summaryrefslogtreecommitdiff
path: root/net-misc/curl
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/curl')
-rw-r--r--net-misc/curl/Manifest1
-rw-r--r--net-misc/curl/files/curl-8.0.1-onion-resolution.patch158
2 files changed, 0 insertions, 159 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 7333d5c31c11..3517adf33ccd 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -1,4 +1,3 @@
-AUX curl-8.0.1-onion-resolution.patch 4036 BLAKE2B 7f9a693f5090585c46d596133e915b67cf6a0b0a78ee164f987de166f24fb3d64a968f6263110c119710735363429447d52e5cc52df90d0f3830cf0e10c3673b SHA512 72efe3cd6d594cd2b73a19596e587c88a7ca89ed6f9a7325df98df2e18a1e85f26232ea48e80097d2d1e2f8db2c1cd945896311cd70ee830c8838afbcb7628d9
AUX curl-8.3.0-CVE-2023-38545.patch 4345 BLAKE2B b3519d1fdccecf40e9a49cd96bf61e53c2a8ab44b2ca05543ea431da6a00125ccc9b6f7cdde0371db30e741b19a8c86cc90038987750744d2f02a0b1c1f0bec0 SHA512 1b0d3f4d4475bf4d579d4a99504a1e488b4a64e956497dc9558206234f67c60a6006ec9c93df89dc5b18c8d60312877838564adbcb834af5d6389f2f7be856d8
AUX curl-8.3.0-CVE-2023-38546.patch 4852 BLAKE2B 316a6ca5a05c55ffa029aa97ad9c23844bf9dce2a0220cdce324c678baa8f1bfef6dcb21a6460c80345d2fe81e7738055d207a76e3d0c920c6bbb827869b02c5 SHA512 1a0d047c9c661d39caf4f4f47177aa804b8b8689f68f1f14e83163ce311b5783b58ae3d216e84dbec6bf93b6b0ba7a838831121282702e613ab4c00c1874730d
AUX curl-8.3.0-tests-arm-musl.patch 3472 BLAKE2B 6722ff38b03191a9c26b90b9a2d4dc9d439cfb0d7227e10f1f100bec4a4d8709878bfab89ef9cfa854955dd44462eef66b8eb3a31db75b4555d9eccaa4457729 SHA512 3beaf54c017c9c13e023bdcaa7e187b1689f988ff2837c2e9a998ed9e7beb850e8baf9dafb0a506b60018b853c8039763d59f2849f1772a8bc8b63843111d769
diff --git a/net-misc/curl/files/curl-8.0.1-onion-resolution.patch b/net-misc/curl/files/curl-8.0.1-onion-resolution.patch
deleted file mode 100644
index 65b486529c1f..000000000000
--- a/net-misc/curl/files/curl-8.0.1-onion-resolution.patch
+++ /dev/null
@@ -1,158 +0,0 @@
-https://bugs.gentoo.org/887287
-https://github.com/curl/curl/pull/10705
-
-From e2bbd1adc22ec5033e2292b780e1790db93c3cb4 Mon Sep 17 00:00:00 2001
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Wed, 8 Mar 2023 02:16:45 +1100
-Subject: [PATCH] Refuse to resolve the .onion TLD.
-
-RFC 7686 states that:
-
-> Applications that do not implement the Tor
-> protocol SHOULD generate an error upon the use of .onion and
-> SHOULD NOT perform a DNS lookup.
-
-Let's do that.
-
-See curl/curl#543
-https://www.rfc-editor.org/rfc/rfc7686#section-2
---- a/docs/KNOWN_BUGS
-+++ b/docs/KNOWN_BUGS
-@@ -80,7 +80,6 @@ problems may have been fixed or changed somewhat since this was written.
- 10.3 FTPS over SOCKS
-
- 11. Internals
-- 11.1 Curl leaks .onion hostnames in DNS
- 11.2 error buffer not set if connection to multiple addresses fails
- 11.4 HTTP test server 'connection-monitor' problems
- 11.5 Connection information when using TCP Fast Open
-@@ -525,14 +524,6 @@ problems may have been fixed or changed somewhat since this was written.
-
- 11. Internals
-
--11.1 Curl leaks .onion hostnames in DNS
--
-- Curl sends DNS requests for hostnames with a .onion TLD. This leaks
-- information about what the user is attempting to access, and violates this
-- requirement of RFC7686: https://datatracker.ietf.org/doc/html/rfc7686
--
-- Issue: https://github.com/curl/curl/issues/543
--
- 11.2 error buffer not set if connection to multiple addresses fails
-
- If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
---- a/lib/hostip.c
-+++ b/lib/hostip.c
-@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data,
- CURLcode result;
- enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */
- struct connectdata *conn = data->conn;
-+ /* We should intentionally error and not resolve .onion TLDs */
-+ size_t hostname_len = strlen(hostname);
-+ if(hostname_len >= 7 &&
-+ (curl_strequal(&hostname[hostname_len-6], ".onion") ||
-+ curl_strequal(&hostname[hostname_len-7], ".onion."))) {
-+ failf(data, "Not resolving .onion address (RFC 7686)");
-+ return CURLRESOLV_ERROR;
-+ }
- *entry = NULL;
- #ifndef CURL_DISABLE_DOH
- conn->bits.doh = FALSE; /* default is not */
---- a/tests/data/Makefile.inc
-+++ b/tests/data/Makefile.inc
-@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \
- test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \
- test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \
- test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \
--test1464 test1465 test1466 test1467 test1468 test1469 test1470 \
--\
-+test1464 test1465 test1466 test1467 test1468 test1469 test1470 test1471 \
-+test1472 \
- test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \
- test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \
- test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \
---- /dev/null
-+++ b/tests/data/test1471
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion TLD
-+</name>
-+<command>
-+red.onion
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
---- /dev/null
-+++ b/tests/data/test1472
-@@ -0,0 +1,39 @@
-+<testcase>
-+<info>
-+<keywords>
-+Onion
-+Tor
-+FAILURE
-+</keywords>
-+</info>
-+#
-+# Server-side
-+<reply>
-+</reply>
-+
-+#
-+# Client-side
-+<client>
-+<server>
-+none
-+</server>
-+<name>
-+Fail to resolve .onion. TLD
-+</name>
-+<command>
-+tasty.onion.
-+</command>
-+</client>
-+
-+#
-+# Verify data after the test has been "shot"
-+<verify>
-+# Couldn't resolve host name
-+<errorcode>
-+6
-+</errorcode>
-+<stderr mode="text">
-+curl: (6) Not resolving .onion address (RFC 7686)
-+</stderr>
-+</verify>
-+</testcase>
-