switch to libidn2 (#1449149)

2017-11-24 10:17:57 +01:00 · 2017-11-24 10:17:57 +01:00 · 1d00a0b48f
commit 1d00a0b48f
parent 9c6cc8ac2b
5 changed files with 301 additions and 2 deletions
--- a/0001-arping-tracepath-removed-unused-idna-header.patch
+++ b/0001-arping-tracepath-removed-unused-idna-header.patch
@ -0,0 +1,41 @@
+From 01fba8245ae81edbe07a36ee6afa00264a4714c4 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Mon, 14 Aug 2017 20:33:21 +0200
+Subject: [PATCH 1/4] arping,tracepath: removed unused idna header
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+(cherry picked from commit 44354bdad5ae53f90734375baa8869436b73fb31)
+
+Resolves: #1449149
+---
+ arping.c    | 1 -
+ tracepath.c | 1 -
+ 2 files changed, 2 deletions(-)
+
+diff --git a/arping.c b/arping.c
+index 1a3f40b..6ad3f5d 100644
+--- a/arping.c
+++ b/arping.c
+@@ -43,7 +43,6 @@ struct sysfs_devattr_values;
+ #endif
+ 
+ #ifdef USE_IDN
+-#include <idna.h>
+ #include <locale.h>
+ #endif
+ 
+diff --git a/tracepath.c b/tracepath.c
+index 74a829d..68e2098 100644
+--- a/tracepath.c
+++ b/tracepath.c
+@@ -28,7 +28,6 @@
+ #include <arpa/inet.h>
+ 
+ #ifdef USE_IDN
+-#include <idna.h>
+ #include <locale.h>
+ #define getnameinfo_flags	NI_IDN
+ #else
+-- 
+2.13.6
+
--- a/0002-traceroute6-use-getaddrinfo-IDNA-conversion.patch
+++ b/0002-traceroute6-use-getaddrinfo-IDNA-conversion.patch
@ -0,0 +1,59 @@
+From 9a30d700493a681ce00b9133e68c12e2cecb1c51 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Mon, 14 Aug 2017 20:39:48 +0200
+Subject: [PATCH 2/4] traceroute6: use getaddrinfo IDNA conversion
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+(cherry picked from commit 0749fa17ca8b30baa2cfca39762c490f1008f5b3)
+
+Resolves: #1449149
+---
+ traceroute6.c | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/traceroute6.c b/traceroute6.c
+index 48fc5c5..aa75cd2 100644
+--- a/traceroute6.c
+++ b/traceroute6.c
+@@ -248,12 +248,13 @@
+ #endif
+ 
+ #ifdef USE_IDN
+-#include <idna.h>
+ #include <locale.h>
+ 
+#define ADDRINFO_IDN_FLAGS	AI_IDN
+ #define getnameinfo_flags	NI_IDN
+ #else
+ #define getnameinfo_flags	0
+#define ADDRINFO_IDN_FLAGS	0
+ #endif
+ 
+ #include <arpa/inet.h>
+@@ -335,7 +336,8 @@ int main(int argc, char *argv[])
+ 	char pa[NI_MAXHOST];
+ 	extern char *optarg;
+ 	extern int optind;
+-	struct addrinfo hints6 = { .ai_family = AF_INET6, .ai_socktype = SOCK_RAW, .ai_flags = AI_CANONNAME };
+	struct addrinfo hints6 = { .ai_family = AF_INET6, .ai_socktype = SOCK_RAW,
+				   .ai_flags = AI_CANONNAME|ADDRINFO_IDN_FLAGS };
+ 	struct addrinfo *result;
+ 	int status;
+ 	struct sockaddr_in6 from, *to;
+@@ -449,12 +451,7 @@ int main(int argc, char *argv[])
+ 	if (inet_pton(AF_INET6, *argv, &to->sin6_addr) > 0) {
+ 		hostname = *argv;
+ 	} else {
+-		char *idn = NULL;
+-#ifdef USE_IDN
+-		if (idna_to_ascii_lz(*argv, &idn, 0) != IDNA_SUCCESS)
+-			idn = NULL;
+-#endif
+-		status = getaddrinfo(idn ? idn : *argv, NULL, &hints6, &result);
+		status = getaddrinfo(*argv, NULL, &hints6, &result);
+ 		if (status) {
+ 			(void)fprintf(stderr,
+ 			    "traceroute: %s: %s\n", *argv, gai_strerror(status));
+-- 
+2.13.6
+
--- a/0003-ping6-simplified-IDNA-usage.patch
+++ b/0003-ping6-simplified-IDNA-usage.patch
@ -0,0 +1,103 @@
+From bf269b652f40a59de325b654e024c17daaea2eb3 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Mon, 14 Aug 2017 20:46:07 +0200
+Subject: [PATCH 3/4] ping6: simplified IDNA usage
+
+The function was converting from locale to UTF-8, performing some
+check and then converting to IDNA form. Convert instead directly
+to IDNA from locale format and perform the check afterwards.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+(cherry picked from commit 8f7b6908746f0eef3bb0f8fdf8b2a8c82ae9afe2)
+
+Resolves: #1449149
+---
+ ping6_common.c | 32 +++++++++-----------------------
+ 1 file changed, 9 insertions(+), 23 deletions(-)
+
+diff --git a/ping6_common.c b/ping6_common.c
+index 498e590..bf4777d 100644
+--- a/ping6_common.c
+++ b/ping6_common.c
+@@ -435,14 +435,14 @@ static int niquery_option_subject_addr_handler(int index, const char *arg)
+ 	return 0;
+ }
+ 
+-static int niquery_option_subject_name_handler(int index, const char *arg)
+static int niquery_option_subject_name_handler(int index, const char *name)
+ {
+ #ifdef USE_CRYPTO
+ 	static char nigroup_buf[INET6_ADDRSTRLEN + 1 + IFNAMSIZ];
+ 	unsigned char *dnptrs[2], **dpp, **lastdnptr;
+ 	int n;
+ 	int i;
+-	char *name, *p;
+	char *p;
+ 	char *canonname = NULL, *idn = NULL;
+ 	unsigned char *buf = NULL;
+ 	size_t namelen;
+@@ -458,18 +458,19 @@ static int niquery_option_subject_name_handler(int index, const char *arg)
+ 		return -1;
+ 
+ #ifdef USE_IDN
+-	name = stringprep_locale_to_utf8(arg);
+-	if (!name) {
+-		fprintf(stderr, "ping6: IDN support failed.\n");
+	rc = idna_to_ascii_lz(name, &idn, 0);
+	if (rc) {
+		fprintf(stderr, "ping6: IDN encoding error: %s\n",
+			idna_strerror(rc));
+ 		exit(2);
+ 	}
+ #else
+-	name = strdup(arg);
+-	if (!name)
+	idn = strdup(name);
+	if (!idn)
+ 		goto oomexit;
+ #endif
+ 
+-	p = strchr(name, SCOPE_DELIMITER);
+	p = strchr(idn, SCOPE_DELIMITER);
+ 	if (p) {
+ 		*p = '\0';
+ 		if (strlen(p + 1) >= IFNAMSIZ) {
+@@ -478,19 +479,6 @@ static int niquery_option_subject_name_handler(int index, const char *arg)
+ 		}
+ 	}
+ 
+-#ifdef USE_IDN
+-	rc = idna_to_ascii_8z(name, &idn, 0);
+-	if (rc) {
+-		fprintf(stderr, "ping6: IDN encoding error: %s\n",
+-			idna_strerror(rc));
+-		exit(2);
+-	}
+-#else
+-	idn = strdup(name);
+-	if (!idn)
+-		goto oomexit;
+-#endif
+-
+ 	namelen = strlen(idn);
+ 	canonname = malloc(namelen + 1);
+ 	if (!canonname)
+@@ -552,7 +540,6 @@ static int niquery_option_subject_name_handler(int index, const char *arg)
+ 
+ 	free(canonname);
+ 	free(idn);
+-	free(name);
+ 
+ 	return 0;
+ oomexit:
+@@ -561,7 +548,6 @@ errexit:
+ 	free(buf);
+ 	free(canonname);
+ 	free(idn);
+-	free(name);
+ 	exit(1);
+ #else
+ 	fprintf(stderr, "ping6: function not available; crypto disabled\n");
+-- 
+2.13.6
+
--- a/0004-ping-use-libidn2-instead-of-libidn.patch
+++ b/0004-ping-use-libidn2-instead-of-libidn.patch
@ -0,0 +1,85 @@
+From fb283094c22b98d93aab8ae391ba8b499974cd70 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Mon, 14 Aug 2017 20:47:43 +0200
+Subject: [PATCH 4/4] ping: use libidn2 instead of libidn
+
+That is, to provide IDNA2008 support instead of IDNA2003.
+See https://fedoraproject.org/wiki/Changes/IDNA2008
+for more rationale.
+
+That uses libidn2 idn2_lookup_ul() which is identical to
+idn2_to_ascii_lz() but is available on all versions of
+libidn2.
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+(cherry picked from commit 665fe4d30ff8b6649454ae25e4768b2f23605332)
+
+Resolves: #1449149
+---
+ Makefile       |  2 +-
+ ping.h         |  3 +--
+ ping6_common.c | 12 ++++++++++--
+ 3 files changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 9f4f61f..ccaa0c3 100644
+--- a/Makefile
+++ b/Makefile
+@@ -13,7 +13,7 @@ LDFLAG_CAP=-lcap
+ LDFLAG_GCRYPT=-lgcrypt -lgpg-error
+ LDFLAG_NETTLE=-lnettle
+ LDFLAG_CRYPTO=-lcrypto
+-LDFLAG_IDN=-lidn
+LDFLAG_IDN=-lidn2
+ LDFLAG_RESOLV=-lresolv
+ LDFLAG_SYSFS=-lsysfs
+ LDFLAG_RT=-lrt
+diff --git a/ping.h b/ping.h
+index 749f3ff..f57cd22 100644
+--- a/ping.h
+++ b/ping.h
+@@ -36,8 +36,7 @@
+ 
+ #ifdef USE_IDN
+ #include <locale.h>
+-#include <idna.h>
+-#include <stringprep.h>
+#include <idn2.h>
+ #define getaddrinfo_flags (AI_CANONNAME | AI_IDN | AI_CANONIDN)
+ #define getnameinfo_flags NI_IDN
+ #else
+diff --git a/ping6_common.c b/ping6_common.c
+index bf4777d..da37177 100644
+--- a/ping6_common.c
+++ b/ping6_common.c
+@@ -435,6 +435,14 @@ static int niquery_option_subject_addr_handler(int index, const char *arg)
+ 	return 0;
+ }
+ 
+#ifdef USE_IDN
+# if IDN2_VERSION_NUMBER >= 0x02000000
+#  define IDN2_FLAGS IDN2_NONTRANSITIONAL
+# else
+#  define IDN2_FLAGS 0
+# endif
+#endif
+
+ static int niquery_option_subject_name_handler(int index, const char *name)
+ {
+ #ifdef USE_CRYPTO
+@@ -458,10 +466,10 @@ static int niquery_option_subject_name_handler(int index, const char *name)
+ 		return -1;
+ 
+ #ifdef USE_IDN
+-	rc = idna_to_ascii_lz(name, &idn, 0);
+	rc = idn2_lookup_ul(name, &idn, IDN2_FLAGS);
+ 	if (rc) {
+ 		fprintf(stderr, "ping6: IDN encoding error: %s\n",
+-			idna_strerror(rc));
+			idn2_strerror(rc));
+ 		exit(2);
+ 	}
+ #else
+-- 
+2.13.6
+
--- a/iputils.spec
+++ b/iputils.spec
@ -3,7 +3,7 @@
 Summary: Network monitoring tools including ping
 Name: iputils
 Version: 20161105
-Release: 7%{?dist}
+Release: 8%{?dist}
 # some parts are under the original BSD (ping.c)
 # some are under GPLv2+ (tracepath.c)
 License: BSD and GPLv2+
@ -20,12 +20,16 @@ Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt

 Patch0: iputils-rh.patch
 Patch1: iputils-ifenslave.patch
+Patch2: 0001-arping-tracepath-removed-unused-idna-header.patch
+Patch3: 0002-traceroute6-use-getaddrinfo-IDNA-conversion.patch
+Patch4: 0003-ping6-simplified-IDNA-usage.patch
+Patch5: 0004-ping-use-libidn2-instead-of-libidn.patch

 %if ! 0%{?_module_build}
 BuildRequires: docbook-utils perl-SGMLSpm
 %endif
 BuildRequires: glibc-kernheaders >= 2.4-8.19
-BuildRequires: libidn-devel
+BuildRequires: libidn2-devel
 BuildRequires: openssl-devel
 BuildRequires: libcap-devel
 Requires(post): systemd
@ -59,6 +63,10 @@ cp %{SOURCE4} %{SOURCE5} .

 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1

 %build
 %ifarch s390 s390x
@ -166,6 +174,9 @@ mv -f RELNOTES.tmp RELNOTES
 %endif

 %changelog
+* Fri Nov 24 2017 Jan Synáček <jsynacek@redhat.com> - 20161105-8
+- switch to libidn2 (#1449149)
+
 * Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20161105-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild