[git.ipfire.org] IPFire 2.x development tree branch, master, updated. dfcc64bd8aac6809d1c058cd891fddb373cb94d5

[git.ipfire.org] IPFire 2.x development tree branch, master, updated. dfcc64bd8aac6809d1c058cd891fddb373cb94d5

[Michael Tremer]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  dfcc64bd8aac6809d1c058cd891fddb373cb94d5 (commit)
      from  c9f577122c69dcdb8682cb03015f8b9f2b0874ac (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit dfcc64bd8aac6809d1c058cd891fddb373cb94d5
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu May 21 08:59:06 2026 +0000

    unbound: Update to 1.25.1
    
    This release consolidates security fixes for issues reported over
    a period of time. There are fixes for CVE-2026-33278,
    CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622,
    CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960,
    CVE-2026-44390 and CVE-2026-44608.
    
    Bug Fixes
    
    Fix CVE-2026-33278, Possible remote code execution during DNSSEC
    validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
    Fix CVE-2026-42944, Heap overflow and crash with multiple nsid,
    cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto
    Networks, for the report.
    Fix CVE-2026-42959, Crash during DNSSEC validation of malicious
    content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
    Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
    Griffiths from 'calif.io' for the report.
    Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan
    Zhang, Palo Alto Networks, for the report.
    Fix CVE-2026-41292, Parsing a long list of incoming EDNS options
    degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan
    Zhang from Palo Alto Networks, for the report.
    Fix CVE-2026-42534, Jostle logic bypass degrades resolution
    performance. Thanks to Qifan Zhang, Palo Alto Networks, for the
    report.
    Fix CVE-2026-42923, Degradation of service with unbounded NSEC3
    hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for
    the report.
    Fix CVE-2026-42960, Possible cache poisoning attack while following
    delegation. Thanks to TaoFei Guo from Peking University, Yang Luo
    and JianJun Chen, Tsinghua University, for the report.
    Fix CVE-2026-44390, Unbounded name compression in certain cases
    causes degradation of service. Thanks to Qifan Zhang, Palo Alto
    Networks, for the report.
    Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks
    to Qifan Zhang, Palo Alto Networks, for the report.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 lfs/unbound | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Difference in files:
diff --git a/lfs/unbound b/lfs/unbound
index b0691e864..7fe47f5b6 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.25.0
+VER        = 1.25.1
 
 THISAPP    = unbound-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 4c22e198c2257c251505f6845c42e67481edce2c5e8dc0c475584ef6b8e85907c322f32bd7ecfcb06243ba36fb3d91c63d8c1edd67dca66d374c6a242206e548
+$(DL_FILE)_BLAKE2 = 925d964cfaa76211b5d71ab7d16318327417e7e85791ef3b7b442b0b417e1e29fb925b7a1f3427105cc9114b5b8c093ecc9a9aa5c3457620f622a24ed3674de3
 
 install : $(TARGET)
 


hooks/post-receive
--
IPFire 2.x development tree