From sara at sinodun.com Tue Sep 3 12:00:50 2013 From: sara at sinodun.com (Sara Dickinson) Date: Tue, 3 Sep 2013 13:00:50 +0100 Subject: [Opendnssec-maintainers] RE: OpenDNSSEC 1.4.2rc1 release candidate Message-ID: All, Version 1.4.2rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: OpenDNSSEC 1.4.2rc1 - 2013-09-03 ----------------------------------------------------- Updates: * OPENDNSSEC-428: ods-ksmutil: Add option for 'ods-ksmutil key generate' to take number of zones as a parameter Bugfixes: * OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create too many keys for policies when KSK and ZSK use same algorithm and length * OPENDNSSEC_440: 'ods-ksmutil key generate' and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length * SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427]. * OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking. * OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes to stdout not stderr * Signer Engine: Improved Inbound XFR checking. * Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled. * OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling * OPENDNSSEC-401: 'ods-signer sign --serial ' command produces seg fault when run directly on command line (i.e. not via interactive mode) * OPENDNSSEC-444: Fix double free corruption in case of HSM connection error while signing RRsets (also fixes SUPPORT-71). Downloads: * http://dist.opendnssec.org/source/testing/opendnssec-1.4.2rc1.tar.gz * http://dist.opendnssec.org/source/testing/opendnssec-1.4.2rc1.tar.gz.sig * Checksum sha1: 5766c5510f225f09c13e9ffaaf09cb447aa428f1 * Checksum sha256: c3ad800b7548480fa36d65889d452333f7e03ef8909719d4ffdb97274452a186 A full 1.4.2 release is planned for Tuesday 10th September. //OpenDNSSEC team From sara at sinodun.com Wed Sep 11 12:46:18 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 11 Sep 2013 13:46:18 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.4.2 Message-ID: All, Version 1.4.2 of OpenDNSSEC has now been released. This is the latest stable release. Updates: * OPENDNSSEC-428: ods-ksmutil: Add option for 'ods-ksmutil key generate' to take number of zones as a parameter Bugfixes: * SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write error [OPENDNSSEC-427]. * SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-444]. * OPENDNSSEC-401: 'ods-signer sign --serial ' command produces seg fault when run directly on command line (i.e. not via interactive mode) * OPENDNSSEC-440: 'ods-ksmutil key generate' and the enforcer can create too many keys if there are keys already available and the KSK and ZSK use same algorithm and length * OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead of memory. Makes response non-blocking. * OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes to stdout not stderr * OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create too many keys for policies when KSK and ZSK use same algorithm and length * OPENDNSSEC-443: ods-ksmutil: Clean up of hsm connection handling * Signer Engine: Improved Inbound XFR checking. * Signer Engine: Fix double free corruption in case of adding zone with DNS Outbound Adapters and NotifyCommand enabled. Documentation: * http://wiki.opendnssec.org/display/DOCS Download: * http://dist.opendnssec.org/source/opendnssec-1.4.2.tar.gz * http://dist.opendnssec.org/source/opendnssec-1.4.2.tar.gz.sig * Checksum sha1: 82991f3110820ec0b12608fd3175bb70252a6f2b * Checksum sha256: b4bc70bfb54ede8ed657cc7f669b5f58bc5e20eabf9b01ca107a6876b08bed35 //OpenDNSSEC team From sara at sinodun.com Wed Sep 11 18:26:23 2013 From: sara at sinodun.com (Sara Dickinson) Date: Wed, 11 Sep 2013 19:26:23 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.3.15 release candidate Message-ID: All, Version 1.3.15rc1 of OpenDNSSEC is now available. This is a release candidate for testing purposes: OpenDNSSEC 1.3.15rc1 ---------------------------------- Updates: * SUPPORT-58: Extend ods-signer sign with --serial so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-423]. * OPENDNSSEC-428: Add option for 'ods-ksmutil key generate' to take total number of zones as a parameter * OPENDNSSEC-448: Signer Engine: Enhancements to signer debug locks. Bugfixes: * SUPPORT-75: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-452]. * OPENDNSSEC-397: Change "hsmutil list" output so that the table header goes to stdout not stderr * OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create too many keys for policies when KSK and ZSK use same algorithm and length * OPENDNSSEC-445: ods-ksmutil: Clean up of hsm connection handling Download: * http://dist.opendnssec.org/source/testing/opendnssec-1.3.15rc1.tar.gz * http://dist.opendnssec.org/source/testing/opendnssec-1.3.15rc1.tar.gz.sig * Checksum sha1: ee5f7b68968311104dbc1432470bc8ca920b8e7c * Checksum sah256: 5178e33bc17171f20ec0c26bd7240e8352b5a66f299bd771f8e2d07888cdb59a A full 1.3.15 release is planned for Wednesday 18th September. // OpenDNSSEC team From sara at sinodun.com Thu Sep 19 13:56:45 2013 From: sara at sinodun.com (Sara Dickinson) Date: Thu, 19 Sep 2013 14:56:45 +0100 Subject: [Opendnssec-maintainers] OpenDNSSEC 1.3.15 Message-ID: <970D19A1-D31F-4193-9516-C5663C1BFB7A@sinodun.com> All, Version 1.3.15 of OpenDNSSEC has now been released. Updates: * SUPPORT-58: Extend ods-signer sign with ?serial so that the user can specify the SOA serial to use in the signed zone [OPENDNSSEC-423]. * OPENDNSSEC-428: Add option for ?ods-ksmutil key generate? to take total number of zones as a parameter * OPENDNSSEC-448: Signer Engine: Enhancements to signer debug locks. Bugfixes: * SUPPORT-75: Signer Engine: Fix double free crash in case of HSM connection error during signing [OPENDNSSEC-452]. * OPENDNSSEC-397: Change ?hsmutil list? output so that the table header goes to stdout not stderr * OPENDNSSEC-438: ?ods-ksmutil key generate? and the enforcer can create too many keys for policies when KSK and ZSK use same algorithm and length * OPENDNSSEC-445: ods-ksmutil: Clean up of hsm connection handling Documentation: * http://wiki.opendnssec.org/display/DOCS13 Download: * http://dist.opendnssec.org/source/opendnssec-1.3.15.tar.gz * http://dist.opendnssec.org/source/opendnssec-1.3.15.tar.gz.sig * Checksum sha1: 7241936811ae079af6002115cda057e825b60cfe * Checksum sha256: c29884f76d278862de59576c2e5440e37c2b7c16f1984ccc7685a3a049e1c081 //OpenDNSSEC team From sara at sinodun.com Fri Sep 20 14:30:10 2013 From: sara at sinodun.com (Sara Dickinson) Date: Fri, 20 Sep 2013 15:30:10 +0100 Subject: [Opendnssec-maintainers] SoftHSM 1.3.5rc1 release candidate Message-ID: <8698C353-C8AA-4AB2-AA63-F2A85BEDA58F@sinodun.com> All, Version 1.3.5rc1 of SoftHSM is now available. This is a release candidate for testing purposes: SoftHSM 1.3.5rc1 ------------------------- Bugfixes: * SOFTHSM-45: Improved handling of a busy database * SUPPORT-76: Add -Wall -Werror flags and fix the warnings. Download: * http://dist.opendnssec.org/source/testing/softhsm-1.3.5rc1.tar.gz * http://dist.opendnssec.org/source/testing/softhsm-1.3.5rc1.tar.gz.sig * Checksum sha1: b3c58f7462415864d19da49fde279763d976a0d6 * Checksum sha256: 1132b4db2c1a20dec66ac9d398226d062c289fe7e08738c3672c289b4fcda8ce A full SoftHSM 1.3.5 release is planned for Friday 27th September. //OpenDNSSEC team From pwouters at redhat.com Fri Sep 20 19:09:52 2013 From: pwouters at redhat.com (Paul Wouters) Date: Fri, 20 Sep 2013 15:09:52 -0400 Subject: [Opendnssec-maintainers] SoftHSM 1.3.5rc1 release candidate In-Reply-To: <8698C353-C8AA-4AB2-AA63-F2A85BEDA58F@sinodun.com> References: <8698C353-C8AA-4AB2-AA63-F2A85BEDA58F@sinodun.com> Message-ID: <523C9D80.6060209@redhat.com> On 09/20/2013 10:30 AM, Sara Dickinson wrote: > Version 1.3.5rc1 of SoftHSM is now available. This is a release candidate for testing purposes Some compiler warnings I"m seeing: softhsm.cpp: In function 'int importKeyPair(char*, char*, char*, char*, char*, char*, int)': softhsm.cpp:700:3: warning: narrowing conversion of 'objIDLen' from 'int' to 'long unsigned int' inside { } is ill-formed in C++11 [-Wnarrowing] }; ^ softhsm.cpp:721:3: warning: narrowing conversion of 'objIDLen' from 'int' to 'long unsigned int' inside { } is ill-formed in C++11 [-Wnarrowing] }; ^ softhsm.cpp: In function 'CK_OBJECT_HANDLE searchObject(CK_SESSION_HANDLE, CK_OBJECT_CLASS, char*, char*, int)': softhsm.cpp:1241:3: warning: narrowing conversion of 'objIDLen' from 'int' to 'long unsigned int' inside { } is ill-formed in C++11 [-Wnarrowing] }; ^ softhsm-keyconv.cpp: In function 'int create_rsa_rdata(unsigned char*, int, Botan::Private_Key*, int, int)': softhsm-keyconv.cpp:952:38: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] if((7 + big_e_size + big_n_size) > length) { ^ softhsm-keyconv.cpp: In function 'int create_dsa_rdata(unsigned char*, int, Botan::Private_Key*, int, int)': softhsm-keyconv.cpp:1024:24: warning: comparison between signed and unsigned integer expressions [-Wsign-compare] if((25 + 3 * size) > length) { ^ Compilation succeeds, and "make check" still seems to pass. Paul From rickard at opendnssec.org Mon Sep 23 12:07:04 2013 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 23 Sep 2013 14:07:04 +0200 Subject: [Opendnssec-maintainers] SoftHSM 1.3.5rc1 release candidate In-Reply-To: <523C9D80.6060209@redhat.com> References: <8698C353-C8AA-4AB2-AA63-F2A85BEDA58F@sinodun.com> <523C9D80.6060209@redhat.com> Message-ID: > Some compiler warnings I"m seeing: > Thanks for spotting this, switched to the type size_t in r7321. // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: