---
- branch: MAIN
  date: Mon Jan 19 23:24:28 UTC 2009
  files:
  - new: '1.17'
    old: '1.16'
    path: pkgsrc/mail/dkim-milter/Makefile
    pathrev: pkgsrc/mail/dkim-milter/Makefile@1.17
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/mail/dkim-milter/PLIST
    pathrev: pkgsrc/mail/dkim-milter/PLIST@1.9
    type: modified
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/mail/dkim-milter/distinfo
    pathrev: pkgsrc/mail/dkim-milter/distinfo@1.8
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/mail/dkim-milter/patches/patch-aa
    pathrev: pkgsrc/mail/dkim-milter/patches/patch-aa@1.6
    type: modified
  id: 20090119T232428Z.b74033ab98f7b17e5fe1e2a7b21bd6dd310a20a7
  log: "Update to 2.8.1\n\n2.8.1\t\t2009/01/16\n\tLIBDKIM: Fix bug #SF2508602: Add
    a translation string for\n\t\tDKIM_SIGERROR_KEYREVOKED and fix dkim_eom_verify()
    so it\n\t\treturns DKIM_STAT_REVOKED when appropriate.  Problem noted\n\t\tby
    Mike Markley of Bank of America.\n\n2.8.0\t\t2009/01/08\n\tAdd configuration option
    \"EnableCoredumps\" which makes an explicit\n\t\tkernel request for cores on crashes.
    \ Currently only meaningful\n\t\ton Linux.\n\tAdd configuration option \"AuthServID\"
    which sets the \"authserv-id\"\n\t\ttoken to use when generating Authentication-Results
    header\n\t\tfields.\n\tReport \"fail\" instead of \"hardfail\" on authentication
    failures,\n\t\tin compliance with the Authentication-Results: draft.\n\tAdd _FFR_REPORT_INTERVALS,
    experimental support for the \"ri\" tag\n\t\textension to DKIM policy and key
    records for specifying\n\t\treporting intervals.\n\tFeature request #SF1985886:
    Add _FFR_MULTIPLE_SIGNATURES, allowing\n\t\tone instance of the filter to add
    multiple signatures.\n\t\tSuggested by Dave Crocker.\n\tAdd \"TemporaryDirectory\"
    configuration file option for requesting that\n\t\tlibdkim use an alternate directory
    for creating temporary\n\t\tfiles, and \"KeepTemporaryFiles\" for requesting that
    libdkim\n\t\tnot delete those files for debugging purposes.\n\tAdd optional support
    for the \"unbound\" asynchronous resolver\n\t\tlibrary as it is DNSSEC-aware.
    \ Adds four new configuration\n\t\tfile items: \"BogusKey\", \"BogusPolicy\",
    \"InsecureKey\" and\n\t\t\"InsecurePolicy\".  Also add dkim_sig_getdnssec()\n\t\tand
    dkim_policy_getdnssec() to libdkim so callers can tell\n\t\twhat the DNSSEC evaluation
    result was for each query.\n\t\tBased on a patch from John Dickinson.\n\tAdd \"BaseDirectory\"
    configuration file option for specifying\n\t\tthe desired current directory of
    the process.\n\tMake use of the key and policy \"rs\" tag, if present, when doing\n\t\tSMTP
    rejections.\n\tUse MTA macro \"$j\" as the hostname in generated reports instead
    of\n\t\tthe output of gethostname() since on some systems the latter\n\t\tmay
    not be fully-qualified.\n\tRemove ANTICIPATE_SENDMAIL_MUNGE, replacing it with
    a runtime check\n\t\tfor the milter v2 feature which suppresses the addition of\n\t\tspaces
    in headers.\n\tAdd _FFR_COMMAIZE which attempts to predict the reformatting\n\t\tthe
    MTA will do to certain header fields to reduce verification\n\t\tfailures.\n\tAdd
    _FFR_DKIM_REPUTATION enabling a function used to query\n\t\tan open DKIM reputation
    service regarding the signing user\n\t\tand signing domain.  The service's URL
    is\n\t\thttp://www.dkim-reputation.org. (EXPERIMENTAL)\n\tFix preloading of configuration
    defaults.\n\tFix bug #SF2236040: Quote all of the POSIX regular expression special\n\t\tcharacters,
    not just some of them.  Reported by Mark Martinec.\n\tWhen possible, log the selector
    and domain of the signature evaluated\n\t\talong with any errors in the libcrypto
    stack.\n\tLIBDKIM: Add \"smtpbuf\", \"smtplen\" and \"interval\" parameters to\n\t\tdkim_sig_getreportinfo()
    and dkim_policy_getreportinfo().\n\t\tAlso, remove the assertion that \"addr\"
    be non-NULL.\n\tLIBDKIM: Add DKIM_LIBFLAGS_ACCEPTDK which enables compatibility\n\t\twith
    DomainKeys-formatted key records.\n\tLIBDKIM: Adjust signature formatting for
    legibility.\n\tLIBDKIM: Check return status from dkim_canon_getfinal() to avoid\n\t\tbad
    dereferences.  Problem noted by Chris Behrens of\n\t\tConcentric Network Corporation.\n\tLIBDKIM:
    Render the DKIM handle unusable in dkim_eoh_sign() if a\n\t\trequired header was
    absent.\n\tActivate _FFR_REQUIRED_HEADERS.\n\n2.7.2\t\t2008/09/02\n\tAvoid memory
    leaks and infinite loops when releasing thread-specific\n\t\tmemory.  Reported
    by Jeff Earickson.\n\n2.7.1\t\t2008/08/27\n\tSet up required callbacks for OpenSSL
    thread-safety.  Problem\n\t\tnoted by Zbigniew Szalbot.\n\tDisallow empty \"t=\"
    and \"x=\" tags.\n\tReturn DKIM_STAT_KEYFAIL for various DNS key retrieval failures\n\t\tinstead
    of DKIM_STAT_INTERNAL.\n\n2.7.0\t\t2008/07/23\n\tUpdate to draft-ietf-dkim-ssp-04.
    \ In doing so, rename \"ASPDiscard\"\n\t\tto \"ADSPDiscard\", \"ASPNoSuchDomain\"
    to \"ADSPNoSuchDomain\"\n\t\tand \"SendASPReports\" to \"SendADSPReports\" in
    the configuration\n\t\tfile.\n\tFeature request #29738: Add \"TrustSignaturesFrom\"
    configuration\n\t\tfile item allowing fine-grained control over third-party\n\t\tsignature
    handling.\n\tFeature request #SF2018848: Add \"LocalADSP\" feature allowing\n\t\tpolicy
    assertions from domains known to have specific policies\n\t\tbut which don't publish
    ADSP records.  Suggested by\n\t\tBruno Kraychete da Costa.\n\tLIBDKIM: Fix an
    off-by-one overrun check in key and policy record\n\t\tdecoding.  Problem noted
    by John Dickinson.\n\n2.6.0\t\t2008/06/11\n\tRemove \"signaturemissing\" as an
    old-style configuration action\n\t\tas it has been superseded by \"ASPDiscard\"
    and related\n\t\tfunctions.\n\tAdd \"SendASPReports\" configuration option which
    generates ASP failure\n\t\treports if requested by the sending domain.\n\tUpdate
    report generation for verification failures to use the\n\t\tnew Abuse Reporting
    Format (ARF) and DKIM Reporting\n\t\tdraft proposals.\n\tAdd \"MustBeSigned\"
    configuration option, requiring signatures to\n\t\tcover specific headers if present.\n\tRename
    \"UseASPDiscard\" to \"ASPDiscard\".\n\tAdd \"ASPNoSuchDomain\" configuration
    option which rejects mail that\n\t\tappears to come from nonexistent domains as
    reported by the\n\t\tAuthor Signing Practises check.\n\tAdd \"ReportAddress\"
    configuration option, used for defining the\n\t\tFrom: header of reports mailed
    out.\n\tYet another compatibility fix with respect to Sleepycat DB.\n\tFix processing
    of \"LogWhy\" configuration parameter.  Problem noted\n\t\tby Erik Lotspeich.\n\tAdd
    \"-n\" command line flag which parses the command line arguments\n\t\tand configuration
    file(s), then exits with an appropriate\n\t\tstatus code.\n\tReport DKIM and ASP
    results separately via the same\n\t\tAuthentication-Results header field.  Previous
    versions would\n\t\talter the DKIM result based on ASP.\n\tFix bug #SF1976931:
    Restore function of \"nosignature\" old-style\n\t\taction configuration, connected
    to \"AlwaysAddARHeader\".\n\t\tProblem noted by Lucas Brasilino.\n\tFeature request
    #SF1940233: Add \"DontSignMailTo\" configuration option,\n\t\tallowing a list
    of recipient patterns whose mail should not\n\t\tbe signed.  Requested by Don
    Hughes.\n\tLIBDKIM: Rename dkim_reportinfo() to dkim_sig_getreportinfo(),\n\t\tand
    add dkim_policy_getreportinfo().\n\tLIBDKIM: Add several more signature error
    codes covering various\n\t\tkey-related errors.\n\tLIBDKIM: Add dkim_sig_hdrsigned()
    utility, DKIM_OPTS_MUSTBESIGNED\n\t\toption, and DKIM_SIGERROR_MBSFAILED error
    code.\n\tLIBDKIM: Fix a bug in the computation of the result for\n\t\tdkim_canon_minbody().\n\tLIBDKIM:
    Report corrupted base64 chunks instead of quietly\n\t\ttolerating them.\n\tLIBDKIM:
    Tidy up the cleanup code in dkim-canon.c.\n\tLIBDKIM: Properly handle \"tag=\"
    at the end of a data set (i.e.\n\t\tthe tag exists and has an empty value).\n\tLIBDKIM:
    Use larger unsigned data types in dkim_sig_future() as\n\t\twas done elsewhere.\n\tLIBDKIM:
    Always populate a DKIM_SIGINFO with domain and selector\n\t\tbefore there's an
    opportunity for other parsing\n\t\tshort-circuits.\n\tLIBDKIM: Fix bug #SF1984685:
    Remove the \"margin\" parameter from\n\t\tdkim_getsighdr(); make it controlled
    by a new function,\n\t\tdkim_set_margin(), so that the signed copy and the\n\t\tuser-requested
    copy are identical.\n\tActivate _FFR_AUTHSERV_JOBID.\n\n2.5.5\t\t2008/04/25\n\tFix
    bug #SF1947301: Close up a logic problem in \"UseASPDiscard\"\n\t\thandling which
    could cause false rejections of mail from\n\t\tdomains advertising \"discardable\"
    policies.  Problem noted\n\t\tby Doug Kingston.\n\tLIBDKIM: Another compatibility
    fix with respect to Sleepycat DB.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/mail/dkim-milter'
  unixtime: '1232407468'
  user: adrianp