From: Noah Meyerhans <frodo@morgul.net>
Date: Wed, 22 Oct 2025 20:29:11 +0000 (-0400)
Subject: bind: bump to 9.20.15
X-Git-Url: http://git.openwrt.org/%22https:/collectd.org//%22http:/www.crowdsec.net/%22/%22https:/collectd.org/%22http:/www.crowdsec.net/%22?a=commitdiff_plain;h=801e26c8c4e7ac05d178d8365b0062d969cfd4ff;p=feed%2Fpackages.git

bind: bump to 9.20.15

Fixes the following security issues:

- CVE-2025-8677: DNSSEC validation fails if matching but invalid
  DNSKEY is found.
- CVE-2025-40778 Address various spoofing attacks.
- CVE-2025-40780 Cache-poisoning due to weak pseudo-random number
  generator.

The complete list of changes from version 9.20.11 is available in the
upstream changelog at
https://ftp.isc.org/isc/bind9/9.20.15/doc/arm/html/changelog.html

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 59465b95b847c2925993b2472d08af6f7571d770)
---

diff --git a/net/bind/Makefile b/net/bind/Makefile
index 148c1d7e1d..e24f7f4252 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.20.11
+PKG_VERSION:=9.20.15
 PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=4da2d532e668bc21e883f6e6d9d3d81794d9ec60b181530385649a56f46ee17a
+PKG_HASH:=d62b38fae48ba83fca6181112d0c71018d8b0f2ce285dc79dc6a0367722ccabb
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=aclocal.m4 libtool.m4