2008年4月 7日

[installer 1487] dkim-milter-2.5.2

dkim-milter-2.5.2 出ています。

☆ dkim-milter-2.5.2
http://sourceforge.net/projects/dkim-milter/
http://sourceforge.net/project/showfiles.php?group_id=139420

2.5.2 2008/03/28
Preserve the sender's domain name outside of mlfi_eoh() as it's

now needed in mlfi_eom(). Problem noted by Andy Fiddaman.
Fix bug #SF1921873: Pass "-K" command line switch into the new
configuration handling code. Problem noted by Al Smith.
TOOLS: Fix flags portion of the TXT record output by dkim-genkey.
Problem noted by Michael Carland.
BUILD: Fix bug #SF1922422: Fix linker problems when POPAUTH is
defined.

2.5.1 2008/03/20
Update for draft-kucherawy-sender-auth-header-14.
Fix bug #SF1911328: Restore proper behaviour of SignHeaders and
OmitHeaders, broken in the prior release's configuration
overhaul. Problem reported by Jason Molzen.
Fix bug #SF1912332: Fix parameters passed to db->open(). Problem
reported by Tony Earnshaw.
Fix bug #SF1912569: Initialize mutexes before entering test mode.
Patch from Kaspar Brand.
LIBDKIM: Add "subject" to "should_signhdrs" per RFC4871 section 5.5.
LIBDKIM: More boundary checking fixes in dkim_canon_selecthdrs().
Problem noted by Warren Horvath.
LIBDKIM: Fix bug #SF1820084: Return DKIM_STAT_MULTIDNSREPLY
if a DNS query returns multiple records.

2.5.0 2008/03/06
Add "AutoRestartCount" and "AutoRestartRate" configuration
parameters to limit runaway restart loops.
Feature request #SF1735573: Add "AlwaysAddARHeader" option, which
will add an Authentication-Results of "none" for unsigned
messages from domains without a "strict" policy.
Feature request #SF1807748: Reload the configuration file on
receipt of SIGUSR1. Requested by Florian Sager.
Feature request #SF1811969: Add _FFR_BODYLENGTH_DB which adds a
"BodyLengthDBFile" feature, allowing a per-recipient decision
on whether or not to use an "l=" tag when signing. Patch
contributed by Daniel Black.
Feature request #SF1841955: Add an "Include" facility to the
configuration file.
Feature request #SF1876941: Make the syslog facility selectable.
Based on a patch from Jose-Marcio Martins da Cruz of Ecole
des Mines de Paris.
Feature request #SF1876943: Add _FFR_AUTHSERV_JOBID allowing the
job ID to be included as part of the "authserv-id" in
Authentication-Results: headers. Based on a patch from
Jose-Marcio Martins da Cruz of Ecole des Mines de Paris.
Feature request #SF1890581: Attempt to clean up a UNIX domain
socket in the non-AutoRestart case as well. Requested
by Daniel Black.
Add "MilterDebug" configuration file option for requesting debugging
output from the filter.
Add "FixCRLF" configuration file option which activates the
DKIM_LIBFLAGS_FIXCRLF flag (see below).
Update to draft-ietf-dkim-ssp-03. In doing so, rename the
"UseSSPDeny" configuration option to "UseASPDiscard".
Handle an error from dkim_getsighdr() properly in mlfi_eom().
When VERIFY_DOMAINKEYS is active, don't short-circuit mlfi_eoh()
between dk_verify() and dk_eoh() or a segmentation fault below
dk_body() could result.
LIBDKIM: Feature request #SF1823059: Export key, signature and
policy syntax checking capability via the API. Based on
a patch from Chris Behrens of Concentric Network Corporation.
LIBDKIM: Assert defaults for "c" and "q" tags when parsing
signature headers. Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Better handling of truncated DNS replies; instead of
just giving up if the "tc" (truncated) bit is set in the
reply, see if there was enough of a reply returned to be able
to complete the request.
LIBDKIM: Fix recycling bug in header canonicalizations which was
causing signatures other than the first one to fail in most
cases.
LIBDKIM: Add new dkim_chunk() interface.
LIBDKIM: Enforce DKIM_OPTS_QUERYMETHOD library option even if there
were no valid signatures.
LIBDKIM: New DKIM_LIBFLAGS_FIXCRLF which requests that "naked"
CRs and LFs be converted to CRLFs during canonicalization
when signing.
LIBDKIM: Fix bounds checking in dkim_canon_selecthdrs().
LIBAR: Eliminate a possible race condition in ar_dispatcher().
LIBAR: Timeouts passed to select() can't be bigger than 10^8.
Problem noted by S. Moonesamy of Eland Systems.
BUILD: Feature request #SF1876242: Install the filter in EBINDIR
and everything else in UBINDIR.

2.4.4 2008/01/25
In mlfi_close(), don't assume the libmilter private context pointer
is not NULL.
Fail to start up if told to load a key list which resulted in no
keys being loaded.
When "AutoRestart" is in use, the parent will now wait for the
child to terminate before exiting. Thus, something that
signals the process ID in the pid file can also wait on that
process to be gone before being sure that the service has
actually shut down.
Include the job ID when logging about Authentication-Results: headers
that can't be parsed. Problem noted by S. Moonesamy.
LIBDKIM: In dkim_policy(), skip invalid signatures during evaluation
of step 1 of SSP as the signature handle may not have been
fully populated.

2.4.3 2008/01/18
Request addition of an "i=" tag in the signature when signing for
subdomains. Patch from Alin Nastac.
TOOLS: Fix bug #SF1867259: "echo -n" is not portable. Problem
noted by Gary Mills.
TOOLS: Fix bug #SF1867869: Output of the "t=" value was incorrect
with respect to the "s" flag. Reported by Geoff Adams.
LIBAR: Further handling of the absence of "nameserver" lines in
resolv.conf, this time in the manual processing code.
LIBDKIM: Fix bug #SF1867839: 64-bit portability in rfc2822.c.
Patch from Geoff Adams.
LIBDKIM: Tighten up correctness of the first SSP test ("valid
originator signature") in dkim_policy(). Problem noted
by Alin Nastac.
BUILD: Fix bug #SF1818906: Update site.config.m4 to include a flag
for installing libdkim when compiling static libraries,
and installing dkim.h in either case. Requested by
Chris Behrens of Concentric Network Corporation.

2.4.2 2008/01/02
Remove "-H" from the usage message. It was meant to be a command
line interface to "AlwaysSignHeaders" but was never
implemented. Problem noted by Jeff Anton.
LIBDKIM: Make dkim_islwsp() into a macro to drastically reduce the
number of function calls made during canonicalization.
LIBDKIM: Fix bug #SF1857484: Fix logic problem in dkim_policy() with
the new pstate checks. Problem noted by Werner Wiethege;
patch from Chris Behrens of Concentric Network Corporation.

2.4.1 2007/12/20
Update for latest Authentication-Results: header draft.
Avoid a NULL dereference in dkim_get_key(). Problem noted by Chris
Behrens of Concentric Network Corporation.
Fix bug #SF1842970: Make the overall header byte count check
configurable, and increase the default. Also, add
"On-Security" (configuration file) and "security" (command
line) options for controlling the default reaction to such
conditions. While we're at it, add an "On-Default" and
"default" option for making a global action setting.
Requested by Mark Martinec.
LIBAR: Fix bug #SF1852618: Handle default case of no "nameserver"
lines in /etc/resolv.conf. Problem noted by Mike Markley
of Bank of America.
LIBDKIM: Fix bug #SF1824876: Add "dkim_pstate" and make dkim_policy()
re-entrant. Requested by Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Fix bug #SF1843733, SF1843782: Tighten up header name
matching in dkim_get_header() and dkim_get_sender(). Patches
from Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1843788: Fix an off-by-one length bug in
dkim_header(). Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Fix bug #SF1850973: Remove MAXHDRCNT; make the arrays it
previously defined dynamic. Reported by Mike Markley of
Bank of America.
LIBDKIM: Feature request #SF1841974: Numerous performance enhancements
from Chris Behrens of Concentric Network Corporation.

2.4.0 2007/11/30
Take advantage of some more features that were introduced with
milter v2 in sendmail 8.14.0:
o If all canonicalizations are satisfied in terms of
length limits, advise the MTA to stop sending the
message body to reduce unneeded I/O.
o Turn off as many unnecessary SMTP protocol steps as
possible.
o Fail option negotiation if any of the milter features
required are not available.
o If specific MTA macros are to be used for making the
sign vs. verify decision, explicitly request them.
Prevent corruption in Authentication-Results: headers caused
by signatures that have explicit "i=" values.
Report "hardfail" instead of "fail" on authentication failures,
in compliance with the Authentication-Results: draft.
Amend the "-M" command line option and "MacroList" configuration
options to allow a list of possible values for each
macro.
Add _FFR_SELECTOR_HEADER, adding the means to choose which selector
(and thus which key) is used to sign based on the value
found in a particular header. Requested by Steve Jones
of Bank of America.
Add dkimf_dstring*() (dynamic string) functions and clean up some
code by making use of it.
Skip all the userid and group changes when either "-u" or "UserID"
is in use if the requested user is the same as the
executing user.
Fix use of "UseSSPDeny" to include handling of unsigned messages.
Fix bug #SF1834701: Log a warning and temp-fail the message if
a key list is in use that didn't match the sender for a
message which should be signed. Problem noted by Jim
Hermann.
Patch #SF1796697: Add _FFR_REPLACE_RULES, adding the facility to do
substring replacement before signing to anticipate things
like the MTA "masquerade" and "genericstable" functions.
Requires further development.
Replace "gentxt.csh" with more robust "dkim-genkey" utility.
Feature request #SF1811962: Add new utilities "dkim-testkey" which
verifies that a public key is readable and properly formatted
and matches the locally-provided private key, and
"dkim-testssp" which retrieves a domain's sender signing
practises record and prints it in a human-readable form.
Based on code contributed by Daniel Black.
Feature request #SF1817253: Add "UMask" configuration file option.
Suggested by Daniel Black.
Feature request #SF1818863: Add a section to site.config.m4.dist
to request a build of the shared object version of libdkim.
Requested by Chris Behrens of Concentric Network Corporation.
Feature request #SF1834748: Use a more meaningful SMTP reply when
rejecting a message at the SMTP level due to SSP. Suggested
by S. Moonesamy of Eland Systems.
LIBDKIM: Return DKIM_STAT_NOKEY from dkim_get_key_dns() if the answer
count comes back zero, rather than DKIM_STAT_CANTVRFY.
Problem noted by Chris Behrens of Concentric Network
Corporation.
LIBDKIM: Plug a memory leak in dkim_get_key(). Problem noted by
Chris Behrens of Concentric Network Corporation.
LIBDKIM: Replace a dicey memcpy() call with memmove(). Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add DKIM_CBSTAT_NOTFOUND and DKIM_CBSTAT_ERROR callback
return codes, and DKIM_STAT_CBERROR return code. Suggested
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Add dkim_minbody() to determine how much more body text
is required to satisfy canonicalizations.
LIBDKIM: Add dkim_gethandlingstr() and dkim_getpolicystr() for
translation of SSP handling and policy codes into printable
strings.
LIBDKIM: Add _FFR_PARSE_TIME, adding a utility function that can
be used to detect that the timestamp on a signature and the
value of the Date: header wildly differ. Incomplete.
LIBDKIM: If a message comes in with no properly-formed sender headers,
dkim_eoh() now renders the DKIM handle unusable by later
data processing calls.
LIBDKIM: Fix arithmetic in dkim_sig_expired().
LIBDKIM: In dkim_eoh_verify(), check for a NULL user pointer return
from rfc2822_mailbox_split() (was previously only checking
for an error code or NULL domain). Problem noted by Chris
Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1819489: Fix signature header name check in
dkim_header(). Patch from Chris Behrens of Concentric
Network Corporation.
LIBDKIM: Fix bug #SF1819559: Fix key granularity processing.
LIBDKIM: Fix bug #SF1819571: More robust processing of "s=" in keys.
LIBDKIM: Fix bug #SF1819607: Allow "t=" and "x=" values up to 64 bits
since RFC4871 requires at least 40.
LIBDKIM: Fix bug #SF1820017: Don't accept signatures with no "v=" tag.
LIBDKIM: Fix bug #SF1820060: The value of "q=" may be a colon-separated
list of values to parse.
LIBDKIM: Fix bug #SF1820080: The value of "i=" may be quoted-printable
so do appropriate decoding.
LIBDKIM: Fix bug #SF1820123: "simple" body canonicalization must
contain at least CRLF.
LIBDKIM: Fix bug #SF1820370: More graceful handling of grossly
malformed signature headers. Problem noted by Chris Behrens
of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822287 and SF1822295: Update policy check code
to use the draft-ietf-dkim-ssp-01 algorithm. Problem noted
by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822329: In dkim_get_policy(), check for and handle
error returns from the subordinate lookup functions. Problem
noted by Chris Behrens of Concentric Network Corporation.
LIBDKIM: Fix bug #SF1822331: Use consistent return codes in
dkim_get_policy_dns(). Problem noted by Chris Behrens of
Concentric Network Corporation.
LIBDKIM: Fix bug #SF1832703: When looking for headers to canonicalize
during verification, disregard spaces between the header name
and the colon (":") character. Problem noted by James
Sargent of AOL.
LIBDKIM: Fix bug #SF1838826: Several fixes with respect to processing
key and policy flags. Problems noted by Marc Martinec.
LIBDKIM: Feature request #SF1821005: Add dkim_getdomain(), an accessor
function for dkim_domain. Requested by Chris Behrens of
Concentric Network Corporation.
Activate _FFR_QUERY_CACHE (Feature request #SF1675359) and
_FFR_SELECT_SIGN_HEADERS.

2.3.2 2007/10/19
Fix bug #25896: Fix a bug in parsing of "RemoveARFrom".
LIBDKIM: Fix a bug in the key reuse block of dkim_get_key() which
assumed that a domain and selector match guaranteed a copied
key and key tag list.
LIBDKIM: Fix bug #SF1812687: Fix handling check in dkim_get_policy().
Patch from Daniel Black.

2.3.1 2007/10/12
Fix header loss problem in test mode.
Fix bug #SF1808886: Handle missing or empty test inputs more
gracefully. Based on a patch from Kaspar Brand.
Fix bug #SF1808881: Check various integer conversions for
negative, overflow or inappropriate values. Suggested
by Kaspar Brand.
Feature request #SF1809239: Restore performance of test mode on
large messages. Requested by Kaspar Brand.
Patch #SF1811132: Include <stdlib.h> in test.c for malloc()
prototype. Patch from Daniel Black.
BUILD: Patch #SF1810712: Correct default location for the Tre
regular expression library. Suggested by Daniel Black.

2.3.0 2007/10/06
Add "UseSSPDeny" configuration option which causes the filter
to reject messages which are determined to be suspicious
according to the new draft-ietf-dkim-ssp-01, and whose
sending domains advertise a recommended handling of "deny",
and whose SSP records are not in "test" mode.
Add "MaximumSignedBytes" configuration option limiting the number
of bytes of the message body to be signed.
Add "-t" command line option for reading an RFC2822-formatted
message from a named file and attempting to evaluate it,
"-F" command line option for using a fixed signing
time, and "-v" command line option for requesting verbose
output. Finally, new configuration option "StrictTestMode"
asserts that all lines of input must be CRLF-terminated.
Based on patches from Kaspar Brand.
Add "TestPublicKeys" setting for instructing libdkim to read public
keys from a file, for use during automated testing.
Based on a patch from Jeff Barry.
When using _FFR_QUERY_CACHE, periodically report cache activity
statistics.
Don't arbitrarily suppress signing of already-signed messages.
Fix bug #25728: When "AutoRestart" is in use, try to remove the
socket (if it's a UNIX domain socket) prior to trying to
start the child.
LIBDKIM: Add dkim_getmode() function.
LIBDKIM: Fixes to policy evaluation in dkim_policy(). Based on a
patch from Jeff Barry.
LIBDKIM: Patch #SF1796687: Add DKIM_LIBFLAGS_ACCEPTV05 which causes
the library to accept signatures with version strings of
"0.5", i.e. those based on later versions of the DKIM draft
specification. This does not change any other part of
signature validation or canonicalization, only the version
string test. Suggested by Jim Fenton of Cisco.
LIBDKIM: When closing canonicalizations, flush the temporary files
rather than closing them so that things like dkim_reportinfo()
return useful descriptors. Close the temporary files in
dkim_canon_free() only. Problem noted by Jeff Barry.
LIBDKIM: Fix variable argument processing by merging dkim_error()
and dkim_verror(). The previous code was causing
segmentation faults on selected operating systems.
Activate the following FFRs:
_FFR_KEY_REUSE
_FFR_SET_REPLY

----
こがよういちろう


投稿者 xml-rpc : 2008年4月 7日 16:51
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/71861
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。