Log Message:
Pullup ticket #6208 - requested by taca
net/bind911: security fix

Revisions pulled up:
- net/bind911/Makefile                                          1.23-1.24
- net/bind911/PLIST                                             1.3
- net/bind911/distinfo                                          1.17-1.18

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Sat Apr 18 06:12:28 UTC 2020

   Modified Files:
   	pkgsrc/net/bind911: Makefile PLIST distinfo

   Log Message:
   net/bind911: update to 9.11.18

   Update bind911 to 9.11.18 (BIND 9.11.18).

   	--- 9.11.18 released ---

   5380.	[contrib]	Fix building MySQL DLZ modules against MySQL 8
   			libraries. [GL #1678]

   5379.	[doc]		Clean up serve-stale related options that leaked into
   			the BIND 9.11 release. [GL !3265]

   5378.	[bug]		Receiving invalid DNS data was triggering an assertion
   			failure in nslookup. [GL #1652]

   5377.	[feature]	Detect atomic operations support on ppc64le. Thanks to
   			Petr Men=A8=EDk. [GL !3295]

   5376.	[bug]		Fix ineffective DNS rebinding protection when BIND is
   			configured as a forwarding DNS server. Thanks to Tobias
   			Klein. [GL #1574]

   5368.	[bug]		Named failed to restart if 'rndc addzone' names
   			contained special characters (e.g. '/'). [GL #1655]

   	--- 9.11.17 released ---

   5358.	[bug]		Inline master zones whose master files were touched
   			but otherwise unchanged and were subsequently reloaded
   			may have stopped re-signing. [GL !3135]

   5357.	[bug]		Newly added RRSIG records with expiry times before
   			the previous earliest expiry times might not be
   			re-signed in time.  The was a side effect of 5315.
   			[GL !3137]

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue May 19 10:21:25 UTC 2020

   Modified Files:
   	pkgsrc/net/bind911: Makefile distinfo

   Log Message:
   net/bind911: update to 9.11.19

   Update bind911 to 9.11.19 (BIND 9.11.19).

   	--- 9.11.19 released ---

   5404.	[bug]		'named-checkconf -z' could incorrectly indicate
   			success if errors were found in one view but not in a
   			subsequent one. [GL #1807]

   5398.	[bug]		Named could fail to restart if a zone with a double
   			quote (") in its name was added with 'rndc addzone'.
   			[GL #1695]

   5395.	[security]	Further limit the number of queries that can be
   			triggered from a request.  Root and TLD servers
   			are no longer exempt from max-recursion-queries.
   			Fetches for missing name server address records
   			are limited to 4 for any domain. (CVE-2020-8616)
   			[GL #1388]

   5394.	[cleanup]	Named formerly attempted to change the effective UID an=
   d
   			GID in named_os_openfile(), which could trigger a
   			spurious log message if they were already set to the
   			desired values. This has been fixed. [GL #1042]
   			[GL #1090]

   5390.	[security]	Replaying a TSIG BADTIME response as a request could
   			trigger an assertion failure. (CVE-2020-8617)
   			[GL #1703]

   5387.	[func]		Warn about AXFR streams with inconsistent message IDs.
   			[GL #1674]