
           oooo   o8o   .o8        .oooooo..o ooooooooo.   oooooooooooo
           `888   `"'  "888       d8P'    `Y8 `888   `Y88. `888'     `8
            888  oooo   888oooo.  Y88bo.       888   .d88'  888
            888  `888   d88' `88b  `"Y8888o.   888ooo88P'   888oooo8
            888   888   888   888      `"Y88b  888          888    "
            888   888   888   888 oo     .d8P  888          888
           o888o o888o  `Y8bod8P' 8""88888P'  o888o        o888o

--------------------------------------------------------------------------------
            An ANSI C Implementation of the Sender Policy Framework
--------------------------------------------------------------------------------

libSPF CHANGELOG for v1.0.0 Release Candidate 6


1.0-RC6 -

 Fixed:
 ------
 - Naughty debug output in util.c referencing null address space
 - Naughty debug output in dns.c referencing null address space
 - Over time (requiring the use of threads) eventually libSPF would
   return 'SPF_UNKNOWN' for every query.  This is fixed through a
   change in the way INCLUDE, REDIRECT, and CNAME recursion is handled.
 - Parse bug where multi-string DNS records were not being concatenated as
   there was no check for such a thing (not really sure why anyone would
   even do this?).  Fix applied based on code submitted by 
   Robin Ehrlich <Robin.S.Ehrlich@syntegra.com>
 - Multiple include's are now handled (previously only 2 would be parsed)
 - Slow Memory leak in UTIL_split_str fixed through the freeing of 'cp'
   upon failure to match the delimiter, where was previously 'cp' was
   only free'd if there was a match. (RM)
 - UTIL_split_strr now properly returns NULL if 's' is empty where as
   previously there were instances where it would not do this. (RM)
 - Command line processing in spfqtool fixed to use (argc-1) instead of
   argc. (RM)
 - The potential for a memory access violation in UTIL_strndup is now
   alleviated through a switch to snprintf from memset+memcpy. (RM)
 - The return type of UTIL_index was ambiguous through its dual use of
   the integer 0 and now returns -1 upon error. (RM)
 - Double "debug header" output from xpprintf and xepprintf debug output
   functions (double reference)
 - Improper use of snprintf in UTIL strncpy wrapper yielding breakage in
   the macro parsing department.  Fix applied based on code and bug
   report submitted by Michael Elliott <elliott@rod.msen.com> (ME)
 - 'o' macro expansion is now restricted to just the 'responsible domain'
   from the original email as per the RFC as opposed to the 'rd' from
   whatever domain happened to be currently being examined during 
   recursion.  Fixed.  (ME) 
 - Default best guess and trusted forwarder strings contained an
   additional character of whitespace at the end which appear to be causing
   breakage in FreeBSD and are no longer necessary period and have been
   removed. (ME)
 - Use of 'res_search' led to spurious results due to it following local
   'default' and 'search' rules.  This was actually intentional on my part
   however it violates RFC2821 as was brought to my attention and has been
   replaced with 'res_query' which does not.  'res_search' can be re-enabled
   via --enable-res-search.  submitted by Marc Lehmann <pcg@goof.com> full
   details: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=297060

 Removed:
 --------
 - (util.c) function UTIL_printf()
 - (util.c) function UTIL_guess_whats_in_the_box()
 - (spf.h.in) define MAX_PLEN (associated with UTIL_printf)

 Changed:
 --------
 - IMPORTANT: I've decided to re-add full Received-SPF headers back into
   the library, and have adjusted the patches accordingly.  PLEASE be 
   aware of this when upgrading!  You will HAVE to re-patch your MTA.
   This goes for ALL MTA's.  (all thats re-added is the actual string
   'Received-SPF')
 - IMPORTANT: All newline/linefeeds have been removed in favour of the
   MTA applying these given the varying methods with which the MTA's
   patched to date differ this affords the best level of consistency.
 - IMPORTANT: SPF_parse_policy is slated for privitzation in the 1.0
   release.  You can continue to call it for this hopefully final RC
   however doing so does not fully comply with the RFC.
   If you are already calling SPF_policy_main it now handles fully all
   matters of recursion in full accordance with the RFC.
 - The '\r\n' present when inserting the 'Received-SPF:' header in the 
   qmail patch has been changed to an '\n'.  Apparently the '\r\n'
   resulted in Outhouse Express clients only seeing the e-mail until that
   part (viewing source reveals the entire e-mail is indeed present).
 - xeprintf macro no longer directly calls fprintf but is handled
   within the 'debug_printf' function and now when called displays
   both the function where it was called from but also the line number
   and file name (like the memory allocation wrappers)
 - all remaining macro's in spf.h.in that did not start with SPF_MAX
   have been renamed to do so.
 - previously preallocated 'buf' var in the debug logging function is
   now also allocated each time this function is called
 - _printf_dbg now mallocs and works with 'buf' then the preallocated
   buffer previously used.  Since this is in debugging code the cost of
   mallocing this frequently is of no concern.
 - UTIL_count_delim enforces a limit of SPF_MAX_DELIM instead of
   allowing the type to wrap at its 8bit margin.
 - All 'case' statements now make use of braces for added clarity.
 - SPF Recursion is decremented from 20 to 10 due to user submissions of
   data (thank you, you know who you all are) and my own tests which 
   show that 20 is excessive although being the RFC recommendation / 
   requirement.  If you need it higher, please feel free to raise it 
   yourself through Autoconf (--spf-recursion=20).
 - util.c is now dynamically generated by autoconf which is done to 
   allow for use of %zu which GCC 2.95.x doesn't understand but is
   needed when working with non 32bit arch.

 Improved/Updated:
 -----------------
 - Some attempts have been made to clean up the namespace pollution,
   thus far work has been done on util.c/h and dns.c/h
 - Replaced magic number '26' with SPF_MAX_DATETIME macro
 - Better debugging from within DNS functions.  hstrerror is referenced
   instead of the custom error messages previously used.
 - More descriptive debugging output which makes the codebase now
   consistent with the way the memory allocation wrapper functions use
   preprocessor macros to define in addition to function both the line
   number of the call, and the file from which the code is taken.
 - Updated qmail patch against netqmail 1.05
 - Updated sendmail patch against sendmail v8.13.1
 - "-ggdb" now prepended to CFLAGS only when --enable-debug is set
 
 New:
 ----
 - Postfix patch against Postfix v2.1.4; see patches/Postfix/2.1.x
   (THIS PATCH IS BROKEN SOMEONE PLEASE FIX IT)
 - Reentrant support (threading).  The known non-thread safe portions of
   the library were localtime (which is now localtime_r) and gethostbyname,
   the latter of which a wrapper has been written around it to either make
   use of the GNU extenstion 'gethostbyname_r' if its avaiable or to use a
   pthreads mutex lock around a gethostbyname call to provide pseudo thread-
   safe behaviour.  Reentrant support is enabled through the Autoconf option
   '--enable-pthreads'.
 - Mutex locking for debugging functions in util.c through the addition of
   the pthreads mutex lock handle dubbed 'util_mutex'.  This works around
   the problem of multiple threads attempting to write to the physical
   logfile when _SPF_DEBUG_LOGFILE is defined.
 - xmalloc calls now memset every piece of memory allocated with NULL's
   when compiled with '--enable-paranoid-malloc'
 - Debugging macro 'xpprintf' handles debug output without VA
 - Debugging macro 'xepprintf' handles error output without VA
 - Function 'dbg_pprintf' which is used by xpprintf and xepprintf macros
 - Function 'dummy_pdebug' which is used as a nullifying wrapper when
   debugging is disabled for the xpprintf and xepprintf macros.
 - Function '_UTIL_pthread_mutex' and macro wrapper 'xpthread_mutex_lock'
   and 'xpthread_mutex_unlock' which make life easier instead of riddling
   ifdef'f for _WITH_PTHREADS everywhere :)
 - Private function _SPF_pre_parse_policy takes the code that was sitting
   in DNS_txt_answer where it really didn't belong, this function simply
   reviews the received DNS ANSWER for the presense of a valid SPFv1 
   version tag.
 - Private function _SPF_clear_holdbufs which clears the cname, include
   and redirect placeholders which are used in SPF_policy_main which 
   has been rewritten entirely to properly handle recursion given the
   discovery that include wasn't being handled properly as well as 
   problems stemming from its design from a reentrant perspective
 - Autoconf trigger --enable-debug-logfile forces debug logging to disk
 - Autoconf trigger --enable-logfile-stats enables statistics logging
   to /var/log/spflog.txt
 - Autoconf trigger --enable-full-optimizations enables a series of 
   fairly well tested optimizations known to improve performance in this
   library
 - Makefile now has option "make test" which executes perl on the script
   src/spfqtool/test.pl
 - Cleaned up test.pl and added new tests to test.txt to test multi-part
   DNS strings.
 - Now stores T_TXT records in a new pointer added to the peer_info 
   structure.  This is used by DDT to both store the T_TXT records as
   well as detect SenderID


 libSPF Query Tool (src/spfqtool) changes:
 -----------------------------------------
 - Added Trusted Forwarder support (-t)
 - Added Best Guess support (-b)
 - Added SPF Explanation display support (-e)
 - Added "display spfqtool version)" command (-v)
 - Added Display RFC2822 "Received-SPF:" header (automatic)
 - Cleaned up output and made both debug and regular output more verbose
   with better descriptive headers.
 - Added documentation to docs/spfqtool
 - Updated to version 0.4


 spfmilter (src/spfmilter) changes:
 ----------------------------------
 - spfmilter.h now includes spf.h from local source tree (PH)
 - spfmilter / spfmilter_static now install to /usr/local/sbin (PH)
 - man page (spfmilter.8) is now installed (PH)
 - configure barfs on --enable-spfmilter if --enable-pthreads is not specified
   with an appropriate warning to do so (PH)
 
Abbreviated contributors:

(RM) - Roger Moser <Roger.Moser@pamho.net>
(PH) - Paul Howarth <paul@city-fan.org>
(ME) - Michael Elliott <elliott@rod.msen.com>


EOF
