#55197 closed defect (fixed)
curl: +idn variant ineffective, curl now supports only libidn2
Reported by: | dbevans (David B. Evans) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | ||
Port: | curl |
Description
curl some time ago switched support for IDN from libidn to libidn2 using --with-idn2 rather than --with-idn. This change was prompted by CVE-2016-8625.
See idn: switch to libidn2 use and IDNA2008 support
As a consequence, the current +idn variant is ineffective and curl will link with libidn2 if it is available regardless of variant settings.
Suggest updating the +idn variant to use libidn2 and --with-idn2.
Change History (3)
comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
Status: | new → accepted |
---|
comment:2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
comment:3 Changed 3 months ago by ryandesign (Ryan Carsten Schmidt)
Note: See
TracTickets for help on using
tickets.
Thanks for letting me know! I failed to notice this. I'll remove the idn variant and always enable libidn2 support, as recommended by the developer of curl.