GNU bug report logs - #27809
libidn2 underscore stripping problem

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Leo Famulari <leo@HIDDEN>; Keywords: security; dated Mon, 24 Jul 2017 19:53:02 UTC; Maintainer for guix is bug-guix@HIDDEN.
Added tag(s) security. Request was from ludo@HIDDEN (Ludovic Courtès) to control <at> debbugs.gnu.org. Full text available.

Message received at 27809 <at> debbugs.gnu.org:


Received: (at 27809) by debbugs.gnu.org; 25 Jul 2017 20:22:16 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jul 25 16:22:16 2017
Received: from localhost ([127.0.0.1]:56369 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1da6LJ-00007R-Sf
	for submit <at> debbugs.gnu.org; Tue, 25 Jul 2017 16:22:16 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:34705)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mbakke@HIDDEN>) id 1da6LG-00007G-NZ
 for 27809 <at> debbugs.gnu.org; Tue, 25 Jul 2017 16:22:07 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id F1E3520E80;
 Tue, 25 Jul 2017 16:22:05 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute5.internal (MEProxy); Tue, 25 Jul 2017 16:22:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h=
 content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
 :x-sasl-enc; s=fm1; bh=+SQGKhhe02xT0fac2RWeWsAsxlS4G9fEvgHG6ZdFW
 Bg=; b=HkwtayvXtwIXxIU45oyvElgyYYD8aRSq7XNCjyJzV/25NC2MrG4flJcxS
 0tSJaFlv7zJgCg1ooUxt/o8axNuFoG3XP9JFfmtdMJf7bxvTENtjaIC9vJTgg/6u
 QHwPJf+coZ4583N0nL3oQq6HRxl4SKdV5I2Ob5ciFBYEyHRjnVHjIgznEb8CG7e/
 Dl+xjv8V9EpX07GSUKNA/LYNgMJpqmK4iqu1IpCvk2EGH+pb9cpqTjX6GHjoGh+0
 BtT6vAUlUqH6eCJXeT52r/cuoIEQDassEbs0RLqcE2iEb/FHlb+VDQBB+F89nf4M
 Yrj7iaaY0mOD2UGLckQLuQFKZ84rQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=+SQGKhhe02xT0fac2R
 WeWsAsxlS4G9fEvgHG6ZdFWBg=; b=d+Q6gizuSSfq69WjSiunSZ1raYfH+fx3Op
 PyOjsZAN/UTkZA7mqRYNZAvT+ZnPvtsnWp6F00MTGzMI7pKRwpax1LkdGyd8ar0y
 VWjJivMZ+zTiZffcQWIWZMji928w6fWYhSQkdz+nQ3ZWMXQOTdI0iKzijIYE9H86
 /A2lz3FZ89V0Fbkcxb2qYxZtc6OKDY8miDpjGZlgSgMwUw3QhlRojuqoEMmJkkbK
 DxbFgsfVKTjN1cxfpA7WvozQHG1T9ZXtojIyvFDQrgKRPr7xwHQZnj4/w6fBzu5e
 S4z+/I/T6Ok+WcU1+vMrY1BfD8pOUSiM8Hwgt0YEwNTdW/SQejQw==
X-ME-Sender: <xms:bah3WXAPmjuRCxU3BmvViAqewgKm9SCiffuxiGl7IxCtmPpuMO_z6A>
X-Sasl-enc: JJGDNrZbc80cbhWFtAl4/T96CZiTdx0/L6FNaW9b2F8G 1501014125
Received: from localhost (unknown [188.113.81.93])
 by mail.messagingengine.com (Postfix) with ESMTPA id 828C07E1FC;
 Tue, 25 Jul 2017 16:22:05 -0400 (EDT)
From: Marius Bakke <mbakke@HIDDEN>
To: Leo Famulari <leo@HIDDEN>, 27809 <at> debbugs.gnu.org
Subject: Re: bug#27809: libidn2 underscore stripping problem
In-Reply-To: <20170724195231.GA28842@HIDDEN>
References: <20170724195231.GA28842@HIDDEN>
User-Agent: Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1
 (x86_64-unknown-linux-gnu)
Date: Tue, 25 Jul 2017 22:22:03 +0200
Message-ID: <87inigjmhg.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 27809
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@HIDDEN> writes:

> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too.  It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

The commit refers to TR46 which is a Unicode standards document:

http://unicode.org/reports/tr46/#STD3_Rules

It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].

Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and AAAA records)[1].

So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.

I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.

[0] https://tools.ietf.org/html/rfc2782
[1] https://tools.ietf.org/html/rfc1123#section-2

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAll3qGwACgkQoqBt8qM6
VPrqnQf/bHEkXs934ylvwVHnDv++34TGXcy1guig8ilOUmZ8byUIZRNrs2cMD4fi
/Co4tUCJTfYpeLerQOdxsGGXcidpNrzOn9TJd932KbCVbxG8F6NgBGdOyj8YWK/q
Mgh4gzY4M5d36PLj29bcOlaXPlnXdq2CaWQPLhNCdlo7nB9cVflcyvVX+E1Yhodu
3XNxtvNbhH1T8Fp1AIDwBZzkjsqNiURSyLZTznEBun8eVssLV3w3CWqAaAbiAMsn
Z0lW0SrQHblaOvMLa77ZKrMkNvRaRTcdehizbAKo29d+PhijZ2nFazFtuGqwnw5N
569FifVjY41e2RDMpexXZQhC0fWYhg==
=5Lli
-----END PGP SIGNATURE-----
--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#27809; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 24 Jul 2017 19:52:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 24 15:52:47 2017
Received: from localhost ([127.0.0.1]:54705 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1dZjPK-0008JX-Pi
	for submit <at> debbugs.gnu.org; Mon, 24 Jul 2017 15:52:47 -0400
Received: from eggs.gnu.org ([208.118.235.92]:49650)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1dZjPI-0008JK-Ov
 for submit <at> debbugs.gnu.org; Mon, 24 Jul 2017 15:52:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@HIDDEN>) id 1dZjPC-0003mm-OG
 for submit <at> debbugs.gnu.org; Mon, 24 Jul 2017 15:52:39 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:41997)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@HIDDEN>) id 1dZjPC-0003mV-LA
 for submit <at> debbugs.gnu.org; Mon, 24 Jul 2017 15:52:38 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40594)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <leo@HIDDEN>) id 1dZjPB-0004PB-F0
 for bug-guix@HIDDEN; Mon, 24 Jul 2017 15:52:38 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <leo@HIDDEN>) id 1dZjP7-0003h4-Ij
 for bug-guix@HIDDEN; Mon, 24 Jul 2017 15:52:37 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:46619)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <leo@HIDDEN>) id 1dZjP7-0003gP-9X
 for bug-guix@HIDDEN; Mon, 24 Jul 2017 15:52:33 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id AFCF922315;
 Mon, 24 Jul 2017 15:52:32 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
 by compute4.internal (MEProxy); Mon, 24 Jul 2017 15:52:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=content-type:date:from:message-id:mime-version:subject:to
 :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=wmm
 +Z0fnelr7c1BPmAAF9JTM4T7FKtirIWH9+KOpte0=; b=qLyFLNw+TeAzQkRo1EK
 9QNQF8FIJU3tjngorYGY7M/nGNT6L4qOnlI1f0ZxAh4gj3/b7YXl3e5SYDtLcaSO
 ene6OdYD7aSPLwWSBoKrkeYIxbz/h47wQVvosaSjQEIH7M5QIXohxXzelZlfzTA7
 gbK+M0azVZ477asfXIunAmmI=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=content-type:date:from:message-id
 :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc
 :x-sasl-enc; s=fm1; bh=wmm+Z0fnelr7c1BPmAAF9JTM4T7FKtirIWH9+KOpt
 e0=; b=EeUKcHp7DZ0yLdL7jfaEhnYjG1j97nkm/qzBjiNn2mn19vswTjDWCL6QS
 eUV88MJxn9+3ktQeYqoydWpFTlfs29JSzk6os3vhIcLEoPF9Nwf6GR/9Y1MzPJXX
 EVfxiJJV1k7olpqi6+QfFdXZMFVpLQC3Klp5nC5vuqyV3isf48V+FRVKbAn7QRSz
 UKoNhpaWzMO95NhnmDrdF2/qWl/hcd7w1P4uVR/XPcKt+GJGLAwRZpGESC/nP2Z0
 v83SGeTa7nIhKLvtPMqkZP44JttlmMjbbW/rGyQm1lH7yYQE2v/CxSLgcaz76rnk
 80IDZJKe4MY9DQbLA8ixcaSPyt34g==
X-ME-Sender: <xms:AFB2WcTP-vDdo8lEyWSWiCRadppIzuNHGctlr0PsNfkz-ncmzTS8cw>
X-Sasl-enc: v/zP7RcJVtbBhG7iBdCj4EmOxyVAhWBOofeFb6BaG3pq 1500925952
Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6E9137E1B4
 for <bug-guix@HIDDEN>; Mon, 24 Jul 2017 15:52:32 -0400 (EDT)
Date: Mon, 24 Jul 2017 15:52:31 -0400
From: Leo Famulari <leo@HIDDEN>
To: bug-guix@HIDDEN
Subject: libidn2 underscore stripping problem
Message-ID: <20170724195231.GA28842@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm"
Content-Disposition: inline
User-Agent: Mutt/1.8.3 (2017-05-23)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -6.9 (------)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -6.9 (------)


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too.  It
matters to us because we build GnuTLS with libidn2.

I'm not sure yet what the solution is for us. Help wanted!

Original report:
https://github.com/systemd/systemd/issues/6426

libidn2 discussion:
https://gitlab.com/libidn/libidn2/issues/30

Upstream fix:
https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll2T/sACgkQJkb6MLrK
fwjT6w//W3ZS+CXy6gbTfZptKubwpU86JVjxbf3Btc59Dl7o4MrA1fH3j1hJxUcD
ep3RanJSKT4bqqKj4H3Ehv+RWnBQv67O9gTzXlxG3v1Tb6aFThHomsS9QJI1fXdV
uzCrVJm97GjAi7RVtoIyqdRDsXR10wgvacFQ+ZXief8rJqf8+Egchj4wZvYf1phZ
tawxGrnhDo4ojQgSox+WipoUgAaiaIyOF9xvPKS7rXM5pKqz84wELMdw+oc+W3vK
J4bExzibCONHhMIg5WYElHvMibTVrxUX2JIHyV84E9WLVYdf99hoA+ypOGlM58+p
sNFS1hM9t+kUgGtXLdwGEq88aUqOyaIBrcolZy3ikreIwjpLxGCbATrtNQaMBC56
3dPy68i9ioRgh4C3pnUe5LOvmC4QxRixcofzNK4XYoYQk/Gsvp3Lem7OOrsGorWY
EtH1/0NwDn7ltlIlZR5SsO/wDC/KjRp2dlTZ+sp8RnjxNmPQjpZOpMlnb0KYE9C5
Izs5/EWS8m7q6p1nKJkUsI2kyH/CXe5TUMHhvPd7iMMUVayn/GbCkZkheVX/dRNX
UyIBscVxMUzGzynnBu0SVF6bhkTyr2P4C+29Tx3qXEzDAN6twAD3bOyNc9WrcaPw
/JjpFerAmh14dfw3WBZOHBMyhbJafFuvpkr1ISvb5hVkCVnDrMo=
=IFyl
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--




Acknowledgement sent to Leo Famulari <leo@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#27809; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 2 Aug 2017 22:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.