libidn2 underscore stripping problem

  • Done
  • quality assurance status badge
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Submitted by
Leo Famulari
Severity
normal

Debbugs page

L
L
Leo Famulari wrote on 24 Jul 2017 12:52
(address . bug-guix@gnu.org)
20170724195231.GA28842@jasmine.lan
It was recently reported that libidn2 can cause issues for domains whose
names contain underscores, and maybe some other characters, too. It
matters to us because we build GnuTLS with libidn2.

I'm not sure yet what the solution is for us. Help wanted!

Original report:

libidn2 discussion:

Upstream fix:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll2T/sACgkQJkb6MLrK
fwjT6w//W3ZS+CXy6gbTfZptKubwpU86JVjxbf3Btc59Dl7o4MrA1fH3j1hJxUcD
ep3RanJSKT4bqqKj4H3Ehv+RWnBQv67O9gTzXlxG3v1Tb6aFThHomsS9QJI1fXdV
uzCrVJm97GjAi7RVtoIyqdRDsXR10wgvacFQ+ZXief8rJqf8+Egchj4wZvYf1phZ
tawxGrnhDo4ojQgSox+WipoUgAaiaIyOF9xvPKS7rXM5pKqz84wELMdw+oc+W3vK
J4bExzibCONHhMIg5WYElHvMibTVrxUX2JIHyV84E9WLVYdf99hoA+ypOGlM58+p
sNFS1hM9t+kUgGtXLdwGEq88aUqOyaIBrcolZy3ikreIwjpLxGCbATrtNQaMBC56
3dPy68i9ioRgh4C3pnUe5LOvmC4QxRixcofzNK4XYoYQk/Gsvp3Lem7OOrsGorWY
EtH1/0NwDn7ltlIlZR5SsO/wDC/KjRp2dlTZ+sp8RnjxNmPQjpZOpMlnb0KYE9C5
Izs5/EWS8m7q6p1nKJkUsI2kyH/CXe5TUMHhvPd7iMMUVayn/GbCkZkheVX/dRNX
UyIBscVxMUzGzynnBu0SVF6bhkTyr2P4C+29Tx3qXEzDAN6twAD3bOyNc9WrcaPw
/JjpFerAmh14dfw3WBZOHBMyhbJafFuvpkr1ISvb5hVkCVnDrMo=
=IFyl
-----END PGP SIGNATURE-----


M
M
Marius Bakke wrote on 25 Jul 2017 13:22
87inigjmhg.fsf@fastmail.com
Leo Famulari <leo@famulari.name> writes:

Toggle quote (15 lines)
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too. It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

The commit refers to TR46 which is a Unicode standards document:


It appears the new IDNA processing rules disallow use of underscores in
domain names, which is in direct conflict with e.g. RFC2782[0].

Part of the confusion comes from the fact that underscores are indeed
disallowed in *hostnames* (as in A and AAAA records)[1].

So if libidn2 enforces STD3 compliance on *all* domain types (how can it
distinguish?), that is not good.

I'm not sure if it's worth grafting it until we have a real-world use
case however. Though we could consider swallowing the ~2300 rebuilds in
the next staging round for the new version which contains the fix.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAll3qGwACgkQoqBt8qM6
VPrqnQf/bHEkXs934ylvwVHnDv++34TGXcy1guig8ilOUmZ8byUIZRNrs2cMD4fi
/Co4tUCJTfYpeLerQOdxsGGXcidpNrzOn9TJd932KbCVbxG8F6NgBGdOyj8YWK/q
Mgh4gzY4M5d36PLj29bcOlaXPlnXdq2CaWQPLhNCdlo7nB9cVflcyvVX+E1Yhodu
3XNxtvNbhH1T8Fp1AIDwBZzkjsqNiURSyLZTznEBun8eVssLV3w3CWqAaAbiAMsn
Z0lW0SrQHblaOvMLa77ZKrMkNvRaRTcdehizbAKo29d+PhijZ2nFazFtuGqwnw5N
569FifVjY41e2RDMpexXZQhC0fWYhg==
=5Lli
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 2 Aug 2017 15:01
control message for bug #27809
(address . control@debbugs.gnu.org)
87h8xpsk6y.fsf@gnu.org
tags 27809 security
L
L
Leo Famulari wrote on 25 Feb 2019 15:30
Re: bug#27809: libidn2 underscore stripping problem
(address . 27809-done@debbugs.gnu.org)
20190225233013.GA16467@jasmine.lan
Leo Famulari <leo@famulari.name> writes:
Toggle quote (15 lines)
> It was recently reported that libidn2 can cause issues for domains whose
> names contain underscores, and maybe some other characters, too. It
> matters to us because we build GnuTLS with libidn2.
>
> I'm not sure yet what the solution is for us. Help wanted!
>
> Original report:
> https://github.com/systemd/systemd/issues/6426
>
> libidn2 discussion:
> https://gitlab.com/libidn/libidn2/issues/30
>
> Upstream fix:
> https://gitlab.com/libidn/libidn2/commit/a5cbc16efd02adb78d2d082b21c3ac4d3fa88d2e

This commit was contained in libidn2 2.0.3, and we currently have 2.0.5.
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlx0eoUACgkQJkb6MLrK
fwgAbhAAnvUifFW5laA67XcsyfMeXqw5FyoiyQjPe4ymaFoG6/Ivzktrm4DV9Hwo
lAcIrxARtd+Lo3EJlW3B0r2ZfbtsYtKBi/nf6byoP8xqsuorYmegxOTHq6IkrBr+
e4VQRwFj248CIjFrla2s5xb5FOTSTREKNKZu77Mp/L3SqLjTMyfc/DGuwdgCS3na
fsUhJ5JtkkSNE+ZEQ9fTa+Zeyt9TvPaHnG+8MCrgxwHT54ThyAalLOJwM9kBt4Dm
0NAQzt5F18HwYlCPlbreUy2N+cScvBtLq+ULCQJF8jJMze7W9xd4xn7csi1XmqX1
+XngTJ+4+ulSS5PV04yQtKTRw2BlZVL35iFuSBAChPBbSDqG0LSr3uIxSKIwr/VG
nZrAmZluLjEF8yd/mBx8Ii8rT5ce3HMEl1TZkU9W9vq+emGn/KKj63uedyD3BEPY
KJwzGuomwAMRoC14H99KBDvTXLu35gZ7GO3vfYXts3XiSHoTgjgXIIcWz75l3Jxi
dA7OLTFoGOU4MU+Dti1fN7Nw7it+YBwztLvfK5Pv2gT9YJVAqJAn5tWLMVFPVJHG
cpGbCWCXEOwIj3CqiWL6Kf54CgMqJ0ogcP0qLl8eV+DGI7rot/EAUkqUxGRuyaiM
Fawwv1WcSxMaAjMHqQTVEM4Ulbh82dzQV/kUF9xFBn7mf3qq1CI=
=v4UC
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 27809@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 27809
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch