diff options
Diffstat (limited to 'net-misc/curl')
-rw-r--r-- | net-misc/curl/Manifest | 1 | ||||
-rw-r--r-- | net-misc/curl/files/curl-8.0.1-onion-resolution.patch | 158 |
2 files changed, 0 insertions, 159 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest index 7333d5c31c11..3517adf33ccd 100644 --- a/net-misc/curl/Manifest +++ b/net-misc/curl/Manifest @@ -1,4 +1,3 @@ -AUX curl-8.0.1-onion-resolution.patch 4036 BLAKE2B 7f9a693f5090585c46d596133e915b67cf6a0b0a78ee164f987de166f24fb3d64a968f6263110c119710735363429447d52e5cc52df90d0f3830cf0e10c3673b SHA512 72efe3cd6d594cd2b73a19596e587c88a7ca89ed6f9a7325df98df2e18a1e85f26232ea48e80097d2d1e2f8db2c1cd945896311cd70ee830c8838afbcb7628d9 AUX curl-8.3.0-CVE-2023-38545.patch 4345 BLAKE2B b3519d1fdccecf40e9a49cd96bf61e53c2a8ab44b2ca05543ea431da6a00125ccc9b6f7cdde0371db30e741b19a8c86cc90038987750744d2f02a0b1c1f0bec0 SHA512 1b0d3f4d4475bf4d579d4a99504a1e488b4a64e956497dc9558206234f67c60a6006ec9c93df89dc5b18c8d60312877838564adbcb834af5d6389f2f7be856d8 AUX curl-8.3.0-CVE-2023-38546.patch 4852 BLAKE2B 316a6ca5a05c55ffa029aa97ad9c23844bf9dce2a0220cdce324c678baa8f1bfef6dcb21a6460c80345d2fe81e7738055d207a76e3d0c920c6bbb827869b02c5 SHA512 1a0d047c9c661d39caf4f4f47177aa804b8b8689f68f1f14e83163ce311b5783b58ae3d216e84dbec6bf93b6b0ba7a838831121282702e613ab4c00c1874730d AUX curl-8.3.0-tests-arm-musl.patch 3472 BLAKE2B 6722ff38b03191a9c26b90b9a2d4dc9d439cfb0d7227e10f1f100bec4a4d8709878bfab89ef9cfa854955dd44462eef66b8eb3a31db75b4555d9eccaa4457729 SHA512 3beaf54c017c9c13e023bdcaa7e187b1689f988ff2837c2e9a998ed9e7beb850e8baf9dafb0a506b60018b853c8039763d59f2849f1772a8bc8b63843111d769 diff --git a/net-misc/curl/files/curl-8.0.1-onion-resolution.patch b/net-misc/curl/files/curl-8.0.1-onion-resolution.patch deleted file mode 100644 index 65b486529c1f..000000000000 --- a/net-misc/curl/files/curl-8.0.1-onion-resolution.patch +++ /dev/null @@ -1,158 +0,0 @@ -https://bugs.gentoo.org/887287 -https://github.com/curl/curl/pull/10705 - -From e2bbd1adc22ec5033e2292b780e1790db93c3cb4 Mon Sep 17 00:00:00 2001 -From: Matt Jolly <Matt.Jolly@footclan.ninja> -Date: Wed, 8 Mar 2023 02:16:45 +1100 -Subject: [PATCH] Refuse to resolve the .onion TLD. - -RFC 7686 states that: - -> Applications that do not implement the Tor -> protocol SHOULD generate an error upon the use of .onion and -> SHOULD NOT perform a DNS lookup. - -Let's do that. - -See curl/curl#543 -https://www.rfc-editor.org/rfc/rfc7686#section-2 ---- a/docs/KNOWN_BUGS -+++ b/docs/KNOWN_BUGS -@@ -80,7 +80,6 @@ problems may have been fixed or changed somewhat since this was written. - 10.3 FTPS over SOCKS - - 11. Internals -- 11.1 Curl leaks .onion hostnames in DNS - 11.2 error buffer not set if connection to multiple addresses fails - 11.4 HTTP test server 'connection-monitor' problems - 11.5 Connection information when using TCP Fast Open -@@ -525,14 +524,6 @@ problems may have been fixed or changed somewhat since this was written. - - 11. Internals - --11.1 Curl leaks .onion hostnames in DNS -- -- Curl sends DNS requests for hostnames with a .onion TLD. This leaks -- information about what the user is attempting to access, and violates this -- requirement of RFC7686: https://datatracker.ietf.org/doc/html/rfc7686 -- -- Issue: https://github.com/curl/curl/issues/543 -- - 11.2 error buffer not set if connection to multiple addresses fails - - If you ask libcurl to resolve a hostname like example.com to IPv6 addresses ---- a/lib/hostip.c -+++ b/lib/hostip.c -@@ -652,6 +652,14 @@ enum resolve_t Curl_resolv(struct Curl_easy *data, - CURLcode result; - enum resolve_t rc = CURLRESOLV_ERROR; /* default to failure */ - struct connectdata *conn = data->conn; -+ /* We should intentionally error and not resolve .onion TLDs */ -+ size_t hostname_len = strlen(hostname); -+ if(hostname_len >= 7 && -+ (curl_strequal(&hostname[hostname_len-6], ".onion") || -+ curl_strequal(&hostname[hostname_len-7], ".onion."))) { -+ failf(data, "Not resolving .onion address (RFC 7686)"); -+ return CURLRESOLV_ERROR; -+ } - *entry = NULL; - #ifndef CURL_DISABLE_DOH - conn->bits.doh = FALSE; /* default is not */ ---- a/tests/data/Makefile.inc -+++ b/tests/data/Makefile.inc -@@ -186,8 +186,8 @@ test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 \ - test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 \ - test1448 test1449 test1450 test1451 test1452 test1453 test1454 test1455 \ - test1456 test1457 test1458 test1459 test1460 test1461 test1462 test1463 \ --test1464 test1465 test1466 test1467 test1468 test1469 test1470 \ --\ -+test1464 test1465 test1466 test1467 test1468 test1469 test1470 test1471 \ -+test1472 \ - test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ - test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ - test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \ ---- /dev/null -+++ b/tests/data/test1471 -@@ -0,0 +1,39 @@ -+<testcase> -+<info> -+<keywords> -+Onion -+Tor -+FAILURE -+</keywords> -+</info> -+# -+# Server-side -+<reply> -+</reply> -+ -+# -+# Client-side -+<client> -+<server> -+none -+</server> -+<name> -+Fail to resolve .onion TLD -+</name> -+<command> -+red.onion -+</command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# Couldn't resolve host name -+<errorcode> -+6 -+</errorcode> -+<stderr mode="text"> -+curl: (6) Not resolving .onion address (RFC 7686) -+</stderr> -+</verify> -+</testcase> ---- /dev/null -+++ b/tests/data/test1472 -@@ -0,0 +1,39 @@ -+<testcase> -+<info> -+<keywords> -+Onion -+Tor -+FAILURE -+</keywords> -+</info> -+# -+# Server-side -+<reply> -+</reply> -+ -+# -+# Client-side -+<client> -+<server> -+none -+</server> -+<name> -+Fail to resolve .onion. TLD -+</name> -+<command> -+tasty.onion. -+</command> -+</client> -+ -+# -+# Verify data after the test has been "shot" -+<verify> -+# Couldn't resolve host name -+<errorcode> -+6 -+</errorcode> -+<stderr mode="text"> -+curl: (6) Not resolving .onion address (RFC 7686) -+</stderr> -+</verify> -+</testcase> - |