bind: Security Advisory - bind - CVE-2020-8624

Backport patch from <https://gitlab.isc.org/isc-projects/bind9/
commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624.

(From OE-Core rev: 660d170b6889b5e644da9fbef22220f63169aeb5)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/bind/bind/CVE-2020-8624.patch

@@ -0,0 +1,33 @@
+From a73c3d30de7fe98af9e4dc0e490f732a48412380 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Wed, 29 Jul 2020 23:36:03 +1000
+Subject: [PATCH] bind: Update-policy 'subdomain' was incorrectly treated as
+ 'zonesub'
+
+resulting in names outside the specified subdomain having the wrong
+restrictions for the given key.
+
+Upstream-Status: Backport
+CVE: CVE-2020-8624
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
+---
+ bin/named/zoneconf.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
+index e237bdb..4898447 100644
+--- a/bin/named/zoneconf.c
++++ b/bin/named/zoneconf.c
+@@ -237,7 +237,8 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
+ 
+ 		str = cfg_obj_asstring(matchtype);
+ 		CHECK(dns_ssu_mtypefromstring(str, &mtype));
+-		if (mtype == dns_ssumatchtype_subdomain) {
++		if (mtype == dns_ssumatchtype_subdomain &&
++		    strcasecmp(str, "zonesub") == 0) {
+ 			usezone = true;
+ 		}
+ 
+-- 
+1.9.1
+

meta/recipes-connectivity/bind/bind_9.11.19.bb

@@ -20,6 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://0001-avoid-start-failure-with-bind-user.patch \
            file://CVE-2020-8622.patch \
            file://CVE-2020-8623.patch \
+           file://CVE-2020-8624.patch \
            "
 
 SRC_URI[sha256sum] = "0dee554a4caa368948b32da9a0c97b516c19103bc13ff5b3762c5d8552f52329"