Skip to content

v1.1.0

Latest
Latest
Compare
Choose a tag to compare
@flowerysong flowerysong released this 05 Nov 18:50
· 17 commits to main since this release
v1.1.0
fe964f8

In this development cycle all open issues and PRs in https://github.com/trusteddomainproject/OpenARC were reviewed and either addressed or rejected, changes in the ARC spec between the drafts OpenARC initially implemented and the final version of RFC 8617 were reviewed and addressed, and all embedded comments indicating a known issue with the code were addressed.

Other efforts focused on housekeeping tasks such as cleaning up unused and broken parts of the build system, reducing code duplication, and increasing test coverage.

Added

  • oldest-pass processing per RFC 8617 section 5.2.
  • openarc-keygen
  • libopenarc - arc_chain_oldest_pass()
  • milter - AuthResIP configuration option.
  • milter - RequireSafeKeys configuration option.
  • milter - MinimumKeySizeRSA configuration option.
  • milter - ResponseDisabled, ResponseUnable, and ResponseUnwilling configuration options.

Changed

  • Custom OpenSSL locations must be configured using OPENSSL_CFLAGS and OPENSSL_LIBS environment variables instead of passing --with-openssl=/path to configure.
  • Custom Jansson locations must be configured using LIBJANSSON_CFLAGS and LIBJANSSON_LIBS environment variables instead of passing --with-libjansson=/path to configure.
  • Custom libmilter locations must be configured using LIBMILTER_CPPFLAGS and LIBMILTER_LDFLAGS environment variables instead of passing --with-milter=/path to configure.
  • Building the milter defaults to requiring Jansson. You can explicitly disable it by passing --without-libjansson to configure.
  • Libidn2 is now required to build OpenARC.
  • libopenarc - ARC-Message-Signature and ARC-Authentication-Results headers are excluded from the AMS, as required by RFC 8617 section 4.1.2.
  • libopenarc - ARC headers are returned with a space before the header value.
  • libopenarc - String arguments are marked as const where applicable.
  • libopenarc - String arguments are normal strings (char *) unless the argument expects a binary string.
  • libopenarc - ARC-Seal headers containing h= tags cause a validation failure, as required by RFC 8617 section 4.1.3.
  • milter - Authentication-Results and ARC-Authentication-Results include header.oldest-pass when appropriate.
  • milter - An ar-test program for seeing how Authentication-Results headers are parsed is built without making you jump through weird hoops.
  • milter - The default behaviour for messages that fail basic validity checks (malformed headers, too many headers) is to reject them.
  • milter - PermitAuthenticationOverrides defaults to false.

Removed

  • libopenarc - arc_mail_parse()

Fixed

  • libopenarc - Seals on failed chains only cover the latest ARC header set, as required by RFC 8617 section 5.1.2.
  • libopenarc - Signing with simple header canonicalization works.
  • libopenarc - ARC headers with a misplaced instance tag are rejected.
  • libopenarc - Unlikely memory leak after memory allocation failures.
  • libopenarc - The installed pkg-config file is more correct.
  • libopenarc - U-labels (domain labels encoded as UTF-8) are allowed in d= and s= tags.
  • libopenarc - arc_eom() propagates internal errors like memory allocation failure instead of marking the chain as failed.
  • libopenarc - Signature fields are wrapped at the configured margin.
  • libopenarc - Header margin wrapping is more accurate and precise.
  • libopenarc - Signatures with FWS after the tag-name are canonicalized correctly.
  • milter - Use after free.
  • milter - Unlikely division by zero.
  • milter - Small memory leak during config loading.
  • milter - The Authentication-Results authserv-id can contain UTF-8.
Assets 5
Loading