Log message:
net/bind918: update to 9.18.47

This is security release and from release announce:

Our March 2026 maintenance releases of BIND 9 are available and can be \ 
downloaded from the links below.  Packages and container images provided by ISC \ 
will be updated later today.

In addition to bug fixes and feature improvements, these releases also contain \ 
fixes for security vulnerabilities.  More information can be found in the \ 
following Security Advisories:

    https://kb.isc.org/docs/cve-2026-1519
    https://kb.isc.org/docs/cve-2026-3104
    https://kb.isc.org/docs/cve-2026-3119
    https://kb.isc.org/docs/cve-2026-3591

A link to each newly-released version follows.  Each release directory includes \ 
a complete source tarball, cryptographic signature, and release notes.  The \ 
release notes provide a summary of significant changes, and should be reviewed \ 
before upgrading.

  - Current supported stable branches:

    - 9.18.47  - https://downloads.isc.org/isc/bind9/9.18.47/
    - 9.20.21  - https://downloads.isc.org/isc/bind9/9.20.21/

  - Experimental development branch:

    - 9.21.20  - https://downloads.isc.org/isc/bind9/9.21.20/

Log message:
net/bind918: update to 9.18.46

9.18.46 (2026-02-27)

Bug Fixes

* A stale answer could have been served in case of multiple upstream
  failures when following CNAME chains. This has been fixed. [GL #5751]

Log message:
net/bind918: update to 9.18.45

BIND 9.18.45 (2026-02-18)

Feature Changes

* Update requirements for system test suite.
* Python 3.10 or newer is now required for running the system test suite.
  The required Python packages and their version requirements are now
  tracked in the file bin/tests/system/requirements.txt.
  [GL #5690] [GL #5614]

Bug Fixes

* Fix implementation of BRID and HHIT record types. [GL #5710]
* Fix implementation of DSYNC record type. [GL #5711]

Log message:
net/bind918: update to 9.18.44

This release contains security fix, <https://kb.isc.org/docs/cve-2025-13878>.
9.18.44 (2026-01-21)

Security Fixes

* Fix incorrect length checks for BRID and HHIT records. (CVE-2025-13878)

* Malformed BRID and HHIT records could trigger an assertion failure. This
  has been fixed.

* ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing
  this vulnerability to our attention.  [GL #5616]

Bug Fixes

* Allow glue in delegations with QTYPE=ANY.

* When a query for type ANY triggered a delegation response, all additional
  data was omitted from the response, including mandatory glue.  This has
  been fixed. [GL #5659]

Reconfiguring an NSEC3 opt-out zone to NSEC caused the zone to be invalid.

* A zone that was signed with NSEC3, had opt-out enabled, and was then
  reconfigured to use NSEC, was published with missing NSEC records.  This
  has been fixed.  [GL #5679]

Log message:
*: recursive bump for abseil-20260107.0 shlib version bump

Log message:
bind918: use SED instead of HEAD, since SED is defined earlier

Log message:
*: recursive bump for icu 78.1

Log message:
net/bind918: update to version 9.18.43.

Pkgsrc changes:
 * Bump version & re-compute checksums.
 * Adapt one of the patches.

Upstream changes:

Notes for BIND 9.18.43
----------------------

Bug Fixes
~~~~~~~~~

- Adding NSEC3 opt-out records could leave invalid records in chain.

  When creating an NSEC3 opt-out chain, a node in the chain could be
  removed too soon. The previous NSEC3 would therefore not be found,
  resulting in invalid NSEC3 records being left in the zone. This has
  been fixed. :gl:`#5671`

- ``AMTRELAY`` type 0 presentation format handling was wrong.

  :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field
  when the gateway type is 0 (no gateway). This was not being checked
  for, nor was it emitted when displaying the record. This has been corrected.

  Instances of this record will need the placeholder period added to
  them when upgrading. :gl:`#5639`

OKed by maya@ and wiz@.