diff options
author | Li Zhou <li.zhou@windriver.com> | 2020-09-02 16:19:31 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-09-10 13:21:41 +0100 |
commit | a17aa2f36041dcf2501c6a0b145207c82a382a0c (patch) | |
tree | 6e17186e5a16700fb43db473b49d7fd6242f81f6 /meta/recipes-connectivity | |
parent | 5cf27f353b4530808301607b184cefa29e7ca84d (diff) | |
download | poky-a17aa2f36041dcf2501c6a0b145207c82a382a0c.tar.gz |
bind: Security Advisory - bind - CVE-2020-8624
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624.
(From OE-Core rev: 660d170b6889b5e644da9fbef22220f63169aeb5)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch | 33 | ||||
-rw-r--r-- | meta/recipes-connectivity/bind/bind_9.11.19.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch new file mode 100644 index 0000000000..9cffe358bf --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | From a73c3d30de7fe98af9e4dc0e490f732a48412380 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Andrews <marka@isc.org> | ||
3 | Date: Wed, 29 Jul 2020 23:36:03 +1000 | ||
4 | Subject: [PATCH] bind: Update-policy 'subdomain' was incorrectly treated as | ||
5 | 'zonesub' | ||
6 | |||
7 | resulting in names outside the specified subdomain having the wrong | ||
8 | restrictions for the given key. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | CVE: CVE-2020-8624 | ||
12 | Signed-off-by: Li Zhou <li.zhou@windriver.com> | ||
13 | --- | ||
14 | bin/named/zoneconf.c | 3 ++- | ||
15 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c | ||
18 | index e237bdb..4898447 100644 | ||
19 | --- a/bin/named/zoneconf.c | ||
20 | +++ b/bin/named/zoneconf.c | ||
21 | @@ -237,7 +237,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, | ||
22 | |||
23 | str = cfg_obj_asstring(matchtype); | ||
24 | CHECK(dns_ssu_mtypefromstring(str, &mtype)); | ||
25 | - if (mtype == dns_ssumatchtype_subdomain) { | ||
26 | + if (mtype == dns_ssumatchtype_subdomain && | ||
27 | + strcasecmp(str, "zonesub") == 0) { | ||
28 | usezone = true; | ||
29 | } | ||
30 | |||
31 | -- | ||
32 | 1.9.1 | ||
33 | |||
diff --git a/meta/recipes-connectivity/bind/bind_9.11.19.bb b/meta/recipes-connectivity/bind/bind_9.11.19.bb index aed1a73317..d4467b0b48 100644 --- a/meta/recipes-connectivity/bind/bind_9.11.19.bb +++ b/meta/recipes-connectivity/bind/bind_9.11.19.bb | |||
@@ -20,6 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \ | |||
20 | file://0001-avoid-start-failure-with-bind-user.patch \ | 20 | file://0001-avoid-start-failure-with-bind-user.patch \ |
21 | file://CVE-2020-8622.patch \ | 21 | file://CVE-2020-8622.patch \ |
22 | file://CVE-2020-8623.patch \ | 22 | file://CVE-2020-8623.patch \ |
23 | file://CVE-2020-8624.patch \ | ||
23 | " | 24 | " |
24 | 25 | ||
25 | SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329" | 26 | SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329" |