On Tue, Jan 09, 2018 at 09:05:59PM +0100, Florian Weimer wrote: > This patch leverages dlvsym-in-libc support to access the versioned > symbols in libidn2. It brings us IDNA2008 support and code which is > still maintained. > > The test still needs quite a bit of work, to check various flags and > aliases combinations. The getnameinfo tests are completely missing. > I'd also like a separate, negative test which uses a fake libidn2 > library without the symbol definitions, to exercise that path. > > I still need to gather all the bugs that this fixes. > > I'm posting this early because we are approaching the end of the slushy > freeze, but parts of that qualify as (security) bug fixes. As this patch touches GLIBC_PRIVATE interface and marks some exported constants as deprecated, it's unfortunate that the patch was submitted so close to the end of the slushy freeze window. Due to the nature of bugs fixed by this change, however, I definitely want to get it into 2.27. [...] > --- a/inet/net-internal.h > +++ b/inet/net-internal.h > @@ -29,6 +29,17 @@ int __inet6_scopeid_pton (const struct in6_addr *address, > libc_hidden_proto (__inet6_scopeid_pton) > > > +/* IDNA conversion. These functions convert domain names between the > + current multi-byte character set and the IDNA encoding. On > + success, the result string is written to *RESULT (which the caller > + has to free), and zero is returned. On error, an EAI_* error code > + is returned (see ), and *RESULT is not changed. */ > +int __idna_to_dns_encoding (const char *name, char **result); > +libc_hidden_proto (__idna_to_dns_encoding) > +int __idna_from_dns_encoding (const char *name, char **); Shouldn't it be "char **result", too? > --- a/resolv/netdb.h > +++ b/resolv/netdb.h > @@ -605,10 +605,10 @@ struct gaicb > in the current locale's character set) > before looking it up. */ > # define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */ > -# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode > - code points. */ > -# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to > - STD3 rules. */ > +# define AI_IDN_ALLOW_UNASSIGNED \ > + __glibc_macro_warning ("AI_IDN_ALLOW_UNASSIGNED") 0x0100 > +# define AI_IDN_USE_STD3_ASCII_RULES \ > + __glibc_macro_warning ("AI_IDN_USE_STD3_ASCII_RULES") 0x0200 The accepted style for these warnings is "... is deprecated". -- ldv