CVS commit: pkgsrc/net/unbound

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/unbound
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Thu, 21 May 2026 09:11:02 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu May 21 09:11:02 UTC 2026

Modified Files:
        pkgsrc/net/unbound: Makefile distinfo
        pkgsrc/net/unbound/patches: patch-configure

Log Message:
unbound: updated to 1.25.1

1.25.1

Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report.
Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report.
Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report.


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 pkgsrc/net/unbound/Makefile
cvs rdiff -u -r1.90 -r1.91 pkgsrc/net/unbound/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/net/unbound/patches/patch-configure

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/unbound/Makefile
diff -u pkgsrc/net/unbound/Makefile:1.134 pkgsrc/net/unbound/Makefile:1.135
--- pkgsrc/net/unbound/Makefile:1.134   Mon May 11 15:49:04 2026
+++ pkgsrc/net/unbound/Makefile Thu May 21 09:11:02 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.134 2026/05/11 15:49:04 adam Exp $
+# $NetBSD: Makefile,v 1.135 2026/05/21 09:11:02 adam Exp $
 
-DISTNAME=      unbound-1.25.0
+DISTNAME=      unbound-1.25.1
 CATEGORIES=    net
 MASTER_SITES=  https://nlnetlabs.nl/downloads/unbound/
 

Index: pkgsrc/net/unbound/distinfo
diff -u pkgsrc/net/unbound/distinfo:1.90 pkgsrc/net/unbound/distinfo:1.91
--- pkgsrc/net/unbound/distinfo:1.90    Mon May 11 15:49:04 2026
+++ pkgsrc/net/unbound/distinfo Thu May 21 09:11:02 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.90 2026/05/11 15:49:04 adam Exp $
+$NetBSD: distinfo,v 1.91 2026/05/21 09:11:02 adam Exp $
 
-BLAKE2s (unbound-1.25.0.tar.gz) = 2ddcc1b064bb905430945537c09648e257037c3c064976b9c7a0b5a8881d32d7
-SHA512 (unbound-1.25.0.tar.gz) = 5b11cb06d768461dc390da989d412e8724403a9cce36e95f7b401d0b512bc81ee5a68d4cd6504c89de9a11cce69b90f09e01ae72e2ddd05130b7c459691d4f85
-Size (unbound-1.25.0.tar.gz) = 6818581 bytes
-SHA1 (patch-configure) = 6a5ac60931ce3f2a2ecaaeccccd66a0f1987d735
+BLAKE2s (unbound-1.25.1.tar.gz) = ef3b05b6e747820d92e3f8cd4d233731efb62ac8458ef9c325a90de3ea5581ab
+SHA512 (unbound-1.25.1.tar.gz) = a536ff1d9b637e4ffa46ab498919ddf089b4498e65c748748c4920a6da52e1f5bacfbba9ac1dc47798d168e2ea64a7ae7ea2a581464d1fcabae241a6e38c8d13
+Size (unbound-1.25.1.tar.gz) = 6832247 bytes
+SHA1 (patch-configure) = dba648dda11d13f72f8f435ce448d0ee91d1e0bc

Index: pkgsrc/net/unbound/patches/patch-configure
diff -u pkgsrc/net/unbound/patches/patch-configure:1.7 pkgsrc/net/unbound/patches/patch-configure:1.8
--- pkgsrc/net/unbound/patches/patch-configure:1.7      Mon May 11 15:49:04 2026
+++ pkgsrc/net/unbound/patches/patch-configure  Thu May 21 09:11:02 2026
@@ -1,4 +1,4 @@
-$NetBSD: patch-configure,v 1.7 2026/05/11 15:49:04 adam Exp $
+$NetBSD: patch-configure,v 1.8 2026/05/21 09:11:02 adam Exp $
 
 Properly detect pthread_set_name_np() by linking, not compiling, as
 -Wno-implicit-function-declaration can result with false positive.
@@ -6,9 +6,9 @@ Properly detect pthread_set_name_np() by
 Pretend expat.h is found: it is guaranteed by PkgSrc, but on Darwin it might
 be buried inside an SDK; we don't want the SDK path being exposed in CFLAGS.
 
---- configure.orig     2026-04-29 08:48:39.000000000 +0000
+--- configure.orig     2026-05-20 08:28:41.000000000 +0000
 +++ configure
-@@ -19226,7 +19226,7 @@ main (void)
+@@ -19982,7 +19982,7 @@ main (void)
    return 0;
  }
  _ACEOF
@@ -17,7 +17,7 @@ be buried inside an SDK; we don't want t
  then :
  
            { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-@@ -22353,7 +22353,7 @@ fi
+@@ -23109,7 +23109,7 @@ fi
  
  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libexpat" >&5
  printf %s "checking for libexpat... " >&6; }

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/R-Rcpp
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/R-Rcpp
Indexes:

Home | Main Index | Thread Index | Old Index