Archive for the ‘Releases’ Category

OpenDNSSEC 1.4.9

Version 1.4.9 of OpenDNSSEC has now been released.

News:

The main motivations for this release are bug fixes related to use cases with large number of zones (more than 50 zones) in combination with an XFR based setup. Too much concurrent zone transfers causes new transfers to be held back. These excess transfers however were not properly scheduled for later.

No migration steps needed when upgrading from OpenDNSSEC 1.4.8.

Bugfixes:

  • Add TCP waiting queue. Fix signer getting ‘stuck’ when adding many zones at once. Thanks to Håvard Eidnes to bringing this to our attention.
  • OPENDNSSEC-723: received SOA serial reported as on disk.
  • Fix potential locking issue on SOA serial.
  • Crash on shutdown. At all times join xfr and dns handler threads.
  • Make handling of notifies more consistent. Previous implementation would bounce between code paths.

Download:

OpenDNSSEC 1.4.8.2

Version 1.4.8.2 of OpenDNSSEC has now been released.

News

  • Support for RFC5011 style KSK rollovers. KSK section in the KASP now accepts element.
  • Enforcer: New repository option allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.

Bugfixes

  • SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
  • Fixed signer hitting assertion on short reply XFR handler.
  • Include revoke bit in keytag calculation.
  • Increased stacksize on some systems (thanks Patrik Lundin!).
  • Stop ods-signerd on SIGINT.

Note:

  • By error 1.4.8 did not include database migration scripts for upgrading existing installations. 1.4.8.2 resolves this issue.

Download:

SoftHSM 2.0.0

Version 2.0.0 of SoftHSM has been released. More updates and bug fixes can be found in the alpha and beta release notes.

Updates:

  • SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
  • Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. (Patch from Thomas Calderon

Bug fixes:

  • SOFTHSM-120: Segfault after renaming variables.

Download:

 

SoftHSM 2.0.0b3

Version 2.0.0b3 of SoftHSM has been released.

Updates:

  • SOFTHSM-113: Support for Botan 1.11.15
  • SOFTHSM-119: softhsm2-util: Support ECDSA key import (Patch from Magnus Ahltorp)
  • SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES. Using DH, ECDH or symmetric encryption.

Bugfixes:

  • SOFTHSM-108: A marked as trusted certificate cannot be imported.
  • SOFTHSM-109: Unused parameter and variable warnings.
  • SOFTHSM-110: subdir-objects warnings from autoreconf.
  • SOFTHSM-111: Include FIPS-NOTES.md in dist.
  • SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
  • SOFTHSM-114: Fix memory leak in a test script.
  • SOFTHSM-115: Fix static analysis warnings.
  • SUPPORT-154: A marked as non-modifiable object cannot be generated.
  • SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
  • SUPPORT-157: Derived secrets were truncated after encryption and could thus not be decrypted.
  • Mutex should call MutexFactory wrapper functions. (Patch from Jerry Lundström)
  • Return detailed error message to loadLibrary(). (Patch from Petr Spacek)

Download:

 

SoftHSM 2.0.0b2

Version 2.0.0b2 of SoftHSM has been released.

Updates:

  • SOFTHSM-50: OpenSSL FIPS support.
  • SOFTHSM-64: Updated build script for Windows.
  • SOFTHSM-100: Use –free with softhsm2-util to initialize the first free token.
  • SOFTHSM-103: Allow runtime configuration of log level.
  • SOFTHSM-107: Support for CKM__CBC_PAD.
  • Add support for CKM_RSA_PKCS_OAEP key un/wrapping. (Patch from Petr Spacek)
  • Use OpenSSL EVP interface for AES key wrapping. (Patch from Petr Spacek)
  • Allow reading configuration file from user’s home directory. (Patch from Nikos Mavrogiannopoulos)

Bugfixes:

  • SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE.
  • Coverity found a number of issues.

Download:

 

OpenDNSSEC 1.4.7

Version 1.4.7 of OpenDNSSEC has now been released.

Bugfixes:

  • SUPPORT-147: Zone updating via zone transfer can get stuck (Håvard Eidnes)
  • Crash on ‘retransfer command when not using DNS adapters.

Download:

  • https://dist.opendnssec.org/source/opendnssec-1.4.7.tar.gz
  • https://dist.opendnssec.org/source/opendnssec-1.4.7.tar.gz.sig
  • Checksum SHA256: 8f757ca9e88d6a6dc8f9b6e46a3da5e3a2881b3311fb91c428bcf906683ac41f

SoftHSM 2.0.0b1

Version 2.0.0b1 of SoftHSM has been released.

Updates:

  • SOFTHSM-84: Check that all mandatory attributes are given during the creation process.
  • SOFTHSM-92: Enable -fvisibility=hidden on per default
  • SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal (Patch from Martin Paljak)
  • Add support for CKM_RSA_PKCS key un/wrapping (Patch from Petr Spacek)

Bugfixes:

  • SOFTHSM-66: Attribute handling when using multiple threads
  • SOFTHSM-93: Invalid C++ object recycling.
  • SOFTHSM-95: umask affecting the calling application.
  • SOFTHSM-97: Check if Botan has already been initialized.
  • SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA correctly.
  • SOFTHSM-99: Binary encoding of GOST values.
  • SUPPORT-136: softhsm2-keyconv creates files with sensitive material in insecure way.

Download:

 

OpenDNSSEC 1.4.6

Version 1.4.6 of OpenDNSSEC has now been released:

Updates:

  • Signer Engine: Print secondary server address when logging notify reply errors.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-469: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone the first time due to RFC 1982 serial arethmetic.
  • OPENDNSSEC-619: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • OPENDNSSEC-627: Signer Engine: Unable to update serial after restart when the backup files has been removed.
  • OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed from debug to info.
  • OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
  • libhsm: Fixed a few other memory leaks.
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)

Documentation:

Download:

 

OpenDNSSEC 1.3.18

Version 1.3.18 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-620: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-632: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-624: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)
  • libhsm: Fixed a few other memory leaks.

Documentation:

Download:

 

SoftHSM 1.3.7

Version 1.3.7 of SoftHSM has been released.

Bugfixes:

  • SOFTHSM-94: umask affecting the calling application.
  • SOFTHSM-96: Check if Botan has already been initialised.

Documentation:

Download:

 

You are currently browsing the archives for the Releases category.