Log message:
net/bind*: Fix DESCR

Drop NEWS-type content from bind916.

all: Add final paragraph describing which version this is, and
upstream support status.

Log message:
net/bind918: amend link in DESCR...

so that the most recent release notes can be more easily found.
OK'ed by sekiya@.

Log message:
net/bind918: update to 9.18.18

--- 9.18.18 released ---

6220.	[func]		Deprecate the 'dialup' and 'heartbeat-interval'
			options. [GL #3700]

6219.	[bug]		Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
			[GL #4032]

6215.	[protocol]	Return REFUSED to GSS-API TKEY requests if GSS-API
			support is not configured. [GL #4225]

6213.	[bug]		Mark a primary server as temporarily unreachable if the
			TCP connection attempt times out. [GL #4215]

6212.	[bug]		Don't process detach and close netmgr events when
			the netmgr has been paused. [GL #4200]

Log message:
net/bind918: update to 9.18.17

9.18.17 released

6206.	[bug]		Add shutdown checks in dns_catz_dbupdate_callback() to
			avoid a race with dns_catz_shutdown_catzs(). [GL #4171]

6205.	[bug]		Restore support to read legacy HMAC-MD5 K file pairs.
			[GL #4154]

6204.	[bug]		Use NS records for relaxed QNAME-minimization mode.
			This reduces the number of queries named makes when
			resolving, as it allows the non-existence of NS RRsets
			at non-referral nodes to be cached in addition to the
			referrals that are normally cached. [GL #3325]

6200.	[bug]		Fix nslookup erroneously reporting a timeout when the
			input is delayed. [GL #4044]

6199.	[bug]		Improve HTTP Connection: header protocol conformance
			in the statistics channel. [GL #4126]

6198.	[func]		Remove the holes in the isc_result_t enum to compact
			the isc_result tables. [GL #4149]

6197.	[bug]		Fix a data race between the dns_zone and dns_catz
			modules when registering/unregistering a database
			update notification callback for a catalog zone.
			[GL #4132]

6196.	[cleanup]	Report "permission denied" instead of "unexpected \ 
error"
			when trying to update a zone file on a read-only file
			system. Thanks to Midnight Veil. [GL #4134]

6193.	[bug]		Fix a catz db update notification callback registration
			logic error, which could crash named when receiving an
			AXFR update for a catalog zone while the previous update
			process of the catalog zone was already running.
			[GL #4136]

6166.	[func]		Retry without DNS COOKIE on FORMERR if it appears that
			the FORMERR was due to the presence of a DNS COOKIE
			option. [GL #4049]

Log message:
net: Adapt packages to USE_(CC|CXX)_FEATURES where possible

Log message:
*: remove all instances of GCC_REQD where my name is the most recent in
"cvs annotate" (part 1)

Hopefully this commit can be reviewed later if a better replacement
for GCC_REQD is committed.

Log message:
bind918: Require at least GCC 4.9 for stdatomic.h.

Log message:
net/bind918: update to 9.18.16

9.18.16 (2023-06-21)

Security release:

- CVE-2023-2828
- CVE-2023-2911

6192.	[security]	A query that prioritizes stale data over lookup
			triggers a fetch to refresh the stale data in cache.
			If the fetch is aborted for exceeding the recursion
			quota, it was possible for 'named' to enter an infinite
			callback loop and crash due to stack overflow. This has
			been fixed. (CVE-2023-2911) [GL #4089]

6190.	[security]	Improve the overmem cleaning process to prevent the
			cache going over the configured limit. (CVE-2023-2828)
			[GL #4055]

6188.	[performance]	Reduce memory consumption by allocating properly
			sized send buffers for stream-based transports.
			[GL #4038]

6186.	[bug]		Fix a 'clients-per-query' miscalculation bug. When the
			'stale-answer-enable' options was enabled and the
			'stale-answer-client-timeout' option was enabled and
			larger than 0, named was taking two places from the
			'clients-per-query' limit for each client and was
			failing to gradually auto-tune its value, as configured.
			[GL #4074]

6185.	[func]		Add "ClientQuota" statistics channel counter, which
			indicates the number of the resolver's spilled queries
			due to reaching the clients per query quota. [GL !7978]

6183.	[bug]		Fix a serve-stale bug where a delegation from cache
			could be returned to the client. [GL #3950]

6182.	[cleanup]	Remove configure checks for epoll, kqueue and
			/dev/poll. [GL #4098]

6181.	[func]		The "tkey-dhkey" option has been deprecated; a
			warning will be logged when it is used. In a future
			release, Diffie-Hellman TKEY mode will be removed.
			[GL #3905]

6180.	[bug]		The session key object could be incorrectly added
			to multiple different views' keyrings. [GL #4079]

6179.	[bug]		Fix an interfacemgr use-after-free error in
			zoneconf.c:isself(). [GL #3765]

6176.	[test]		Add support for using pytest & pytest-xdist to
			execute the system test suite. [GL #3978]

6174.	[bug]		BIND could get stuck on reconfiguration when a
			'listen' statement for HTTP is removed from the
			configuration. That has been fixed. [GL #4071]

6173.	[bug]		Properly process extra "nameserver" lines in
			resolv.conf otherwise the next line is not properly
			processed. [GL #4066]

6169.	[bug]		named could crash when deleting inline-signing zones
			with "rndc delzone". [GL #4054]

6165.	[bug]		Fix a logic error in dighost.c which could call the
			dighost_shutdown() callback twice and cause problems
			if the callback function was not idempotent. [GL #4039]

Log message:
net/bind918: update to 9.18.15

	--- 9.18.15 released ---

6164.	[bug]		Set the rndc idle read timeout back to 60 seconds,
			from the netmgr default of 30 seconds, in order to
			match the behavior of 9.16 and earlier. [GL #4046]

6161.	[bug]		Fix log file rotation when using absolute path as
			file. [GL #3991]

6157.	[bug]		When removing delegations in an OPTOUT range
			empty-non-terminal NSEC3 records generated by
			those delegations were not removed. [GL #4027]

6156.	[bug]		Reimplement the maximum and idle timeouts for incoming
			zone tranfers. [GL #4004]

6155.	[bug]		Treat ISC_R_INVALIDPROTO as a networking error
			in the dispatch code to avoid retrying with the
			same server. [GL #4005]

6152.	[bug]		In dispatch, honour the configured source-port
			selection when UDP connection fails with address
			in use error.

			Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
			[GL #3986]

6149.	[test]		As a workaround, include an OpenSSL header file before
			including cmocka.h in the unit tests, because OpenSSL
			3.1.0 uses __attribute__(malloc), conflicting with a
			redefined malloc in cmocka.h. [GL #4000]

Log message:
net/bind918: update to 9.18.14

pkgsrc change: reduce some pkglint warnings.

--- 9.18.14 released ---

6145.	[bug]		Fix a possible use-after-free bug in the
			dns__catz_done_cb() function. [GL #3997]

6143.	[bug]		A reference counting problem on the error path in
			the xfrin_connect_done() might cause an assertion
			failure on shutdown.  [GL #3989]

6142.	[bug]		Reduce the number of dns_dnssec_verify calls made
			determining if revoked keys needs to be removed from
			the trust anchors. [GL #3981]

6141.	[bug]		Fix several issues in nsupdate timeout handling and
			update the -t option's documentation. [GL #3674]

6138.	[doc]		Fix the DF-flag documentation on the outgoing
			UDP packets. [GL #3710]

6136.	[cleanup]	Remove the isc_fsaccess API in favor of creating
			temporary file first and atomically replace the key
			with non-truncated content. [GL #3982]

6132.	[doc]		Remove a dead link in the DNSSEC guide. [GL #3967]

6129.	[cleanup]	Value stored to 'source' during its initialization is
			never read. [GL #3965]

6128.	[bug]		Fix an omission in an earlier commit to avoid a race
			between the 'dns__catz_update_cb()' and
			'dns_catz_dbupdate_callback()' functions. [GL #3968]

6126.	[cleanup]	Deprecate zone type "delegation-only" and the
			"delegation-only" and "root-delegation-only"
			options. [GL #3953]

6125.	[bug]		Hold a catz reference while the update process is
			running, so that the catalog zone is not destroyed
			during shutdown until the update process is finished or
			properly canceled by the activated 'shuttingdown' flag.
			[GL #3955]

6124.	[bug]		When changing from a NSEC3 capable DNSSEC algorithm to
			an NSEC3 incapable DNSSEC algorithm using KASP the zone
			could sometimes be incompletely signed. [GL #3937]

6121.	[bug]		Fix BIND and dig zone transfer hanging when
			downloading large zones over TLS from a primary server,
			especially over unstable connections. [GL #3867]