GNU bug report logs - #27809
libidn2 underscore stripping problem

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 27809 in the body.
You can then email your comments to 27809 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: bug-guix <at> gnu.org
Subject: libidn2 underscore stripping problem
Date: Mon, 24 Jul 2017 15:52:31 -0400

[Message part 1 (text/plain, inline)]

It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too.  It
matters to us because we build GnuTLS with libidn2.

I'm not sure yet what the solution is for us. Help wanted!

Original report:
https://github.com/systemd/systemd/issues/6426

libidn2 discussion:
https://gitlab.com/libidn/libidn2/issues/30

Upstream fix:
https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

[signature.asc (application/pgp-signature, inline)]

Message #8 received at 27809 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>, 27809 <at> debbugs.gnu.org
Subject: Re: bug#27809: libidn2 underscore stripping problem
Date: Tue, 25 Jul 2017 22:22:03 +0200

[Message part 1 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:

> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

The commit refers to TR46 which is a Unicode standards document:

http://unicode.org/reports/tr46/#STD3_Rules

It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].

Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and AAAA records)[1].

So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.

I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.

[0] https://tools.ietf.org/html/rfc2782
[1] https://tools.ietf.org/html/rfc1123#section-2

[signature.asc (application/pgp-signature, inline)]

Message #15 received at 27809-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
Cc: 27809-done <at> debbugs.gnu.org
Subject: Re: bug#27809: libidn2 underscore stripping problem
Date: Mon, 25 Feb 2019 18:30:13 -0500

[Message part 1 (text/plain, inline)]

Leo Famulari <leo <at> famulari.name> writes:
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

This commit was contained in libidn2 2.0.3, and we currently have 2.0.5.

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.