bug#27809: libidn2 underscore stripping problem

2019-02-25 Thread Leo Famulari 
Leo Famulari  writes:
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

This commit was contained in libidn2 2.0.3, and we currently have 2.0.5.


signature.asc
Description: PGP signature

bug#27809: libidn2 underscore stripping problem

2017-07-25 Thread Marius Bakke 
Leo Famulari  writes:

> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

The commit refers to TR46 which is a Unicode standards document:

http://unicode.org/reports/tr46/#STD3_Rules

It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].

Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and  records)[1].

So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.

I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.

[0] https://tools.ietf.org/html/rfc2782
[1] https://tools.ietf.org/html/rfc1123#section-2


signature.asc
Description: PGP signature

bug#27809: libidn2 underscore stripping problem

2017-07-24 Thread Leo Famulari 
It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too.  It
matters to us because we build GnuTLS with libidn2.

I'm not sure yet what the solution is for us. Help wanted!

Original report:
https://github.com/systemd/systemd/issues/6426

libidn2 discussion:
https://gitlab.com/libidn/libidn2/issues/30

Upstream fix:
https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e


signature.asc
Description: PGP signature