IDNA: require libidn2 2.0.0

We require private symbols which dissapear at some point in
IDN2 releases in order to support old versions of libidn2. Simplify
the code by requiring only recent versions and avoid issues such
as #832.

Resolves: #832

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/configure.ac b/configure.ac
index 172cf429e41a0dde72c071a024bd4d64fd9de5db..79ee38cabe4358ccfeb05cb07399eef13a387483 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -559,26 +559,18 @@ idna_support=no
 with_libidn2=no
 
 if test "$try_libidn2" = yes;then
-    save_LIBS=$LIBS
-    AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [
-      with_libidn2=yes;
+    PKG_CHECK_MODULES(LIBIDN2, [libidn2 >= 2.0.0], [with_libidn2=yes], [with_libidn2=no])
+    if test "${with_libidn2}" = "yes";then
       idna_support="IDNA 2008 (libidn2)"
       AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.])
-      AC_SUBST([LIBIDN2_CFLAGS], [])
-      AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in
-dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private)
-dnl      if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
-dnl        GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
-dnl      else
-dnl        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
-dnl      fi
-    ],[
-      with_libidn2=no;
+      if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then
+        GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2"
+      else
+        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2"
+      fi
+    else
       AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support)
-    ])
-    LIBS=$save_LIBS
-else
-  with_libidn2=no
+    fi
 fi
 
 AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no")

diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in
index ffad3e16885fdf2c75dc59fdde1f3cf6e0e099a5..4b6b5578f546239ad74c4ddab232d29b32fef68a 100644 (file)
--- a/lib/gnutls.pc.in
+++ b/lib/gnutls.pc.in
@@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system
 URL: https://www.gnutls.org/
 Version: @VERSION@
 Libs: -L${libdir} -lgnutls
-Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBIDN2_LIBS@ @LIBATOMIC_LIBS@
+Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@
 @GNUTLS_REQUIRES_PRIVATE@
 Cflags: -I${includedir}

diff --git a/lib/str-idna.c b/lib/str-idna.c
index a6778133635e3a555034ca8757f8dc0b528d7bae..74b8d220b93194314deec5e2c30a4a1ab0ff3c75 100644 (file)
--- a/lib/str-idna.c
+++ b/lib/str-idna.c
@@ -30,12 +30,7 @@
 
 # include <idn2.h>
 
-#if IDN2_VERSION_NUMBER < 0x02000000
-# define idn2_to_ascii_8z idn2_lookup_u8
-# define ICAST uint8_t
-#else
 # define ICAST char
-#endif
 
 /**
  * gnutls_idna_map:
@@ -69,7 +64,6 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
        unsigned int idn2_flags = IDN2_NFC_INPUT;
        unsigned int idn2_tflags = IDN2_NFC_INPUT;
 
-#if IDN2_VERSION_NUMBER >= 0x00140000
        /* IDN2_NONTRANSITIONAL automatically converts to lowercase
         * IDN2_NFC_INPUT converts to NFC before toASCII conversion
         *
@@ -83,15 +77,6 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
         * 'evil.ca/c.example.com', which seems no good idea. */
        idn2_flags |= IDN2_NONTRANSITIONAL | IDN2_USE_STD3_ASCII_RULES;
        idn2_tflags |= IDN2_TRANSITIONAL | IDN2_USE_STD3_ASCII_RULES;
-#endif
-
-       /* This avoids excessive CPU usage with libidn2 < 2.1.1 */
-       if (ilen > 2048) {
-               gnutls_assert();
-               _gnutls_debug_log("unable to convert name '%.*s' to IDNA format: %s\n",
-                       (int) ilen, input, idn2_strerror(IDN2_TOO_BIG_DOMAIN));
-               return GNUTLS_E_INVALID_UTF8_STRING;
-       }
 
        if (ilen == 0) {
                out->data = (uint8_t*)gnutls_strdup("");
@@ -138,73 +123,6 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
        return ret;
 }
 
-#if IDN2_VERSION_NUMBER < 0x02000000
-int _idn2_punycode_decode(
-       size_t input_length,
-       const char input[],
-       size_t *output_length,
-       uint32_t output[],
-       unsigned char case_flags[]);
-
-static int idn2_to_unicode_8z8z(const char *src, char **dst, unsigned flags)
-{
-       int rc, run;
-       size_t out_len = 0;
-       const char *e, *s;
-       char *p = NULL;
-
-       for (run = 0; run < 2; run++) {
-               if (run) {
-                       p = malloc(out_len + 1);
-                       if (!p)
-                               return IDN2_MALLOC;
-                       *dst = p;
-               }
-
-               out_len = 0;
-               for (e = s = src; *e; s = e) {
-                       while (*e && *e != '.')
-                               e++;
-
-                       if (e - s > 4 && (s[0] == 'x' || s[0] == 'X') && (s[1] == 'n' || s[1] == 'N') && s[2] == '-' && s[3] == '-') {
-                               size_t u32len = IDN2_LABEL_MAX_LENGTH * 4;
-                               uint32_t u32[IDN2_LABEL_MAX_LENGTH * 4];
-                               uint8_t u8[IDN2_LABEL_MAX_LENGTH + 1];
-                               size_t u8len;
-
-                               rc = _idn2_punycode_decode(e - s - 4, s + 4, &u32len, u32, NULL);
-                               if (rc != IDN2_OK)
-                                       return rc;
-
-                               u8len = sizeof(u8);
-                               if (u32_to_u8(u32, u32len, u8, &u8len) == NULL)
-                                       return IDN2_ENCODING_ERROR;
-                               u8[u8len] = '\0';
-
-                               if (run)
-                                       memcpy(*dst + out_len, u8, u8len);
-                               out_len += u8len;
-                       } else {
-                               if (run)
-                                       memcpy(*dst + out_len, s, e - s);
-                               out_len += e - s;
-                       }
-
-                       if (*e) {
-                               e++;
-                               if (run)
-                                       (*dst)[out_len] = '.';
-                               out_len++;
-                       }
-               }
-       }
-
-       (*dst)[out_len] = 0;
-
-       return IDN2_OK;
-}
-#endif
-
 /**
  * gnutls_idna_reverse_map:
  * @input: contain the ACE (IDNA) formatted domain name