Archive for the ‘Releases’ Category

SoftHSM 2.0.0

Version 2.0.0 of SoftHSM has been released. More updates and bug fixes can be found in the alpha and beta release notes.

Updates:

  • SOFTHSM-121: Test cases for C_DecryptUpdate/C_DecryptFinal.
  • Support C_DecryptUpdate/C_DecryptFinal for symmetric algorithms. (Patch from Thomas Calderon

Bug fixes:

  • SOFTHSM-120: Segfault after renaming variables.

Download:

 

SoftHSM 2.0.0b3

Version 2.0.0b3 of SoftHSM has been released.

Updates:

  • SOFTHSM-113: Support for Botan 1.11.15
  • SOFTHSM-119: softhsm2-util: Support ECDSA key import (Patch from Magnus Ahltorp)
  • SUPPORT-139: Support deriving generic secrets, DES, DES2, DES3, and AES. Using DH, ECDH or symmetric encryption.

Bugfixes:

  • SOFTHSM-108: A marked as trusted certificate cannot be imported.
  • SOFTHSM-109: Unused parameter and variable warnings.
  • SOFTHSM-110: subdir-objects warnings from autoreconf.
  • SOFTHSM-111: Include FIPS-NOTES.md in dist.
  • SOFTHSM-112: CKM_AES_KEY_WRAP* conflict in pkcs11.h.
  • SOFTHSM-114: Fix memory leak in a test script.
  • SOFTHSM-115: Fix static analysis warnings.
  • SUPPORT-154: A marked as non-modifiable object cannot be generated.
  • SUPPORT-155: auto_ptr is deprecated in C++11, use unique_ptr.
  • SUPPORT-157: Derived secrets were truncated after encryption and could thus not be decrypted.
  • Mutex should call MutexFactory wrapper functions. (Patch from Jerry Lundström)
  • Return detailed error message to loadLibrary(). (Patch from Petr Spacek)

Download:

 

SoftHSM 2.0.0b2

Version 2.0.0b2 of SoftHSM has been released.

Updates:

  • SOFTHSM-50: OpenSSL FIPS support.
  • SOFTHSM-64: Updated build script for Windows.
  • SOFTHSM-100: Use –free with softhsm2-util to initialize the first free token.
  • SOFTHSM-103: Allow runtime configuration of log level.
  • SOFTHSM-107: Support for CKM__CBC_PAD.
  • Add support for CKM_RSA_PKCS_OAEP key un/wrapping. (Patch from Petr Spacek)
  • Use OpenSSL EVP interface for AES key wrapping. (Patch from Petr Spacek)
  • Allow reading configuration file from user’s home directory. (Patch from Nikos Mavrogiannopoulos)

Bugfixes:

  • SOFTHSM-102: C_DeriveKey() uses OBJECT_OP_GENERATE.
  • Coverity found a number of issues.

Download:

 

OpenDNSSEC 1.4.7

Version 1.4.7 of OpenDNSSEC has now been released.

Bugfixes:

  • SUPPORT-147: Zone updating via zone transfer can get stuck (Håvard Eidnes)
  • Crash on ‘retransfer command when not using DNS adapters.

Download:

  • https://dist.opendnssec.org/source/opendnssec-1.4.7.tar.gz
  • https://dist.opendnssec.org/source/opendnssec-1.4.7.tar.gz.sig
  • Checksum SHA256: 8f757ca9e88d6a6dc8f9b6e46a3da5e3a2881b3311fb91c428bcf906683ac41f

SoftHSM 2.0.0b1

Version 2.0.0b1 of SoftHSM has been released.

Updates:

  • SOFTHSM-84: Check that all mandatory attributes are given during the creation process.
  • SOFTHSM-92: Enable -fvisibility=hidden on per default
  • SUPPORT-137: Implement C_EncryptUpdate and C_EncryptFinal (Patch from Martin Paljak)
  • Add support for CKM_RSA_PKCS key un/wrapping (Patch from Petr Spacek)

Bugfixes:

  • SOFTHSM-66: Attribute handling when using multiple threads
  • SOFTHSM-93: Invalid C++ object recycling.
  • SOFTHSM-95: umask affecting the calling application.
  • SOFTHSM-97: Check if Botan has already been initialized.
  • SOFTHSM-98: Handle mandatory attributes for DSA, DH, and ECDSA correctly.
  • SOFTHSM-99: Binary encoding of GOST values.
  • SUPPORT-136: softhsm2-keyconv creates files with sensitive material in insecure way.

Download:

 

OpenDNSSEC 1.4.6

Version 1.4.6 of OpenDNSSEC has now been released:

Updates:

  • Signer Engine: Print secondary server address when logging notify reply errors.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • OPENDNSSEC-621: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-469: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone the first time due to RFC 1982 serial arethmetic.
  • OPENDNSSEC-619: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • OPENDNSSEC-627: Signer Engine: Unable to update serial after restart when the backup files has been removed.
  • OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed from debug to info.
  • OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
  • libhsm: Fixed a few other memory leaks.
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)

Documentation:

Download:

 

OpenDNSSEC 1.3.18

Version 1.3.18 of OpenDNSSEC has now been released:

Updates:

  • OPENDNSSEC-620: conf.xml: New options: <PidFile> for both enforcer and signer, and <SocketFile> for the signer.
  • Build: Fixed various OpenBSD compatibility issues found by Patrik Lundin <patrik.lundin.swe@gmail.com>.
  • New tool: ods-getconf: to retrieve a configuration value from conf.xml given an expression.

Bugfixes:

  • OPENDNSSEC-632: ods-ksmutil: ‘zone add’ command when zonelist.xml.backup can’t be written zone is still added to database, solved it by checking the zonelist.xml.backup is writable before adding zones, and add error message when add zone failed.
  • OPENDNSSEC-624: memory leak when signer failed, solved it by add ldns_rr_free(signature) in libhsm.c
  • simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin https://github.com/eest)
  • libhsm: Fixed a few other memory leaks.

Documentation:

Download:

 

SoftHSM 1.3.7

Version 1.3.7 of SoftHSM has been released.

Bugfixes:

  • SOFTHSM-94: umask affecting the calling application.
  • SOFTHSM-96: Check if Botan has already been initialised.

Documentation:

Download:

 

OpenDNSSEC 1.3.17

Version 1.3.17 of OpenDNSSEC has now been released:

Updates:

  • SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public key directly if SkipPublicKey is used [OPENDNSSEC-575].
  • Signer Engine: log serial of signed zone in STATS line.
  • OPENDNSSEC-550: Signer Engine: Put NSEC3 records on empty non-terminals derived from unsigned delegations (be compatible with servers that are incompatible with RFC 5155 errata 3441).
  • OPENDNSSEC-569: Build compatibility with SoftHSMv2.
  • Signer Engine: Examine unsigned zone checks for SOA RRset existence.
  • OPENDNSSEC-591: ods-ksmutil: Extend ‘key list’ command with options to filter on key type and state. This allows keys in the GENERATE and DEAD state to be output.

Bugfixes:

  • SUPPORT-116: ods-ksmutil key import. Date validation fails on certain dates [OPENDNSSEC-589].
  • OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
  • OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
  • OPENDNSSEC-515: Signer Engine: Don’t replace tabs in RRs with whitespace.
  • OPENDNSSEC-538: libhsm: Possible memory corruption in hsm_get_slot_id.
  • Signer Engine: Fix a race condition when stopping daemon.
  • OPENDNSSEC-586: enforcer & ods-ksmutil: Improve logging on key creation and alloctaion.
  • OPENDNSSEC-588: ods-ksmutil: Exported value of <Parent><SOA><TTL> in ‘policy export’ output could be wrong on MySQL.

Documentation:

Download:

 

OpenDNSSEC 1.4.5

Version 1.4.5 of OpenDNSSEC has now been released:

Bugfixes:

  • OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key generation.
  • OPENDNSSEC-609: ods-ksmutil: ‘key list’ command fails with error in 1.4.4 on MySQL. Reported by Mark Elkins <mje@posix.co.za>

Documentation:

Download: