Loop version 1.99.3 is available
July 3, 2025
Loop version 1.99.3 has been released (tagged at
1.99.3.20250623003957.08c26b66c1
). This is in a series of releases
made from the 1.99 development branch.
The following are release notes for Loop 1.99.3:
- RT1488: Some textual changes to the
arpaname
manpage were reverted. - RT1502: OpenSSL and Kerberos library detection was improved. While this may not appear to be a user-visible change, it improves the linker flags that are used.
- RT1500: Support for Red Hat Enterprise Linux 10 was added. Loop RPM
packages for RHEL 10 are now available for
x86_64
andaarch64
platforms. - RT1503: Support for OpenSSL library versions older than OpenSSL 3 has been dropped. All of Loop's supported platforms have the OpenSSL 3 library.
- RT1503: Usage of the libcrypto library API has been updated to use current OpenSSL 3 APIs, and all deprecated API usage has been removed.
- RT1503: PKCS#11 support has been updated to use the pkcs11-provider OpenSSL3 provider. The older OpenSSL engine support has been dropped completely. (Examples of PKCS#11 usage for DNSSEC will be documented soon.)
- RT1503: DNSSEC private keys of all the supported DNSKEY algorithms
including
RSASHA256
,RSASHA512
,ECDSAP256SHA256
,ECDSAP384SHA384
,ED25519
, andED448
can now be used from PKCS#11 accessible HSMs. All of these algorithms are tested in our automated system tests suite using the pkcs11-provider OpenSSL3 provider, and the SoftHSMv2 PKCS#11 provider. - RT1507:
dnssec-keygen(1)
can now be used to directly generate keys on PKCS#11 accessible HSMs for all the supported DNSKEY algorithms includingRSASHA256
,RSASHA512
,ECDSAP256SHA256
,ECDSAP384SHA384
,ED25519
, andED448
. The-l
argument was added for it. The method of importing the public key of an existing keypair on the HSM usingdnssec-keyfromlabel(1)
can also be used. - RT1504: Support for the
RSASHA1
DNSKEY algorithm on the OS platform running Loop is checked before use. Some operating systems such as Fedora 41 (and above) and Red Hat Enterprise Linux 10 disable support forRSASHA1
in their default configuration. Support is checked by signing and verifying some data using the algorithm to see if it succeeds — the algorithm is disabled (similar to thedisable-algorithms
config option ofnamed.conf(5)
) if the check fails. - RT1505: The
named(8)
nameserver now explicitly disablesRSAMD5
,DSA
,NSEC3DSA
, andECCGOST
in its builtin configuration'sdisable-algorithms
option. It also explicitly disablesGOST
in its builtin configuration'sdisable-ds-digests
option. - RT1511: Porting to FreeBSD has been completed and our unit tests and system tests suite pass on it. We expect to publish packages for FreeBSD soon.
Some more development releases will be made from this branch until Loop 2.0 is ready to be branched. You can read about Loop branches and version numbering.