--- /dev/null
+commit 6a11a9e618a72b8d96aecb2ad9aa300b98f8d991
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun Nov 29 01:12:38 2015 +0000
+
+ DKIM: relaxed body canonicalisation should ignore whitespace at EOL
+ and empty lines at EOM. Bug 1721
+
+diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
+index cd79521..de774a2 100644
+--- a/src/src/pdkim/pdkim.c
++++ b/src/src/pdkim/pdkim.c
+@@ -596,7 +596,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) {
+ pdkim_strtrim(cur_val);
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str);
++ fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str);
+ #endif
+ switch (cur_tag->str[0]) {
+ case 'b':
+@@ -674,7 +674,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) {
+ default:
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "Unknown tag encountered\n");
++ fprintf(ctx->debug_stream, " Unknown tag encountered\n");
+ #endif
+ break;
+ }
+@@ -799,7 +799,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) {
+ pdkim_strtrim(cur_val);
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str);
++ fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str);
+ #endif
+ switch (cur_tag->str[0]) {
+ case 'v':
+@@ -833,7 +833,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) {
+ default:
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream)
+- fprintf(ctx->debug_stream, "Unknown tag encountered\n");
++ fprintf(ctx->debug_stream, " Unknown tag encountered\n");
+ #endif
+ break;
+ }
+@@ -925,7 +925,7 @@ int pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) {
+ sig->signed_body_bytes += canon_len;
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream!=NULL)
+- pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,0);
++ pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,1);
+ #endif
+ }
+
+@@ -1037,6 +1037,23 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) {
+ goto BAIL;
+ }
+
++ if ( ctx->sig
++ && ctx->sig->canon_body == PDKIM_CANON_RELAXED) {
++ /* Lines with just spaces need to be buffered too */
++ char *check = p;
++ while(memcmp(check,"\r\n",2) != 0) {
++ char c = *check;
++
++ if (c != '\t' && c != ' ')
++ goto PROCESS;
++ check++;
++ }
++
++ ctx->num_buffered_crlf++;
++ goto BAIL;
++ }
++
++ PROCESS:
+ /* At this point, we have a non-empty line, so release the buffered ones. */
+ while (ctx->num_buffered_crlf) {
+ pdkim_update_bodyhash(ctx,"\r\n",2);
+@@ -1699,7 +1716,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
+ if (ctx->debug_stream) {
+ fprintf(ctx->debug_stream,
+ "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
+- fprintf(ctx->debug_stream,"Raw record: ");
++ fprintf(ctx->debug_stream," Raw record: ");
+ pdkim_quoteprint(ctx->debug_stream, dns_txt_reply, strlen(dns_txt_reply), 1);
+ }
+ #endif
+@@ -1710,7 +1727,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
+ sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_PARSING;
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream) {
+- fprintf(ctx->debug_stream,"Error while parsing public key record\n");
++ fprintf(ctx->debug_stream," Error while parsing public key record\n");
+ fprintf(ctx->debug_stream,
+ "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ }
+
+commit 9042106b5116fcc621e1c720460a42896011c1cd
+Author: Jeremy Harris <jgh146exb@wizmail.org>
+Date: Sun Nov 29 01:36:06 2015 +0000
+
+ DKIM: fix relaxed body verify for a newline-only body. Bug 963
+
+diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
+index 99948ff..94328f7 100644
+--- a/src/src/pdkim/pdkim.c
++++ b/src/src/pdkim/pdkim.c
+@@ -987,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) {
+ else {
+ #ifdef PDKIM_DEBUG
+ if (ctx->debug_stream) {
+- fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
+- sig->domain);
+ fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain);
+ pdkim_hexprint(ctx->debug_stream, sig->bodyhash,
+ (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1);
++ fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
++ sig->domain);
+ }
+ #endif
+ sig->verify_status = PDKIM_VERIFY_FAIL;
+@@ -1022,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) {
+ if (ctx->input_mode == PDKIM_INPUT_SMTP) {
+ /* Terminate on EOD marker */
+ if (memcmp(p,".\r\n",3) == 0) {
++ /* In simple body mode, if any empty lines were buffered,
++ replace with one. rfc 4871 3.4.3 */
++ if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE
++ && ctx->num_buffered_crlf > 0)
++ pdkim_update_bodyhash(ctx,"\r\n",2);
++
+ ctx->seen_eod = 1;
+ goto BAIL;
+ }
+