bind920: update to BIND version 9.20.16.

[Havard Eidnes (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Havard Eidnes <he%NetBSD.org@localhost>
Pushed By:	he
Date:		Thu Nov 20 11:07:19 2025 +0100
Changeset:	ed465070d378ab391f3f12aeb4e3379b9ce863f7

Modified Files:
	bind920/Makefile
	bind920/distinfo
Removed Files:
	bind920/patches/patch-lib_isc_include_isc_random.h

Log Message:
bind920: update to BIND version 9.20.16.

Pkgsrc changes:
 * Remove patch for problem now solved upstream.
 * Version bump, checksums.

Upstream changes:

BIND 9.20.16
------------

Feature Changes
~~~~~~~~~~~~~~~

- Fix assertion failure from arc4random_uniform with invalid limit.
  ``1040282de7e``

  When the arc4random_uniform() is called on NetBSD with upper_bound
  that makes no sense statistically (0 or 1), the call crashes the
  calling program.  Fix this by returning 0 when upper bound is < 2 as
  does Linux, FreeBSD and OpenBSD.  (Hint: System CSPRNG should never
  crash.) :gl:`#5596` :gl:`!11151`

Bug Fixes
~~~~~~~~~

- Fix dnssec-keygen key collision checking for KEY rrtype keys.
  ``ac8b23b80bf``

  The :iscman:`dnssec-keygen` utility program failed to detect possible
  Key ID collisions with the existing keys generated using the
  non-default ``-T KEY`` option (e.g. for ``SIG(0)``). This has been
  fixed. :gl:`#5506` :gl:`!11128`

- Fix shutdown INSIST in dns_dispatchmgr_getblackhole. ``f0aaaef166c``

  Previously, `named` could trigger an assertion in
  `dns_dispatchmgr_getblackhole` while shutting down. This has been
  fixed. :gl:`#5525` :gl:`!11162`

- Dnssec-verify now uses exit code 1 when failing due to illegal
  options. ``6ead0aa4a2b``

  Previously, dnssec-verify exited with code 0 if the options could not
  be parsed. This has been fixed. :gl:`#5574` :gl:`!11129`

- Prevent assertion failures of dig when server is specified before the
  -b option. ``deada63e2b2``

  Previously, :iscman:`dig` could exit with an assertion failure when
  the server was specified before the :option:`dig -b` option. This has
  been fixed. :gl:`#5609` :gl:`!11204`

- Skip unsupported algorithms when looking for signing key.
  ``c346fe88a1b``

  A mix of supported and unsupported DNSSEC algorithms in the same zone
  could have caused validation failures. Ignore the DNSSEC keys with
  unsupported algorithm when looking for the signing keys. :gl:`#5622`
  :gl:`!11210`

- Fix configuration bugs involving global defaults. ``a85d6fb581c``

  The configuration code for the `max-cache-size`, `dnssec-validation`,
  and `response-padding` options were unnecessarily complicated, and in
  the case of `max-cache-size`, buggy. These have been fixed. The
  `optionmaps` variable in `configure_view()` is no longer needed and
  has been removed. :gl:`!11172`

- Skip buffer allocations if not logging. ``4f601175bd0``

  Currently, during IXFR we allocate a 2KB buffer for IXFR change
  logging regardless of the log level. This commit introduces an early
  check on the log level in dns_diff_print to avoid this.

  Results in a speedup from 28% in the test case from issue #5442.
  :gl:`!11192`

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=ed465070d378ab391f3f12aeb4e3379b9ce863f7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 bind920/Makefile                                   |  3 +--
 bind920/distinfo                                   |  7 +++----
 bind920/patches/patch-lib_isc_include_isc_random.h | 17 -----------------
 3 files changed, 4 insertions(+), 23 deletions(-)

diffs:
diff --git a/bind920/Makefile b/bind920/Makefile
index b7df416793..d0dff6d6b3 100644
--- a/bind920/Makefile
+++ b/bind920/Makefile
@@ -2,7 +2,6 @@
 
 DISTNAME=	bind-${BIND_VERSION}
 PKGNAME=	${DISTNAME:S/-P/pl/}
-PKGREVISION=	2
 CATEGORIES=	net
 MASTER_SITES=	https://downloads.isc.org/isc/bind9/${BIND_VERSION}/
 EXTRACT_SUFX=	.tar.xz
@@ -16,7 +15,7 @@ CONFLICTS+=	host-[0-9]*
 
 MAKE_JOBS_SAFE=	no
 
-BIND_VERSION=	9.20.15
+BIND_VERSION=	9.20.16
 
 BUILD_DEFS+=	BIND_DIR VARBASE
 
diff --git a/bind920/distinfo b/bind920/distinfo
index fa537ca716..744dfe589e 100644
--- a/bind920/distinfo
+++ b/bind920/distinfo
@@ -1,7 +1,6 @@
 $NetBSD: distinfo,v 1.20 2024/07/23 13:50:32 taca Exp $
 
-BLAKE2s (bind-9.20.15.tar.xz) = a9f184b388370068ddb2317417750e5261af5ff0c311ad528c0e9648cd308447
-SHA512 (bind-9.20.15.tar.xz) = 087d7114279274898fdc846d50216167e0895d83c3fa01372cd5f1b9a106a1ed1b4ca588d86543da8c299577f4a6762713680b8e114514badb43b03d2a0fac82
-Size (bind-9.20.15.tar.xz) = 5765964 bytes
+BLAKE2s (bind-9.20.16.tar.xz) = 598116bf88221555f937d3b2c6c0e03d934ddd61cc034abc778792565ecdce8d
+SHA512 (bind-9.20.16.tar.xz) = 0cd9d531830ae8fd9df13849f333bc156063836f6ffd3ce757244a3cb58c6608cafb0ba43c22fa2846fdaa42d2dccff4fa84ae92ec69430071769168d57e9e9c
+Size (bind-9.20.16.tar.xz) = 5768340 bytes
 SHA1 (patch-configure.ac) = d3b9bb82c8e164135b93a76d5c53ad40521226e2
-SHA1 (patch-lib_isc_include_isc_random.h) = fed7dc480cfbbf2ba11bdd0a16a5433b8a7c30b5
diff --git a/bind920/patches/patch-lib_isc_include_isc_random.h b/bind920/patches/patch-lib_isc_include_isc_random.h
deleted file mode 100644
index dc0100e3e9..0000000000
--- a/bind920/patches/patch-lib_isc_include_isc_random.h
+++ /dev/null
@@ -1,17 +0,0 @@
-$NetBSD$
-
-Avoid calling arc4random_uniform() with a too small argument,
-to avoid the mis-handled 0 argument on NetBSD (SIGFPE core dump,
-due to "mod 0" being attempted).
-
---- lib/isc/include/isc/random.h.orig	2025-10-23 19:53:03.005527744 +0000
-+++ lib/isc/include/isc/random.h
-@@ -30,7 +30,7 @@ ISC_LANG_BEGINDECLS
- #if HAVE_ARC4RANDOM && !defined(__linux__)
- #define isc_random32()			arc4random()
- #define isc_random_buf(buf, buflen)	arc4random_buf(buf, buflen)
--#define isc_random_uniform(upper_bound) arc4random_uniform(upper_bound)
-+#define isc_random_uniform(upper_bound) ((upper_bound) < 2 ? arc4random() & (upper_bound) : arc4random_uniform(upper_bound))
- #else /* HAVE_ARC4RANDOM && !defined(__linux__) */
- uint32_t
- isc_random32(void);