[getdns-users] First release candidate for getdns-1.4.2
willem at nlnetlabs.nl
Fri May 4 14:51:36 UTC 2018
We have a first release candidate for the upcoming 1.4.2 bugfix release
of getdns. The two major bugfixes are:
* DNSSEC Denial of Existence validation at NSEC wildcards, which was
broken since 1.4.0.
* Null termination of strings in configuration dictionaries. This in
particular affected Stubby configurations with settings for
`trust_anchors_verify_email`, `appdata_dir`, `resolvconf`, `hosts`,
`tls_ca_path`, `tls_ca_file`, `tls_cipher_list` and
If you use Stubby and had one of these configured, but they did not
affect Stubby operation as expected, retry with this release
candidate to see if it resolves the issue.
DNSSEC validation in stub mode has been improved and should be possible
more often now (also with badly behaving authoritatives), because it is
now partly traced from the root up.
This release has a release candidate for Stubby 0.2.3 included, with:
* An updated stubby.yml file
NOTE! The entries for securedns.eu have changed!
* Better recommendations for running Stubby with systemd
* No pass through of ENDS0 options that were handled by underlying
Please review these release candidates carefully, if all is well, the
actual release will follow Friday the 11th of May.
link : https://getdnsapi.net/dist/getdns-1.4.2-rc1.tar.gz
pgp : https://getdnsapi.net/dist/getdns-1.4.2-rc1.tar.gz.asc
* 2018-05-??: Version 1.4.2
* Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
up (for tld and sld), to find insecure delegations quicker.
* Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
Bug was introduced when dealing with CVE-2017-15105
* Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
string bindata's. Thanks Lonnie Abelbeck
* Bugfix #394: Update src/compat/getentropy_linux.c in order to
handle ENOSYS (not implemented) fallback.
Thanks Brent Blood
* Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
or higher. Thanks mire3212
* Better systemd configuration recommendations. Thanks hanvinke,
and Bruno Pagani
* Bugfix #98: EDNS options that are handled internally should not
be passed on through downstream. Thanks Twisteroid Ambassador
* With systemd setups, make /run/stubby directory writeable for stubby
user and include a "appdata_dir" directory in stubby.yml.example
* Update securedns.eu entries in stubby.yml.example
* Added Cloudflare servers in stubby.yml.example
* Added basic upstart script in contrib/upstart dir. Thanks vapniks
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the Users