Version in base suite: 1.22.0-2+deb13u2 Base version: unbound_1.22.0-2+deb13u2 Target version: unbound_1.22.0-2+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/u/unbound/unbound_1.22.0-2+deb13u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/u/unbound/unbound_1.22.0-2+deb13u3.dsc changelog | 28 patches/26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch | 73 patches/26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch | 305 ++ patches/26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch | 243 + patches/26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch | 46 patches/26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch | 42 patches/26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch | 51 patches/26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch | 95 patches/26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch | 82 patches/26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch | 126 + patches/26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch | 50 patches/26-05/11-CVE-2026-44390-Unbounded-name-compression.patch | 35 patches/26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch | 67 patches/26-05/13-Unit-test-for-CVE-2026-33278.patch | 710 +++++ patches/26-05/14-Unit-test-for-CVE-2026-42944.patch | 1236 ++++++++++ patches/26-05/15-Unit-test-for-CVE-2026-42959.patch | 299 ++ patches/26-05/16-Unit-test-for-CVE-2026-40622.patch | 333 ++ patches/26-05/17-Unit-test-for-CVE-2026-42960.patch | 225 + patches/series | 17 19 files changed, 4063 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp426u75x_/unbound_1.22.0-2+deb13u2.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp426u75x_/unbound_1.22.0-2+deb13u3.dsc: no acceptable signature found diff -Nru unbound-1.22.0/debian/changelog unbound-1.22.0/debian/changelog --- unbound-1.22.0/debian/changelog 2026-03-15 13:38:29.000000000 +0000 +++ unbound-1.22.0/debian/changelog 2026-05-25 09:05:38.000000000 +0000 @@ -1,3 +1,31 @@ +unbound (1.22.0-2+deb13u3) trixie-security; urgency=medium + + * May-2026 security updates in debian/patches/26-05/ subdir: + 01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch + this change was part of 1.25 release, it is a slight change in behaviour + implemented after 1.22.0 release. This change is not necessary for the + security update, but it makes subsequent changes in this area to apply. + 02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch + 03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch + 04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch + 05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch + 06-CVE-2026-40622-Ghost-domain-name-variant.patch + (patch edited, expanded TTL_IS_EXPIRED() macro not present in 1.22) + 07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch + 08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch + 09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch + 10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch + 11-CVE-2026-44390-Unbounded-name-compression.patch + 12-CVE-2026-44608-UAF-in-RPZ-code.patch + 13-Unit-test-for-CVE-2026-33278.patch + 14-Unit-test-for-CVE-2026-42944.patch + 15-Unit-test-for-CVE-2026-42959.patch + 16-Unit-test-for-CVE-2026-40622.patch + 17-Unit-test-for-CVE-2026-42960.patch + (Closes: #1137187) + + -- Michael Tokarev Mon, 25 May 2026 12:05:38 +0300 + unbound (1.22.0-2+deb13u2) trixie; urgency=medium * two patches from upstream to avoid ssl handshake to root NSes: diff -Nru unbound-1.22.0/debian/patches/26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch unbound-1.22.0/debian/patches/26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch --- unbound-1.22.0/debian/patches/26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,73 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/44659cb3bf4601d2daa19a0d51ac5af54bc698bc +Forwarded: not-needed +From: Yorgos Thessalonikefs +Date: Wed, 31 Dec 2025 16:22:15 +0100 +Subject: - Use the same EDE removal logic when encoding errors as when encoding + replies. +Comment: mjt: this was part of 1.25.0 series, pick it up so subsequent fixes apply +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 2 ++ + util/data/msgencode.c | 24 ++++++++++++++++-------- + 2 files changed, 18 insertions(+), 8 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index a39a1d800..94cf509af 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -2,6 +2,8 @@ +# - Update the unbound-anchor man page to note write permissions of the +# generated file if it is to be used with Unbound's +# auto-trust-anchor-file option. +#+ - Use the same EDE removal logic when encoding errors as when encoding +#+ replies. +# +# 30 December 2025: Yorgos +# - Mark "THROWAWAY" and "(DNSSEC) LAME" responses clearly as Unbound's +diff --git a/util/data/msgencode.c b/util/data/msgencode.c +index 019da7253..8f4639519 100644 +--- a/util/data/msgencode.c ++++ b/util/data/msgencode.c +@@ -1131,22 +1131,30 @@ extended_error_encode(sldns_buffer* buf, uint16_t rcode, + sldns_buffer_write_u16(buf, qinfo->qclass); + } + sldns_buffer_flip(buf); +- if(edns) { ++ if(edns && edns->edns_present) { ++ uint16_t edns_field_size, ede_size, ede_txt_size; + struct edns_data es = *edns; + es.edns_version = EDNS_ADVERTISED_VERSION; + es.udp_size = EDNS_ADVERTISED_SIZE; + es.ext_rcode = (uint8_t)(rcode >> 4); + es.bits &= EDNS_DO; +- if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > +- edns->udp_size) { ++ /* EDEs are optional. If space is a concern try in order: ++ * - removing any EXTRA-TEXT fields from explicit EDEs, or ++ * - removing all EDEs, ++ * to see if EDNS can fit. */ ++ edns_field_size = calc_edns_field_size(&es); ++ ede_size = calc_ede_option_size(&es, &ede_txt_size); ++ if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size) ++ attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); ++ else if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_txt_size) { ++ ede_trim_text(&es.opt_list_inplace_cb_out); ++ ede_trim_text(&es.opt_list_out); ++ attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); ++ } else if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_size) { + edns_opt_list_remove(&es.opt_list_inplace_cb_out, LDNS_EDNS_EDE); + edns_opt_list_remove(&es.opt_list_out, LDNS_EDNS_EDE); +- if(sldns_buffer_limit(buf) + calc_edns_field_size(&es) > +- edns->udp_size) { +- return; +- } ++ attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); + } +- attach_edns_record(buf, &es); + } + } + +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch unbound-1.22.0/debian/patches/26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch --- unbound-1.22.0/debian/patches/26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,305 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/6a31e470f80a6e5c559ebe7fd4cfc0582d3b6d0a +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:13:08 +0200 +Subject: - Fix CVE-2026-33278, Possible remote code execution during DNSSEC + validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 4 ++ + services/cache/dns.c | 8 +++- + testdata/val_nsec3_iter_high.rpl | 18 ++++---- + testdata/val_nx_nsec3_collision.rpl | 31 +++++-------- + testdata/val_nx_nsec3_params.rpl | 22 +++++---- + validator/val_nsec3.c | 71 +++++++++++++++++++++++++++++ + 6 files changed, 115 insertions(+), 39 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index a1c5e918a..5bbe849bc 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -1,3 +1,7 @@ +#+20 May 2026: Wouter +#+ - Fix CVE-2026-33278, Possible remote code execution during DNSSEC +#+ validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +#+ +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +# doq_repinfo_retrieve_localaddr(). +diff --git a/services/cache/dns.c b/services/cache/dns.c +index c593dcd72..f6ce272a5 100644 +--- a/services/cache/dns.c ++++ b/services/cache/dns.c +@@ -712,10 +712,16 @@ struct dns_msg* + dns_msg_deepcopy_region(struct dns_msg* origin, struct regional* region) + { + size_t i; ++ struct ub_packed_rrset_key** saved_rrsets; + struct dns_msg* res = NULL; ++ size_t rep_alloc_size = sizeof(struct reply_info) ++ - sizeof(struct rrset_ref); /* this is the size of res->rep ++ allocated in gen_dns_msg() */ + res = gen_dns_msg(region, &origin->qinfo, origin->rep->rrset_count); + if(!res) return NULL; +- *res->rep = *origin->rep; ++ saved_rrsets = res->rep->rrsets; /* save rrsets alloc by gen_dns_msg */ ++ memcpy(res->rep, origin->rep, rep_alloc_size); ++ res->rep->rrsets = saved_rrsets; + if(origin->rep->reason_bogus_str) { + res->rep->reason_bogus_str = regional_strdup(region, + origin->rep->reason_bogus_str); +diff --git a/testdata/val_nsec3_iter_high.rpl b/testdata/val_nsec3_iter_high.rpl +index 2b78f0b7f..703092d89 100644 +--- a/testdata/val_nsec3_iter_high.rpl ++++ b/testdata/val_nsec3_iter_high.rpl +@@ -120,12 +120,12 @@ example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 720 + example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} + + ; closest encloser, H(example.com). +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} ++b6fuorg741ufili49mg9j4328ig53sqg.example.com. NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh SOA NS MX DNSKEY RRSIG ++b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJlV5car66lq5f0ASx7W47A/OADkARAXzKt9ZLojXze+FWK9JjAX+eA= + +-; wildcard denial, H(*.example.com.) = 4f3cnt8cu22tngec382jj4gde4rb47ub +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} ++; wildcard denial, H(*.example.com.) = k1a2vr9c269jummpru5d68qllbfmtdcb. ++k1a2vr9c269jummpru5d68qllbfmtacb.example.com. NSEC3 1 1 123 aabb00123456bbccdd k1a2vr9c269jummpru5d68qllbfmtgcb A MX RRSIG ++k1a2vr9c269jummpru5d68qllbfmtacb.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AARB9z4C1WZUI3WP3QAR7RJXFnN0qEBkEt8ocudxXzms4/7/2l6NNWc= + + ; next closer name, H(www.example.com.) = s1unhcti19bkdr98fegs0v46mbu3t4m3. + s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +@@ -152,10 +152,10 @@ SECTION ANSWER + SECTION AUTHORITY + example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 + example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} ++b6fuorg741ufili49mg9j4328ig53sqg.example.com. NSEC3 1 1 123 aabb00123456bbccdd b6fuorg741ufili49mg9j4328ig53sqh SOA NS MX DNSKEY RRSIG ++b6fuorg741ufili49mg9j4328ig53sqg.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AJlV5car66lq5f0ASx7W47A/OADkARAXzKt9ZLojXze+FWK9JjAX+eA= ++k1a2vr9c269jummpru5d68qllbfmtacb.example.com. NSEC3 1 1 123 aabb00123456bbccdd k1a2vr9c269jummpru5d68qllbfmtgcb A MX RRSIG ++k1a2vr9c269jummpru5d68qllbfmtacb.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. AARB9z4C1WZUI3WP3QAR7RJXFnN0qEBkEt8ocudxXzms4/7/2l6NNWc= + s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG + s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} + +diff --git a/testdata/val_nx_nsec3_collision.rpl b/testdata/val_nx_nsec3_collision.rpl +index 87a55f565..1b1f49e80 100644 +--- a/testdata/val_nx_nsec3_collision.rpl ++++ b/testdata/val_nx_nsec3_collision.rpl +@@ -89,6 +89,17 @@ ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.com. IN AAAA ++SECTION AUTHORITY ++example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 ++example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} ++ENTRY_END ++ + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname +@@ -163,29 +174,11 @@ STEP 2 TIME_PASSES ELAPSE 0.05 + STEP 10 CHECK_ANSWER + ENTRY_BEGIN + MATCH all +-REPLY QR RD RA DO NXDOMAIN ++REPLY QR RD RA DO SERVFAIL + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + SECTION AUTHORITY +-example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +-example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 123 aabb00123456bbccdd 6md8numosa4q9ugkffdo1bmm82t5j49s A RRSIG +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHndWrEEbuzezs/4lxeiMgEuUsUbAhR72gJgd/Zmhf80yoxCauw9k5OkCw== ;{id = 2854} +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 18 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 19 - 4f3cnt8cu22tngec382jj4gde4rb87ub A RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDRwji51WCXJg7W/3+Jx586af5qgAhQPxHegtzu1I/QbvCNrOOON05N1rw== ;{id = 2854} +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 18 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 19 - s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 00 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 01 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 02 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 20 03 s1unhcti19bkdr98fegs0v46mbu3t4m4 A RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFDLy4GbR8ZaKHATVJGnGxzpsuq60AhQ1/pRbXi1ZbcYohzHgWzNC50fC5A== ;{id = 2854} +- + SECTION ADDITIONAL + ENTRY_END + +diff --git a/testdata/val_nx_nsec3_params.rpl b/testdata/val_nx_nsec3_params.rpl +index dd3ab6b57..59bef2be3 100644 +--- a/testdata/val_nx_nsec3_params.rpl ++++ b/testdata/val_nx_nsec3_params.rpl +@@ -88,6 +88,17 @@ ns.example.com. IN A 1.2.3.4 + ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} + ENTRY_END + ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.com. IN AAAA ++SECTION AUTHORITY ++example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 ++example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} ++ENTRY_END ++ + ; response to DNSKEY priming query + ENTRY_BEGIN + MATCH opcode qtype qname +@@ -144,20 +155,11 @@ ENTRY_END + STEP 10 CHECK_ANSWER + ENTRY_BEGIN + MATCH all +-REPLY QR RD RA DO NXDOMAIN ++REPLY QR RD RA DO SERVFAIL + SECTION QUESTION + www.example.com. IN A + SECTION ANSWER + SECTION AUTHORITY +-example.com. IN SOA ns.example.com. hostmaster.example.com. 2007090400 28800 7200 604800 18000 +-example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFCNGZ+/OfElYQMCZ77O9Lw9rhk7PAhUAmDcvTAst6Bq83qPq3r6c/Dm1nFc= ;{id = 2854} +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. NSEC3 1 1 8 - 6md8numosa4q9ugkffdo1bmm82t5j49s SOA NS MX DNSKEY RRSIG +-6md8numosa4q9ugkffdo1bmm82t5j39s.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCz/LkFOFcaQzVnyySW9ZoVUnxh7gIUdxyS9vqVDzo8pGhFU+3YogN2ZRk= ;{id = 2854} +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. NSEC3 1 1 0 - 4f3cnt8cu22tngec382jj4gde4rb48ub A MX RRSIG +-4f3cnt8cu22tngec382jj4gde4rb46ub.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MCwCFHS+i/OB/V/gYmS1eQTXieXIXGjsAhQQ0Ql7TW/hsUklrb0DfoyhVPG95Q== ;{id = 2854} +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. NSEC3 1 1 123 aabb00123456bbccdd s1unhcti19bkdr98fegs0v46mbu3t4m4 A MX RRSIG +-s1unhcti19bkdr98fegs0v46mbu3t4m2.example.com. 3600 IN RRSIG NSEC3 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFFSH4klZKke48dYyddYDj17gjTS0AhUAltWicpFLWqW98/Af9Qlx70MH8o4= ;{id = 2854} +- + SECTION ADDITIONAL + ENTRY_END + +diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c +index 998fcc4e3..92d853825 100644 +--- a/validator/val_nsec3.c ++++ b/validator/val_nsec3.c +@@ -456,6 +456,67 @@ filter_init(struct nsec3_filter* filter, struct ub_packed_rrset_key** list, + } + } + ++/** Check if the NSEC3s have the same parameter set. */ ++static int ++param_set_same(struct nsec3_filter* flt, char** reason) ++{ ++ size_t rrsetnum; ++ int rrnum; ++ struct ub_packed_rrset_key* rrset; ++ int have_params = 0; ++ int first_algo = 0; ++ size_t first_iter = 0; ++ uint8_t* first_salt = NULL; ++ size_t first_saltlen = 0; ++ ++ /* If the NSEC3 parameter sets have distinct values, then they are ++ * from different NSEC3 chains, and we do not want that. */ ++ for(rrset=filter_first(flt, &rrsetnum, &rrnum); rrset; ++ rrset=filter_next(flt, &rrsetnum, &rrnum)) { ++ if(!have_params) { ++ first_algo = nsec3_get_algo(rrset, rrnum); ++ first_iter = nsec3_get_iter(rrset, rrnum); ++ if(!nsec3_get_salt(rrset, rrnum, &first_salt, ++ &first_saltlen)) { ++ verbose(VERB_ALGO, "NSEC3 salt malformed"); ++ if(reason) ++ *reason = "NSEC3 salt malformed"; ++ return 0; ++ } ++ have_params = 1; ++ } else { ++ uint8_t* salt = NULL; ++ size_t saltlen = 0; ++ if(nsec3_get_algo(rrset, rrnum) != first_algo) { ++ verbose(VERB_ALGO, "NSEC3 algorithm mismatch"); ++ if(reason) ++ *reason = "NSEC3 algorithm mismatch"; ++ return 0; ++ } ++ if(nsec3_get_iter(rrset, rrnum) != first_iter) { ++ verbose(VERB_ALGO, "NSEC3 iterations mismatch"); ++ if(reason) ++ *reason = "NSEC3 iterations mismatch"; ++ return 0; ++ } ++ if(!nsec3_get_salt(rrset, rrnum, &salt, &saltlen)) { ++ verbose(VERB_ALGO, "NSEC3 salt malformed"); ++ if(reason) ++ *reason = "NSEC3 salt malformed"; ++ return 0; ++ } ++ if(saltlen != first_saltlen || ++ memcmp(salt, first_salt, saltlen) != 0) { ++ verbose(VERB_ALGO, "NSEC3 salt mismatch"); ++ if(reason) ++ *reason = "NSEC3 salt mismatch"; ++ return 0; ++ } ++ } ++ } ++ return 1; ++} ++ + /** + * Find max iteration count using config settings and key size + * @param ve: validator environment with iteration count config settings. +@@ -1192,6 +1253,8 @@ nsec3_prove_nameerror(struct module_env* env, struct val_env* ve, + filter_init(&flt, list, num, qinfo); /* init RR iterator */ + if(!flt.zone) + return sec_status_bogus; /* no RRs */ ++ if(!param_set_same(&flt, NULL)) ++ return sec_status_bogus; /* nsec3 params from distinct chains*/ + if(nsec3_iteration_count_high(ve, &flt, kkey)) + return sec_status_insecure; /* iteration count too high */ + log_nametypeclass(VERB_ALGO, "start nsec3 nameerror proof, zone", +@@ -1378,6 +1441,8 @@ nsec3_prove_nodata(struct module_env* env, struct val_env* ve, + filter_init(&flt, list, num, qinfo); /* init RR iterator */ + if(!flt.zone) + return sec_status_bogus; /* no RRs */ ++ if(!param_set_same(&flt, NULL)) ++ return sec_status_bogus; /* nsec3 params from distinct chains*/ + if(nsec3_iteration_count_high(ve, &flt, kkey)) + return sec_status_insecure; /* iteration count too high */ + return nsec3_do_prove_nodata(env, &flt, ct, qinfo, calc); +@@ -1401,6 +1466,8 @@ nsec3_prove_wildcard(struct module_env* env, struct val_env* ve, + filter_init(&flt, list, num, qinfo); /* init RR iterator */ + if(!flt.zone) + return sec_status_bogus; /* no RRs */ ++ if(!param_set_same(&flt, NULL)) ++ return sec_status_bogus; /* nsec3 params from distinct chains*/ + if(nsec3_iteration_count_high(ve, &flt, kkey)) + return sec_status_insecure; /* iteration count too high */ + +@@ -1503,6 +1570,8 @@ nsec3_prove_nods(struct module_env* env, struct val_env* ve, + *reason = "no NSEC3 records"; + return sec_status_bogus; /* no RRs */ + } ++ if(!param_set_same(&flt, reason)) ++ return sec_status_bogus; /* nsec3 params from distinct chains*/ + if(nsec3_iteration_count_high(ve, &flt, kkey)) + return sec_status_insecure; /* iteration count too high */ + +@@ -1596,6 +1665,8 @@ nsec3_prove_nxornodata(struct module_env* env, struct val_env* ve, + filter_init(&flt, list, num, qinfo); /* init RR iterator */ + if(!flt.zone) + return sec_status_bogus; /* no RRs */ ++ if(!param_set_same(&flt, NULL)) ++ return sec_status_bogus; /* nsec3 params from distinct chains*/ + if(nsec3_iteration_count_high(ve, &flt, kkey)) + return sec_status_insecure; /* iteration count too high */ + +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch unbound-1.22.0/debian/patches/26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch --- unbound-1.22.0/debian/patches/26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,243 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/fe946ba4e935a1528e6866e108e5bc9e7533ae18 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:13:55 +0200 +Subject: - Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, + cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto + Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 3 +++ + testcode/unitmain.c | 4 ++-- + util/data/msgencode.c | 36 +++++++++++++++++++++++------------- + util/data/msgencode.h | 4 ++-- + util/data/msgparse.c | 10 +++++++--- + 5 files changed, 37 insertions(+), 20 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index 5bbe849bc..e003ed3fe 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -1,6 +1,9 @@ +# 20 May 2026: Wouter +# - Fix CVE-2026-33278, Possible remote code execution during DNSSEC +# validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +#+ - Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, +#+ cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto +#+ Networks, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/testcode/unitmain.c b/testcode/unitmain.c +index 79ce45f39..4bc756a07 100644 +--- a/testcode/unitmain.c ++++ b/testcode/unitmain.c +@@ -1092,7 +1092,7 @@ static void edns_ede_encode_notxt_fit_test( struct query_info* qinfo, + { + struct edns_data edns; + sldns_buffer* pkt; +- uint16_t edns_field_size, ede_txt_size; ++ size_t edns_field_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); +@@ -1123,7 +1123,7 @@ static void edns_ede_encode_no_fit_test( struct query_info* qinfo, + { + struct edns_data edns; + sldns_buffer* pkt; +- uint16_t edns_field_size, ede_size, ede_txt_size; ++ size_t edns_field_size, ede_size, ede_txt_size; + int found_ede = 0, found_ede_other = 0, found_ede_txt = 0; + int found_other_edns = 0; + edns_ede_encode_setup(&edns, region); +diff --git a/util/data/msgencode.c b/util/data/msgencode.c +index 8f4639519..10979df9c 100644 +--- a/util/data/msgencode.c ++++ b/util/data/msgencode.c +@@ -820,7 +820,7 @@ reply_info_encode(struct query_info* qinfo, struct reply_info* rep, + return 1; + } + +-uint16_t ++size_t + calc_edns_field_size(struct edns_data* edns) + { + size_t rdatalen = 0; +@@ -856,7 +856,7 @@ calc_edns_option_size(struct edns_data* edns, uint16_t code) + } + + uint16_t +-calc_ede_option_size(struct edns_data* edns, uint16_t* txt_size) ++calc_ede_option_size(struct edns_data* edns, size_t* txt_size) + { + size_t rdatalen = 0; + struct edns_option* opt; +@@ -958,6 +958,10 @@ attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns, + padding_option = opt; + continue; + } ++ if(sldns_buffer_position(pkt) + opt->opt_len + 4 > max_msg_sz) ++ break; /* no space for it */ ++ if(!sldns_buffer_available(pkt, 4 + opt->opt_len)) ++ break; + sldns_buffer_write_u16(pkt, opt->opt_code); + sldns_buffer_write_u16(pkt, opt->opt_len); + if(opt->opt_len != 0) +@@ -968,12 +972,18 @@ attach_edns_record_max_msg_sz(sldns_buffer* pkt, struct edns_data* edns, + padding_option = opt; + continue; + } ++ if(sldns_buffer_position(pkt) + opt->opt_len + 4 > max_msg_sz) ++ break; /* no space for it */ ++ if(!sldns_buffer_available(pkt, 4 + opt->opt_len)) ++ break; + sldns_buffer_write_u16(pkt, opt->opt_code); + sldns_buffer_write_u16(pkt, opt->opt_len); + if(opt->opt_len != 0) + sldns_buffer_write(pkt, opt->opt_data, opt->opt_len); + } +- if (padding_option && edns->padding_block_size ) { ++ if (padding_option && edns->padding_block_size && ++ sldns_buffer_position(pkt)+4 <= max_msg_sz && ++ sldns_buffer_available(pkt, 4) /* if there is space for it */) { + size_t pad_pos = sldns_buffer_position(pkt); + size_t msg_sz = ((pad_pos + 3) / edns->padding_block_size + 1) + * edns->padding_block_size; +@@ -1017,7 +1027,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, + { + uint16_t flags; + unsigned int attach_edns = 0; +- uint16_t edns_field_size, ede_size, ede_txt_size; ++ size_t edns_field_size, ede_size, ede_txt_size; + + if(!cached || rep->authoritative) { + /* original flags, copy RD and CD bits from query. */ +@@ -1044,12 +1054,12 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, + * calculate sizes once here */ + edns_field_size = calc_edns_field_size(edns); + ede_size = calc_ede_option_size(edns, &ede_txt_size); +- if(sldns_buffer_capacity(pkt) < udpsize) ++ if(sldns_buffer_capacity(pkt) < (size_t)udpsize) + udpsize = sldns_buffer_capacity(pkt); + if(!edns || !edns->edns_present) { + attach_edns = 0; + /* EDEs are optional, try to fit anything else before them */ +- } else if(udpsize < LDNS_HEADER_SIZE + edns_field_size - ede_size) { ++ } else if((size_t)udpsize < (size_t)LDNS_HEADER_SIZE + edns_field_size - ede_size) { + /* packet too small to contain edns, omit it. */ + attach_edns = 0; + } else { +@@ -1063,13 +1073,13 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, + return 0; + } + if(attach_edns) { +- if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size) ++ if((size_t)udpsize >= sldns_buffer_limit(pkt) + edns_field_size) + attach_edns_record_max_msg_sz(pkt, edns, udpsize); +- else if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_txt_size) { ++ else if((size_t)udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_txt_size) { + ede_trim_text(&edns->opt_list_inplace_cb_out); + ede_trim_text(&edns->opt_list_out); + attach_edns_record_max_msg_sz(pkt, edns, udpsize); +- } else if(udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_size) { ++ } else if((size_t)udpsize >= sldns_buffer_limit(pkt) + edns_field_size - ede_size) { + edns_opt_list_remove(&edns->opt_list_inplace_cb_out, LDNS_EDNS_EDE); + edns_opt_list_remove(&edns->opt_list_out, LDNS_EDNS_EDE); + attach_edns_record_max_msg_sz(pkt, edns, udpsize); +@@ -1132,7 +1142,7 @@ extended_error_encode(sldns_buffer* buf, uint16_t rcode, + } + sldns_buffer_flip(buf); + if(edns && edns->edns_present) { +- uint16_t edns_field_size, ede_size, ede_txt_size; ++ size_t edns_field_size, ede_size, ede_txt_size; + struct edns_data es = *edns; + es.edns_version = EDNS_ADVERTISED_VERSION; + es.udp_size = EDNS_ADVERTISED_SIZE; +@@ -1144,13 +1154,13 @@ extended_error_encode(sldns_buffer* buf, uint16_t rcode, + * to see if EDNS can fit. */ + edns_field_size = calc_edns_field_size(&es); + ede_size = calc_ede_option_size(&es, &ede_txt_size); +- if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size) ++ if((size_t)edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size) + attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); +- else if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_txt_size) { ++ else if((size_t)edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_txt_size) { + ede_trim_text(&es.opt_list_inplace_cb_out); + ede_trim_text(&es.opt_list_out); + attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); +- } else if(edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_size) { ++ } else if((size_t)edns->udp_size >= sldns_buffer_limit(buf) + edns_field_size - ede_size) { + edns_opt_list_remove(&es.opt_list_inplace_cb_out, LDNS_EDNS_EDE); + edns_opt_list_remove(&es.opt_list_out, LDNS_EDNS_EDE); + attach_edns_record_max_msg_sz(buf, &es, edns->udp_size); +diff --git a/util/data/msgencode.h b/util/data/msgencode.h +index 0363a90bf..f561fe1dd 100644 +--- a/util/data/msgencode.h ++++ b/util/data/msgencode.h +@@ -106,7 +106,7 @@ void qinfo_query_encode(struct sldns_buffer* pkt, struct query_info* qinfo); + * @param edns: edns data or NULL. + * @return octets to reserve for EDNS. + */ +-uint16_t calc_edns_field_size(struct edns_data* edns); ++size_t calc_edns_field_size(struct edns_data* edns); + + /** + * Calculate the size of a specific EDNS option in packet. +@@ -127,7 +127,7 @@ uint16_t calc_edns_option_size(struct edns_data* edns, uint16_t code); + * extra text. + * @return octets the option will take up. + */ +-uint16_t calc_ede_option_size(struct edns_data* edns, uint16_t* txt_size); ++uint16_t calc_ede_option_size(struct edns_data* edns, size_t* txt_size); + + /** + * Attach EDNS record to buffer. Buffer has complete packet. There must +diff --git a/util/data/msgparse.c b/util/data/msgparse.c +index afbcbca5b..a38bed62e 100644 +--- a/util/data/msgparse.c ++++ b/util/data/msgparse.c +@@ -950,6 +950,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + struct comm_reply* repinfo, uint32_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) + { ++ int nsid_seen = 0, cookie_seen = 0, padding_seen = 0; + /* To respond with a Keepalive option, the client connection must have + * received one message with a TCP Keepalive EDNS option, and that + * option must have 0 length data. Subsequent messages sent on that +@@ -984,8 +985,9 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + /* handle parse time edns options here */ + switch(opt_code) { + case LDNS_EDNS_NSID: +- if (!cfg || !cfg->nsid) ++ if (!cfg || !cfg->nsid || nsid_seen) + break; ++ nsid_seen = 1; + if(!edns_opt_list_append(&edns->opt_list_out, + LDNS_EDNS_NSID, cfg->nsid_len, + cfg->nsid, region)) { +@@ -1027,8 +1029,9 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + + case LDNS_EDNS_PADDING: + if(!cfg || !cfg->pad_responses || +- !c || c->type != comm_tcp ||!c->ssl) ++ !c || c->type != comm_tcp ||!c->ssl || padding_seen) + break; ++ padding_seen = 1; + if(!edns_opt_list_append(&edns->opt_list_out, + LDNS_EDNS_PADDING, + 0, NULL, region)) { +@@ -1039,8 +1042,9 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + break; + + case LDNS_EDNS_COOKIE: +- if(!cfg || !cfg->do_answer_cookie || !repinfo) ++ if(!cfg || !cfg->do_answer_cookie || !repinfo || cookie_seen) + break; ++ cookie_seen = 1; + if(opt_len != 8 && (opt_len < 16 || opt_len > 40)) { + verbose(VERB_ALGO, "worker request: " + "badly formatted cookie"); +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch unbound-1.22.0/debian/patches/26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch --- unbound-1.22.0/debian/patches/26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,46 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/94d5babaee22a016e376bdcfee2b9bb40360367c +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:14:32 +0200 +Subject: - Fix CVE-2026-42959, Crash during DNSSEC validation of malicious + content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 2 ++ + validator/val_utils.c | 4 ++-- + 2 files changed, 4 insertions(+), 2 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index e003ed3fe..d8ef6ee82 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -4,6 +4,8 @@ +# - Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, +# cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto +# Networks, for the report. +#+ - Fix CVE-2026-42959, Crash during DNSSEC validation of malicious +#+ content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/validator/val_utils.c b/validator/val_utils.c +index 411a63b25..8e4c91900 100644 +--- a/validator/val_utils.c ++++ b/validator/val_utils.c +@@ -1066,10 +1066,10 @@ val_fill_reply(struct reply_info* chase, struct reply_info* orig, + if(query_dname_compare(name, + orig->rrsets[i]->rk.dname) == 0) + chase->rrsets[chase->an_numrrsets +- +orig->ns_numrrsets+chase->ar_numrrsets++] ++ +chase->ns_numrrsets+chase->ar_numrrsets++] + = orig->rrsets[i]; + } else if(rrset_has_signer(orig->rrsets[i], name, len)) { +- chase->rrsets[chase->an_numrrsets+orig->ns_numrrsets+ ++ chase->rrsets[chase->an_numrrsets+chase->ns_numrrsets+ + chase->ar_numrrsets++] = orig->rrsets[i]; + } + } +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch unbound-1.22.0/debian/patches/26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch --- unbound-1.22.0/debian/patches/26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,42 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/a587535c5dd8a5ea8259507152f055be318367df +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:15:30 +0200 +Subject: - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew + Griffiths from 'calif.io' for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + dnscrypt/dnscrypt.c | 2 +- + doc/Changelog | 2 ++ + 2 files changed, 3 insertions(+), 1 deletion(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index d8ef6ee82..614e92ed6 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -6,6 +6,8 @@ +# Networks, for the report. +# - Fix CVE-2026-42959, Crash during DNSSEC validation of malicious +# content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +#+ - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew +#+ Griffiths from 'calif.io' for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c +index 4902447fd..173484cdf 100644 +--- a/dnscrypt/dnscrypt.c ++++ b/dnscrypt/dnscrypt.c +@@ -361,7 +361,7 @@ dnscrypt_server_uncurve(struct dnsc_env* env, + + len -= DNSCRYPT_QUERY_HEADER_SIZE; + +- while (*sldns_buffer_at(buffer, --len) == 0) ++ while (len>0 && *sldns_buffer_at(buffer, --len) == 0) + ; + + if (*sldns_buffer_at(buffer, len) != 0x80) { +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch unbound-1.22.0/debian/patches/26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch --- unbound-1.22.0/debian/patches/26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,51 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/8d8fa4226613138f5a244a9f1a2506704e049180 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:16:18 +0200 +Subject: - Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan + Zhang, Palo Alto Networks, for the report. +Comment: mjt: change TTL_IS_EXPIRED() back to direct comparison for 1.22 +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 2 ++ + services/cache/rrset.c | 10 ++++++++++ + 2 files changed, 12 insertions(+) + +#diff --git a/doc/Changelog b/doc/Changelog +#index 614e92ed6..66895692d 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -8,6 +8,8 @@ +# content. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +# - Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew +# Griffiths from 'calif.io' for the report. +#+ - Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan +#+ Zhang, Palo Alto Networks, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/services/cache/rrset.c b/services/cache/rrset.c +index c1716a565..ab4f4c8e0 100644 +--- a/services/cache/rrset.c ++++ b/services/cache/rrset.c +@@ -149,6 +149,16 @@ need_to_update_rrset(void* nd, void* cd, time_t timenow, int equal, int ns) + if(equal && cached->ttl >= timenow && + cached->security == sec_status_bogus) + return 0; ++ /* ghost-domain: never let an NS overwrite extend lifetime ++ * past the entry it replaces, regardless of trust. */ ++ if(ns && /*!TTL_IS_EXPIRED(cached->ttl, timenow)*/ cached->ttl >= timenow && ++ newd->ttl > cached->ttl) { ++ size_t i; ++ newd->ttl = cached->ttl; ++ for(i=0; i<(newd->count+newd->rrsig_count); i++) ++ if(newd->rr_ttl[i] > newd->ttl) ++ newd->rr_ttl[i] = newd->ttl; ++ } + return 1; + } + /* o item in cache has expired */ +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch unbound-1.22.0/debian/patches/26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch --- unbound-1.22.0/debian/patches/26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,95 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/ef5ca84360934fa1e857ebc371d4b093aea6355d +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:18:23 +0200 +Subject: - Fix CVE-2026-41292, Parsing a long list of incoming EDNS options + degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan + Zhang from Palo Alto Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 3 +++ + util/data/msgparse.c | 11 ++++++++--- + 2 files changed, 11 insertions(+), 3 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index 66895692d..c823bcbd2 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -10,6 +10,9 @@ +# Griffiths from 'calif.io' for the report. +# - Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan +# Zhang, Palo Alto Networks, for the report. +#+ - Fix CVE-2026-41292, Parsing a long list of incoming EDNS options +#+ degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan +#+ Zhang from Palo Alto Networks, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/util/data/msgparse.c b/util/data/msgparse.c +index a38bed62e..9239f8fe3 100644 +--- a/util/data/msgparse.c ++++ b/util/data/msgparse.c +@@ -53,6 +53,8 @@ + #include "sldns/parseutil.h" + #include "sldns/wire2str.h" + ++#define MAX_PARSED_EDNS_OPTIONS 100 ++ + /** smart comparison of (compressed, valid) dnames from packet */ + static int + smart_compare(sldns_buffer* pkt, uint8_t* dnow, +@@ -950,7 +952,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + struct comm_reply* repinfo, uint32_t now, struct regional* region, + struct cookie_secrets* cookie_secrets) + { +- int nsid_seen = 0, cookie_seen = 0, padding_seen = 0; ++ int i = 0, nsid_seen = 0, cookie_seen = 0, padding_seen = 0; + /* To respond with a Keepalive option, the client connection must have + * received one message with a TCP Keepalive EDNS option, and that + * option must have 0 length data. Subsequent messages sent on that +@@ -970,7 +972,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + + /* while still more options, and have code+len to read */ + /* ignores partial content (i.e. rdata len 3) */ +- while(rdata_len >= 4) { ++ while(rdata_len >= 4 && i < MAX_PARSED_EDNS_OPTIONS) { + uint16_t opt_code = sldns_read_uint16(rdata_ptr); + uint16_t opt_len = sldns_read_uint16(rdata_ptr+2); + uint8_t server_cookie[40]; +@@ -1150,6 +1152,7 @@ parse_edns_options_from_query(uint8_t* rdata_ptr, size_t rdata_len, + } + rdata_ptr += opt_len; + rdata_len -= opt_len; ++ i++; + } + return LDNS_RCODE_NOERROR; + } +@@ -1164,6 +1167,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg, + struct rrset_parse* found_prev = 0; + size_t rdata_len; + uint8_t* rdata_ptr; ++ int i = 0; + /* since the class encodes the UDP size, we cannot use hash table to + * find the EDNS OPT record. Scan the packet. */ + while(rrset) { +@@ -1223,7 +1227,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg, + + /* while still more options, and have code+len to read */ + /* ignores partial content (i.e. rdata len 3) */ +- while(rdata_len >= 4) { ++ while(rdata_len >= 4 && i < MAX_PARSED_EDNS_OPTIONS) { + uint16_t opt_code = sldns_read_uint16(rdata_ptr); + uint16_t opt_len = sldns_read_uint16(rdata_ptr+2); + rdata_ptr += 4; +@@ -1238,6 +1242,7 @@ parse_extract_edns_from_response_msg(struct msg_parse* msg, + } + rdata_ptr += opt_len; + rdata_len -= opt_len; ++ i++; + } + /* ignore rrsigs */ + return LDNS_RCODE_NOERROR; +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch unbound-1.22.0/debian/patches/26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch --- unbound-1.22.0/debian/patches/26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,82 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/a794c87578c963606a6fb00a54c46fcf935f519a +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:19:08 +0200 +Subject: - Fix CVE-2026-42534, Jostle logic bypass degrades resolution + performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 3 +++ + services/mesh.c | 14 ++++++++++---- + services/mesh.h | 6 ++++++ + 3 files changed, 19 insertions(+), 4 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index c823bcbd2..03fa7ed3a 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -13,6 +13,9 @@ +# - Fix CVE-2026-41292, Parsing a long list of incoming EDNS options +# degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan +# Zhang from Palo Alto Networks, for the report. +#+ - Fix CVE-2026-42534, Jostle logic bypass degrades resolution +#+ performance. Thanks to Qifan Zhang, Palo Alto Networks, for the +#+ report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/services/mesh.c b/services/mesh.c +index 433aabc9c..286901047 100644 +--- a/services/mesh.c ++++ b/services/mesh.c +@@ -297,12 +297,14 @@ int mesh_make_new_space(struct mesh_area* mesh, sldns_buffer* qbuf) + if(mesh->num_reply_states < mesh->max_reply_states) + return 1; + /* try to kick out a jostle-list item */ +- if(m && m->reply_list && m->list_select == mesh_jostle_list) { ++ if(m && m->list_select == mesh_jostle_list) { + /* how old is it? */ + struct timeval age; +- timeval_subtract(&age, mesh->env->now_tv, +- &m->reply_list->start_time); +- if(timeval_smaller(&mesh->jostle_max, &age)) { ++ if(m->has_first_reply_time) ++ timeval_subtract(&age, mesh->env->now_tv, ++ &m->first_reply_time); ++ if(!m->has_first_reply_time || ++ timeval_smaller(&mesh->jostle_max, &age)) { + /* its a goner */ + log_nametypeclass(VERB_ALGO, "query jostled out to " + "make space for a new one", +@@ -1995,6 +1997,10 @@ int mesh_state_add_reply(struct mesh_state* s, struct edns_data* edns, + r->qid = qid; + r->qflags = qflags; + r->start_time = *s->s.env->now_tv; ++ if(s->reply_list == NULL && !s->has_first_reply_time) { ++ s->first_reply_time = r->start_time; ++ s->has_first_reply_time = 1; ++ } + r->next = s->reply_list; + r->qname = regional_alloc_init(s->s.region, qinfo->qname, + s->s.qinfo.qname_len); +diff --git a/services/mesh.h b/services/mesh.h +index d2fac9d3c..9ee585156 100644 +--- a/services/mesh.h ++++ b/services/mesh.h +@@ -191,6 +191,12 @@ struct mesh_state { + struct module_qstate s; + /** the list of replies to clients for the results */ + struct mesh_reply* reply_list; ++ /** if it has a first reply time */ ++ int has_first_reply_time; ++ /** wall-clock time the first client reply was attached; ++ * used by mesh_make_new_space() so duplicate retransmits ++ * cannot reset jostle aging. */ ++ struct timeval first_reply_time; + /** the list of callbacks for the results */ + struct mesh_cb* cb_list; + /** set of superstates (that want this state's result) +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch unbound-1.22.0/debian/patches/26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch --- unbound-1.22.0/debian/patches/26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,126 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/c343fff3a4de922835fec7232b90faed658b5371 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:20:02 +0200 +Subject: - Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 + hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for + the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 3 +++ + validator/val_neg.c | 28 +++++++++++++++++++++++++++- + validator/val_nsec3.c | 5 ----- + validator/val_nsec3.h | 6 ++++++ + 4 files changed, 36 insertions(+), 6 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index 03fa7ed3a..4822075f9 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -16,6 +16,9 @@ +# - Fix CVE-2026-42534, Jostle logic bypass degrades resolution +# performance. Thanks to Qifan Zhang, Palo Alto Networks, for the +# report. +#+ - Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 +#+ hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for +#+ the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/validator/val_neg.c b/validator/val_neg.c +index 66fd81899..e82f335b9 100644 +--- a/validator/val_neg.c ++++ b/validator/val_neg.c +@@ -62,6 +62,13 @@ + #include "sldns/rrdef.h" + #include "sldns/sbuffer.h" + ++/** ++ * The maximum salt length that the negative cache is willing to use. ++ * Larger salt increases the computation time, while recommendations are ++ * for zero salt length for zones. ++ */ ++#define MAX_SALT_LENGTH 64 ++ + int val_neg_data_compare(const void* a, const void* b) + { + struct val_neg_data* x = (struct val_neg_data*)a; +@@ -826,7 +833,11 @@ void neg_insert_data(struct val_neg_cache* neg, + (slen != 0 && zone->nsec3_salt && s + && memcmp(zone->nsec3_salt, s, slen) != 0))) { + +- if(slen > 0) { ++ if(slen > MAX_SALT_LENGTH) { ++ /* RFC 9276 s3.1: operators SHOULD NOT use a salt; large ++ * salts inflate per-hash block count. Decline to cache. */ ++ return; ++ } else if(slen > 0) { + uint8_t* sa = memdup(s, slen); + if(sa) { + free(zone->nsec3_salt); +@@ -1165,6 +1176,15 @@ neg_find_nsec3_ce(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, + uint8_t hashce[NSEC3_SHA_LEN]; + uint8_t b32[257]; + size_t celen, b32len; ++ int hashmax = MAX_NSEC3_CALCULATIONS; ++ if(qlabs > hashmax) { ++ /* strip leading labels so the walk costs at most ++ * MAX_NSEC3_CALCULATIONS hashes, mirroring val_nsec3.c */ ++ while(qlabs > hashmax) { ++ dname_remove_label(&qname, &qname_len); ++ qlabs--; ++ } ++ } + + *nclen = 0; + while(qlabs > 0) { +@@ -1265,6 +1285,12 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len, + if(!zone->nsec3_hash) + return NULL; /* not nsec3 zone */ + ++ if(!topname && qlabs > zone->labs + 1) ++ return NULL; /* iterator caller; opt-out proof would be discarded ++ * at the !topname check below anyway. ++ * The qlabs check allows the exact-match for ++ * the one-label-below-zone case. */ ++ + if(!(data=neg_find_nsec3_ce(zone, qname, qname_len, qlabs, buf, + hashnc, &nclen))) { + return NULL; +diff --git a/validator/val_nsec3.c b/validator/val_nsec3.c +index 92d853825..62effde20 100644 +--- a/validator/val_nsec3.c ++++ b/validator/val_nsec3.c +@@ -59,11 +59,6 @@ + #include "sldns/sbuffer.h" + #include "util/config_file.h" + +-/** +- * Max number of NSEC3 calculations at once, suspend query for later. +- * 8 is low enough and allows for cases where multiple proofs are needed. +- */ +-#define MAX_NSEC3_CALCULATIONS 8 + /** + * When all allowed NSEC3 calculations at once resulted in error treat as + * bogus. NSEC3 hash errors are not cached and this helps breaks loops with +diff --git a/validator/val_nsec3.h b/validator/val_nsec3.h +index f668a270f..a13e92991 100644 +--- a/validator/val_nsec3.h ++++ b/validator/val_nsec3.h +@@ -98,6 +98,12 @@ struct sldns_buffer; + /** The SHA1 hash algorithm for NSEC3 */ + #define NSEC3_HASH_SHA1 0x01 + ++/** ++ * Max number of NSEC3 calculations at once, suspend query for later. ++ * 8 is low enough and allows for cases where multiple proofs are needed. ++ */ ++#define MAX_NSEC3_CALCULATIONS 8 ++ + /** + * Cache table for NSEC3 hashes. + * It keeps a *pointer* to the region its items are allocated. +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch unbound-1.22.0/debian/patches/26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch --- unbound-1.22.0/debian/patches/26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,50 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/8ae4b4545dccaaabd30b597b0dcb0d9640c8cc39 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:20:45 +0200 +Subject: - Fix CVE-2026-42960, Possible cache poisoning attack while following + delegation. Thanks to TaoFei Guo from Peking University, Yang Luo + and JianJun Chen, Tsinghua University, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 3 +++ + iterator/iter_scrub.c | 8 +++++++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index 4822075f9..eb59a1a73 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -19,6 +19,9 @@ +# - Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 +# hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for +# the report. +#+ - Fix CVE-2026-42960, Possible cache poisoning attack while following +#+ delegation. Thanks to TaoFei Guo from Peking University, Yang Luo +#+ and JianJun Chen, Tsinghua University, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c +index 37c4150cd..74a258640 100644 +--- a/iterator/iter_scrub.c ++++ b/iterator/iter_scrub.c +@@ -777,7 +777,13 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg, + rrset->rrset_all_next = NULL; + return 1; + } +- mark_additional_rrset(pkt, msg, rrset); ++ /* Only mark glue as allowed for type NS in the authority ++ * section. Other RR types do not get glue for them, it ++ * is allowed from the answer section, but not authority ++ * so that a message can not have address records cached ++ * as a side effect to the query. */ ++ if(rrset->type==LDNS_RR_TYPE_NS) ++ mark_additional_rrset(pkt, msg, rrset); + prev = rrset; + rrset = rrset->rrset_all_next; + } +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/11-CVE-2026-44390-Unbounded-name-compression.patch unbound-1.22.0/debian/patches/26-05/11-CVE-2026-44390-Unbounded-name-compression.patch --- unbound-1.22.0/debian/patches/26-05/11-CVE-2026-44390-Unbounded-name-compression.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/11-CVE-2026-44390-Unbounded-name-compression.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,35 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/dae7a3797424607906b132c008fc12dba867b5f3 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:21:26 +0200 +Subject: - Fix CVE-2026-44390, Unbounded name compression in certain cases + causes degradation of service. Thanks to Qifan Zhang, Palo Alto + Networks, for the report. + +--- + util/data/msgencode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/util/data/msgencode.c b/util/data/msgencode.c +index 10979df9c..dd56cc6aa 100644 +--- a/util/data/msgencode.c ++++ b/util/data/msgencode.c +@@ -352,7 +352,6 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs, + (p = compress_tree_lookup(tree, dname, labs, &insertpt))) { + if(!write_compressed_dname(pkt, dname, labs, p)) + return RETVAL_TRUNC; +- (*compress_count)++; + } else { + if(!dname_buffer_write(pkt, dname)) + return RETVAL_TRUNC; +@@ -360,6 +359,7 @@ compress_any_dname(uint8_t* dname, sldns_buffer* pkt, int labs, + if(*compress_count < MAX_COMPRESSION_PER_MESSAGE && + !compress_tree_store(dname, labs, pos, region, p, insertpt)) + return RETVAL_OUTMEM; ++ (*compress_count)++; + return RETVAL_OK; + } + +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch unbound-1.22.0/debian/patches/26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch --- unbound-1.22.0/debian/patches/26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,67 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/75b6dba593d4fff000434cd64807c6ebd50bd244 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 10:22:52 +0200 +Subject: - Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks + to Qifan Zhang, Palo Alto Networks, for the report. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 2 ++ + services/rpz.c | 10 ++++++---- + 2 files changed, 8 insertions(+), 4 deletions(-) + +#diff --git a/doc/Changelog b/doc/Changelog +#index a9fd4dc95..02148aaa1 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -25,6 +25,8 @@ +# - Fix CVE-2026-44390, Unbounded name compression in certain cases +# causes degradation of service. Thanks to Qifan Zhang, Palo Alto +# Networks, for the report. +#+ - Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks +#+ to Qifan Zhang, Palo Alto Networks, for the report. +# +# 23 April 2026: Wouter +# - Merge #1441: Fix buffer overrun in +diff --git a/services/rpz.c b/services/rpz.c +index d83acbfb0..5121e46b5 100644 +--- a/services/rpz.c ++++ b/services/rpz.c +@@ -2469,6 +2469,7 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* + { + struct auth_zones* az; + struct auth_zone* a; ++ struct dns_msg* ret = NULL; + struct clientip_synthesized_rr* raddr = NULL; + struct rpz* r = NULL; + struct local_zone* z = NULL; +@@ -2512,13 +2513,11 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* + z = rpz_delegation_point_zone_lookup(is->dp, r->nsdname_zones, + is->qchase.qclass, &match); + if(z != NULL) { +- lock_rw_unlock(&a->lock); + break; + } + + raddr = rpz_delegation_point_ipbased_trigger_lookup(r, is); + if(raddr != NULL) { +- lock_rw_unlock(&a->lock); + break; + } + lock_rw_unlock(&a->lock); +@@ -2533,9 +2532,12 @@ rpz_callback_from_iterator_module(struct module_qstate* ms, struct iter_qstate* + if(z) { + lock_rw_unlock(&z->lock); + } +- return rpz_apply_nsip_trigger(ms, &is->qchase, r, raddr, a); ++ ret = rpz_apply_nsip_trigger(ms, &is->qchase, r, raddr, a); ++ } else { ++ ret = rpz_apply_nsdname_trigger(ms, &is->qchase, r, z, &match, a); + } +- return rpz_apply_nsdname_trigger(ms, &is->qchase, r, z, &match, a); ++ lock_rw_unlock(&a->lock); ++ return ret; + } + + struct dns_msg* rpz_callback_from_iterator_cname(struct module_qstate* ms, diff -Nru unbound-1.22.0/debian/patches/26-05/13-Unit-test-for-CVE-2026-33278.patch unbound-1.22.0/debian/patches/26-05/13-Unit-test-for-CVE-2026-33278.patch --- unbound-1.22.0/debian/patches/26-05/13-Unit-test-for-CVE-2026-33278.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/13-Unit-test-for-CVE-2026-33278.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,710 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/b46ff5c18eafa055378b7105c9c5e77454291a47 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 12:32:43 +0200 +Subject: - Unit test for CVE-2026-33278. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 1 + + testdata/sub_ds_deepcopy.rpl | 676 +++++++++++++++++++++++++++++++++++ + 2 files changed, 677 insertions(+) + create mode 100644 testdata/sub_ds_deepcopy.rpl + +#diff --git a/doc/Changelog b/doc/Changelog +#index ddd6a9def..481d31f9c 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -30,6 +30,7 @@ +# - Tag for 1.25.1 release, it contains the security fixes on 1.25.0. +# the code repository continues with in addition the previous fixes, +# for 1.25.2. +#+ - Unit test for CVE-2026-33278. +# +# 18 May 2026: Wouter +# - Fix for mixed class referrals, the resolver uses the query +diff --git a/testdata/sub_ds_deepcopy.rpl b/testdata/sub_ds_deepcopy.rpl +new file mode 100644 +index 000000000..2845bfe32 +--- /dev/null ++++ b/testdata/sub_ds_deepcopy.rpl +@@ -0,0 +1,676 @@ ++; config options ++; The island of trust is at test. ++server: ++ access-control: 10.0.0.0/8 allow ++ trust-anchor: "test. DS 1444 8 2 8a87d067fd09a5965244fe2e317dd26d182c468e0a7f26ecc4c7b479bf89db9b" ++ val-override-date: "20201020135527" ++ target-fetch-policy: "0 0 0 0 0" ++ qname-minimisation: "no" ++ fake-sha1: yes ++ trust-anchor-signaling: no ++ minimal-responses: no ++ iter-scrub-promiscuous: no ++ aggressive-nsec: yes ++ local-zone: test. nodefault ++ log-servfail: yes ++ ; otherwise after timers, the old replies are discarded as old. ++ discard-timeout: 0 ++ ++stub-zone: ++ name: "." ++ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. ++CONFIG_END ++ ++SCENARIO_BEGIN Test sub DS deep copy during DNSSEC validation suspension ++ ++; K.ROOT-SERVERS.NET. ++RANGE_BEGIN 0 20 ++ ADDRESS 193.0.14.129 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++. IN NS ++SECTION ANSWER ++. IN NS K.ROOT-SERVERS.NET. ++SECTION ADDITIONAL ++K.ROOT-SERVERS.NET. IN A 193.0.14.129 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION AUTHORITY ++test. IN NS ns.test. ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ENTRY_END ++RANGE_END ++ ++; ns.test ++RANGE_BEGIN 0 20 ++ ADDRESS 1.2.3.5 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION ANSWER ++test. IN NS ns.test ++test. 3600 IN RRSIG NS 8 1 3600 20201116135527 20201019135527 1444 test. RGCxIO32TbbLTk6xZmTr+fjYPH50hntBxeOQ2DIj2pDsmjALcHYtVkOfpfk2EhOhHZd+9PLuoJPbJh6a9NqLSFeBvr0XZoCZoQ2g0tCHUNHcH5EVjA2TuYBQem6DVYnPLJ3914aRx0uA1j42b8dC2xsam/XkOo7U+dLbUW2Os1s= ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN A ++SECTION ANSWER ++ns.test. IN A 1.2.3.5 ++ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN AAAA ++SECTION AUTHORITY ++test. 3600 IN SOA ns.test. host.test. 20201 3600 1800 604800 3600 ++test. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 test. IZJIDmEgf0W7A5G7hvvZ2hUqJ9Trbv1/i7ySapDmPbYV9lVCmHHobySxO01yDhI2/Pvpsvxqrm1Tiv3BxH8uzZ4keKgiQjBsSy4htAsFct9I4E7ly2glPj/Fm3oun3PsjJDv5QYhx0KS7w4IQKU7Nc9pfJc92uoUI5bdoC1pRGw= ++ns.test. 3600 IN NSEC nz.test. A RRSIG ++ns.test. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 test. PElArVB3KPg8KHAP7lzcNbhFuXNxTsHNTn1dZVncB5qmWRdIaeKpaXDjpH0JSXMaelGFS+/QhuQ6Hmw9+4VyZFRqMzGhw4agUR/2bxABHcDIG4ZpUwyeSP61ATTfHUkQVxaH2wjCWI/tfmesdP2xVE4GXyUvCIBxU914MkZbULU= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test. IN DNSKEY ++SECTION ANSWER ++test. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} ++test. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 test. UmRMS4iG9NBBHZYOtpwFFcJgbEb5SfHSgHd9XRe/8pTWM31WSDayn5ViPOBMqI1T5TXg2amc13dDI574xIM2oKMus3b5cBW72jJLW13jprBtslO6P8BMWb4HNnvLrJtQjwf3ErRirtTxinLmywQtmyr1cdthyG3Gp4N7i90fHSc= ++SECTION ADDITIONAL ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qname qtype ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++example.test. IN DS ++SECTION ANSWER ++example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 ++example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION AUTHORITY ++example.test. IN NS ns.example.test. ++example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 ++example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 0 25 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION ANSWER ++example.test. IN NS ns.example.test. ++example.test. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55567 example.test. l1JT0wMlK0YI7/CWHzexf/k0iafUhCgN+BdgjBXIRXmSQNf4HDTiAkbcWL2/15qtnp12nQy9JeiTdSQ3vtPoHAJX4C5uTWaze4ms+Wrrf+n92sLCjacP9x50uuicH3URT6cKb1QCAPwlvlWxIlZjAMYFScSns7+C441NMJT8aE4= ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN A ++SECTION ANSWER ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN AAAA ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++ns.example.test. 3600 IN NSEC nz.example.test. A RRSIG ++ns.example.test. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55567 example.test. v/5aO/n8Ow21y7LE7JKZsFkUJU5MjIfadVRm2Tdb8f3RLwYDdBTs3aWeeEQdCRSUF61TmfJM1jIxlWQPuHbqzGnjSk7adw9gFpP7wFwoqG3/xdCFHoxo/3/1F/4Ankey3sDgKgOFsgnu40TlL36mGPYszeK+/2o3SAx2GM+3BdU= ++ENTRY_END ++ ++; response to DNSKEY priming query ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN DNSKEY ++SECTION ANSWER ++example.test. 3600 IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} ++example.test. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55567 example.test. IbWMC6quOuZFNPAVxQLqCJ9nLhindBo826rnLcg5yMgs9dGUSPOCXAfHTmbgJAUNs9HTFfrJWNvasnETs0UOpmEuifGwWdH1OlME7Gny4RL2QmITUFeMW81Jz1tiVQxFXl6yxT0jxOxvz+bqMHlrz+8IeWQXcO+GZTPu8ueq30g= ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++www.example.test. IN A ++SECTION ANSWER ++www.example.test. IN A 1.2.3.4 ++www.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. sbK517uW0iiO1FbJ+rCSrISg6RoIsXAFmd8NgF9mERAefkiVYTjUxdm4USccVg4Xwig9S14yANFPXY1QQbTxx25mcOdw4wyJUjGZosaIYS2DSTsAnDSgEOHPiEnYM84/UCjfWY54P4SFnCx8esaZfSdMu6YG+d3CxR1wJGloju4= ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. later at 50 ++RANGE_BEGIN 50 55 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION ANSWER ++example.test. IN NS ns.example.test. ++example.test. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55567 example.test. l1JT0wMlK0YI7/CWHzexf/k0iafUhCgN+BdgjBXIRXmSQNf4HDTiAkbcWL2/15qtnp12nQy9JeiTdSQ3vtPoHAJX4C5uTWaze4ms+Wrrf+n92sLCjacP9x50uuicH3URT6cKb1QCAPwlvlWxIlZjAMYFScSns7+C441NMJT8aE4= ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN A ++SECTION ANSWER ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN AAAA ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++ns.example.test. 3600 IN NSEC nz.example.test. A RRSIG ++ns.example.test. 3600 IN RRSIG NSEC 8 3 3600 20201116135527 20201019135527 55567 example.test. v/5aO/n8Ow21y7LE7JKZsFkUJU5MjIfadVRm2Tdb8f3RLwYDdBTs3aWeeEQdCRSUF61TmfJM1jIxlWQPuHbqzGnjSk7adw9gFpP7wFwoqG3/xdCFHoxo/3/1F/4Ankey3sDgKgOFsgnu40TlL36mGPYszeK+/2o3SAx2GM+3BdU= ++ENTRY_END ++ ++; response to DNSKEY priming query ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN DNSKEY ++SECTION ANSWER ++example.test. 3600 IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} ++example.test. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55567 example.test. IbWMC6quOuZFNPAVxQLqCJ9nLhindBo826rnLcg5yMgs9dGUSPOCXAfHTmbgJAUNs9HTFfrJWNvasnETs0UOpmEuifGwWdH1OlME7Gny4RL2QmITUFeMW81Jz1tiVQxFXl6yxT0jxOxvz+bqMHlrz+8IeWQXcO+GZTPu8ueq30g= ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++aaa.parcel.example.test. IN A ++SECTION ANSWER ++aaa.parcel.example.test. IN A 1.2.3.5 ++;aaa.parcel.example.test. 3600 IN RRSIG A 8 4 3600 20201116135527 20201019135527 55567 example.test. eFryWdR6+3OiuHnbOFnpEt2sVeMJw+maoPZPoiut24b0oGruN85ujzooVwYjvl+IPiEJo+sajnGhG9R5Uibvw1zg1LX0fATYytCVNSKGdjYEiO3+1yyiq1lxlo/zaxJi2Vl750s250ooIpQo/6zQVoIfHKDFSif4Xb4bFeRBTUY= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++bbb.parcel.example.test. IN A ++SECTION ANSWER ++bbb.parcel.example.test. IN A 1.2.3.6 ++;bbb.parcel.example.test. 3600 IN RRSIG A 8 4 3600 20201116135527 20201019135527 55567 example.test. mm2EmvC5UE1MCFw7lHNUE9tlrvSDr6IKUrC143YohY+S22Fb1RkmxmQIKcNVasZ8O+YJKOsiIz2+2iWvjhFMHXC7Y7QLu19Qe9ndQ4cx4mYUTFkA5imQkqiV9CJLCi9cjoCayJUDxAuT7pq6Y1VPIn0AUWNmcPNUZcYgy8NSe1A= ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 60 70 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++parcel.example.test. IN DS ++SECTION ANSWER ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++00000001.example.test. 3600 IN NSEC3 1 0 5 AA 00000002 A RRSIG ++00000001.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. e8JQpXALnirEp55SDzotEv/nBj1K+Rnx8BgNQQ74grKFHcrTx1xcJo2uhD5JSJk+5A11oWRcnzYwGYZyzjw4h9UBz7XZQogcvL5igPGbvtK71DiPnIMMj7aN/7yl/Q2gdkCqr0bBi2ZWO6AzGG90K33IlW2ZrttdaDzTNsF43rk= ++00000002.example.test. 3600 IN NSEC3 1 0 5 BB 00000003 A RRSIG ++00000002.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. b0jlxmbQqwGxB7jkiMW3PeEnvv9kBYHQ24qCgDXqpeqMfQxpEoXrSxmipI3JitV2FZqvNw+mJJ7Wy5kEGLvOqHJhxcPlbOJjVH2UDhWVNh0fR6UFGwZb62xaQMlltlUszFUNvbdIN4sO4EaLn2C1/LePUlQHWKZs2DCUbG6JOM4= ++00000003.example.test. 3600 IN NSEC3 1 0 5 CC 00000004 A RRSIG ++00000003.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. E0K4skeGIEfxlxHkJRBoES23n95OYtRz8KIvbcCHTXYCuM+CKnKtTCdVtgDYcx2IdyvXNDTaoylNpOAJ4IGLYNbCTCeIScQdTSB8meqDV/nFvlARcgz6ptCwi6gRoe4xpQ7T1v/h6/MFKr5BDqwFk2tDtz21Bpf8NoMLLPWIjw8= ++00000004.example.test. 3600 IN NSEC3 1 0 5 DD 00000005 A RRSIG ++00000004.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. yX+fvu905NpBGT0YFUtG0K/qzV4znlqNwAfIvblEW6GEanU5tiolunXXi1QYSfn8AbsPzokADW2xfGDbdMDR2FEbv7SXwoO1iQX6Yh0Sgyr8EGsUz8fLCcpZS+hovZX421RePnZkqQBY9LESeDdDpfvuxQTrh4ILSYxTSdKyBgg= ++00000005.example.test. 3600 IN NSEC3 1 0 5 EE 00000006 A RRSIG ++00000005.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. REolHghL+AZ46rpw+e7RwfBzPC9O6RyXnfvM4JSBfxw2J0+b7uvRoK83CHEbvkPDDgPJR8N74H1OtvRL4EkifKR5Vr11VLUDcJmXYTNP2mmlA0rwsC625cGVdZzuJjK2bvva2Cnu5vdQvjFLBPn2LVb2rxlkXeEToAQNDJMhNHo= ++00000006.example.test. 3600 IN NSEC3 1 0 5 11 00000007 A RRSIG ++00000006.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. V/7Yv/HdEmfHr2hGUuzoEm9/ovRxQOgeiiOVWL4S2h0r+PDd2XlpnCvS4E+fJhNsY+xGhtrPRTJTjJjxfF2r8AxcXW0Wbf6ZdPZliAAFuIK/brX6T6ReMrNq8dmEiHqg92y66Ff+aDTIdL1ufMJ+JoaygsbPghFPkD61kjs6GMs= ++00000007.example.test. 3600 IN NSEC3 1 0 5 22 00000008 A RRSIG ++00000007.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. gh7itP+B2Aa+S/iXkCo5lLzHY5OvW2VzkmnZ9kmezlXlJA7LkUUcPj33nCk+lY7Bvno1SEcQAYi9tCHegMsqh/RZg5gmRKMN3sn2ob2P7vbXzNiFCPpXdzHAzsmLwR61MqMPtT7gNNajKecoTM0/VkRht3J1aJJxsrmuGXyu3oM= ++00000008.example.test. 3600 IN NSEC3 1 0 5 33 00000009 A RRSIG ++00000008.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. qVQ4/COf1vEtswdtl8NvcZWX9otn4cjYWvVrx8Y9XbvPnboIOTrKpuej16wo6k6ak6IBBOQkIK4KDIP3iHNBlZQsxTUoaxb7EyNQ/Fkou3HNkJuf3VAUM2d/UhCmKpx5EPbmY5WQ7erDuRGMSIHYivjPOsSuLhfpcc8/jtHDcRI= ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 160 170 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++parcel.example.test. IN DS ++SECTION ANSWER ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++00000001.example.test. 3600 IN NSEC3 1 0 5 AA 00000002 A RRSIG ++00000001.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. e8JQpXALnirEp55SDzotEv/nBj1K+Rnx8BgNQQ74grKFHcrTx1xcJo2uhD5JSJk+5A11oWRcnzYwGYZyzjw4h9UBz7XZQogcvL5igPGbvtK71DiPnIMMj7aN/7yl/Q2gdkCqr0bBi2ZWO6AzGG90K33IlW2ZrttdaDzTNsF43rk= ++00000002.example.test. 3600 IN NSEC3 1 0 5 BB 00000003 A RRSIG ++00000002.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. b0jlxmbQqwGxB7jkiMW3PeEnvv9kBYHQ24qCgDXqpeqMfQxpEoXrSxmipI3JitV2FZqvNw+mJJ7Wy5kEGLvOqHJhxcPlbOJjVH2UDhWVNh0fR6UFGwZb62xaQMlltlUszFUNvbdIN4sO4EaLn2C1/LePUlQHWKZs2DCUbG6JOM4= ++00000003.example.test. 3600 IN NSEC3 1 0 5 CC 00000004 A RRSIG ++00000003.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. E0K4skeGIEfxlxHkJRBoES23n95OYtRz8KIvbcCHTXYCuM+CKnKtTCdVtgDYcx2IdyvXNDTaoylNpOAJ4IGLYNbCTCeIScQdTSB8meqDV/nFvlARcgz6ptCwi6gRoe4xpQ7T1v/h6/MFKr5BDqwFk2tDtz21Bpf8NoMLLPWIjw8= ++00000004.example.test. 3600 IN NSEC3 1 0 5 DD 00000005 A RRSIG ++00000004.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. yX+fvu905NpBGT0YFUtG0K/qzV4znlqNwAfIvblEW6GEanU5tiolunXXi1QYSfn8AbsPzokADW2xfGDbdMDR2FEbv7SXwoO1iQX6Yh0Sgyr8EGsUz8fLCcpZS+hovZX421RePnZkqQBY9LESeDdDpfvuxQTrh4ILSYxTSdKyBgg= ++00000005.example.test. 3600 IN NSEC3 1 0 5 EE 00000006 A RRSIG ++00000005.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. REolHghL+AZ46rpw+e7RwfBzPC9O6RyXnfvM4JSBfxw2J0+b7uvRoK83CHEbvkPDDgPJR8N74H1OtvRL4EkifKR5Vr11VLUDcJmXYTNP2mmlA0rwsC625cGVdZzuJjK2bvva2Cnu5vdQvjFLBPn2LVb2rxlkXeEToAQNDJMhNHo= ++00000006.example.test. 3600 IN NSEC3 1 0 5 11 00000007 A RRSIG ++00000006.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. V/7Yv/HdEmfHr2hGUuzoEm9/ovRxQOgeiiOVWL4S2h0r+PDd2XlpnCvS4E+fJhNsY+xGhtrPRTJTjJjxfF2r8AxcXW0Wbf6ZdPZliAAFuIK/brX6T6ReMrNq8dmEiHqg92y66Ff+aDTIdL1ufMJ+JoaygsbPghFPkD61kjs6GMs= ++00000007.example.test. 3600 IN NSEC3 1 0 5 22 00000008 A RRSIG ++00000007.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. gh7itP+B2Aa+S/iXkCo5lLzHY5OvW2VzkmnZ9kmezlXlJA7LkUUcPj33nCk+lY7Bvno1SEcQAYi9tCHegMsqh/RZg5gmRKMN3sn2ob2P7vbXzNiFCPpXdzHAzsmLwR61MqMPtT7gNNajKecoTM0/VkRht3J1aJJxsrmuGXyu3oM= ++00000008.example.test. 3600 IN NSEC3 1 0 5 33 00000009 A RRSIG ++00000008.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. qVQ4/COf1vEtswdtl8NvcZWX9otn4cjYWvVrx8Y9XbvPnboIOTrKpuej16wo6k6ak6IBBOQkIK4KDIP3iHNBlZQsxTUoaxb7EyNQ/Fkou3HNkJuf3VAUM2d/UhCmKpx5EPbmY5WQ7erDuRGMSIHYivjPOsSuLhfpcc8/jtHDcRI= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ccc.parcel.example.test. IN A ++SECTION ANSWER ++ccc.parcel.example.test. IN A 1.2.3.7 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ddd.parcel.example.test. IN A ++SECTION ANSWER ++ddd.parcel.example.test. IN A 1.2.3.8 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++eee.parcel.example.test. IN A ++SECTION ANSWER ++eee.parcel.example.test. IN A 1.2.3.9 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++fff.parcel.example.test. IN A ++SECTION ANSWER ++fff.parcel.example.test. IN A 1.2.3.10 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ggg.parcel.example.test. IN A ++SECTION ANSWER ++ggg.parcel.example.test. IN A 1.2.3.11 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++hhh.parcel.example.test. IN A ++SECTION ANSWER ++hhh.parcel.example.test. IN A 1.2.3.12 ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 270 300 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++parcel.example.test. IN DS ++SECTION ANSWER ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++00000001.example.test. 3600 IN NSEC3 1 0 5 AA 00000002 A RRSIG ++00000001.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. e8JQpXALnirEp55SDzotEv/nBj1K+Rnx8BgNQQ74grKFHcrTx1xcJo2uhD5JSJk+5A11oWRcnzYwGYZyzjw4h9UBz7XZQogcvL5igPGbvtK71DiPnIMMj7aN/7yl/Q2gdkCqr0bBi2ZWO6AzGG90K33IlW2ZrttdaDzTNsF43rk= ++00000002.example.test. 3600 IN NSEC3 1 0 5 BB 00000003 A RRSIG ++00000002.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. b0jlxmbQqwGxB7jkiMW3PeEnvv9kBYHQ24qCgDXqpeqMfQxpEoXrSxmipI3JitV2FZqvNw+mJJ7Wy5kEGLvOqHJhxcPlbOJjVH2UDhWVNh0fR6UFGwZb62xaQMlltlUszFUNvbdIN4sO4EaLn2C1/LePUlQHWKZs2DCUbG6JOM4= ++00000003.example.test. 3600 IN NSEC3 1 0 5 CC 00000004 A RRSIG ++00000003.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. E0K4skeGIEfxlxHkJRBoES23n95OYtRz8KIvbcCHTXYCuM+CKnKtTCdVtgDYcx2IdyvXNDTaoylNpOAJ4IGLYNbCTCeIScQdTSB8meqDV/nFvlARcgz6ptCwi6gRoe4xpQ7T1v/h6/MFKr5BDqwFk2tDtz21Bpf8NoMLLPWIjw8= ++00000004.example.test. 3600 IN NSEC3 1 0 5 DD 00000005 A RRSIG ++00000004.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. yX+fvu905NpBGT0YFUtG0K/qzV4znlqNwAfIvblEW6GEanU5tiolunXXi1QYSfn8AbsPzokADW2xfGDbdMDR2FEbv7SXwoO1iQX6Yh0Sgyr8EGsUz8fLCcpZS+hovZX421RePnZkqQBY9LESeDdDpfvuxQTrh4ILSYxTSdKyBgg= ++00000005.example.test. 3600 IN NSEC3 1 0 5 EE 00000006 A RRSIG ++00000005.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. REolHghL+AZ46rpw+e7RwfBzPC9O6RyXnfvM4JSBfxw2J0+b7uvRoK83CHEbvkPDDgPJR8N74H1OtvRL4EkifKR5Vr11VLUDcJmXYTNP2mmlA0rwsC625cGVdZzuJjK2bvva2Cnu5vdQvjFLBPn2LVb2rxlkXeEToAQNDJMhNHo= ++00000006.example.test. 3600 IN NSEC3 1 0 5 11 00000007 A RRSIG ++00000006.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. V/7Yv/HdEmfHr2hGUuzoEm9/ovRxQOgeiiOVWL4S2h0r+PDd2XlpnCvS4E+fJhNsY+xGhtrPRTJTjJjxfF2r8AxcXW0Wbf6ZdPZliAAFuIK/brX6T6ReMrNq8dmEiHqg92y66Ff+aDTIdL1ufMJ+JoaygsbPghFPkD61kjs6GMs= ++00000007.example.test. 3600 IN NSEC3 1 0 5 22 00000008 A RRSIG ++00000007.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. gh7itP+B2Aa+S/iXkCo5lLzHY5OvW2VzkmnZ9kmezlXlJA7LkUUcPj33nCk+lY7Bvno1SEcQAYi9tCHegMsqh/RZg5gmRKMN3sn2ob2P7vbXzNiFCPpXdzHAzsmLwR61MqMPtT7gNNajKecoTM0/VkRht3J1aJJxsrmuGXyu3oM= ++00000008.example.test. 3600 IN NSEC3 1 0 5 33 00000009 A RRSIG ++00000008.example.test. 3600 IN RRSIG NSEC3 8 3 3600 20201116135527 20201019135527 55567 example.test. qVQ4/COf1vEtswdtl8NvcZWX9otn4cjYWvVrx8Y9XbvPnboIOTrKpuej16wo6k6ak6IBBOQkIK4KDIP3iHNBlZQsxTUoaxb7EyNQ/Fkou3HNkJuf3VAUM2d/UhCmKpx5EPbmY5WQ7erDuRGMSIHYivjPOsSuLhfpcc8/jtHDcRI= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ccc.parcel.example.test. IN A ++SECTION ANSWER ++ccc.parcel.example.test. IN A 1.2.3.7 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ddd.parcel.example.test. IN A ++SECTION ANSWER ++ddd.parcel.example.test. IN A 1.2.3.8 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++eee.parcel.example.test. IN A ++SECTION ANSWER ++eee.parcel.example.test. IN A 1.2.3.9 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++fff.parcel.example.test. IN A ++SECTION ANSWER ++fff.parcel.example.test. IN A 1.2.3.10 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ggg.parcel.example.test. IN A ++SECTION ANSWER ++ggg.parcel.example.test. IN A 1.2.3.11 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++hhh.parcel.example.test. IN A ++SECTION ANSWER ++hhh.parcel.example.test. IN A 1.2.3.12 ++ENTRY_END ++RANGE_END ++ ++STEP 10 QUERY ADDRESS 10.0.0.1 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++www.example.test. IN A ++ENTRY_END ++ ++; the DNSSEC chain is set up, in cache. ++STEP 20 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA AD DO NOERROR ++SECTION QUESTION ++www.example.test. IN A ++SECTION ANSWER ++www.example.test. IN A 1.2.3.4 ++www.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. sbK517uW0iiO1FbJ+rCSrISg6RoIsXAFmd8NgF9mERAefkiVYTjUxdm4USccVg4Xwig9S14yANFPXY1QQbTxx25mcOdw4wyJUjGZosaIYS2DSTsAnDSgEOHPiEnYM84/UCjfWY54P4SFnCx8esaZfSdMu6YG+d3CxR1wJGloju4= ++ENTRY_END ++ ++; The answer RANGE is stopped during this time, so the two queries ++; are both filed before unbound can get upstream answers. ++STEP 30 QUERY ADDRESS 10.0.0.1 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++aaa.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 40 QUERY ADDRESS 10.0.0.2 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++bbb.parcel.example.test. IN A ++ENTRY_END ++ ++; The RANGE starts again, for example.test ++STEP 50 TRAFFIC ++ ++STEP 60 TRAFFIC ++ ++; The long NSEC3 RRSIGs are suspended from the validator, ++; with a timer that waits, about 0.040 sec. ++STEP 61 TIME_PASSES ELAPSE 0.01 ++; now fire off the other queries. ++ ++; while the parcel.example.test. DS query has finished up, ++; but aaa.parcel.example.test and bbb.parcel.example exist, and the ++; validator suspend timer is set to happen (in a while). ++; new queries come in. ++STEP 100 QUERY ADDRESS 10.0.0.1 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++ccc.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 110 QUERY ADDRESS 10.0.0.2 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++ddd.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 120 QUERY ADDRESS 10.0.0.3 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++eee.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 130 QUERY ADDRESS 10.0.0.4 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++fff.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 140 QUERY ADDRESS 10.0.0.5 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++ggg.parcel.example.test. IN A ++ENTRY_END ++ ++STEP 150 QUERY ADDRESS 10.0.0.6 ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++hhh.parcel.example.test. IN A ++ENTRY_END ++ ++; validation suspend timer from aaa.parcel and bbb.parcel fires ++STEP 261 TIME_PASSES ELAPSE 0.1 ++STEP 262 TIME_PASSES ELAPSE 0.1 ++STEP 263 TIME_PASSES ELAPSE 0.2 ++STEP 264 TIME_PASSES ELAPSE 0.4 ++STEP 265 TIME_PASSES ELAPSE 0.4 ++STEP 266 TIME_PASSES ELAPSE 0.4 ++STEP 267 TIME_PASSES ELAPSE 0.4 ++ ++; now ordinary traffic flows again ++STEP 270 TRAFFIC ++; and timers elapse ++STEP 271 TIME_PASSES ELAPSE 0.4 ++STEP 272 TIME_PASSES ELAPSE 0.4 ++STEP 273 TIME_PASSES ELAPSE 0.4 ++STEP 274 TIME_PASSES ELAPSE 0.4 ++STEP 275 TIME_PASSES ELAPSE 0.4 ++STEP 276 TIME_PASSES ELAPSE 0.4 ++STEP 277 TIME_PASSES ELAPSE 0.4 ++ ++STEP 280 TRAFFIC ++STEP 300 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++aaa.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 310 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++bbb.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 320 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++ccc.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 330 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++ddd.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 340 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++eee.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 350 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++fff.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 360 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++ggg.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++STEP 370 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++hhh.parcel.example.test. IN A ++SECTION ANSWER ++ENTRY_END ++ ++SCENARIO_END +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/14-Unit-test-for-CVE-2026-42944.patch unbound-1.22.0/debian/patches/26-05/14-Unit-test-for-CVE-2026-42944.patch --- unbound-1.22.0/debian/patches/26-05/14-Unit-test-for-CVE-2026-42944.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/14-Unit-test-for-CVE-2026-42944.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,1236 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/9d2e0f1c02f842d355809ffea28a1bd62bfe83ba +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 12:34:16 +0200 +Subject: - Unit test for CVE-2026-42944. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 1 + + testdata/edns_nsid_repeat.rpl | 1202 +++++++++++++++++++++++++++++++++ + 2 files changed, 1203 insertions(+) + create mode 100644 testdata/edns_nsid_repeat.rpl + +#diff --git a/doc/Changelog b/doc/Changelog +#index 481d31f9c..d79df26c9 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -31,6 +31,7 @@ +# the code repository continues with in addition the previous fixes, +# for 1.25.2. +# - Unit test for CVE-2026-33278. +#+ - Unit test for CVE-2026-42944. +# +# 18 May 2026: Wouter +# - Fix for mixed class referrals, the resolver uses the query +diff --git a/testdata/edns_nsid_repeat.rpl b/testdata/edns_nsid_repeat.rpl +new file mode 100644 +index 000000000..ba222d711 +--- /dev/null ++++ b/testdata/edns_nsid_repeat.rpl +@@ -0,0 +1,1202 @@ ++; config options ++server: ++ target-fetch-policy: "0 0 0 0 0" ++ qname-minimisation: "no" ++ minimal-responses: yes ++ local-zone: test. nodefault ++ log-servfail: yes ++ module-config: "iterator" ++ # 60-byte NSID (120 hex chars) ++ nsid: "414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141" ++ answer-cookie: yes ++ cookie-secret: "000102030405060708090a0b0c0d0e0f" ++ ++stub-zone: ++ name: "." ++ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. ++CONFIG_END ++ ++SCENARIO_BEGIN Test EDNS NSID and COOKIE repeated options. ++ ++; K.ROOT-SERVERS.NET. ++RANGE_BEGIN 0 100 ++ ADDRESS 193.0.14.129 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++. IN NS ++SECTION ANSWER ++. IN NS K.ROOT-SERVERS.NET. ++SECTION ADDITIONAL ++K.ROOT-SERVERS.NET. IN A 193.0.14.129 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION AUTHORITY ++test. IN NS ns.test. ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ENTRY_END ++RANGE_END ++ ++; ns.test ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.5 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION ANSWER ++test. IN NS ns.test ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN A ++SECTION ANSWER ++ns.test. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN AAAA ++SECTION AUTHORITY ++test. 3600 IN SOA ns.test. host.test. 20201 3600 1800 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION AUTHORITY ++example.test. IN NS ns.example.test. ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION ANSWER ++example.test. IN NS ns.example.test. ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN A ++SECTION ANSWER ++ns.example.test. IN A 1.2.3.4 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN AAAA ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++www.example.test. IN A ++SECTION ANSWER ++www.example.test. IN A 10.20.30.40 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ww2.example.test. IN A ++SECTION ANSWER ++ww2.example.test. IN A 10.20.30.42 ++ENTRY_END ++RANGE_END ++ ++STEP 1 QUERY ++ENTRY_BEGIN ++MATCH TCP ++HEX_ANSWER_BEGIN ++00 00 01 00 00 01 00 00 ;ID 0 ++00 00 00 01 03 77 77 77 ; www.example.com A? (DO) ++07 65 78 61 6d 70 6c 65 ++04 74 65 73 74 00 ++00 01 00 01 ++00 00 29 10 00 00 00 80 00 ++10 04 ; EDNS rdata length 4100 ++ ++; EDNS rdata contents ++; 1025 x 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 00 03 00 00 ++HEX_ANSWER_END ++ENTRY_END ++ ++STEP 10 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NOERROR ++SECTION QUESTION ++www.example.test. IN A ++SECTION ANSWER ++www.example.test. IN A 10.20.30.40 ++SECTION ADDITIONAL ++HEX_EDNSDATA_BEGIN ++; There is one NSID option in the reply. ++00 03 00 3c ++414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141414141 ++HEX_EDNSDATA_END ++ENTRY_END ++ ++STEP 20 QUERY ++ENTRY_BEGIN ++MATCH TCP ++REPLY RD ++SECTION QUESTION ++ww2.example.test. IN A ++SECTION ADDITIONAL ++HEX_EDNSDATA_BEGIN ++; 2341 cookie options. ++; Opcode 10, Length 8, with cookie 0102030405060708. ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 000a 0008 0102030405060708 000a 0008 0102030405060708 ++000a 0008 0102030405060708 ++HEX_EDNSDATA_END ++ENTRY_END ++ ++; get a new COOKIE. ++STEP 30 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO NOERROR ++SECTION QUESTION ++ww2.example.test. IN A ++SECTION ANSWER ++ww2.example.test. IN A 10.20.30.42 ++SECTION ADDITIONAL ++HEX_EDNSDATA_BEGIN ++000a 0018 ++0102030405060708 0100000000000000 9FD0C29FDA3E95BE ++HEX_EDNSDATA_END ++ENTRY_END ++ ++SCENARIO_END +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/15-Unit-test-for-CVE-2026-42959.patch unbound-1.22.0/debian/patches/26-05/15-Unit-test-for-CVE-2026-42959.patch --- unbound-1.22.0/debian/patches/26-05/15-Unit-test-for-CVE-2026-42959.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/15-Unit-test-for-CVE-2026-42959.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,299 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/d357935f662d239616fee1403f6799a66b60d986 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 12:35:38 +0200 +Subject: - Unit test for CVE-2026-42959. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 1 + + testdata/fill_reply_uninit.rpl | 265 +++++++++++++++++++++++++++++++++ + 2 files changed, 266 insertions(+) + create mode 100644 testdata/fill_reply_uninit.rpl + +#diff --git a/doc/Changelog b/doc/Changelog +#index d79df26c9..a16fab1cc 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -32,6 +32,7 @@ +# for 1.25.2. +# - Unit test for CVE-2026-33278. +# - Unit test for CVE-2026-42944. +#+ - Unit test for CVE-2026-42959. +# +# 18 May 2026: Wouter +# - Fix for mixed class referrals, the resolver uses the query +diff --git a/testdata/fill_reply_uninit.rpl b/testdata/fill_reply_uninit.rpl +new file mode 100644 +index 000000000..cda167cd5 +--- /dev/null ++++ b/testdata/fill_reply_uninit.rpl +@@ -0,0 +1,265 @@ ++; config options ++; The island of trust is at test. ++server: ++ trust-anchor: "test. DS 1444 8 2 8a87d067fd09a5965244fe2e317dd26d182c468e0a7f26ecc4c7b479bf89db9b" ++ val-override-date: "20201020135527" ++ target-fetch-policy: "0 0 0 0 0" ++ qname-minimisation: "no" ++ fake-sha1: yes ++ trust-anchor-signaling: no ++ minimal-responses: no ++ iter-scrub-promiscuous: no ++ aggressive-nsec: yes ++ local-zone: test. nodefault ++ log-servfail: yes ++ ++stub-zone: ++ name: "." ++ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. ++CONFIG_END ++ ++SCENARIO_BEGIN Test val fill reply for uninit copy. ++; Test DNSSEC validator additional section processing use of uninit data. ++ ++; K.ROOT-SERVERS.NET. ++RANGE_BEGIN 0 100 ++ ADDRESS 193.0.14.129 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++. IN NS ++SECTION ANSWER ++. IN NS K.ROOT-SERVERS.NET. ++SECTION ADDITIONAL ++K.ROOT-SERVERS.NET. IN A 193.0.14.129 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION AUTHORITY ++test. IN NS ns.test. ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ENTRY_END ++RANGE_END ++ ++; ns.test ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.5 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test. IN NS ++SECTION ANSWER ++test. IN NS ns.test ++test. 3600 IN RRSIG NS 8 1 3600 20201116135527 20201019135527 1444 test. RGCxIO32TbbLTk6xZmTr+fjYPH50hntBxeOQ2DIj2pDsmjALcHYtVkOfpfk2EhOhHZd+9PLuoJPbJh6a9NqLSFeBvr0XZoCZoQ2g0tCHUNHcH5EVjA2TuYBQem6DVYnPLJ3914aRx0uA1j42b8dC2xsam/XkOo7U+dLbUW2Os1s= ++SECTION ADDITIONAL ++ns.test. IN A 1.2.3.5 ++ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN A ++SECTION ANSWER ++ns.test. IN A 1.2.3.5 ++ns.test. 3600 IN RRSIG A 8 2 3600 20201116135527 20201019135527 1444 test. GskCc4/k6GjH9V9Jz2V5L2XLiizbOeWkB0feSbf+aN859S3vxVvtuqkvIgwY4LafUO1QAn/pUcv9zA7rcFO++rlg+8t6gvZTo9p3v0bfeIv2uJDsfSBD5jDh0WXlxjekfnrKrQp7zE+GiA93tWwKUWKPvxXDgP+n886e6WcbHJw= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.test. IN AAAA ++SECTION AUTHORITY ++test. 3600 IN SOA ns.test. host.test. 20201 3600 1800 604800 3600 ++test. 3600 IN RRSIG SOA 8 1 3600 20201116135527 20201019135527 1444 test. IZJIDmEgf0W7A5G7hvvZ2hUqJ9Trbv1/i7ySapDmPbYV9lVCmHHobySxO01yDhI2/Pvpsvxqrm1Tiv3BxH8uzZ4keKgiQjBsSy4htAsFct9I4E7ly2glPj/Fm3oun3PsjJDv5QYhx0KS7w4IQKU7Nc9pfJc92uoUI5bdoC1pRGw= ++ns.test. 3600 IN NSEC nz.test. A RRSIG ++ns.test. 3600 IN RRSIG NSEC 8 2 3600 20201116135527 20201019135527 1444 test. PElArVB3KPg8KHAP7lzcNbhFuXNxTsHNTn1dZVncB5qmWRdIaeKpaXDjpH0JSXMaelGFS+/QhuQ6Hmw9+4VyZFRqMzGhw4agUR/2bxABHcDIG4ZpUwyeSP61ATTfHUkQVxaH2wjCWI/tfmesdP2xVE4GXyUvCIBxU914MkZbULU= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test. IN DNSKEY ++SECTION ANSWER ++test. 3600 IN DNSKEY 257 3 8 AwEAAbd9WqjzE2Pynz21OG5doSf9hFzMr5dhzz2waZ3vTa+0o5r7AjTAqmA1yH/B3+aAMihUm5ucZSfVqo7+kOaRE8yFj9aivOmA1n1+JLevJq/oyvQyjxQN2Qb89LyaNUT5oKZIiL+uyyhNW3KDR3SSbQ/GBwQNDHVcZi+JDR3RC0r7 ;{id = 1444 (ksk), size = 1024b} ++test. 3600 IN RRSIG DNSKEY 8 1 3600 20201116135527 20201019135527 1444 test. UmRMS4iG9NBBHZYOtpwFFcJgbEb5SfHSgHd9XRe/8pTWM31WSDayn5ViPOBMqI1T5TXg2amc13dDI574xIM2oKMus3b5cBW72jJLW13jprBtslO6P8BMWb4HNnvLrJtQjwf3ErRirtTxinLmywQtmyr1cdthyG3Gp4N7i90fHSc= ++SECTION ADDITIONAL ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qname qtype ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++example.test. IN DS ++SECTION ANSWER ++example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 ++example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION AUTHORITY ++example.test. IN NS ns.example.test. ++example.test. 3600 IN DS 55567 8 2 a2d578906330a10a57d40462257b6ce038bad3f7bf4a45c46c46086e20a94b39 ++example.test. 3600 IN RRSIG DS 8 2 3600 20201116135527 20201019135527 1444 test. P7+FTYW2qHuJ4I1YbuvseEz5X1lOYAraGEHB3C5y0OOCQFmhmSiFRdquNi2NlpcS6FXLdsE0EU+Bo1+0atTG4EkMWXbpF21lrtbB51BdsnlX4Mzc/o375fvjiOMwmF6wPCUaOUN62jrVrhsE/hedaVyDphDToqL17ETohwgUO2I= ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ENTRY_END ++RANGE_END ++ ++; ns.example.test. ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN NS ++SECTION ANSWER ++example.test. IN NS ns.example.test. ++example.test. 3600 IN RRSIG NS 8 2 3600 20201116135527 20201019135527 55567 example.test. l1JT0wMlK0YI7/CWHzexf/k0iafUhCgN+BdgjBXIRXmSQNf4HDTiAkbcWL2/15qtnp12nQy9JeiTdSQ3vtPoHAJX4C5uTWaze4ms+Wrrf+n92sLCjacP9x50uuicH3URT6cKb1QCAPwlvlWxIlZjAMYFScSns7+C441NMJT8aE4= ++SECTION ADDITIONAL ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN A ++SECTION ANSWER ++ns.example.test. IN A 1.2.3.4 ++ns.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. 2PWaVaccZFQgfPKXNsdEGYUVaashCAj1ZhBo9XRt5eQKUFvZcauBjMnXIuxZFyWeootn1fZGw6GuPI5W48Y0FDx38H6adprkFgQikso2Y64jDdDMWznSo38Z/XqP+U0+kq4vmwonvmEMpm7hKnNEXvhqGKyGzyBwb+CZVJ2L8Eo= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.example.test. IN AAAA ++SECTION AUTHORITY ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++example.test. 3600 IN RRSIG SOA 8 2 3600 20201116135527 20201019135527 55567 example.test. 2UUkScBAN37fJpSrelhE8DotKvmOzj3q9wicaanCIaCv95DE4nQnePih5B+ek3FIRjB/Uv2+z4Ro5Uxy94XAnlK0rCkDLSa0U9U7KP0ytc88sevO0x1SCPAMoZoJO6JqHkv42pdh54WSz+Zb/D8npY0j/tksHe/uX+VQnMymgb8= ++ns.example.test. 3600 IN NSEC nz.example.test. A RRSIG ++example.test. 3600 IN SOA ns.example.test. host.example.test. 20301 3600 1800 604800 3600 ++ENTRY_END ++ ++; response to DNSKEY priming query ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++example.test. IN DNSKEY ++SECTION ANSWER ++example.test. 3600 IN DNSKEY 257 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55567 (ksk), size = 1024b} ++example.test. 3600 IN RRSIG DNSKEY 8 2 3600 20201116135527 20201019135527 55567 example.test. IbWMC6quOuZFNPAVxQLqCJ9nLhindBo826rnLcg5yMgs9dGUSPOCXAfHTmbgJAUNs9HTFfrJWNvasnETs0UOpmEuifGwWdH1OlME7Gny4RL2QmITUFeMW81Jz1tiVQxFXl6yxT0jxOxvz+bqMHlrz+8IeWQXcO+GZTPu8ueq30g= ++ENTRY_END ++ ++; response to query of interest ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++a.d.example.test. IN MX ++SECTION ANSWER ++d.example.test. 3600 IN DNAME tgt.example.test. ++d.example.test. 3600 IN RRSIG DNAME 8 3 3600 20201116135527 20201019135527 55567 example.test. EGpXUnJuzkETAO2OWyZDrTeInnyxF7CXPXGDfFt2x3CBUeckUUZcgQQ3yMh+BATKph2nOhBfk8klvZ35C9sQO7Z32REAnqGjpHiR86xRPYxG62Nk9kXv1Odeh/adz2QhB93N8U7W57FM0P/VQDkP0GQXTSRGTuj+7ihfYVd4HWI= ++a.d.example.test. 3600 IN CNAME a.tgt.example.test. ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++a.tgt.example.test. IN MX ++SECTION ANSWER ++a.tgt.example.test. 3600 IN CNAME b.d.example.test. ++a.tgt.example.test. 3600 IN RRSIG CNAME 8 4 3600 20201116135527 20201019135527 55567 example.test. XHYWSHIm9J8j8T1qMh1tHZS71UguXYUVescKPFtoGHRuyRhHNob+NAqdn3I4/+8HSSGrJDqhTX/Vo3rcc3/g5HOHScwzZByB/diyJWpG9IA7pm7c7FnHnHpGBVdHq9wXlkgCPiaJShpE1zg1nNy3p99ca9/wh4y9XWSfcl0L8aw= ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++b.d.example.test. IN MX ++SECTION ANSWER ++b.d.example.test. 3600 IN CNAME c.d.example.test. ++; (unsigned - no RRSIG) ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++c.d.example.test. IN MX ++SECTION ANSWER ++c.d.example.test. 3600 IN CNAME evil.example.test. ++; (unsigned - no RRSIG) ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++evil.example.test. IN MX ++SECTION ANSWER ++evil.example.test. 3600 IN MX 10 mail.example.test. ++evil.example.test. 3600 IN RRSIG MX 8 3 3600 20201116135527 20201019135527 55567 example.test. ddinUzYoxk5OLUFBVdfFqyz39P6Z+VfQciTRC2EmEl+tbD/oJGFaEEnoU2eZil7E/kOygTFwFShDrmCYUq9W3DTpDKSaj1ci2Wze1E9zwOZguSwevAtw7qEenQei2TgPWrH39OlOwcW31Siqm9RDfX9eTRW72L1qYvqXnkTIctU= ++SECTION AUTHORITY ++evil.example.test. 3600 IN NSEC evil.example.test. MX RRSIG ++; (unsigned) ++SECTION ADDITIONAL ++mail.example.test. 3600 IN A 192.0.2.10 ++mail.example.test. 3600 IN RRSIG A 8 3 3600 20201116135527 20201019135527 55567 example.test. JYvTCMU4isgSHS7R0tGUE+3i0FdPvKFENylO8bSuDzYr2iR8Ac6CFq8OepOYn4QUp73CL7QHho2Zy6Hxn4FK/5ryynGc3IjP9gvpV1YZ54TPKmvJkhWasRoALdrPqaWKS3i2Jyr6LeGgwc7Tlntc5ZwEdr4rOAJ0MgVpPpUxjnk= ++ENTRY_END ++RANGE_END ++ ++STEP 1 QUERY ++ENTRY_BEGIN ++REPLY RD DO ++SECTION QUESTION ++a.d.example.test. IN MX ++ENTRY_END ++ ++STEP 10 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA DO SERVFAIL ++SECTION QUESTION ++a.d.example.test. IN MX ++SECTION ANSWER ++; The reply is bogus due to the 'NSEC' rrset missing signatures. ++ENTRY_END ++ ++SCENARIO_END +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/16-Unit-test-for-CVE-2026-40622.patch unbound-1.22.0/debian/patches/26-05/16-Unit-test-for-CVE-2026-40622.patch --- unbound-1.22.0/debian/patches/26-05/16-Unit-test-for-CVE-2026-40622.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/16-Unit-test-for-CVE-2026-40622.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,333 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/b5f21f41658f65d6143df6a3208e8ccf1a01604d +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 12:37:17 +0200 +Subject: - Unit test for CVE-2026-40622. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 1 + + testdata/iter_ghost_ns_childapex.rpl | 299 +++++++++++++++++++++++++++ + 2 files changed, 300 insertions(+) + create mode 100644 testdata/iter_ghost_ns_childapex.rpl + +#diff --git a/doc/Changelog b/doc/Changelog +#index a16fab1cc..208ca24ad 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -33,6 +33,7 @@ +# - Unit test for CVE-2026-33278. +# - Unit test for CVE-2026-42944. +# - Unit test for CVE-2026-42959. +#+ - Unit test for CVE-2026-40622. +# +# 18 May 2026: Wouter +# - Fix for mixed class referrals, the resolver uses the query +diff --git a/testdata/iter_ghost_ns_childapex.rpl b/testdata/iter_ghost_ns_childapex.rpl +new file mode 100644 +index 000000000..2b046a86c +--- /dev/null ++++ b/testdata/iter_ghost_ns_childapex.rpl +@@ -0,0 +1,299 @@ ++; config options ++server: ++ target-fetch-policy: "0 0 0 0 0" ++ qname-minimisation: no ++ minimal-responses: yes ++ log-servfail: yes ++ module-config: "iterator" ++ ++stub-zone: ++ name: "." ++ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. ++CONFIG_END ++ ++SCENARIO_BEGIN Test for ghost domain with a child apex NS query. ++ ++; K.ROOT-SERVERS.NET. ++RANGE_BEGIN 0 100 ++ ADDRESS 193.0.14.129 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++. IN NS ++SECTION ANSWER ++. IN NS K.ROOT-SERVERS.NET. ++SECTION ADDITIONAL ++K.ROOT-SERVERS.NET. IN A 193.0.14.129 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++tld. IN NS ++SECTION AUTHORITY ++tld. IN NS ns.tld. ++SECTION ADDITIONAL ++ns.tld. IN A 1.2.3.5 ++ENTRY_END ++RANGE_END ++ ++; ns.tld ++RANGE_BEGIN 0 15 ++ ADDRESS 1.2.3.5 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++tld. IN NS ++SECTION ANSWER ++tld. IN NS ns.tld ++SECTION ADDITIONAL ++ns.tld. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.tld. IN A ++SECTION ANSWER ++ns.tld. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.tld. IN AAAA ++SECTION AUTHORITY ++tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++mid.tld. IN NS ++SECTION AUTHORITY ++mid.tld. 5 IN NS ns.mid.tld. ++SECTION ADDITIONAL ++ns.mid.tld. 5 IN A 1.2.3.4 ++ENTRY_END ++RANGE_END ++ ++; ns.tld ++RANGE_BEGIN 20 100 ++ ADDRESS 1.2.3.5 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++tld. IN NS ++SECTION ANSWER ++tld. IN NS ns.tld ++SECTION ADDITIONAL ++ns.tld. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.tld. IN A ++SECTION ANSWER ++ns.tld. IN A 1.2.3.5 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.tld. IN AAAA ++SECTION AUTHORITY ++tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR AA NXDOMAIN ++SECTION QUESTION ++mid.tld. IN NS ++SECTION AUTHORITY ++tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 ++ENTRY_END ++RANGE_END ++ ++; ns.mid.tld. ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.4 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++mid.tld. IN NS ++SECTION ANSWER ++mid.tld. 86400 IN NS ns.mid.tld. ++SECTION ADDITIONAL ++ns.mid.tld. 86400 IN A 1.2.3.4 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.mid.tld. IN A ++SECTION ANSWER ++ns.mid.tld. IN A 1.2.3.4 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.mid.tld. IN AAAA ++SECTION AUTHORITY ++mid.tld. 3600 IN SOA ns.mid.tld. host.mid.tld. 20301 3600 1800 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++sub.mid.tld. IN NS ++SECTION AUTHORITY ++sub.mid.tld. 3600 IN NS ns.sub.mid.tld. ++SECTION ADDITIONAL ++ns.sub.mid.tld. 3600 IN A 1.2.3.6 ++ENTRY_END ++RANGE_END ++ ++; ns.sub.mid.tld. ++RANGE_BEGIN 0 100 ++ ADDRESS 1.2.3.6 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR NOERROR ++SECTION QUESTION ++sub.mid.tld. IN NS ++SECTION ANSWER ++sub.mid.tld. IN NS ns.sub.mid.tld. ++SECTION ADDITIONAL ++ns.sub.mid.tld. IN A 1.2.3.6 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.sub.mid.tld. IN A ++SECTION ANSWER ++ns.sub.mid.tld. IN A 1.2.3.6 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.sub.mid.tld. IN AAAA ++SECTION AUTHORITY ++sub.mid.tld. 3600 IN SOA ns.sub.mid.tld. host.sub.mid.tld. 20301 3600 1800 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++a.sub.mid.tld. IN A ++SECTION ANSWER ++a.sub.mid.tld. 3600 IN A 10.20.30.40 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++b.sub.mid.tld. IN A ++SECTION ANSWER ++b.sub.mid.tld. 3600 IN A 10.20.30.41 ++ENTRY_END ++RANGE_END ++ ++STEP 1 QUERY ++ENTRY_BEGIN ++REPLY RD NOERROR ++SECTION QUESTION ++a.sub.mid.tld. IN A ++ENTRY_END ++ ++STEP 2 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NOERROR ++SECTION QUESTION ++a.sub.mid.tld. IN A ++SECTION ANSWER ++a.sub.mid.tld. 3600 IN A 10.20.30.40 ++ENTRY_END ++ ++STEP 10 QUERY ++ENTRY_BEGIN ++REPLY RD NOERROR ++SECTION QUESTION ++mid.tld. IN NS ++ENTRY_END ++ ++STEP 11 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NOERROR ++SECTION QUESTION ++mid.tld. IN NS ++SECTION ANSWER ++mid.tld. 86400 IN NS ns.mid.tld. ++SECTION ADDITIONAL ++ns.mid.tld. 86400 IN A 1.2.3.4 ++ENTRY_END ++ ++STEP 20 TIME_PASSES ELAPSE 10 ++; The authority for .tld switches to NXDOMAIN for mid.tld. ++ ++STEP 30 QUERY ++ENTRY_BEGIN ++REPLY RD NOERROR ++SECTION QUESTION ++b.sub.mid.tld. IN A ++ENTRY_END ++ ++STEP 31 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NXDOMAIN ++SECTION QUESTION ++b.sub.mid.tld. IN A ++SECTION ANSWER ++SECTION AUTHORITY ++tld. 3600 IN SOA ns.tld. host.tld. 20201 3600 1800 604800 3600 ++ENTRY_END ++ ++SCENARIO_END +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/26-05/17-Unit-test-for-CVE-2026-42960.patch unbound-1.22.0/debian/patches/26-05/17-Unit-test-for-CVE-2026-42960.patch --- unbound-1.22.0/debian/patches/26-05/17-Unit-test-for-CVE-2026-42960.patch 1970-01-01 00:00:00.000000000 +0000 +++ unbound-1.22.0/debian/patches/26-05/17-Unit-test-for-CVE-2026-42960.patch 2026-05-25 09:05:38.000000000 +0000 @@ -0,0 +1,225 @@ +Origin: upstream, https://github.com/NLnetLabs/unbound/commit/0d2282d5513e73b526a44483d63fc5d0f9c41439 +Forwarded: not-needed +From: "W.C.A. Wijngaards" +Date: Wed, 20 May 2026 12:40:32 +0200 +Subject: - Unit test for CVE-2026-42960. +Comment: mjt: comment-out doc/Changelog entry + +--- + doc/Changelog | 1 + + testdata/iter_scrub_mx.rpl | 191 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 192 insertions(+) + create mode 100644 testdata/iter_scrub_mx.rpl + +##diff --git a/doc/Changelog b/doc/Changelog +#index 208ca24ad..4ab7c95bc 100644 +#--- a/doc/Changelog +#+++ b/doc/Changelog +#@@ -34,6 +34,7 @@ +# - Unit test for CVE-2026-42944. +# - Unit test for CVE-2026-42959. +# - Unit test for CVE-2026-40622. +#+ - Unit test for CVE-2026-42960. +# +# 18 May 2026: Wouter +# - Fix for mixed class referrals, the resolver uses the query +diff --git a/testdata/iter_scrub_mx.rpl b/testdata/iter_scrub_mx.rpl +new file mode 100644 +index 000000000..4fe7cfc98 +--- /dev/null ++++ b/testdata/iter_scrub_mx.rpl +@@ -0,0 +1,191 @@ ++; config options ++server: ++ target-fetch-policy: "0 0 0 0 0" ++ qname-minimisation: no ++ iter-scrub-promiscuous: yes ++ ++stub-zone: ++ name: "." ++ stub-addr: 1.2.3.0 # ns.root ++CONFIG_END ++ ++SCENARIO_BEGIN Test iterator with scrub of authority MX records ++; The test queries receive spoofed answers. The check queries see if ++; the record is returned by the original server or by a spoofed source. ++; The test domain is pollute3.mesa. ++; with ns.pollute3.mesa A records are tested for cache placement. ++; MX records and other records should not be allowed to make glue in cache, ++; when present in the authority section. ++ ++; ns.root ++RANGE_BEGIN 0 400 ++ ADDRESS 1.2.3.0 ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++. IN NS ++SECTION ANSWER ++. IN NS NS.ROOT. ++SECTION ADDITIONAL ++NS.ROOT. IN A 1.2.3.0 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++mesa. IN NS ++SECTION AUTHORITY ++mesa. IN NS ns.mesa. ++SECTION ADDITIONAL ++ns.mesa. IN A 1.2.7.7 ++ENTRY_END ++RANGE_END ++ ++; ns.mesa ++RANGE_BEGIN 0 400 ++ ADDRESS 1.2.7.7 ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++pollute3.mesa. IN NS ++SECTION AUTHORITY ++pollute3.mesa. IN NS ns.pollute3.mesa. ++SECTION ADDITIONAL ++ns.pollute3.mesa. IN A 1.2.4.3 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode subdomain ++ADJUST copy_id copy_query ++REPLY QR NOERROR ++SECTION QUESTION ++attacker.mesa. IN NS ++SECTION AUTHORITY ++attacker.mesa. IN NS ns.attacker.mesa. ++SECTION ADDITIONAL ++ns.attacker.mesa. IN A 5.6.7.8 ++ENTRY_END ++RANGE_END ++ ++; ns.pollute3.mesa ++RANGE_BEGIN 0 400 ++ ADDRESS 1.2.4.3 ++ ++; This is the spoofed answer that is returned. ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++test3.atkr.pollute3.mesa. IN A ++SECTION ANSWER ++test3.atkr.pollute3.mesa. 86400 IN A 1.2.3.4 ++SECTION AUTHORITY ++test3.atkr.pollute3.mesa. 86400 IN MX 20 ns.pollute3.mesa. ++SECTION ADDITIONAL ++ns.pollute3.mesa. 86400 IN A 5.6.7.8 ++ENTRY_END ++ ++; correct answer for the check query. ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++check.pollute3.mesa. IN A ++SECTION ANSWER ++check.pollute3.mesa. IN A 1.8.9.3 ++ENTRY_END ++RANGE_END ++ ++; ns.attacker.mesa ++RANGE_BEGIN 0 400 ++ ADDRESS 5.6.7.8 ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.attacker.mesa. IN A ++SECTION ANSWER ++ns.attacker.mesa. 86400 IN A 5.6.7.8 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.attacker.mesa. IN AAAA ++SECTION AUTHORITY ++attacker.mesa. 3600 IN SOA ns.attacker.mesa. root.attacker.mesa. 4 7200 3600 604800 3600 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++ns.attacker.mesa. IN A ++SECTION ANSWER ++ns.attacker.mesa. 86400 IN A 5.6.7.8 ++ENTRY_END ++ ++ENTRY_BEGIN ++MATCH opcode qtype qname ++ADJUST copy_id ++REPLY QR AA NOERROR ++SECTION QUESTION ++check.pollute3.mesa. IN A ++SECTION ANSWER ++check.pollute3.mesa. 86400 IN A 5.6.7.9 ++ENTRY_END ++RANGE_END ++ ++; Test query with authority section MX glue. ++STEP 10 QUERY ++ENTRY_BEGIN ++REPLY RD ++SECTION QUESTION ++test3.atkr.pollute3.mesa. IN A ++ENTRY_END ++ ++STEP 20 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NOERROR ++SECTION QUESTION ++test3.atkr.pollute3.mesa. IN A ++SECTION ANSWER ++test3.atkr.pollute3.mesa. 86400 IN A 1.2.3.4 ++ENTRY_END ++ ++; Check the cache contents, for query with authority section MX glue. ++STEP 100 QUERY ++ENTRY_BEGIN ++REPLY RD ++SECTION QUESTION ++check.pollute3.mesa. IN A ++ENTRY_END ++ ++STEP 110 CHECK_ANSWER ++ENTRY_BEGIN ++MATCH all ++REPLY QR RD RA NOERROR ++SECTION QUESTION ++check.pollute3.mesa. IN A ++SECTION ANSWER ++; good answer ++check.pollute3.mesa. IN A 1.8.9.3 ++; bad answer ++;check.pollute3.mesa. IN A 5.6.7.9 ++ENTRY_END ++ ++SCENARIO_END +-- +2.47.3 + diff -Nru unbound-1.22.0/debian/patches/series unbound-1.22.0/debian/patches/series --- unbound-1.22.0/debian/patches/series 2026-03-15 13:38:29.000000000 +0000 +++ unbound-1.22.0/debian/patches/series 2026-05-25 09:05:38.000000000 +0000 @@ -4,3 +4,20 @@ CVE-2025-11411-additional-nodata.patch 1247-forward-first-ssl-handshake-failed-on-root-nameservers.patch 1247-turn-off-fetch-policy-for-delegation-when.patch +26-05/01-Use-the-same-EDE-removal-logic-when-encoding-errors.patch +26-05/02-CVE-2026-33278-Possible-RCU-in-DNSSEC-validation.patch +26-05/03-CVE-2026-42944-Heap-overflow-multiple-nsid-cookie-padding.patch +26-05/04-CVE-2026-42959-Crash-DNSSEC-validation-of-malicious-content.patch +26-05/05-CVE-2026-32792-Packet-of-death-with-DNSCrypt.patch +26-05/06-CVE-2026-40622-Ghost-domain-name-variant.patch +26-05/07-CVE-2026-41292-Parsing-a-long-list-of-incoming-EDNS-options.patch +26-05/08-CVE-2026-42534-Jostle-logic-bypass-degrades-performance.patch +26-05/09-CVE-2026-42923-Degradation-of-service-unbouded-NSEC-hash-calc.patch +26-05/10-CVE-2026-42960-Possible-cache-poisoning-following-delegation.patch +26-05/11-CVE-2026-44390-Unbounded-name-compression.patch +26-05/12-CVE-2026-44608-UAF-in-RPZ-code.patch +26-05/13-Unit-test-for-CVE-2026-33278.patch +26-05/14-Unit-test-for-CVE-2026-42944.patch +26-05/15-Unit-test-for-CVE-2026-42959.patch +26-05/16-Unit-test-for-CVE-2026-40622.patch +26-05/17-Unit-test-for-CVE-2026-42960.patch