* [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 43f50ebad077bfcb68493958acd48be3a961e015
@ 2026-05-21 13:44 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-21 13:44 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, master has been updated
via 43f50ebad077bfcb68493958acd48be3a961e015 (commit)
via 88dea3a1187ad8e978db9859f8d497e1a08603ed (commit)
via 887e752e324d49db60e195b567b65f093969c3aa (commit)
from f7898141e90ce8241ac31ee40417f3addb90599e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 43f50ebad077bfcb68493958acd48be3a961e015
Author: Matthias Fischer <matthias.fischer@ipfire.org>
Date: Thu May 21 15:29:50 2026 +0200
unbound: Update to 1.25.1
For details see:
https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1
"Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC
validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for
the report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious
content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
Griffiths from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang,
Palo Alto Networks, for the report.
Fix CVE-2026-41292, Parsing a long list of incoming EDNS options
degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan
Zhang from Palo Alto Networks, for the report.
Fix CVE-2026-42534, Jostle logic bypass degrades resolution
performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash
calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.
Fix CVE-2026-42960, Possible cache poisoning attack while following
delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and
JianJun Chen, Tsinghua University, for the report.
Fix CVE-2026-44390, Unbounded name compression in certain cases causes
degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for
the report.
Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to
Qifan Zhang, Palo Alto Networks, for the report."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 88dea3a1187ad8e978db9859f8d497e1a08603ed
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 13:44:22 2026 +0000
Revert "unbound: Update to 1.25.1"
This reverts commit dfcc64bd8aac6809d1c058cd891fddb373cb94d5.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 887e752e324d49db60e195b567b65f093969c3aa
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu May 21 13:44:19 2026 +0000
Revert "unbound: Fix hash"
This reverts commit f7898141e90ce8241ac31ee40417f3addb90599e.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/unbound | 2 +-
lfs/unbound | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
Difference in files:
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index 4ab2ee5b4..2fdf58b08 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.8
-usr/lib/libunbound.so.8.1.36
+usr/lib/libunbound.so.8.1.37
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
diff --git a/lfs/unbound b/lfs/unbound
index 5bbeee66b..086025e4b 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -109,7 +109,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
-mkdir -pv /var/lib/unbound
install -v -m 644 $(DIR_SRC)/config/unbound/root.key \
/var/lib/unbound/root.key
- chown -Rv unbound:unbound /var/lib/unbound
+ chown -Rv nobody.nobody /var/lib/unbound
# Ship ICANN's certificates to validate DNS trust anchors
install -v -m 644 $(DIR_SRC)/config/unbound/icannbundle.pem \
@@ -117,7 +117,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Install the cache directory
-mkdir -pv /var/cache/unbound
- chown unbound:unbound /var/cache/unbound
+ chown nobody:nobody /var/cache/unbound
@rm -rf $(DIR_APP)
@$(POSTBUILD)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-21 13:44 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-21 13:44 [git.ipfire.org] IPFire 2.x development tree branch, master, updated. 43f50ebad077bfcb68493958acd48be3a961e015 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox