Bug 1449150

Summary: dnsmasq: switch to libidn2
Product: [Fedora] Fedora Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: dnsmasqAssignee: Petr Menšík <pemensik>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: code, itamar, laine, pemensik, thozza, veillard
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: dnsmasq-2.77-1.rc2.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-12 10:45:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1439723    
Attachments:
Description Flags
Patch with libidn2 support none

Description Nikos Mavrogiannopoulos 2017-05-09 09:47:40 UTC 
Description of problem:
Internationalized domain names exist for quite some time (IDNA2003), although the protocols describing them have evolved in an incompatible way (IDNA2008). These incompatibilities will prevent applications written for IDNA2003 to access certain problematic domain names defined with IDNA2008, e.g., faß.de is translated to domain xn--fa-hia.de with IDNA2008, while in IDNA2003 it is translated to fass.de domain. That not only causes incompatibility problems, but may be used as an attack vector to redirect users to different web sites.

The change is about deprecating libidn, which supports IDNA2003, and switch all applications using libidn, to libidn2 2.0.0, which supports IDNA2008. The switch should be transparent as the libidn2 library is API compatible. See instructions at:
https://libidn.gitlab.io/libidn2/manual/libidn2.html#Converting-from-libidn


This is part of the IDNA2008 change:
https://fedoraproject.org/wiki/Changes/IDNA2008

If upstream is not aware of that change please involve them on the process.
Comment 1 Petr Menšík 2017-05-09 17:02:59 UTC 
Created attachment 1277407 [details]
Patch with libidn2 support
Comment 2 Petr Menšík 2017-05-12 09:34:00 UTC 
Patch sent upstream and already accepted. See mailing list http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q2/011470.html

Updated dnsmasq pushed to rawhide.
Comment 3 Nikos Mavrogiannopoulos 2017-05-12 10:04:37 UTC 
Thank you Petr.
Comment 4 Petr Menšík 2017-05-12 10:45:29 UTC 
Fixed by rebased version 2.77rc2