			OPENDKIM RELEASE NOTES
	$Id: RELEASE_NOTES,v 1.113.2.13 2010/03/21 13:07:48 cm-msk Exp $


This listing shows the versions of the OpenDKIM package, the date of
release, and a summary of the changes in that release.

2.0.1		2010/03/20
	Fix bug #SF2964376: Don't use dkim_getsighdr() internally during
		signing as it presumes signatures will fit within a bounded
		character array and sometimes (e.g. with extensive data in
		a "z=" tag) they don't, leading to signing failures on valid
		messages.  Reported by James R. Marcus.
	Fix bug #SF2969700: Remember to NULL-terminate key data loaded from
		disk before using it.
	Don't use MAXHOSTNAMELEN as its value is unreliable.
	LIBOPENDKIM: Return an error from dkim_get_key_dns() if the
		query string is too big for a hostname buffer, rather than
		sending the truncated string to DNS anyway.
	LIBOPENDKIM: Ensure string termination in dkim_sig_getidentity()
		when calling dkim_qp_decode().  Patch from Stefan
		Schulze Frielinghaus.
	LIBOPENDKIM: In dkim_eom_sign(), don't change the handle's overall
		state before erroring out if the chunking state is invalid.
	BUILD: Fix bug #SF2969812: Don't install Lua sample files or man
		pages when "--with-lua" isn't specified.  Patch from
		Kaspar Brand.
	BUILD: Fix bug #SF2965318: Don't define USE_LUA when LDAP is enabled.
		Problem noted by Guillaume Castagnino.
	LICENSE: Change from 4-clause BSD license to 3-clause BSD license.

2.0.0 (Eve)	2010/03/05
	Feature request #SF2917224: Add optional OpenLDAP support.
	Feature request #SF2920389: Add CIDR support for IPv6 addresses.
	Feature request #SF2937428: Add "ExemptDomains" configuration item.
	Add optional Lua support, which enables a few script hooks for
		fine-grained policy controls when signing and verifying,
		and "miltertest", a new Lua-based scripting tool for
		exercising milter applications.
	Add "-Q" command line switch, putting the filter in query test mode
		to exercise the database code.
	Don't overwrite the signature verification status with that of the
		policy query status, leading to spurious "bad signature data"
		entries in the log.  Problem noted by Roman Gelfand.
	Fix database query order for PeerList, InternalHosts, etc. so that
		negation works properly again.
	Fix crash-on-shutdown bug related to the crypto utilities functions.
	Drop "KeyList" in favour of "KeyTable" and "SigningTable" in the
		configuration file.  See the opendkim.conf(5) man page
		for details.  Also, "-K" has been dropped from the command
		line, meaning multiple key support now requires use of the
		configuration file.
	Fixes in DB walk code for DB 1.85.
	Fix bug #SF2936499: Clean up numerous compiler warnings.
	Fix bug #SF2951494: Improve logic for doing ADSP queries and reporting
		their results.
	Fix bug #SF2961161: dkim_sig_getidentity() could return successfully
		even if the provided buffer was too small to accept the
		decoded value.  Reported by Ale Vesely.
	LIBOPENDKIM: Adjust dkim_sign() to accept base64-encoded DER private
		keys as well as PEM-formatted keys.
	LIBOPENDKIM: Several performance optimizations yielded from
		gprof data.
	LIBOPENDKIM: Fix a length computation that caused an invalid
		snprintf() call.  From a Gentoo bug reported by Tilman Giese.
	LIBOPENDKIM: Fix compiler complaint about multiple definitions
		of global variables.  Reported by Maarten Oelering.
	LIBOPENDKIM: Have dkim_eom() process all signatures instead of
		stopping after finding one good one.  Also add library flag
		DKIM_LIBFLAGS_VERIFYONE, causing dkim_eom() to short-circuit
		after finding one good signature while verifying (i.e.
		reproducing the pre-2.0.0 behaviour).
	LIBOPENDKIM: Feature request #SF2961427: Add dkim_libversion().
		Requested by Ale Vesely.
	TOOLS: Add "opendkim-genzone" which generates a BIND zone file
		fragment based on a KeyTable that contains all of the
		public keys required to match the configured private keys.
	BUILD: Add "--enable-codecoverage" to add build steps that generate
		profiling or code coverage reports when running unit tests.
	BUILD: Compile opendkim-testadsp with pthread libraries in case
		"--enable-arlib" was specified.
	BUILD: Fix an m4 quoting error that had rendered "--enable-debug"
		useless.
	BUILD: Check for functions upon which libmilter depends.  Reported
		by Cyro Lord.
	PORTABILITY: Support for OS X from Bob Halley.

1.2.2		2010/01/19
	Fix bug #SF2916729: Fix crash when reporting on multiple signatures,
		one of which was invalid in some way leaving its DKIM_SIGINFO
		only partially populated.  Problem noted by Ryan Burchfield.
	Fix bug #SF2919365: A _SOCK_ADDR is just a (struct sockaddr)
		which isn't big enough for IPv6 addresses.  Use a
		(struct sockaddr_storage) instead.  Problem noted by
		Werner Wiethege.
	Fix initalization and processing of ODBX requests.
	Fix DB get operations for Sleepycat versions prior to 2.0.0.
	Set a flag when crypto initialization is done so that cleanup
		occurs on shutdown.  Problem noted by Deiva Shanmugam.
	BUILD: Fix bug #SF2932392: Restore proper function of
		"--without-milter".  Reported by Mark Sidell.

1.2.1		2009/12/23
	Fix a disconnect in configuration regarding "On-KeyNotFound".
	Fix a type mismatch in dkimf_db_open() with respect to Sleepycat
		version 2 libraries, and a bug in dkimf_db_walk() with
 		respect to Sleepycat version 1 libraries.
	Report _FFR_REPORT_INTERVALS in "-V" output.
	LIBAR: Tidy up some compile-time warnings.
	BUILD: Correct name of "bodylength_db" feature.
	BUILD: Define VERIFY_DOMAINKEYS in build-config.h when
		"--with-domainkeys" is enabled.
	BUILD: Define USE_DB in build-config.h when "--with-db" is enabled.

1.2.0		2009/12/08
	Feature request #SF2873902: Overhaul the database backend code so that
		features that use external files or databases can be in any
		of several supported formats.  This will make adding new
		external data sources and formats simpler, and obviates the
		need for a bunch of individual feature requests.  This may
		have a few backward compatibility issues with respect to
		the configuration file.  Feature requested by Daniel Black.
	Feature request #SF2873900: Add optional support for OpenDBX for
		connecting to ODBC and SQL backend databases.  Requested
		by Daniel Black.
	Add "On-PolicyError" setting, allowing continuation of processing
		when an ADSP query fails.
	Activate _FFR_MULTIPLE_SIGNATURES, allowing optional addition of
		more than one signature per message passing through the
		filter.
	Add _FFR_RESIGN which allows binding of a signing handle to a
		verifying handle so that only one body hash needs to be
		run when a message will be re-signed as-is.  Suggested
		by Daniel Black.
	LIBOPENDKIM: Move VBR functions from libopendkim into their own
		new library, libvbr.
	LIBOPENDKIM: Rename the rfc2822_*() parsing functions to have
		"dkim_" prefixes, and rename their containing file
		accordingly.
	LIBOPENDKIM: Fixes in relaxed body canonicalization and chunk
		processing.  Problems noted by Masumi Taketomi Parekh
		of Yahoo!.
	LIBOPENDKIM: New library flag DKIM_LIBFLAGS_BADSIGHANDLES which
		asks the library to tolerate signature syntax errors and
		make such signatures available for limited inspection
		rather than completely ignoring them.  Requested by Masumi
		Taketomi Parekh of Yahoo!.
	BUILD: Split up library assignments between libopendkim and opendkim,
		taking advantage of libtool.  Based on a patch by Daniel Black.
	BUILD: When possible, limit the symbols exported as part of
		libopendkim to only those listed in dkim.h.
	BUILD: Generate opendkim.conf.5 man page containing all features,
		including FFR, annotated with if they are included and their 
		experimental status (for FFRs).
	BUILD: Improve static linking against openssl as noted by Roman
		Gelfand.  Compiles against openssl version 1.0.0-beta4 now. 
	BUILD: Provide pkg-config files {opendkim,vbr,ar}.pc for use by 
		other applications.
	BUILD: Fix up libresolv detection.
	BUILD: Add pkg-config checks for openssl, tre and opendbx packages to
		determine their installed library locations. Automate 
		versioning and deployment.
	BUILD: Added m4 macro library directory with updated ax_pthread.m4.
	BUILD: Moved feature, _FFR and library #defines from Makefiles to 
		build-config.h. Added macros for FFR and FEATURES.
	BUILD: Add support for versions of libtre older than 0.8.0.
	BUILD: Move all libopendkim tests into their own subdirectory.

1.1.2		2009/11/01
	Under _FFR_SENDER_MACRO, need to check the value of "SenderMacro"
		in the configuration file.  Noted by Daniel Black.
	Feature request #SF2873901: Add _FFR_REDIRECT which optionally
		redirects messages that fail verification to a specific
		address, storing the original recipients in
		X-Original-Recipient: header fields.  Suggested by
		Daniel Black.
	LIBOPENDKIM: Have dkim_dns_set_callback() return
		DKIM_STAT_NOTIMPLEMENT if the underlying resolver doesn't
		have a callback facility.  Suggested by Daniel Black.
	LIBOPENDKIM: Move internal-only types and macros from dkim.h
		to dkim-internal.h.  Based on an idea from Daniel Black.
	LIBOPENDKIM: Add in all previously optional functions so that the
		API is invariant regardless of selected features.  Add
		dkim_libfeature() as a way to detect availability of features
		at runtime.  Suggested by Daniel Black.
	LIBOPENDKIM: Some global namespace consolidation.  Suggested by
		Daniel Black.
	BUILD: Fix bug #SF2882206, patch #SF2880986: Handle libtre
		installations where "--enable-system-abi" was selected.
		Reported by Stevan Bajic; patch from Daniel Black.
	BUILD: Convert libar compilation to the libtool method.
		Suggested by Daniel Black.
	BUILD: Minor autoconf fixes, contributed by Daniel Black.

1.1.1		2009/10/09
	Plug a number of potential but minor memory and file handle leaks,
		remove some dead code, guard against NULL dereferences, fix an
		errant return code check, fix a double-free(), and several
		other fixes found by a code analysis tool, used by courtesy
		of Cloudmark.
	Change "x-dkim-adsp" to "dkim-adsp" in Authentication-Results header
		field code now that RFC5617 is published.
	Apply "On-DNSError" setting when policy queries fail.
	BUILD: Some compilation fixes and type cleanup.  Based on patches
		provided by Daniel Black.
	Add _FFR_SENDER_MACRO: Determine the message sender based on the
		contents of a macro instead of on a header field.
		Based on a patch from Ondrej Sury.

1.1.0		2009/09/16
	Feature request #SF2839110: Add _FFR_IDENTITY_HEADER, to set an
       		identity (i=) for signing based on the value found in a
		particular header.  Requested by Florian Sager. 
	Fix inside dkimf_libstatus() to return extended status code 
		4.7.5 if temp-fail is due to key retrieval failure.
	Fix bug #SF2831720: Use new dynamic signature header generation
		code (see below).
	Add new exception handling code "keynotfound" (short form "key")
		and "On-KeyNotFound", which handles keys not found in DNS
		separately from other DNS errors.
	Fixes inside dkimf_libstatus() so that SMTP reply codes get set
		properly for temp-fails.
	Remove _FFR_COMMAIZE.
	LIBOPENDKIM: Add dkim_getsighdr_d(), a dynamic-length version of
		dkim_getsighdr().  The old function interface remains
		unchanged for backward compatibility.
	LIBOPENDKIM: Add dkim_dstring_printf().
	LIBOPENDKIM: Fix bug #SF2839858: Change "default_senderheaders" list
		to include only "from", per RFC5617.  Problem noted
		by Erik Lotspeich.
	Activate _FFR_SENDER_HEADERS, adding "SenderHeaders" to the
		configuration file.
	BUILD: Fix bug #SF2841499: Fix building of opendkim tools so that
		they link against libdb when necessary.
	BUILD: Fix building of libopendkim/t-test115 so it agrees with
		what SHA methods are found by libopendkim itself.
	BUILD: Don't bother building libar unless --enable-arlib is specified.

1.0.0		2009/08/14
	Initial release after code fork from dkim-milter package (v2.8.3).
	Fix bug #SF2813077: Don't do anything other than deliver messages
		when "t=y" is present in the verifying key record.  Problem
		noted by Jens Elkner.
	Fix bug #SF2835208: Set the signal mask earlier so that signals
		of interest aren't delivered to threads that can't handle
		them.  Problem noted by Mike Markley.
	LIBOPENDKIM: Fix bug #SF2795523: Correct canonicalization problem
		when a CRLF is split across body chunks and consecutive
		blank line counting is in progress.  Reported by Mark
		Martinec.
	TESTS: Fix bug #SF2813058: Fix t-test117 so it doesn't fail if
		the DKIM_TMPDIR environment variable is set.  Problem
		noted by Jens Elkner.
	PORTABILITY: Fix bug #SF2813058: Fixes to t-test100 for
		Solaris 10 (64-bit).  Patch from Jens Elkner.
