Archive for the ‘Uncategorized’ Category

SoftHSM 2.6.1

SoftHSM version 2.6.1 was released on 2020-04-29.

Issues:

  • Issue #542: Support Ed448/X448 for OpenSSL.
  • Issue #538: Improved warning and compilation issues for GCC10
  • Issue #527: Fixed compilation issues for MacOS 10.15.4/Xcode 11.4
  • Download:

SoftHSM 2.6.0

SoftHSM version 2.6.0 was released on March 17. This is mostly a continued development of SoftHSMv2, and thus should replace the 2.5 branch to receive any patches.

Even though this is continuation of the development, we should point out that we have upgraded the optional dependency to Botan to version 2. Other fixes and improvements should not influence existing functionality. For a more complete list of improvements see below and the NEWS file inside the package.

No migration, configuration changes or path changes are necessary and the build configuration should not need changing.

Improvements:

  • Issue #493: Upgrade to Botan 2.
  • Issue #530: Update appveyor build.
  • Issue #438: Detect crypto algorithms by default. (Patch from Alon Bar-Lev)
  • Issue #455: Provide a new configuration option to allow enabling and disabling various mechanisms (slots.mechanisms in the softhsm2.conf). (Thanks to Jakub Jelen)
  • Issue #479: Increase SQLite busy timeout from 15 seconds to 3 minutes. (Patch from Jan Luebbe)
  • Issue #513: Add configuration option to reset state on fork closing all sessions rather than keeping all sessions open in duplicate process. (Thanks to Anderson Toshiyuki Sasaki)
  • Issue #500: C_WaitForSlotEvent implementation. (Patch from massey101)
  • Issue #445: Add wrap support with CKM_AES_CBC.

Bugfixes:

  • Issue #418: Set fields to NULL to avoid double free. (Patch from Brian J Murray)
  • Issue #423: ENGINE_load_rdrand is not supported with older openssl. (Patch from Alon Bar-Lev)
  • Issue #429: Updated prerequisite to build from repository. (Patch from Dharmesh Khandelwal)
  • Issue #434: Fix build issues with CMake. (Patch from Peter Wu)
  • Issue #435: Fix botan build without EDDSA. (Patch from Peter Wu)
  • Issue #442: Release resources from OSSLEVPSymmetricAlgorithm. (Patch from Petr Menšík)
  • Issue #449/#502: Do not copy zero sized buffer avoid null pointer reference. (Patch from space88man)
  • Issue #464: Race condition with multiple threads closing last session and opening a newer sessions. (Patch from Takarth)
  • Issue #452: Fixes to automake build fir undefined macros.
  • Issue #462: User PIN count wrongly calculated. (Patch from Ondřej Hlavatý)
  • Issue #516: Fix memory leak in OSSLCryptoFactory. (Patch from Anderson Sasaki)
  • Issue #494: Allow null pointers as arguments when count is zero. (Patch from Yunjong Jeong)
  • Issue #518: Sporadic problem in closing sessions because of lookup of object without prior locking.
  • Issue #506: Check key type for C_EncryptInit and C_DecryptInit. (Patch from Yunjong Jeong)
  • Issue #526: Adjust EDDSA code to return valid EC_PARAMS. (Patch from Jakub Jelen)
  • Issue #452: Autogen failure on undefined macro AC_MSG_ERROR.
  • Issue #527: Fixed some build errors for GCC 10.
  • Issue #470: Null pointer arguments validation for C_EncryptFinal, etc.

Download:

OpenDNSSEC 2.1.6

Version 2.1.6 of OpenDNSSEC has been released on 2020-02-10.

News

This release of 2.1.6 fixes some issues regarding the key list wrongfully displayed (a regression bug in 2.1.5) as well as a small leak in the enforcer (which can add up when you bang the enforcer with a lot of commands). And as well as a serious signing error when using Combined Signing Keys (CSKs), this is only relevant if you combine KSK and ZSK in one. Especially users of CSKs need this fix now. Another nice fix is a reconnect to a MySQL/MariaDB database you you don’t have to tweak database parameters

The 2.1.6 release is available immediately from the download site.

Fixes

  • OPENDNSSEC-913: verify database connection upon every use.
  • OPENDNSSEC-944: bad display of date of next transition (regression)
  • SUPPORT-250: missing signatures on using combined keys (CSK)
  • OPENDNSSEC-945: memory leak per command to enforcer.
  • OPENDNSSEC-946: unclean enforcer exit in case of certain config problems.
  • OPENDNSSEC-411: set-policy command to change policy of zone (experimental). Requires explicit enforce command to take effect.

Download

OpenDNSSEC 2.1.5

Version 2.1.5 of OpenDNSSEC has been released on 2019-11-05.

News

The previous release fixed an important issue, but unfortunately left in a memory leak, which this release fixes. This release of 2.1.5 fixes the memory issue, along with some additional issues primarily relating to minor migration reporting and configuration.

The 2.1.5 release is available immediately from the download site. Installations still on the 1.4 release should really upgrade to this version as it has been tested enough by major players.

Fixes

  • SUPPORT-245: Resolve memory leak in signer introduced in 2.1.4.
  • SUPPORT-244: Don’t require Host and Port to be specified in conf.xml
    when migrating with a MySQL-based enforcer database backend.
  • Allow for MySQL database to pre-exist when performing a migration,
    and be a bit more verbose during migration.
  • Fix AllowExtraction tag in configuration file definition.
  • SUPPORT-242: Skip over EDNS cookie option.
  • SUPPORT-240: Prevent exit of enforcer daemon upon interrupted interaction with CLI commands (when having > 1000 zones and aborting a pipe).
  • Correct some error messages.

Download

OpenDNSSEC 1.4.14

Version 1.4.14 of OpenDNSSEC has been released on 2017-04-28.

News

Hereby we announce the OpenDNSSEC 1.4.14 release.

Bugs Fixed

  • OPENDNSSEC-888: Fix up MySQL<->SQLite3 database conversion script.
  • OPENDNSSEC-752: Incorrect calculated number of KSKs needed when KSK and ZSK have exactly the same parameters. This would prevent KSK rollovers.
  • OPENDNSSEC-890: Bogus signatures on mismatching TTLs within the same RRset.

Download

OpenDNSSEC 2.1.1

Version 2.1.1 of OpenDNSSEC has been released on 2017-04-28.

News

OpenDNSSEC 2.1.1 addresses a number of bug fixes. No migration steps are required when upgrading from an earlier 2.X release. In case you are still on the 1.4.X branch and like to upgrade to 2.1.1 you are advised to do so directly rather than installing earlier 2.X versions first.

Bugs Fixed

  • OPENDNSSEC-889: MySQL migration script didn’t work for all database and MySQL versions.
  • OPENDNSSEC-887: Segfault on extraneous tag.
  • OPENDNSSEC-880: Command line parsing for import key command failed.
  • OPENDNSSEC-890: Bogus signatures upon wrong zone input when TTLs for same rrset are mismatching.

Download

OpenDNSSEC 1.4.13

Version 1.4.13 of OpenDNSSEC has been released on 2017-01-20.

News

Hereby we announce the OpenDNSSEC 1.4.13 release. It includes a small number of bug fixes and no migration steps are needed. Some minor code adjustments where made to make linking to OpenSSL 1.1.0 possible.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • OPENDNSSEC-778: Double NSEC3PARAM record after resalt.
  • OPENDNSSEC-853: Fixed serial_xfr_acquired not updated in state file.
  • Wrong error was sometimes being print on failing TCP connect.
  • Add support for OpenSSL 1.1.0.
  • OPENDNSSEC-866: Script for migration between MySQL and SQLite was outdated.

Download

OpenDNSSEC 2.0.4

Version 2.0.4 of OpenDNSSEC has been released on 2017-01-13.

News

As of now OpenDNSSEC 2.0.4 is released. This version is a minimal change over 2.0.3, fixing a reported crash of the Enforcer daemon. No additional migration steps are required. In the near future, we aim at the end of January, we are planning to release the next feature version which will be 2.1.

This release is signed by our new (Jan 11th) PGP key.

Fixes

  • Fix Enforcer crash that could occur in some cases while evaluating relationships between keys.
  • Support compiling with OpenSSL 1.1.

Download

You are currently browsing the archives for the Uncategorized category.