From rickard at opendnssec.org Tue Nov 1 19:26:26 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 1 Nov 2016 20:26:26 +0100 Subject: [Opendnssec-maintainers] SoftHSM 1.3.8rc1 Message-ID: Hi Version 1.3.8rc1 of SoftHSM has now been released. Any issues with this release before we make the final release? Bugfixes: * SOFTHSM-101: softhsm-keyconv creates files with sensitive material in insecure way. Also applies to softhsm when using --export or --optimize. * SOFTHSM-104: Inconsistencies between v1 and v2. * Issue #17: Use the MutexFactory wrapper functions correctly. Download: * https://dist.opendnssec.org/source/testing/softhsm-1.3.8rc1.tar.gz * https://dist.opendnssec.org/source/testing/softhsm-1.3.8rc1.tar.gz.sig * Checksum SHA1: f85cf1349b13989e07311640bbf7cd7e29b82987 * Checksum SHA256: 940327d3a7a9ed12023fa6f858d8c01a1d9ac7867c99cd82df44e26d32f09f7f // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From rickard at opendnssec.org Tue Nov 1 19:31:24 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Tue, 1 Nov 2016 20:31:24 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 Message-ID: Hi Version 2.2.0rc1 of SoftHSM has now been released. Any issues with this release before we make the final release? Updates: * Issue #143: Delete a token using softhsm2-util. * Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ to 1777. All users can now create tokens, but only access their own. (Patch from Rick van Rein) * Issue #186: Reinitializing a token will now keep the token, but all token objects are deleted, the user PIN is removed and the token label is updated. * Issue #190: Support for OpenSSL 1.1.0. * Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that there is always a slot with an uninitialized token available. * Issue #199: The token serial number will be used when setting the slot number. The serial number is set after the token has been initialized. (Patch from Lars Silv?n) * Issue #203: Update the command utils to use the token label or serial to find the token and its slot number. * Issue #209: Possibility to test other PKCS#11 implementations with the CppUnit test. (Patch from Lars Silv?n) * Issue #223: Mark public key as non private by default. (Patch from Nikos Mavrogiannopoulos) * Issue #230: Install p11-kit module, to disable use --disable-p11-kit. (Patch from David Woodhouse) * Issue #237: Add windows continuous integration build. (Patch from Peter Pola?ko) Bugfixes: * Issue #201: Missing new source file and test configuration in the Windows build project. * Issue #205: ECDSA P-521 support for OpenSSL and better test coverage. * Issue #207: Fix segmentation faults in loadLibrary function. (Patch from Jaroslav Imrich) * Issue #215: Update the Homebrew install notes for OSX. * Issue #218: Fix build warnings. * Issue #235: Add the libtool install command for OSX. (Patch from Mark Wylde) * Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. (Patch from Jaroslav Imrich) * Issue #239: Crash on module unload with OpenSSL. (Patch from David Woodhouse) * Issue #241: Added EXTRALIBS to Windows utils project. (Patch from Peter Pola?ko) * Issue #250: C++11 not detected. * Issue #255: API changes in Botan 1.11.27. Download: * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc1.tar.gz * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc1.tar.gz.sig * Checksum SHA1: 5bc82b00a16fe73b7ac231b039de8ca988f60a33 * Checksum SHA256: 8474178b5de217b5e61aa399c781985c93c3b98c6bdf5721bc3a76174716d889 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From jaap at NLnetLabs.nl Wed Nov 2 10:55:16 2016 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Wed, 02 Nov 2016 11:55:16 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 In-Reply-To: References: Message-ID: <201611021055.uA2AtG9a017298@bela.nlnetlabs.nl> Rickard Bellgrim writes: > * Issue #255: API changes in Botan 1.11.27. Does this mean that that os also theminum required version of botan? Current one is 1.10.0 if I remember correctly. jaap From jaap at NLnetLabs.nl Wed Nov 2 12:13:13 2016 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Wed, 02 Nov 2016 13:13:13 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 In-Reply-To: <201611021055.uA2AtG9a017298@bela.nlnetlabs.nl> References: <201611021055.uA2AtG9a017298@bela.nlnetlabs.nl> Message-ID: <201611021213.uA2CDDZx052732@bela.nlnetlabs.nl> Jaap Akkerhuis writes: > Rickard Bellgrim writes: > > > * Issue #255: API changes in Botan 1.11.27. > > Does this mean that that os also theminum required version of botan? Current one is Does this mean that that is also the minimum required version of botan? Current one is > 1.10.0 if I remember correctly. > Sigh. Bad typos in a burning sun in Hyderabad jaap From rickard at opendnssec.org Wed Nov 2 18:44:12 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Wed, 2 Nov 2016 19:44:12 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 In-Reply-To: <201611021213.uA2CDDZx052732@bela.nlnetlabs.nl> References: <201611021055.uA2AtG9a017298@bela.nlnetlabs.nl> <201611021213.uA2CDDZx052732@bela.nlnetlabs.nl> Message-ID: On Wed, Nov 2, 2016 at 1:13 PM, Jaap Akkerhuis wrote: > Jaap Akkerhuis writes: > > > Rickard Bellgrim writes: > > > > > * Issue #255: API changes in Botan 1.11.27. > > > > Does this mean that that os also theminum required version of botan? > Current one is > Does this mean that that is also the minimum required version of botan? > Current one is > > > > 1.10.0 if I remember correctly. > > > > Sigh. Bad typos in a burning sun in Hyderabad > > jaap > No, we still support Botan 1.10. Just that Botan made some changes in 1.11.27 that we need to take in account when building the source code (#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,27)). // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ondrej at sury.org Mon Nov 7 08:40:00 2016 From: ondrej at sury.org (=?UTF-8?Q?Ond=C5=99ej=20Sur=C3=BD?=) Date: Mon, 07 Nov 2016 09:40:00 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 In-Reply-To: References: Message-ID: <1478508000.2026163.779576409.22B47FA0@webmail.messagingengine.com> OpenDNSSEC 2.2.0rc1 tests fails on 32-bit architectures: https://buildd.debian.org/status/package.php?p=softhsm2 ../../../test-driver: line 107: 1597 Segmentation fault "$@" > $log_file 2>&1 FAIL: p11test Compiled with OpenSSL 1.1.0 Cheers, -- Ond?ej Sur? Knot DNS (https://www.knot-dns.cz/) ? a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) ? secure, privacy-aware, fast DNS(SEC) resolver V?e pro chleba (https://vseprochleba.cz) ? Mouky ze ml?na a pot?eby pro pe?en? chleba v?eho druhu On Tue, Nov 1, 2016, at 20:31, Rickard Bellgrim wrote: > Hi > > Version 2.2.0rc1 of SoftHSM has now been released. Any issues with this > release before we make the final release? > > Updates: > * Issue #143: Delete a token using softhsm2-util. > * Issue #185: Change access mode bits for /var/lib/softhsm/tokens/ > to 1777. All users can now create tokens, but only access their own. > (Patch from Rick van Rein) > * Issue #186: Reinitializing a token will now keep the token, but all > token objects are deleted, the user PIN is removed and the token > label is updated. > * Issue #190: Support for OpenSSL 1.1.0. > * Issue #198: Calling C_GetSlotList with NULL_PTR will make sure that > there is always a slot with an uninitialized token available. > * Issue #199: The token serial number will be used when setting the slot > number. The serial number is set after the token has been initialized. > (Patch from Lars Silv?n) > * Issue #203: Update the command utils to use the token label or serial > to find the token and its slot number. > * Issue #209: Possibility to test other PKCS#11 implementations with the > CppUnit test. > (Patch from Lars Silv?n) > * Issue #223: Mark public key as non private by default. > (Patch from Nikos Mavrogiannopoulos) > * Issue #230: Install p11-kit module, to disable use --disable-p11-kit. > (Patch from David Woodhouse) > * Issue #237: Add windows continuous integration build. > (Patch from Peter Pola?ko) > > Bugfixes: > * Issue #201: Missing new source file and test configuration in the > Windows build project. > * Issue #205: ECDSA P-521 support for OpenSSL and better test coverage. > * Issue #207: Fix segmentation faults in loadLibrary function. > (Patch from Jaroslav Imrich) > * Issue #215: Update the Homebrew install notes for OSX. > * Issue #218: Fix build warnings. > * Issue #235: Add the libtool install command for OSX. > (Patch from Mark Wylde) > * Issue #236: Use GetEnvironmentVariable instead of getenv on Windows. > (Patch from Jaroslav Imrich) > * Issue #239: Crash on module unload with OpenSSL. > (Patch from David Woodhouse) > * Issue #241: Added EXTRALIBS to Windows utils project. > (Patch from Peter Pola?ko) > * Issue #250: C++11 not detected. > * Issue #255: API changes in Botan 1.11.27. > > Download: > * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc1.tar.gz > * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc1.tar.gz.sig > * Checksum SHA1: 5bc82b00a16fe73b7ac231b039de8ca988f60a33 > * Checksum SHA256: > 8474178b5de217b5e61aa399c781985c93c3b98c6bdf5721bc3a76174716d889 > > // Rickard > _______________________________________________ > Opendnssec-maintainers mailing list > Opendnssec-maintainers at lists.opendnssec.org > https://lists.opendnssec.org/mailman/listinfo/opendnssec-maintainers From rickard at opendnssec.org Fri Nov 11 23:28:18 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Sat, 12 Nov 2016 00:28:18 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r1 In-Reply-To: <1478508000.2026163.779576409.22B47FA0@webmail.messagingengine.com> References: <1478508000.2026163.779576409.22B47FA0@webmail.messagingengine.com> Message-ID: On Mon, Nov 7, 2016 at 9:40 AM, Ond?ej Sur? wrote: > OpenDNSSEC 2.2.0rc1 tests fails on 32-bit architectures: > https://buildd.debian.org/status/package.php?p=softhsm2 > > ../../../test-driver: line 107: 1597 Segmentation fault "$@" > > $log_file 2>&1 > FAIL: p11test > > Compiled with OpenSSL 1.1.0 > Thank you for finding this. This has now been fixed in: https://github.com/opendnssec/SoftHSMv2/issues/268 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: From rickard at opendnssec.org Mon Nov 14 19:25:39 2016 From: rickard at opendnssec.org (Rickard Bellgrim) Date: Mon, 14 Nov 2016 20:25:39 +0100 Subject: [Opendnssec-maintainers] SoftHSM 2.2.0r2 Message-ID: Hi Version 2.2.0rc2 of SoftHSM has now been released with some minor bugfixes. Bugfixes: * Issue #260: Fix include guard to check WITH_FIPS. (Patch from Matt Hauck) * Issue #268: p11test fails on 32-bit systems. * Issue #270: Build warning about "converting a string constant". Download: * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc2.tar.gz * https://dist.opendnssec.org/source/testing/softhsm-2.2.0rc2.tar.gz.sig * Checksum SHA1: debf380298df1c0bcb62360d34186c1cfd4966b0 * Checksum SHA256: a200f87ca54c64817c600a39f35471d1ad3853064cd0fc62e2dd1ca813b26cc6 // Rickard -------------- next part -------------- An HTML attachment was scrubbed... URL: