Archive for the ‘Releases’ Category

OpenDNSSEC 1.4.5

Version 1.4.5 of OpenDNSSEC has now been released:

Bugfixes:

  • OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation.
  • OPENDNSSEC-609: ods-ksmutil: ‘key list’ command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za>

Documentation:

Download:

 

SoftHSM 2.0.0a2

Version 2.0.0a2 of SoftHSM has been released.

Updates:

  • SOFTHSM-68: Display a better configure message when there is a version of Botan with a broken ECC/GOST/OID implementation.
  • SOFTHSM-70: Improved handling of the database backend.
  • SOFTHSM-71: Supporting Botan 1.11.
  • SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when using the Botan crypto backend.
  • SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
  • SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the command line utilties with softhsm2-.
  • SOFTHSM-89: Use constants and not strings for signaling algorithms.
  • SUPPORT-129: Possible to use an empty template in C_GenerateKey. The class and key type are inherited from the generation mechanism. Some mechanisms do however require a length attribute. [SOFTHSM-88]
  • SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384, or SHA512. [SOFTHSM-87]

Bugfixes:

  • SOFTHSM-39: Fix 64 bit build on sparc sun4v.
  • SOFTHSM-69: GOST did not work when you disabled ECC.
  • SOFTHSM-78: Correct the attribute checks for a number of objects.
  • SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
  • SOFTHSM-91: Fix a warning from static code analysis.
  • Fixed a number of memory leaks.

Documentation:

Download:

 

OpenDNSSEC 1.4.4

Version 1.4.4 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574].
  • OPENDNSSEC-358: ods-ksmutil: Extend ‘key list’ command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.
  • OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).

Bugfixes:

  • SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
  • SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526].
  • SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529].
  • SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
  • SUPPORT-108: Signer Engine: Don’t replace tabs in RRs with whitespace [OPENDNSSEC-520].
  • SUPPORT-116: ods-ksmutil: ‘key import’ date validation fails on certain dates [OPENDNSSEC-553].
  • SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
  • SUPPORT-127: ods-signer: Fix manpage sections.
  • OPENDNSSEC-457: ods-ksmutil: Add a check on the ‘zone add’ input/output type parameter to allow only File or DNS.
  • OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
  • OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
  • OPENDNSSEC-531: ods-ksmutil: Exported value of <Parent><SOA><TTL> in ‘policy export’ output could be wrong on MySQL.
  • OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
  • OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS.
  • OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
  • OPENDNSSEC-560: Signer Engine: Don’t crash when unsigned zone has no SOA.
  • Signer Engine: Fix a race condition when stopping daemon.

Documentation:

Download:

 

SoftHSM 1.3.6

Version 1.3.6 of SoftHSM has been released.

Updates:

  • SOFTHSM-51: Call umask to restrict created files.

Bugfixes:

  • Fix malloc(0) warning in clang.

Documentation:

Download:

 

SoftHSM 2.0.0a1

Version 2.0.0a1 of SoftHSM has been released. This is the first alpha version for SoftHSM v2. All required features for this version have been implemented and we would like to get feedback from community.

SoftHSM v2 Key Features:

  • Encrypting sensitive information on disc
  • Generalized crypto backend: OpenSSL or Botan
  • Supporting more mechanisms: ECDSA, GOST, DSA, DH, AES, DES
  • Supporting more PKCS#11 functions: Encryption/Decryption, Wrapping/Unwrapping

Documentation:

Download:

 

OpenDNSSEC 1.4.3

Version 1.4.3 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-461].
  • OPENDNSSEC-106: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
  • OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
  • OPENDNSSEC-390: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
  • OPENDNSSEC-430: ods-ksmutil: Improve ‘zone add’ – Zone add command could warn if a specified zone file or adapter file does not exits.
  • OPENDNSSEC-431: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.
  • OPENDNSSEC-454: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.

Bugfixes:

  • OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
  • OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
  • OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR.
  • OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial.

Documentation:

Download:

 

 

 

OpenDNSSEC 1.3.16

Version 1.3.16 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-441].
  • OPENDNSSEC-436: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
  • OPENDNSSEC-458: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
  • OPENDNSSEC-460: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
  • OPENDNSSEC-472: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.
  • OPENDNSSEC-473: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.

Bugfixes:

  • OPENDNSSEC-451: Signer Engine: Prevent CKA_ID and DNSKEY mixup by using a separate HSM context when loading signer configuration.
  • OPENDNSSEC-462: Signer Engine: Duration PT0S is not printed correctly.
  • ods-ksmutil: Fix typo in policy export with NSEC3 <Iterations>.

Documentation:

Download:

 

 

SoftHSM 1.3.5

Version 1.3.5 of SoftHSM has been released.

Bugfixes:

  • SOFTHSM-45: Improved handling of a busy database
  • SUPPORT-76: Add -Wall -Werror flags and fix the warnings.
  • Fix more warnings on EPEL.

Documentation:

Download:

 

OpenDNSSEC 1.3.15

Version 1.3.15 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-58: Extend ods-signer sign <zone> with –serial <nr> so that the user  can specify the SOA serial to use in the signed zone [OPENDNSSEC-423].
  • OPENDNSSEC-428: Add option for ‘ods-ksmutil key generate’ to take total  number of zones as a parameter
  • OPENDNSSEC-448: Signer Engine: Enhancements to signer debug locks.

Bugfixes:

  • SUPPORT-75: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-452].
  • OPENDNSSEC-397: Change “hsmutil list” output so that the table header goes to stdout not stderr
  • OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create  too many keys for <SharedKeys/> policies when KSK and ZSK use same  algorithm and length
  • OPENDNSSEC-445: ods-ksmutil: Clean up of hsm connection handling

Documentation:

Download:

 

OpenDNSSEC 1.4.2

Version 1.4.2 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-428: ods-ksmutil: Add option for ‘ods-ksmutil key generate’ to take number of zones as a parameter

Bugfixes:

  • SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427].
  • SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-444].
  • OPENDNSSEC-401: ‘ods-signer sign <zone> –serial <nr>’ command produces seg fault when run directly on command line (i.e. not via interactive mode)
  • OPENDNSSEC-440: ‘ods-ksmutil key generate’ and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length
  • OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking.
  • OPENDNSSEC-425 Change “hsmutil list” output so that the table header goes to stdout not stderr
  • OPENDNSSEC-438: ‘ods-ksmutil key generate’ and the enforcer can create too many keys for <SharedKeys/> policies when KSK and ZSK use same algorithm and length
  • OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling
  • Signer Engine: Improved Inbound XFR checking.
  • Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled.

Documentation:

Download:

 

 

You are currently browsing the archives for the Releases category.