GNU bug report logs

#27809 libidn2 underscore stripping problem

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to bug-guix@gnu.org:
bug#27809; Package guix. (Mon, 24 Jul 2017 19:53:02 GMT) (full text, mbox, link).

Acknowledgement sent to Leo Famulari <leo@famulari.name>:
New bug report received and forwarded. Copy sent to bug-guix@gnu.org. (Mon, 24 Jul 2017 19:53:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>
To: bug-guix@gnu.org
Subject: libidn2 underscore stripping problem
Date: Mon, 24 Jul 2017 15:52:31 -0400
[Message part 1 (text/plain, inline)]
It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too.  It
matters to us because we build GnuTLS with libidn2.

I'm not sure yet what the solution is for us. Help wanted!

Original report:
https://github.com/systemd/systemd/issues/6426

libidn2 discussion:
https://gitlab.com/libidn/libidn2/issues/30

Upstream fix:
https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

[signature.asc (application/pgp-signature, inline)]

Information forwarded to bug-guix@gnu.org:
bug#27809; Package guix. (Tue, 25 Jul 2017 20:23:03 GMT) (full text, mbox, link).

Message #8 received at 27809@debbugs.gnu.org (full text, mbox, reply):

From: Marius Bakke <mbakke@fastmail.com>
To: Leo Famulari <leo@famulari.name>, 27809@debbugs.gnu.org
Subject: Re: bug#27809: libidn2 underscore stripping problem
Date: Tue, 25 Jul 2017 22:22:03 +0200
[Message part 1 (text/plain, inline)]
Leo Famulari <leo@famulari.name> writes:

> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

The commit refers to TR46 which is a Unicode standards document:

http://unicode.org/reports/tr46/#STD3_Rules

It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].

Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and AAAA records)[1].

So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.

I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.

[0] https://tools.ietf.org/html/rfc2782
[1] https://tools.ietf.org/html/rfc1123#section-2

[signature.asc (application/pgp-signature, inline)]

Added tag(s) security. Request was from ludo@gnu.org (Ludovic Courtès) to control@debbugs.gnu.org. (Wed, 02 Aug 2017 22:02:02 GMT) (full text, mbox, link).

Reply sent to Leo Famulari <leo@famulari.name>:
You have taken responsibility. (Mon, 25 Feb 2019 23:31:02 GMT) (full text, mbox, link).

Notification sent to Leo Famulari <leo@famulari.name>:
bug acknowledged by developer. (Mon, 25 Feb 2019 23:31:02 GMT) (full text, mbox, link).

Message #15 received at 27809-done@debbugs.gnu.org (full text, mbox, reply):

From: Leo Famulari <leo@famulari.name>
Cc: 27809-done@debbugs.gnu.org
Subject: Re: bug#27809: libidn2 underscore stripping problem
Date: Mon, 25 Feb 2019 18:30:13 -0500
[Message part 1 (text/plain, inline)]
Leo Famulari <leo@famulari.name> writes:
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

This commit was contained in libidn2 2.0.3, and we currently have 2.0.5.

[signature.asc (application/pgp-signature, inline)]

bug archived. Request was from Debbugs Internal Request <help-debbugs@gnu.org> to internal_control@debbugs.gnu.org. (Tue, 26 Mar 2019 11:24:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 06:12:59 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.