update to isc-bind-9.20.21
Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
Fix the handling of key statements defined inside views.
update to isc-bind-9.20.21
Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519)
Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104)
Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119)
Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591)
Fix the handling of key statements defined inside views.
update to 1.28.3; from Mark Patruck
- buffer overflow vulnerability in the ngx_http_dav_module
(CVE-2026-27654)
- buffer overflow vulnerabilities in the ngx_http_mp4_module
(CVE-2026-27784, CVE-2026-32647)
- mail session authentication vulnerabilities
(CVE-2026-27651, CVE-2026-28753)
- OCSP result bypass vulnerability in stream
(CVE-2026-28755)
Use \- for hyphens in tmux.1 to cause newer groff versions to render
them correctly (ASCII hyphen rather than Unicode) which aids copy and
paste. From Keith Thompson in GitHub issue 4948.
MFC: build ruby 3.x with USE_NOBTCFI on aarch64 due to crashes at runtime
when using FFI on machines which enforce BTI. (4.0 seems ok).
ok tb jca kn
(I left this as just 3.3/3.4 since we didn't provide a ruby32-ffi
package)