head 1.1; branch 1.1.1; access ; symbols unbound-1-25-1:1.1.1.1 NLNETLABS:1.1.1; locks ; strict; comment @# @; 1.1 date 2026.05.21.16.11.47; author christos; state Exp; branches 1.1.1.1; next ; commitid KUtmCKdRNks7oHGG; 1.1.1.1 date 2026.05.21.16.11.47; author christos; state Exp; branches ; next ; commitid KUtmCKdRNks7oHGG; desc @@ 1.1 log @Initial revision @ text @server: verbosity: 5 # num-threads: 1 interface: 127.0.0.1 port: @@PORT@@ use-syslog: no directory: . pidfile: "unbound.pid" chroot: "" username: "" do-not-query-localhost: no tls-cert-bundle: "unbound_server.pem" tls-upstream: yes forward-zone: name: "." forward-addr: "127.0.0.1@@@@TOPORT@@#unbound" forward-zone: name: "example.org." forward-addr: "127.0.0.1@@@@TOPORT@@#badname" @ 1.1.1.1 log @Import unbound 1.25.1 (previous was 1.24.2) Bug Fixes Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report. Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report. For changes to older versions see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-25-1 @ text @@