			DKIM-MILTER RELEASE NOTES
      $Id: RELEASE_NOTES,v 1.198 2007/05/23 18:14:56 msk Exp $


This listing shows the versions of the dkim-milter package, the date of
release, and a summary of the changes in that release.

Bug and feature request (RFE) numbers that start with "SF" were logged
via Sourceforge (http://www.sourceforge.net) trackers.  Those not so labelled
were logged internally at Sendmail, Inc.


1.0.0		2007/05/23
	First release after DKIM issued as a standard (RFC4871).
	Remove "-v" command line option, which permitted selection of
		the signing version.
	Remove "nowsp" canonicalization option.
	LIBDKIM: Define DKIM_VERSION_RFC4871 and make it the default signing
		version.
	LIBDKIM: Remove DKIM_CANON_NOWSP and DKIM_VERSION_ALLMAN_BASE_00 which
		defined it.  Gradually, support for old versions will be
		phased out.

0.8.1		2007/05/22
	Portability fixes for Solaris.
	LIBDKIM: Define DKIM_CBSTAT_* constants which are to be used as
		return values from callbacks.  Also define new status
		values DKIM_STAT_CBREJECT and DKIM_STAT_CBINVALID
		indicating results from callbacks back to the calling
		applications.  Suggested by James Sargent of AOL.
	LIBDKIM: Slightly nicer wrapping of "b=", "bh=" and "z=" in
		dkim_getsighdr().
	LIBDKIM: Define callbacks with respect to the DKIM library
		handle rather than each signing/verifying instance.
		Suggested by James Sargent of AOL.
	BUILD: Reference libssl and libcrypto in dkim-filter/Makefile.m4
		rather than in the template site.config.m4 file since
		it's always required anyway.
	BUILD: Fix man page entry in dkim-filter/Makefile.m4.

0.8.0		2007/05/17
	Add a dkim-stats(8) man page.  Contributed by Mike Markley.
	Add "SignatureTTL", "Diagnostics" and "AlwaysSignHeaders" options to
		the configuration file and man page.
	Add _FFR_ZTAGS for optionally saving diagonstic information when a
		signature fails if the signature contained a "z=" tag.
	Still more minor fixes in _FFR_STATS related to DB versions.
	Feature request #SF1473129: Split configuration file details
		into their own man page.
	LIBDKIM: Still more minor fixes in _FFR_QUERY_CACHE related to DB
		versions.  Reported by Ben Lentz.
	LIBDKIM: Remove dkim_getidentity(), as the function it provides
		isn't part of DKIM.  Instead, provide that functionality
		in dkim-filter.
	LIBDKIM: Add a new option DKIM_OPTS_ALWAYSHDRS which allows
		specification of a list of header names which should always
		be included in signature header lists whether or not
		the headers were actually present, preventing them from
		being added downstream before verification.
	LIBDKIM: Add a new option DKIM_OPTS_SIGNATURETTL which allows
		the caller to assert a time-to-live on signatures generated.
		This causes the "x=" tag to appear in signatures.
	LIBDKIM: Add a new library flag DKIM_LIBFLAGS_ZTAGS which causes
		signatures generated to include the original header set
		encoded for transport so the verifier can use it to
		diagnose verification failures.  This causes the "z=" tag to
		appear in signatures.
	LIBDKIM: Add dkim_ohdrs() which extracts the sender's set of headers
		if a "z=" tag was present in the signature.  This can then
		be used by the caller to diagnose verification failures
		for signatures which contain them.
	LIBDKIM: Add the first large (and yet not the smallest) change to
		support multiple signatures.  There's now a method via
		a few callbacks to give the caller access to the
		signatures discovered by the end-of-headers callback.
		The caller can analyze the signatures, reorder them,
		or flag some to be ignored.  After reordering, the library
		still simply runs with the first that appears to be
		syntactically valid; actual processing of multiple
		signatures after the re-ordering will be in an upcoming
		release.
	LIBDKIM: _FFR_QUERY_CACHE now only covers DNS key lookups, not all
		key lookups.
	LIBDKIM: Move the method-specific policy lookup functions into
		their own new files, dkim-policy.c and dkim-policy.h.
	LIBDKIM: Slightly nicer wrapping of "h=" in dkim_getsighdr().
	LIBDKIM: Add dkim_set_signer() for specifying the message's
		signer for signature generation.
	BUILD: More unit tests.
	Activate the following FFRs:
		_FFR_QUARANTINE
		_FFR_REPORTINFO

0.7.1		2007/05/09
	More minor fixes in _FFR_STATS related to DB versions.  Based on
		a patch by Graham Murray.
	LIBDKIM: More minor fixes in _FFR_QUERY_CACHE related to DB versions.
	LIBDKIM: Use read-write locks instead of a mutex in _FFR_QUERY_CACHE
		when appropriate.
	LIBDKIM: When using _FFR_QUERY_CACHE with recent enough versions of
		the DB library, tell the library to use the same temporary
		directory as libdkim is using.
	BUILD: Fix bug #SF1715265: Correct a typo which caused libdkim to
		fail to build against the asynchronous resolver library.
		Reported by Andy Fiddaman.

0.7.0		2007/05/03
	Several more fixes in _FFR_STATS related to DB versions.
	LIBDKIM: Add support for optional callbacks to do key and policy
		lookups using an API provided by the caller rather than using
		DNS directly.  New functions dkim_set_key_lookup() and
		dkim_set_policy_lookup() set these callbacks.  Also add
		dkim_getdomain() and dkim_getselector() utility functions so
		those callbacks can extract the data required to make the
		queries.  Note that these will probably change slightly when
		support for multiple signatures is finally added.  Suggested
		by James Sargent of AOL.
	LIBDKIM: Fix bug #SF1708756: Set dkim_partial earlier during signing
		so that the "l=" portion is included in the canonicalized
		signature header.  Reported by Andrey Chernov.
	LIBDKIM: Algorithm and initialization fixes in policy retrieval found
		by the new unit tests.
	LIBDKIM: Several more fixes in _FFR_QUERY_CACHE related to DB
		versions.
	LIBDKIM: Fix bug #SF1706248: Rewrite dkim_getidentity() so it returns
		a more sane value for the sender in all cases.  Another
		utility function will be added later for obtaining the
		signer's identity.  Reported by Andrey Chernov.
	BUILD: Overhaul the build scripts so that all the user editing is
		done in devtools/Site/site.config.m4 rather than in each
		individual directory's Makefile.m4.  Include a template for
		this purpose.
	BUILD: Begin a collection of automated unit tests.
	Activate the following FFRs:
		_FFR_LOG_SSL_ERRORS
		_FFR_MULTIPLE_KEYS
		_FFR_OMIT_HEADERS
		_FFR_QUERY_FILE
		_FFR_SET_DNS_CALLBACK (Feature request #SF1473171)

0.6.6		2007/04/25
	Update _FFR_SELECT_CANONICALIZATION for split canonicalization
		methods.
	Add _FFR_STATS, creating an optional database for storing pass/fail
		statistics per domain over time, and a command-line tool
		for querying the database contents.  Requires Sleepycat DB.
	LIBDKIM: Patch #SF1705155: Fixes in "relaxed" header canonicalization
		code.  Problem noted by Ben Lentz.
	LIBDKIM: Add _FFR_HASH_BUFFERING, experimental code that adds a layer
		of buffering in front of dkim_canonwrite() so the SHA hashing
		functions are called less often.
	LIBDKIM: Only call dkim_flush_blanks() when it will actually do
		something.
	LIBDKIM: Fix bug #SF1706530: Call EVP_cleanup() in dkim_close().
		Suggested by Andy Fiddaman.
	LIBDKIM: Inside _FFR_QUERY_CACHE, fix cursor operations when compiled
		against very old versions of Berkeley DB.
	LIBDKIM: When opening the database with _FFR_QUERY_CACHE, make sure
		the library is allowed to create the database.

0.6.5		2007/04/20
	Further fixes in POPAUTH code for backward-compatibility with
		older versions of Sleepycat DB.
	Memory corruption fixes inside _FFR_MULTIPLE_KEYS.  Reported
		by S. Moonesamy of Eland Systems.
	Re-implement _FFR_OMIT_HEADERS using the new libdkim option
		(see below).
	Return DKIM_STAT_SYNTAX from dkim_eoh() if an empty "d", "s" or "b"
		tag is discovered on a signature.
	Export most internal header lists so callers can use them.
	Fix bug #SF1702708: Don't start in signing mode without at least
		one key and selector specified.  Reported by Andrey Chernov.
	Feature request #SF1675359: Add _FFR_QUERY_CACHE, allowing optional
		caching on-disk of key and policy records retrieved via DNS
		to reduce the number of round trips to the nameserver.
		Requires Sleepycat DB.  Requested by Jim Popovitch.
	Portability fixes for Solaris.
	LIBDKIM: Enforce mandatory headers in dkim_eoh().
	LIBDKIM: Add dkim_close() for library shutdown.
	LIBDKIM: Add option DKIM_OPTS_SKIPHDRS to skip headers that should
		not be signed or verified.
	LIBDKIM: Initialize dkiml_fixedtime.

0.6.4		2007/04/16
	Further fixes in POPAUTH code.  Based on patches from John Merriam.
	Modify the output of "-V" further so it also includes active code
		options (as opposed to just FFRs).
	When linked against libdk, get additional forensic data from
		dk_geterror() whenever possible.
	Changes to _FFR_MULTIPLE_KEYS: Add a domain field in the file,
		and try a couple of filename extensions before giving up
		when reading private keys.
	Add more calls to dkim_error() for additional diagnostic information
		around the DNS queries.
	Fix bug #SF1700333: Remove the dkim_sig_signerok() check as it
		actually detects (and rejects) third-party signatures.
		The code is still there, just disabled, in case we want
		to use it after SSP addresses that question.  Reported
		by James Sargent of AOL.
	Add _FFR_CAPTURE_UNKNOWN_ERRORS which quarantines jobs that
		cause unexpected results from dkim_eom() to allow more
		detailed analysis.
	LIBAR: Fix bug #SF1537476: Update to support IPv6 nameservers.

0.6.3		2007/04/06
	Avoid deadlock errors in the POPAUTH code by protecting that code
		with a mutex as well.  Also, "l_end" should be "l_len".
		Problems noted by John Merriam.
	Fix bug #SF1693248: Add support for sendmail 8.14.x and its
		"preserve leading spaces" option.  Based on a patch from
		Andy Fiddaman.
	Fix bug #SF1693249: If dkim_eoh() returns DKIM_STAT_NOSIG and then
		the caller calls dkim_eom() to get policy (which the
		documentation says is acceptable), assertion failures were
		tripped because the SHA hash(es) weren't initialized
		and dkim_domain wasn't set.  Reported by Andy Fiddaman.
	LIBDKIM: Add _FFR_QUERY_FILE for getting keys and policies from
		a flat text file rather than DNS for offline or automated
		testing.  Based on a patch from Jeff Barry.
	LIBDKIM: New option DKIM_OPTS_FIXEDTIME to use a specific time
		when generating signatures, to be used for offline or
		automated testing.  Based on a patch from Jeff Barry.
	LIBDKIM: Fix bug #SF1691659: Fix a type mismatch so that RSA_sign()
		returns reasonable results on 64-bit platforms.  Reported
		by Andy Fiddaman.
	LIBAR: Fix bug #SF1694130: Block signals that should be caught and
		handled elsewhere, such as in libmilter.  Patch by Andy
		Fiddaman.

0.6.2		2007/03/30
	Don't start if you're in signing mode and no selector was chosen
		on the command line or in the configuration file.
	Don't start if the version of OpenSSL used to compile libdkim
		is not the same as the one used to compile the filter.
	Print the version of OpenSSL in use when "-V" is used on the command
		line.
	Add _FFR_VBR, enabling optional support for the Vouch By Reference
		domain reputation proposal.
	Add "BodyLengths" configuration file option which adds the "l="
		parameter when signing messages so re-mailers (e.g. MLMs)
		which append text to the message won't interfere with
		successful verification.
	Fix bug #SF1689101: Fix a minor error in argv processing when
		_FFR_OMIT_HEADERS was in use.
	LIBDKIM: Change DKIM_SIGN_DEFAULT to point to "rsa-sha256" if
		it's available.
	LIBDKIM: Add dkim_ssl_version().
	LIBDKIM: Fix bug #SF1681632: Fix a bug in header selection when
		signing.  Messages verified just fine, but some headers
		could accidentally be omitted during signing.  From a patch
		for bug #SF1541490 for dk-milter, reported by Mark Martinec;
		essentially the same bug existed in libdkim.

0.6.1		2007/03/07
	Load the -C values from the configuration file if -C wasn't present
		on the command line.  Previously, they were ignored.
	Fix bug #SF1477211: Add an appropriate Authentication-Results:
		header when a signature uses a hash which the matching
		key does not authorize.
	Feature request #SF1497802: Add _FFR_QUARANTINE, allowing optional
		quarantining of messages which fail verification or policy
		checks.
	Feature request #SF1605766: To reduce spurious logging, don't set
		mctx_status to DKIMF_STATUS_NOSIGNATURE unless the signature
		was missing on a message from a domain that claims it signs
		everything.
	LIBDKIM: Fix a verification version auto-detection bug that was
		causing some false negatives.
	LIBDKIM: Fix bug #SF1672787: Fix an additional corruption bug in
		dkim_getsighdr().
	LIBDKIM: Select the correct signature to replay into canonicalization,
		rather than always using the first one.  Problem noted by
		James Sargent of AOL.

0.6.0		2007/03/01
	Bring up to currency with "ietf-base-10" which is probably the
		version that the IETF will issue as an RFC.  This includes:
		- signature "q=" option delimiter is now "/", and the default
		  value is now "dns/txt"
		- if both "t=" and "x=" are present in a signature, make
		  sure the former is less than the latter
		- disregard signatures that appear to have been generated in
		  the future
		- support for draft and final versions of "v=" tags in both
		  keys and signatures
	Activate _FFR_VERIFY_DOMAINKEYS.
	Complete support for DKIM_QUERY_FILE for use in debugging and testing.
	Fix a number of minor bugs in signature header generation which
		could cause corruption and thus validation and/or syntax
		errors.
	Fix bug #SF1507535: Fix an FFR-related build issue.  Reported by
		Frederik Pettai.
	Patch #SF1505401: Add _FFR_OMIT_HEADERS, copied from dk-milter.
		This will probably be replaced later by an extension to
		dkim_options().  Patch provided by Ben Lentz.
	LIBDKIM: Fix bug #SF1512860: Before returning DKIM_STAT_NOSIG from
		dkim_eom(), try to retrieve the sending domain's policy.
	LIBDKIM: Fix bug #SF1608314: Fix processing of config file items
		"Userid" and "Mode".  Patch from John Villalovos.
	LIBDKIM: Add dkim_geterror() to retrieve additional diagnostic
		data from the API when a function call returns
		DKIM_STAT_INTERNAL or something else whose cause isn't
		readily apparent.
	LIBDKIM: Remove an extraneous pointer type in the parameter list
		for dkim_sign().  Reported by Jeff Barry.

0.5.2		2006/09/18
	Fix bug #SF1537905: If necessary, try again to get the job ID in
		mlfi_eom() in case it came down later than expected (e.g.
		postfix).  Suggested by Mark Martinec.
	Fix a couple of minor build problems.
	Fix bug #SF1559406: Change MAXHEADER to 4096.
	LIBDKIM: Fix bug #SF1544301: Fix an issue with processing a message
		which has trailing spaces on its last line.  Reported by
		Mark Martinec.
	LIBDKIM: Fix bug #SF1558014: Confirm the body hash in the signature
		matches the actual body hash when verifying.  Reported by
		Mark Martinec.
	LIBDKIM: Add preliminary support for the draft-allman-dkim-ssp-02
		specification as _FFR_ALLMAN_SSP_02.
	LIBAR: Adapt to the post-bind4 resolver API.  Problem reported by
		S. Moonesamy of Eland Systems.

0.5.1		2006/06/14
	Add compile-time option _FFR_ANTICIPATE_SENDMAIL_MUNGE which attempts
		to replicate some header rewriting the sendmail MTA will
		do, which otherwise prevents signature validation from
		succeeding.  Problem noted by Ken Jones.
	Add support for "ietf-base-02" signing mode (which is really
		synonymous with "ietf-base-01").
	LIBDKIM: Report a syntax error when a signature header arrives with
		any required fields missing.

0.5.0		2006/05/19
	Fix an assertion failure under _FFR_SELECT_SIGN_HEADERS.  Reported
		by S. Moonesamy of Eland Systems.
	Under _FFR_REPORTINFO, only send reports when verification failed.
		There are other failure modes, but that's the only one for
		which reports are useful.  Problem noted by Michael
		Thomas of Cisco.
	RFC2822 doesn't require any recipient headers, so remove those checks
		inside _FFR_REQUIRED_HEADERS.
	Fix bug #SF1481303: Don't verify DomainKeys signatures while in
		signing mode.  Reported by S. Moonesamy of Eland Systems.
	Activate _FFR_MACRO_LIST (adds the "-M" command line option) and
		_FFR_EXTERNAL_IGNORE_LIST (adds the "-I" command line option).

0.4.1		2006/05/02
	Include the list of supported DKIM versions in the output of "-V".
	Feature request #SF1238442: Add _FFR_VERIFY_DOMAINKEYS which
		will verify DomainKey signatures, if present.  Requires
		libdk, which is available in the dk-milter package.
	Feature request #SF1453565: Add _FFR_SELECT_SIGN_HEADERS which permits
		specification of which headers to sign.
	Add _FFR_SET_DNS_CALLBACK which allows registration of a callback
		per-handle which is called periodically while waiting for
		DNS responses.
	LIBDKIM: Return an error if the signing function returned success but
		also reported a zero-length signature.  Reported by
		S. Moonesamy of Eland Systems.

0.4.0		2006/04/18
	Add preliminary support for IETF DKIM draft 01.  "rsa-sha256" support
		was already added, but this also adds support for the
		"bh" (body hash) tag in signatures.
	Add "-v" command line switch to select DKIM version to use when
		signing.
	Add "-x" command line switch to specify a configuration file to read
		and parse.
	LIBAR: Fixes regarding retransmissions.

0.3.2		2006/04/05
	Don't remove the wrong "b=" when canonicalizing the signature header
		during verification.  Problem noted by Michael Thomas
		of Cisco.
	Properly process empty values in parameter sets.  Problem noted by
		Michael Thomas of Cisco.

0.3.1		2006/03/19
	Report the size of the key on successful verifications in the
		Authentication-Results: header.
	Fix bug #SF1453591: Tolerate empty strings in dkim_process_set(),
		and just apply defaults.
	LIBDKIM: Add dkim_getkeysize(), dkim_getsignalg(), dkim_getsigntime().

0.3.0		2006/03/15
	Add preliminary support for "rsa-sha256" signatures.
	Rearrange command line arguments somewhat.
	Include the list of supported canonicalization and signing algorithms
		in the output when "-V" is specified.
	Fix an intermittent crash condition caused by an uninitialized
		variable.
	Add _FFR_LOG_SSL_ERRORS to log any queued SSL error messages
		before releasing a message from the filter.

0.2.3		2006/03/03
	Add a "testing" comment when the key or policy used to verify a
		message is marked with a test flag.
	Flush the base64 output stream before sending the reports under
		_FFR_REPORTINFO so that the reports don't contain truncated
		data.  Discovered by Tony Hansen of AT&T.
	Fixes in processing of signature headers that contained extraneous
		spaces.  Reported by Tony Hansen of AT&T.
	Fix bug #SF1442606: Clone the configuration string before parsing
		it so that "ps" doesn't show weird output.

0.2.2		2006/01/24
	Evaluate the key granularity honouring "*" as a wildcard.
	Add _FFR_SET_REPLY which requests a more useful SMTP reply code
		when instructing the MTA to temp-fail or reject messages.

0.2.1		2005/12/09
	Further fixes to dkim_getsighdr().  Problem reported by Sung-hoon
		Choi of Dreamwiz.
	Plug a few small but definite memory leaks.
	Fix bug #SF1373746: Repair a _FFR_SELECT_CANONICALIZATION build
		problem introduced in the previous release.  Reported by
		S. Moonesamy of Eland Systems.

0.2.0		2005/12/02
	Update for revised ESTG draft.  Mainly this involved changing
		the "nowsp" canonicalization to "relaxed", and allowing
		specification of different canonicalizations for header
		and body.
	Don't allow the header to end with "\n\t" in dkim_getsighdr().
		Problem reported by Sung-hoon Choi of Dreamwiz.
	Report "neutral" instead of "fail" for failed verifications
		when they key was marked as being in test mode.  Patch from
		Sung-hoon Choi of Dreamwiz.
	Allow "-d" to specify a file from which domain names should be read,
		and allow domain names to contain wildcards.
	Fix bug #SF1243980: An empty key granularity matches nobody.  Reported
		by Jim Fenton of Cisco.
	LIBAR: Fix bug #SF1282755: Fix a build issue introduced in the
		last release.  Reported by Fredrik Pettai.

0.1.1		2005/07/21
	Prevent a garbage pointer free() in dkim_free().  Reported by
		S. Moonesamy of Eland Systems.
	Fix bug #SF1241118: Don't add an Authentication-Results: header for
		messages which are unsigned and come from a domain that
		doesn't advertise a signs-all policy.  Reported by
		S. Moonesamy of Eland Systems.
	Report "neutral" instead of "fail" for domains advertising test
		mode in their policies.
	Feature request #SF1238617: Add a compile-time option to map
		smfi_insheader() to smfi_addheader() on machines with older
		MTA and libmilter versions.

0.1.0		2005/07/13
	Initial open source release.
