Package: curl Version: 7.86.0-1 Severity: important I use a comma separated list of values in my no_proxy environment settings. Something like this
no_proxy=localhost,127.0.0.1,::1,.internal.example.com,.example.org,10.0.0.0/8 This has worked fine for me for years. After the upgrade from 7.85.0-1 to 7.86.0-1, this setting is ignored and curl contacts the proxy server: $ curl -sv http://www.internal.example.com/ >/dev/null * Uses proxy env variable no_proxy == 'localhost,127.0.0.1,::1,.internal.example.com,.example.org,10.0.0.0/8' * Uses proxy env variable http_proxy == 'http://proxy.example.com:8080' * Trying 10.0.20.20:8080... * Connected to (nil) (10.0.20.20) port 8080 (#0) Using a single domain for the no_proxy value does not contact the proxy $ no_proxy=.internal.example.com curl -sv http://www.internal.example.com/ >/dev/null * Uses proxy env variable no_proxy == '.internal.example.com' * Trying 10.11.0.165:80... * Connected to www.internal.example.com (10.11.0.165) port 80 (#0) I have been experimenting a bit and found that *appending* to the variable triggers the bug. That is, no_proxy=.internal.example.com,localhost contacts the proxy server. Prepending it, does *not* trigger the bug. That is no_proxy=localhost,.internal.example.com does not contact the proxy. If I move .internal.example.com to the end of the comma separated list, curl behaves as expected but that obviously breaks for URLs in the .example.org domain or covered by the 10.0.0.0/8 CIDR. BTW, I also observe this with git for HTTP(S) URLs. In fact, that's where I first encountered the bug. Setting the no_proxy value to match the URL works around the issue for git too. Seeing that curl depends on libcurl4 and git libcurl3-gnutls, I'm submitting this to curl. I set the severity to important because it breaks a very common (as in oodles of times per day) workflow for me. Hope this helps.