			DKIM-MILTER RELEASE NOTES
      $Id: RELEASE_NOTES,v 1.66 2006/06/14 20:23:31 msk Exp $


This listing shows the versions of the dkim-milter package, the date of
release, and a summary of the changes in that release.

Bug and feature request (RFE) numbers that start with "SF" were logged
via Sourceforge (http://www.sourceforge.net) trackers.  Those not so labelled
were logged internally at Sendmail, Inc.


0.5.1		2006/06/14
	Add compile-time option _FFR_ANTICIPATE_SENDMAIL_MUNGE which attempts
		to replicate some header rewriting the sendmail MTA will
		do, which otherwise prevents signature validation from
		succeeding.
	Add support for "ietf-base-02" signing mode (which is really
		synonymous with "ietf-base-01").
	LIBDKIM: Report a syntax error when a signature header arrives with
		any required fields missing.

0.5.0		2006/05/19
	Fix an assertion failure under _FFR_SELECT_SIGN_HEADERS.  Reported
		by S. Moonesamy of Eland Systems.
	Under _FFR_REPORTINFO, only send reports when verification failed.
		There are other failure modes, but that's the only one for
		which reports are useful.  Problem noted by Michael
		Thomas of Cisco.
	RFC2822 doesn't require any recipient headers, so remove those checks
		inside _FFR_REQUIRED_HEADERS.
	Fix bug #SF1481303: Don't verify DomainKeys signatures while in
		signing mode.  Reported by S. Moonesamy of Eland Systems.
	Activate _FFR_MACRO_LIST (adds the "-M" command line option) and
		_FFR_EXTERNAL_IGNORE_LIST (adds the "-I" command line option).

0.4.1		2006/05/02
	Include the list of supported DKIM versions in the output of "-V".
	Feature request #SF1238442: Add _FFR_VERIFY_DOMAINKEYS which
		will verify DomainKey signatures, if present.  Requires
		libdk, which is available in the dk-milter package.
	Feature request #SF1453565: Add _FFR_SELECT_SIGN_HEADERS which permits
		specification of which headers to sign.
	Add _FFR_SET_DNS_CALLBACK which allows registration of a callback
		per-handle which is called periodically while waiting for
		DNS responses.
	LIBDKIM: Return an error if the signing function returned success but
		also reported a zero-length signature.  Reported by
		S. Moonesamy of Eland Systems.

0.4.0		2006/04/18
	Add preliminary support for IETF DKIM draft 01.  "rsa-sha256" support
		was already added, but this also adds support for the
		"bh" (body hash) tag in signatures.
	Add "-v" command line switch to select DKIM version to use when
		signing.
	Add "-x" command line switch to specify a configuration file to read
		and parse.
	LIBAR: Fixes regarding retransmissions.

0.3.2		2006/04/05
	Don't remove the wrong "b=" when canonicalizing the signature header
		during verification.  Problem noted by Michael Thomas
		of Cisco.
	Properly process empty values in parameter sets.  Problem noted by
		Michael Thomas of Cisco.

0.3.1		2006/03/19
	Report the size of the key on successful verifications in the
		Authentication-Results: header.
	Fix bug #SF1453591: Tolerate empty strings in dkim_process_set(),
		and just apply defaults.
	LIBDKIM: Add dkim_getkeysize(), dkim_getsignalg(), dkim_getsigntime().

0.3.0		2006/03/15
	Add preliminary support for "rsa-sha256" signatures.
	Rearrange command line arguments somewhat.
	Include the list of supported canonicalization and signing algorithms
		in the output when "-V" is specified.
	Fix an intermittent crash condition caused by an uninitialized
		variable.
	Add _FFR_LOG_SSL_ERRORS to log any queued SSL error messages
		before releasing a message from the filter.

0.2.3		2006/03/03
	Add a "testing" comment when the key or policy used to verify a
		message is marked with a test flag.
	Flush the base64 output stream before sending the reports under
		_FFR_REPORTINFO so that the reports don't contain truncated
		data.  Discovered by Tony Hansen of AT&T.
	Fixes in processing of signature headers that contained extraneous
		spaces.  Reported by Tony Hansen of AT&T.
	Fix bug #SF1442606: Clone the configuration string before parsing
		it so that "ps" doesn't show weird output.

0.2.2		2006/01/24
	Evaluate the key granularity honouring "*" as a wildcard.
	Add _FFR_SET_REPLY which requests a more useful SMTP reply code
		when instructing the MTA to temp-fail or reject messages.

0.2.1		2005/12/09
	Further fixes to dkim_getsighdr().  Problem reported by Sung-hoon
		Choi of Dreamwiz.
	Plug a few small but definite memory leaks.
	Fix bug #SF1373746: Repair a _FFR_SELECT_CANONICALIZATION build
		problem introduced in the previous release.  Reported by
		S. Moonesamy of Eland Systems.

0.2.0		2005/12/02
	Update for revised ESTG draft.  Mainly this involved changing
		the "nowsp" canonicalization to "relaxed", and allowing
		specification of different canonicalizations for header
		and body.
	Don't allow the header to end with "\n\t" in dkim_getsighdr().
		Problem reported by Sung-hoon Choi of Dreamwiz.
	Report "neutral" instead of "fail" for failed verifications
		when they key was marked as being in test mode.  Patch from
		Sung-hoon Choi of Dreamwiz.
	Allow "-d" to specify a file from which domain names should be read,
		and allow domain names to contain wildcards.
	Fix bug #SF1243980: An empty key granularity matches nobody.  Reported
		by Jim Fenton of Cisco.
	LIBAR: Fix bug #SF1282755: Fix a build issue introduced in the
		last release.  Reported by Fredrik Pettai.

0.1.1		2005/07/21
	Prevent a garbage pointer free() in dkim_free().  Reported by
		S. Moonesamy of Eland Systems.
	Fix bug #SF1241118: Don't add an Auth-Results header for messages
		which are unsigned and come from a domain that doesn't
		advertise a signs-all policy.  Reported by S. Moonesamy of
		Eland Systems.
	Report "neutral" instead of "fail" for domains advertising test
		mode in their policies.
	Feature request #SF1238617: Add a compile-time option to map
		smfi_insheader() to smfi_addheader() on machines with older
		MTA and libmilter versions.

0.1.0		2005/07/13
	Initial public open source release.
