Pullup ticket #5273 - requested by taca
net/bind99: security fix

Revisions pulled up:
- net/bind99/Makefile                                          1.66
- net/bind99/distinfo                                          1.44

---
  Module Name: pkgsrc
  Committed By: taca
  Date: Thu Apr 13 01:53:35 UTC 2017

  Modified Files:
  pkgsrc/net/bind99: Makefile distinfo

  Log Message:
  Update bind99 to 9.9.9pl8 (BIND 9.9.9-P8).

  Quote from release announce:

      BIND 9.9.9-P8 addresses the security issues described in CVE-2017-3136,
      CVE-2017-3137, and CVE-2017-3138, and updates the built-in trusted keys
      for the root zone.

  Quote from CHANGELOG:

  --- 9.9.9-P8 released ---

  4582. [security] 'rndc ""' could trigger a assertion failure in named.
  (CVE-2017-3138) [RT #44924]

  4580. [bug] 4578 introduced a regression when handling CNAME to
  referral below the current domain. [RT #44850]

  --- 9.9.9-P7 released ---

  4578. [security] Some chaining (CNAME or DNAME) responses to upstream
  queries could trigger assertion failures.
  (CVE-2017-3137) [RT #44734]

  4575. [security] DNS64 with "break-dnssec yes;" can result in an
  assertion failure. (CVE-2017-3136) [RT #44653]

  4564. [maint] Update the built in managed keys to include the
  upcoming root KSK. [RT #44579]

(bsiegert)