			DK-MILTER RELEASE NOTES
      $Id: RELEASE_NOTES,v 1.98 2005/04/28 22:23:50 msk Exp $


This listing shows the versions of the dk-milter package, the date of
release, and a summary of the changes in that release.

Bug and feature request (RFE) numbers that start with "SF" were logged
via Sourceforge (http://www.sourceforge.net) trackers.  Those not so labelled
were logged internally at Sendmail, Inc.


0.3.0		2005/04/28
	Properly terminate pointer arrays built from command line arguments.
		Problem noted by Dick St. Peters of NetHeaven.
	Adjust position of optional domain name comment on output from
		gentxt.csh.  Requested by Scott Grayban.  (RFE SF1051288)
	Pass mail that has no From: header or Sender: header.  Previously
		only the From: header was checked.
	Correctly report which header and value was used to do verification.
		Reported by S. Moonesamy of Eland Systems.  (Bug SF1181850)
	Support for Sleepycat DB version 4.  Based on a patch from
		Adrian D. Havill.
	Activate _FFR_AUTH_RESULTS, to match the new DomainKeys draft.
	Activate _FFR_POPAUTH; now you compile with POPAUTH, and make sure
		the build can find the appropriate includes and libraries.
		This also adds the "-U" command line option to specify the
		location of the POP-before-SMTP database.

0.2.7		2005/03/11
	Detect senders without domain names (e.g. "postmaster@") and reject
		them.
	LIBAR: Fix up some linked list shenanigans that could cause loops
		and other problems.

0.2.6		2005/02/11
	Ignore spaces in wrapped "h=" sections of signature headers.

0.2.5		2005/02/07
	Output long "h=" sections of signature headers in a more palatable
		way.  (RFE SF1086264)
	Add new "-b" command line switch for limiting the filter to sign
		or verify only operations.  (RFE SF1077832)

0.2.4		2004/12/08
	Add new "-T" command line switch for controlling DNS timeouts when
		using the asynchronous resolver package.
	Fix policy record parsing so that values aren't skipped when they
		end at a NULL rather than a semi-colon.
	Discard "unknown-msgid" logging or header values, since it's actually
		the absence of the job ID being logged.  (RFE SF1071960)
	Update the Authentication-Results: header content to match the current
		specification.  (_FFR_AUTH_RESULTS)
	LIBDK: Improved handling of syntax errors and NULL-terminated values
		in zone records, and some size and NULL checks.  Patch from
		shoon@dreamwiz.com.
	LIBDK: Only parse the first DomainKey-Signature: header found.  Patch
		from shoon@dreamwiz.com.
	LIBDK: Return a "can't verify" error from dk_eoh() if the signer's
		domain could not be determined from the headers.  Patch
		from shoon@dreamwiz.com.
	LIBDK: Add dk_options(), which is required to get _FFR_REPORTINFO
		working.
	LIBDK: Add dk_timeout() for new "-T" command line switch.
	Portability:
		Fixes for Solaris 10 (and earlier).  Machine access courtesy
			of J.D. Bronson of Aurora Health Care Information
			Services.  (Bug SF1068155)
	New FFR:
		REPORTINFO -- if a site policy contains a reporting address
		("r=" parameter), optionally send reports about verification
		failures to that address

0.2.3		2004/10/22
	Add optional command line argument to gentxt.csh to include a
		domain name comment on output.  Requested by Scott Grayban.
		(RFE SF1051288)
	More strict command line argument parsing.
	Fix a linked list problem that would cause the filter to spin on
		startup.  Reported by Scott Grayban.  (_FFR_MULTIPLE_KEYS)
	Fixes to subdomain signing from Thorvald Natvig.  (Patch SF1050425)
	LIBDK: Call res_init() in dk_init() if not using the asynchronous
		resolver.
	LIBDK: Don't include the CRLF separating the headers and the body
		unless the body contains at least one non-blank line.
	LIBDK: Add dk_reportinfo().
	LIBAR: Add ar_setretry() and ar_setmaxretry(), and fail over to other
		available nameservers if that interval passes without an
		answer.  (Bug SF1027541)
	New FFR:
		EXTERNAL_IGNORE_LIST -- optional list of hosts/networks
		which may send mail as one of our signing domains, but we know
		about it so don't log it  (RFE SF1027562)

0.2.2		2004/09/11
	Don't segfault when "-i" refers to an empty list.
	Don't run off the end of the macro list when creating/scanning
		it (_FFR_MACRO_LIST).
	Improve handling when res_query() returns -1 by checking h_errno.
		(Bug SF1026225)
	Automatically include braces around macro queries to make life
		easier when specifying macro lists (_FFR_MACRO_LIST).
	Minor build and documentation fixes.  (Bugs SF1021948, SF1020931)
	LIBDK: Fix processing of unsigned messages, which were incorrectly
		logging syntax errors.
	LIBDK: Skip the body processing and hashing on unsigned messages.
	LIBDK: Cache the From:/Sender: even if unprotected so that unsigned
		messages can have their sender policies checked in dk_eoh().

0.2.1		2004/09/01
	Fix a cut-and-paste error that broke the build when REQUIRE_HEADERS
		is enabled.  Reported by S. Moonesamy of Eland Systems.
		(Bug SF1016105)
	LIBDK: Report bad format when the selector or domain in a signature
		header is empty.
	Portability:
		Fixes for Solaris builds from Al Smith of aeschi.ch.eu.org.
	New FFRs:
		AUTH_RESULTS -- use the proposed Auth-Results: header instead
		of the original DomainKey-Status: header
		MACRO_LIST -- optional list of macros and values to be checked
		when making the sign vs. verify decision  (RFE SF1015642)
	
0.2.0		2004/08/23
	Support granularity, "nofws" canonicalization, revoked keys, and
		other changes as per the updated ("base-01") DomainKeys draft.
	Remove "blake", "sendmail" and "headerlist" canonicalizations.
	Fix a compile time bug in the inet6 code.  From Graham Murray
		of Webywayone.
	When in autorestart mode, write the process ID of the parent, not
		the child, to the pid file.
	Don't segfault when sendmail is invoked with "-bs" mode, which
		causes mlfi_connect() to get a NULL "ip" parameter.
	Propagate termination signal to the child when in autorestart mode.
	Route the standard descriptors to /dev/null and call setsid() after
		the initial fork() in any mode.
	Zero out and deallocate the private key(s) before shutdown.
	Don't create temporary files any more, unless requested to do so
		for debugging.
	Add "-D" command line option to sign subdomains.
	New FFRs:
		FLUSH_HEADERS -- optionally delete existing DomainKey headers
	Activated FFRs:
		SIGN_SUBDOMAINS
		TEMP_FILES_OPTIONAL

0.1.17		2004/08/08
	Allow IPv6 addresses for the "-i" option.  Requested by Graham
		Murray of Webywayone.  (RFE SF999896)
	New FFRs:
		REQUIRE_HEADERS -- require mandatory RFC2822 headers to
		sign or verify.  Suggested by Jose Marcio Martins da Cruz
		of Ecole des Mines de Paris.  (RFE SF999291)
		TEMP_FILES_OPTIONAL -- don't create temporary files unless
		requested by debugging options; instead, hand them directly
		to the hashing algorithm.  (RFE SF991203)

0.1.16		2004/07/30
	Skip body and EOM processing if at EOH we know for sure there will be
		no signing or verifying going on.  (RFE SF991210)
	Print out active FFRs as part of -V output.
	Under "headerlist" canonicalization, if no header list was provided,
		assume all headers were included in the signature.
	Replace calls to inet_ntoa() with calls to a thread-safe version
		of that function.
	Since there is actually no default for the "q=" part of the signature
		header, always put a string there.
	New FFRs:
		POPAUTH -- authorize clients for signing based on a
		"popb4smtp" database.  Patch provided by S. Moonesamy of
		Eland Systems.
		SELECT_CANONICALIZATION - select canonicalization via a
		special header.  Proposed by Jim Fenton.  (RFE SF996949)
	Portability:
		Fixes for Solaris 2.7.

0.1.15		2004/07/22
	Copy the value of "-d" before parsing it, so that all of the
		domains being signed get logged, not just the first one.
		(Bug SF989735)
	Make the usage message more explicit about the fact that the
		values of "-a" and "-i" are files, not addresses.
		(Bug SF989737)
	Use {auth_type} instead of {auth_author} to determine whether or
		not a client authenticated.  (Bug SF995333)
	Avoid a segmentation fault when "-s" is not specified.
	Consult the DK_TMPDIR environment variable for a preferred location
		for temporary files.  (RFE SF991145)
	Signature header aesthetics.  Suggested by Al Smith of
		aeschi.ch.eu.org.  (RFE SF989240)
	Add "headerlist" canonicalization.
	LIBDK: It was possible for a BIO handle to be allocated and never
		freed through some code paths in dk_eom() and dk_getsig().
		Problem noted by Kai Zhu.  (Bug SF995376)

0.1.14		2004/07/07
	Log command line arguments at startup.
	Fixes to debug mode.
	New FFRs:
		MULTIPLE_KEYS - supply multiple keys for signing (RFE SF974374)
		SIGN_SUBDOMAINS - sign subdomains as well as listed domains
		(RFE SF965524)

0.1.13		2004/06/19
	When unable to determine the sender's domain, report "bad format"
		in the DomainKey-Status: header rather than temp-failing
		the message.  (Bug SF975599)
	Portability:
		Fixes for Solaris 2.6 build from Al Smith of aeschi.ch.eu.org.

0.1.12		2004/06/16
	Support for CNAME recursion.  This required a change to the
		parameter list for ar_addquery().  (Bug SF972813)
	Set the DNS query timeout on calls to ar_addquery(), not on calls
		to ar_waitreply().
	Take two -- Don't log "external host attempted to send as" for
		other than our signing domains.
	LIBAR: When reacting to timeouts in ar_waitreply(), be more correct
		about whether returning AR_STAT_NOREPLY or AR_STAT_EXPIRED.

0.1.11		2004/06/11
	The package no longer needs to be unpacked in the middle of
		the sendmail Open Source distribution in order to be
		built.  However, OpenSSL and libmilter are required
		and must be available.
	Don't log "external host attempted to send as" for other than
		our signing domains.
	Add "blake" canonicalization.
	LIBAR: Avoid memory allocation loops when res_mkquery() returns
		-1 for reasons other than the buffer being too small.
		Instead, if a 32K buffer isn't big enough, give up.

0.1.10		2004/06/04
	Require a domain name match even if the message arrived on an
		approved submission port.  Reported by S. Moonesamy of Eland
		Systems.  (Bug SF966671)

0.1.9		2004/06/03
	Add "-m" option to specify daemon submission ports whose mail should
		always be signed.  Suggested by S. Moonesamy of Eland
		Systems.  (RFE SF965525)
	LIBDK: Add a much better public RFC2822 header parsing function.
		(Bug SF965122)

0.1.8		2004/06/02
	Rename "-c" (configure) option to "-C".
	Add new "-c" option to select the canonicalization method to use
		when signing messages.  The DomainKeys-Signature: header
		selects the method to use when verifying.
	LIBDK: Return DK_STAT_INTERNAL if API functions are used out-of-order
		in the calling application.
	LIBDK: Detail added to documentation of DK_STAT.
	LIBDK: Tweaks to "sendmail" canonicalization.

0.1.7		2004/06/01
	Only sign mail from "internal" hosts, i.e. the loopback address or
		any connection that authenticated; also add "-i" command
		line option, allowing definition of additional hosts or
		netblocks as "internal".  Reported by S. Moonesamy of Eland
		Systems.

0.1.6		2004/05/31
	Add "gentxt.csh" to automate generation of keys and DNS records.
	Portability:
		Fixes for Solaris and HP/UX.

0.1.5		2004/05/29
	LIBAR: TCP mode error handling fixes.
	LIBDK: Handle error returns from ar_addquery().

0.1.4		2004/05/28
	Initial public open source release.
