From e665b7deb0e1f06b43eda786688ecde414417e0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 26 Sep 2018 19:51:42 +0200
Subject: [PATCH] Reenable IDN output but allow turning it off

Remove invalid downstream patch that disabled IDN output by default.
Dig could enable it, but it could not be enabled in nslookup and host.
Fix instead broken disable.

Resolves: #1580200
---
 bind-9.11-host-idn-disable.patch | 100 +++++++++++++++++++++++++++++++
 bind-9.11-libidn2-noout.patch    |  16 -----
 bind.spec                        |  12 ++--
 3 files changed, 106 insertions(+), 22 deletions(-)
 create mode 100644 bind-9.11-host-idn-disable.patch
 delete mode 100644 bind-9.11-libidn2-noout.patch

diff --git a/bind-9.11-host-idn-disable.patch b/bind-9.11-host-idn-disable.patch
new file mode 100644
index 0000000..434c596
--- /dev/null
+++ b/bind-9.11-host-idn-disable.patch
@@ -0,0 +1,100 @@
+From 145fac914bf47128307aea702fed7eb74b65cadd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Tue, 25 Sep 2018 18:08:46 +0200
+Subject: [PATCH] Disable IDN from environment as documented
+
+Manual page of host contained instructions to disable IDN processing
+when it was built with libidn2. When refactoring IDN support however,
+support for disabling IDN in host and nslookup was lost. Use also
+environment variable and document it for nslookup, host and dig.
+
+Support variable CHARSET=ASCII to disable IDN, supported in downstream
+RH patch since RHEL 5.
+---
+ bin/dig/dig.docbook      |  4 +++-
+ bin/dig/dighost.c        |  9 +++++++--
+ bin/dig/host.docbook     |  2 +-
+ bin/dig/nslookup.docbook | 15 +++++++++++++++
+ 4 files changed, 26 insertions(+), 4 deletions(-)
+
+diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
+index fedd288..d5dba72 100644
+--- a/bin/dig/dig.docbook
++++ b/bin/dig/dig.docbook
+@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
+       reply from the server.
+       If you'd like to turn off the IDN support for some reason, use
+       parameters <parameter>+noidnin</parameter> and
+-      <parameter>+noidnout</parameter>.
++      <parameter>+noidnout</parameter> or define
++      the <envar>IDN_DISABLE</envar> environment variable.
++
+     </para>
+   </refsection>
+ 
+diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
+index 7408193..d46379d 100644
+--- a/bin/dig/dighost.c
++++ b/bin/dig/dighost.c
+@@ -822,12 +822,17 @@ make_empty_lookup(void) {
+ 	looknew->seenbadcookie = ISC_FALSE;
+ 	looknew->badcookie = ISC_TRUE;
+ #ifdef WITH_IDN_SUPPORT
+-	looknew->idnin = ISC_TRUE;
++	looknew->idnin = (getenv("IDN_DISABLE") == NULL);
++	if (looknew->idnin) {
++		const char *charset = getenv("CHARSET");
++		if (charset && !strcmp(charset, "ASCII"))
++			looknew->idnin = ISC_FALSE;
++	}
+ #else
+ 	looknew->idnin = ISC_FALSE;
+ #endif
+ #ifdef WITH_IDN_OUT_SUPPORT
+-	looknew->idnout = ISC_TRUE;
++	looknew->idnout = looknew->idnin;
+ #else
+ 	looknew->idnout = ISC_FALSE;
+ #endif
+diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook
+index 9c3aeaa..42cbbf9 100644
+--- a/bin/dig/host.docbook
++++ b/bin/dig/host.docbook
+@@ -378,7 +378,7 @@
+       <command>host</command> appropriately converts character encoding of
+       domain name before sending a request to DNS server or displaying a
+       reply from the server.
+-      If you'd like to turn off the IDN support for some reason, defines
++      If you'd like to turn off the IDN support for some reason, define
+       the <envar>IDN_DISABLE</envar> environment variable.
+       The IDN support is disabled if the variable is set when
+       <command>host</command> runs.
+diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
+index 3aff4e9..86a09c6 100644
+--- a/bin/dig/nslookup.docbook
++++ b/bin/dig/nslookup.docbook
+@@ -478,6 +478,21 @@ nslookup -query=hinfo  -timeout=10
+     </para>
+   </refsection>
+ 
++  <refsection><info><title>IDN SUPPORT</title></info>
++
++    <para>
++      If <command>nslookup</command> has been built with IDN (internationalized
++      domain name) support, it can accept and display non-ASCII domain names.
++      <command>nslookup</command> appropriately converts character encoding of
++      domain name before sending a request to DNS server or displaying a
++      reply from the server.
++      If you'd like to turn off the IDN support for some reason, define
++      the <envar>IDN_DISABLE</envar> environment variable.
++      The IDN support is disabled if the variable is set when
++      <command>nslookup</command> runs.
++    </para>
++  </refsection>
++
+   <refsection><info><title>FILES</title></info>
+ 
+     <para><filename>/etc/resolv.conf</filename>
+-- 
+2.14.4
+
diff --git a/bind-9.11-libidn2-noout.patch b/bind-9.11-libidn2-noout.patch
deleted file mode 100644
index 2fa3f03..0000000
--- a/bind-9.11-libidn2-noout.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
-index c179b62..cdf8826 100644
---- a/bin/dig/dighost.c
-+++ b/bin/dig/dighost.c
-@@ -823,11 +823,7 @@ make_empty_lookup(void) {
- #else
- 	looknew->idnin = ISC_FALSE;
- #endif
--#ifdef WITH_IDN_OUT_SUPPORT
--	looknew->idnout = ISC_TRUE;
--#else
- 	looknew->idnout = ISC_FALSE;
--#endif
- #ifdef DIG_SIGCHASE
- 	looknew->sigchase = ISC_FALSE;
- #if DIG_SIGCHASE_TD
diff --git a/bind.spec b/bind.spec
index 90d8640..1b3fe43 100644
--- a/bind.spec
+++ b/bind.spec
@@ -52,7 +52,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  MPLv2.0
 Version:  9.11.4
-Release:  9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
+Release:  10%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 #
@@ -123,6 +123,7 @@ Patch159:bind-9.11-rt46047.patch
 # commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c
 # commit 083461d3329ff6f2410745848a926090586a9846
 Patch160:bind-9.11-rh1624100.patch
+Patch161:bind-9.11-host-idn-disable.patch
 
 # SDB patches
 Patch11: bind-9.3.2b2-sdbsrc.patch
@@ -131,10 +132,6 @@ Patch12: bind-9.10-sdb.patch
 # needs inpection
 Patch17: bind-9.3.2b1-fix_sdb_ldap.patch
 
-# make +noidnout default
-Patch74: bind-9.11-libidn2-noout.patch
-
-
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
@@ -447,7 +444,6 @@ are used for building ISC DHCP.
 %ifnarch alpha ia64
 %patch72 -p1 -b .64bit
 %endif
-%patch74 -p1 -b .idn-noout
 %patch102 -p1 -b .rh452060
 %patch106 -p0 -b .rh490837
 %patch109 -p1 -b .rh478718
@@ -464,6 +460,7 @@ are used for building ISC DHCP.
 %patch158 -p1 -b .rt31459
 %patch159 -p1 -b .rt46047
 %patch160 -p1 -b .rh1624100
+%patch161 -p1 -b .host-idn-disable
 
 mkdir lib/dns/tests/testdata/dstrandom
 cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data
@@ -1440,6 +1437,9 @@ rm -rf ${RPM_BUILD_ROOT}
 
 
 %changelog
+* Wed Sep 26 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-10.P2
+- Reenable IDN output but allow turning it off (#1580200)
+
 * Thu Sep 20 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.4-9.P2
 - Update to bind-9.11.4-P2
 - Add /dev/urandom to chroot (#1631515)