Changed from 0.67 to 0.68: API: o Added dk_settxt() to bypass dns lookups and set query responses manually o Added dk_domain() to return the domain name used (dk->domain) o Added python wrapper (domainkeys_wrap.c) (use make python to make shared object to import) Internal: Changed from 0.66 to 0.67: API: o Incompatible changes made: dk_free requires an additional parameter, used to specify the OpenSSL Error State should be cleared o Added dk_setopts() and dk_getopts() o Deprecated dk_enable_trace() and dk_remdupe() in favor of using dk_setopts() o Added dk_shutdown() to be used at application shutdown (frees dklib and openssl memory when done) Internal: o Clarified documented behavior for dk_end()/dk_policy() and flag retrieval o Performance improvments (see source for DK_HASH_BUFF) o Fixed dkt_generate to remove the last ':' char and report accurate length of string returned o Fixed memory leak in dk_headers() o Added dk_init() Documentation update (Safe Multi-Thread Usage) Changed from 0.65 to 0.66: API: o No incompatible changes made. o Added dk_compare_trace(), dk_enable_trace() and dk_get_trace() o Added -T option to dktest to enable generation of trace headers Internal: o Added test to dk_message() to detect stray CRs o Fixed parent domain handling Changes from 0.64 to 0.65: API: o No incompatible changes made. o Added dk_remdupe() to turn on/off ignoring hashing in duplicate headers when signing o Added dk_selector() to return the selector name used or NULL if there isn't one o Added -h option to dktest to add h= tag when signing o Added -r option to dktest to enable ignoring duplicate headers when signing (implies -h) Internal: o Win32 and Unixware compatability o dk_headers() now reports accurate length of h= list and preserves duplicate headers o Fixed dkheaders_header() to properly handle h= tags when verifying, handles duplicate headers properly o Fixed simple canon, no longer unfolds headers when in simple canon o Fixed nofws canon when an embedded \r is in the body of a message o Fixed dk_from() to properly report the senders domain when the message is not signed o Fixed dk_from() to properly return NULL when the sender address is malformed (ie: @host, user@, @, ) o Added check in dkheaders() to check dk_from() after parsing headers to make sure there is a valid sender address o Fixed dk_policy() to use dk_from(), not value in dk->from o Fixed handling of messages when verifying and more than one DK-Sig header is found, now uses the first DK-Sig found properly o Fixed handling of messages when signing and there is an existing DK-Sig (Sender: before DK-Sig), pre-existing DK-Sig is ignored Changes from 0.63 to 0.64: API: o No incompatible changes made. o Added dk_headers(). o Added DK_FLAG_G, which reports that g= was present. o Added dk_address(). o Deprecated dk_from(). o Added dk_end() (like dk_eom only it doesn't call dk_policy()). o Added dk_policy(). o Deprecated dk_eom() in favor of calling dk_end and dk_policy. Internal: o dns_txt replaced by dns_text (internal-only change). o dns_text now always returns a malloc'ed string. o Added copyright and license. o Added DK_MALLOC(), DK_MFREE(), and dk_strdup. They use openssl's. o Changed dkparse822() to make an address for dk_address(), which see. o Fixed a bug in dknewkey where it inserted an extra quote char. o Fixed a memory leak in dk_free(). Thanks Robert Powers. o Fixed makeheader to exit with zero. Thanks Slava Filimonov o Added clean to Makefile targets o Made changes to dktest to support new api entry points. o Adjust test cases. Changes from 0.62 to 0.63: o Change dktest's "-t 7" option so that it works even if not signing. o When using the h= tag, sign ALL instances of a header. o Only remember the Sender AFTER the DK-Sig when verifying. o Explicitly return DK_STAT_NOSIG if no sig was found. o Explicitly finish off the headers if there is no body. o Adjust test cases. Changes from 0.61 to 0.62: o This release now supports the -01 spec. o If the domain was missing from the DK-S: header, it segfaulted. o The TC8 test needed to have real headers rather than /dev/null. o The TC14 test returns different results in 0.61 and needed fixing. o Fix the bug reported by Richard Lyons on the qmail mailing list in message 120186: 2. If the program is given a message to sign that's already signed, it will try to verify it. o dktest wasn't carrying failure status around properly. o Added support for multiple canonicalizations. . Have to parse the DK-Sig line earlier to get c= value. . Folded EVP_SignUpdate and EVP_VerifyUpdate into EVP_DigestUpdate. . Folded header and body processing into one call. o Fixed support for c=simple so it works with trailing blank lines. o Added support for Sender: signing domains. o Added a check for a=rsa-sha1 o Added a check for q=dns o Fixed a memory leak (wouldn't free the From: address) o Added support for signing domain being a subdomain of d=. o Used to be checking policy from signing domain, but spec says to use d=domain. o Added comments to makeheader.c and blank lines to its output. o dkparselist had a subtle bug wherein it skipped a character after the ';'. Most often that was a space, so no matter until I started deleting spaces for nofws testing. o dkparselist now checks for a trailing key but no value. o Found a memory leak. dk->sender wasn't being freed. o Added nofws support. o Broke dkpolicy() out into its own subroutine. It's now called in two places: if the signature doesn't verify, and if there is no signature at all. o Added a copyright license. o Completely changed the way headers were parsed, to handle h=. o Added h= support. o Added test cases. Changes from 0.60 to 0.61: o added -DBIND_8_COMPAT for BIND9's sake. o added dk_siglen to get the signature length. o moved privatekey parameter from dk_sign to dk_getsig. Changes from 0.59 to 0.60: o dns_txt.c should extract the TXT record into a PACKETSZ buffer, not MAXDNAME. o Fixed two error return values in dns_txt.c o dknewkey should delete its temporary file. o Implemented full-RFC2822 address parsing. o Added test case for dk_from to dktest.c o Wasn't returning flags correctly in dk_eom(). o Wasn't properly null-terminating the signature string. o Removed error notes from 'test'. o Added whole piles of RFC2822 address parsing to 'test'. Changes from 0.58 to 0.59: o dktest strips off the path from the key filename to get the selector. o dktest's -a option is now -b. o dktest now rewinds its stdin. o Added support for SWIG. o Added dknewkey, which generates a private/public key pair and formats the public key for insertion into a zone file. o Wrote man pages for dktest and dknewkey in HTML. o Portability fixes to Makefile, test, and dns_txt.c o Fixed a bug in multiple TXT character-string handling.