Update to 2.8.1

2.8.1		2009/01/16
	LIBDKIM: Fix bug #SF2508602: Add a translation string for
		DKIM_SIGERROR_KEYREVOKED and fix dkim_eom_verify() so it
		returns DKIM_STAT_REVOKED when appropriate.  Problem noted
		by Mike Markley of Bank of America.

2.8.0		2009/01/08
	Add configuration option "EnableCoredumps" which makes an explicit
		kernel request for cores on crashes.  Currently only meaningful
		on Linux.
	Add configuration option "AuthServID" which sets the "authserv-id"
		token to use when generating Authentication-Results header
		fields.
	Report "fail" instead of "hardfail" on authentication failures,
		in compliance with the Authentication-Results: draft.
	Add _FFR_REPORT_INTERVALS, experimental support for the "ri" tag
		extension to DKIM policy and key records for specifying
		reporting intervals.
	Feature request #SF1985886: Add _FFR_MULTIPLE_SIGNATURES, allowing
		one instance of the filter to add multiple signatures.
		Suggested by Dave Crocker.
	Add "TemporaryDirectory" configuration file option for requesting that
		libdkim use an alternate directory for creating temporary
		files, and "KeepTemporaryFiles" for requesting that libdkim
		not delete those files for debugging purposes.
	Add optional support for the "unbound" asynchronous resolver
		library as it is DNSSEC-aware.  Adds four new configuration
		file items: "BogusKey", "BogusPolicy", "InsecureKey" and
		"InsecurePolicy".  Also add dkim_sig_getdnssec()
		and dkim_policy_getdnssec() to libdkim so callers can tell
		what the DNSSEC evaluation result was for each query.
		Based on a patch from John Dickinson.
	Add "BaseDirectory" configuration file option for specifying
		the desired current directory of the process.
	Make use of the key and policy "rs" tag, if present, when doing
		SMTP rejections.
	Use MTA macro "$j" as the hostname in generated reports instead of
		the output of gethostname() since on some systems the latter
		may not be fully-qualified.
	Remove ANTICIPATE_SENDMAIL_MUNGE, replacing it with a runtime check
		for the milter v2 feature which suppresses the addition of
		spaces in headers.
	Add _FFR_COMMAIZE which attempts to predict the reformatting
		the MTA will do to certain header fields to reduce verification
		failures.
	Add _FFR_DKIM_REPUTATION enabling a function used to query
		an open DKIM reputation service regarding the signing user
		and signing domain.  The service's URL is
		http://www.dkim-reputation.org. (EXPERIMENTAL)
	Fix preloading of configuration defaults.
	Fix bug #SF2236040: Quote all of the POSIX regular expression special
		characters, not just some of them.  Reported by Mark Martinec.
	When possible, log the selector and domain of the signature evaluated
		along with any errors in the libcrypto stack.
	LIBDKIM: Add "smtpbuf", "smtplen" and "interval" parameters to
		dkim_sig_getreportinfo() and dkim_policy_getreportinfo().
		Also, remove the assertion that "addr" be non-NULL.
	LIBDKIM: Add DKIM_LIBFLAGS_ACCEPTDK which enables compatibility
		with DomainKeys-formatted key records.
	LIBDKIM: Adjust signature formatting for legibility.
	LIBDKIM: Check return status from dkim_canon_getfinal() to avoid
		bad dereferences.  Problem noted by Chris Behrens of
		Concentric Network Corporation.
	LIBDKIM: Render the DKIM handle unusable in dkim_eoh_sign() if a
		required header was absent.
	Activate _FFR_REQUIRED_HEADERS.

2.7.2		2008/09/02
	Avoid memory leaks and infinite loops when releasing thread-specific
		memory.  Reported by Jeff Earickson.

2.7.1		2008/08/27
	Set up required callbacks for OpenSSL thread-safety.  Problem
		noted by Zbigniew Szalbot.
	Disallow empty "t=" and "x=" tags.
	Return DKIM_STAT_KEYFAIL for various DNS key retrieval failures
		instead of DKIM_STAT_INTERNAL.

2.7.0		2008/07/23
	Update to draft-ietf-dkim-ssp-04.  In doing so, rename "ASPDiscard"
		to "ADSPDiscard", "ASPNoSuchDomain" to "ADSPNoSuchDomain"
		and "SendASPReports" to "SendADSPReports" in the configuration
		file.
	Feature request #29738: Add "TrustSignaturesFrom" configuration
		file item allowing fine-grained control over third-party
		signature handling.
	Feature request #SF2018848: Add "LocalADSP" feature allowing
		policy assertions from domains known to have specific policies
		but which don't publish ADSP records.  Suggested by
		Bruno Kraychete da Costa.
	LIBDKIM: Fix an off-by-one overrun check in key and policy record
		decoding.  Problem noted by John Dickinson.

2.6.0		2008/06/11
	Remove "signaturemissing" as an old-style configuration action
		as it has been superseded by "ASPDiscard" and related
		functions.
	Add "SendASPReports" configuration option which generates ASP failure
		reports if requested by the sending domain.
	Update report generation for verification failures to use the
		new Abuse Reporting Format (ARF) and DKIM Reporting
		draft proposals.
	Add "MustBeSigned" configuration option, requiring signatures to
		cover specific headers if present.
	Rename "UseASPDiscard" to "ASPDiscard".
	Add "ASPNoSuchDomain" configuration option which rejects mail that
		appears to come from nonexistent domains as reported by the
		Author Signing Practises check.
	Add "ReportAddress" configuration option, used for defining the
		From: header of reports mailed out.
	Yet another compatibility fix with respect to Sleepycat DB.
	Fix processing of "LogWhy" configuration parameter.  Problem noted
		by Erik Lotspeich.
	Add "-n" command line flag which parses the command line arguments
		and configuration file(s), then exits with an appropriate
		status code.
	Report DKIM and ASP results separately via the same
		Authentication-Results header field.  Previous versions would
		alter the DKIM result based on ASP.
	Fix bug #SF1976931: Restore function of "nosignature" old-style
		action configuration, connected to "AlwaysAddARHeader".
		Problem noted by Lucas Brasilino.
	Feature request #SF1940233: Add "DontSignMailTo" configuration option,
		allowing a list of recipient patterns whose mail should not
		be signed.  Requested by Don Hughes.
	LIBDKIM: Rename dkim_reportinfo() to dkim_sig_getreportinfo(),
		and add dkim_policy_getreportinfo().
	LIBDKIM: Add several more signature error codes covering various
		key-related errors.
	LIBDKIM: Add dkim_sig_hdrsigned() utility, DKIM_OPTS_MUSTBESIGNED
		option, and DKIM_SIGERROR_MBSFAILED error code.
	LIBDKIM: Fix a bug in the computation of the result for
		dkim_canon_minbody().
	LIBDKIM: Report corrupted base64 chunks instead of quietly
		tolerating them.
	LIBDKIM: Tidy up the cleanup code in dkim-canon.c.
	LIBDKIM: Properly handle "tag=" at the end of a data set (i.e.
		the tag exists and has an empty value).
	LIBDKIM: Use larger unsigned data types in dkim_sig_future() as
		was done elsewhere.
	LIBDKIM: Always populate a DKIM_SIGINFO with domain and selector
		before there's an opportunity for other parsing
		short-circuits.
	LIBDKIM: Fix bug #SF1984685: Remove the "margin" parameter from
		dkim_getsighdr(); make it controlled by a new function,
		dkim_set_margin(), so that the signed copy and the
		user-requested copy are identical.
	Activate _FFR_AUTHSERV_JOBID.

2.5.5		2008/04/25
	Fix bug #SF1947301: Close up a logic problem in "UseASPDiscard"
		handling which could cause false rejections of mail from
		domains advertising "discardable" policies.  Problem noted
		by Doug Kingston.
	LIBDKIM: Another compatibility fix with respect to Sleepycat DB.

4 files changed, 64 insertions, 58 deletions

diff --git a/mail/dkim-milter/Makefile b/mail/dkim-milter/Makefile
index 7dae62ee852..7769eac2a4c 100644
--- a/mail/dkim-milter/Makefile
+++ b/mail/dkim-milter/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.16 2008/10/06 14:56:52 joerg Exp $
+# $NetBSD: Makefile,v 1.17 2009/01/19 23:24:28 adrianp Exp $
 
-DISTNAME=	dkim-milter-2.5.4
+DISTNAME=	dkim-milter-2.8.1
 CATEGORIES=	mail
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=dkim-milter/}
 
diff --git a/mail/dkim-milter/PLIST b/mail/dkim-milter/PLIST
index 8b77c5ab013..ef0fadf6da9 100644
--- a/mail/dkim-milter/PLIST
+++ b/mail/dkim-milter/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2008/04/20 17:36:15 adrianp Exp $
+@comment $NetBSD: PLIST,v 1.9 2009/01/19 23:24:28 adrianp Exp $
 ${PLIST.arlib}lib/libar.a
 ${PLIST.arlib}man/man3/ar.3
 lib/libdkim.a
@@ -20,11 +20,20 @@ share/doc/dkim-milter/KNOWNBUGS
 share/doc/dkim-milter/README
 share/doc/dkim-milter/RELEASE_NOTES
 share/examples/dkim-milter/dkim-filter.conf.sample
-share/doc/dkim-milter/draft-hoffman-dac-vbr-02.txt
-share/doc/dkim-milter/draft-ietf-dkim-deployment-01.txt
-share/doc/dkim-milter/draft-ietf-dkim-overview-09.txt
-share/doc/dkim-milter/draft-ietf-dkim-ssp-03.txt
-share/doc/dkim-milter/draft-kucherawy-sender-auth-header-14.txt
+share/doc/dkim-milter/draft-hoffman-dac-vbr-05.txt
+share/doc/dkim-milter/draft-ietf-dkim-deployment-02.txt
+share/doc/dkim-milter/draft-ietf-dkim-overview-10.txt
+share/doc/dkim-milter/draft-ietf-dkim-ssp-08.txt
+share/doc/dkim-milter/draft-kucherawy-dkim-reporting-04.txt
+share/doc/dkim-milter/draft-kucherawy-sender-auth-header-19.txt
+share/doc/dkim-milter/draft-shafranovich-feedback-report-06.txt
+share/doc/dkim-milter/libdkim/dkim_dnssec.html
+share/doc/dkim-milter/libdkim/dkim_policy_getdnssec.html
+share/doc/dkim-milter/libdkim/dkim_policy_getreportinfo.html
+share/doc/dkim-milter/libdkim/dkim_set_margin.html
+share/doc/dkim-milter/libdkim/dkim_sig_getdnssec.html
+share/doc/dkim-milter/libdkim/dkim_sig_getreportinfo.html
+share/doc/dkim-milter/libdkim/dkim_sig_hdrsigned.html
 share/doc/dkim-milter/libdkim/dkim.html
 share/doc/dkim-milter/libdkim/dkim_alg_t.html
 share/doc/dkim-milter/libdkim/dkim_body.html
@@ -59,7 +68,6 @@ share/doc/dkim-milter/libdkim/dkim_policy_t.html
 share/doc/dkim-milter/libdkim/dkim_presult.html
 share/doc/dkim-milter/libdkim/dkim_pstate.html
 share/doc/dkim-milter/libdkim/dkim_query_t.html
-share/doc/dkim-milter/libdkim/dkim_reportinfo.html
 share/doc/dkim-milter/libdkim/dkim_set_dns_callback.html
 share/doc/dkim-milter/libdkim/dkim_set_final.html
 share/doc/dkim-milter/libdkim/dkim_set_key_lookup.html
diff --git a/mail/dkim-milter/distinfo b/mail/dkim-milter/distinfo
index 9b593a53d01..d63af081ec1 100644
--- a/mail/dkim-milter/distinfo
+++ b/mail/dkim-milter/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.7 2008/04/20 17:20:20 adrianp Exp $
+$NetBSD: distinfo,v 1.8 2009/01/19 23:24:28 adrianp Exp $
 
-SHA1 (dkim-milter-2.5.4.tar.gz) = 3664131dd4f4d82a2c54c9039bf7574b16998043
-RMD160 (dkim-milter-2.5.4.tar.gz) = 6f718d5319ebacd7fad4aaa20855d68f51dfb9d8
-Size (dkim-milter-2.5.4.tar.gz) = 644945 bytes
-SHA1 (patch-aa) = 5691ba5ff1ea70a68d03d829bb5697ca824280a7
+SHA1 (dkim-milter-2.8.1.tar.gz) = 0bfc8839c21da7208670f39e8d054579d56865df
+RMD160 (dkim-milter-2.8.1.tar.gz) = 76745d9fba95cfd0a05f62aa334293a56f6715d1
+Size (dkim-milter-2.8.1.tar.gz) = 726239 bytes
+SHA1 (patch-aa) = 27b4ad93e1f97ba072eaaf28d06801f765b74ec4
 SHA1 (patch-ab) = ab99d7cbc6cf3ad5aff905d32c50caac7d5c02e0
 SHA1 (patch-ac) = 863ff7ec1ac1ebf06732a78c8429fcc1b2799ac4
diff --git a/mail/dkim-milter/patches/patch-aa b/mail/dkim-milter/patches/patch-aa
index 7ab6157aa6a..eb4775f51cd 100644
--- a/mail/dkim-milter/patches/patch-aa
+++ b/mail/dkim-milter/patches/patch-aa
@@ -1,13 +1,13 @@
-$NetBSD: patch-aa,v 1.5 2008/04/20 17:20:20 adrianp Exp $
+$NetBSD: patch-aa,v 1.6 2009/01/19 23:24:28 adrianp Exp $
 
---- devtools/Site/site.config.m4.orig	2008-04-20 17:49:29.000000000 +0100
+--- devtools/Site/site.config.m4.orig	2009-01-19 23:11:46.000000000 +0000
 +++ devtools/Site/site.config.m4
 @@ -11,7 +11,7 @@ dnl
  dnl If you are encountering coredumps and want to be able to analyze them
  dnl using something like "gdb", enable this next line by deleting the "dnl"
  dnl at the front of it.
 -dnl define(`confOPTIMIZE', `-g')
-+@DEBUG@ define(`confOPTIMIZE', `-g')
++@DEBUG@ dnl define(`confOPTIMIZE', `-g')
  
  dnl Shared library for libdkim
  dnl
@@ -22,7 +22,7 @@ $NetBSD: patch-aa,v 1.5 2008/04/20 17:20:20 adrianp Exp $
  dnl
 @@ -40,7 +40,7 @@ dnl libar -- asynchronous resolver libra
  dnl
- dnl If you want to use the asynchronous resolver library, enable this
+ dnl If you want to use the provided asynchronous resolver library, enable this
  dnl next line by deleting the "dnl" at the front of it.
 -dnl define(`bld_USE_ARLIB', `true')
 +@ARLIB@ define(`bld_USE_ARLIB', `true')
@@ -36,25 +36,25 @@ $NetBSD: patch-aa,v 1.5 2008/04/20 17:20:20 adrianp Exp $
 -dnl APPENDDEF(`conf_libar_ENVDEF', `-DAR_RES_MANUAL')
 +@ARLIB@ APPENDDEF(`conf_libar_ENVDEF', `-DAR_RES_MANUAL')
  
- dnl POPAUTH -- POP-before-SMTP authentication
+ dnl libunbound -- "unbound" asynchronous resolver library
  dnl
-@@ -87,6 +87,14 @@ dnl have v0.9.8 or later for SHA256 supp
- dnl lines by deleting "dnl" from the front of them and edit paths as needed.
- dnl APPENDDEF(`confINCDIRS', `-I/usr/local/ssl/include ')
- dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/ssl/lib ')
-+APPENDDEF(`confINCDIRS', `-I@SSLBASE@/include ')
-+APPENDDEF(`confLIBDIRS', `-L@SSLBASE@/lib ')
-+
-+dnl pthread support
-+dnl
-+APPENDDEF(`confLIBS', `@PTHREAD_LDFLAGS@ ')
-+APPENDDEF(`confINCDIRS', `-I@PTHREAD@/include ')
-+APPENDDEF(`confLIBDIRS', `-L@PTHREAD@/lib ')
+@@ -64,6 +64,14 @@ dnl Finally, you may need to enable and 
+ dnl can find your installation.
+ dnl APPENDDEF(`confINCDIRS', `-I/usr/local/unbound/include ')
+ dnl APPENDDEF(`confLIBDIRS', `-L/usr/local/unbound/lib ')
++APPENDDEF(`confINCDIRS', `-I@SSLBASE@/include ')                       
++APPENDDEF(`confLIBDIRS', `-L@SSLBASE@/lib ')                           
++                                     
++dnl pthread support                  
++dnl                                  
++APPENDDEF(`confLIBS', `@PTHREAD_LDFLAGS@ ')                            
++APPENDDEF(`confINCDIRS', `-I@PTHREAD@/include ')                       
++APPENDDEF(`confLIBDIRS', `-L@PTHREAD@/lib ') 
  
- dnl TRE -- Approximate regular expression matching
+ dnl POPAUTH -- POP-before-SMTP authentication
  dnl
-@@ -116,9 +124,10 @@ dnl APPENDDEF(`confENVDEF', `-D_FFR_REPL
- dnl APPENDDEF(`confENVDEF', `-D_FFR_REQUIRED_HEADERS ')
+@@ -131,9 +139,10 @@ dnl APPENDDEF(`confENVDEF', `-D_FFR_REPL
+ dnl APPENDDEF(`confENVDEF', `-D_FFR_REPORT_INTERVALS ')
  dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECT_CANONICALIZATION ')
  dnl APPENDDEF(`confENVDEF', `-D_FFR_SELECTOR_HEADER ')
 -dnl APPENDDEF(`confENVDEF', `-D_FFR_STATS ')
@@ -65,37 +65,35 @@ $NetBSD: patch-aa,v 1.5 2008/04/20 17:20:20 adrianp Exp $
  
  dnl DomainKeys -- Yahoo DomainKeys verification support
  dnl 
-@@ -132,8 +141,8 @@ dnl
- dnl This must be in the search rules for your compile.  If necessary,
- dnl adjust the paths below and enable the lines by deleting "dnl" from the
+@@ -149,6 +158,8 @@ dnl adjust the paths below and enable th
  dnl front of them.
--dnl APPENDDEF(`bld_dkim_filter_INCDIRS', `-I/usr/local/sendmail/include')
--dnl APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L/usr/local/sendmail/lib')
-+APPENDDEF(`bld_dkim_filter_INCDIRS', `-I@LMBASE@/include')
-+APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L@LMBASE@/lib')
+ dnl APPENDDEF(`bld_dkim_filter_INCDIRS', `-I/usr/local/sendmail/include')
+ dnl APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L/usr/local/sendmail/lib')
++APPENDDEF(`bld_dkim_filter_INCDIRS', `-I@LMBASE@/include')             
++APPENDDEF(`bld_dkim_filter_LIBDIRS', `-L@LMBASE@/lib') 
  
  dnl smfi_addheader() -- older versions of libmilter
  dnl
-@@ -142,3 +151,22 @@ dnl primitive, you can enable this to ha
+@@ -157,3 +168,22 @@ dnl primitive, you can enable this to ha
  dnl instead.  It will still work, but it breaks the DKIM specification.
  dnl To enable this, remove the "dnl" from the front of the line.
  dnl APPENDDEF(`conf_dkim_filter_ENVDEF', `-DNO_SMFI_INSHEADER ')
-+
-+dnl path fixes for pkgsrc
-+dnl
-+define(`confINCLUDEDIR', `@PREFIX@/include')
-+define(`confLIBDIR', `@PREFIX@/lib')
++                                     
++dnl path fixes for pkgsrc            
++dnl                                  
++define(`confINCLUDEDIR', `@PREFIX@/include')                           
++define(`confLIBDIR', `@PREFIX@/lib') 
 +define(`confSBINDIR', `@PREFIX@/sbin')
 +define(`confUBINDIR', `@PREFIX@/bin')
-+define(`confEBINDIR', `@PREFIX@/libexec')
-+define(`confMANROOT', `@PREFIX@/@PKGMANDIR@/man')
-+define(`confMANROOTMAN', `@PREFIX@/@PKGMANDIR@/man')
-+define(`confMAN4EXT', `3')
-+define(`confMAN5EXT', `5')
-+define(`confMAN8EXT', `8')
-+define(`confINSTALL_RAWMAN', 'yes')
++define(`confEBINDIR', `@PREFIX@/libexec')                              
++define(`confMANROOT', `@PREFIX@/@PKGMANDIR@/man')                      
++define(`confMANROOTMAN', `@PREFIX@/@PKGMANDIR@/man')                   
++define(`confMAN4EXT', `3')           
++define(`confMAN5EXT', `5')           
++define(`confMAN8EXT', `8')           
++define(`confINSTALL_RAWMAN', 'yes')  
 +define(`confDONT_INSTALL_CATMAN', 'yes')
-+
-+dnl option fixes for pkgsrc
-+dnl
-+define(`confLIBSEARCH', `@DBLIB@ @RESOLVLIB@')
++                                     
++dnl option fixes for pkgsrc          
++dnl                                  
++define(`confLIBSEARCH', `@DBLIB@ @RESOLVLIB@')