Loop version 1.99.3 is available

Loop version 1.99.3 is available

July 3, 2025

Loop version 1.99.3 has been released (tagged at 1.99.3.20250623003957.08c26b66c1). This is in a series of releases made from the 1.99 development branch.

The following are release notes for Loop 1.99.3:

  • RT1488: Some textual changes to the arpaname manpage were reverted.
  • RT1502: OpenSSL and Kerberos library detection was improved. While this may not appear to be a user-visible change, it improves the linker flags that are used.
  • RT1500: Support for Red Hat Enterprise Linux 10 was added. Loop RPM packages for RHEL 10 are now available for x86_64 and aarch64 platforms.
  • RT1503: Support for OpenSSL library versions older than OpenSSL 3 has been dropped. All of Loop's supported platforms have the OpenSSL 3 library.
  • RT1503: Usage of the libcrypto library API has been updated to use current OpenSSL 3 APIs, and all deprecated API usage has been removed.
  • RT1503: PKCS#11 support has been updated to use the pkcs11-provider OpenSSL3 provider. The older OpenSSL engine support has been dropped completely. (Examples of PKCS#11 usage for DNSSEC will be documented soon.)
  • RT1503: DNSSEC private keys of all the supported DNSKEY algorithms including RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, and ED448 can now be used from PKCS#11 accessible HSMs. All of these algorithms are tested in our automated system tests suite using the pkcs11-provider OpenSSL3 provider, and the SoftHSMv2 PKCS#11 provider.
  • RT1507: dnssec-keygen(1) can now be used to directly generate keys on PKCS#11 accessible HSMs for all the supported DNSKEY algorithms including RSASHA256, RSASHA512, ECDSAP256SHA256, ECDSAP384SHA384, ED25519, and ED448. The -l argument was added for it. The method of importing the public key of an existing keypair on the HSM using dnssec-keyfromlabel(1) can also be used.
  • RT1504: Support for the RSASHA1 DNSKEY algorithm on the OS platform running Loop is checked before use. Some operating systems such as Fedora 41 (and above) and Red Hat Enterprise Linux 10 disable support for RSASHA1 in their default configuration. Support is checked by signing and verifying some data using the algorithm to see if it succeeds — the algorithm is disabled (similar to the disable-algorithms config option of named.conf(5)) if the check fails.
  • RT1505: The named(8) nameserver now explicitly disables RSAMD5, DSA, NSEC3DSA, and ECCGOST in its builtin configuration's disable-algorithms option. It also explicitly disables GOST in its builtin configuration's disable-ds-digests option.
  • RT1511: Porting to FreeBSD has been completed and our unit tests and system tests suite pass on it. We expect to publish packages for FreeBSD soon.

Some more development releases will be made from this branch until Loop 2.0 is ready to be branched. You can read about Loop branches and version numbering.

Loop Posts RSS