Opened 7 years ago

Closed 7 years ago

Last modified 3 months ago

#55197 closed defect (fixed)

curl: +idn variant ineffective, curl now supports only libidn2

Reported by: dbevans (David B. Evans) Owned by: ryandesign (Ryan Carsten Schmidt)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc:
Port: curl

Description

curl some time ago switched support for IDN from libidn to libidn2 using --with-idn2 rather than --with-idn. This change was prompted by CVE-2016-8625.

See idn: switch to libidn2 use and IDNA2008 support

As a consequence, the current +idn variant is ineffective and curl will link with libidn2 if it is available regardless of variant settings.

Suggest updating the +idn variant to use libidn2 and --with-idn2.

Change History (3)

comment:1 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Status: newaccepted

Thanks for letting me know! I failed to notice this. I'll remove the idn variant and always enable libidn2 support, as recommended by the developer of curl.

comment:2 Changed 7 years ago by ryandesign (Ryan Carsten Schmidt)

Resolution: fixed
Status: acceptedclosed

In 8e960042fb486d052e9163b4f2f2a4b76f1c81dd/macports-ports:

curl: Enable libidn2 support and remove idn variant

Closes: #55197

comment:3 Changed 3 months ago by ryandesign (Ryan Carsten Schmidt)

In ab601bb9f7d20d00d9f00a309b3c55c5e21763c7/macports-ports (master):

curl: Move brotli/http2/idn/psl/zstd to variants

While some users want commonly-used features enabled in curl by default,
others wish to have the option to disable them to build a minimal curl
for MacPorts to link with on older systems. Therefore move brotli,
http2, idn, psl, and zstd features to variants which are on by default.

See: #55197
See: #61654
See: #65056
See: #70481

Note: See TracTickets for help on using tickets.