Bug 1731081 - Label escaping bug for special characters breaks ipa dnszone-show
Summary: Label escaping bug for special characters breaks ipa dnszone-show
Keywords:
Status: VERIFIED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: python-dns
Version: 8.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.2
Assignee: Lumír Balhar
QA Contact: Jan Houska
URL:
Whiteboard:
Depends On:
Blocks: 1640091
TreeView+ depends on / blocked
 
Reported: 2019-07-18 09:51 UTC by Christian Heimes
Modified: 2019-11-25 07:49 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Fedora Pagure freeipa issue 7739 None None None 2019-07-18 09:51:58 UTC
Github rthalley dnspython issues 339 'None' closed Name.to_unicode does not escape special chars 2020-02-17 14:33:30 UTC

Description Christian Heimes 2019-07-18 09:51:59 UTC
Description of problem:
dns.name.Name 's to_unicode() method has a bug. It escapes special characters to wrong way. In DNS the email address admin.1@example.com is encoded as admin\.1.example.com. The to_unicode() method drops the quoting and turns the email address into admin@1.example.com (encoded admin.1.example.com).

The issue causes problems with IdM and breaks ipa dnszone-show command.

Version-Release number of selected component (if applicable):
python3-dns-1.15.0

How reproducible:
always

Steps to Reproduce:
$ python3
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin.1.example.com.'


Actual results:
name.to_unicode() returns 'admin.1.example.com.'

Expected results:
'admin\\.1.example.com.'

Additional info:
Upstream fix https://github.com/rthalley/dnspython/commit/c76aa6ac9969447220c8e807aa1e5640a6c12924

Comment 1 Christian Heimes 2019-07-18 10:01:07 UTC
The fix has been in upstream master for a while. Upstream has retired 1.x release series in favor of 2.0 with Python 3-only support. It may be necessary to backport the fix to 1.5 manually and maintain a patch.

Comment 2 Lumír Balhar 2019-08-28 11:47:55 UTC
I am going to take a look.

We have the reproducer available so it should be easy to test the fix and I am going to backport.

Comment 3 Lumír Balhar 2019-08-28 12:32:44 UTC
I've managed to backport the upstream patch to version 1.15 (RHEL8).

Scratch build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=23218020
Commit (my fork, rhel-8.1.é branch): https://src.osci.redhat.com/fork/lbalhar/rpms/python-dns/commits/rhel-8.1.0

Verification
Old version:

# rpm -qi python3-dns
Name        : python3-dns
Version     : 1.15.0
Release     : 8.el8

# python3
Python 3.6.8 (default, Aug  6 2019, 19:43:07) 
[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin.1.example.com.'

New version:

# rpm -qi python3-dns
Name        : python3-dns
Version     : 1.15.0
Release     : 9.el8

# python3
Python 3.6.8 (default, Aug  6 2019, 19:43:07) 
[GCC 8.3.1 20190507 (Red Hat 8.3.1-4)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import dns.name
>>> name = dns.name.from_text("admin\\.1.example.com")
>>> name
<DNS name admin\.1.example.com.>
>>> name.to_text()
'admin\\.1.example.com.'
>>> name.to_unicode()
'admin\\.1.example.com.'

Everything is ready and tested on RHEL 8.1 so the fix has to wait until there will be a branch for RHEL 8.2. But it's already ready for a review.

The backported patch also contains one new test for to_unicode() method and a lot of existing tests are already there so I think that no new tests are needed from QA.

Comment 5 Lumír Balhar 2019-10-16 04:55:17 UTC
Pull request is ready for review here: https://src.osci.redhat.com/rpms/python-dns/pull-request/2

The test is also backported in `tests/test_name.py` function `testToText12`.

Comment 6 Lumír Balhar 2019-10-22 12:59:55 UTC
PR merged. Build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=24188082

Comment 8 Lumír Balhar 2019-10-23 13:44:24 UTC
Before I'll be able to add the build to the errata, I need to enable gating.

Gating configuration PR: https://src.osci.redhat.com/rpms/python-dns/pull-request/3
Beaker test configuration change and prove that it works well for this bug: https://src.osci.redhat.com/tests/python-dns/pull-request/1

Could you please help me to enable gating for this component?

Comment 9 Tomas Orsava 2019-10-24 10:52:14 UTC
Lumir, please also provide the command to start only the relevant upstream test that fixes the issue, so that QE can make a Regression test case for it.

Comment 10 Lumír Balhar 2019-10-25 05:11:17 UTC
Both PRs from comment#8 merged, release bumped.

New build (for gating): https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=24238288

Command to run the backported test: python3 -m unittest -v tests.test_name.NameTestCase.testToText12


Note You need to log in before you can comment on or make changes to this bug.