Log message:
bind918: use KRB5_CONFIG

Log message:
bind918: use gssapi as an option; that fixes builds when krb5-config is \ 
installed but not buildlinked

Log message:
revbump after icu and protobuf updates

Log message:
net/bind918: update to 9.18.27

9.18.27 (2024-05-15)

6374.	[bug]		Skip to next RRSIG if signature has expired or is in
			the future rather than failing immediately. [GL #4586]

6372.	[func]		Implement signature jitter for dnssec-policy. [GL #4554]

Log message:
net/bind918: fix blocklist handling

Apply change of revision 1.21 in NetBSD base which fixed PR bin/58170.

Bump PKGREVISION.

Log message:
net/bind918: update to 9.18.62

9.18.26 (2024-04-17)

6364.	[protocol]	Add RESOLVER.ARPA to the built in empty zones.
			[GL #4580]

6363.	[bug]		dig/mdig +ednsflags=<non-zero-value> did not re-enable
			EDNS if it had been disabled. [GL #4641]

6361.	[bug]		Some invalid ISO 8601 durations were accepted
			erroneously. [GL #4624]

6360.	[bug]		Don't return static-stub synthesised NS RRset.
			[GL #4608]

6359.	[bug]		Fix bug in Depends (keymgr_dep) function. [GL #4552]

6351.	[protocol]	Support for the RESINFO record type has been added.
			[GL #4413]

6346.	[bug]		Cleaned up several minor bugs in the RBTDB dbiterator
			implementation. [GL !8741]

6345.	[bug]		Added missing dns_rdataset_disassociate calls in
			validator.c:findnsec3proofs. [GL #4571]

6340.	[test]		Fix incorrectly reported errors when running tests
			with `make test` on platforms with older pytest.
			[GL #4560]

6338.	[func]		Optimize slabheader placement, so the infrastructure
			records are put in the beginning of the slabheader
			linked list. [GL !8675]

6334.	[doc]		Improve ARM parental-agents definition. [GL #4531]

6333.	[bug]		Fix the DNS_GETDB_STALEFIRST flag, which was defined
			incorrectly in lib/ns/query.c. [GL !8683]

6330.	[doc]		Update ZSK minimum lifetime documentation in ARM, also
			depends on signing delay. [GL #4510]

6328.	[func]		Add workaround to enforce dynamic linker to pull
			jemalloc earlier than libc to ensure all memory
			allocations are done via jemalloc. [GL #4404]

6326.	[bug]		Changes to "listen-on" statements were ignored on
			reconfiguration unless the port or interface address was
			changed, making it impossible to change a related
			listener transport type. Thanks to Thomas Amgarten.
			[GL #4518] [GL #4528]

6325.	[func]		Expose the TCP client count in statistics channel.
			[GL #4425]

6324.	[bug]		Fix a possible crash in 'dig +nssearch +nofail' and
			'host -C' commands when one of the name servers returns
			SERVFAIL. [GL #4508]

6313.	[bug]		When dnssec-policy is in effect the DNSKEY's TTLs in
			the zone where not being updated to match the policy.
			This lead to failures when DNSKEYs where updated as the
			TTLs mismatched. [GL #4466]

Log message:
*: recursive bump for protobuf 26.1

Log message:
net/bind918: update to 9.18.25

9.18.25 (2024-03-20)

6356.	[bug]		Create the pruning task in the dns_cache_flush(), so
			the cache pruning still works after the flush.
			[GL #4621]

6353.	[bug]		Improve the TTL-based cleaning by removing the expired
			headers from the heap, so they don't block the next
			cleaning round and clean more than a single item for
			each new addition to the RBTDB. [GL #4591]

6352.	[bug]		Revert change 6319 and decrease lock contention during
			RBTDB tree pruning by not cleaning up nodes recursively
			within a single prune_tree() call. [GL #4596]

6350.	[bug]		Address use after free in expire_lru_headers. [GL #4495]

Log message:
net/bind918: update to 9.18.24

9.18.24 (2024-02-13)

	--- 9.18.24 released ---

6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.
			[GL #4568]

	--- 9.18.23 released ---

6322.	[security]	Specific DNS answers could cause a denial-of-service
			condition due to DNS validation taking a long time.
			(CVE-2023-50387) [GL #4424]

6321.	[security]	Change 6315 inadvertently introduced regressions that
			could cause named to crash. [GL #4234]

6320.	[bug]		Under some circumstances, the DoT code in client
			mode could process more than one message at a time when
			that was not expected. That has been fixed. [GL #4487]

	--- 9.18.22 released ---

6319.	[func]		Limit isc_task_send() overhead for RBTDB tree pruning.
			[GL #4383]

6317.	[security]	Restore DNS64 state when handling a serve-stale timeout.
			(CVE-2023-5679) [GL #4334]

6316.	[security]	Specific queries could trigger an assertion check with
			nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

6315.	[security]	Speed up parsing of DNS messages with many different
			names. (CVE-2023-4408) [GL #4234]

6314.	[bug]		Address race conditions in dns_tsigkey_find().
			[GL #4182]

6312.	[bug]		Conversion from NSEC3 signed to NSEC signed could
			temporarily put the zone into a state where it was
			treated as unsigned until the NSEC chain was built.
			Additionally conversion from one set of NSEC3 parameters
			to another could also temporarily put the zone into a
			state where it was treated as unsigned until the new
			NSEC3 chain was built. [GL #1794] [GL #4495]

6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a
			zone it could leak dst_keys due to a misplaced
			'continue'. [GL #4488]

6306.	[func]		Log more details about the cause of "not exact" errors.
			[GL #4500]

6304.	[bug]		The wrong time was being used to determine what RRSIGs
			where to be generated when dnssec-policy was in use.
			[GL #4494]

6302.	[func]		The "trust-anchor-telemetry" statement is no longer
			marked as experimental. This silences a relevant log
			message that was emitted even when the feature was
			explicitly disabled. [GL #4497]

6300.	[bug]		Fix statistics export to use full 64 bit signed numbers
			instead of truncating values to unsigned 32 bits.
			[GL #4467]

6299.	[port]		NetBSD has added 'hmac' to libc which collides with our
			use of 'hmac'. [GL #4478]

Log message:
revbump for devel/abseil