From e665b7deb0e1f06b43eda786688ecde414417e0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Wed, 26 Sep 2018 19:51:42 +0200 Subject: [PATCH] Reenable IDN output but allow turning it off Remove invalid downstream patch that disabled IDN output by default. Dig could enable it, but it could not be enabled in nslookup and host. Fix instead broken disable. Resolves: #1580200 --- bind-9.11-host-idn-disable.patch | 100 +++++++++++++++++++++++++++++++ bind-9.11-libidn2-noout.patch | 16 ----- bind.spec | 12 ++-- 3 files changed, 106 insertions(+), 22 deletions(-) create mode 100644 bind-9.11-host-idn-disable.patch delete mode 100644 bind-9.11-libidn2-noout.patch diff --git a/bind-9.11-host-idn-disable.patch b/bind-9.11-host-idn-disable.patch new file mode 100644 index 0000000..434c596 --- /dev/null +++ b/bind-9.11-host-idn-disable.patch @@ -0,0 +1,100 @@ +From 145fac914bf47128307aea702fed7eb74b65cadd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Tue, 25 Sep 2018 18:08:46 +0200 +Subject: [PATCH] Disable IDN from environment as documented + +Manual page of host contained instructions to disable IDN processing +when it was built with libidn2. When refactoring IDN support however, +support for disabling IDN in host and nslookup was lost. Use also +environment variable and document it for nslookup, host and dig. + +Support variable CHARSET=ASCII to disable IDN, supported in downstream +RH patch since RHEL 5. +--- + bin/dig/dig.docbook | 4 +++- + bin/dig/dighost.c | 9 +++++++-- + bin/dig/host.docbook | 2 +- + bin/dig/nslookup.docbook | 15 +++++++++++++++ + 4 files changed, 26 insertions(+), 4 deletions(-) + +diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook +index fedd288..d5dba72 100644 +--- a/bin/dig/dig.docbook ++++ b/bin/dig/dig.docbook +@@ -1288,7 +1288,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr + reply from the server. + If you'd like to turn off the IDN support for some reason, use + parameters +noidnin and +- +noidnout. ++ +noidnout or define ++ the IDN_DISABLE environment variable. ++ + + + +diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c +index 7408193..d46379d 100644 +--- a/bin/dig/dighost.c ++++ b/bin/dig/dighost.c +@@ -822,12 +822,17 @@ make_empty_lookup(void) { + looknew->seenbadcookie = ISC_FALSE; + looknew->badcookie = ISC_TRUE; + #ifdef WITH_IDN_SUPPORT +- looknew->idnin = ISC_TRUE; ++ looknew->idnin = (getenv("IDN_DISABLE") == NULL); ++ if (looknew->idnin) { ++ const char *charset = getenv("CHARSET"); ++ if (charset && !strcmp(charset, "ASCII")) ++ looknew->idnin = ISC_FALSE; ++ } + #else + looknew->idnin = ISC_FALSE; + #endif + #ifdef WITH_IDN_OUT_SUPPORT +- looknew->idnout = ISC_TRUE; ++ looknew->idnout = looknew->idnin; + #else + looknew->idnout = ISC_FALSE; + #endif +diff --git a/bin/dig/host.docbook b/bin/dig/host.docbook +index 9c3aeaa..42cbbf9 100644 +--- a/bin/dig/host.docbook ++++ b/bin/dig/host.docbook +@@ -378,7 +378,7 @@ + host appropriately converts character encoding of + domain name before sending a request to DNS server or displaying a + reply from the server. +- If you'd like to turn off the IDN support for some reason, defines ++ If you'd like to turn off the IDN support for some reason, define + the IDN_DISABLE environment variable. + The IDN support is disabled if the variable is set when + host runs. +diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook +index 3aff4e9..86a09c6 100644 +--- a/bin/dig/nslookup.docbook ++++ b/bin/dig/nslookup.docbook +@@ -478,6 +478,21 @@ nslookup -query=hinfo -timeout=10 + + + ++ IDN SUPPORT ++ ++ ++ If nslookup has been built with IDN (internationalized ++ domain name) support, it can accept and display non-ASCII domain names. ++ nslookup appropriately converts character encoding of ++ domain name before sending a request to DNS server or displaying a ++ reply from the server. ++ If you'd like to turn off the IDN support for some reason, define ++ the IDN_DISABLE environment variable. ++ The IDN support is disabled if the variable is set when ++ nslookup runs. ++ ++ ++ + FILES + + /etc/resolv.conf +-- +2.14.4 + diff --git a/bind-9.11-libidn2-noout.patch b/bind-9.11-libidn2-noout.patch deleted file mode 100644 index 2fa3f03..0000000 --- a/bind-9.11-libidn2-noout.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c -index c179b62..cdf8826 100644 ---- a/bin/dig/dighost.c -+++ b/bin/dig/dighost.c -@@ -823,11 +823,7 @@ make_empty_lookup(void) { - #else - looknew->idnin = ISC_FALSE; - #endif --#ifdef WITH_IDN_OUT_SUPPORT -- looknew->idnout = ISC_TRUE; --#else - looknew->idnout = ISC_FALSE; --#endif - #ifdef DIG_SIGCHASE - looknew->sigchase = ISC_FALSE; - #if DIG_SIGCHASE_TD diff --git a/bind.spec b/bind.spec index 90d8640..1b3fe43 100644 --- a/bind.spec +++ b/bind.spec @@ -52,7 +52,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.4 -Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 10%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -123,6 +123,7 @@ Patch159:bind-9.11-rt46047.patch # commit b105ccee68ccc3c18e6ea530063b3c8e5a42571c # commit 083461d3329ff6f2410745848a926090586a9846 Patch160:bind-9.11-rh1624100.patch +Patch161:bind-9.11-host-idn-disable.patch # SDB patches Patch11: bind-9.3.2b2-sdbsrc.patch @@ -131,10 +132,6 @@ Patch12: bind-9.10-sdb.patch # needs inpection Patch17: bind-9.3.2b1-fix_sdb_ldap.patch -# make +noidnout default -Patch74: bind-9.11-libidn2-noout.patch - - Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -447,7 +444,6 @@ are used for building ISC DHCP. %ifnarch alpha ia64 %patch72 -p1 -b .64bit %endif -%patch74 -p1 -b .idn-noout %patch102 -p1 -b .rh452060 %patch106 -p0 -b .rh490837 %patch109 -p1 -b .rh478718 @@ -464,6 +460,7 @@ are used for building ISC DHCP. %patch158 -p1 -b .rt31459 %patch159 -p1 -b .rt46047 %patch160 -p1 -b .rh1624100 +%patch161 -p1 -b .host-idn-disable mkdir lib/dns/tests/testdata/dstrandom cp -a %{SOURCE50} lib/dns/tests/testdata/dstrandom/random.data @@ -1440,6 +1437,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Wed Sep 26 2018 Petr Menšík - 32:9.11.4-10.P2 +- Reenable IDN output but allow turning it off (#1580200) + * Thu Sep 20 2018 Petr Menšík - 32:9.11.4-9.P2 - Update to bind-9.11.4-P2 - Add /dev/urandom to chroot (#1631515)