Log message:
*/builtin.mk: Disable for cross-build if executes target program.

We can't run target programs during cross-build, so we either need to
disable builtin detection or find another way to detect the target
program's version.

No change to native builds because this just makes some existing
logic conditional on native builds.

Log message:
net/bind918: fix BUILDLINK_ABI_DEPENDS

We have 9.8.21 but not yet 9.18.30nb1.

Log message:
net/bind918: update to 9.18.21

9.18.21 (2023-12-20)

6297.	[bug]		Improve LRU cleaning behaviour. [GL #4448]

6296.	[func]		The "resolver-nonbackoff-tries" and
			"resolver-retry-interval" options are deprecated;
			a warning will be logged if they are used. [GL #4405]

6294.	[bug]		BIND might sometimes crash after startup or
			re-configuration when one 'tls' entry is used multiple
			times to connect to remote servers due to initialisation
			attempts from contexts of multiple threads. That has
			been fixed. [GL #4464]

6290.	[bug]		Dig +yaml will now report "no servers could be reached"
			also for UDP setup failure when no other servers or
			tries are left. [GL #1229]

6287.	[bug]		Recognize escapes when reading the public key from file.
			[GL !8502]

6286.	[bug]		Dig +yaml will now report "no servers could be reached"
			on TCP connection failure as well as for UDP timeouts.
			[GL #4396]

6282.	[func]		Deprecate AES-based DNS cookies. [GL #4421]

Log message:
net/bind918: updte to 9.18.20

Note: B.ROOT-SERVERS.NET's addresses will be changed November 27, 2023.

9.18.20 (2023-11-15)

6280.	[bug]		Fix missing newlines in the output of "rndc nta -dump".
			[GL !8454]

6277.	[bug]		Take into account local authoritative zones when
			falling back to serve-stale. [GL #4355]

6275.	[bug]		Fix assertion failure when using lock-file configuration
			option together -X argument to named. [GL #4386]

6274.	[bug]		The 'lock-file' file was being removed when it
			shouldn't have been making it ineffective if named was
			started 3 or more times. [GL #4387]

6271.	[bug]		Fix a shutdown race in dns__catz_update_cb(). [GL #4381]

6269.	[maint]		B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
			2801:1b8:10::b. [GL #4101]

6267.	[func]		The timeouts for resending zone refresh queries over UDP
			were lowered to enable named to more quickly determine
			that a primary is down. [GL #4260]

6265.	[bug]		Don't schedule resign operations on the raw version
			of an inline-signing zone. [GL #4350]

6261.	[bug]		Fix a possible assertion failure on an error path in
			resolver.c:fctx_query(), when using an uninitialized
			link. [GL #4331]

6254.	[cleanup]	Add semantic patch to do an explicit cast from char
			to unsigned char in ctype.h class of functions.
			[GL #4327]

6252.	[test]		Python system tests have to be executed by invoking
			pytest directly. Executing them with the legacy test
			runner is no longer supported. [GL #4250]

6250.	[bug]		The wrong covered value was being set by
			dns_ncache_current for RRSIG records in the returned
			rdataset structure. This resulted in TYPE0 being
			reported as the covered value of the RRSIG when dumping
			the cache contents. [GL #4314]

Log message:
*: bump for protobuf 25

Log message:
*: recursive bump for icu 74.1

Log message:
*: recursive bump for protobuf

Log message:
*: bump for openssl 3

Log message:
net/bind918: update to 9.18.19

9.18.19 (2023-09-20)

6246.	[security]	Fix use-after-free error in TLS DNS code when sending
			data. (CVE-2023-4236) [GL #4242]

6245.	[security]	Limit the amount of recursion that can be performed
			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]

6244.	[bug]		Adjust log levels on malformed messages to NOTICE when
			transferring in a zone. [GL #4290]

6241.	[bug]		Take into account the possibility of partial TLS writes
			in TLS DNS code. That helps to prevent DNS messages
			corruption on long DNS over TLS streams. [GL #4255]

6240.	[bug]		Use dedicated per-worker thread jemalloc memory
			arenas for send buffers allocation to reduce memory
			consumption and avoid lock contention. [GL #4038]

6239.	[func]		Deprecate the 'dnssec-must-be-secure' option.
			[GL #3700]

6237.	[bug]		Address memory leaks due to not clearing OpenSSL error
			stack. [GL #4159]

6235.	[doc]		Clarify BIND 9 time formats. [GL #4266]

6234.	[bug]		Restore stale-refresh-time value after flushing the
			cache. [GL #4278]

6232.	[bug]		Following the introduction of krb5-subdomain-self-rhs
			and ms-subdomain-self-rhs update rules, removal of
			nonexistent PTR and SRV records via UPDATE could fail.
			[GL #4280]

6231.	[func]		Make nsupdate honor -v for SOA requests if the server
			is specified. [GL #1181]

6230.	[bug]		Prevent an unnecessary query restart if a synthesized
			CNAME target points to the CNAME owner. [GL #3835]

6227.	[bug]		Check the statistics-channel HTTP Content-length
			to prevent negative or overflowing values from
			causing a crash. [GL #4125]

6224.	[bug]		Check the If-Modified-Since value length to prevent
			out-of-bounds write. [GL #4124]

Log message:
net/bind918: update HOMEPAGE to the place the previous version redirects to.