[OE-core] [zeus][PATCH 08/11] bind: Security Advisory - bind - CVE-2020-8624

Wed, 09 Sep 2020 01:12:12 -0700 

From: Li Zhou <li.z...@windriver.com>

Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624.

Signed-off-by: Li Zhou <li.z...@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mit...@intel.com>
---
 .../bind/bind/CVE-2020-8624.patch             | 33 +++++++++++++++++++
 .../recipes-connectivity/bind/bind_9.11.19.bb |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch 
b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch
new file mode 100644
index 0000000000..9cffe358bf
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch
@@ -0,0 +1,33 @@
+From a73c3d30de7fe98af9e4dc0e490f732a48412380 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <ma...@isc.org>
+Date: Wed, 29 Jul 2020 23:36:03 +1000
+Subject: [PATCH] bind: Update-policy 'subdomain' was incorrectly treated as
+ 'zonesub'
+
+resulting in names outside the specified subdomain having the wrong
+restrictions for the given key.
+
+Upstream-Status: Backport
+CVE: CVE-2020-8624
+Signed-off-by: Li Zhou <li.z...@windriver.com>
+---
+ bin/named/zoneconf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
+index e237bdb..4898447 100644
+--- a/bin/named/zoneconf.c
++++ b/bin/named/zoneconf.c
+@@ -237,7 +237,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, 
dns_zone_t *zone,
+ 
+               str = cfg_obj_asstring(matchtype);
+               CHECK(dns_ssu_mtypefromstring(str, &mtype));
+-              if (mtype == dns_ssumatchtype_subdomain) {
++              if (mtype == dns_ssumatchtype_subdomain &&
++                  strcasecmp(str, "zonesub") == 0) {
+                       usezone = true;
+               }
+ 
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.11.19.bb 
b/meta/recipes-connectivity/bind/bind_9.11.19.bb
index aed1a73317..d4467b0b48 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.19.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.19.bb
@@ -20,6 +20,7 @@ SRC_URI = 
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            file://CVE-2020-8622.patch \
            file://CVE-2020-8623.patch \
+           file://CVE-2020-8624.patch \
            "
 
 SRC_URI[sha256sum] = 
"0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329"
-- 
2.26.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#142292): 
https://lists.openembedded.org/g/openembedded-core/message/142292
Mute This Topic: https://lists.openembedded.org/mt/76728090/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to