2.8.3 2013/05/04

        Log something when refusing to sign because the private key was too
                small.  This also adds a new "On-SignatureError" handler
                setting, and a new status code DKIM_STAT_SIGGEN.
        Fix application of "On-InternalError" setting.
        Feature request #SF3609496: Don't apply reputation checks to internal
                clients.

2.8.2           2013/03/27
        Authentication-Results tokens should be checked without case
                sensitivity.
        Fix snprintf() arguments in dkimf_checkfsnode().
        CONTRIB: Patch #SF3608716: Fixes to spec/opendkim.spec.in

2.8.1           2013/03/19
        Fix bug #SF3607071: Report the reason why a key file is determined
                to be unsafe.
        Fix bug #SF3607072: When checking for key file safety, take any
                "-u" value provided on the command line into account.
        Fix bug #SF3608401: Solaris 10 doesn't have strsep().
        BUILD: Fix build for versions of libdb between 3.1 and 4.6.

2.8.0           2013/02/25
        Feature request #SF2964383: Add DKIM_LIBFLAGS_STRICTRESIGN, which
                inhibits signing of a handle tagged for resigning when the
                attached verifying handle had no valid signatures in it.
        Feature request #SF3155117: Do a more thorough check for writeable
                key files, checking more of the filesystem permission tree.
        Feature request #SF3530734: Add "LDAPDisableCache", which suppresses
                the creation of a local cache in front of LDAP queries.
        Feature request #SF3547359: If compiled with libcurl, add "SMTPURI"
                configuration option that allows direct SMTP transmission
                failure reports.
        Feature request #SF3578197: Allow per-message override of the list of
                header fields to be signed.
        Feature request #SF3590860: Combine collected reputation values into
                an overall allowed rate under _FFR_REPRRD, as is done for the
                other reputation code.
        Feature request #SF3598991: Add odkim.signfor() function to the Lua
                setup script.
        Feature request #SF3599409: Modify dkimf_checkip() to try surrounding
                the IP address part of every query with square brackets, which
                is a common way to do IP address literals in email contexts.
        Fix bug #SF3531477: Add (hopefully temporary) configuration option
                "DisableCryptoInit" so that opendkim's initialization of the
                crypto library doesn't conflict with the same work done by
                other libraries.
        Fix bug #SF3599901: Rename "InsecureKey" to "UnprotectedKey" and
                "InsecurePolicy" to "UnprotectedPolicy", as the term "insecure"
                in reference to a key is sometimes interpreted to mean "not
                enough random bits" rather than as a keyword describing the
                presence or absence of DNSSEC protection.  What's logged in
                Authentication-Results header fields has been similarly
                modified.
        Fix bug #SF3604525: Don't divide by zero when the query cache hasn't
                been used.
        Protect against handling of signatures with empty domains, which could
                cause a NULL dereference and a crash.
        Do ATPS checks when enabled even if ADSP is disabled.
        Don't fail to start on empty or null configuration files.
        Patch #SF3593422: Update for MDB 0.9.5 support.
        LIBOPENDKIM: Fix header canonicalization when DKIM_LIBFLAG_FIXCRLF is
                used in combination with dkim_chunk().
        LIBOPENDKIM: Enable dkim_getcachestats() and the underlying function
                to extract the current number of keys in the cache, and also
                provide a counter reset mechanism.
        BUILD: Feature request #SF3547151: Check for Lua package name variants
                in use on Debian.
        BUILD: Feature request #SF3599902: Change OpenSSL existence test
                to help with Debian packaging.
        BUILD: Add "--with-test-socket" to force all of the filter unit tests
                to use a specific socket.
        BUILD: Add checks for strlcat()/strlcpy() in libbsd.
        CONTRIB: Fix bug #SF3575666: Pass pid file path to killproc.
        CONTRIB: Add systemd directory.
        CONTRIB: Split out initial key generation function from
                contrib/init/redhat/opendkim.
        MILTERTEST: Don't crash in mt_connect() if the socketspec doesn't
                contain a colon.
        MILTERTEST: When connect() fails for an AF_INET socket, it apparently
                leaves the socket unusable.  Discard the socket when that
                happens and get a new one.
        MILTERTEST: Add a way to extend the mt.connect() retry interval via
                environment variables so a large test suite can be easily
                extended on slow systems.
        TOOLS: Register DNS functions before calling dkim_dns_init() in
                opendkim-testkey.
        TOOLS: Add "-K" (keep temporary files) flag for opendkim-testmsg

0 files changed, 0 insertions, 0 deletions