From 5c1aed2881aa168be9ac07597dce97db79855c87 Mon Sep 17 00:00:00 2001
From: Tony Finch <fanf@isc.org>
Date: Tue, 13 Sep 2022 17:17:55 +0100
Subject: [PATCH] Fix dig idna test on Debian 10 "buster"

The test expected `xn--ah-` to be treated as a syntax error (punycode
requires letters after the last hyphen) but libidn2 on buster
converted the label to `ah` instead. To avoid this bug, change the
invalid label to `xn--0000h` which translates to an out-of-range
unicode codepoint (beyond the maximum value) which is corectly
trated as invalid in older libidn2.
---
 bin/tests/system/idna/tests.sh | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh
index 318bbbec49..9617fb9454 100644
--- a/bin/tests/system/idna/tests.sh
+++ b/bin/tests/system/idna/tests.sh
@@ -282,17 +282,17 @@ idna_enabled_test() {
     idna_test "$text" "+idn"               "xn--xx" "xn--xx."
 
     # Fake A-label - the string does not translate to anything.
-    # This name is a syntax error: IDNA expects be punycode-encoded
-    # non-ascii characters after the last hyphen, but they are missing
-    # in this test.
+    # "xn--0000h" decodes to a single "code point" value of U+127252
+    # (1,208,914) which is not a legal Unicode code point.
+    # (https://www.farsightsecurity.com/blog/txt-record/punycode-20180711/)
 
     text="Checking fake A-label"
-    idna_test "$text" "+noidn"             "xn--ah-" "xn--ah-."
-    idna_test "$text" "+noidnin +noidnout" "xn--ah-" "xn--ah-."
-    idna_test "$text" "+noidnin   +idnout" "xn--ah-" "xn--ah-."
-    idna_test "$text" "+idnin   +noidnout" "xn--ah-" "xn--ah-."
-    idna_test "$text" "+idnin     +idnout" "xn--ah-" "xn--ah-."
-    idna_test "$text" "+idn"               "xn--ah-" "xn--ah-."
+    idna_test "$text" "+noidn"             "xn--0000h" "xn--0000h."
+    idna_test "$text" "+noidnin +noidnout" "xn--0000h" "xn--0000h."
+    idna_test "$text" "+noidnin   +idnout" "xn--0000h" "xn--0000h."
+    idna_test "$text" "+idnin   +noidnout" "xn--0000h" "xn--0000h."
+    idna_test "$text" "+idnin     +idnout" "xn--0000h" "xn--0000h."
+    idna_test "$text" "+idn"               "xn--0000h" "xn--0000h."
 
     # Too long a label. The punycode string is too long (at 64 characters).
     # BIND rejects such labels: with +idnin