upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-05-28 04:02:33 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
8336 commits 26 branches 212 tags 165 MiB
Commit graph

8336 commits

This branch
This branch
All branches
Author SHA1 Message Date
W.C.A. Wijngaards
57f92cc97e - Fix #1457: race condition causes segfault when starting
Some checks are pending
ci / build (push) Waiting to run
Details 
threads.
 2026-05-28 09:34:04 +02:00
W.C.A. Wijngaards
c0741ccc68 - Fix analyzer warning in mesh_new_client.
Some checks are pending
ci / build (push) Waiting to run
Details
2026-05-27 16:03:15 +02:00
W.C.A. Wijngaards
fb2745024a - Fix that validator caps number of ANY RRsets it can 
validate, and the wait timer is shortened. Thanks to Qifan
  Zhang, Palo Alto Networks, for the report.
 2026-05-27 13:38:10 +02:00
W.C.A. Wijngaards
0c15ddd133 - Fix ipset module for name too long checks, race conditions 
on local name buffer, and for socket close race condition.
  Thanks to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-27 13:34:32 +02:00
W.C.A. Wijngaards
b53504049c - Fix that dns64 with subnetcache does not write ECS scoped 
answers to global cache. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.
 2026-05-27 13:31:11 +02:00
W.C.A. Wijngaards
a5324e58eb - Fix, in depth, for respip rewrite of dns64 responses. Thanks 
to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-27 13:28:41 +02:00
W.C.A. Wijngaards
963cd68535 - Fix manual to document ratelimit, that it is for target 
nameservers for a domain, and keeps queries limited. Thanks
  to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-27 13:24:44 +02:00
W.C.A. Wijngaards
047df73887 - Fix to decrement the per-netblock tcp connection limits, so 
it keeps usable. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.
 2026-05-27 13:20:35 +02:00
W.C.A. Wijngaards
d2e1ea7d19 - Fix to reset the tcp-timeout before applying a load based 
reduction. Thanks to Qifan Zhang, Palo Alto Networks, for the
  report.
 2026-05-27 13:17:35 +02:00
W.C.A. Wijngaards
fbbe95ba5b - Fix that msgencode insert_query has the correct assertion, 
for a local_alias. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.
 2026-05-27 12:20:04 +02:00
W.C.A. Wijngaards
758c649611 - Fix that the ratelimit is decremented on successful 
referrals. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.
 2026-05-27 12:16:23 +02:00
W.C.A. Wijngaards
a23f95f620 - Fix to limit the DSNS per-label walk in the iterator. Thanks 
to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-27 12:12:39 +02:00
W.C.A. Wijngaards
5363570df0 - Fix for autotrust state-file line overflow, that can give 
hold-down bypass. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.
 2026-05-27 12:09:01 +02:00
W.C.A. Wijngaards
368857a45b - Fix for mesh new client and mesh new callback to rollback the
Some checks are pending
ci / build (push) Waiting to run
Details 
added address, tcp mesh state and callback when there is a failure
  to initialize. This fixes the mesh accounting of reply addresses.
  Thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern
  Polytechnical University, for the report
 2026-05-26 16:20:11 +02:00
W.C.A. Wijngaards
40b16d0565 - Fix for signed same-owner CNAME and ordinary RRset responses.
Some checks failed
ci / build (push) Has been cancelled
Details 
Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical
  University, for the report.
 2026-05-20 16:30:37 +02:00
W.C.A. Wijngaards
08e901a1ac - Fix cleaning up DoH session. The same query can be on multiple 
streams in a session. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.
 2026-05-20 15:04:12 +02:00
W.C.A. Wijngaards
bc703c9129 - Fix lame server detection, for selfpointed glue records. 
Thanks to Shuhan Zhang, Dan Li, and Baojun Liu from Tsinghua
  University for the report.
 2026-05-20 15:01:42 +02:00
W.C.A. Wijngaards
9ce52de6c1 - Fix in depth for serve-expired responses from cachedb, that it 
does not store bogus. Thanks to Qifan Zhang, Palo Alto Networks,
  for the report.
 2026-05-20 14:58:26 +02:00
W.C.A. Wijngaards
b3aa262477 Remove the debug file.
Some checks are pending
ci / build (push) Waiting to run
Details
2026-05-20 12:43:08 +02:00
W.C.A. Wijngaards
25e112c674 - Unit test for CVE-2026-44390. 2026-05-20 12:42:04 +02:00
W.C.A. Wijngaards
0d2282d551 - Unit test for CVE-2026-42960. 2026-05-20 12:40:32 +02:00
W.C.A. Wijngaards
b5f21f4165 - Unit test for CVE-2026-40622. 2026-05-20 12:37:17 +02:00
W.C.A. Wijngaards
d357935f66 - Unit test for CVE-2026-42959. 2026-05-20 12:35:38 +02:00
W.C.A. Wijngaards
9d2e0f1c02 - Unit test for CVE-2026-42944. 2026-05-20 12:34:16 +02:00
W.C.A. Wijngaards
b46ff5c18e - Unit test for CVE-2026-33278. 2026-05-20 12:32:43 +02:00
W.C.A. Wijngaards
f597105800 - Tag for 1.25.1 release, it contains the security fixes on 1.25.0. 
the code repository continues with in addition the previous fixes,
  for 1.25.2.
 2026-05-20 11:31:53 +02:00
W.C.A. Wijngaards
3692517a41 Merge branch 'branch-1.25.1' 2026-05-20 11:19:56 +02:00
W.C.A. Wijngaards
75b6dba593 - Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks 
to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-20 10:22:52 +02:00
W.C.A. Wijngaards
138fb48eac Changelog entry. 
- Fix CVE-2026-44390, Unbounded name compression in certain cases
  causes degradation of service. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.
 2026-05-20 10:22:10 +02:00
W.C.A. Wijngaards
dae7a37974 - Fix CVE-2026-44390, Unbounded name compression in certain cases 
causes degradation of service. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.
 2026-05-20 10:21:26 +02:00
W.C.A. Wijngaards
8ae4b4545d - Fix CVE-2026-42960, Possible cache poisoning attack while following 
delegation. Thanks to TaoFei Guo from Peking University, Yang Luo
  and JianJun Chen, Tsinghua University, for the report.
 2026-05-20 10:20:45 +02:00
W.C.A. Wijngaards
c343fff3a4 - Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 
hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for
  the report.
 2026-05-20 10:20:02 +02:00
W.C.A. Wijngaards
a794c87578 - Fix CVE-2026-42534, Jostle logic bypass degrades resolution 
performance. Thanks to Qifan Zhang, Palo Alto Networks, for the
  report.
 2026-05-20 10:19:08 +02:00
W.C.A. Wijngaards
ef5ca84360 - Fix CVE-2026-41292, Parsing a long list of incoming EDNS options 
degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan
  Zhang from Palo Alto Networks, for the report.
 2026-05-20 10:18:23 +02:00
W.C.A. Wijngaards
8d8fa42266 - Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan 
Zhang, Palo Alto Networks, for the report.
 2026-05-20 10:16:18 +02:00
W.C.A. Wijngaards
a587535c5d - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew 
Griffiths from 'calif.io' for the report.
 2026-05-20 10:15:30 +02:00
W.C.A. Wijngaards
94d5babaee - Fix CVE-2026-42959, Crash during DNSSEC validation of malicious 
content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-20 10:14:32 +02:00
W.C.A. Wijngaards
fe946ba4e9 - Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, 
cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto
  Networks, for the report.
 2026-05-20 10:13:55 +02:00
W.C.A. Wijngaards
6a31e470f8 - Fix CVE-2026-33278, Possible remote code execution during DNSSEC 
validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
 2026-05-20 10:13:08 +02:00
W.C.A. Wijngaards
e577695aeb Set version to 1.25.1 for release. 2026-05-20 10:11:15 +02:00
W.C.A. Wijngaards
a58bd6cb1e - Fix for mixed class referrals, the resolver uses the query
Some checks failed
ci / build (push) Has been cancelled
Details 
class. Thanks to Xin Wang and Jiajia Liu, Northwestern
  Polytechnical University, for the report.
 2026-05-18 16:42:39 +02:00
W.C.A. Wijngaards
4bad944ae4 - Fix DNSKEY size calculation for noncanonical RSA DNSKEYs
Some checks failed
ci / build (push) Has been cancelled
Details 
with leading zeroes for n. Thanks to Xin Wang and Jiajia Liu,
  Northwestern Polytechnical University, for the report.
 2026-05-15 16:22:59 +02:00
W.C.A. Wijngaards
594182f109 - Fix DNSSEC validation with libnettle for noncanonical RSA 
DNSKEYs with leading zeroes for n. Thanks to Xin Wang and
  Jiajia Liu, Northwestern Polytechnical University, for
  the report.
 2026-05-15 16:20:52 +02:00
W.C.A. Wijngaards
53c261cb33 - Fix for allocation-failure hardening of rrset cache wildcard 
storage and canonical NSEC owner replacement. Thanks to Xin
  Wang and Jiajia Liu, Northwestern Polytechnical University,
  for the report.
 2026-05-15 16:00:58 +02:00
W.C.A. Wijngaards
8703d9a5be - Fix that for dns64 answers, the AAAA query is checked to be
Some checks are pending
ci / build (push) Waiting to run
Details 
DNSSEC validated, when DNSSEC is enabled. This improves
  the RFC6147 conformance of Unbound. Thanks to Xin Wang
  and Jiajia Liu, Northwestern Polytechnical University, for
  the report. In addition, thanks to Qifan Zhang, Palo Alto
  Networks, for reporting it.
 2026-05-15 15:43:18 +02:00
W.C.A. Wijngaards
aa9f1e68ff - Fix val_find_DS for robustness, to check the result of 
packet_rrset_copy_region before using it. Thanks to Xin Wang
  and Jiajia Liu, Northwestern Polytechnical University, for
  the report.
 2026-05-15 14:27:18 +02:00
W.C.A. Wijngaards
84a4f556b1 Merge branch 'master' of github.com:NLnetLabs/unbound 2026-05-15 08:42:40 +02:00
W.C.A. Wijngaards
5b166dbf0a - Fix man page entry for so-sndbuf, it is for responses sent out. 2026-05-15 08:42:27 +02:00
Yorgos Thessalonikefs
9e2233b821 - Fix another comment for EDNS fallback buffer size.
Some checks are pending
ci / build (push) Waiting to run
Details
2026-05-14 13:11:17 +02:00
Yorgos Thessalonikefs
13716dc8be - Fix comment and verbose logging for EDNS fallback buffer size.
Some checks failed
ci / build (push) Has been cancelled
Details
2026-05-11 20:39:38 +02:00