OpenDKIM 2.7.0 Beta period beginning
OpenDKIM 2.7.0-Beta0 is now available for download from SourceForge in the
"Pre-Releases" directory.
This Beta period will last for about a month. As usual, the
trackers on SourceForge and the opendkim-users list should not be used for
reporting bugs, comments, requests, etc., that are specific to the Beta
releases. Please use the opendkim-dev list for that. Announcements of
new Beta releases will also only be made on that list.
Beta releases will be made as needed, and not according to a fixed or
regular schedule. If you want to be notified of new ones, please
subscribe to opendkim-dev.
There is continuing research work into improving the domain reputation
algorithms. Any new developments that appear stable will work their way
into the Beta releases so that they can be exercised.
One important announcement: The OpenDKIM Project is now formally an
initiative of The Trusted Domain Project, a California non-profit. All
copyrights have been amended to reflect this.
Major changes in this upcoming version:
o There is now an enforced (but configurable) minimum key size, as keys
smaller than those recommended by RFC6376 can be compromised with
readily avaliable compute resources. The default is 1024.
o Support for "libar" has been discontinued. For asynchronous resolver
capabilities, use recent versions of bind or unbound, both of which are
still supported.
o Signatures whose keys have the testing flag ("t=y") set no longer
receive any benefit from the reputations those domains may earn.
o Numerous minor bug fixes and improvements, and a great deal of build
cleanup.
o Support for live DNS updates was added to some of the tools.
o Support for experimental key query methods has been added.
The full RELEASE_NOTES for 2.7.0 is appended below.
We would like to thank NLnet, who have provided a grant to fund part of
the devleopment and maintenance of this release.
And a big thank-you to the community, and especially to those of you who
are helping us test this version, for your ongoing support!
The Trusted Domain Project
RELEASE NOTES:
2.7.0 2012/10/21
Feature request #SF2964375: Reject configuration files that have
a SigningTable referencing a missing or malformed KeyTable
entry.
Feature request #SF3544764: Support for libar has been discontinued.
For asynchronous and/or thread-safe resolver service,
use libunbound or a suitable version of BIND.
Feature request #SF3545658: Replace "ResolvConf" with "Nameservers"
and add support for NS list overrides for versions of bind
that have res_setservers(). Also rename "UnboundConfigFile"
to "ResolverConfiguration", and make "TrustAnchorFile"
generally available.
Feature request #SF3547124: Skip reputation checks on passing
signatures whose keys had a "t=y" value.
Feature request #SF3555842: Add "ReputationTest" setting. Requested
by Andreas Schulze.
Feature request #SF3556439: Update opendkim-atpszone per RFC6541.
Feature request #SF3559744: Add library option DKIM_OPTS_MINKEYBITS
allowing one to specify a minimum number of key bits for
acceptable keys and signatures. This is exposed through new
configuration file option "MinimumKeyBits". The default
is 1024.
Fix bug #SF3536414: Activate _FFR_OVERSIGN, and remove
DKIM_OPTS_ALWAYSHDRS.
Fix bug #SF3536655: Rename "X-Header" to "SoftwareHeader", and rename
all header fields added that start "X-" to remove that prefix,
per RFC6648. The old name will be accepted through the end
of the 2.7.x line.
Fix bug #SF3538896: Remove antiquated CVS Id: tags, which cleans up
some (harmless) build warnings. Suggested by Andreas Schulze.
Fix bug #SF3548741: Add "ReputationTimeout" for use inside
_FFR_REPUTATION, rather than using the built-in default
or a hard-coded one.
Fix bug #SF3549307: Remove _FFR_REPUTATION_CACHE, as it is redundant
to caching code that's part of _FFR_REPUTATION already.
Fix bug #SF3555844: Get repute client code in sync with repute.php
(and the current REPUTE WG drafts). Problem noted by
Andreas Schulze.
Fix bounds checking in the dstring printf functions.
Change all temporary directory defaults from /var/tmp to /tmp.
Patch #SF3555843: With sufficient verbosity, report the default
configuration file path. Patch from Andreas Schulze.
BUILD: Fix bug #SF3531658: Move the strlcat() and strlcpy()
implementations to their own library so that programs don't
drag in crypto and other dependencies they don't need.
Also clean up several other unnecessary dependencies imposed
by imprecise use of autoconf. Problem noted by Andreas
Schulze.
BUILD: Patch #SF3555845: Add support for older versions of libcurl.
Based on a patch by Andreas Schulze.
BUILD: Install non-user things in sbin instead of bin. Suggested
by Andreas Schulze.
LIBOPENDKIM: Feature request #SF3565006: Add dkim_add_querymethod()
and dkim_sig_seterror(), define DKIM_CBSTAT_DEFAULT, and
remove an assertion in dkim_get_key_dns(), which together
allow for applications to develop non-standard key retrieval
mechanisms. Suggestion and patches from Ken Murchison.
LIBOPENDKIM: Fix bug #SF3559080: Log correct domains and selectors
with SSL errors.
LIBOPENDKIM: Add DNS functions dkim_dns_config(), dkim_dns_init(),
dkim_dns_nslist(), dkim_dns_set_init(), dkim_dns_set_close(),
dkim_dns_set_nslist(), dkim_dns_set_config(),
dkim_dns_set_trustanchor(), dkim_dns_trustanchor().
LIBOPENDKIM: Patch #SF3562496: Add DKIM_OPTS_REQUIREDHDRS to allow
alteration of the mandatory header field set. Patch from
Ken Murchison.
LIBOPENDKIM: If "q=" is present and method "dns" is specified, it
must be followed by "/txt", per RFC6376.
LIBOPENDKIM: For dkim_add_xtag(), copy the provided values so the
caller doesn't have to keep them around.
STATS: Fix bug #SF3555847: Add "--nocircles" to opendkim-gengraphs
to allow operation with versions of gnuplot that don't know
what "with circles" means. Problem noted by Andreas
Schulze.
STATS: Patch #SF3555841: Temporary table SQL correction. Patch from
Andreas Schulze.
TOOLS: Feature request #SF3553918: Add "-u" flag to opendkim-atpszone
and opendkim-genzone enabling them to produce output suitable
for use as input to nsupdate(8). Based on a suggestion by
Dave Crocker.
TOOLS: Feature request #SF3558818: Teach opendkim-testkey about the new
"ResolverConfiguration" setting. Based on a problem report
from Patrick Ben Koetter.
TOOLS: Fix bug #SF3565013: Replace opendkim-genkey with a perl script
that knows how to do splitting of character-strings in DNS
TXT records. Problem reported by Todd Lyons.
TOOLS: Fix bug #SF3568846: Add "-t" to opendkim-testmsg to allow
override of the directory where temporary files go. Also,
clean up temporary files after creating them.
TOOLS: Add opendkim-rephistory.
Received on Tue Sep 25 2012 - 23:06:27 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:43 PST