[ubuntu/resolute-proposed] unbound 1.24.2-1ubuntu1 (Accepted)

Jonas Jelten jonas.jelten at canonical.com
Wed Dec 3 13:54:18 UTC 2025 

unbound (1.24.2-1ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2126008). Remaining changes:
    - Don't build with hiredis on i386.  hiredis and redis are not built
      on i386 and require bootstrapping due to circular
      build-dependencies; simpler to just disable this in the i386
      unbound server binary (that no one will ever use).
  * Dropped changes:
    - d/p/CVE-2025-11411 [included in 1.23.1-1]
    - d/p/Fix-RebirthDay-Attack-CVE-2025-5994 [included in 1.23.1-1]
    - d/p/fix_ftbfs_function [replaced by
      d/p/replace-deprecated-function-by-new-action in 1.24.1-2]

unbound (1.24.2-1) unstable; urgency=medium

  * new upstream security release:
    Additional fix for CVE-2025-11411 (possible domain hijacking attack),
    to include YXDOMAIN and non-referral nodata answers in the mitigation
    as well, reported by TaoFei Guo from Peking University, Yang Luo
    and JianJun Chen from Tsinghua University.
    Closes: #1121446, CVE-2025-11411
  * debian/upstream/signing-key.asc: merge two separate parts into one
    (keeping the same two keys)

unbound (1.24.1-2) unstable; urgency=medium

  * replace-deprecated-function-by-new-action.patch:
    fix build with new SWIG 4.4.0 (fix from upstream)

unbound (1.24.1-1) unstable; urgency=medium

  [ MichaIng ]
  * d/unbound.conf.d/remote-control.conf: fix typo

  [ Michael Tokarev ]
  * d/upstream/signing-key.asc: add Yorgos Thessalonikefs key
    (CFF3 344D 9087 A490)
  * new upstream security/bugfix release
    Closes: CVE-2025-11411 (possible domain hijacking attack)

unbound (1.24.0-2) unstable; urgency=medium

  * d/tests/runzones: set so-sndbuf to 0
    unbound tries to set it to a large(ish) value which is not allowed
    for a non-root.  And unbound complains to stderr, causing test failure.

unbound (1.24.0-1) unstable; urgency=medium

  * new upstream release
  * d/rules,d/libunbound-dev.install: drop static library and deps
    (Closes: #1096189)

unbound (1.23.1-1) unstable; urgency=medium

  * new upstream release
  * d/apparmor-profile: remove sssd path which is in apparmor base
    for a very long time
  * Fix-RebirthDay-Attack-CVE-2025-5994.patch: remove

Date: Tue, 02 Dec 2025 17:05:25 +0100
Changed-By: Jonas Jelten <jonas.jelten at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Lukas Märdian <lukas.maerdian at canonical.com>
https://launchpad.net/ubuntu/+source/unbound/1.24.2-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 02 Dec 2025 17:05:25 +0100
Source: unbound
Built-For-Profiles: noudeb
Architecture: source
Version: 1.24.2-1ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jonas Jelten <jonas.jelten at canonical.com>
Closes: 1096189 1121446
Launchpad-Bugs-Fixed: 2126008
Changes:
 unbound (1.24.2-1ubuntu1) resolute; urgency=medium
 .
   * Merge with Debian unstable (LP: #2126008). Remaining changes:
     - Don't build with hiredis on i386.  hiredis and redis are not built
       on i386 and require bootstrapping due to circular
       build-dependencies; simpler to just disable this in the i386
       unbound server binary (that no one will ever use).
   * Dropped changes:
     - d/p/CVE-2025-11411 [included in 1.23.1-1]
     - d/p/Fix-RebirthDay-Attack-CVE-2025-5994 [included in 1.23.1-1]
     - d/p/fix_ftbfs_function [replaced by
       d/p/replace-deprecated-function-by-new-action in 1.24.1-2]
 .
 unbound (1.24.2-1) unstable; urgency=medium
 .
   * new upstream security release:
     Additional fix for CVE-2025-11411 (possible domain hijacking attack),
     to include YXDOMAIN and non-referral nodata answers in the mitigation
     as well, reported by TaoFei Guo from Peking University, Yang Luo
     and JianJun Chen from Tsinghua University.
     Closes: #1121446, CVE-2025-11411
   * debian/upstream/signing-key.asc: merge two separate parts into one
     (keeping the same two keys)
 .
 unbound (1.24.1-2) unstable; urgency=medium
 .
   * replace-deprecated-function-by-new-action.patch:
     fix build with new SWIG 4.4.0 (fix from upstream)
 .
 unbound (1.24.1-1) unstable; urgency=medium
 .
   [ MichaIng ]
   * d/unbound.conf.d/remote-control.conf: fix typo
 .
   [ Michael Tokarev ]
   * d/upstream/signing-key.asc: add Yorgos Thessalonikefs key
     (CFF3 344D 9087 A490)
   * new upstream security/bugfix release
     Closes: CVE-2025-11411 (possible domain hijacking attack)
 .
 unbound (1.24.0-2) unstable; urgency=medium
 .
   * d/tests/runzones: set so-sndbuf to 0
     unbound tries to set it to a large(ish) value which is not allowed
     for a non-root.  And unbound complains to stderr, causing test failure.
 .
 unbound (1.24.0-1) unstable; urgency=medium
 .
   * new upstream release
   * d/rules,d/libunbound-dev.install: drop static library and deps
     (Closes: #1096189)
 .
 unbound (1.23.1-1) unstable; urgency=medium
 .
   * new upstream release
   * d/apparmor-profile: remove sssd path which is in apparmor base
     for a very long time
   * Fix-RebirthDay-Attack-CVE-2025-5994.patch: remove
Checksums-Sha1:
 6ac6f7e21efc305e5dcfc6b2e60fa1a4825214bb 3037 unbound_1.24.2-1ubuntu1.dsc
 89220193962044660fb5ec375601b3faccd4bd5b 6905018 unbound_1.24.2.orig.tar.gz
 54f7b7e91fc7ae29916cd814ec8cdd40deab1e59 37036 unbound_1.24.2-1ubuntu1.debian.tar.xz
 182165158e96e73dd660f30657229d7b1fe93f8d 9343 unbound_1.24.2-1ubuntu1_source.buildinfo
Checksums-Sha256:
 9f990e1a8f57c3fb89fb74787144248f4ee20b8160116c6d9ae6697bd9d36439 3037 unbound_1.24.2-1ubuntu1.dsc
 44e7b53e008a6dcaec03032769a212b46ab5c23c105284aa05a4f3af78e59cdb 6905018 unbound_1.24.2.orig.tar.gz
 a1024dd65e2835666c29ca53dca92f6ce4380294edc48a98e65a342fcca8a40a 37036 unbound_1.24.2-1ubuntu1.debian.tar.xz
 dfdedab91bfd4fb41e86cce0131d201c44679ce2b06c37c5da148630ffc6e6a6 9343 unbound_1.24.2-1ubuntu1_source.buildinfo
Files:
 0f9c2bfaf8ffae3b1b6d3ec2aa928887 3037 net optional unbound_1.24.2-1ubuntu1.dsc
 dfa7175de7a5cab0e8deb43a304795de 6905018 net optional unbound_1.24.2.orig.tar.gz
 f990bbd3cb85509fc0757671ea3df9d8 37036 net optional unbound_1.24.2-1ubuntu1.debian.tar.xz
 665c06b068feeebb4ecb35b797818383 9343 net optional unbound_1.24.2-1ubuntu1_source.buildinfo
Original-Maintainer: unbound packagers <unbound at packages.debian.org>
Vcs-Git: https://git.launchpad.net/~slyon/ubuntu/+source/unbound
Vcs-Git-Commit: c97417aa156889454b85bb51745d26fb7c859a20
Vcs-Git-Ref: refs/heads/lp2126008-merge-resolute

More information about the Resolute-changes mailing list