Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package unbound for openSUSE:Factory checked in at 2026-05-29 18:04:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/unbound (Old) and /work/SRC/openSUSE:Factory/.unbound.new.1937 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unbound" Fri May 29 18:04:10 2026 rev:82 rq:1355623 version:1.25.1 Changes: -------- --- /work/SRC/openSUSE:Factory/unbound/libunbound-devel-mini.changes 2026-05-08 16:43:19.956089077 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.1937/libunbound-devel-mini.changes 2026-05-29 18:04:21.731545483 +0200 @@ -1,0 +2,25 @@ +Thu May 28 11:51:49 UTC 2026 - Jorik Cronenberg <[email protected]> + +- Update to 1.25.1: + * CVE-2026-33278, bsc#1265587: Possible remote code execution + during DNSSEC validation + * CVE-2026-42944, bsc#1265578: Heap overflow and crash with + multiple nsid, cookie, padding EDNS options + * CVE-2026-42959, bsc#1265586: Crash during DNSSEC validation of + malicious content + * CVE-2026-32792, bsc#1265583: Packet of death with DNSCrypt + * CVE-2026-40622, bsc#1265581: "Ghost domain name" variant + * CVE-2026-41292, bsc#1265580: Parsing a long list of incoming + EDNS options degrades performance + * CVE-2026-42534, bsc#1265585: Jostle logic bypass degrades + resolution performance + * CVE-2026-42923, bsc#1265589: Degradation of service with + unbounded NSEC3 hash calculations + * CVE-2026-42960, bsc#1265588: Possible cache poisoning attack + while following delegation + * CVE-2026-44390, bsc#1265584: Unbounded name compression in + certain cases causes degradation of service + * CVE-2026-44608, bsc#1265582: Use after free and crash in RPZ + code. + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/unbound/unbound.changes 2026-05-08 16:43:28.608447625 +0200 +++ /work/SRC/openSUSE:Factory/.unbound.new.1937/unbound.changes 2026-05-29 18:04:23.159604547 +0200 @@ -1,0 +2,26 @@ +Thu May 28 11:51:49 UTC 2026 - Jorik Cronenberg <[email protected]> + +- Update to 1.25.1: + * CVE-2026-33278, bsc#1265587: Possible remote code execution + during DNSSEC validation + * CVE-2026-42944, bsc#1265578: Heap overflow and crash with + multiple nsid, cookie, padding EDNS options + * CVE-2026-42959, bsc#1265586: Crash during DNSSEC validation of + malicious content + * CVE-2026-32792, bsc#1265583: Packet of death with DNSCrypt + * CVE-2026-40622, bsc#1265581: "Ghost domain name" variant + * CVE-2026-41292, bsc#1265580: Parsing a long list of incoming + EDNS options degrades performance + * CVE-2026-42534, bsc#1265585: Jostle logic bypass degrades + resolution performance + * CVE-2026-42923, bsc#1265589: Degradation of service with + unbounded NSEC3 hash calculations + * CVE-2026-42960, bsc#1265588: Possible cache poisoning attack + while following delegation + * CVE-2026-44390, bsc#1265584: Unbounded name compression in + certain cases causes degradation of service + * CVE-2026-44608, bsc#1265582: Use after free and crash in RPZ + code. +- Disable quic support for non tumbleweed distros + +------------------------------------------------------------------- Old: ---- unbound-1.25.0.tar.gz unbound-1.25.0.tar.gz.asc New: ---- unbound-1.25.1.tar.gz unbound-1.25.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libunbound-devel-mini.spec ++++++ --- /var/tmp/diff_new_pack.qwPDV6/_old 2026-05-29 18:04:24.719669072 +0200 +++ /var/tmp/diff_new_pack.qwPDV6/_new 2026-05-29 18:04:24.723669238 +0200 @@ -22,7 +22,7 @@ %bcond_without hardened_build # Name: libunbound-devel-mini -Version: 1.25.0 +Version: 1.25.1 #!BcntSyncTag: unbound Release: 0 Summary: Just a devel package for build loops ++++++ unbound.spec ++++++ --- /var/tmp/diff_new_pack.qwPDV6/_old 2026-05-29 18:04:24.791672050 +0200 +++ /var/tmp/diff_new_pack.qwPDV6/_new 2026-05-29 18:04:24.791672050 +0200 @@ -25,7 +25,7 @@ %bcond_without hardened_build %bcond_without dnstap %bcond_without systemd -%if 0%{?suse_version} > 1600 +%if 0%{?suse_version} >= 1699 %bcond_without unbound_quic %else # needs openssl with quic enabled - aws-lc is sadly not a drop in as it removed some functions used by unbound @@ -43,7 +43,7 @@ %define piddir /run Name: unbound -Version: 1.25.0 +Version: 1.25.1 Release: 0 BuildRequires: flex BuildRequires: ldns-devel >= %{ldns_version} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.qwPDV6/_old 2026-05-29 18:04:24.847674366 +0200 +++ /var/tmp/diff_new_pack.qwPDV6/_new 2026-05-29 18:04:24.851674532 +0200 @@ -1,6 +1,6 @@ -mtime: 1778162468 -commit: 8129b2d3656c368b872873bf5fe202de1c4dc81ade1b52c2c038a7526781dfec +mtime: 1779969446 +commit: 50be2f35409223f8718655a3041fd431a6b5203f87f600530f5f7b8fc35c68a7 url: https://src.opensuse.org/dns/unbound -revision: 8129b2d3656c368b872873bf5fe202de1c4dc81ade1b52c2c038a7526781dfec +revision: 50be2f35409223f8718655a3041fd431a6b5203f87f600530f5f7b8fc35c68a7 projectscmsync: https://src.opensuse.org/dns/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-28 13:57:26.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ unbound-1.25.0.tar.gz -> unbound-1.25.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/unbound/unbound-1.25.0.tar.gz /work/SRC/openSUSE:Factory/.unbound.new.1937/unbound-1.25.1.tar.gz differ: char 13, line 1
