From f49e6ccecd0b14f6e4539583d989d52c4a20cc6f Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Wed, 16 Jul 2025 11:40:32 +0200 Subject: [PATCH] - Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li from AOSP Lab Nankai University. - Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the repository continues with the previous fixes, with 1.23.2. --- configure | 25 +++++++++++++------------ configure.ac | 5 +++-- doc/Changelog | 6 ++++++ 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/configure b/configure index dfa572e4c..e6cc137bd 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for unbound 1.23.1. +# Generated by GNU Autoconf 2.71 for unbound 1.23.2. # # Report bugs to . # @@ -622,8 +622,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='unbound' PACKAGE_TARNAME='unbound' -PACKAGE_VERSION='1.23.1' -PACKAGE_STRING='unbound 1.23.1' +PACKAGE_VERSION='1.23.2' +PACKAGE_STRING='unbound 1.23.2' PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues' PACKAGE_URL='' @@ -1513,7 +1513,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures unbound 1.23.1 to adapt to many kinds of systems. +\`configure' configures unbound 1.23.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1579,7 +1579,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of unbound 1.23.1:";; + short | recursive ) echo "Configuration of unbound 1.23.2:";; esac cat <<\_ACEOF @@ -1832,7 +1832,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -unbound configure 1.23.1 +unbound configure 1.23.2 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2489,7 +2489,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by unbound $as_me 1.23.1, which was +It was created by unbound $as_me 1.23.2, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3253,11 +3253,11 @@ UNBOUND_VERSION_MAJOR=1 UNBOUND_VERSION_MINOR=23 -UNBOUND_VERSION_MICRO=1 +UNBOUND_VERSION_MICRO=2 LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=32 +LIBUNBOUND_REVISION=33 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -3357,6 +3357,7 @@ LIBUNBOUND_AGE=1 # 1.22.0 had 9:30:1 # 1.23.0 had 9:31:1 # 1.23.1 had 9:32:1 +# 1.23.2 had 9:33:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary @@ -25290,7 +25291,7 @@ printf "%s\n" "#define MAXSYSLOGMSGLEN 10240" >>confdefs.h -version=1.23.1 +version=1.23.2 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for build time" >&5 printf %s "checking for build time... " >&6; } @@ -25820,7 +25821,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by unbound $as_me 1.23.1, which was +This file was extended by unbound $as_me 1.23.2, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -25888,7 +25889,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -unbound config.status 1.23.1 +unbound config.status 1.23.2 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 0374144a8..d92e61a28 100644 --- a/configure.ac +++ b/configure.ac @@ -12,14 +12,14 @@ sinclude(dnscrypt/dnscrypt.m4) # must be numbers. ac_defun because of later processing m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[23]) -m4_define([VERSION_MICRO],[1]) +m4_define([VERSION_MICRO],[2]) AC_INIT([unbound],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues],[unbound]) AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR]) AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR]) AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO]) LIBUNBOUND_CURRENT=9 -LIBUNBOUND_REVISION=32 +LIBUNBOUND_REVISION=33 LIBUNBOUND_AGE=1 # 1.0.0 had 0:12:0 # 1.0.1 had 0:13:0 @@ -119,6 +119,7 @@ LIBUNBOUND_AGE=1 # 1.22.0 had 9:30:1 # 1.23.0 had 9:31:1 # 1.23.1 had 9:32:1 +# 1.23.2 had 9:33:1 # Current -- the number of the binary API that we're implementing # Revision -- which iteration of the implementation of the binary diff --git a/doc/Changelog b/doc/Changelog index 9f00c1423..79e2585d9 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,9 @@ +16 July 2025: Wouter + - Fix for RebirthDay Attack CVE-2025-5994, reported by Xiang Li + from AOSP Lab Nankai University. + - Tag for 1.23.1 with the release of 1.23.0 and the CVE fix, the + repository continues with the previous fixes, with 1.23.2. + 12 July 2025: Yorgos - Merge #1289 from Roland van Rijswijk-Deij: Add extra statistic to track the number of signature validation operations. -- 2.47.2