Archive for the ‘Releases’ Category

OpenDNSSEC 1.4.6

Version 1.4.6 of OpenDNSSEC has now been released:

Updates:

  • Signer Engine: Print secondary server address when logging notify reply errors.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-469: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone the first time due to RFC 1982 serial arethmetic.
  • OPENDNSSEC-619: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • OPENDNSSEC-627: Signer Engine: Unable to update serial after restart when the backup files has been removed.
  • OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed from debug to info.
  • OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
  • libhsm: Fixed a few other memory leaks.
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)

Documentation:

Download:

 

OpenDNSSEC 1.3.18

Version 1.3.18 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-620: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-632: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-624: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)
  • libhsm: Fixed a few other memory leaks.

Documentation:

Download:

 

SoftHSM 1.3.7

Version 1.3.7 of SoftHSM has been released.

Bugfixes:

  • SOFTHSM-94: umask affecting the calling application.
  • SOFTHSM-96: Check if Botan has already been initialised.

Documentation:

Download:

 

OpenDNSSEC 1.3.17

Version 1.3.17 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-575].
  • Signer Engine: log serial of signed zone in STATS line.
  • OPENDNSSEC-550: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).
  • OPENDNSSEC-569: Build compatibility with SoftHSMv2.
  • Signer Engine: Examine unsigned zone checks for SOA RRset existence.
  • OPENDNSSEC-591: ods-ksmutil: Extend ‘key list’ command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.

Bugfixes:

  • SUPPORT-116: ods-ksmutil key import. Date validation fails on certain dates [OPENDNSSEC-589].
  • OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
  • OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
  • OPENDNSSEC-515: Signer Engine: Don’t replace tabs in RRs with whitespace.
  • OPENDNSSEC-538: libhsm: Possible memory corruption in hsm_get_slot_id.
  • Signer Engine: Fix a race condition when stopping daemon.
  • OPENDNSSEC-586: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
  • OPENDNSSEC-588: ods-ksmutil: Exported value of <Parent><SOA><TTL> in ‘policy export’ output could be wrong on MySQL.

Documentation:

Download:

 

OpenDNSSEC 1.4.5

Version 1.4.5 of OpenDNSSEC has now been released:

Bugfixes:

  • OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation.
  • OPENDNSSEC-609: ods-ksmutil: ‘key list’ command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za>

Documentation:

Download:

 

SoftHSM 2.0.0a2

Version 2.0.0a2 of SoftHSM has been released.

Updates:

  • SOFTHSM-68: Display a better configure message when there is a version of Botan with a broken ECC/GOST/OID implementation.
  • SOFTHSM-70: Improved handling of the database backend.
  • SOFTHSM-71: Supporting Botan 1.11.
  • SOFTHSM-76: Do not generate RSA keys smaller than 1024 bit when using the Botan crypto backend.
  • SOFTHSM-83: Support CKA_VALUE_BITS for CKK_DH private key object.
  • SOFTHSM-85: Rename libsofthsm.so to libsofthsm2.so and prefix the command line utilties with softhsm2-.
  • SOFTHSM-89: Use constants and not strings for signaling algorithms.
  • SUPPORT-129: Possible to use an empty template in C_GenerateKey. The class and key type are inherited from the generation mechanism. Some mechanisms do however require a length attribute. [SOFTHSM-88]
  • SUPPORT-131: Support RSA-PSS using SHA1, SHA224, SHA256, SHA384, or SHA512. [SOFTHSM-87]

Bugfixes:

  • SOFTHSM-39: Fix 64 bit build on sparc sun4v.
  • SOFTHSM-69: GOST did not work when you disabled ECC.
  • SOFTHSM-78: Correct the attribute checks for a number of objects.
  • SOFTHSM-80: Prevent segfault in OpenSSL GOST HMAC code.
  • SOFTHSM-91: Fix a warning from static code analysis.
  • Fixed a number of memory leaks.

Documentation:

Download:

 

OpenDNSSEC 1.4.4

Version 1.4.4 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-574].
  • OPENDNSSEC-358: ods-ksmutil: Extend ‘key list’ command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.
  • OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).

Bugfixes:

  • SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
  • SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired [OPENDNSSEC-526].
  • SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug [OPENDNSSEC-529].
  • SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
  • SUPPORT-108: Signer Engine: Don’t replace tabs in RRs with whitespace [OPENDNSSEC-520].
  • SUPPORT-116: ods-ksmutil: ‘key import’ date validation fails on certain dates [OPENDNSSEC-553].
  • SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
  • SUPPORT-127: ods-signer: Fix manpage sections.
  • OPENDNSSEC-457: ods-ksmutil: Add a check on the ‘zone add’ input/output type parameter to allow only File or DNS.
  • OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
  • OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
  • OPENDNSSEC-531: ods-ksmutil: Exported value of <Parent><SOA><TTL> in ‘policy export’ output could be wrong on MySQL.
  • OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
  • OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR request with EDNS.
  • OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
  • OPENDNSSEC-560: Signer Engine: Don’t crash when unsigned zone has no SOA.
  • Signer Engine: Fix a race condition when stopping daemon.

Documentation:

Download:

 

SoftHSM 1.3.6

Version 1.3.6 of SoftHSM has been released.

Updates:

  • SOFTHSM-51: Call umask to restrict created files.

Bugfixes:

  • Fix malloc(0) warning in clang.

Documentation:

Download:

 

SoftHSM 2.0.0a1

Version 2.0.0a1 of SoftHSM has been released. This is the first alpha version for SoftHSM v2. All required features for this version have been implemented and we would like to get feedback from community.

SoftHSM v2 Key Features:

  • Encrypting sensitive information on disc
  • Generalized crypto backend: OpenSSL or Botan
  • Supporting more mechanisms: ECDSA, GOST, DSA, DH, AES, DES
  • Supporting more PKCS#11 functions: Encryption/Decryption, Wrapping/Unwrapping

Documentation:

Download:

 

OpenDNSSEC 1.4.3

Version 1.4.3 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-72: Improve logging when failed to increment serial in case of key rollover and serial value “keep” [OPENDNSSEC-461].
  • OPENDNSSEC-106: Add ‘ods-enforcerd -p <policy>’ option. This prompts the enforcer to run once and only process the specified policy and associated zones.
  • OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml. Default value remains PT0S.
  • OPENDNSSEC-390: ods-ksmutil: Add an option to the ‘ods-ksmutil key ds-seen’ command so the user can choose not to notify the enforcer.
  • OPENDNSSEC-430: ods-ksmutil: Improve ‘zone add’ – Zone add command could warn if a specified zone file or adapter file does not exits.
  • OPENDNSSEC-431: ods-ksmutil: Improve ‘zone add’ – Support default <input> and <output> values for DNS adapters.
  • OPENDNSSEC-454: ods-ksmutil: Add option for ‘ods-ksmutil key import’ to check if there is a matching key in the repository before import.

Bugfixes:

  • OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
  • OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
  • OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back to AXFR.
  • OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use inbound serial.

Documentation:

Download:

 

 

 

You are currently browsing the archives for the Releases category.