Subject: CVS commit: pkgsrc/net/bind916
From: Havard Eidnes
Date: 2022-09-21 14:58:47
Message id:

Log Message:
Upgrade net/bind916 to version 9.16.33.

OKed by wiz@

Pkgsrc changes:
 * Just checksum updates.

Upstream changes:
        --- 9.16.33 released ---

5962.   [security]      Fix memory leak in EdDSA verify processing.
                        (CVE-2022-38178) [GL #3487]

5961.   [security]      Fix memory leak in ECDSA verify processing.
                        (CVE-2022-38177) [GL #3487]

5960.   [security]      Fix serve-stale crash that could happen when
                        stale-answer-client-timeout was set to 0 and there was
                        a stale CNAME in the cache for an incoming query.
                        (CVE-2022-3080) [GL #3517]

5957.   [security]      Prevent excessive resource use while processing large
                        delegations. (CVE-2022-2795) [GL #3394]

5956.   [func]          Make RRL code treat all QNAMEs that are subject to
                        wildcard processing within a given zone as the same
                        name. [GL #3459]

5955.   [port]          The libxml2 library has deprecated the usage of
                        xmlInitThreads() and xmlCleanupThreads() functions. Use
                        xmlInitParser() and xmlCleanupParser() instead.
                        [GL #3518]

5954.   [func]          Fallback to IDNA2003 processing in dig when IDNA2008
                        conversion fails. [GL #3485]

5953.   [bug]           Fix a crash on shutdown in delete_trace_entry(). Add
                        mctx attach/detach pair to make sure that the memory
                        context used by a memory pool is not destroyed before
                        the memory pool itself. [GL #3515]

5952.   [bug]           Use quotes around address strings in YAML output.
                        [GL #3511]

5951.   [bug]           In some cases, the dnstap query_message field was
                        erroneously set when logging response messages.
                        [GL #3501]

5948.   [bug]           Fix nsec3.c:dns_nsec3_activex() function, add a missing
                        dns_db_detachnode() call. [GL #3500]

5945.   [bug]           If parsing /etc/bind.key failed, delv could assert
                        when trying to parse the built in trust anchors as
                        the parser hadn't been reset. [GL !6468]

5942.   [bug]           Fix tkey.c:buildquery() function's error handling by
                        adding the missing cleanup code. [GL #3492]

5941.   [func]          Zones with dnssec-policy now require dynamic DNS or
                        inline-siging to be configured explicitly. [GL #3381]

5936.   [bug]           Don't enable serve-stale for lookups that error because
                        it is a duplicate query or a query that would be
                        dropped. [GL #2982]