This file summarizes what's changed between releases of Mail-DKIM.
1.20230212 2023-02-12 UTC
+ Fix typo in ARC signer example code.
Thanks to @dev-aaront-org
1.20220520 2022-05-20 UTC
+ Change default algorithm in dkimsign.pl to sha-256
+ Use Getopt::Long::Descriptive in scripts for better command help
1.20220408 2022-04-08 UTC
+ Add support for signatures with an Expiration value
1.20200907 2020-09-07 UTC
* ARC::Signer: Preserve leading fold from AR (if any) when copying to AAR.
Thanks to @dev-aaront-org
1.20200824 2020-08-24 UTC
* ARC::Signer: Set cv=none if message contains no ARC headers and no ARC result
Thanks to @dev-aaront-org
1.20200724 2020-07-24 UTC
* Fix test for change in live dns response
1.20200708 2020-07-08 UTC
* Safer internal use of eval
1.20200513.1 2020-05-13 UTC
* ARC: When sealing, don't die on an unparsable Authentication-Results header.
0.58
2019-11-13: Marc Bradshaw <marc@marcbradshaw.net>
Thanks to Martin Sluka <fany@cpan.org>
* Prevent outer $SIG{__DIE__} handlers from being called
Thanks to Todd Richmond
* Lowercase q tag before use
* Lowercase domain check
* Strip quotes from PublicKey.pm in addition to other whitespace chars
* Fix regex performance issue
0.57
2019-10-08: Marc Bradshaw <marc@marcbradshaw.net>
* Correct the $self->{result_reason} variable name for $self->{details} that is
used by the parent class in Mail::DKIM::ARC::Signer
0.56
2019-08-21: Marc Bradshaw <marc@marcbradshaw.net>
* Properly verify the domain, not the instance, of an ARC signature.
This allows ARC signatures by keys marked as no subdomains to
validate correctly.
0.55
2019-04-12: Marc Bradshaw <marc@marcbradshaw.net>
* The authserv-id of an Authentication-Results header can contain
CFWS, Use Mail::AuthenticationResults to parse the authserv-id
from this field.
* Improve parsing of authserv-id in ARC signer
0.54
2018-10-12: Marc Bradshaw <marc@marcbradshaw.net>
* The T tag on arcseal is not required
0.53
2018-05-27: Marc Bradshaw <marc@marcbradshaw.net>
* Make tests less dependent on local resolver setup
* Add thanks to Valimail
0.52
2018-01-12: Marc Bradshaw <marc@marcbradshaw.net>
* Internet connection tests were declared in the wrong order
0.51
2018-01-12: Marc Bradshaw <marc@marcbradshaw.net>
* Fix for older versions of perl
* Tests no longer fail with no internet connection
0.50
2017-12-16: Marc Bradshaw <marc@marcbradshaw.net>
* Added Strict mode to DKIM verifier
* Code formatting fixes
2017-12-14: John Levine <john.levine@standcore.com>
* Make ARC code work a lot better
* Add new arcsign.pl and arcverify.pl scripts
* ARC code passing all tests and production ready.
* Added strict mode to DKIM to reject sha1 and
key sizes smaller than 1024 bit.
0.44
2017-10-19: Marc Bradshaw <marc@marcbradshaw.net>
* Added experimental support for ARC
0.43
2017-09-20: Marc Bradshaw <marc@marcbradshaw.net>
* Update tests for new DNS setup
0.42
2017-07-29: Marc Bradshaw <marc@marcbradshaw.net>
* Fix tests failing due to dns changes elsewhere
* Moved sample_mime_lite.pl to scripts directory
0.41
2017-04-14: Marc Bradshaw <marc@marcbradshaw.net>
* commit aac893fdbaa7f8ccd5d37fa7f20d1785406cda51
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:53:53 2017 +1100
Avoid use of $_ in read loop
RT 106485: Mail::DKIM::PrivateKey->load tampering $_ and <FILE>
* commit 06934f259e392b2a3cf94560e6051d9e522d0bf3
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Mar 17 14:44:44 2017 +1100
Ensure PrivateKey file is closed properly.
Store PrivateKey file handle in lexical variable and close it
once we are done.
RT 120638: Mail::DKIM::PrivateKey does not close FILE
* commit 9e7c1c4cb78a6cb1cf396ece4379c7ed2c44c974
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Feb 27 12:08:11 2015 +1100
Allow greater control over signed headers
* commit 8291c034dc7db4394e9df80e70b8cbe8428a38c2
Author: Marc Bradshaw <marc@marcbradshaw.net>
Date: Fri Jan 23 09:54:02 2015 +1100
Allow greater control over which headers are signed by Signer
2013-02-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (add_signature): call fetch_public_key() iff
the signature passes a validity check;
(finish_header): set result to 'invalid' if signature does not have a
result
* lib/Mail/DKIM/Signature.pm (check_protocol): now returns a list of
supported protocols, or an empty list if no supported protocols found.
2013-02-06: Jason Long <jlong@messiah.edu>
* t/corpus/good_83176.txt: add new email to test suite; this email contains
a signature with a LIST of query methods, one of which is good, but the
rest should be quietly ignored. This test currently fails.
* lib/Mail/DKIM/Signature.pm (check_protocol): support multiple methods being
specified in signatures q= tag. We look for dns/txt to occur anywhere in
the field; all other values are ignored.
* Fix to better comply with DKIM specification:
* DKIM signatures with multiple methods specified in q= tag are now
accepted. Such signatures are not known to appear in real life.
(rt.cpan.org issue #83176)
* Allow greater control over which headers are signed by Signer
* Added the extended_headers() method to allow headers
to be oversigned, or skipped.
* bugfixes:
* PrivateKey file is now closed correctly after being read.
* Use lexical rather than named file handle
0.40
2013-02-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: revert change that enabled EDNS0 by default;
provide enable_EDNS0() subroutine for enabling EDNS0
* scripts/dkimverify.pl: sample verification script updated to enable
EDNS0 before performing the verification
2013-02-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: set udppacketsize to 1240, which is small enough
that packet fragmentation will not normally occur; use DNS txtdata()
method on versions of Net::DNS that support it. (This patch contributed
by Mark Martinec.)
2013-02-04: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: set default udppacketsize to 2048, which seems
to be the suggested value to use in the Net::DNS documentation.
2013-02-04: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: avoid an 'uninitialized value' warning when
signature being verified is missing a d= tag; accept a selector name
of '0' rather than treating it as if the s= tag was missing
* lib/Mail/DKIM/PublicKey.pm: sanity check selector/domain before
attempting a DNS query (this fixes another 'uninitialized value' warning)
* lib/Mail/DKIM/Signature.pm: avoid an 'uninitialized value' warning when
calling identity() and d= tag is missing
2013-02-04: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: construct a default RESOLVER that sets
udppacketsize to 1280. This enables EDNS0 (extension mechanism for DNS),
allowing Mail::DKIM to handle larger keys.
2012-11-28: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: replace use of query() with send(), since it
is never appropriate to append the default domain, and using send()
paves the way to using bgsend() in the future for async dns.
Contributed by Mark Martinec.
* lib/Mail/DKIM/DNS.pm: add global variable $RESOLVER which the
user can override if they want to specify options to Net::DNS.
2012-11-28: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/MessageParser.pm: rewrite of line parsing logic to
avoid unnecessary copying of the internal buffer. This replaces use
of $self->{buf} with ${ $self->{buf_ref} } in many places. Patch
contributed by Mark Martinec.
2012-11-28: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: throw proper error message if an invalid
algorithm is requested
* lib/Mail/DKIM/PublicKey.pm: further refinement to fix Perl warning
about use of uninitialized value
2011-04-21: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: fix a Perl warning about use of an
uninitialized value (reported by hsk@fli-leibniz.de)
released 2013-02-07
* New/changed functionality:
* a single DNS resolver is created for the lifetime of the program,
rather than reinitializing the resolver for each new query.
* bugfixes:
* fix the error message given when an invalid algorithm is
specified in the construction of Mail::DKIM::Signer.
* avoid Perl warning about use of an undefined value in several
places (rt.cpan.org issue #82913).
* speed- improved performance of parsing the message into lines
(rt.cpan.org issue #77902). Patch by Mark Martinec.
* fix DNS queries to use the correct method (txtdata) of Net::DNS
(rt.cpan.org issue #83170). Patch by Mark Martinec.
* API changes:
* global subroutines resolver() or enable_EDNS0() in module
Mail::DKIM::DNS can be called to specify non-default options
to Net::DNS::Resolver (see also rt.cpan.org issue #80425).
0.39
2010-11-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: fix an unusual error message given when
no Key argument has been specified and it is time to load the
key
2010-06-11: Jason Long <jlong@messiah.edu>
* t/signer_dk.t: create regression tests for DomainKeys signature
generation
2010-06-11: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, Signer.pm, Algorithm/Base.pm
(finish_header): provide reference to entire list of headers at
completion of header, so that canonicalizers do not need to store
their own copy of the header
* lib/Mail/DKIM/Canonicalization/DkimCommon.pm: do not store header as
parsed, rather only canonicalize header within finish_header()
* lib/Mail/DKIM/Canonicalization/DkCommon.pm: do not store header as
parsed, rather only canonicalize header within finish_header()
* lib/Mail/DKIM/Canonicalization/Base.pm (finish_header): change API
* t/simple_canonicalization.t: update for the API change of
Canonicalization/Base.pm
2010-06-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: prevent abuse- if a message has more than
50 signatures headers, we start ignoring them (it's unreasonable for
a message to have more than a very few signature headers).
2010-04-08: Jason Long <jlong@messiah.edu>
* t/verifier.t: wrote some tests for DomainKey signatures with empty,
missing, or invalid q= tag values
* lib/Mail/DKIM/Verifier.pm: move use of check_signature_identity() out
of finish_header() and into check_and_verify_signature(); this fixes
an issue with getting wrong error codes when q= tag is broken.
released 2010-11-14
* bugfixes:
* fix issue with getting wrong error codes when q= tag is empty
(issue #3011005)
* anti-abuse- prevent a message with thousands of signatures from
thrashing the whole computer (issue #3010997)
* memory usage- significantly reduced memory footprint for
processing a message with a large header and many signatures
* fix error message given when no KeyFile has been specified
(issue #1889690)
* API changes:
* the Canonicalization::finish_header() method now expects a
argument to be passed to it. In the unusual case that you are
using this method from your own code, please update your code.
0.38
2010-03-31: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkSignature.pm, Signature.pm: avoid calling lc() on
an undefined value (this generates warnings in Perl 5.12.x).
Patch contributed by Mark Martinec.
2010-03-01: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PrivateKey.pm (load): fix bug where a private key file
named '0' could not be loaded
2010-03-01: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkSignature.pm (new): accept Key parameter when
constructing a DomainKey signature object
2010-02-27: Jason Long <jlong@messiah.edu>
* t/external_signer.t: test use of an alternate object for Key
during a "sign" operation
2010-02-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: document use of an alternate object for
PrivateKey objects
2010-02-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: import PrivateKey.pm in this module,
rather than in the Algorithm modules
2010-02-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PrivateKey.pm: document the sign_digest() method
* lib/Mail/DKIM/Algorithm/*: use sign_digest() rather than
sign_sha1_digest()
2010-01-23: Jason Long <jlong@messiah.edu>
* t/public_key.t: test that DNS failure reason is given, when
DNS returns no results
* lib/Mail/DKIM/DNS.pm: bugfix (introduced by async_dns branch):
preserve $@ in case of no error
2010-01-23: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/{DNS,Signature,PublicKey,Policy}.pm: merged my
"async dns" branch
--BEGIN "ASYNC DNS" branch
2009-07-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm: new fetch_async method, seems to work
2009-07-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: new fetch_public_key method,
which starts an asynchronous query for the public key
referenced by this signature; redesign get_public_key to
know how to complete the query
2009-07-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: new fetch_async method: starts a
query and returns a subref that when called will complete the
query
2009-07-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: new query_async method: starts a query and
returns a subref that when called will complete the query
--END "ASYNC DNS" branch
2009-12-14: Jason Long <jlong@messiah.edu>
* MANIFEST: include sample_mime_lite.pl script in tarball
2009-09-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: restart timer after a DNS lookup; based on a
patch contributed by Mark Martinec
released 2010-03-31
* New/changed functionality:
* DNS lookups can now be started asynchronously; the queries are
created as the header is parsed; the results are not actually
needed until the entire message has been read. (The Mail::DKIM
module does not yet do the queries asynchrously; this is just
the infrastructure so that the queries can be asynchronous in
the future.)
* bugfixes:
* DNS lookup overrides alarm() signal (issue #2854325)
* documentation updates:
* document use of custom PrivateKey object, for external signing
* describe how to get "pretty signatures" in Signer.pm
0.37
2009-09-02: Jason Long <jlong@messiah.edu>
* t/adsp.t: a test script for checking AuthorDomainPolicy.pm
* lib/Mail/DKIM/AuthorDomainPolicy.pm: use d= tag not i= tag when
checking for first-party signatures; fix for testing() method
not found error; fix for "all" and "discardable" not doing the
right thing
2009-08-14: Jason Long <jlong@messiah.edu>
* sample_mime_lite.pl: a sample script showing how to use Mail::DKIM
with MIME::Lite
2009-07-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm: revert ability for subclasses to
override behavior of no-results DNS query
* lib/Mail/DKIM/AuthorDomainPolicy.pm: if ADSP record is not found,
check whether the domain itself exists
* t/policy.t: add a test for the ADSP record causing a DNS error
but the domain itself still existing
2009-07-10: Jason Long <jlong@messiah.edu>
* t/public_key.t: refine the testing for DNS timeouts and SERVFAIL
errors
* t/policy.t: add some tests for DNS failures during policy queries
* lib/Mail/DKIM/AuthorDomainPolicy.pm: more explicit documentation
describing how DNS errors (and NXDOMAIN results) are handled
2009-07-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm: allow subclasses to override behavior
when DNS query returns no records
* lib/Mail/DKIM/AuthorDomainPolicy.pm: when DNS query returns no
records, check the domain itself and possibly die.
2009-07-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: wasn't using the right API to get
the ADSP policy
2009-07-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/AuthorDomainPolicy.pm, DkimPolicy.pm: changed the
format of how methods are documented
2009-07-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/AuthorDomainPolicy.pm, DkimPolicy.pm: add a
description of the class to the documentation
2009-06-09: Jason Long <jlong@messiah.edu>
* scripts/dkimsign.pl: fix typo in the debugging output
2009-06-09: Jason Long <jlong@messiah.edu>
* t/signer.t: test case for bug 2803465: space between header field
name and colon cause signature to skip that header
* lib/Mail/DKIM/Common.pm (add_header): fix regexp so that a space
between the header field name and the colon is not treated as part
of the header field name (issue #2803465)
2009-06-02: Jason Long <jlong@messiah.edu>
* t/policy.t: test for the as_string() method
released 2009-09-08
* New/changed functionality:
* ADSP records now check whether the domain itself exists, in
accordance to the ADSP specification
* bugfixes:
* fixed regexp used to detect header field names (issue #2803465)
* various fixes to ADSP checking
0.36
2009-06-02: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm (as_string): restore this method which was
accidentally removed in 0.34.
released 2009-06-02
* API changes:
* restore the as_string() method which was accidentally removed
in version 0.34
0.35
2009-05-22: Jason Long <jlong@messiah.edu>
* t/signer.t: add a test-case of a message with 10000's of blank
lines; this seems to DoS the canonicalization routines
* lib/Mail/DKIM/Canonicalization/{simple,relaxed,dk_simple}.pm:
fix for bug reported on amavis-user list, patch provided by
Mark Martinec. Thanks!
released 2009-05-22
* bugfixes:
* fixed a runaway regular expression in the canonicalization
routines (patch provided by Mark Martinec)
0.34
2009-05-20: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM.pm: rewrite the description section of the Mail::DKIM
man page
* lib/Mail/DKIM/Verifier.pm: document fetch_author_domain_policies()
* Makefile.PL: release 0.34
2009-05-18: Jason Long <jlong@messiah.edu>
* t/signer.t: add a test-case of a message without a header
* lib/Mail/DKIM/Common.pm (init): initialize variables used by methods
in this class; fixes RT.CPAN.ORG bug #46179
2009-04-04: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (fetch_author_domain_policies): new method
for fetching ADSP records for a particular message
2009-04-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkPolicy.pm: moved the DomainKeys-specific policy
stuff from Policy.pm to here
* t/policy.t: change tests to use DkPolicy instead of Policy
* lib/Mail/DKIM/Verifier.pm (fetch_sender_policy): use DkPolicy
class instead of Policy class
2009-04-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/AuthorDomainPolicy.pm: first draft of ADSP support
2009-04-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: rename fetch_policies() to policies()
* scripts/dkimverify.pl: replace use of fetch_policies() with
policies()
2009-03-30: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: document a "temperror" result, which
I will soon provide support for
2009-03-30: Jason Long <jlong@messiah.edu>
* t/verifier.t: add support for testing DNS failures; add tests for
detail messages of public key errors
* t/verifier.t: add some tests of DNS failures
2009-03-30: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm (get_public_key): remember errors and
always report them the same way
2009-03-30: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm, DkPolicy.pm: new method "name" to give a
short name of the policy
* scripts/dkimverify.pl: use the new fetch_policies() api to list
the results of applicable policies
2009-03-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (fetch_policies): new method for fetching
all applicable policies, and is guaranteed not to "die".
2009-03-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm: use a global variable to specify what Timeout
to use
* lib/Mail/DKIM/DNS.pm: detect DNS resolver errors and report them
* t/public_key.t: test various DNS failures
2009-03-10: Jason Long <jlong@messiah.edu>
* t/simple_canonicalization.t: fix simple-canonicalization test, which
broke when I removed support for prestandardized DKIM signatures
2009-03-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/*, lib/Mail/DKIM/Canonicalization/*,
lib/Mail/DKIM/Signature.pm, t/verifier.t: remove support and tests
for the prestandardized DKIM signatures (issue #1871948)
* Makefile.PL: bump version
released 2009-05-20
* New/changed functionality:
* support for ADSP (author-domain-signing-practices) records
* removed support for pre-standardized DKIM signatures (i.e. these
are DKIM signatures without a v= or bh= tag).
* DNS resolver errors are detected and reported as such
* API changes:
* renamed Mail::DKIM::Policy to Mail::DKIM::DkPolicy. Programs using
the former name to create policy objects directly (though it would
be more expected to fetch the objects through
Mail::DKIM::Verifier) should update their code
* new policies() method in Mail::DKIM::Verifier for fetching all
applicable sender/author signing policies
* bugfixes:
* Signer object would die if first line of input wasn't a header
(rt.cpan.org issue #46179)
0.33
2009-03-10: Jason Long <jlong@messiah.edu>
* Makefile.PL: release "0.33"
2008-11-19: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm, DkSignature.pm (DEFAULT_PREFIX): new
method which determines what prefix to use in as_string, prettify,
etc.
* lib/Mail/DKIM/KeyValueList.pm (wrap): when splitting the h= field,
only allow breaks prior to ':' symbols
2008-11-19: Jason Long <jlong@messiah.edu>
* t/signature.t: further checks for prettify signatures (found a case
where the new code caused a regression)
* lib/Mail/DKIM/TextWrap.pm (flush): remember to update cur position
when flushing text; use a "may_break" internal variable to know
whether a linebreak is acceptable; other fixes
* t/textwrap.t: another test case illustrating failure in TextWrap.pm
* lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() right after the
';' character; this is a further fix for #2257046.
2008-11-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/TextWrap.pm (flush): new method to explicitly allow a
break at the current point in the string
* lib/Mail/DKIM/KeyValueList.pm (wrap): call flush() whenever changing
TextWrap parameters (this should complete the fix for #2257046)
2008-11-06: Jason Long <jlong@messiah.edu>
* t/signature.t: test Mark Martinec's bad-signature-wrapping bug
2008-11-06: Jason Long <jlong@messiah.edu>
* t/verifier.t: use a "fake" dns implementation, so that this test
will pass no matter the user's state of dns
2008-11-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DNS.pm (query): changed API so that it now returns
a list of Net::DNS::RR objects, rather than a Net::DNS::Packet object.
* lib/Mail/DKIM/Policy.pm: update for the change to the DNS.pm api.
* lib/Mail/DKIM/PublicKey.pm: update for the change to the DNS.pm api.
2008-11-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm (encode_qp, decode_qp): suppress a warning
about an uninitialized value
* lib/Mail/DKIM/Common.pm (message_originator, message_sender): if a
From/Sender line is present, but blank, still return a valid object
(issue #2126559)
* t/public_key.t: new test to check for DNS problems
released 2009-03-10
* bugfixes:
* signature wrapping would sometimes cause improper preparation of
DKIM signatures, with "simple" canonicalization (issue #2257046)
* test scripts:
* the included corpus is now verified using a fake-DNS resolver,
which means the test corpus can validate even when your DNS
servers are really slow
0.32
2008-05-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: when populating a DomainKey
signature's identity, record where the identity came from
* lib/Mail/DKIM/DkSignature.pm (identity_source): make the source of
the identity (i.e. sender header or from header) available as a
method
2008-05-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm (identity): do quoted-printable encoding/
decoding for the i= tag (issue #1839015)
* t/corpus/good_qp_1.txt, good_qp_2.txt, good_qp_3.txt: three test
files for identities using quoted-printable encoding
2008-04-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: documentation for get_tag()
2008-04-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm (check_granularity): do case-sensitive
comparison (issue #1938112)
2008-04-14: Jason Long <jlong@messiah.edu>
* t/corpus/badkey_12.txt: fix g= case-sensitivity test so it won't give
false positives on dkim-milter
* t/corpus/badkey_13.txt: test that the verifier checks granularity
against i= tag, not the From header
2008-04-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm, rsa_sha1.pm: replace use of
Digest::SHA1 with equivalent Digest::SHA
* Makefile.PL: remove requirement for Digest::SHA1
2008-04-14: Jason Long <jlong@messiah.edu>
* Makefile.PL: bump version
released 2008-06-03
* removed requirement for Digest::SHA1 (issue #1832549).
We now use the more capable Digest::SHA module for SHA-1 and SHA-256.
* bugfixes:
* granularity checking should be case-sensitive (issue #1938112).
* identity tag now uses quoted-printable encoding (issue #1839015).
* API improvement:
* implemented identity_source() for DkSignature objects
0.31
2008-04-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PrivateKey.pm: allow Cork argument to new() (#1879209)
2008-04-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkimPolicy.pm: fix "use of uninitialized value in string"
errors
* lib/Mail/DKIM/Signature.pm: provide public API to public-key object of
signatures, e.g. so its flags can be accessed (issue #1879215);
also, if an error occurs fetching the public-key record, the failure
is cached so it won't get tried again
* lib/Mail/DKIM/Signer.pm: document how to create a DomainKey-Signature
2008-02-20: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/TextWrap.pm: implement BreakBefore option;
provided a bunch of documentation for this module
* t/textwrap.t: tests new functionality of TextWrap
* lib/Mail/DKIM/KeyValueList.pm: colon-separated lists are now "wrapped"
with colons appearing at the beginning of the next line instead of
at the end of the current line (hoping this will fix #1868648)
2008-02-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: conserve space by omitting "c=simple"
and "q=dns/txt" (#1878518)
2008-02-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Canonicalization/DkCommon.pm, DkimCommon.pm:
bugfix for issue #1878954 (undef value used as an ARRAY ref)
* lib/Mail/DKIM/Canonicalization/DkCommon.pm: some cleanup,
possible bugfix for verifying message with two+ DomainKey signatures
* lib/Mail/DKIM/Verifier.pm: allow caller of fetch_author_policy() to
specify domain (#1879197)
* lib/Mail/DKIM/PrivateKey.pm: cleanup- indentation style;
throw error on load() if missing argument
2008-01-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkimPolicy.pm, Policy.pm, PublicKey.pm, Verifier.pm:
fix parsing regexes used to split email address into localpart and
domain (issue #1878994)
2008-01-10: Jason Long <jlong@messiah.edu>
* Makefile.PL: bump version
* lib/Mail/DKIM/Signature.pm: make sure all public key problems are
prefixed with "public key:" (most were already, see below for actual
changes)
* lib/Mail/DKIM/PublicKey.pm: since Signature.pm is providing the "public
key:" prefix, it can be omitted in PublicKey.pm error messages
* lib/Mail/DKIM/Verifier: the following result_detail messages have changed:
"no public key available" => "public key: not available"
"key value list syntax error" => "syntax error"
or "public key: syntax error"
* t/verifier.t: test that "public key" is mentioned
released 2008-04-14
* some error detail messages were changed (see ChangeLog, 2008-01-10 entry)
* by default, and when possible, DKIM signatures now omit c= and q= tags
(they are optional tags) (issue #1878518)
* DKIM and DomainKey signatures are now wrapped so that line breaks
occur before colon (':') separators instead of after; this avoids
confusing some broken MUAs (issue #1868648)
* bugfixes:
* "undef value" error when DKIM signature appears at end of header
(issue #1878954)
* use proper regexp for splitting email address (issue #1878994)
* API improvements:
* can specify a domain for fetch_author_policy() (issue #1879197)
* can access a signature's public-key object (issue #1879215)
* can specify an OpenSSL-private-key object for PrivateKey->new()
(issue #1879209)
0.30.1
2008-01-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/*: implement wants_pre_signature_headers()
for each algorithm
* lib/Mail/DKIM/Verifier.pm: if the algorithm "wants_pre_signature_headers",
then feed headers found prior to the signature to the
signature-specific algorithm doing the verification. This fixes an
issue where signatures from cisco.com fail to verify (reported by
Mark Martinec).
released 2008-01-24
* bugfix:
* email from cisco.com was failing to verify (issue #1878523)
0.30
2007-12-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (is_subdomain): do case-insensitive
comparison
* t/corpus/good_dk_7.txt: tests DK signature with domain names that
differ only in case
* t/corpus/good_rfc4871_4.txt: tests DKIM signature with i= and d=
contain domain names differing in case
* t/corpus/badkey_12.txt: tests public key where i=JLong, g=jl*ng
2007-12-07: Jason Long <jlong@messiah.edu>
* t/verifier.t: three new DK tests
* t/corpus/good_dk_6.txt: tests DK signature without h= tag
* t/corpus/bad_dk_2.txt: tests DK signature w/o h= tag, Sender has
been added
* t/corpus/dk_multiple_1.txt: tests two DK signatures (with different
domains) in a single message... both should pass
* Makefile.PL: version bump
2007-12-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm,
lib/Mail/DKIM/Canonicalization/DkCommon.pm:
domainkeys: determine identity from algorithm object. Currently the
DomainKeys identity is determined by the Verifier. It is
theoretically possible for two different DomainKeys signatures on
the same message to have different identities. (This happens when
one DomainKey signature includes a Sender header, and the other one
does not.) This patch moves the determination of identity to the
algorithm object.
2007-12-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, lib/Mail/DKIM/Common.pm: initialize
signatures early. This patch makes Mail::DKIM::Verifier initialize
and check the signature object as soon as it is parsed, and
subsequent headers are fed into the algorithm as they are read,
instead of waiting for the end of header.
* lib/Mail/DKIM/Verifier.pm: fix DK identity. The previous patch broke
identity-checking for DomainKeys signatures. This patch moves some
things around so that identity checking still works.
2007-12-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (add_signature): changed to take a
signature object, instead of an unparsed header line
2007-11-21: Jason Long <jlong@messiah.edu>
* t/corpus/bad_dk_2.txt renamed to dk_headers_2.txt: revert this
rename from earlier... the message should "pass" after
all (the Sender header was not part of the signature)
2007-11-21: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: provide documentation for Key parameter
* lib/Mail/DKIM/PrivateKey.pm: created documentation for this package
* lib/Mail/DKIM/Signature.pm: implement Key parameter for constructor,
and key() method to get/set the private key
2007-11-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: for DomainKeys signatures, use the message
sender as the identity
* lib/Mail/DKIM/DkSignature.pm: allow verifier to supply the signing
identity
* lib/Mail/DKIM/Verifier.pm, PublicKey.pm: hack for allowing
DomainKeys signatures to use public keys with empty g= tags
2007-11-14: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, Signer.pm: update documentation for
message_sender() and message_originator() methods, which are now
guaranteed to return an object
* lib/Mail/DKIM/Common.pm (message_sender, message_originator):
always return a Mail::Address object, even if the relevant headers
were not found
* t/corpus/dk_headers_2.txt renamed to bad_dk_2.txt: it turns out this
message should've been failing all along, since the Sender header
doesn't match the domain of the signature
* lib/Mail/DKIM/Verifier.pm: slight change to the "unsupported version"
detail message (don't want nested parenthesis)
2007-11-14: Jason Long <jlong@messiah.edu>
* t/corpus/goodkey_4.txt: tests signature with i=a@b, public key implied g=
* lib/Mail/DKIM/PublicKey.pm (check_granularity): fixed broken
ends-with check, reported by Mark Martinec
* t/corpus/good_dk_3.txt, good_dk_4.txt, good_dk_5.txt:
these files test DomainKeys signatures with g= values in the public keys
* t/corpus/bad_dk_1.txt: this one should fail, since the signature
domain does not match the From/Sender header
* scripts/dkimsign.pl: added option to override signature's d= tag
* t/corpus/badkey_11.txt: tests a valid, but unmatched h= in public key
2007-11-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Canonicalization/relaxed.pm,
lib/Mail/DKIM/Canonicalization/nowsp.pm,
lib/Mail/DKIM/Canonicalization/DkCommon.pm,
lib/Mail/DKIM/Canonicalization/dk_simple.pm,
lib/Mail/DKIM/Canonicalization/simple.pm,
lib/Mail/DKIM/Canonicalization/dk_nofws.pm,
lib/Mail/DKIM/Canonicalization/DkimCommon.pm,
lib/Mail/DKIM/MessageParser.pm:
more speed-up optimizations by Mark Martinec, now multiple lines
at once can be fed into the canonicalization bits
2007-11-08: Jason Long <jlong@messiah.edu>
* Makefile.PL, others: version bump to 0.30
2007-11-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: minor doc edit
* scripts/dkimsign.pl: generate "pretty" signatures;
die on unrecognized signature type
2007-11-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/Base.pm: cleanup (delete commented-out code)
* lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm (finish_message): fix bug
where DomainKeys signatures were not "pretty",
reported by Byung-Hee HWANG.
2007-11-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: allow Timestamp to be specified to new()
* lib/Mail/DKIM/Signer.pm: allow Timestamp to be specified to new(),
requested by Mark Martinec
* t/signer.t: test timestamp creation
2007-11-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Canonicalization/simple.pm,
lib/Mail/DKIM/Canonicalization/Base.pm,
lib/Mail/DKIM/MessageParser.pm: speedup optimizations contributed
by Mark Martinec.
* lib/Mail/DKIM/Canonicalization/dk_simple,pm
lib/Mail/DKIM/Canonicalization/relaxed.pm: more speed up optimizations
by Mark Martinec.
released 2008-01-10
* includes speed-up optimizations by Mark Martinec
* DomainKeys, implement proper identity matching...
a DomainKey-Signature's domain should match the From/Sender address
* several more test cases
* API improvements:
* accept additional arguments when creating Signer/Signature
* bugfixes:
* DomainKey-Signature headers were not "prettified"
* granularity ending with '*' was not checked correctly
* DomainKey-Signature granularity was checked against the wrong value
0.29
2007-11-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: signatures() is now public
2007-10-30: Jason Long <jlong@messiah.edu>
* t/corpus/good_rfc4871_3.txt: to test extra tags in signature
* scripts/dkimsign.pl: allow user to specify arbitrary extra tags for
putting in the signature
* lib/Mail/DKIM/MessageParser.pm: make "not implemented" messages
more helpful
* t/corpus/badkey_10.txt: to test key with t=s
* lib/Mail/DKIM/Verifier.pm: allow check_granularity() to return different
detail messages; describe two additional result_detail possibilities
* lib/Mail/DKIM/PublicKey.pm (check_granularity): check for empty g= value;
check for subdomain usage;
(subdomain_flag): helper method to look for "s" in flags
(flags): return default value if no t= tag
2007-10-26: Jason Long <jlong@messiah.edu>
* t/corpus/badkey_9.txt: to test empty g= in selector
* t/corpus/ignore_8.txt: to test bad i= value in signature
* lib/Mail/DKIM/Verifier.pm: check signature identity value
2007-10-24: Jason Long <jlong@messiah.edu>
* t/corpus/badkey_8.txt, ignore_5.txt, ignore_6.txt: fix signature so
it would verify if not for the flaw in the public key
* scripts/dkimsign.pl: allow key protocol to be specified on command
line
* lib/Mail/DKIM/Verifier.pm: update documentation on possible error
codes
* lib/Mail/DKIM/PublicKey.pm: cleanup error code
2007-10-24: Jason Long <jlong@messiah.edu>
* t/corpus/badkey_*.txt: changed subjects to indicate which test it is
* t/corpus/badkey_7.txt, badkey_8.txt, goodkey_1.txt, goodkey_2.txt,
goodkey_3.txt: additional tests of public key features
* t/corpus/verifier.t: test the new test messages
* lib/Mail/DKIM/Verifier.pm (check_public_key): check key granularity
and report the problem if it doesn't match
* lib/Mail/DKIM/PublicKey.pm (check_granularity): a method for testing
the granularity
(granularity): return the default value of '*' if g= not defined
* scripts/dkimsign.pl: ability to set i= tag from command-line
2007-10-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm (check_signature): do signature version check
here
(finish_header): report invalid signature details to the signature
object
(signatures): return all parsed signatures, not just "valid" signatures
* lib/Mail/DKIM/Signature.pm: some misc. cleanup
(check_version): version check is now a separate method, rather than
being part of parse()
* lib/Mail/DKIM/DkSignature.pm (check_version): always true
* t/corpus/multiple_2.txt: a message testing multiple signatures with
different results
* t/verifier.t: verify that each signature's results are available and
correct
2007-10-24: Jason Long <jlong@messiah.edu>
* t/corpus/ignore_7.txt: a message with an expired signature
* lib/Mail/DKIM/Signature.pm: recognize Expiration as a parameter
* scripts/dkimsign.pl: make it possible to create a signature with an
x= tag
* t/verifier.t: test ignore_7.txt message, should "ignore"
* lib/Mail/DKIM/Verifier.pm: check signature expiration when verifying
* lib/Mail/DKIM/Signature.pm (check_expiration): new method
2007-10-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: use "Key" property instead of "private" to
store the private key; new methods key() and key_file(); allow each
signature to have its own private key
* t/signer_policy.t: test specifying a key file in a policy
2007-10-04: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/MessageParser.pm: return nonzero for PRINT and CLOSE
* lib/Mail/DKIM/DkSignature.pm: make expiration() for DomainKey-Signature
behave more compatibly with expiration() for DKIM-Signature
* lib/Mail/DKIM/Verifier.pm: remove dependency on Error module
* README: what I'm interested in if make test fails
* lib/Mail/DKIM/Signer.pm: fix bug reported by dairiki, who noticed that
the Signer class ignored the signature-specified algorithm when
building the algorithm object
* scripts/dkimsign.pl: update POD a bit
* scripts/dkimverify.pl: add POD
* lib/Mail/DKIM/Canonicalization/Base.pm, Algorithm/Base.pm:
add see also, author, copyright sections to POD
* lib/Mail/DKIM/Algorithm/rsa_sha1.pm, rsa_sha256.pm: remove useless pod
* ...and others...: inline documentation (POD) cleanup
2007-10-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Canonicalization/DkCommon.pm: attempt at making the
header handling algorithm easier to understand
* t/signer.t: test case for unreadable private key
* lib/Mail/DKIM/PrivateKey.pm: die if unable to open private key file
* lib/Mail/DKIM/Signer.pm: no more need for a separate existance check
on the private key filename
* lib/Mail/DKIM/Signature.pm: allow Identity to be specified in new()
* lib/Mail/DKIM/Signer.pm: allow Identity to be specified in new()
* t/signer.t: test that specifying Identity works
2007-10-02: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Canonicalization/DkCommon.pm: there are some varying
opinions about how to verify DomainKey-signed messages when there is
an h= tag and the headers are in a different order... this is an
attempt at making our verifier more compatible with other
implementations
* dk_headers.txt: some notes on multiple-occuring headers
2007-09-06: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm (get_lookup_name): new method that determines
the name of the record to lookup
* lib/Mail/DKIM/DkimPolicy.pm: no longer need to override fetch(), now
it just overrides get_lookup_name()
released 2007-11-08
* verifiers can now access all parsed signatures and their results,
not just signatures that were fully tested
* signer policies can now specify what private key file to use
* some other minor API improvements
* bugfixes:
* for DomainKeys signatures, fixed a compatibility issue handling
the h= tag
* for DKIM, signature expirations had been ignored
* for DKIM, signature identities did not have to match the domain
* for DKIM, public key granularity field had been ignored
0.28
2007-07-31: Jason Long <jlong@messiah.edu>
* Makefile.PL: OpenSSL 0.23 segfaults on certain signatures, so
the requirement is now Crypt::OpenSSL::RSA 0.24 or better
* lib/Mail/DKIM/KeyValueList.pm: don't split the header in the middle
of a tag name
released 2007-07-31
* fixed a bug with line-wrapping a signature at the wrong place
0.27
2007-07-25: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm (identity_matches): new method to help
comparing a From/Sender address with the signature identity
* lib/Mail/DKIM/DkimPolicy.pm, Policy.pm: use identity_matches function
2007-07-18: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: changed fetch_policy() back to
fetch_author_policy(); added fetch_sender_policy();
save results for each signature
* lib/Mail/DKIM/Policy.pm: now implements just Dk policies
* lib/Mail/DKIM/DkimPolicy.pm: a new module for DKIM signing practices
* lib/Mail/DKIM/Signature.pm: can now get/set the verification result
for each signature
* scripts/dkimsign.pl: handle DOS-formated input
* scripts/dkimverify.pl: show multiple signatures' results; show
both policy results
2007-06-11: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: public_key no longer available as a
verifier property; use eval block instead of try...otherwise;
experimental signatures() method
* lib/Mail/DKIM/Verifier.pm: added description section to Perldocs;
replaced a couple try...otherwise blocks with eval blocks
2007-06-08: Jason Long <jlong@messiah.edu>
* policies.txt: some thoughts on dealing with two different types of
policy records
* lib/Mail/DKIM/Policy.pm: default() is now a private class method
* lib/Mail/DKIM/PublicKey.pm: moved DNS query to DNS.pm
* lib/Mail/DKIM/Policy.pm: moved DNS query to DNS.pm
* lib/Mail/DKIM/DNS.pm: new module that does the common DNS lookups
2007-06-07: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Common.pm: change "parse Mail::Address" to my preferred
"Mail::Address->parse" style
* t/policy.t: test policy lookup by email address instead of domain;
test policy lookups on a few well known domains
* lib/Mail/DKIM/Verifier.pm: minor doc changes; renamed
fetch_author_policy() to fetch_policy(); fetch_author_policy still
works for backward compatibility
* lib/Mail/DKIM/Policy.pm: allow lookups given sender/from addresses
(location): new method to determine where the policy came from
2007-06-05: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm: create the default policy only once;
(is_implied_default_policy): new method to check whether the policy
was explicit or implied
(fetch): get policy record at the Yahoo!-DomainKeys-defined location,
rather than the location in the not-yet-finished DKIM SSP spec.
* t/policy.t: test is_implied_default_policy method
released 2007-07-25
* Sender signing policies are now better implemented
* Both Yahoo! DomainKeys signing policies and the under-development
IETF DKIM signing policies are supported
* Yahoo! DomainKeys policies can protect the Sender: header
* DKIM signing policies can protect the From: header
Look at Mail::DKIM::Verifier's fetch_author_policy() and
fetch_sender_policy() methods for hints.
0.26
2007-05-24: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: accept and use v=1 tag instead of v=0.5
* lib/Mail/DKIM/Policy.pm: oops, left a syntax error in here
* t/signer.t: new expected signature value, since signature now has v=1
2007-05-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: simplify error handling in fetch()
* lib/Mail/DKIM/Policy.pm: simplify error handling in fetch()
released 2007-05-24
* recognize and generate v=1 signatures (DKIM is now RFC 4871)
0.25
2007-05-10: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/KeyValueList.pm: separator should be "\015\012" not "\n";
allow splitting on whitespace in a colon-separated list value
* Makefile.PL: it seems version 0.22 or better is required of
Crypt::OpenSSL::RSA
2007-05-01: Jason Long <jlong@messiah.edu>
* t/signature.t: test prettify_safe()
* lib/Mail/DKIM/TextWrap.pm: new wrapping module to help with prettifying
the signature
* lib/Mail/DKIM/KeyValueList.pm (wrap): new method to help wrap the
signature
* lib/Mail/DKIM/Signature.pm: wrap the signature
* lib/Mail/DKIM/Algorithm/Base.pm: oops, prettify() should only be called
when we're _making_ the signature
* lib/Mail/DKIM/KeyValueList.pm (wrap): only do something if TextWrap
has been loaded (no longer automatically load it)
* lib/Mail/DKIM/Signature.pm (prettify): better default value for Start
2007-04-16: Jason Long <jlong@messiah.edu>
* t/signature.t: test that prettify() doesn't choke
* lib/Mail/DKIM/Algorithm/Base.pm: call prettify() before hashing the
signature header
* lib/Mail/DKIM/Signer.pm: call prettify_safe() after generating the
signature data
* lib/Mail/DKIM/Signature.pm: stubs for prettify() and prettify_safe()
* lib/Mail/DKIM/KeyValueList.pm: parse() can now be called on an existing
key-value-list to regenerate the tag data from a string
2007-04-15: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: bug fix- if Net::DNS caused an exception,
there was a race condition for resetting the alarm
* lib/Mail/DKIM/Signer.pm: limit which headers are signed
* t/signer.t: test that undesirable headers are not signed
released 2007-05-10
* we now only sign headers that IETF recommends for signing
* it's now possible to "prettify" outgoing signatures, but this feature
is not enabled by default. To enable, do a "use Mail::DKIM::TextWrap"
in your program that signs messages. (This may change in a future
release.)
0.24
2007-03-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm, lib/Mail/DKIM/Signature.pm,
lib/Mail/DKIM/KeyValueList.pm: fix for linebreaks in public key data;
provided by Mark Martinec.
* lib/Mail/DKIM/Signature.pm: fix default value q=dns/txt; this fixes a bug
for DKIM signatures without q= tags
* t/verifier.t: added six new tests that test problems with the public key
(e.g. revoked, syntax, etc.)
released 2007-03-13
* fixes two bugs, see ChangeLog for details
* fixed a bug with public keys (in DNS) containing linebreak characters
* fixed a bug with DKIM signatures not including the optional q= tag
0.23
2007-02-22: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: catch certain OpenSSL errors; tweak
diagnostics
* lib/Mail/DKIM/Verifier.pm: changed OpenSSL error catching code to
match that found in PublicKey; document more possible diagnostic codes
* lib/Mail/DKIM/Signature.pm: tweaked diagnostics for missing public key
* Makefile.PL: check for Test::Simple, which is required for `make test'
2007-02-21: Jason Long <jlong@messiah.edu>
* t/signer_policy.t: signature should still work even if no value is
returned from signer policy
* t/signer.t: now uses v=0.5 signature, which changes the signature
* t/verifier.t: added three tests of empty body messages
* lib/Mail/DKIM/Signer.pm: fixed bug where if signer policy was a
sub ref, and didn't return a true value, the message would get skipped
* lib/Mail/DKIM/Canonicalization/simple.pm: argh, hack for handling
empty body
* lib/Mail/DKIM/MessageParser.pm: fixed bug in handling of messages
without bodies
* lib/Mail/DKIM/Signature.pm: output v=0.5 signatures now
* scripts/dkimsign.pl: new --binary option to disable line-ending conversion
2007-02-19: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/DkSignature: provide default value for a= tag
(thanks to mark.martinec@ijs.si for the patch)
* t/corpus/good_dk_2.txt: test for missing q= and a= tags on DomainKey
signature
2007-02-09: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm, DkSignature.pm: better diagnostic messages;
allow missing q= tag for domainkey signatures
(thanks to mark.martinec@ijs.si for the patch)
released 2007-02-22
* fixes some issues with verifying DomainKeys signatures
* generate newer-style DKIM signatures (with v=0.5 tag)
* fixed some bugs related to handling messages with no body
* improved diagnostic messages for certain cases
0.22
2007-01-19: Jason Long <jlong@messiah.edu>
* t/verifiter.t: relaxed the OpenSSL check a little more
* DKIM.pm, README, others: updated copyright to include 2007;
updated abstract to include DomainKeys; updated version number
2007-01-19: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Verifier.pm: in case of unsupported algorithm,
canonicalization method, or key protocol, list the bad protocol
in the error message to make diagnosing easier
* lib/Mail/DKIM/DkSignature.pm: fix a use-of-undefined-scalar bug
2007-01-17: Jason Long <jlong@messiah.edu>
* t/verifier.t: fixed testing bug that was too strict about what
error message OpenSSL generates
* lib/Mail/DKIM/Verifier.pm: handle OpenSSL panic message better
released 2007-01-19
* fixes a couple very minor bugs
* some cosmetic changes to error messages
0.21
2006-11-27: Jason Long <jlong@messiah.edu>
* t/verifier.t: test domainkey message with trailing blank line
* lib/Mail/DKIM/Canonicalization/dk_nofws.pm: fixed bug where DomainKey-
signed message with trailing blank line was not canonicalized correctly,
reported by Mark Martinec.
2006-11-13: Jason Long <jlong@messiah.edu>
* t/verifier.t: test invalid signature length
* lib/Mail/DKIM/Verifier.pm: fixed bug where OpenSSL error was not
reported by moved "local $@" outside try block, thanks to Mark Martinec
for finding this; detect OpenSSL error and clean up the error message
released 2006-11-29
* fixes two bugs, see ChangeLog for details
0.20
2006-10-24: Jason Long <jlong@messiah.edu>
* t/signer_policy.t, t/signer.t: use new() instead of new_object()
* lib/Mail/DKIM/Algorithm/Base.pm: allow debugging body canonicalization
* lib/Mail/DKIM/MessageParser.pm: removed problematic check for
"control characters"
* scripts/dkimsign.pl: document --type argument; replace signer policy class
with signer policy subroutine
2006-10-23: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm: bugfix - signatures weren't setup correctly when
policy built the signature
* lib/Mail/DKIM/Signature.pm: bugfix - empty headerlist should return empty
list
* lib/Mail/DKIM/Canonicalization/Base.pm: moved support for Debug_Canonicalization
here from Algorithm/*
* lib/Mail/DKIM/Algorithm/Base.pm: removed Debug_Canonicalization support
* lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: removed Debug_Canonicalization support
2006-10-23: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signer.pm, lib/Mail/DKIM/Verifier.pm: use new() instead of
new_object(); new_object() still supported; documented
Debug_Canonicalization option
2006-10-20: Jason Long <jlong@messiah.edu>
* t/signer_policy.t: added test for creating DomainKeys signature;
added test for creating multiple signatures
* lib/Mail/DKIM/SigningFilter.pm: removed (obsolete)
* scripts/test_signing_filter.pl: removed (obsolete)
* lib/Mail/DKIM/Signer.pm: added signatures method
2006-10-20: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM.pm, lib/Mail/DKIM/Signer.pm, lib/Mail/DKIM/Verifier.pm:
various documentation fixes
* lib/Mail/DKIM/Verifier.pm: set signature property when result is determined
* lib/Mail/DKIM/Signer.pm: support addition of multiple signatures;
changed default canonicalization method to "relaxed"
2006-10-20: Jason Long <jlong@messiah.edu>
* t/signer_policy.t: tests different forms of signing policies
* lib/Mail/DKIM/Signer.pm: support code references as a signing policy;
removed support for build_signature (I'm gonna do this a different way)
2006-10-20: Jason Long <jlong@messiah.edu>
* t/verifier: added a message containing multiple signatures, only one of
which is valid
- t/corpus/multiple_1.txt: the new message
* lib/Mail/DKIM/Algorithm/Base.pm: added signature method; changed method
signature of verify method (no parameters needed any more)
* lib/Mail/DKIM/Algorithm/rsa_sha1.pm,
lib/Mail/DKIM/Algorithm/rsa_sha256.pm,
lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: updated verify method
* lib/Mail/DKIM/Verifier.pm: support verification of multiple signatures
* lib/Mail/DKIM/Signer.pm: documented use of policy _function_ rather than
policy object; but no implementation yet
* lib/Mail/DKIM/Common.pm (add_body): support multiple algorithms (needed
to verify multiple signatures)
* lib/Mail/DKIM/Signature.pm: renamed signature() to data(); signature still
available for backwards compatibility
2006-10-19: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/SignerPolicy.pm: document mechanism for users to
construct the signature themselves
* lib/Mail/DKIM/Canonicalization/DkCommon.pm,
* lib/Mail/DKIM/Canonicalization/dk_simple.pm,
lib/Mail/DKIM/Canonicalization/dk_nofws.pm: implemented DomainKeys'
canonicalization methods
* lib/Mail/DKIM/Canonicalization/Base.pm: clarify use of add_body method
* lib/Mail/DKIM/Algorithm/Base.pm: clarify use of add_body method
* lib/Mail/DKIM/DkSignature.pm: implements DomainKeys signatures
* lib/Mail/DKIM/Signer.pm: allow policy to construct the signature, if
it implements the build_signature method; allow policy access to
header field names (headers method)
* lib/Mail/DKIM/Signature.pm: replace use of obsolete method() with
canonicalization()
* scripts/dkimsign.pl: allow user to specify signature type
2006-10-12: Jason Long <jlong@messiah.edu>
* t/verifier: added two new DomainKeys messages to test
- t/corpus/good_dk_yahoo.txt
- t/corpus/good_dk_gmail.txt
* lib/Mail/DKIM/Canonicalization/dk_nofws.pm: added support for the
DomainKeys "nofws" canonicalization method
* lib/Mail/DKIM/Verifier.pm: recognize DomainKeys signatures;
signatures now determine which algorithm class to use
* lib/Mail/DKIM/Algorithm/Base.pm: refactored a few things to better
accomodate non-DKIM algorithms
* lib/Mail/DKIM/Algorithm/dk_rsa_sha1.pm: implements the DomainKeys
rsa-sha1 algorithm
* lib/Mail/DKIM/DkSignature.pm: handles DomainKeys signatures
* lib/Mail/DKIM/Signer.pm: signature now determines which algorithm class
to use
* lib/Mail/DKIM/PublicKey.pm: change an error message from "headers have
been alterered" to "message has been altered" (if the headers have been
altered, we really cannot imply that the body is still intact)
* lib/Mail/DKIM/Common.pm: removed get_algorithm_class (this is now a
signature method)
* lib/Mail/DKIM/Signature.pm: added get_algorithm_class; documented
get_public_key method
2006-09-28: Jason Long <jlong@messiah.edu>
* README: include "Error" in the list of dependencies
* lib/Mail/DKIM/Common.pm (get_algorithm_class): return undef instead of
throwing an error when an unsupported algorithm is presented
* lib/Mail/DKIM/Signature.pm (parse): allow v=0.5 tag
(check_protocol): checks for dns option /txt (i.e. "dns/txt")
(version): new method for getting/setting v= tag
* lib/Mail/DKIM/Verifier.pm (check_signature): fixed algorithm check
* t/verifier: added several additional sample emails to verify, including
a ietf05 signature, and six cases where the signature should be ignored
for one reason or another
released 2006-10-24
* now supports verifying multiple signatures (the result returned is based
on the "best" available signature)
* now supports adding multiple signatures in one pass (to use this, you
need to create a "signer policy"; see scripts/dkimsign.pl for an example)
* now supports signing/verifying signatures for the older DomainKeys standard
* now implements Internet Draft draft-ietf-dkim-base-05, including:
* support for the version (v=) tag
* eliminated "control character detected in message" error message
0.19
2006-06-15: Jason Long <jlong@messiah.edu>
* Makefile.PL: change Perl version check to v5.6.1 instead of 5.8
* t/verifier.t: use binmode function instead of ":raw" layer, for
Perl 5.6.1 compatibility
released 2006-06-15
* now supports earlier versions of Perl (5.6.1 and up).
0.18
2006-06-09: Jason Long <jlong@messiah.edu>
* t/verifier.t: open message in ":raw" mode to avoid CRLF->LF
conversion (reported by Eugene Pivovarav)
2006-06-08: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/PublicKey.pm: rewrote verify_digest() so that it uses
the Crypt::OpenSSL::RSA module exclusively, no longer relying on
Crypt::RSA::Primitives
* lib/Mail/DKIM/PrivateKey.pm: rewrote sign_digest() so it uses
Crypt::OpenSSL::RSA exclusively
* lib/Mail/DKIM/Key.pm: calculate_EM() - remove dependency on
Crypt::RSA::DataFormat
* Makefile.PL, README: remove mentions of Crypt::RSA and
Crypt::OpenSSL::Bignum
released 2006-06-09
* no longer depends on Crypt::RSA or Crypt::OpenSSL::Bignum.
0.17
2006-05-26: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/Base.pm: check_body_hash() - new method
that verifies the body hash against the bh= tag; format for
canonicalization debugging output has changed
* lib/Mail/DKIM/Algorithm/rsa_sha1.pm: call check_body_hash() before
returning results to verify()
* lib/Mail/DKIM/Algorithm/rsa_sha256.pm: call check_body_hash() before
returning results to verify()
* lib/Mail/DKIM/Canonicalization/DkimCommon.pm: fixed bug where extra
CRLF was being canonicalized
* lib/Mail/DKIM/Key.pm: moved calculate_EM function here from PrivateKey
after realizing that it would be needed when verifying
* lib/Mail/DKIM/PublicKey.pm: now SHA256 hashes can be verified as well;
also, the verification can distinguish between wrong hash and a
bad signature
* lib/Mail/DKIM/Verifier.pm: provide result details when verification
fails; added documentation for the result_detail() method
* t/corpus/: added several sample signed messages for the testing routines
2006-04-17: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Algorithm/Base.pm: common class for DKIM algorithms
* lib/Mail/DKIM/Algorithm/rsa_sha1.pm: now subclasses Algorithm::Base.
* lib/Mail/DKIM/Algorithm/rsa_sha256.pm: new class for handling the
rsa-sha256 DKIM algorithm
* lib/Mail/DKIM/Common.pm: recognize rsa-sha256 algorithm
* lib/Mail/DKIM/PrivateKey.pm: implemented signing of a SHA-256 digest
* lib/Mail/DKIM/PublicKey.pm: implemented verifying of a SHA-256 digest
* lib/Mail/DKIM/Signature.pm: allows algorithm to be "rsa-sha256";
body_hash() - new method handling the bh tag;
hash_algorithm() - new method to determine what hash is being used;
* lib/Mail/DKIM/Verifier.pm: check_public_key() - new method for checking
the validity of a fetched public key
* Makefile.PL: added Digest::SHA as a dependency
2006-03-26: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Common.pm: remove version number from this file
* lib/Mail/DKIM.pm: bump version to 0.17
* README: bump version to 0.17
released 2006-05-26
* now implements Internet Draft draft-ietf-dkim-base-01, including:
* support for the body hash (bh=) tag
* support for SHA256 digests (uses the Digest::SHA module from CPAN)
* if a message fails to verify, it now distinguishes between:
* headers having been altered
* body having been altered
* RSA key failure (i.e. the signing key does not match the public key)
* added several sample messages to test against when doing `make test'.
0.16
2006-03-03: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Policy.pm: new() and testing() are now warning-free
(thanks to jm@jmason.org for the patch)
* t/policy.t: tests the Policy package
2006-03-01: Jason Long <jlong@messiah.edu>
* lib/Mail/DKIM/Signature.pm: correctly handle spaces around = character
* t/signature.t: test for spaces around = character in signature
2006-02-24: Jason Long <jlong@messiah.edu>
* t/: wrote some tests and added them to the project
* README, Makefile.PL: discovered additional dependency:
Crypt::OpenSSL::Bignum
* lib/Mail/DKIM/Signature.pm: fixed a warning that could occur if
the h= tag was left undefined
2006-02-23: Jason Long <jlong@messiah.edu>
* converted to ExtUtils::MakeMaker package format,
see the dkimproxy project for revision history prior to 2006-02-23.
released 2006-03-03
* first version for CPAN; implements draft-allman-dkim-base-01.