import UBI unbound-1.24.2-3.el9_8.2
This commit is contained in:
parent
eb97b3314a
commit
ca09910f67
305
SOURCES/unbound-1.25.1-CVE-2026-40622-test.patch
Normal file
305
SOURCES/unbound-1.25.1-CVE-2026-40622-test.patch
Normal file
@ -0,0 +1,305 @@
|
||||
diff --git a/unbound-1.24.2/testdata/iter_ghost_ns_childapex.rpl b/unbound-1.24.2/testdata/iter_ghost_ns_childapex.rpl
|
||||
new file mode 100644
|
||||
index 0000000..2b046a8
|
||||
--- /dev/null
|
||||
+++ b/unbound-1.24.2/testdata/iter_ghost_ns_childapex.rpl
|
||||
@@ -0,0 +1,299 @@
|
||||
+; config options
|
||||
+server:
|
||||
+ target-fetch-policy: "0 0 0 0 0"
|
||||
+ qname-minimisation: no
|
||||
+ minimal-responses: yes
|
||||
+ log-servfail: yes
|
||||
+ module-config: "iterator"
|
||||
+
|
||||
+stub-zone:
|
||||
+ name: "."
|
||||
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
+CONFIG_END
|
||||
+
|
||||
+SCENARIO_BEGIN Test for ghost domain with a child apex NS query.
|
||||
+
|
||||
+; K.ROOT-SERVERS.NET.
|
||||
+RANGE_BEGIN 0 100
|
||||
+ ADDRESS 193.0.14.129
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+. IN NS
|
||||
+SECTION ANSWER
|
||||
+. IN NS K.ROOT-SERVERS.NET.
|
||||
+SECTION ADDITIONAL
|
||||
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode subdomain
|
||||
+ADJUST copy_id copy_query
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+tld. IN NS
|
||||
+SECTION AUTHORITY
|
||||
+tld. IN NS ns.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.tld. IN A 1.2.3.5
|
||||
+ENTRY_END
|
||||
+RANGE_END
|
||||
+
|
||||
+; ns.tld
|
||||
+RANGE_BEGIN 0 15
|
||||
+ ADDRESS 1.2.3.5
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+tld. IN NS
|
||||
+SECTION ANSWER
|
||||
+tld. IN NS ns.tld
|
||||
+SECTION ADDITIONAL
|
||||
+ns.tld. IN A 1.2.3.5
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+ns.tld. IN A 1.2.3.5
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.tld. IN AAAA
|
||||
+SECTION AUTHORITY
|
||||
+tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode subdomain
|
||||
+ADJUST copy_id copy_query
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+mid.tld. IN NS
|
||||
+SECTION AUTHORITY
|
||||
+mid.tld. 5 IN NS ns.mid.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.mid.tld. 5 IN A 1.2.3.4
|
||||
+ENTRY_END
|
||||
+RANGE_END
|
||||
+
|
||||
+; ns.tld
|
||||
+RANGE_BEGIN 20 100
|
||||
+ ADDRESS 1.2.3.5
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+tld. IN NS
|
||||
+SECTION ANSWER
|
||||
+tld. IN NS ns.tld
|
||||
+SECTION ADDITIONAL
|
||||
+ns.tld. IN A 1.2.3.5
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+ns.tld. IN A 1.2.3.5
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.tld. IN AAAA
|
||||
+SECTION AUTHORITY
|
||||
+tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode subdomain
|
||||
+ADJUST copy_id copy_query
|
||||
+REPLY QR AA NXDOMAIN
|
||||
+SECTION QUESTION
|
||||
+mid.tld. IN NS
|
||||
+SECTION AUTHORITY
|
||||
+tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+RANGE_END
|
||||
+
|
||||
+; ns.mid.tld.
|
||||
+RANGE_BEGIN 0 100
|
||||
+ ADDRESS 1.2.3.4
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+mid.tld. IN NS
|
||||
+SECTION ANSWER
|
||||
+mid.tld. 86400 IN NS ns.mid.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.mid.tld. 86400 IN A 1.2.3.4
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+ns.mid.tld. IN A 1.2.3.4
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.mid.tld. IN AAAA
|
||||
+SECTION AUTHORITY
|
||||
+mid.tld. 3600 IN SOA ns.mid.tld. host.mid.tld. 20301 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode subdomain
|
||||
+ADJUST copy_id copy_query
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+sub.mid.tld. IN NS
|
||||
+SECTION AUTHORITY
|
||||
+sub.mid.tld. 3600 IN NS ns.sub.mid.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.sub.mid.tld. 3600 IN A 1.2.3.6
|
||||
+ENTRY_END
|
||||
+RANGE_END
|
||||
+
|
||||
+; ns.sub.mid.tld.
|
||||
+RANGE_BEGIN 0 100
|
||||
+ ADDRESS 1.2.3.6
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR NOERROR
|
||||
+SECTION QUESTION
|
||||
+sub.mid.tld. IN NS
|
||||
+SECTION ANSWER
|
||||
+sub.mid.tld. IN NS ns.sub.mid.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.sub.mid.tld. IN A 1.2.3.6
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.sub.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+ns.sub.mid.tld. IN A 1.2.3.6
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+ns.sub.mid.tld. IN AAAA
|
||||
+SECTION AUTHORITY
|
||||
+sub.mid.tld. 3600 IN SOA ns.sub.mid.tld. host.sub.mid.tld. 20301 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+a.sub.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+a.sub.mid.tld. 3600 IN A 10.20.30.40
|
||||
+ENTRY_END
|
||||
+
|
||||
+ENTRY_BEGIN
|
||||
+MATCH opcode qtype qname
|
||||
+ADJUST copy_id
|
||||
+REPLY QR AA NOERROR
|
||||
+SECTION QUESTION
|
||||
+b.sub.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+b.sub.mid.tld. 3600 IN A 10.20.30.41
|
||||
+ENTRY_END
|
||||
+RANGE_END
|
||||
+
|
||||
+STEP 1 QUERY
|
||||
+ENTRY_BEGIN
|
||||
+REPLY RD NOERROR
|
||||
+SECTION QUESTION
|
||||
+a.sub.mid.tld. IN A
|
||||
+ENTRY_END
|
||||
+
|
||||
+STEP 2 CHECK_ANSWER
|
||||
+ENTRY_BEGIN
|
||||
+MATCH all
|
||||
+REPLY QR RD RA NOERROR
|
||||
+SECTION QUESTION
|
||||
+a.sub.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+a.sub.mid.tld. 3600 IN A 10.20.30.40
|
||||
+ENTRY_END
|
||||
+
|
||||
+STEP 10 QUERY
|
||||
+ENTRY_BEGIN
|
||||
+REPLY RD NOERROR
|
||||
+SECTION QUESTION
|
||||
+mid.tld. IN NS
|
||||
+ENTRY_END
|
||||
+
|
||||
+STEP 11 CHECK_ANSWER
|
||||
+ENTRY_BEGIN
|
||||
+MATCH all
|
||||
+REPLY QR RD RA NOERROR
|
||||
+SECTION QUESTION
|
||||
+mid.tld. IN NS
|
||||
+SECTION ANSWER
|
||||
+mid.tld. 86400 IN NS ns.mid.tld.
|
||||
+SECTION ADDITIONAL
|
||||
+ns.mid.tld. 86400 IN A 1.2.3.4
|
||||
+ENTRY_END
|
||||
+
|
||||
+STEP 20 TIME_PASSES ELAPSE 10
|
||||
+; The authority for .tld switches to NXDOMAIN for mid.tld.
|
||||
+
|
||||
+STEP 30 QUERY
|
||||
+ENTRY_BEGIN
|
||||
+REPLY RD NOERROR
|
||||
+SECTION QUESTION
|
||||
+b.sub.mid.tld. IN A
|
||||
+ENTRY_END
|
||||
+
|
||||
+STEP 31 CHECK_ANSWER
|
||||
+ENTRY_BEGIN
|
||||
+MATCH all
|
||||
+REPLY QR RD RA NXDOMAIN
|
||||
+SECTION QUESTION
|
||||
+b.sub.mid.tld. IN A
|
||||
+SECTION ANSWER
|
||||
+SECTION AUTHORITY
|
||||
+tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600
|
||||
+ENTRY_END
|
||||
+
|
||||
+SCENARIO_END
|
||||
36
SOURCES/unbound-1.25.1-CVE-2026-40622.patch
Normal file
36
SOURCES/unbound-1.25.1-CVE-2026-40622.patch
Normal file
@ -0,0 +1,36 @@
|
||||
diff --git a/unbound-1.24.2/services/cache/rrset.c b/unbound-1.24.2/services/cache/rrset.c
|
||||
index 6d5c24f..81f4e28 100644
|
||||
--- a/unbound-1.24.2/services/cache/rrset.c
|
||||
+++ b/unbound-1.24.2/services/cache/rrset.c
|
||||
@@ -149,6 +149,16 @@ need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns)
|
||||
if(equal && cached->ttl >= timenow &&
|
||||
cached->security == sec_status_bogus)
|
||||
return 0;
|
||||
+ /* ghost-domain: never let an NS overwrite extend lifetime
|
||||
+ * past the entry it replaces, regardless of trust. */
|
||||
+ if(ns && !TTL_IS_EXPIRED(cached->ttl, timenow) &&
|
||||
+ newd->ttl > cached->ttl) {
|
||||
+ size_t i;
|
||||
+ newd->ttl = cached->ttl;
|
||||
+ for(i=0; i<(newd->count+newd->rrsig_count); i++)
|
||||
+ if(newd->rr_ttl[i] > newd->ttl)
|
||||
+ newd->rr_ttl[i] = newd->ttl;
|
||||
+ }
|
||||
return 1;
|
||||
}
|
||||
/* o item in cache has expired */
|
||||
diff --git a/unbound-1.24.2/util/data/msgparse.h b/unbound-1.24.2/util/data/msgparse.h
|
||||
index 7de4e39..d6e459d 100644
|
||||
--- a/unbound-1.24.2/util/data/msgparse.h
|
||||
+++ b/unbound-1.24.2/util/data/msgparse.h
|
||||
@@ -98,6 +98,10 @@ extern time_t SERVE_EXPIRED_REPLY_TTL;
|
||||
/** If we serve the original TTL or decrementing TTLs */
|
||||
extern int SERVE_ORIGINAL_TTL;
|
||||
|
||||
+/** Check if TTL is expired. 0 TTL is considered expired.
|
||||
+ * Used mainly to identify parts of the code that do this comparison. */
|
||||
+#define TTL_IS_EXPIRED(ttl, now) ((ttl) <= (now))
|
||||
+
|
||||
/**
|
||||
* Data stored in scratch pad memory during parsing.
|
||||
* Stores the data that will enter into the msgreply and packet result.
|
||||
64
SOURCES/unbound-1.25.1-CVE-2026-41292.patch
Normal file
64
SOURCES/unbound-1.25.1-CVE-2026-41292.patch
Normal file
@ -0,0 +1,64 @@
|
||||
diff --git a/unbound-1.24.2/util/data/msgparse.c b/unbound-1.24.2/util/data/msgparse.c
|
||||
index 2d09556..169709b 100644
|
||||
--- a/unbound-1.24.2/util/data/msgparse.c
|
||||
+++ b/unbound-1.24.2/util/data/msgparse.c
|
||||
@@ -53,6 +53,8 @@
|
||||
#include "sldns/parseutil.h"
|
||||
#include "sldns/wire2str.h"
|
||||
|
||||
+#define MAX_PARSED_EDNS_OPTIONS 100
|
||||
+
|
||||
/** smart comparison of (compressed, valid) dnames from packet */
|
||||
static int
|
||||
smart_compare(sldns_buffer* pkt, uint8_t* dnow,
|
||||
@@ -950,7 +952,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
|
||||
struct comm_reply* repinfo, uint32_t now, struct regional* region,
|
||||
struct cookie_secrets* cookie_secrets)
|
||||
{
|
||||
- int nsid_seen = 0, cookie_seen = 0, padding_seen = 0;
|
||||
+ int i = 0, nsid_seen = 0, cookie_seen = 0, padding_seen = 0;
|
||||
/* To respond with a Keepalive option, the client connection must have
|
||||
* received one message with a TCP Keepalive EDNS option, and that
|
||||
* option must have 0 length data. Subsequent messages sent on that
|
||||
@@ -970,7 +972,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
|
||||
|
||||
/* while still more options, and have code+len to read */
|
||||
/* ignores partial content (i.e. rdata len 3) */
|
||||
- while(rdata_len >= 4) {
|
||||
+ while(rdata_len >= 4 && i < MAX_PARSED_EDNS_OPTIONS) {
|
||||
uint16_t opt_code = sldns_read_uint16(rdata_ptr);
|
||||
uint16_t opt_len = sldns_read_uint16(rdata_ptr+2);
|
||||
uint8_t server_cookie[40];
|
||||
@@ -1150,6 +1152,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len,
|
||||
}
|
||||
rdata_ptr += opt_len;
|
||||
rdata_len -= opt_len;
|
||||
+ i++;
|
||||
}
|
||||
return LDNS_RCODE_NOERROR;
|
||||
}
|
||||
@@ -1164,6 +1167,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg,
|
||||
struct rrset_parse* found_prev = 0;
|
||||
size_t rdata_len;
|
||||
uint8_t* rdata_ptr;
|
||||
+ int i = 0;
|
||||
/* since the class encodes the UDP size, we cannot use hash table to
|
||||
* find the EDNS OPT record. Scan the packet. */
|
||||
while(rrset) {
|
||||
@@ -1223,7 +1227,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg,
|
||||
|
||||
/* while still more options, and have code+len to read */
|
||||
/* ignores partial content (i.e. rdata len 3) */
|
||||
- while(rdata_len >= 4) {
|
||||
+ while(rdata_len >= 4 && i < MAX_PARSED_EDNS_OPTIONS) {
|
||||
uint16_t opt_code = sldns_read_uint16(rdata_ptr);
|
||||
uint16_t opt_len = sldns_read_uint16(rdata_ptr+2);
|
||||
rdata_ptr += 4;
|
||||
@@ -1238,6 +1242,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg,
|
||||
}
|
||||
rdata_ptr += opt_len;
|
||||
rdata_len -= opt_len;
|
||||
+ i++;
|
||||
}
|
||||
/* ignore rrsigs */
|
||||
return LDNS_RCODE_NOERROR;
|
||||
51
SOURCES/unbound-1.25.1-CVE-2026-42534.patch
Normal file
51
SOURCES/unbound-1.25.1-CVE-2026-42534.patch
Normal file
@ -0,0 +1,51 @@
|
||||
diff --git a/unbound-1.24.2/services/mesh.c b/unbound-1.24.2/services/mesh.c
|
||||
index 3212a6a..23499dc 100644
|
||||
--- a/unbound-1.24.2/services/mesh.c
|
||||
+++ b/unbound-1.24.2/services/mesh.c
|
||||
@@ -296,12 +296,14 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf)
|
||||
if(mesh->num_reply_states < mesh->max_reply_states)
|
||||
return 1;
|
||||
/* try to kick out a jostle-list item */
|
||||
- if(m && m->reply_list && m->list_select == mesh_jostle_list) {
|
||||
+ if(m && m->list_select == mesh_jostle_list) {
|
||||
/* how old is it? */
|
||||
struct timeval age;
|
||||
- timeval_subtract(&age, mesh->env->now_tv,
|
||||
- &m->reply_list->start_time);
|
||||
- if(timeval_smaller(&mesh->jostle_max, &age)) {
|
||||
+ if(m->has_first_reply_time)
|
||||
+ timeval_subtract(&age, mesh->env->now_tv,
|
||||
+ &m->first_reply_time);
|
||||
+ if(!m->has_first_reply_time ||
|
||||
+ timeval_smaller(&mesh->jostle_max, &age)) {
|
||||
/* its a goner */
|
||||
log_nametypeclass(VERB_ALGO, "query jostled out to "
|
||||
"make space for a new one",
|
||||
@@ -1960,6 +1962,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns,
|
||||
r->qid = qid;
|
||||
r->qflags = qflags;
|
||||
r->start_time = *s->s.env->now_tv;
|
||||
+ if(s->reply_list == NULL && !s->has_first_reply_time) {
|
||||
+ s->first_reply_time = r->start_time;
|
||||
+ s->has_first_reply_time = 1;
|
||||
+ }
|
||||
r->next = s->reply_list;
|
||||
r->qname = regional_alloc_init(s->s.region, qinfo->qname,
|
||||
s->s.qinfo.qname_len);
|
||||
diff --git a/unbound-1.24.2/services/mesh.h b/unbound-1.24.2/services/mesh.h
|
||||
index f19f423..a61f909 100644
|
||||
--- a/unbound-1.24.2/services/mesh.h
|
||||
+++ b/unbound-1.24.2/services/mesh.h
|
||||
@@ -189,6 +189,12 @@ struct mesh_state {
|
||||
struct module_qstate s;
|
||||
/** the list of replies to clients for the results */
|
||||
struct mesh_reply* reply_list;
|
||||
+ /** if it has a first reply time */
|
||||
+ int has_first_reply_time;
|
||||
+ /** wall-clock time the first client reply was attached;
|
||||
+ * used by mesh_make_new_space() so duplicate retransmits
|
||||
+ * cannot reset jostle aging. */
|
||||
+ struct timeval first_reply_time;
|
||||
/** the list of callbacks for the results */
|
||||
struct mesh_cb* cb_list;
|
||||
/** set of superstates (that want this state's result)
|
||||
20
SOURCES/unbound-1.25.1-CVE-2026-44390.patch
Normal file
20
SOURCES/unbound-1.25.1-CVE-2026-44390.patch
Normal file
@ -0,0 +1,20 @@
|
||||
diff --git a/unbound-1.24.2/util/data/msgencode.c b/unbound-1.24.2/util/data/msgencode.c
|
||||
index 7bc55a5..f84c491 100644
|
||||
--- a/unbound-1.24.2/util/data/msgencode.c
|
||||
+++ b/unbound-1.24.2/util/data/msgencode.c
|
||||
@@ -352,7 +352,6 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
|
||||
(p = compress_tree_lookup(tree, dname, labs, &insertpt))) {
|
||||
if(!write_compressed_dname(pkt, dname, labs, p))
|
||||
return RETVAL_TRUNC;
|
||||
- (*compress_count)++;
|
||||
} else {
|
||||
if(!dname_buffer_write(pkt, dname))
|
||||
return RETVAL_TRUNC;
|
||||
@@ -360,6 +359,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs,
|
||||
if(*compress_count < MAX_COMPRESSION_PER_MESSAGE &&
|
||||
!compress_tree_store(dname, labs, pos, region, p, insertpt))
|
||||
return RETVAL_OUTMEM;
|
||||
+ (*compress_count)++;
|
||||
return RETVAL_OK;
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
Summary: Validating, recursive, and caching DNS(SEC) resolver
|
||||
Name: unbound
|
||||
Version: 1.24.2
|
||||
Release: 3%{?extra_version:.%{extra_version}}%{?dist}.1
|
||||
Release: 3%{?extra_version:.%{extra_version}}%{?dist}.2
|
||||
License: BSD
|
||||
Url: https://nlnetlabs.nl/projects/unbound/
|
||||
Source: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz
|
||||
@ -75,6 +75,16 @@ Patch4: unbound-1.25.1-CVE-2026-33278.patch
|
||||
Patch5: unbound-1.25.1-CVE-2026-42944.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2026-42959.diff
|
||||
Patch6: unbound-1.25.1-CVE-2026-42959.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2026-40622.diff
|
||||
Patch7: unbound-1.25.1-CVE-2026-40622.patch
|
||||
# https://github.com/NLnetLabs/unbound/commit/b5f21f41658f65d6143df6a3208e8ccf1a01604d
|
||||
Patch8: unbound-1.25.1-CVE-2026-40622-test.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2026-44390.diff
|
||||
Patch9: unbound-1.25.1-CVE-2026-44390.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2026-41292.diff
|
||||
Patch10: unbound-1.25.1-CVE-2026-41292.patch
|
||||
# https://nlnetlabs.nl/downloads/unbound/patch_CVE-2026-42534.diff
|
||||
Patch11: unbound-1.25.1-CVE-2026-42534.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
@ -516,8 +526,14 @@ popd
|
||||
%{_prefix}/lib/dracut/modules.d/99unbound
|
||||
|
||||
%changelog
|
||||
* Mon Jun 22 2026 Fedor Vorobev <fvorobev@redhat.com> - 1.24.2-3.2
|
||||
- Fix CVE-2026-40622 (RHEL-184840)
|
||||
Fix CVE-2026-44390 (RHEL-186688)
|
||||
Fix CVE-2026-41292 (RHEL-187352)
|
||||
Fix CVE-2026-42534 (RHEL-187095)
|
||||
|
||||
* Mon May 25 2026 Fedor Vorobev <fvorobev@redhat.com> - 1.24.2-3.1
|
||||
- Fix CVE-2026-33278 (RHEL‑177822)
|
||||
- Fix CVE-2026-33278 (RHEL-177822)
|
||||
Fix CVE-2026-42944 (RHEL-177936)
|
||||
Fix CVE-2026-42959 (RHEL-177797)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user