diff --git a/_service b/_service
index 01dafdd..17dfb90 100644
--- a/_service
+++ b/_service
@@ -1,20 +1,15 @@
-
+
https://github.com/coredns/coredns
git
.git
- a6338e924e29d318e7a1e971b5bde23f36d083af
+ v1.14.0
@PARENT_TAG@
enable
v(.*)
-
-
- *.tar
- gz
-
diff --git a/_servicedata b/_servicedata
index cb550df..feabf31 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/coredns/coredns
- a6338e924e29d318e7a1e971b5bde23f36d083af
\ No newline at end of file
+ 1c964f2f68bd04a875a41479822ec3da1f1e76ef
\ No newline at end of file
diff --git a/coredns-1.11.3.obscpio b/coredns-1.11.3.obscpio
deleted file mode 100644
index 84d368f..0000000
--- a/coredns-1.11.3.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f6183f082ccbaa735612a0d903ad3f4f2cfb291ac31a5a4d1805a8277ad0c872
-size 2614796
diff --git a/coredns-1.11.3.tar.gz b/coredns-1.11.3.tar.gz
deleted file mode 100644
index e8afaf3..0000000
--- a/coredns-1.11.3.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f1eb6b277e7f8745c4d1855bac5de15c7917ed9755168df334c388e2bed90f3c
-size 673983
diff --git a/coredns-1.14.0.tar.gz b/coredns-1.14.0.tar.gz
new file mode 100644
index 0000000..65be1eb
--- /dev/null
+++ b/coredns-1.14.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ba5ae931cdd675a915988e2fe7d93591f451b33c5894bda4a11c90e749173e8d
+size 745931
diff --git a/coredns.changes b/coredns.changes
index fc4ca4a..492b5b4 100644
--- a/coredns.changes
+++ b/coredns.changes
@@ -1,3 +1,240 @@
+-------------------------------------------------------------------
+Thu Jan 08 14:45:03 UTC 2026 - Andrea Manzini
+
+- fix CVE-2025-68156 bsc#1255345
+- fix CVE-2025-68161 bsc#1256411
+- Update to version 1.14.0:
+ * core: Fix gosec G115 integer overflow warnings
+ * core: Add regex length limit
+ * plugin/azure: Fix slice init length
+ * plugin/errors: Add optional show_first flag to consolidate directive
+ * plugin/file: Fix for misleading SOA parser warnings
+ * plugin/kubernetes: Rate limits to api server
+ * plugin/metrics: Implement plugin chain tracking
+ * plugin/sign: Report parser err before missing SOA
+ * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7
+
+- Update to version 1.13.2:
+ * core: Add basic support for DoH3
+ * core: Avoid proxy unnecessary alloc in Yield
+ * core: Fix usage of sync.Pool to save an alloc
+ * core: Fix data race with sync.RWMutex for uniq
+ * core: Prevent QUIC reload panic by lazily initializing the listener
+ * core: Refactor/use reflect.TypeFor
+ * plugin/auto: Limit regex length
+ * plugin/cache: Remove superfluous allocations in item.toMsg
+ * plugin/cache: Isolate metadata in prefetch goroutine
+ * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil
+ packages
+ * plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy
+ * plugin/file: Performance finetuning
+ * plugin/forward: Disallow NOERROR in failover
+ * plugin/forward: Added support for per-nameserver TLS SNI
+ * plugin/forward: Prevent busy loop on connection err
+ * plugin/forward: Add max connect attempts knob
+ * plugin/geoip: Add ASN schema support
+ * plugin/geoip: Add support for subdivisions
+ * plugin/kubernetes: Fix kubernetes plugin logging
+ * plugin/multisocket: Cap num sockets to prevent OOM
+ * plugin/nomad: Support service filtering
+ * plugin/rewrite: Pre-compile CNAME rewrite regexp
+ * plugin/secondary: Fix reload causing secondary plugin goroutine to leak
+
+- Update to version 1.13.1:
+ * core: Avoid string concatenation in loops
+ * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes
+ * plugin/sign: Reject invalid UTF‑8 dbfile token
+
+- Update to version 1.13.0:
+ * core: Export timeout values in dnsserver.Server
+ * core: Fix Corefile infinite loop on unclosed braces
+ * core: Fix Corefile related import cycle issue
+ * core: Normalize panics on invalid origins
+ * core: Rely on dns.Server.ShutdownContext to gracefully stop
+ * plugin/dnstap: Add bounds for plugin args
+ * plugin/file: Fix data race in tree Elem.Name
+ * plugin/forward: No failover to next upstream when receiving SERVFAIL or
+ REFUSED response codes
+ * plugin/grpc: Enforce DNS message size limits
+ * plugin/loop: Prevent panic when ListenHosts is empty
+ * plugin/loop: Avoid panic on invalid server block
+ * plugin/nomad: Add a Nomad plugin
+ * plugin/reload: Prevent SIGTERM/reload deadlock
+
+
+-------------------------------------------------------------------
+Thu Sep 11 06:35:54 UTC 2025 - Andrea Manzini
+
+- fix CVE-2025-58063 https://bugzilla.suse.com/show_bug.cgi?id=1249389
+- Update to version 1.12.4:
+ * bump deps
+ * fix(transfer): goroutine leak on axfr err (#7516)
+ * plugin/etcd: fix import order for ttl test (#7515)
+ * fix(grpc): check proxy list length in policies (#7512)
+ * fix(https): propagate HTTP request context (#7491)
+ * fix(plugin): guard nil lookups across plugins (#7494)
+ * lint: add missing prealloc to backend lookup test (#7510)
+ * fix(grpc): span leak on error attempt (#7487)
+ * test(plugin): improve backend lookup coverage (#7496)
+ * lint: enable prealloc (#7493)
+ * lint: enable durationcheck (#7492)
+ * Add Sophotech to adopters list (#7495)
+ * plugin: Use %w to wrap user error (#7489)
+ * fix(metrics): add timeouts to metrics HTTP server (#7469)
+ * chore(ci): restrict token permissions (#7470)
+ * chore(ci): pin workflow dependencies (#7471)
+ * fix(forward): use netip package for parsing (#7472)
+ * test(plugin): improve test coverage for pprof (#7473)
+ * build(deps): bump github.com/go-viper/mapstructure/v2 (#7468)
+ * plugin/file: fix label offset problem in ClosestEncloser (#7465)
+ * feat(trace): migrate dd-trace-go v1 to v2 (#7466)
+ * test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438)
+ * chore: update Go version to 1.24.6 (#7437)
+ * plugin/header: Remove deprecated syntax (#7436)
+ * plugin/loadbalance: support prefer option (#7433)
+ * Improve caddy.GracefulServer conformance checks (#7416)
+
+
+-------------------------------------------------------------------
+Sun Aug 31 14:18:42 UTC 2025 - Andrea Manzini
+
+- Update to version 1.12.3:
+ * chore: Minor changes to `Dockerfile` (#7428)
+ * Properly create hostname from IPv6 (#7431)
+ * Bump deps
+ * fix: handle cached connection closure in forward plugin (#7427)
+ * plugin/test: fix TXT record comparison for multi-chunk vs multiple records
+ * plugin/file: preserve case in SRV record names and targets per RFC 6763
+ * fix(auto/file): return REFUSED when no next plugin is available (#7381)
+ * Port to AWS Go SDK v2 (#6588)
+ * fix(cache): data race when refreshing cached messages (#7398)
+ * fix(cache): data race when updating the TTL of cached messages (#7397)
+ * chore: fix docs incompatibility (#7390)
+ * plugin/rewrite: Add EDNS0 Unset Action (#7380)
+ * add args: startup_timeout for kubernetes plugin (#7068)
+ * [plugin/cache] create a copy of a response to ensure original data is never
+ modified
+ * Add support for fallthrough to the grpc plugin (#7359)
+ * view: Add IPv6 example match (#7355)
+ * chore: enable more rules from revive (#7352)
+ * chore: enable early-return and superfluous-else from revive (#7129)
+ * test(plugin): improve tests for auto (#7348)
+ * fix(proxy): flaky dial tests (#7349)
+ * test: add t.Helper() calls to test helper functions (#7351)
+ * fix(kubernetes): multicluster DNS race condition (#7350)
+ * lint: enable wastedassign linter (#7340)
+ * test(plugin): add tests for any (#7341)
+ * Actually invoke make release -f Makefile.release during test (#7338)
+ * Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337)
+ * lint: enable protogetter linter (#7336)
+ * lint: enable nolintlint linter (#7332)
+ * fix: missing intrange lint fix (#7333)
+ * perf(kubernetes): optimize AutoPath slice allocation (#7323)
+ * lint: enable intrange linter (#7331)
+ * feat(plugin/file): fallthrough (#7327)
+ * lint: enable canonicalheader linter (#7330)
+ * fix(proxy): avoid Dial hang after Transport stopped (#7321)
+ * test(plugin): add tests for pkg/rand (#7320)
+ * test(dnsserver): add unit tests for gRPC and QUIC servers (#7319)
+ * fix: loop variable capture and linter (#7328)
+ * lint: enable usetesting linter (#7322)
+ * test: skip certain network-specific tests on non-Linux (#7318)
+ * test(dnsserver): improve core/dnsserver test coverage (#7317)
+ * fix(metrics): preserve request size from plugins (#7313)
+ * fix: ensure DNS query name reset in plugin.NS error path (#7142)
+ * feat: enable plugins via environment during build (#7310)
+ * fix(plugin/bind): remove zone for link-local IPv4 (#7295)
+ * test(request): improve coverage across package (#7307)
+ * test(coremain): Add unit tests (#7308)
+ * ci(test-e2e): add Go version setup to workflow (#7309)
+ * kubernetes: add multicluster support (#7266)
+ * chore: Add new maintainer thevilledev (#7298)
+ * Update golangci-lint (#7294)
+ * feat: limit concurrent DoQ streams and goroutines (#7296)
+ * docs: add man page for multisocket plugin (#7297)
+ * Prepare for the k8s api upgrade (#7293)
+ * fix(rewrite): truncated upstream response (#7277)
+ * fix(plugin/secondary): make transfer property mandatory (#7249)
+ * plugin/bind: remove macOS bug mention in docs (#7250)
+ * Remove `?bla=foo:443` for `POST` DoH (#7257)
+ * Do not interrupt querying readiness probes for plugins (#6975)
+ * Added `SetProxyOptions` function for `forward` plugin (#7229)
+- removed patch fixquic-go.patch as already included in upstream
+
+-------------------------------------------------------------------
+Mon May 5 06:21:40 UTC 2025 - Andrea Manzini
+
+- Added patch fixquic-go.patch
+
+-------------------------------------------------------------------
+Wed Apr 30 20:11:19 UTC 2025 - Daniel Mulzer
+
+- Backported quic-go PR #5094: Fix parsing of ifindex from packets
+ to ensure compatibility with big-endian architectures
+ (see quic-go/quic-go#4978, coredns/coredns#6682).
+- This patch can be removed with the next quic-go release.
+
+-------------------------------------------------------------------
+Tue Apr 01 10:17:23 UTC 2025 - Andrea Manzini
+
+- Update to version 1.12.1:
+ * core: Increase CNAME lookup limit from 7 to 10 (#7153)
+ * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set
+ * plugin/kubernetes: Revert "only create PTR records for endpoints with
+ hostname defined"
+ * plugin/forward: added option failfast_all_unhealthy_upstreams to return
+ servfail if all upstreams are down
+ * bump dependencies, fixing bsc#1239294 and bsc#1239728
+
+- dropped obscpio generation from _service
+
+-------------------------------------------------------------------
+Fri Nov 22 13:44:39 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.12.0:
+ * New multisocket plugin - allows CoreDNS to listen on multiple sockets
+ * bump deps
+
+-------------------------------------------------------------------
+Fri Nov 15 13:50:25 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.11.4:
+ * forward plugin: new option next, to try alternate upstreams when receiving
+ specified response codes upstreams on (functions like the external plugin
+ alternate)
+ * dnssec plugin: new option to load keys from AWS Secrets Manager
+ * rewrite plugin: new option to revert EDNS0 option rewrites in responses
+
+-------------------------------------------------------------------
+Thu Nov 07 15:40:44 UTC 2024 - andrea.manzini@suse.com
+
+- Update to version 1.11.3+git129.387f34d:
+ * fix CVE-2024-51744 (https://bugzilla.suse.com/show_bug.cgi?id=1232991)
+ build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955)
+ * core: set cache-control max-age as integer, not float (#6764)
+ * Issue-6671: Fixed the order of plugins. (#6729)
+ * `root`: explicit mark `dnssec` support (#6753)
+ * feat: dnssec load keys from AWS Secrets Manager (#6618)
+ * fuzzing: fix broken oss-fuzz build (#6880)
+ * Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863)
+ * Update .go-version to 1.23.2 (#6920)
+ * plugin/rewrite: Add "revert" parameter for EDNS0 options (#6893)
+ * Added OpenSSF Scorecard Badge (#6738)
+ * fix(cwd): Restored backwards compatibility of Current Workdir (#6731)
+ * fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705)
+ * feature: log queue and buffer memory size configuration (#6591)
+ * plugin/bind: add zone for link-local IPv6 instead of skipping (#6547)
+ * only create PTR records for endpoints with hostname defined (#6898)
+ * fix: reverter should execute the reversion in reversed order (#6872)
+ * plugin/etcd: fix etcd connection leakage when reload (#6646)
+ * kubernetes: Add useragent (#6484)
+ * Update build (#6836)
+ * Update grpc library use (#6826)
+ * Bump go version from 1.21.11 to 1.21.12 (#6800)
+ * Upgrade antonmedv/expr to expr-lang/expr (#6814)
+ * hosts: add hostsfile as label for coredns_hosts_entries (#6801)
+ * fix TestCorefile1 panic for nil handling (#6802)
+
-------------------------------------------------------------------
Thu Sep 19 09:14:06 UTC 2024 - andrea.manzini@suse.com
diff --git a/coredns.obsinfo b/coredns.obsinfo
index d02b1dc..52ea98c 100644
--- a/coredns.obsinfo
+++ b/coredns.obsinfo
@@ -1,4 +1,4 @@
name: coredns
-version: 1.11.3
-mtime: 1719922136
-commit: a6338e924e29d318e7a1e971b5bde23f36d083af
+version: 1.12.1
+mtime: 1743450756
+commit: 707c7c10acd52cb94e959e76ae233d9b76af0854
diff --git a/coredns.spec b/coredns.spec
index 6fe026f..af583e8 100644
--- a/coredns.spec
+++ b/coredns.spec
@@ -1,7 +1,7 @@
#
# spec file for package coredns
#
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define project github.com/coredns/coredns
Name: coredns
-Version: 1.11.3
+Version: 1.14.0
Release: 0
Summary: DNS server written in Go
License: Apache-2.0
@@ -30,7 +30,7 @@ Source1: vendor.tar.gz
Source10: Corefile
Source11: coredns.service
BuildRequires: fdupes
-BuildRequires: golang(API) >= 1.21
+BuildRequires: golang(API) >= 1.24.5
%description
CoreDNS is a DNS server in Go. It has a plugin architecture for
@@ -71,7 +71,7 @@ go build -mod=vendor -v -buildmode=pie -o coredns
%check
# Too many tests fail due to the restricted permissions in the build enviroment.
# Updates must be tested manually.
-go test ./... -skip="TestZoneExternalCNAMELookupWithProxy|TestReadme|TestCorefile1"
+go test ./... -skip="TestZoneExternalCNAMELookupWithProxy|TestReadme|TestCorefile1|TestView|TestMultisocket_Restart"
%install
cd $HOME/go/src/%{project}
diff --git a/vendor.tar.gz b/vendor.tar.gz
index 1db1efd..b04e048 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:e7fb5f09fedcae56071ef8a2b0438fbdb82de7de48fb15beabe8af1818b0a9c5
-size 12045184
+oid sha256:b2fc57fc2932f660f3e706e5029f0c84da65ef773862197b281401ae63c7eb80
+size 16016814