Opened 6 years ago
Closed 6 years ago
#55197 closed defect (fixed)
curl: +idn variant ineffective, curl now supports only libidn2
| Reported by: | dbevans (David B. Evans) | Owned by: | ryandesign (Ryan Carsten Schmidt) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: | curl |
Description
curl some time ago switched support for IDN from libidn to libidn2 using --with-idn2 rather than --with-idn. This change was prompted by CVE-2016-8625.
See idn: switch to libidn2 use and IDNA2008 support
As a consequence, the current +idn variant is ineffective and curl will link with libidn2 if it is available regardless of variant settings.
Suggest updating the +idn variant to use libidn2 and --with-idn2.
Change History (2)
comment:1 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)
| Status: | new → accepted |
|---|
comment:2 Changed 6 years ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Note: See
TracTickets for help on using
tickets.
Thanks for letting me know! I failed to notice this. I'll remove the idn variant and always enable libidn2 support, as recommended by the developer of curl.