[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: [curl] Re: configure: --with-libidn or --with-libidn2?
From: |
Leo Famulari |
Subject: |
Re: Fwd: [curl] Re: configure: --with-libidn or --with-libidn2? |
Date: |
Mon, 26 Dec 2016 12:35:51 -0500 |
User-agent: |
Mutt/1.7.2 (2016-11-26) |
On Mon, Dec 26, 2016 at 05:10:50PM +0000, ng0 wrote:
> Leo Famulari <address@hidden> writes:
>
> > On Mon, Dec 26, 2016 at 01:59:22PM +0000, ng0 wrote:
> >> It seems as if curl can be build with libidn2 now and they have
> >> addressed the bug which existed for a while. I will check with
> >> upstream and send in a fix for our curl package once I am sure
> >> that the old bug has been fixed.
> >
> > Which bug?
> >
> > In November 2016, the curl maintainers asked packagers to not link curl
> > with libidn or libidn2 at all, due to security issues:
> >
> > https://curl.haxx.se/mail/lib-2016-11/0033.html
> >
>
> Which has since then be fixed and in a recent (not in 7.52.1
> included) commit the --with-libidn2 option has been added.
>
> My understanding of libidn2 is that there were problems with some
> usecases. For example a domain name like bäcker.de would give
> problems to applications such as curl. Of course this was months
> ago, and I would not trust my memory on this.
I don't think this issue is fixed in a released version of libidn2.
I see some unreleased changes in an unofficial 3rd-party libidn2
repository that appear to address the problem:
https://gitlab.com/rockdaboot/libidn2/commit/1712c7188c367bb822aeb0a0f89735ebf4aa7d5a
Specifically, "** Add TR46 / UTS#46 support to API and idn2 utility."
I understand that to be the main blocker based on this curl discussion:
https://curl.haxx.se/mail/lib-2016-11/0198.html
Am I missing something?