The OpenDKIM project announces availability of OpenDKIM v2.0.0 (code named
"Eve"), now available for download from SourceForge.
This is a major new feature release. The main new features include:
o Support for OpenLDAP for storing keys and signing configuration.
This should enhance scalability for sites with lots of separate
domains and keys to manage.
o Support for fine-grained policy control via three Lua script
hooks. See the opendkim-lua(3) and opendkim.conf(5) man pages
for details. It should be possible to perform any configurable
policy-related function already available via these scripts,
except with far more control. Example scripts are included.
o Separation of signing policy and key management into two different
new configuration items, "KeyTable" and "SigningTable". The
previous way, using KeyList (or "-K" from the command line), has
been removed.
o A tool to generate a public key zone file based on the contents
of the KeyTable.
o Build configuration features for generating code coverage and
profiling data.
o A new milter protocol simulation tool for conducting unit tests
on this filter (or any milter-aware filter). It also uses
Lua as a scripting engine.
There are as usual several bug fixes as well as some build system and
compile-time cleanliness improvements.
There were some minor changes to the library. If you are using the library
now and are not having trouble with it, no upgrade is required. However,
the new library has a few noteworthy changes:
o Prior to v2.0.0, dkim_eom() when verifying would only run
signatures until the first good one was encountered. Now,
by default, all of them will be run. This is required to
provide correct support for ADSP in the filter. There is a new
library flag that can be used to request the previous behaviour.
o Prior to v2.0.0, dkim_sign() would only accept keys in PEM
format. Now, base64-encoded DER format is also accepted. This
was added to support key management via LDAP or SQL.
o There is new function applications can use at runtime to determine
what version of libopendkim has been linked.
The code coverage and profiling data mentioned above yielded several
optimizations for the library that also appear in this release.
The full RELEASE_NOTES for this version:
2.0.0 (Eve) 2010/03/05
Feature request #SF2917224: Add optional OpenLDAP support.
Feature request #SF2920389: Add CIDR support for IPv6 addresses.
Feature request #SF2937428: Add "ExemptDomains" configuration item.
Add optional Lua support, which enables a few script hooks for
fine-grained policy controls when signing and verifying,
and "miltertest", a new Lua-based scripting tool for
exercising milter applications.
Add "-Q" command line switch, putting the filter in query test mode
to exercise the database code.
Don't overwrite the signature verification status with that of the
policy query status, leading to spurious "bad signature data"
entries in the log. Problem noted by Roman Gelfand.
Fix database query order for PeerList, InternalHosts, etc. so that
negation works properly again.
Fix crash-on-shutdown bug related to the crypto utilities functions.
Drop "KeyList" in favour of "KeyTable" and "SigningTable" in the
configuration file. See the opendkim.conf(5) man page
for details. Also, "-K" has been dropped from the command
line, meaning multiple key support now requires use of the
configuration file.
Fixes in DB walk code for DB 1.85.
Fix bug #SF2936499: Clean up numerous compiler warnings.
Fix bug #SF2951494: Improve logic for doing ADSP queries and reporting
their results.
Fix bug #SF2961161: dkim_sig_getidentity() could return successfully
even if the provided buffer was too small to accept the
decoded value. Reported by Ale Vesely.
LIBOPENDKIM: Adjust dkim_sign() to accept base64-encoded DER private
keys as well as PEM-formatted keys.
LIBOPENDKIM: Several performance optimizations yielded from
gprof data.
LIBOPENDKIM: Fix a length computation that caused an invalid
snprintf() call. From a Gentoo bug reported by Tilman Giese.
LIBOPENDKIM: Fix compiler complaint about multiple definitions
of global variables. Reported by Maarten Oelering.
LIBOPENDKIM: Have dkim_eom() process all signatures instead of
stopping after finding one good one. Also add library flag
DKIM_LIBFLAGS_VERIFYONE, causing dkim_eom() to short-circuit
after finding one good signature while verifying (i.e.
reproducing the pre-2.0.0 behaviour).
LIBOPENDKIM: Feature request #SF2961427: Add dkim_libversion().
Requested by Ale Vesely.
TOOLS: Add "opendkim-genzone" which generates a BIND zone file
fragment based on a KeyTable that contains all of the
public keys required to match the configured private keys.
BUILD: Add "--enable-codecoverage" to add build steps that generate
profiling or code coverage reports when running unit tests.
BUILD: Compile opendkim-testadsp with pthread libraries in case
"--enable-arlib" was specified.
BUILD: Fix an m4 quoting error that had rendered "--enable-debug"
useless.
BUILD: Check for functions upon which libmilter depends. Reported
by Cyro Lord.
PORTABILITY: Support for OS X from Bob Halley.
Please use the mailing lists at
http://lists.opendkim.org/ to report problems.
Bug reports and feature requests can be made through the project trackers,
which can be found via
http://www.opendkim.org.
Thanks go out to the members of the OpenDKIM team and to all of those who
contributed code, testing effort or other support to this release.
Finally, a very special acknowledgement goes out to Eve, to whom this release
is dedicated.
The OpenDKIM Project
Received on Fri Mar 05 2010 - 17:35:40 PST