[getdns-users] getdns 0.3.3 quickfix release

Willem Toorop willem at nlnetlabs.nl
Wed Sep 9 11:56:23 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear All,

We have a fast-track single bugfix release of getdns: version 0.3.3.

The native DNSSEC validation, which has been in getdns since version
0.3.0, failed to validate direct CNAME queries. This affected direct
CNAME queries only. Queries that have CNAME redirections included are
not affected. Also the (default) RECURSING resolution mode is not
affected, except when used in combination with the
dnssec_return_validation_chain extension.

When a query is done for a valid CNAME in either STUB resolution mode
or with the dnssec_return_validation_chain extension, with getdns
version 0.3.0, 0.3.1 or 0.3.2, the returned dnssec_status will be
GETDNS_DNSSEC_BOGUS always.

This release has this issue resolved.
A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here:
https://getdnsapi.net/patches/dnssec-cname-query-validation.patch

Because of the smallness of the change and the severity of the flaw,
we've decided to bypass a release candidate and do the release
immediately.


link: http://www.getdnsapi.net/dist/getdns-0.3.3.tar.gz
md5 : 566f05047ece7ef6f113a8a4ba043531
sha1: 2de46171d1b39952e8f419979eda86fcec4ba839
pgp : http://www.getdnsapi.net/dist/getdns-0.3.3.tar.gz.asc


ChangeLog
=========
* 2015-09-09: Version 0.3.3
  * Fix clearing upstream events on shutdown
  * Fix dnssec validation of direct CNAME queries.
    Thanks Simson L. Garfinkel.
  * Fix get_api_information():version_string also for release candidates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV8B5nAAoJEOX4+CEvd6SY88YP/24moMMdjpejSnYlXUaTy89F
9F5mVn71hLrHTcz4ilQeGb8U/q20n+1FotlhYkL9Y9LbDCCcyPijxUWR4I3g69rd
iYqLrzf6rk8TT5QN4Pvb54YGimTFTNiOTzTikNWSHVzABaFD2HJPfyVWWccL2z/B
2ffIIVA7n26z2km29WR26rnzkHUeLkITdZx2k8eo37PF8u+G8epWWCHHYv5sjHU5
8Z5Xs//EnTpQ9m1mBeGByeifK6Gs6vrFF6niCVoYrKHwFeYAbZlYeRlGR+Ug8AVk
qA8WNtjlWRVDQd9fuPtcYpy+S9muThM0DYR7KlUAs2bV17yIvsIuSxP7e6JnTwSZ
O3qPqIvlLW4eP8XYFNqx9kto52V2vy3SBXtLWUUnP7Lr1dLNou32BkL6fV5lIcCX
HbFly4A/lwXPJJC2SLHToi/GTqMjaXBH5ecod3n5eodhvdnNwVOr/FYCSsPAz1lB
wECmz+XkBS1W8oAy6CmwKfejWSJL8MLpRPbe7079gX+l4nXNOAgudbSQKchUzzzm
CrCdXqMlk+W9ZzoVVZscfpQ0V6EQ4zbv+5s5hvQEPv9y8Q/0pCv79I71WOO99KfL
w7CJG/HD1mRMnzRk6HM0SZ8HivZ4xNftJZf90zcfgDeEjfIAldZPZ87GQcUxLRv3
HP8sh643Qp4FsYAuTODY
=F1ao
-----END PGP SIGNATURE-----



More information about the Users mailing list