---
- branch: MAIN
  date: Thu Aug 19 03:33:49 UTC 2021
  files:
  - new: '1.24'
    old: '1.23'
    path: pkgsrc/net/bind916/Makefile
    pathrev: pkgsrc/net/bind916/Makefile@1.24
    type: modified
  - new: '1.20'
    old: '1.19'
    path: pkgsrc/net/bind916/distinfo
    pathrev: pkgsrc/net/bind916/distinfo@1.20
    type: modified
  id: 20210819T033349Z.08b7769b16dff62140db6ecc273e2937e4bfd07b
  log: "net/bind916: update to 9.16.20\n\nThis update contains security fix: CVE-2021-25218.\n\n\t---
    9.16.20 released ---\n\n5689.\t[security]\tAn assertion failure occurred when
    named attempted to\n\t\t\tsend a UDP packet that exceeded the MTU size, if\n\t\t\tResponse
    Rate Limiting (RRL) was enabled.\n\t\t\t(CVE-2021-25218) [GL #2856]\n\n5688.\t[bug]\t\tZones
    using KASP and inline-signed zones failed to apply\n\t\t\tchanges from the unsigned
    zone to the signed zone under\n\t\t\tcertain circumstances. This has been fixed.
    [GL #2735]\n\n5687.\t[bug]\t\t\"rndc reload <zonename>\" could trigger a redundant\n\t\t\treload
    for an inline-signed zone whose zone file was not\n\t\t\tmodified since the last
    \"rndc reload\". This has been\n\t\t\tfixed. [GL #2855]\n\n5686.\t[func]\t\tThe
    number of internal data structures allocated for\n\t\t\teach zone was reduced.
    [GL #2829]\n\n5685.\t[bug]\t\tnamed failed to check the opcode of responses when\n\t\t\tperforming
    zone refreshes, stub zone updates, and UPDATE\n\t\t\tforwarding. This has been
    fixed. [GL #2762]\n\n5682.\t[bug]\t\tSome changes to \"zone-statistics\" settings
    were not\n\t\t\tproperly processed by \"rndc reconfig\". This has been\n\t\t\tfixed.
    [GL #2820]\n\n5681.\t[func]\t\tRelax the checks in the dns_zone_cdscheck() function
    to\n\t\t\tallow CDS and CDNSKEY records in the zone that do not\n\t\t\tmatch an
    existing DNSKEY record, as long as the\n\t\t\talgorithm matches. This allows a
    clean rollover from one\n\t\t\tprovider to another in a multi-signer DNSSEC\n\t\t\tconfiguration.
    [GL #2710]\n\n5679.\t[func]\t\tThread affinity is no longer set. [GL #2822]\n\n5678.\t[bug]\t\tThe
    \"check DS\" code failed to release all resources upon\n\t\t\tnamed shutdown when
    a refresh was in progress. This has\n\t\t\tbeen fixed. [GL #2811]\n\n5672.\t[bug]\t\tAuthentication
    of rndc messages could fail if a\n\t\t\t\"controls\" statement was configured
    with multiple key\n\t\t\talgorithms for the same listener. This has been fixed.\n\t\t\t[GL
    #2756]\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/bind916'
  unixtime: '1629344029'
  user: taca