[getdns-api] First release candidate for getdns-1.5.2

Willem Toorop willem at nlnetlabs.nl
Fri Mar 15 21:43:21 UTC 2019


Dear all,

We have a first candidate for the upcoming 1.5.2 GnuTLS, bugfix and
maintenance release of getdns.

This release has experimental support for GnuTLS >= 3.5.0 as replacement
for OpenSSL. To enabled, use the --with-gnutls option at configure time.
Note that getdns needs the gnutls-dane library too (which is used for
SPKI authentication of DNS-over-TLS upstreams). DNSSEC validation will
use the cryptographic functions from libnettle (the cryptographic
library also used by GnuTLS).

When build with GnuTLS, getdns will still be linked with libcrypto (from
OpenSSL) for S/MIME verification of the root-anchors.xml file with Zero
configuration DNSSEC. It is our intention to replace that with something
more GnuTLS native at some point in the future too, so that getdns can
do without OpenSSL altogether.


Maintenance work included bringing TCP Fast Open up to par with current
practice. This means that at least on Linux 4.11+, getdns can connect
TFO with TLS.

The most prominent bugfix is for DNSSEC scheduling which in some
circumstances wrongly failed with insecure delegations of more than one
label.

A few more issues are resolved with this release. For a complete
overview see the ChangeLog below.


This release has a release candidate for Stubby 0.2.6 included, with
updates to documentation and fixes for the Windows build.

Please review these release candidates carefully, if all is well, the
actual release will follow Friday the 22th of March.


link  : https://getdnsapi.net/dist/getdns-1.5.2-rc1.tar.gz
pgp   : https://getdnsapi.net/dist/getdns-1.5.2-rc1.tar.gz.asc
sha256: 41abaaee26c12c3d34e40a3b5396f4a41a6b6fec8d4a847b9ba2e128129f5f4c


ChangeLog
=========
* 2019-03-??: Version 1.5.2
  * Issue #422: Enable server side and update client side TCP Fast
    Open implementation. Thanks Craig Andrews
  * Issue #423: Fix insecure delegation detection while scheduling.
    Thanks Charles Milette
  * Issue #419: Escape backslashed when printing in JSON format.
    Thanks boB Rudis
  * Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
    option to configure.  libcrypto (from OpenSSL) still needed
    for Zero configuration DNSSEC.
  * DOA rr-type
  * AMTRELAY rr-type


Stubby ChangeLog
================

* 2019-02-xx: Version 0.2.6
 * Windows: use appropriate system and user configuration directories.
 * Windows: replace references to C:\Program Files with %PROGRAMFILES%.
 * Windows: use location of stubby.bat to find stubby.exe and
            stubby.yml.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.getdnsapi.net/pipermail/users/attachments/20190315/6fe27629/attachment.bin>


More information about the Users mailing list