Concentric Network Corporation. 659 LIBDKIM: Add more fine-grained state control enforcing the order in 660 which the message processing functions are called. There was 661 previously a hole which would allow, for example, more headers 662 to be submitted after a call to dkim_eoh() if a prescreen 663 callback returned a "tryagain" result. 664 LIBDKIM: Add dkim_sig_getidentity(). 665 LIBDKIM: Fix bug #SF1769270: Use the default query type to retrieve 666 signing policy for unsigned messages. 667 LIBDKIM: Fix bug #SF1769445: Return the correct policy result from 668 dkim_get_policy_dns() rather than always returning an empty 669 string. Patch by Andy Fiddaman. 670 LIBDKIM: Amend dkim_sig_getcanonlen() to include a parameter which 671 receives the signature length limit, if any. 672 LIBDKIM: Restore proper value to dkim_bodylen. Problem noted by 673 Jukka Salmi. 674 LIBDKIM: Don't inexplicably clear sig_signalg. Problem noted by 675 Jukka Salmi. 676 Feature request #SF1761475: Add "ClockDrift" configuration option 677 for tolerating out-of-synch clocks. Suggested by Kaspar Brand. 678 Feature request #SF1761481: Add "SyslogSuccess" configuration option 679 for logging successful operations rather than just errors 680 or other informational messages. Suggested by Kaspar Brand. 681 Feature request #SF1769888: Amend dkim_policy() to be able to return 682 the policy type retrieved from the sending domain. Also 683 add dkim_getpresult() and associated other code to get 684 additional policy evaluation information. Requested 685 by Andy Fiddaman. 686 6872.0.2 2007/08/03 688 Fix bug #SF1766313: Make configuration handling 64-bit friendly. 689 Other 64-bit portability issues also addressed. Problems 690 noted by Chris Box. 691 Add _FFR_DNS_UPGRADE which establishes a second libar instance 692 in TCP mode for handling truncated UDP replies. Also make 693 some minor fixes in the key and policy DNS lookup functions 694 to provide more consistent handling of such responses. 695 Problems noted by Kaspar Brand; code is still experimental. 696 6972.0.1 2007/08/02 698 Fix bug #SF1760481: Make header space allocations fully dynamic rather 699 that establishing compile-time per-header limits. There 700 is still an overall cap, however. Suggested by Ralf 701 Hildebrandt. 702 LIBDKIM: Fixes inside _FFR_KEY_REUSE. 703 7042.0.0 2007/07/27 705 Remove all support for versions older than RFC4871. Older 706 statistics databases will not be incompatible with the 707 new code since version information is no longer included 708 in the record format. 709 Add "Resent-Sender" and "Resent-From" to the list of headers 710 checked to determine whether or not the message should 711 be signed or verified. 712 Report an authentication result of "permerror" when the message 713 can't be verified for syntax or other non-crypto reasons. 714 New configuration file item "RemoveARFrom" allows specification 715 of hostnames/domains whose existing Authentication-Results: 716 headers should be removed. Also add "RemoveARAll" which 717 allows selection of whether all such headers should be removed 718 or only those containing a DKIM result. 719 New configuration file item "RemoveOldSignatures" deletes existing 720 signatures when signing. 721 Fix bug #SF1743896: Don't crash if a From: header with no domain 722 is found. Patch from Andy Fiddaman. 723 Fix bug #SF1743964: Remove the pid file on shutdown or startup 724 failure. Patch from Mike Markley. 725 LIBAR: Plug descriptor and memory leaks in ar_shutdown(). 726 LIBDKIM: Rework _FFR_VBR code to prepare it for extraction into 727 an independent library. 728 LIBDKIM: The key and policy lookup callbacks must now return 729 a DKIM_CBSTAT constant so that they can have their 730 corresponding libdkim functions return DKIM_STAT_CBTRYAGAIN 731 if desired. Suggested by Chris Behrens of Concentric 732 Network Corporation. 733 LIBDKIM: Add _FFR_DIFFHEADERS which adds dkim_diffheaders() to enable 734 the caller to search for headers that may have been munged 735 in transit thus causing a verification failure. 736 LIBDKIM: Feature request #SF1473131: Overhaul data structures, 737 functions and documentation to allow fine-grained handling 738 of messages bearing multiple signatures. This included the 739 following changes: 740 o Extend draft-ietf-dkim-ssp-00 support to cover 741 multiply-signed messags. 742 o Introduce DKIM_SIGERROR type/constants for associating 743 an error code with each individual signature. 744 o New libary flag DKIM_LIBFLAG_DELAYSIGPROC delays all 745 signature processing until dkim_eom(). 746 o New libary flag DKIM_LIBFLAG_EOHCHECK causes dkim_eoh() 747 to return an error if it was unable to find any 748 valid signatures when verifying. 749 o Add new DKIM_CANON data type, referring to a 750 parallel canonicalization required for signature 751 generation or verification. 752 o New function dkim_getsiglist() retrieves an array of 753 DKIM_SIGINFO handles referring to all of the 754 signatures discovered on a message. 755 o New function dkim_getsignature() retrieves a single 756 DKIM_SIGINFO handle which is the one libdkim will 757 use to return its final result. 758 o New function dkim_sig_getflags() to retrieve flags 759 attached to a signature handle after processing. 760 o New function dkim_sig_geterror() to retrieve the error 761 code associated with a signature handle after 762 processing. 763 o New function dkim_sig_getbh() to retrieve the body 764 hash test result on a signature after processing. 765 o New function dkim_set_final() sets a user-provided 766 callback called by dkim_eom() to do any final 767 processing the caller may desire. 768 o New function dkim_sig_process() manually executes 769 verification of a signature, for use from within the 770 prescreen or final callbacks. 771 o Rename dkim_getcanonlen() to dkim_sig_getcanonlen(), 772 dkim_getsigntime() to dkim_sig_getsigntime(), 773 dkim_getselector() to dkim_sig_getselector(), 774 dkim_getsigndomain() to dkim_sig_getdomain(), 775 dkim_getsignalg() to dkim_sig_getsignalg() and 776 dkim_getkeysize() to dkim_sig_getkeysize() 777 as they now act on a specific signature rather than 778 on an entire message. 779 o The user-provided key and policy lookup functions must 780 now accept a DKIM_SIGINFO handle as an additional 781 parameter. 782 o dkim_reportinfo() and dkim_ohdrs() now also require a 783 DKIM_SIGINFO handle as an additional parameter. 784 LIBDKIM: Fix signal logic in dkim_cache_read_unlock(). Patch from 785 Chris Behrens of Concentric Network Corporation. 786 LIBDKIM: Add _FFR_KEY_REUSE which avoids doing duplicate key 787 lookups if the same key is used on two signatures in the 788 same message. Suggested by Chris Behrens of Concentric 789 Network Corporation. 790 LIBDKIM: Changed prototype for dkim_policy() to reflect the new code. 791 Remove _FFR_FLUSH_HEADERS. The functionality it provided is now 792 accessed via the new configuration options described above. 793 Activate _FFR_HASH_BUFFERING. 794 BUILD: More unit tests. 795 7961.2.0 2007/06/26 797 Update sender signing policy (SSP) code to match the new 798 draft-ietf-dkim-ssp-00 specification syntax. In doing 799 so, remove _FFR_ALLMAN_SSP_02. 800 If "-u" is specified, call initgroups() and setgid() as well. 801 Reported by Mike Markley; based on a patch from S. Moonesamy 802 of Eland Systems. 803 Fix bug #SF1738354: Add "L" data to CMDLINEOPTS. Reported by 804 Andrey Chernov. 805 8061.1.0 2007/06/15 807 Add a new option to "-L" and "Minimum" allowing a specific maximum 808 number of bytes of appended, unsigned text. Suggested by 809 Philip Guenther. 810 Documentation and build patches from Gregory Shapiro, and 811 documentation patches from Steve Jones of Bank of America. 812 Under _FFR_VBR, if dkim_vbr_query() returns an error, report the 813 error and then don't add the header. Reported by 814 S. Moonesamy of Eland Systems. 815 Fix bug #24586: Allow "-?" just to get the usage message; also 816 hint at such if the filter is invoked with no arguments. 817 LIBDKIM: Define DKIM_STAT_CBTRYAGAIN and DKIM_CBSTAT_TRYAGAIN. 818 BUILD: More unit tests. 819 8201.0.0 2007/05/23 821 First release after DKIM issued as a standard (RFC4871). 822 Remove the "-v" command line option and "Version" configuration file 823 item, which permitted selection of the signing version. 824 Remove "nowsp" canonicalization option. 825 LIBDKIM: Define DKIM_VERSION_RFC4871 and make it the default signing 826 version. 827 LIBDKIM: Remove DKIM_CANON_NOWSP and DKIM_VERSION_ALLMAN_BASE_00 which 828 defined it. Gradually, support for old versions will be 829 phased out. 830 8310.8.1 2007/05/22 832 Portability fixes for Solaris. 833 LIBDKIM: Define DKIM_CBSTAT_* constants which are to be used as 834 return values from callbacks. Also define new status 835 values DKIM_STAT_CBREJECT and DKIM_STAT_CBINVALID 836 indicating results from callbacks back to the calling 837 applications. Suggested by James Sargent of AOL. 838 LIBDKIM: Slightly nicer wrapping of "b=", "bh=" and "z=" in 839 dkim_getsighdr(). 840 LIBDKIM: Define callbacks with respect to the DKIM library 841 handle rather than each signing/verifying instance. 842 Suggested by James Sargent of AOL. 843 BUILD: Reference libssl and libcrypto in dkim-filter/Makefile.m4 844 rather than in the template site.config.m4 file since 845 it's always required anyway. 846 BUILD: Fix man page entry in dkim-filter/Makefile.m4. 847 8480.8.0 2007/05/17 849 Add a dkim-stats(8) man page. Contributed by Mike Markley. 850 Add "SignatureTTL", "Diagnostics" and "AlwaysSignHeaders" options to 851 the configuration file and man page. 852 Add _FFR_ZTAGS for optionally saving diagonstic information when a 853 signature fails if the signature contained a "z=" tag. 854 Still more minor fixes in _FFR_STATS related to DB versions. 855 Feature request #SF1473129: Split configuration file details 856 into their own man page. 857 LIBDKIM: Still more minor fixes in _FFR_QUERY_CACHE related to DB 858 versions. Reported by Ben Lentz. 859 LIBDKIM: Remove dkim_getidentity(), as the function it provides 860 isn't part of DKIM. Instead, provide that functionality 861 in dkim-filter. 862 LIBDKIM: Add a new option DKIM_OPTS_ALWAYSHDRS which allows 863 specification of a list of header names which should always 864 be included in signature header lists whether or not 865 the headers were actually present, preventing them from 866 being added downstream before verification. 867 LIBDKIM: Add a new option DKIM_OPTS_SIGNATURETTL which allows 868 the caller to assert a time-to-live on signatures generated. 869 This causes the "x=" tag to appear in signatures. 870 LIBDKIM: Add a new library flag DKIM_LIBFLAGS_ZTAGS which causes 871 signatures generated to include the original header set 872 encoded for transport so the verifier can use it to 873 diagnose verification failures. This causes the "z=" tag to 874 appear in signatures. 875 LIBDKIM: Add dkim_ohdrs() which extracts the sender's set of headers 876 if a "z=" tag was present in the signature. This can then 877 be used by the caller to diagnose verification failures 878 for signatures which contain them. 879 LIBDKIM: Add the first large (and yet not the smallest) change to 880 support multiple signatures. There's now a method via 881 a few callbacks to give the caller access to the 882 signatures discovered by the end-of-headers callback. 883 The caller can analyze the signatures, reorder them, 884 or flag some to be ignored. After reordering, the library 885 still simply runs with the first that appears to be 886 syntactically valid; actual processing of multiple 887 signatures after the re-ordering will be in an upcoming 888 release. 889 LIBDKIM: _FFR_QUERY_CACHE now only covers DNS key lookups, not all 890 key lookups. 891 LIBDKIM: Move the method-specific policy lookup functions into 892 their own new files, dkim-policy.c and dkim-policy.h. 893 LIBDKIM: Slightly nicer wrapping of "h=" in dkim_getsighdr(). 894 LIBDKIM: Add dkim_set_signer() for specifying the message's 895 signer for signature generation. 896 BUILD: More unit tests. 897 Activate the following FFRs: 898 _FFR_QUARANTINE 899 _FFR_REPORTINFO 900 9010.7.1 2007/05/09 902 More minor fixes in _FFR_STATS related to DB versions. Based on 903 a patch by Graham Murray. 904 LIBDKIM: More minor fixes in _FFR_QUERY_CACHE related to DB versions. 905 LIBDKIM: Use read-write locks instead of a mutex in _FFR_QUERY_CACHE 906 when appropriate. 907 LIBDKIM: When using _FFR_QUERY_CACHE with recent enough versions of 908 the DB library, tell the library to use the same temporary 909 directory as libdkim is using. 910 BUILD: Fix bug #SF1715265: Correct a typo which caused libdkim to 911 fail to build against the asynchronous resolver library. 912 Reported by Andy Fiddaman. 913 9140.7.0 2007/05/03 915 Several more fixes in _FFR_STATS related to DB versions. 916 LIBDKIM: Add support for optional callbacks to do key and policy 917 lookups using an API provided by the caller rather than using 918 DNS directly. New functions dkim_set_key_lookup() and 919 dkim_set_policy_lookup() set these callbacks. Also add 920 dkim_getdomain() and dkim_getselector() utility functions so 921 those callbacks can extract the data required to make the 922 queries. Note that these will probably change slightly when 923 support for multiple signatures is finally added. Suggested 924 by James Sargent of AOL. 925 LIBDKIM: Fix bug #SF1708756: Set dkim_partial earlier during signing 926 so that the "l=" portion is included in the canonicalized 927 signature header. Reported by Andrey Chernov. 928 LIBDKIM: Algorithm and initialization fixes in policy retrieval found 929 by the new unit tests. 930 LIBDKIM: Several more fixes in _FFR_QUERY_CACHE related to DB 931 versions. 932 LIBDKIM: Fix bug #SF1706248: Rewrite dkim_getidentity() so it returns 933 a more sane value for the sender in all cases. Another 934 utility function will be added later for obtaining the 935 signer's identity. Reported by Andrey Chernov. 936 BUILD: Overhaul the build scripts so that all the user editing is 937 done in devtools/Site/site.config.m4 rather than in each 938 individual directory's Makefile.m4. Include a template for 939 this purpose. 940 BUILD: Begin a collection of automated unit tests. 941 Activate the following FFRs: 942 _FFR_LOG_SSL_ERRORS 943 _FFR_MULTIPLE_KEYS 944 _FFR_OMIT_HEADERS 945 _FFR_QUERY_FILE 946 _FFR_SET_DNS_CALLBACK (Feature request #SF1473171) 947 9480.6.6 2007/04/25 949 Update _FFR_SELECT_CANONICALIZATION for split canonicalization 950 methods. 951 Add _FFR_STATS, creating an optional database for storing pass/fail 952 statistics per domain over time, and a command-line tool 953 for querying the database contents. Requires Sleepycat DB. 954 LIBDKIM: Patch #SF1705155: Fixes in "relaxed" header canonicalization 955 code. Problem noted by Ben Lentz. 956 LIBDKIM: Add _FFR_HASH_BUFFERING, experimental code that adds a layer 957 of buffering in front of dkim_canonwrite() so the SHA hashing 958 functions are called less often. 959 LIBDKIM: Only call dkim_flush_blanks() when it will actually do 960 something. 961 LIBDKIM: Fix bug #SF1706530: Call EVP_cleanup() in dkim_close(). 962 Suggested by Andy Fiddaman. 963 LIBDKIM: Inside _FFR_QUERY_CACHE, fix cursor operations when compiled 964 against very old versions of Sleepycat DB. 965 LIBDKIM: When opening the database with _FFR_QUERY_CACHE, make sure 966 the library is allowed to create the database. 967 9680.6.5 2007/04/20 969 Further fixes in POPAUTH code for backward-compatibility with 970 older versions of Sleepycat DB. 971 Memory corruption fixes inside _FFR_MULTIPLE_KEYS. Reported 972 by S. Moonesamy of Eland Systems. 973 Re-implement _FFR_OMIT_HEADERS using the new libdkim option 974 (see below). 975 Return DKIM_STAT_SYNTAX from dkim_eoh() if an empty "d", "s" or "b" 976 tag is discovered on a signature. 977 Export most internal header lists so callers can use them. 978 Fix bug #SF1702708: Don't start in signing mode without at least 979 one key and selector specified. Reported by Andrey Chernov. 980 Feature request #SF1675359: Add _FFR_QUERY_CACHE, allowing optional 981 caching on-disk of key and policy records retrieved via DNS 982 to reduce the number of round trips to the nameserver. 983 Requires Sleepycat DB. Requested by Jim Popovitch. 984 Portability fixes for Solaris. 985 LIBDKIM: Enforce mandatory headers in dkim_eoh(). 986 LIBDKIM: Add dkim_close() for library shutdown. 987 LIBDKIM: Add option DKIM_OPTS_SKIPHDRS to skip headers that should 988 not be signed or verified. 989 LIBDKIM: Initialize dkiml_fixedtime. 990 9910.6.4 2007/04/16 992 Further fixes in POPAUTH code. Based on patches from John Merriam. 993 Modify the output of "-V" further so it also includes active code 994 options (as opposed to just FFRs). 995 When linked against libdk, get additional forensic data from 996 dk_geterror() whenever possible. 997 Changes to _FFR_MULTIPLE_KEYS: Add a domain field in the file, 998 and try a couple of filename extensions before giving up 999 when reading private keys. 1000 Add more calls to dkim_error() for additional diagnostic information 1001 around the DNS queries. 1002 Fix bug #SF1700333: Remove the dkim_sig_signerok() check as it 1003 actually detects (and rejects) third-party signatures. 1004 The code is still there, just disabled, in case we want 1005 to use it after SSP addresses that question. Reported 1006 by James Sargent of AOL. 1007 Add _FFR_CAPTURE_UNKNOWN_ERRORS which quarantines jobs that 1008 cause unexpected results from dkim_eom() to allow more 1009 detailed analysis. 1010 LIBAR: Fix bug #SF1537476: Update to support IPv6 nameservers. 1011 10120.6.3 2007/04/06 1013 Avoid deadlock errors in the POPAUTH code by protecting that code 1014 with a mutex as well. Also, "l_end" should be "l_len". 1015 Problems noted by John Merriam. 1016 Fix bug #SF1693248: Add support for sendmail 8.14.x and its 1017 "preserve leading spaces" option. Based on a patch from 1018 Andy Fiddaman. 1019 Fix bug #SF1693249: If dkim_eoh() returns DKIM_STAT_NOSIG and then 1020 the caller calls dkim_eom() to get policy (which the 1021 documentation says is acceptable), assertion failures were 1022 tripped because the SHA hash(es) weren't initialized 1023 and dkim_domain wasn't set. Reported by Andy Fiddaman. 1024 LIBDKIM: Add _FFR_QUERY_FILE for getting keys and policies from 1025 a flat text file rather than DNS for offline or automated 1026 testing. Based on a patch from Jeff Barry. 1027 LIBDKIM: New option DKIM_OPTS_FIXEDTIME to use a specific time 1028 when generating signatures, to be used for offline or 1029 automated testing. Based on a patch from Jeff Barry. 1030 LIBDKIM: Fix bug #SF1691659: Fix a type mismatch so that RSA_sign() 1031 returns reasonable results on 64-bit platforms. Reported 1032 by Andy Fiddaman. 1033 LIBAR: Fix bug #SF1694130: Block signals that should be caught and 1034 handled elsewhere, such as in libmilter. Patch by Andy 1035 Fiddaman. 1036 10370.6.2 2007/03/30 1038 Don't start if you're in signing mode and no selector was chosen 1039 on the command line or in the configuration file. 1040 Don't start if the version of OpenSSL used to compile libdkim 1041 is not the same as the one used to compile the filter. 1042 Print the version of OpenSSL in use when "-V" is used on the command 1043 line. 1044 Add _FFR_VBR, enabling optional support for the Vouch By Reference 1045 domain reputation proposal. 1046 Add "BodyLengths" configuration file option which adds the "l=" 1047 parameter when signing messages so re-mailers (e.g. MLMs) 1048 which append text to the message won't interfere with 1049 successful verification. 1050 Fix bug #SF1689101: Fix a minor error in argv processing when 1051 _FFR_OMIT_HEADERS was in use. 1052 LIBDKIM: Change DKIM_SIGN_DEFAULT to point to "rsa-sha256" if 1053 it's available. 1054 LIBDKIM: Add dkim_ssl_version(). 1055 LIBDKIM: Fix bug #SF1681632: Fix a bug in header selection when 1056 signing. Messages verified just fine, but some headers 1057 could accidentally be omitted during signing. From a patch 1058 for bug #SF1541490 for dk-milter, reported by Mark Martinec; 1059 essentially the same bug existed in libdkim. 1060 10610.6.1 2007/03/07 1062 Load the -C values from the configuration file if -C wasn't present 1063 on the command line. Previously, they were ignored. 1064 Fix bug #SF1477211: Add an appropriate Authentication-Results: 1065 header when a signature uses a hash which the matching 1066 key does not authorize. 1067 Feature request #SF1497802: Add _FFR_QUARANTINE, allowing optional 1068 quarantining of messages which fail verification or policy 1069 checks. 1070 Feature request #SF1605766: To reduce spurious logging, don't set 1071 mctx_status to DKIMF_STATUS_NOSIGNATURE unless the signature 1072 was missing on a message from a domain that claims it signs 1073 everything. 1074 LIBDKIM: Fix a verification version auto-detection bug that was 1075 causing some false negatives. 1076 LIBDKIM: Fix bug #SF1672787: Fix an additional corruption bug in 1077 dkim_getsighdr(). 1078 LIBDKIM: Select the correct signature to replay into canonicalization, 1079 rather than always using the first one. Problem noted by 1080 James Sargent of AOL. 1081 10820.6.0 2007/03/01 1083 Bring up to currency with "ietf-base-10" which is probably the 1084 version that the IETF will issue as an RFC. This includes: 1085 - signature "q=" option delimiter is now "/", and the default 1086 value is now "dns/txt" 1087 - if both "t=" and "x=" are present in a signature, make 1088 sure the former is less than the latter 1089 - disregard signatures that appear to have been generated in 1090 the future 1091 - support for draft and final versions of "v=" tags in both 1092 keys and signatures 1093 Activate _FFR_VERIFY_DOMAINKEYS. 1094 Complete support for DKIM_QUERY_FILE for use in debugging and testing. 1095 Fix a number of minor bugs in signature header generation which 1096 could cause corruption and thus validation and/or syntax 1097 errors. 1098 Fix bug #SF1507535: Fix an FFR-related build issue. Reported by 1099 Frederik Pettai. 1100 Patch #SF1505401: Add _FFR_OMIT_HEADERS, copied from dk-milter. 1101 This will probably be replaced later by an extension to 1102 dkim_options(). Patch provided by Ben Lentz. 1103 LIBDKIM: Fix bug #SF1512860: Before returning DKIM_STAT_NOSIG from 1104 dkim_eom(), try to retrieve the sending domain's policy. 1105 LIBDKIM: Fix bug #SF1608314: Fix processing of config file items 1106 "Userid" and "Mode". Patch from John Villalovos. 1107 LIBDKIM: Add dkim_geterror() to retrieve additional diagnostic 1108 data from the API when a function call returns 1109 DKIM_STAT_INTERNAL or something else whose cause isn't 1110 readily apparent. 1111 LIBDKIM: Remove an extraneous pointer type in the parameter list 1112 for dkim_sign(). Reported by Jeff Barry. 1113 11140.5.2 2006/09/18 1115 Fix bug #SF1537905: If necessary, try again to get the job ID in 1116 mlfi_eom() in case it came down later than expected (e.g. 1117 postfix). Suggested by Mark Martinec. 1118 Fix a couple of minor build problems. 1119 Fix bug #SF1559406: Change MAXHEADER to 4096. 1120 LIBDKIM: Fix bug #SF1544301: Fix an issue with processing a message 1121 which has trailing spaces on its last line. Reported by 1122 Mark Martinec. 1123 LIBDKIM: Fix bug #SF1558014: Confirm the body hash in the signature 1124 matches the actual body hash when verifying. Reported by 1125 Mark Martinec. 1126 LIBDKIM: Add preliminary support for the draft-allman-dkim-ssp-02 1127 specification as _FFR_ALLMAN_SSP_02. 1128 LIBAR: Adapt to the post-bind4 resolver API. Problem reported by 1129 S. Moonesamy of Eland Systems. 1130 11310.5.1 2006/06/14 1132 Add compile-time option _FFR_ANTICIPATE_SENDMAIL_MUNGE which attempts 1133 to replicate some header rewriting the sendmail MTA will 1134 do, which otherwise prevents signature validation from 1135 succeeding. Problem noted by Ken Jones. 1136 Add support for "ietf-base-02" signing mode (which is really 1137 synonymous with "ietf-base-01"). 1138 LIBDKIM: Report a syntax error when a signature header arrives with 1139 any required fields missing. 1140 11410.5.0 2006/05/19 1142 Fix an assertion failure under _FFR_SELECT_SIGN_HEADERS. Reported 1143 by S. Moonesamy of Eland Systems. 1144 Under _FFR_REPORTINFO, only send reports when verification failed. 1145 There are other failure modes, but that's the only one for 1146 which reports are useful. Problem noted by Michael 1147 Thomas of Cisco. 1148 RFC2822 doesn't require any recipient headers, so remove those checks 1149 inside _FFR_REQUIRED_HEADERS. 1150 Fix bug #SF1481303: Don't verify DomainKeys signatures while in 1151 signing mode. Reported by S. Moonesamy of Eland Systems. 1152 Activate _FFR_MACRO_LIST (adds the "-M" command line option) and 1153 _FFR_EXTERNAL_IGNORE_LIST (adds the "-I" command line option). 1154 11550.4.1 2006/05/02 1156 Include the list of supported DKIM versions in the output of "-V". 1157 Feature request #SF1238442: Add _FFR_VERIFY_DOMAINKEYS which 1158 will verify DomainKey signatures, if present. Requires 1159 libdk, which is available in the dk-milter package. 1160 Feature request #SF1453565: Add _FFR_SELECT_SIGN_HEADERS which permits 1161 specification of which headers to sign. 1162 Add _FFR_SET_DNS_CALLBACK which allows registration of a callback 1163 per-handle which is called periodically while waiting for 1164 DNS responses. 1165 LIBDKIM: Return an error if the signing function returned success but 1166 also reported a zero-length signature. Reported by 1167 S. Moonesamy of Eland Systems. 1168 11690.4.0 2006/04/18 1170 Add preliminary support for IETF DKIM draft 01. "rsa-sha256" support 1171 was already added, but this also adds support for the 1172 "bh" (body hash) tag in signatures. 1173 Add "-v" command line switch to select DKIM version to use when 1174 signing. 1175 Add "-x" command line switch to specify a configuration file to read 1176 and parse. 1177 LIBAR: Fixes regarding retransmissions. 1178 11790.3.2 2006/04/05 1180 Don't remove the wrong "b=" when canonicalizing the signature header 1181 during verification. Problem noted by Michael Thomas 1182 of Cisco. 1183 Properly process empty values in parameter sets. Problem noted by 1184 Michael Thomas of Cisco. 1185 11860.3.1 2006/03/19 1187 Report the size of the key on successful verifications in the 1188 Authentication-Results: header. 1189 Fix bug #SF1453591: Tolerate empty strings in dkim_process_set(), 1190 and just apply defaults. 1191 LIBDKIM: Add dkim_getkeysize(), dkim_getsignalg(), dkim_getsigntime(). 1192 11930.3.0 2006/03/15 1194 Add preliminary support for "rsa-sha256" signatures. 1195 Rearrange command line arguments somewhat. 1196 Include the list of supported canonicalization and signing algorithms 1197 in the output when "-V" is specified. 1198 Fix an intermittent crash condition caused by an uninitialized 1199 variable. 1200 Add _FFR_LOG_SSL_ERRORS to log any queued SSL error messages 1201 before releasing a message from the filter. 1202 12030.2.3 2006/03/03 1204 Add a "testing" comment when the key or policy used to verify a 1205 message is marked with a test flag. 1206 Flush the base64 output stream before sending the reports under 1207 _FFR_REPORTINFO so that the reports don't contain truncated 1208 data. Discovered by Tony Hansen of AT&T. 1209 Fixes in processing of signature headers that contained extraneous 1210 spaces. Reported by Tony Hansen of AT&T. 1211 Fix bug #SF1442606: Clone the configuration string before parsing 1212 it so that "ps" doesn't show weird output. 1213 12140.2.2 2006/01/24 1215 Evaluate the key granularity honouring "*" as a wildcard. 1216 Add _FFR_SET_REPLY which requests a more useful SMTP reply code 1217 when instructing the MTA to temp-fail or reject messages. 1218 12190.2.1 2005/12/09 1220 Further fixes to dkim_getsighdr(). Problem reported by Sung-hoon 1221 Choi of Dreamwiz. 1222 Plug a few small but definite memory leaks. 1223 Fix bug #SF1373746: Repair a _FFR_SELECT_CANONICALIZATION build 1224 problem introduced in the previous release. Reported by 1225 S. Moonesamy of Eland Systems. 1226 12270.2.0 2005/12/02 1228 Update for revised ESTG draft. Mainly this involved changing 1229 the "nowsp" canonicalization to "relaxed", and allowing 1230 specification of different canonicalizations for header 1231 and body. 1232 Don't allow the header to end with "\n\t" in dkim_getsighdr(). 1233 Problem reported by Sung-hoon Choi of Dreamwiz. 1234 Report "neutral" instead of "fail" for failed verifications 1235 when they key was marked as being in test mode. Patch from 1236 Sung-hoon Choi of Dreamwiz. 1237 Allow "-d" to specify a file from which domain names should be read, 1238 and allow domain names to contain wildcards. 1239 Fix bug #SF1243980: An empty key granularity matches nobody. Reported 1240 by Jim Fenton of Cisco. 1241 LIBAR: Fix bug #SF1282755: Fix a build issue introduced in the 1242 last release. Reported by Fredrik Pettai. 1243 12440.1.1 2005/07/21 1245 Prevent a garbage pointer free() in dkim_free(). Reported by 1246 S. Moonesamy of Eland Systems. 1247 Fix bug #SF1241118: Don't add an Authentication-Results: header for 1248 messages which are unsigned and come from a domain that 1249 doesn't advertise a signs-all policy. Reported by 1250 S. Moonesamy of Eland Systems. 1251 Report "neutral" instead of "fail" for domains advertising test 1252 mode in their policies. 1253 Feature request #SF1238617: Add a compile-time option to map 1254 smfi_insheader() to smfi_addheader() on machines with older 1255 MTA and libmilter versions. 1256 12570.1.0 2005/07/13 1258 Initial open source release. 1259