diff --git a/bind-9.11-host-idn-disable.patch b/bind-9.11-host-idn-disable.patch new file mode 100644 index 0000000..434c596 --- /dev/null +++ b/bind-9.11-host-idn-disable.patch @@ -0,0 +1,100 @@ +From 145fac914bf47128307aea702fed7eb74b65cadd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 25 Sep 2018 18:08:46 +0200 +Subject: [PATCH] Disable IDN from environment as documented + +Manual page of host contained instructions to disable IDN processing +when it was built with libidn2. When refactoring IDN support however, +support for disabling IDN in host and nslookup was lost. Use also +environment variable and document it for nslookup, host and dig. + +Support variable CHARSET=ASCII to disable IDN, supported in downstream +RH patch since RHEL 5. +--- + bin/dig/dig.docbook | 4 +++- + bin/dig/dighost.c | 9 +++++++-- + bin/dig/host.docbook | 2 +- + bin/dig/nslookup.docbook | 15 +++++++++++++++ + 4 files changed, 26 insertions(+), 4 deletions(-) + +diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook +index fedd288..d5dba72 100644 +--- a/bin/dig/dig.docbook ++++ b/bin/dig/dig.docbook +@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr + reply from the server. + If you'd like to turn off the IDN support for some reason, use + parameters +noidnin and +- +noidnout. ++ +noidnout or define ++ the IDN_DISABLE environment variable. ++ + + + +diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c +index 7408193..d46379d 100644 +--- a/bin/dig/dighost.c ++++ b/bin/dig/dighost.c +@@ -822,12 +822,17 @@ make_empty_lookup(void) { + looknew->seenbadcookie = ISC_FALSE; + looknew->badcookie = ISC_TRUE; + #ifdef WITH_IDN_SUPPORT +- looknew->idnin = ISC_TRUE; ++ looknew->idnin = (getenv("IDN_DISABLE") == NULL); ++ if (looknew->idnin) { ++ const char *charset = getenv("CHARSET"); ++ if (charset && !strcmp(charset, "ASCII")) ++ looknew->idnin = ISC_FALSE; ++ } + #else + looknew->idnin = ISC_FALSE; + #endif + #ifdef WITH_IDN_OUT_SUPPORT +- looknew->idnout = ISC_TRUE; ++ looknew->idnout = looknew->idnin; + #else + looknew->idnout = ISC_FALSE; + #endif +diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook +index 9c3aeaa..42cbbf9 100644 +--- a/bin/dig/host.docbook ++++ b/bin/dig/host.docbook +@@ -378,7 +378,7 @@ + host appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. +- If you'd like to turn off the IDN support for some reason, defines ++ If you'd like to turn off the IDN support for some reason, define + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + host runs. +diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook +index 3aff4e9..86a09c6 100644 +--- a/bin/dig/nslookup.docbook ++++ b/bin/dig/nslookup.docbook +@@ -478,6 +478,21 @@ nslookup -query=hinfo -timeout=10 + + + ++ IDN SUPPORT ++ ++ ++ If nslookup has been built with IDN (internationalized ++ domain name) support, it can accept and display non-ASCII domain names. ++ nslookup appropriately converts character encoding of ++ domain name before sending a request to DNS server or displaying a ++ reply from the server. ++ If you'd like to turn off the IDN support for some reason, define ++ the IDN_DISABLE environment variable. ++ The IDN support is disabled if the variable is set when ++ nslookup runs. ++ ++ ++ + FILES + + /etc/resolv.conf +-- +2.14.4 + diff --git a/bind-9.11-libidn2-noout.patch b/bind-9.11-libidn2-noout.patch deleted file mode 100644 index 2fa3f03..0000000 --- a/bind-9.11-libidn2-noout.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index c179b62..cdf8826 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -823,11 +823,7 @@ make_empty_lookup(void) { - #else - looknew->idnin = ISC_FALSE; - #endif --#ifdef WITH_IDN_OUT_SUPPORT -- looknew->idnout = ISC_TRUE; --#else - looknew->idnout = ISC_FALSE; --#endif - #ifdef DIG_SIGCHASE - looknew->sigchase = ISC_FALSE; - #if DIG_SIGCHASE_TD diff --git a/bind.spec b/bind.spec index 90d8640..1b3fe43 100644 --- a/bind.spec +++ b/bind.spec @@ -52,7 +52,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.4 -Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 10%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -123,6 +123,7 @@ Patch159:bind-9.11-rt46047.patch # commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c # commit 083461d3329ff6f2410745848a926090586a9846 Patch160:bind-9.11-rh1624100.patch +Patch161:bind-9.11-host-idn-disable.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -131,10 +132,6 @@ Patch12: bind-9.10-sdb.patch # needs inpection Patch17: bind-9.3.2b1-fix_sdb_ldap.patch -# make +noidnout default -Patch74: bind-9.11-libidn2-noout.patch - - Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -447,7 +444,6 @@ are used for building ISC DHCP. %ifnarch alpha ia64 %patch72 -p1 -b .64bit %endif -%patch74 -p1 -b .idn-noout %patch102 -p1 -b .rh452060 %patch106 -p0 -b .rh490837 %patch109 -p1 -b .rh478718 @@ -464,6 +460,7 @@ are used for building ISC DHCP. %patch158 -p1 -b .rt31459 %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 +%patch161 -p1 -b .host-idn-disable mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -1440,6 +1437,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Wed Sep 26 2018 Petr Menšík - 32:9.11.4-10.P2 +- Reenable IDN output but allow turning it off (#1580200) + * Thu Sep 20 2018 Petr Menšík - 32:9.11.4-9.P2 - Update to bind-9.11.4-P2 - Add /dev/urandom to chroot (#1631515)