Skip to content

getdns-0.3.3 release
Compare
Choose a tag to compare
@wtoorop wtoorop released this 28 Dec 11:40
· 2055 commits to develop since this release
v0.3.3
dbc53e7
 
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball https://getdnsapi.net/dist/getdns-0.3.3.tar.gz
pgp sig https://getdnsapi.net/dist/getdns-0.3.3.tar.gz.asc
sha256 8a02da5779c3da8d9a7973662ddb5cf19825c2689b48cbc604c536014cca1046

Dear All,

We have a fast-track single bugfix release of getdns: version 0.3.3.

The native DNSSEC validation, which is part of getdns since version 0.3.0, failed to validate direct CNAME queries. This affected direct CNAME queries only. Queries that have CNAME redirections included are not affected. Also the (default) RECURSING resolution mode is not affected, except when used in combination with the dnssec_return_validation_chain extension.

When a query is done for a valid CNAME in either STUB resolution mode or with the dnssec_return_validation_chain extension, with getdns version 0.3.0, 0.3.1 or 0.3.2, the returned dnssec_status will be GETDNS_DNSSEC_BOGUS always.

This release has this issue resolved. A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here: https://getdnsapi.net/patches/dnssec-cname-query-validation.patch

Because of the smallness of the change, we've decided to bypass a release candidate and do the release immediately.

ChangeLog

* Fix clearing upstream events on shutdown
  * Fix dnssec validation of direct CNAME queries.
    Thanks Simson L. Garfinkel.
  * Fix get_api_information():version_string also for release candidates
Assets 4
Loading