net/bind916: update to 9.16.37

--- 9.16.37 released ---

6067. [security] Fix serve-stale crash when recursive clients soft quota
is reached. (CVE-2022-3924) [GL #3619]

6066. [security] Handle RRSIG lookups when serve-stale is active.
(CVE-2022-3736) [GL #3622]

6064. [security] An UPDATE message flood could cause named to exhaust all
available memory. This flaw was addressed by adding a
new "update-quota" statement that controls the number of
simultaneous UPDATE messages that can be processed or
forwarded. The default is 100. A stats counter has been
added to record events when the update quota is
exceeded, and the XML and JSON statistics version
numbers have been updated. (CVE-2022-3094) [GL #3523]

6062. [func] The DSCP implementation, which has only been
partly operational since 9.16.0, is now marked as
deprecated. Configuring DSCP values in named.conf
will cause a warning will be logged. [GL #3773]

6060. [bug] Fix a use-after-free bug in dns_zonemgr_releasezone()
by detaching from the zone manager outside of the write
lock. [GL #3768]

6059. [bug] In some serve stale scenarios, like when following an
expired CNAME record, named could return SERVFAIL if the
previous request wasn't successful. Consider non-stale
data when in serve-stale mode. [GL #3678]

6058. [bug] Prevent named from crashing when "rndc delzone"
attempts to delete a zone added by a catalog zone.
[GL #3745]

6050. [bug] Changes to the RPZ response-policy min-update-interval
and add-soa options now take effect as expected when
named is reconfigured. [GL #3740]

6048. [bug] Fix a log message error in dns_catz_update_from_db(),
where serials with values of 2^31 or larger were logged
incorrectly as negative numbers. [GL #3742]

6045. [cleanup] The list of supported DNSSEC algorithms changed log
level from "warning" to "notice" to match named's other
startup messages. [GL !7217]

6044. [bug] There was an "RSASHA236" typo in a log message.
[GL !7206]

(taca)