From ff125b73a4580a2b29ca97578555d2be5b2d5bae Mon Sep 17 00:00:00 2001
From: Noah Meyerhans <frodo@morgul.net>
Date: Sat, 28 Mar 2026 11:31:50 -0400
Subject: [PATCH] bind: bump to 9.20.21

Fixes several security issues:

- CVE-2026-1519 Fix unbounded NSEC3 iterations when validating
  referrals to unsigned delegations.
- CVE-2026-3104 Fix memory leaks in code preparing DNSSEC proofs of
  non-existence.
- CVE-2026-3119 Prevent a crash in code processing queries containing
  a TKEY record.
- CVE-2026-3591 Fix a stack use-after-return flaw in SIG(0) handling
  code.

Signed-off-by: Noah Meyerhans <frodo@morgul.net>
(cherry picked from commit 4b7923e9c9fdea19851dbcd3c3fb265c50fccd8a)
---
 net/bind/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/bind/Makefile b/net/bind/Makefile
index fa709878d1..497b0aa449 100644
--- a/net/bind/Makefile
+++ b/net/bind/Makefile
@@ -9,8 +9,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bind
-PKG_VERSION:=9.20.18
-PKG_RELEASE:=2
+PKG_VERSION:=9.20.21
+PKG_RELEASE:=1
 USERID:=bind=57:bind=57
 
 PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>
@@ -22,7 +22,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:= \
 	https://www.mirrorservice.org/sites/ftp.isc.org/isc/bind9/$(PKG_VERSION) \
 	https://ftp.isc.org/isc/bind9/$(PKG_VERSION)
-PKG_HASH:=dfc546c990ac4515529cd45c4dd995862b18ae8a2d0cb29208e8896a5d325331
+PKG_HASH:=15e1b5a227d2890f7c4e823a6ea018de70ee2f3a0e859cbff3d82aad8590de03
 
 PKG_INSTALL:=1
 PKG_BUILD_FLAGS:=no-mips16