Subject: CVS commit: pkgsrc/net/bind918
From: Takahiro Kambe
Date: 2024-02-13 14:50:39
Message id: 20240213135039.E31D0F9E9@cvs.NetBSD.org
Log Message:
net/bind918: update to 9.18.24

9.18.24 (2024-02-13)

	--- 9.18.24 released ---

6343.	[bug]		Fix case insensitive setting for isc_ht hashtable.
			[GL #4568]

	--- 9.18.23 released ---

6322.	[security]	Specific DNS answers could cause a denial-of-service
			condition due to DNS validation taking a long time.
			(CVE-2023-50387) [GL #4424]

6321.	[security]	Change 6315 inadvertently introduced regressions that
			could cause named to crash. [GL #4234]

6320.	[bug]		Under some circumstances, the DoT code in client
			mode could process more than one message at a time when
			that was not expected. That has been fixed. [GL #4487]

	--- 9.18.22 released ---

6319.	[func]		Limit isc_task_send() overhead for RBTDB tree pruning.
			[GL #4383]

6317.	[security]	Restore DNS64 state when handling a serve-stale timeout.
			(CVE-2023-5679) [GL #4334]

6316.	[security]	Specific queries could trigger an assertion check with
			nxdomain-redirect enabled. (CVE-2023-5517) [GL #4281]

6315.	[security]	Speed up parsing of DNS messages with many different
			names. (CVE-2023-4408) [GL #4234]

6314.	[bug]		Address race conditions in dns_tsigkey_find().
			[GL #4182]

6312.	[bug]		Conversion from NSEC3 signed to NSEC signed could
			temporarily put the zone into a state where it was
			treated as unsigned until the NSEC chain was built.
			Additionally conversion from one set of NSEC3 parameters
			to another could also temporarily put the zone into a
			state where it was treated as unsigned until the new
			NSEC3 chain was built. [GL #1794] [GL #4495]

6310.	[bug]		Memory leak in zone.c:sign_zone. When named signed a
			zone it could leak dst_keys due to a misplaced
			'continue'. [GL #4488]

6306.	[func]		Log more details about the cause of "not exact" errors.
			[GL #4500]

6304.	[bug]		The wrong time was being used to determine what RRSIGs
			where to be generated when dnssec-policy was in use.
			[GL #4494]

6302.	[func]		The "trust-anchor-telemetry" statement is no longer
			marked as experimental. This silences a relevant log
			message that was emitted even when the feature was
			explicitly disabled. [GL #4497]

6300.	[bug]		Fix statistics export to use full 64 bit signed numbers
			instead of truncating values to unsigned 32 bits.
			[GL #4467]

6299.	[port]		NetBSD has added 'hmac' to libc which collides with our
			use of 'hmac'. [GL #4478]
Files:
RevisionActionfile
1.27modifypkgsrc/net/bind918/Makefile
1.15modifypkgsrc/net/bind918/distinfo
1.2modifypkgsrc/net/bind918/patches/patch-lib_dns_rbtdb.c
1.2modifypkgsrc/net/bind918/patches/patch-lib_isc_netmgr_netmgr.c