Re: unbreak curl no_proxy
On 2022/11/06 16:20, Christian Weisgerber wrote: > Christian Weisgerber: > > > > I've added https://github.com/curl/curl/issues/9842 > > > > So we wait? > > Here's a diff with the accumulated noproxy fixes, including the > lastest suggested "tailmatch like in 7.85.0 and earlier". Thanks. OK > Index: Makefile > === > RCS file: /cvs/ports/net/curl/Makefile,v > retrieving revision 1.174 > diff -u -p -r1.174 Makefile > --- Makefile 28 Oct 2022 17:59:06 - 1.174 > +++ Makefile 6 Nov 2022 15:18:15 - > @@ -1,6 +1,7 @@ > COMMENT= transfer files with FTP, HTTP, HTTPS, etc. > > DISTNAME=curl-7.86.0 > +REVISION=0 > SHARED_LIBS= curl 26.17# 12.0 > CATEGORIES= net > HOMEPAGE=https://curl.se/ > Index: patches/patch-lib_noproxy_c > === > RCS file: patches/patch-lib_noproxy_c > diff -N patches/patch-lib_noproxy_c > --- /dev/null 1 Jan 1970 00:00:00 - > +++ patches/patch-lib_noproxy_c 6 Nov 2022 15:18:15 - > @@ -0,0 +1,95 @@ > +noproxy: also match with adjacent comma > +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 > + > +noproxy: fix tail-matching > +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa38b > + > +noproxy: tailmatch like in 7.85.0 and earlier > + > +Index: lib/noproxy.c > +--- lib/noproxy.c.orig > lib/noproxy.c > +@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char * > + } > + else { > + unsigned int address; > ++ namelen = strlen(name); > + if(1 == Curl_inet_pton(AF_INET, name, &address)) > + type = TYPE_IPV4; > +- namelen = strlen(name); > ++ else { > ++/* ignore trailing dots in the host name */ > ++if(name[namelen - 1] == '.') > ++ namelen--; > ++ } > + } > + > + while(*p) { > +@@ -173,33 +178,50 @@ bool Curl_check_noproxy(const char *name, const char * > + if(tokenlen) { > + switch(type) { > + case TYPE_HOST: > +- if(*token == '.') { > +-++token; > +---tokenlen; > +-/* tailmatch */ > +-match = (tokenlen <= namelen) && > +- strncasecompare(token, name + (namelen - tokenlen), namelen); > ++ /* ignore trailing dots in the token to check */ > ++ if(token[tokenlen - 1] == '.') > ++tokenlen--; > ++ > ++ if(tokenlen && (*token == '.')) { > ++/* ignore leading token dot as well */ > ++token++; > ++tokenlen--; > + } > +- else > +-match = (tokenlen == namelen) && > +- strncasecompare(token, name, namelen); > ++ /* A: example.com matches 'example.com' > ++ B: www.example.com matches 'example.com' > ++ C: nonexample.com DOES NOT match 'example.com' > ++ */ > ++ if(tokenlen == namelen) > ++/* case A, exact match */ > ++match = strncasecompare(token, name, namelen); > ++ else if(tokenlen < namelen) { > ++/* case B, tailmatch domain */ > ++match = (name[namelen - tokenlen - 1] == '.') && > ++ strncasecompare(token, name + (namelen - tokenlen), > ++ tokenlen); > ++ } > ++ /* case C passes through, not a match */ > + break; > + case TYPE_IPV4: > + /* FALLTHROUGH */ > + case TYPE_IPV6: { > + const char *check = token; > +- char *slash = strchr(check, '/'); > ++ char *slash; > + unsigned int bits = 0; > + char checkip[128]; > ++ if(tokenlen >= sizeof(checkip)) > ++/* this cannot match */ > ++break; > ++ /* copy the check name to a temp buffer */ > ++ memcpy(checkip, check, tokenlen); > ++ checkip[tokenlen] = 0; > ++ check = checkip; > ++ > ++ slash = strchr(check, '/'); > + /* if the slash is part of this token, use it */ > +- if(slash && (slash < &check[tokenlen])) { > ++ if(slash) { > + bits = atoi(slash + 1); > +-/* copy the check name to a temp buffer */ > +-if(tokenlen >= sizeof(checkip)) > +- break; > +-memcpy(checkip, check, tokenlen); > +-checkip[ slash - check ] = 0; > +-check = checkip; > ++*slash = 0; /* null terminate there */ > + } > + if(type == TYPE_IPV6) > + match = Curl_cidr6_match(name, check, bits); > Index: patches/patch-m4_curl-compilers_m4 > === > RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v > retrieving revision 1.5 > diff -u -p -r1.5 patch-m4_curl-compilers_m4 > --- pa
Re: unbreak curl no_proxy
Christian Weisgerber: > > I've added https://github.com/curl/curl/issues/9842 > > So we wait? Here's a diff with the accumulated noproxy fixes, including the lastest suggested "tailmatch like in 7.85.0 and earlier". Index: Makefile === RCS file: /cvs/ports/net/curl/Makefile,v retrieving revision 1.174 diff -u -p -r1.174 Makefile --- Makefile28 Oct 2022 17:59:06 - 1.174 +++ Makefile6 Nov 2022 15:18:15 - @@ -1,6 +1,7 @@ COMMENT= transfer files with FTP, HTTP, HTTPS, etc. DISTNAME= curl-7.86.0 +REVISION= 0 SHARED_LIBS= curl 26.17# 12.0 CATEGORIES=net HOMEPAGE= https://curl.se/ Index: patches/patch-lib_noproxy_c === RCS file: patches/patch-lib_noproxy_c diff -N patches/patch-lib_noproxy_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-lib_noproxy_c 6 Nov 2022 15:18:15 - @@ -0,0 +1,95 @@ +noproxy: also match with adjacent comma +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 + +noproxy: fix tail-matching +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa38b + +noproxy: tailmatch like in 7.85.0 and earlier + +Index: lib/noproxy.c +--- lib/noproxy.c.orig lib/noproxy.c +@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char * + } + else { + unsigned int address; ++ namelen = strlen(name); + if(1 == Curl_inet_pton(AF_INET, name, &address)) + type = TYPE_IPV4; +- namelen = strlen(name); ++ else { ++/* ignore trailing dots in the host name */ ++if(name[namelen - 1] == '.') ++ namelen--; ++ } + } + + while(*p) { +@@ -173,33 +178,50 @@ bool Curl_check_noproxy(const char *name, const char * + if(tokenlen) { + switch(type) { + case TYPE_HOST: +- if(*token == '.') { +-++token; +---tokenlen; +-/* tailmatch */ +-match = (tokenlen <= namelen) && +- strncasecompare(token, name + (namelen - tokenlen), namelen); ++ /* ignore trailing dots in the token to check */ ++ if(token[tokenlen - 1] == '.') ++tokenlen--; ++ ++ if(tokenlen && (*token == '.')) { ++/* ignore leading token dot as well */ ++token++; ++tokenlen--; + } +- else +-match = (tokenlen == namelen) && +- strncasecompare(token, name, namelen); ++ /* A: example.com matches 'example.com' ++ B: www.example.com matches 'example.com' ++ C: nonexample.com DOES NOT match 'example.com' ++ */ ++ if(tokenlen == namelen) ++/* case A, exact match */ ++match = strncasecompare(token, name, namelen); ++ else if(tokenlen < namelen) { ++/* case B, tailmatch domain */ ++match = (name[namelen - tokenlen - 1] == '.') && ++ strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++ } ++ /* case C passes through, not a match */ + break; + case TYPE_IPV4: + /* FALLTHROUGH */ + case TYPE_IPV6: { + const char *check = token; +- char *slash = strchr(check, '/'); ++ char *slash; + unsigned int bits = 0; + char checkip[128]; ++ if(tokenlen >= sizeof(checkip)) ++/* this cannot match */ ++break; ++ /* copy the check name to a temp buffer */ ++ memcpy(checkip, check, tokenlen); ++ checkip[tokenlen] = 0; ++ check = checkip; ++ ++ slash = strchr(check, '/'); + /* if the slash is part of this token, use it */ +- if(slash && (slash < &check[tokenlen])) { ++ if(slash) { + bits = atoi(slash + 1); +-/* copy the check name to a temp buffer */ +-if(tokenlen >= sizeof(checkip)) +- break; +-memcpy(checkip, check, tokenlen); +-checkip[ slash - check ] = 0; +-check = checkip; ++*slash = 0; /* null terminate there */ + } + if(type == TYPE_IPV6) + match = Curl_cidr6_match(name, check, bits); Index: patches/patch-m4_curl-compilers_m4 === RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v retrieving revision 1.5 diff -u -p -r1.5 patch-m4_curl-compilers_m4 --- patches/patch-m4_curl-compilers_m4 30 Jun 2022 18:11:25 - 1.5 +++ patches/patch-m4_curl-compilers_m4 6 Nov 2022 15:18:15 - @@ -9,7 +9,7 @@ Do not override optimization flags in CF Index: m4/curl-compilers.m4 --- m4/curl-compilers.m4.orig +++ m4/curl-compilers.m4 -@@ -693,7 +693,7 @@ AC_DEFUN([CU
Re: unbreak curl no_proxy
Stuart Henderson: > oh, there's a second commit too, Yes, I've prepared a patch with the upstream fixes from "noproxy: also match with adjacent comma" "noproxy: fix tail-matching" This does not affect the existing regression tests. > but it's still not enough for the machines where I use this. > > I've added https://github.com/curl/curl/issues/9842 So we wait? Index: Makefile === RCS file: /cvs/ports/net/curl/Makefile,v retrieving revision 1.174 diff -u -p -r1.174 Makefile --- Makefile28 Oct 2022 17:59:06 - 1.174 +++ Makefile2 Nov 2022 22:01:08 - @@ -1,6 +1,7 @@ COMMENT= transfer files with FTP, HTTP, HTTPS, etc. DISTNAME= curl-7.86.0 +REVISION= 0 SHARED_LIBS= curl 26.17# 12.0 CATEGORIES=net HOMEPAGE= https://curl.se/ Index: patches/patch-lib_noproxy_c === RCS file: patches/patch-lib_noproxy_c diff -N patches/patch-lib_noproxy_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-lib_noproxy_c 2 Nov 2022 22:01:08 - @@ -0,0 +1,86 @@ +noproxy: also match with adjacent comma +https://github.com/curl/curl/commit/efc286b7a62af0568fdcbf3c68791c9955182128 + +noproxy: fix tail-matching +https://github.com/curl/curl/commit/b830f9ba9e94acf672cd191993ff679fa38b + +Index: lib/noproxy.c +--- lib/noproxy.c.orig lib/noproxy.c +@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char * + } + else { + unsigned int address; ++ namelen = strlen(name); + if(1 == Curl_inet_pton(AF_INET, name, &address)) + type = TYPE_IPV4; +- namelen = strlen(name); ++ else { ++/* ignore trailing dots in the host name */ ++if(name[namelen - 1] == '.') ++ namelen--; ++ } + } + + while(*p) { +@@ -173,12 +178,23 @@ bool Curl_check_noproxy(const char *name, const char * + if(tokenlen) { + switch(type) { + case TYPE_HOST: +- if(*token == '.') { +-++token; +---tokenlen; +-/* tailmatch */ +-match = (tokenlen <= namelen) && +- strncasecompare(token, name + (namelen - tokenlen), namelen); ++ /* ignore trailing dots in the token to check */ ++ if(token[tokenlen - 1] == '.') ++tokenlen--; ++ ++ if(tokenlen && (*token == '.')) { ++/* A: example.com matches '.example.com' ++ B: www.example.com matches '.example.com' ++ C: nonexample.com DOES NOT match '.example.com' ++*/ ++if((tokenlen - 1) == namelen) ++ /* case A, exact match without leading dot */ ++ match = strncasecompare(token + 1, name, namelen); ++else if(tokenlen < namelen) ++ /* case B, tailmatch with leading dot */ ++ match = strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++/* case C passes through, not a match */ + } + else + match = (tokenlen == namelen) && +@@ -188,18 +204,22 @@ bool Curl_check_noproxy(const char *name, const char * + /* FALLTHROUGH */ + case TYPE_IPV6: { + const char *check = token; +- char *slash = strchr(check, '/'); ++ char *slash; + unsigned int bits = 0; + char checkip[128]; ++ if(tokenlen >= sizeof(checkip)) ++/* this cannot match */ ++break; ++ /* copy the check name to a temp buffer */ ++ memcpy(checkip, check, tokenlen); ++ checkip[tokenlen] = 0; ++ check = checkip; ++ ++ slash = strchr(check, '/'); + /* if the slash is part of this token, use it */ +- if(slash && (slash < &check[tokenlen])) { ++ if(slash) { + bits = atoi(slash + 1); +-/* copy the check name to a temp buffer */ +-if(tokenlen >= sizeof(checkip)) +- break; +-memcpy(checkip, check, tokenlen); +-checkip[ slash - check ] = 0; +-check = checkip; ++*slash = 0; /* null terminate there */ + } + if(type == TYPE_IPV6) + match = Curl_cidr6_match(name, check, bits); Index: patches/patch-m4_curl-compilers_m4 === RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v retrieving revision 1.5 diff -u -p -r1.5 patch-m4_curl-compilers_m4 --- patches/patch-m4_curl-compilers_m4 30 Jun 2022 18:11:25 - 1.5 +++ patches/patch-m4_curl-compilers_m4 2 Nov 2022 22:01:08 - @@ -9,7 +9,7 @@ Do not override optimization flags in CF Index: m4/curl-compilers.m4 --- m4/curl-compilers.m4.orig +++ m4/curl-compilers.m4 -@@ -693,7 +693,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMI
Re: unbreak curl no_proxy
On 2022/11/02 02:48, Stuart Henderson wrote: > OK to patch curl to fix no_proxy? > > https://github.com/curl/curl/issues/9821 oh, there's a second commit too, but it's still not enough for the machines where I use this. I've added https://github.com/curl/curl/issues/9842
unbreak curl no_proxy
OK to patch curl to fix no_proxy? https://github.com/curl/curl/issues/9821 Index: Makefile === RCS file: /cvs/ports/net/curl/Makefile,v retrieving revision 1.174 diff -u -p -r1.174 Makefile --- Makefile28 Oct 2022 17:59:06 - 1.174 +++ Makefile2 Nov 2022 02:47:01 - @@ -1,6 +1,7 @@ COMMENT= transfer files with FTP, HTTP, HTTPS, etc. DISTNAME= curl-7.86.0 +REVISION= 0 SHARED_LIBS= curl 26.17# 12.0 CATEGORIES=net HOMEPAGE= https://curl.se/ Index: patches/patch-lib_noproxy_c === RCS file: patches/patch-lib_noproxy_c diff -N patches/patch-lib_noproxy_c --- /dev/null 1 Jan 1970 00:00:00 - +++ patches/patch-lib_noproxy_c 2 Nov 2022 02:47:01 - @@ -0,0 +1,54 @@ +From b830f9ba9e94acf672cd191993ff679fa38b Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Fri, 28 Oct 2022 10:51:49 +0200 +Subject: [PATCH] noproxy: fix tail-matching + +Index: lib/noproxy.c +--- lib/noproxy.c.orig lib/noproxy.c +@@ -149,9 +149,14 @@ bool Curl_check_noproxy(const char *name, const char * + } + else { + unsigned int address; ++ namelen = strlen(name); + if(1 == Curl_inet_pton(AF_INET, name, &address)) + type = TYPE_IPV4; +- namelen = strlen(name); ++ else { ++/* ignore trailing dots in the host name */ ++if(name[namelen - 1] == '.') ++ namelen--; ++ } + } + + while(*p) { +@@ -173,12 +178,23 @@ bool Curl_check_noproxy(const char *name, const char * + if(tokenlen) { + switch(type) { + case TYPE_HOST: +- if(*token == '.') { +-++token; +---tokenlen; +-/* tailmatch */ +-match = (tokenlen <= namelen) && +- strncasecompare(token, name + (namelen - tokenlen), namelen); ++ /* ignore trailing dots in the token to check */ ++ if(token[tokenlen - 1] == '.') ++tokenlen--; ++ ++ if(tokenlen && (*token == '.')) { ++/* A: example.com matches '.example.com' ++ B: www.example.com matches '.example.com' ++ C: nonexample.com DOES NOT match '.example.com' ++*/ ++if((tokenlen - 1) == namelen) ++ /* case A, exact match without leading dot */ ++ match = strncasecompare(token + 1, name, namelen); ++else if(tokenlen < namelen) ++ /* case B, tailmatch with leading dot */ ++ match = strncasecompare(token, name + (namelen - tokenlen), ++ tokenlen); ++/* case C passes through, not a match */ + } + else + match = (tokenlen == namelen) && Index: patches/patch-m4_curl-compilers_m4 === RCS file: /cvs/ports/net/curl/patches/patch-m4_curl-compilers_m4,v retrieving revision 1.5 diff -u -p -r1.5 patch-m4_curl-compilers_m4 --- patches/patch-m4_curl-compilers_m4 30 Jun 2022 18:11:25 - 1.5 +++ patches/patch-m4_curl-compilers_m4 2 Nov 2022 02:47:01 - @@ -9,7 +9,7 @@ Do not override optimization flags in CF Index: m4/curl-compilers.m4 --- m4/curl-compilers.m4.orig +++ m4/curl-compilers.m4 -@@ -693,7 +693,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [ +@@ -695,7 +695,7 @@ AC_DEFUN([CURL_SET_COMPILER_OPTIMIZE_OPTS], [ tmp_options="" tmp_CFLAGS="$CFLAGS" tmp_CPPFLAGS="$CPPFLAGS"