bind: fix CVE-2019-6471 and CVE-2018-5743

Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind.
CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the
other 6 patches are for CVE-2018-5743. And backport one more patch to
fix compile error on arm caused by these 6 commits.

(From OE-Core rev: 3c39d4158677b97253df63f23b74c3a9dd5539f6)

(From OE-Core rev: 230a96ddecf940a7caee9e9268b21aa5f65a7f14)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 64 insertions, 0 deletions

diff --git a/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch b/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
new file mode 100644
index 0000000000..2fed99e1bb
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/0001-bind-fix-CVE-2019-6471.patch
@@ -0,0 +1,64 @@
+Backport patch to fix CVE-2019-6471.
+
+Ref:
+https://security-tracker.debian.org/tracker/CVE-2019-6471
+
+CVE: CVE-2019-6471
+Upstream-Status: Backport [https://gitlab.isc.org/isc-projects/bind9/commit/3a9c7bb]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 3a9c7bb80d4a609b86427406d9dd783199920b5b Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Tue, 19 Mar 2019 14:14:21 +1100
+Subject: [PATCH] move item_out test inside lock in dns_dispatch_getnext()
+
+(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
+---
+ lib/dns/dispatch.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/lib/dns/dispatch.c b/lib/dns/dispatch.c
+index 408beda367..3278db4a07 100644
+--- a/lib/dns/dispatch.c
++++ b/lib/dns/dispatch.c
+@@ -134,7 +134,7 @@ struct dns_dispentry {
+        isc_task_t                     *task;
+        isc_taskaction_t                action;
+        void                           *arg;
+-       bool                    item_out;
++       bool                            item_out;
+        dispsocket_t                    *dispsocket;
+        ISC_LIST(dns_dispatchevent_t)   items;
+        ISC_LINK(dns_dispentry_t)       link;
+@@ -3422,13 +3422,14 @@ dns_dispatch_getnext(dns_dispentry_t *resp, dns_dispatchevent_t **sockevent) {
+        disp = resp->disp;
+        REQUIRE(VALID_DISPATCH(disp));
+ 
+-       REQUIRE(resp->item_out == true);
+-       resp->item_out = false;
+-
+        ev = *sockevent;
+        *sockevent = NULL;
+ 
+        LOCK(&disp->lock);
++
++       REQUIRE(resp->item_out == true);
++       resp->item_out = false;
++
+        if (ev->buffer.base != NULL)
+                free_buffer(disp, ev->buffer.base, ev->buffer.length);
+        free_devent(disp, ev);
+@@ -3573,6 +3574,9 @@ dns_dispatch_removeresponse(dns_dispentry_t **resp,
+                isc_task_send(disp->task[0], &disp->ctlevent);
+ }
+ 
++/*
++ * disp must be locked.
++ */
+ static void
+ do_cancel(dns_dispatch_t *disp) {
+        dns_dispatchevent_t *ev;
+-- 
+2.20.1
+