unbound

upstream/unbound

Fork 0

mirror of https://github.com/NLnetLabs/unbound.git synced 2026-06-10 00:50:54 -04:00

Commit graph

Select branches

Hide pull requests

add-prometheus-metrics

branch-1.23.0

branch-1.23.1

branch-1.24.0

branch-1.24.1

branch-1.24.2

branch-1.25.0

branch-1.25.1

drachs-dnsmessage

experimental-pqc-XMSS

features/invalid-query-type

features/more-edns-in-sldns

features/rfc8914-ede

features/ub_send

features/unjostable-configured-upstreams

features/upstream-cookies

gen-autotrust

hackathon/poisonlicious

ideleg

ietf120-hackathon/svcb-alias-processing

master

rpz-zone-load

simdzone-zone-load

stats-shm-volley

xfr-soa-tls

xfr-tsig

#1

#1

#10

#1010

#1015

#1019

#102

#1027

#1028

#1030

#1040

#1041

#1042

#1043

#1048

#1049

#1053

#1054

#1057

#1057

#1058

#1058

#1062

#1069

#1070

#1073

#1076

#1078

#1080

#1081

#1081

#1087

#1087

#1090

#1098

#11

#1109

#1109

#111

#111

#1110

#1111

#1111

#1116

#113

#113

#1132

#1135

#1140

#1143

#1146

#1151

#1157

#1159

#1160

#1162

#1167

#1168

#1168

#1169

#1170

#1174

#118

#1181

#1186

#1187

#1189

#1196

#1196

#1197

#1198

#12

#120

#120

#1201

#1201

#1204

#121

#121

#1214

#1218

#1218

#122

#1220

#1221

#1222

#1224

#1229

#1238

#124

#1241

#1243

#1246

#1250

#1250

#1252

#1252

#1259

#1261

#1261

#1262

#1265

#1275

#1276

#1280

#1285

#1289

#129

#1297

#1298

#1299

#13

#1328

#1331

#1334

#1334

#1335

#1335

#1336

#1337

#134

#1347

#1349

#135

#1350

#1351

#1352

#136

#136

#1361

#1365

#1374

#1375

#1381

#1383

#1383

#1385

#1387

#1387

#1388

#1391

#1392

#1394

#1395

#1396

#1397

#1397

#1398

#1399

#1399

#14

#1400

#1401

#1406

#1408

#1409

#1411

#1413

#1415

#1418

#142

#1422

#1422

#1425

#1426

#1426

#1427

#1428

#1429

#1430

#1430

#1433

#1433

#1437

#1437

#144

#1441

#1451

#1451

#1458

#1458

#147

#148

#149

#15

#150

#151

#154

#155

#156

#159

#16

#164

#166

#17

#171

#172

#173

#174

#176

#179

#18

#180

#181

#182

#184

#186

#187

#190

#191

#194

#197

#198

#2

#2

#200

#201

#203

#204

#204

#206

#207

#208

#211

#214

#221

#225

#228

#234

#241

#25

#255

#26

#264

#265

#268

#269

#270

#272

#275

#277

#28

#280

#283

#284

#293

#295

#3

#3

#306

#311

#313

#317

#322

#324

#326

#329

#335

#340

#341

#351

#355

#363

#367

#373

#375

#377

#377

#380

#390

#391

#395

#396

#399

#4

#401

#402

#407

#408

#409

#41

#415

#420

#427

#434

#434

#440

#442

#442

#448

#449

#458

#460

#461

#466

#470

#472

#477

#477

#478

#479

#481

#486

#487

#491

#493

#494

#496

#497

#5

#504

#504

#510

#511

#512

#513

#514

#517

#519

#521

#522

#523

#526

#528

#529

#53

#530

#531

#532

#538

#544

#544

#547

#549

#555

#556

#559

#562

#563

#565

#569

#57

#570

#575

#581

#6

#600

#603

#604

#605

#612

#616

#617

#623

#629

#631

#632

#64

#64

#644

#648

#660

#664

#668

#671

#674

#677

#683

#683

#688

#695

#7

#702

#703

#706

#711

#714

#718

#72

#720

#722

#73

#730

#739

#742

#742

#749

#753

#757

#759

#76

#760

#762

#764

#767

#768

#770

#770

#774

#774

#776

#786

#787

#787

#790

#794

#794

#8

#80

#802

#804

#808

#81

#817

#817

#819

#82

#821

#826

#827

#83

#831

#840

#840

#842

#85

#857

#858

#86

#865

#866

#867

#87

#871

#875

#880

#881

#882

#884

#889

#892

#894

#896

#9

#90

#901

#902

#903

#907

#909

#911

#916

#916

#921

#921

#93

#930

#931

#932

#936

#944

#95

#951

#955

#956

#967

#968

#97

#971

#973

#975

#978

#980

#985

#987

#988

#990

#993

#999

1.11.0rc1

final-svn-state

release-0.0

release-0.1

release-0.10

release-0.11

release-0.2

release-0.3

release-0.4

release-0.5

release-0.6

release-0.7

release-0.7.1

release-0.7.2

release-0.8

release-0.9

release-1.0.0

release-1.0.1

release-1.0.2

release-1.1.0

release-1.1.1

release-1.10.0

release-1.10.0rc1

release-1.10.0rc2

release-1.10.1

release-1.11.0

release-1.11.0rc1

release-1.12.0

release-1.12.0rc1

release-1.13.0

release-1.13.0rc1

release-1.13.0rc2

release-1.13.0rc3

release-1.13.0rc4

release-1.13.1

release-1.13.1rc1

release-1.13.1rc2

release-1.13.2

release-1.13.2rc1

release-1.14.0

release-1.14.0rc1

release-1.15.0

release-1.15.0rc1

release-1.16.0

release-1.16.0rc1

release-1.16.1

release-1.16.1rc1

release-1.16.2

release-1.16.3

release-1.17.0

release-1.17.0rc1

release-1.17.1

release-1.17.1rc1

release-1.17.1rc2

release-1.18.0

release-1.18.0rc1

release-1.19.0

release-1.19.0rc1

release-1.19.1

release-1.19.2

release-1.19.3

release-1.19.3rc1

release-1.19.3rc2

release-1.2.0

release-1.2.1

release-1.20.0

release-1.20.0rc1

release-1.21.0

release-1.21.0rc1

release-1.21.1

release-1.22.0

release-1.22.0rc1

release-1.23.0

release-1.23.0rc1

release-1.23.0rc2

release-1.23.1

release-1.24.0

release-1.24.0rc1

release-1.24.1

release-1.24.2

release-1.25.0

release-1.25.0rc1

release-1.25.1

release-1.3.0

release-1.3.1

release-1.3.2

release-1.3.3

release-1.3.3rc1

release-1.3.4

release-1.4.0

release-1.4.0rc1

release-1.4.1

release-1.4.10

release-1.4.11

release-1.4.11rc1

release-1.4.11rc2

release-1.4.11rc3

release-1.4.12

release-1.4.12rc1

release-1.4.13

release-1.4.13p1

release-1.4.13p2

release-1.4.13rc1

release-1.4.13rc2

release-1.4.14

release-1.4.14rc1

release-1.4.15

release-1.4.15rc1

release-1.4.16

release-1.4.17

release-1.4.17rc1

release-1.4.18

release-1.4.18rc1

release-1.4.18rc2

release-1.4.19

release-1.4.19rc1

release-1.4.2

release-1.4.20

release-1.4.20rc1

release-1.4.21

release-1.4.21rc1

release-1.4.22

release-1.4.22rc1

release-1.4.3

release-1.4.4

release-1.4.4rc1

release-1.4.5

release-1.4.5rc1

release-1.4.6

release-1.4.6rc1

release-1.4.7

release-1.4.7rc1

release-1.4.8

release-1.4.8rc1

release-1.4.9

release-1.4.9rc1

release-1.5.0

release-1.5.0rc1

release-1.5.1

release-1.5.10

release-1.5.10rc1

release-1.5.1rc1

release-1.5.1rc2

release-1.5.2

release-1.5.2rc1

release-1.5.3

release-1.5.3rc1

release-1.5.4

release-1.5.4rc1

release-1.5.5

release-1.5.5rc1

release-1.5.6

release-1.5.6rc1

release-1.5.7

release-1.5.7rc1

release-1.5.8

release-1.5.8rc1

release-1.5.9

release-1.5.9rc1

release-1.6.0

release-1.6.0rc1

release-1.6.1

release-1.6.1rc1

release-1.6.1rc2

release-1.6.1rc3

release-1.6.2

release-1.6.2rc1

release-1.6.3

release-1.6.4

release-1.6.4rc1

release-1.6.4rc2

release-1.6.5

release-1.6.5@4299

release-1.6.6

release-1.6.6rc1

release-1.6.6rc2

release-1.6.7

release-1.6.7rc1

release-1.6.8

release-1.7.0

release-1.7.0rc1

release-1.7.0rc2

release-1.7.0rc3

release-1.7.1

release-1.7.1rc1

release-1.7.2

release-1.7.2rc1

release-1.7.3

release-1.7.3rc1

release-1.7.3rc2

release-1.8.0

release-1.8.0rc1

release-1.8.1

release-1.8.1rc1

release-1.8.2

release-1.8.2rc1

release-1.8.3

release-1.9.0

release-1.9.0rc1

release-1.9.1

release-1.9.1rc1

release-1.9.2

release-1.9.2rc1

release-1.9.2rc2

release-1.9.2rc3

release-1.9.3

release-1.9.3rc1

release-1.9.3rc2

release-1.9.4

release-1.9.5

release-1.9.6

release-1.9.6rc1

e7a713a525 - Fix unit test for ecs to check for malloc success. master W.C.A. Wijngaards 2026-06-09 16:41:37 +0200
39e67508c9

change mailing list to forum Alex Band 2026-06-08 21:48:04 +0200
80621409d9

Merge d4999d418c into 3eab974ca2 Willem Toorop 2026-06-08 17:15:30 +1200
e38204a72e

Merge 4436251a0c into 3eab974ca2 Andy Warner 2026-06-04 18:58:44 +0300
5218e7b7a6

Merge eb3f58b68c into 3eab974ca2 Jisakiel 2026-06-04 18:53:44 +0300
e4993a147b

Merge f2a2d9c1e9 into 3eab974ca2 Paul Menzel 2026-06-04 03:53:58 +0200
0942a3376e

Merge e3263636d3 into 3eab974ca2 DavidKorczynski 2026-06-04 03:49:58 +0200
22f2680ff5

Merge bc31a34416 into 3eab974ca2 Toria 2026-06-04 03:48:51 +0200
5a21321b3a

Merge b935e83cee into 3eab974ca2 Kasoo 2026-06-03 20:09:44 +0000
b935e83cee Add support for nftables sets mirroring existing ipset support Jonathan Duncan 2026-05-10 22:23:07 +0100
b406530640

Merge e843532159 into 3eab974ca2 Nikolay Shopik 2026-06-03 23:00:50 +0300
3eab974ca2 - Fix that dns64 cleans up the allocated message if the adjust routines fail, and checks if there is a reply before cache store, also unbound checks if A and AAAA are malformed for auth-zones. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-06-03 14:56:20 +0200
b1d1dcb3b6 - Fix that dump_cache has a larger buffer for records, and it checks that an owner name does not collide with BADRR on the input, and changes verbosity on the log of failure in rrset to string. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-06-03 14:51:16 +0200
10cb62aca2 - Fix that validation canonicalization of domain names in rdata checks for buffer bounds. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-06-03 14:48:06 +0200
6da73aba38 - Fix fast_reload for when a ZONEMD lookup is in progress. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-06-03 14:42:47 +0200
1b1b9626ee - Fix negative cache NSEC3 nodata proof, to use the correct message size. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-06-03 14:40:17 +0200
8bc074043a - Fix PROXYv2 header read and consume, it checks the header size. Thanks to Qifan Zhang, Palo Alto Networks for the report. W.C.A. Wijngaards 2026-06-03 14:37:37 +0200
04a6322aa4 - Fix ipset module to use larger domain name buffers, and check buffer lengths. Thanks to Qifan Zhang, Palo Alto Networks for the report. W.C.A. Wijngaards 2026-06-03 14:35:06 +0200
5748f518d1 - Fix that quotation and escaping works the same in auth-zone url content, as in the zonefile read. Thanks to Qifan Zhang, Palo Alto Networks for the report. W.C.A. Wijngaards 2026-06-03 14:32:14 +0200
d05eff4d54 - Fix parse of svcbparam ech, it had incorrect length. Thanks to Qifan Zhang, Palo Alto Networks for the report. W.C.A. Wijngaards 2026-06-03 14:05:48 +0200
4544eaa4cc - Fix const as reported by newest compiler warnings. Yorgos Thessalonikefs 2026-06-03 14:00:04 +0200
5d0770d0ad - Fix negative cache to work with NSEC3 records without salt. Thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-06-03 13:56:31 +0200
7f4beb846e - Fix that the processing of class responses does not have a heap use-after-free. That could happen if at least two distinct classes are configured for resolution. Thanks to Qifan Zhang, Palo Alto Networks for the report. In addition, thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern Polytechnical University, for also reporting this. W.C.A. Wijngaards 2026-06-03 12:14:30 +0200
e843532159 doc: revert Changelog and fix man-page whitespace regressions Nikolay Shopik 2026-05-31 10:02:37 +0300
f99f5ecb20 doc: trim client-wait-timeout man page entry to operator altitude Nikolay Shopik 2026-05-31 01:01:38 +0300
26491da097 Changelog: add client-wait-timeout Nikolay Shopik 2026-05-30 23:58:33 +0300
e698495f51 doc: document client-wait-timeout in example.conf and man page Nikolay Shopik 2026-05-30 23:58:05 +0300
f52b7e2bc0 checkconf: reject negative client-wait-timeout and warn when it pre-empts serve-expired Nikolay Shopik 2026-05-30 23:53:33 +0300
598ed97093 test: add serve-expired interaction tests for client-wait-timeout Nikolay Shopik 2026-05-30 23:47:39 +0300
69f39aaf13 test: add client-wait-timeout fairness (staggered) and TCP timeout replay tests Nikolay Shopik 2026-05-30 23:38:31 +0300
b7f979297e test: add client_wait_timeout_basic.rpl — SERVFAIL+EDE22 on timeout Nikolay Shopik 2026-05-30 23:30:42 +0300
f6c70499a1 mesh: implement client-wait-timeout timer, callback, and SERVFAIL+EDE22 emission Nikolay Shopik 2026-05-30 23:20:42 +0300
9614631dd9 stats: wire num_queries_client_wait_timeout through stats, remote, control, and fast-reload copy Nikolay Shopik 2026-05-30 23:04:10 +0300
3e05a92dab mesh: add client_wait_data, mesh_cb.start_time, and num_queries_client_wait_timeout counter Nikolay Shopik 2026-05-30 22:59:19 +0300
bd3b3296d8 config: add client-wait-timeout keyword (default 0, disabled) Nikolay Shopik 2026-05-30 22:54:12 +0300
7a5654f9c9

Merge f7c180b4ed into 8e8c04e1b9 J. Dekker 2026-05-30 22:27:16 +0300
5a9c585a5e

Merge 1aa8519b39 into 8e8c04e1b9 R. Christian McDonald 2026-05-30 22:26:50 +0300
8e8c04e1b9 - Fix unit test to check for new icannbundle.pem. W.C.A. Wijngaards 2026-05-29 12:10:40 +0200
bf0da2ed21 - Update icannbundle.pem certificates in unbound-anchor. It has the public keys for 2009 to 2029 and for 2025 to 2045. W.C.A. Wijngaards 2026-05-29 12:10:07 +0200
670ece06df - iana portlist updated. W.C.A. Wijngaards 2026-05-29 11:54:40 +0200
9e41903be8 - Fix header_seen detection for trust anchor files, so that it detects the id line. W.C.A. Wijngaards 2026-05-29 11:54:03 +0200
a69bad7b7d

Merge 7ee8ba3794 into 57f92cc97e WolverinDEV 2026-05-29 02:47:41 +0000
57f92cc97e - Fix #1457: race condition causes segfault when starting threads. W.C.A. Wijngaards 2026-05-28 09:34:04 +0200
c0741ccc68 - Fix analyzer warning in mesh_new_client. W.C.A. Wijngaards 2026-05-27 16:03:15 +0200
f9dfe7f36a

Merge 3212426574 into fb2745024a R. Christian McDonald 2026-05-27 14:42:36 +0200
27456dd144

Merge 7e9d9b03a4 into fb2745024a Petr Menšík 2026-05-27 14:42:36 +0200
fa285d9b92

Merge 4b8686f1f1 into fb2745024a TomasKorbar 2026-05-27 14:42:36 +0200
fb2745024a - Fix that validator caps number of ANY RRsets it can validate, and the wait timer is shortened. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:38:10 +0200
0c15ddd133 - Fix ipset module for name too long checks, race conditions on local name buffer, and for socket close race condition. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:34:32 +0200
b53504049c - Fix that dns64 with subnetcache does not write ECS scoped answers to global cache. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:31:11 +0200
a5324e58eb - Fix, in depth, for respip rewrite of dns64 responses. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:28:41 +0200
963cd68535 - Fix manual to document ratelimit, that it is for target nameservers for a domain, and keeps queries limited. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:24:44 +0200
047df73887 - Fix to decrement the per-netblock tcp connection limits, so it keeps usable. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:20:35 +0200
d2e1ea7d19 - Fix to reset the tcp-timeout before applying a load based reduction. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 13:17:35 +0200
fbbe95ba5b - Fix that msgencode insert_query has the correct assertion, for a local_alias. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 12:20:04 +0200
758c649611 - Fix that the ratelimit is decremented on successful referrals. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 12:16:23 +0200
a23f95f620 - Fix to limit the DSNS per-label walk in the iterator. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 12:12:39 +0200
5363570df0 - Fix for autotrust state-file line overflow, that can give hold-down bypass. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-27 12:09:01 +0200
368857a45b - Fix for mesh new client and mesh new callback to rollback the added address, tcp mesh state and callback when there is a failure to initialize. This fixes the mesh accounting of reply addresses. Thanks to Xin Wang, Jiapeng Li, and Jiajia Liu, Northwestern Polytechnical University, for the report W.C.A. Wijngaards 2026-05-26 16:20:11 +0200
0c34da016d

Merge feb101bc70 into 40b16d0565 David Gwynne 2026-05-23 08:02:03 +0800
b8e4420580

Merge b43a7c86e0 into 40b16d0565 jeepingben 2026-05-23 07:58:59 +0800
b3458ac6a5

Merge fd4af23351 into 40b16d0565 zebop117 2026-05-23 07:56:52 +0800
4d678d9240

Merge d42138976d into 40b16d0565 Ryan R Sundberg 2026-05-23 07:48:22 +0800
c4c8e36af2

Merge 2805bfd250 into 40b16d0565 Russell McConnachie 2026-05-23 07:46:47 +0800
ee330ce46e

Merge 98b0e6f80a into 40b16d0565 张欣接 2026-05-23 07:38:28 +0800
40b16d0565 - Fix for signed same-owner CNAME and ordinary RRset responses. Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-05-20 16:30:37 +0200
08e901a1ac - Fix cleaning up DoH session. The same query can be on multiple streams in a session. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 15:04:12 +0200
bc703c9129 - Fix lame server detection, for selfpointed glue records. Thanks to Shuhan Zhang, Dan Li, and Baojun Liu from Tsinghua University for the report. W.C.A. Wijngaards 2026-05-20 15:01:42 +0200
9ce52de6c1 - Fix in depth for serve-expired responses from cachedb, that it does not store bogus. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 14:58:26 +0200
b3aa262477 Remove the debug file. W.C.A. Wijngaards 2026-05-20 12:43:08 +0200
25e112c674 - Unit test for CVE-2026-44390. W.C.A. Wijngaards 2026-05-20 12:42:04 +0200
0d2282d551 - Unit test for CVE-2026-42960. W.C.A. Wijngaards 2026-05-20 12:40:32 +0200
b5f21f4165 - Unit test for CVE-2026-40622. W.C.A. Wijngaards 2026-05-20 12:37:17 +0200
d357935f66 - Unit test for CVE-2026-42959. W.C.A. Wijngaards 2026-05-20 12:35:38 +0200
9d2e0f1c02 - Unit test for CVE-2026-42944. W.C.A. Wijngaards 2026-05-20 12:34:16 +0200
b46ff5c18e - Unit test for CVE-2026-33278. W.C.A. Wijngaards 2026-05-20 12:32:43 +0200
f597105800 - Tag for 1.25.1 release, it contains the security fixes on 1.25.0. the code repository continues with in addition the previous fixes, for 1.25.2. W.C.A. Wijngaards 2026-05-20 11:31:53 +0200
3692517a41 Merge branch 'branch-1.25.1' W.C.A. Wijngaards 2026-05-20 11:19:56 +0200
75b6dba593 - Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report. release-1.25.1 branch-1.25.1 W.C.A. Wijngaards 2026-05-20 10:22:52 +0200
138fb48eac Changelog entry. - Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:22:10 +0200
dae7a37974 - Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:21:26 +0200
8ae4b4545d - Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report. W.C.A. Wijngaards 2026-05-20 10:20:45 +0200
c343fff3a4 - Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:20:02 +0200
a794c87578 - Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:19:08 +0200
ef5ca84360 - Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:18:23 +0200
8d8fa42266 - Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:16:18 +0200
a587535c5d - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report. W.C.A. Wijngaards 2026-05-20 10:15:30 +0200
94d5babaee - Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:14:32 +0200
fe946ba4e9 - Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:13:55 +0200
6a31e470f8 - Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. W.C.A. Wijngaards 2026-05-20 10:13:08 +0200
e577695aeb Set version to 1.25.1 for release. W.C.A. Wijngaards 2026-05-20 10:11:15 +0200
a58bd6cb1e - Fix for mixed class referrals, the resolver uses the query class. Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-05-18 16:42:39 +0200
5f03666c1f

Merge 608ed27270 into 4bad944ae4 Petr Menšík 2026-05-18 16:26:14 +0200
608ed27270 Fix build failure with openssl4.0 Petr Mensik 2026-04-15 17:14:25 +0200
38b2c73110 Refresh configure Petr Mensik 2026-04-15 17:17:37 +0200
7090ed6b24 Fix assignment warning in sldns Petr Mensik 2026-04-15 16:58:35 +0200
1fab1d5aa3

Merge 34d0b93c71 into 4bad944ae4 Yorgos Thessalonikefs 2026-05-17 23:34:08 +0200
4bad944ae4 - Fix DNSKEY size calculation for noncanonical RSA DNSKEYs with leading zeroes for n. Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-05-15 16:22:59 +0200
594182f109 - Fix DNSSEC validation with libnettle for noncanonical RSA DNSKEYs with leading zeroes for n. Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-05-15 16:20:52 +0200
53c261cb33 - Fix for allocation-failure hardening of rrset cache wildcard storage and canonical NSEC owner replacement. Thanks to Xin Wang and Jiajia Liu, Northwestern Polytechnical University, for the report. W.C.A. Wijngaards 2026-05-15 16:00:58 +0200