DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8032276b576b69894cc21daf5a198a50c171c271
dkimpy-smtputf8/ChangeLog
T
Scott Kitterman 8032276b57 Bump version to 0.9.0 since this is now a feature release 
- Update oversigned (frozen) header field list to reduce signature
      fragility (removes 'date' and 'subject' fields from being oversigned by
      default - see usage section of README for information on how to restore
      the previous behavior)
    - Added new add_should_not for DKIM/ARC classes to prevent additional
      header fields from being signed
    - Added 'from' to should sign list (to prevent it from not being signed at
      all in the unusual event that 'from' is locally removed from the frozen
      header field set (LP: #1525048)
    - Updates for experimental ARC support:
      - Specified that for ARC, Authentication-Results should not be signed
2018-10-30 11:29:09 -04:00

175 lines
7.5 KiB
Plaintext
Raw Blame History

UNRELEASED Version 0.9.0
- Update oversigned (frozen) header field list to reduce signature
fragility (removes 'date' and 'subject' fields from being oversigned by
default - see usage section of README for information on how to restore
the previous behavior)
- Added new add_should_not for DKIM/ARC classes to prevent additional
header fields from being signed
- Added 'from' to should sign list (to prevent it from not being signed at
all in the unusual event that 'from' is locally removed from the frozen
header field set (LP: #1525048)
- Updates for experimental ARC support:
- Limit to rsa-sha256, rsa-sha1 not used by ARC and multi-signature
design TBD
- Raise error when ARC signing if i= instance limit value of 50 is
exceeded
- Specified that for ARC, Authentication-Results should not be signed
- Fix DNS lookups to be compatible with EAI addresses in domains and
selectors (John Levine)
- Add type Hinting for sign and verify functions (LP: #1782596)
(Thomas Ward)
- PEP8 Blank Lines Style Issues (LP: #1782596)
(Thomas Ward)
- Python 3.7 compatibility fixup for dkim.canonicalization.
strip_trailing_lines due to changed RE.sub() processing (LP: #1800313)
2018-06-16 Version 0.8.1
- Correctly fold lines at or near the maximum line length (fix folding
zero length lines and adding a blank line and adding an exra cr/lf for
lines near max length (LP: #1717576)
- Thanks to Christian Jørgensen and John Levine for reporting the issue
- Add testing extras option to setup.py (Daniel Hahler)
- Fix deprecation warnings in test asserts (Daniel Hahler)
- Correctly limit try/except for imports to import errors (Daniel Hahler)
- Don't error out in Python 3 if include headers is string (LP: #1776775)
- Correct requires invocation for py3dns
2018-05-18 Version 0.8.0
- Change from distutils to setuptools with entry points because it's the
future
- Use install_requires and extras_requires to document external
dependencies for dkimpy (LP: #1227526)
- Fix typo in dknewkey(1) for k= tag (Thanks to Andreas Schulze for
reporting)
- Detect incorrect version in DKIM public key record (LP: #1763815)
- Detect unknown algorithm in k= tag and raise an appropriate error, vice
failing with a traceback
- Indicate that ed25519-sha256 is no longer experimental
2018-02-17 Version 0.7.1
- Update ed25519 tests, including using sample keys from RFC 8032 Section
7.1 and the sample message from RFC 6376
- Return an empty list (as expected) when no AR headers are found or no AR
arc stamps are found and the chain terminated (LP: #1748146)
- Use correct h= tag in dknewnkey.py generated DKIM records for RSA
2018-02-07 Version 0.7.0
- Initial ed25519 implementation based on draft-ietf-dcrup-dkim-crypto
experimental - IETF draft, design not finalized, See README for details
- Port dkimsign.py to use argparse; now gives standard usage message and
is more extensible
- Add command line options to dkimsign.py to select header and body
canonicalization algorithmns (LP: #1272724)
- Add command line option to dkimsign.py to select signing algorithm
- For dknewkey.py make default to include h=sha256 in the DNS record to
exclude usage with sha1. Can be overriden
- Update ARC processing to current draft
- Fix arcverify tag requirements (LP: #1710312)
- Fix empty body canonicalization for relaxed canonicalization (LP: #1727319)
* Thanks to Matthew Palmer for the report and the proposed fix
- Add new test, test_implicit_k, to verify that RSA processing is still
correct when the optional k= tag is not present in the DKIM public key
record
- Fix -v verbose reporting in dkimverify.py
- Fix unbound local variable error when processing signatures with an x
tag, but no t tag (LP: #1739637)
2017-05-30 Version 0.6.2
- Fixed problem with header folding that caused the first line to be
folded too long (Updated test test_add_body_length since l= tag is no
longer at the beginning of a line)
- Fixed python3.4 string interpolation issue
- Fix some byte casting issues & typos
- Add test case for verification when should headers are signed
- Check and update references:
* Replace RFC 4871 withRFC 6376
* Replaace RFC 3447 with RFC 8017
* Add mention of DCRUP working group addressing key length issues
2017-01-27 Version 0.6.1
- Fixed python3 dns lookup issue
- Fixed arcverify.py issue
2017-01-23 Version 0.6.0
- Add capability to sign and verify ARC signatures
- Added new script, dknewkey.py, to generate DKIM keys
2015-12-07 Version 0.5.6
- Brown paper bag release, 0.5.5 tarball inadvertently included pyc files
and other artifacts from development
2015-12-07 Version 0.5.5
- Fix and test case for case insensitive subdomain matching.
- Python3 compatibility fixes and test cases thanks to Diane Trout
2013-06-10 Version 0.5.4
- Fixed error in FWS regular expression that cause some valid signatures
to fail verification (Thanks to Peter Palfrader (weasel) for the patch)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711751
- Change dkimsign.py to sign the default (recommended) set of headers
instead of all headers
2012-10-27 Version 0.5.3
- Make key parsing error messages more specific to help troubleshooting
based on user feedback
2012-06-13 Version 0.5.2
- Change canonicalization defaults to work around issues with different
verification implementations <https://launchpad.net/bugs/939128>
- Fully fold DKIM-Signature on sign, and ignore FWS in b= value on verify
- Fix hashing problem while signing using sha1
- Trap NXDOMAIN exception with dnspython
- Other minor bug fixes
2012-02-03 Version 0.5.1
- Rename tarball to dkimpy to avoid confusion with original project
- Apply performance patch from <https://launchpad.net/bugs/901591>
- save parsed signatures in DKIM object
- do not require DNS/dnspython for signing
2011-10-26 Version 0.5
- Add test case and fix for <https://launchpad.net/bugs/644046>
- Add test case and fix for <https://launchpad.net/bugs/737311>
- Fix dkim.fold()
- raise KeyFormatError when missing required key parts in DNS
- do not sign all headers by default
- option to verify signatures other than first
2011-06-16 Version 0.4.2
- Fix use of dns namespace so dnspython works
2011-06-15 Version 0.4.1
- Fix some except clauses for python3
- Correct Changelog and release versions
- Add test case for <https://launchpad.net/bugs/587783>
- add back dkim.Relaxed and dkim.Simple constants
2011-06-14 Version 0.4
- new API: class DKIM to retrieve domain and other info after verify
- Add support for python3
- pydns driver tested and fixed
- when producing Relaxed mode signatures, the partial DKIM-Signature
header must be canonicalized before hashing (Martin Pool)
<https://launchpad.net/bugs/587783>
- other bug fixes
2008-06-25 Version 0.3
- length parameter to sign() is now a boolean
- sign() now folds the DKIM-Signature line
- validation of all inputs
- general code cleanup
2008-02-19 Version 0.2
- handle "rsa-sha1" algorithm properly
- handle multiple DKIM-Signature lines
- handle FWS around = in DKIM-Signature lines
- handle case of single canonicalization algorithm
- handle l= signature property
2008-02-18 Version 0.1
- initial release
Reference in New Issue View Git Blame Copy Permalink