From cf61f7f8ef17bbf518b2ccc7536bb0f3c8828f52 Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <frodo@morgul.net>
Date: Sun, 23 Aug 2020 19:33:32 -0700
Subject: [PATCH] bind: New upstream version 9.16.6

Several security issures are addressed:

 - CVE-2020-8620 It was possible to trigger an assertion failure by sending
   a specially crafted large TCP DNS message.
 - CVE-2020-8621 named could crash after failing an assertion check in
   certain query resolution scenarios where QNAME minimization and
   forwarding were both enabled. To prevent such crashes, QNAME minimization is
   now always disabled for a given query resolution process, if forwarders are
   used at any point.
 - CVE-2020-8622 It was possible to trigger an assertion failure when
   verifying the response to a TSIG-signed request.
 - CVE-2020-8623 When BIND 9 was compiled with native PKCS#11 support, it
   was possible to trigger an assertion failure in code determining the
   number of bits in the PKCS#11 RSA public key with a specially crafted
   packet.
 - CVE-2020-8624 update-policy rules of type subdomain were incorrectly
   treated as zonesub rules, which allowed keys used in subdomain rules to
   update names outside of the specified subdomains. The problem was fixed by
   making sure subdomain rules are again processed as described in the ARM.

Full release notes are available at
https://ftp.isc.org/isc/bind9/9.16.6/doc/arm/html/notes.html#notes-for-bind-9-16-6

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
---
 net/bind/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 1cf1d3758..46354e8e7 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.16.4
-PKG_RELEASE:=2
+PKG_VERSION:=9.16.6
+PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
 PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=7522088d3daac8bcabaae37998178e09139ef5ccae6631cb1d8a625b770f370a
+PKG_HASH:=b567b0f3b47dd03b345a4848af7f2acdd3f5cea2bd804edd85d9ef50743571cb
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4