The Trusted Domain Project announces availability of OpenDKIM v2.8.0, now
available for download from SourceForge.
This release includes several bug fixes and some new features. Most notable
among these are:
(1) a fix to canonicalization that could invalidate certain uncommon but
valid signatures when the library is used in certain modes
(2) further development of the RRD reputation module
(3) few extensions that allow experimental use of the library in non-email
contexts
(4) support for sending reports via SMTP
(5) more seamless integration with postfix configuration files
Because of the library fixes, upgrading is recommended.
The full RELEASE_NOTES for this version:
2.8.0 2013/02/25
Feature request #SF2964383: Add DKIM_LIBFLAGS_STRICTRESIGN, which
inhibits signing of a handle tagged for resigning when the
attached verifying handle had no valid signatures in it.
Feature request #SF3155117: Do a more thorough check for writeable
key files, checking more of the filesystem permission tree.
Feature request #SF3530734: Add "LDAPDisableCache", which suppresses
the creation of a local cache in front of LDAP queries.
Requested by Quanah Gibson-Mount.
Feature request #SF3547359: If compiled with libcurl, add "SMTPURI"
configuration option that allows direct SMTP transmission
failure reports. Requested by Andreas Schulze.
Feature request #SF3578197: Allow per-message override of the list of
header fields to be signed. Requested by Alec Peterson.
Feature request #SF3590860: Combine collected reputation values into
an overall allowed rate under _FFR_REPRRD, as is done for the
other reputation code.
Feature request #SF3598991: Add odkim.signfor() function to the Lua
setup script. Requested by Marcin Owsiany.
Feature request #SF3599409: Modify dkimf_checkip() to try surrounding
the IP address part of every query with square brackets, which
is a common way to do IP address literals in email contexts.
Requested by Quanah Gibson-Mount.
Fix bug #SF3531477: Add (hopefully temporary) configuration option
"DisableCryptoInit" so that opendkim's initialization of the
crypto library doesn't conflict with the same work done by
other libraries. Reported by Quanah Gibson-Mount.
Fix bug #SF3599901: Rename "InsecureKey" to "UnprotectedKey" and
"InsecurePolicy" to "UnprotectedPolicy", as the term "insecure"
in reference to a key is sometimes interpreted to mean "not
enough random bits" rather than as a keyword describing the
presence or absence of DNSSEC protection. What's logged in
Authentication-Results header fields has been similarly
modified. Suggested by Scott Kitterman.
Fix bug #SF3604525: Don't divide by zero when the query cache hasn't
been used. Reported by Denis Klimov.
Protect against handling of signatures with empty domains, which could
cause a NULL dereference and a crash. Problem noted by
Motohiro Ishiyama and John Wood.
Do ATPS checks when enabled even if ADSP is disabled.
Don't fail to start on empty or null configuration files. Problem
noted by Steve Jenkins.
Patch #SF3593422: Update for MDB 0.9.5 support. Patch from
Quanah Gibson-Mount.
LIBOPENDKIM: Fix header canonicalization when DKIM_LIBFLAG_FIXCRLF is
used in combination with dkim_chunk(). Problem noted by
Dave Kelly and Heather Lord.
LIBOPENDKIM: Enable dkim_getcachestats() and the underlying function
to extract the current number of keys in the cache, and also
provide a counter reset mechanism.
BUILD: Feature request #SF3547151: Check for Lua package name variants
in use on Debian. Requested by Scott Kitterman.
BUILD: Feature request #SF3599902: Change OpenSSL existence test
to help with Debian packaging. Requested by Scott Kitterman.
BUILD: Add "--with-test-socket" to force all of the filter unit tests
to use a specific socket. Based on a bug report from
Scott Kitterman.
BUILD: Add checks for strlcat()/strlcpy() in libbsd. Patch from
Scott Kitterman.
CONTRIB: Fix bug #SF3575666: Pass pid file path to killproc.
Suggested by Christophe Wolfhugel.
CONTRIB: Add systemd directory. Contributed by Steve Jenkins.
CONTRIB: Split out initial key generation function from
contrib/init/redhat/opendkim. Contributed by Steve Jenkins.
MILTERTEST: Don't crash in mt_connect() if the socketspec doesn't
contain a colon.
MILTERTEST: When connect() fails for an AF_INET socket, it apparently
leaves the socket unusable. Discard the socket when that
happens and get a new one.
MILTERTEST: Add a way to extend the mt.connect() retry interval via
environment variables so a large test suite can be easily
extended on slow systems. Problem noted by Scott Kitterman.
TOOLS: Register DNS functions before calling dkim_dns_init() in
opendkim-testkey. Problem noted by Jeff Anton.
TOOLS: Add "-K" (keep temporary files) flag for opendkim-testmsg.
Please use the mailing lists at
http://lists.opendkim.org/ to report problems.
Bug reports and feature requests can be made through the project trackers,
which can be found via
http://www.opendkim.org.
The Trusted Domain Project
Received on Mon Feb 25 2013 - 21:16:52 PST