[getdns-api] getdns 0.3.3 quickfix release

Willem Toorop willem at nlnetlabs.nl
Wed Sep 9 13:56:20 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear All,

We have a fast-track single bugfix release of getdns: version 0.3.3.

The native DNSSEC validation, which has been in getdns since version
0.3.0, failed to validate direct CNAME queries.  This affected direct
CNAME queries only.  Queries that have CNAME redirections included are
not affected.  Also the (default) RECURSING resolution mode is not
affected, except when used in combination with the
dnssec_return_validation_chain extension.

When a query is done for a valid CNAME in either STUB resolution mode
or with the dnssec_return_validation_chain extension, with getdns
version 0.3.0, 0.3.1 or 0.3.2, the returned dnssec_status will be
GETDNS_DNSSEC_BOGUS always.

This release has this issue resolved.
A patch for getdns version 0.3.0, 0.3.1 and 0.3.2 is provided here:
https://getdnsapi.net/patches/dnssec-cname-query-validation.patch

Because of the smallness of the change and the severity of the flaw,
we've decided to bypass a release candidate and do the release
immediately.


link: http://www.getdnsapi.net/dist/getdns-0.3.3.tar.gz
md5 : 566f05047ece7ef6f113a8a4ba043531
sha1: 2de46171d1b39952e8f419979eda86fcec4ba839
pgp : http://www.getdnsapi.net/dist/getdns-0.3.3.tar.gz.asc


ChangeLog
=========
* 2015-09-09: Version 0.3.3
  * Fix clearing upstream events on shutdown
  * Fix dnssec validation of direct CNAME queries.
    Thanks Simson L. Garfinkel.
  * Fix get_api_information():version_string also for release candidates
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV8B5kAAoJEOX4+CEvd6SYgYsP/j7Ir1Jp04hoVqcmrXQZdez8
OFfXobLCP2wovpPxvvVF/0DBz6jUj4FXpvGk46XyZa54IK+TwqnWXH1/HcE7gQgG
MabiIJM0iqfRJXCpIf4wUxOTPHT/NEAon7ScPWWWpS5xLvGLAUFQKQfTW3NYD3SF
1EeLAskMBkxw8pr7QMuTNAqHHsWuung82hOPCJpE7OcK+dmpTXjXg2nabMvEqtHI
mARsutswUp4wj4+O2iKBnSTUSE+i/eLAX3zvHu/ZZMou67K1cowhSR5hgzL9J/86
XM0DJESH/rdxZE+WzQHe1MI+t1vx0YcviCbtgsBGY8S4BESam5svMPAI5x/iUx3F
bkkAKTnRVqg773oavywowGe+YUM3Dr6lwYrylPtudZ7Ks5r5+GQY7q0NBIvlXUVc
CnsmGSQLvdt1u634Eh1qOZeCT0O/Gt8L3RfLQhsObEBdjoOnsk7WgYO6dJAbfnb4
mqT2vp20S8uKvQm+Xcv1T/bFfLGszfIlOB157Vzq2Uk5CW9Od9eTXeldcLUUNr2C
fwqUlIqMypJcnShgBWMUNPQ641Lg3I50n4BWprK1hncj0q/jBU7LRx1HFmYsR16s
X5KVSCc1OOxD5/DObxHi37/OBsjz9Fr5d5pvgx83iAmiJtKzo5UwFbF4Ciq5gIML
2wkZeMH+HAIl4uYt45Dz
=t9Vh
-----END PGP SIGNATURE-----


More information about the spec mailing list