phoenixdkim (1.0.0-1) unstable; urgency=medium

  * Initial upload to Debian (Closes: #1140100).
  * First stable release.  Closes the 1.0.0 beta series.
  * Signing: under StrictHeaders, a message that cannot be signed because it
    violates RFC 5322 (e.g. a duplicate From, a spoofing vector) is now
    rejected back to the sender per On-SignatureError (default reject) instead
    of being delivered unsigned; verification of such messages is unchanged
    (accepted, recorded in Authentication-Results).
  * Fix: drain in-flight connections at shutdown before tearing down the
    configuration, key, and databases, closing an exit-time use-after-free
    race between the worker threads and main() (found with ThreadSanitizer).
  * Fix: make the die/reload/diesig signal flags atomic (sig_atomic_t).
  * Fix: free the header canonicalization of a resigning header-bound handle
    (a leak in the dkim_resign + header-binding path).
  * Fix: phoenixdkim-testmsg now reports the specific reason a message could
    not be signed or verified rather than a generic "Syntax error".
  * Testing: add coverage-guided libFuzzer targets for the signature and
    key-record tag-list parsers (PHOENIXDKIM_ENABLE_FUZZERS), a DNS
    failure-mode classification test, an independent-implementation interop
    cross-check against dkimpy, and a ThreadSanitizer build option
    (PHOENIXDKIM_ENABLE_TSAN).
  * Documentation: describe StrictHeaders' per-direction disposition and the
    security/testing process on the project website.

 -- Edmund Lodewijks <edmund@proteamail.com>  Mon, 15 Jun 2026 16:28:07 +0200

phoenixdkim (1.0.0~beta4-1) trixie; urgency=medium

  * Feature: RFC 8616 (EAI) support — sign and verify internationalised mail
    with UTF-8 header field bodies and U-label domains. Header field names and
    tag names remain ASCII; UTF-8 is validated to RFC 3629 (overlong encodings,
    surrogates, and lone continuations are rejected). Requires libidn2.
  * Feature: embedded Prometheus /metrics HTTP endpoint (MetricsAddr) — an
    opt-in lightweight HTTP server exposing live counters; no external exporter
    or collector required. Disabled unless MetricsAddr is set.
  * DNSSEC: distinguish "validation unavailable" (resolver does not perform
    DNSSEC validation) from "not evaluated"; export the key-record DNSSEC
    status to the Authentication-Results header and milter macros.
  * Verify: log the t=y testing-key disposition override with an explicit log
    line and header token so operators can see why a failing signature was
    still accepted; audit t=s envelope/header alignment and g= local-part
    matching against RFC 6376.
  * Fix: free queued DNS replies in the test harness to silence LeakSanitizer.
  * Fix: remove dead unreachable code and unused preprocessor macros.
  * Packaging: add libidn2-dev build-dependency for EAI (RFC 8616) support;
    drop obsolete syslog.target from systemd service After= ordering.

 -- Edmund Lodewijks <edmund@proteamail.com>  Fri, 05 Jun 2026 16:52:48 +0200

phoenixdkim (1.0.0~beta3-1) trixie; urgency=medium

  * New: metrics and observability — Prometheus textfile exporter
    (MetricsFile), StatsD UDP exporter (StatsDHost), and a per-message
    structured log line (LogResults). No extra library; switched on by
    configuration alone. MetricsFile defaults to the node_exporter textfile
    collector directory; systemd unit gains ReadWritePaths= for it.
  * Build: accept Lua >= 5.4 rather than exactly 5.4; fixes builds on
    distributions shipping Lua 5.5 (e.g. Fedora Rawhide).
  * Packaging: fix dpkg-gencontrol substvar warnings. phoenixdkim-genkey is
    a Perl script, so phoenixdkim-keygen now depends on ${perl:Depends}
    instead of the never-defined ${shlibs:Depends}/${python3:Depends} (it is
    Architecture: all and ships no ELF binaries); phoenixdkim-tools ships only
    compiled binaries, so its stray ${perl:Depends} is dropped. Drop the unused
    dh-python build-dependency (no Python is shipped).
  * Packaging: gate libbsd-dev on Debian 12 and earlier via
    "libc6-dev (>= 2.38) | libbsd-dev". strlcpy/strlcat are in glibc 2.38+
    (Debian 13 Trixie), where CMake already prefers libc and never links
    libbsd; only bookworm-era glibc (2.36) falls through to libbsd-dev.

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 04 Jun 2026 00:00:00 +0200

phoenixdkim (1.0.0~beta1-1) trixie; urgency=medium

  * Rename: library libopendkim -> libphoenixdkim with a fresh SONAME
    (libphoenixdkim.so.0); runtime package libopendkim13 -> libphoenixdkim0,
    dev package libopendkim-dev -> libphoenixdkim-dev; headers move to
    /usr/include/phoenixdkim/; pkg-config opendkim.pc -> phoenixdkim.pc.
  * Version: reset the release line to 1.0.0 as the first PhoenixDKIM release.
    This is a deliberate decrease from the 3.0.0~beta line (inherited from the
    OpenDKIM 2.11 base); no epoch is used, as the earlier betas had no users.
    PHOENIXDKIM_LIB_VERSION (formerly OPENDKIM_LIB_VERSION) tracks the ABI
    triple, now 0:0:0.

 -- Edmund Lodewijks <edmund@proteamail.com>  Mon, 01 Jun 2026 09:21:26 +0200

phoenixdkim (3.0.0~beta14-ng1) trixie; urgency=medium

  * Fix: systemd Type=notify hang when built without libsystemd —
    WITH_SYSTEMD defaulted ON but only gated the library search,
    so a build without libsystemd produced a Type=notify unit backed
    by a daemon that never sends READY=1.  WITH_SYSTEMD is now
    tri-state AUTO/ON/OFF: ON fails configure when libsystemd is
    absent; AUTO detects and warns; OFF disables.
  * Build: systemd unit generated from opendkim.service.in so
    Type= and WatchdogSec match the build (notify+watchdog or
    simple, depending on HAVE_LIBSYSTEMD); @sbindir@ in ExecStart
    and ExecPaths now correctly substituted.
  * Build: new INSTALL_SYSTEMD_UNIT cmake option (default ON on
    Linux) installs the generated unit; debian/rules passes OFF to
    avoid colliding with the packaged copy.
  * Debian: libsystemd-dev [linux-any] added to Build-Depends so
    the Debian package always builds with notify support.
  * Debian: @sbindir@ corrected to /usr/sbin in
    debian/opendkim.service.

 -- Edmund Lodewijks <edmund@proteamail.com>  Thu, 28 May 2026 00:00:00 +0200

phoenixdkim (3.0.0~beta13-ng1) trixie; urgency=medium

  * RFC 8301: RSA-SHA1 verification refused unconditionally;
    DKIM_LIBFLAGS_NOSHA1VERIFY set on every startup. New
    On-WeakAlgorithm option controls milter disposition
    (neutral/reject/quarantine/tempfail/discard); "accept" is
    rejected at config load. RSA-SHA1 signing also disabled.
  * Feature: CheckSigningTable config option and -g/-G flags
  * Feature: opendkim-genzone -s flag for subdomain matching;
    output is now reproducible
  * Feature: optional fourth KeyTable field for signing algorithm
  * Feature: systemd Type=notify readiness signalling and watchdog
    keep-alive thread; service hardening directives
  * Feature: opendkim -V prints full build configuration; git commit
    embedded in version string for development builds
  * Feature: DKIM_FEATURE_ED25519 capability flag; multi-signing
    unit tests t-test204 and t-test205
  * Remove: K&R __P() portability wrappers
  * Remove: smfi_insheader() compatibility stub for sendmail < 8.13.0
  * Remove: dead conf_singleauthres config field
  * Fix: dkim_sign() correctly emits l= body-length tag; missing
    final CRLF no longer rejected when l= is in use
  * Fix: sig_signalg set before feature-check continue in
    dkim_siglist_setup()
  * Fix: correct operator precedence in DKIM_SIG_CHECK macro
  * Fix: header field-body character validation tautology — check
    now correctly rejects invalid characters
  * Fix: assert crash in dkim_canon_selecthdrs when all headers
    are skipped
  * Fix: Ed25519 verification reuse path frees ed_pkey before memset
  * Fix: opendkim-testkey now supports ED25519 key verification
  * Fix: NoHeaderB now suppresses A-R header.b extraction
  * Fix: Authentication-Results with no-result entry accepted as
    valid syntax
  * Fix: distinguish "no From/Date field" from "multiple From/Date
    fields" in header diagnostics
  * Fix: A-R key tag separator changed from semicolon to comma
  * Fix: authserv-id and job-id quoted in A-R per RFC 8601
  * Fix: no BADFORMAT A-R header in sign-only mode when sender
    unresolvable
  * Fix: MaximumHeaders rejection includes SMTP reply and field name
  * Fix: DNAME RRs skipped in DKIM key and failure-report DNS lookups
  * Fix: libunbound context loads /etc/resolv.conf by default
  * Fix: NXDOMAIN distinguished from transient errors in stub resolver
  * Fix: dkim_res_nslist() under HAVE_RES_SETSERVERS
  * Fix: first TXT record used when key query returns multiple records
  * Fix: memory leaks and orphaned-list bug in key lookup (issue #272)
  * Fix: endpwent() called on early returns from key safety checks
    (issue #198)
  * Fix: SafeKeys group warnings report path, not username
  * Fix: warn when KeyFile and KeyTable are both set
  * Fix: clearer diagnostics for KeyTable and SafeKeys failures
  * Fix: DNS timeout distinguished from key-not-found in error log
  * Fix: OpenSSL errors propagated to user in opendkim-genkey
  * Fix: ABI-compatible OpenSSL patch releases accepted at startup
  * Fix: primary GID passed to initgroups() when Group is configured
  * Fix: stack overflow in miltertest on oversized REPLBODY
  * Fix: MT_SMTPREPLY usable after any milter callback, not only EOM
  * Fix: odkim.del_header() deletes the indexed instance, not the first
  * Fix: milter capabilities declared for FinalPolicyScript hooks
  * Fix: dkimf_lua_writer guarded against Lua 5.5 end-of-dump
  * Fix: memmove for overlapping copy in SubDomains domain walk
  * Fix: leading '[' treated as bracketed IPv6 address
  * Fix: milter hostname included in SoftwareHeader when distinct
  * Fix: DKIM failure report skipped when recipient address truncated
  * Code: -Wconversion / -Wsign-conversion remediation complete
    across libopendkim, daemon, miltertest, and test suite
  * Build: optional OPENDKIM_ENABLE_STRICT_C, Valgrind CTest targets,
    and MSan support (all off by default)

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 27 May 2026 00:00:00 +0200

phoenixdkim (3.0.0~beta12-ng1) trixie; urgency=medium

  * Rename: project and source package renamed from opendkim-ng to
    phoenixdkim
  * Man pages: updated .TH headers to identify PhoenixDKIM as the
    source package; removed obsolete references to eliminated backends
  * Remove: orphaned libut directory
  * Remove: autobuild/ (superseded by CMake)
  * Packaging: miltertest binary now correctly installed into the
    miltertest package rather than phoenixdkim
  * Packaging: remove empty conffiles
  * Packaging: remove obsolete syslog.target from systemd service unit

 -- Edmund Lodewijks <edmund@proteamail.com>  Fri, 23 May 2026 00:00:00 +0200

phoenixdkim (3.0.0~beta11-ng1) trixie; urgency=medium

  * Security: fix A-R stripping bypass via trailing-dot authserv-id
  * Security: fix TXT chunk-length OOB read in DNS key extraction
  * Security: sandbox Lua policy hooks against dangerous standard libraries
  * Security: zero per-signrequest private key data before free
  * Security: fix mlfi_connect config-refcount race
  * Fix: dkim_ohdrs z= decode overwrote plist storage (bugs #226, #233, #235)
  * Fix: don't skip body when only one canonicalization mode is
    finished (issue #15)
  * Fix: protect ub_ctx_config() with a mutex (issue #14)
  * Fix: widen password file critical section in dkimf_securefile (issue #8)
  * Fix: RequiredHeaders now reports specific error and rejects (issue #28)
  * Fix: standard resolver DNSSEC-awareness; ub_ctx_config() concurrency
  * Add: header.a and header.s to Authentication-Results output
  * Add: SyslogName configuration option
  * Add: odkim.internal_ip() to screen and final Lua policy hooks
  * Feature: reject non-printable domain/selector in dkim_sign() (feature #190)
  * Build: port missing HAVE_* probes to CMake; add HAVE_LIBCURL
  * Build: CMake hardening infrastructure; OpenSSL 4 support
  * Build: OpenSSL version string in build-config.h and -V output
  * Remove: POPAUTH (POP-before-SMTP) support
  * Remove: QUERY_CACHE BerkeleyDB-backed DNS-result cache
  * Code: systematic -Wcast-qual / -Wshadow / -Wsign-compare / -Wpointer-sign
    remediation across libopendkim, daemon, miltertest, and test
    programs (PR #3)

 -- Edmund Lodewijks <edmund@proteamail.com>  Thu, 21 May 2026 00:00:00 +0200

opendkim-ng (3.0.0~beta10-ng1) unstable; urgency=medium

  * CI: Fix YAML syntax in apt dispatch step

 -- Edmund Lodewijks <edmund@proteamail.com>  Thu, 14 May 2026 00:00:00 +0200

opendkim-ng (3.0.0~beta9-ng1) unstable; urgency=medium

  * CI: Batch apt dispatch — one event per codename, all packages in one run

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 13 May 2026 23:45:00 +0200

opendkim-ng (3.0.0~beta8-ng1) unstable; urgency=medium

  * CI: Add ~bpo12+ version suffix for bookworm builds to avoid pool conflicts

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 13 May 2026 23:15:00 +0200

opendkim-ng (3.0.0~beta7-ng1) unstable; urgency=medium

  * CI: Matrix build for Debian bookworm and trixie
  * CI: Prefix release assets with distro codename
  * CI: Multi-distro apt repository support

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 13 May 2026 22:30:00 +0200

opendkim-ng (3.0.0~beta6-ng1) unstable; urgency=medium

  * CI: Fix build dependencies (libbsd-dev, libevent-dev, nettle-dev,
    libhiredis-dev)
  * CI: Enable Redis/hiredis in deb build
  * CI: Publish .deb packages to apt repository on tag push
  * Build: Drop unused VERSION_STRING and -DVERSION cmake defines
  * Build: Fix t-db-redis link (add opendkim-lua.c)

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 13 May 2026 21:30:00 +0200

opendkim-ng (3.0.0~beta5-ng1) unstable; urgency=medium

  * Rename and move sample configuration to /usr/share/doc/opendkim-ng/
  * Modernise SystemD management: Run as simple, not forking, and without PID
  * Added patches for Lua 5.5+
  * Removed older or unwanted db backends (BDB, OpenDBX, LDAP, SASL,
    libmemchaced, Erlang)
  * Fixed 2 bugs in the LMDB code
  * Added Redis/Valkey as db backend (PostgreSQL still planned)
  * Fixed all relevant issues from the pre-fork Github Issues tracker
  * Applied patches from Debian, Fedora, and Gentoo, or fixed the issues in
    a slightly different way (distro patch authors credited)

 -- Edmund Lodewijks <edmund@proteamail.com>  Wed, 13 May 2026 20:23:00 +0200

opendkim-ng (3.0.0~beta4-ng1) unstable; urgency=medium

  * CI: Added GitHub Action workflow for building .deb packages

 -- Edmund Lodewijks <edmund@proteamail.com>  Tue, 12 May 2026 12:39:00 +0200

opendkim-ng (3.0.0~beta3-ng1) unstable; urgency=medium

  * Hotfix: Fix SigningTable validation

 -- Edmund Lodewijks <edmund@proteamail.com>  Tue, 12 May 2026 12:02:00 +0200

opendkim-ng (3.0.0~beta2-ng1) unstable; urgency=medium

  * Fix Lua 5.4 C API: correct version guards (== 502 → >= 502) across
  all hook functions (setup, screen, final, db)
  * Fix Lua 5.4 C API: remove unguarded lua_load/lua_dump compat shims
  * Fix Lua 5.4 C API: add missing strip argument to lua_dump call sites
  * Fix Lua 5.4 C API: remove stale lua_pop() after luaL_newlib/lua_setglobal
  * Fix signtable validation walk in dkimf_config_load(): missing KeyTable
  entries were not being caught due to datasplit OPTIONAL flag bug
  * Port integration tests to CMake out-of-source build layout
  * Fix miltertest: connect-failure returns nil instead of throwing
  * Fix miltertest: add expect_exit option to startfilter for conf-check tests
  * Disable integration tests for permanently removed features:
  t-lua-rbl, t-sign-atps, t-verify-ss-atps, t-verify-ss-rep,
  t-sign-ss-replace

 -- Edmund Lodewijks <edmund@proteamail.com>  Sat, 09 May 2026 21:58:00 +0200

opendkim-ng (3.0.0~beta1-ng1) unstable; urgency=medium

  * Initial release of the opendkim-ng modernisation fork.
  * Updated library SOVERSION to 13 to reflect OpenSSL 3 EVP port.
  * Migrated build system to CMake for improved maintainability.
  * Implemented Ed25519-SHA256 signing and verification (RFC 8463).
  * Hardened security: Removed RSA-SHA1 and deprecated GnuTLS code paths.
  * Fixed critical memory safety bugs in dkim_qp_decode (buffer overflow/NUL).
  * LMDB implemented as the primary high-performance backend.
  * Cleaned and modernised test suite: SHA256 as default for all tests.

 -- Edmund Lodewijks <edmund@proteamail.com>  Sun, 03 May 2026 21:00:00 +0200
