Moin,
I've posted my thoughts on a potential solution to this in GitLab:
https://e.as207960.net/w4bdyj/9xhwJKBpklMvCk1U
It'd be great to hear some of your views on this.
Q
--
Any statements contained in this email are personal to the author and are
not necessarily the
The thing with this issue, and their ignorant attitude to it, is that it
is this easy to patch. The if statement that does this could simply be
nested in another that checks for an environment variable, giving users
an option to enable .onion resolution.
diff --git a/lib/hostip.c b/lib/hostip.
Hi Shawn!
On Mon, 13 Nov 2023 at 15:54, Shawn Webb
wrote:
> I agree that infoleaks, especially of .onion DNS requests, is
> problematic. However, I disagree that prohibiting it in broadly
> monocultured libraries (libcurl) is an advisable approach.
>
If Curl is outright banning ".onion" at the
On Mon, Nov 13, 2023 at 03:01:15PM +, Alec Muffett wrote:
> Hi! I'm one of the authors of RFC 7686.
>
> Although myself and Appelbaum[1] are cited on it, the document is the
> result of a huge amount of argument and input from many people (shout out
> to Mark Nottingham most especially, whom I
Hi! I'm one of the authors of RFC 7686.
Although myself and Appelbaum[1] are cited on it, the document is the
result of a huge amount of argument and input from many people (shout out
to Mark Nottingham most especially, whom I feel should have gotten an
author credit) on various IETF maillists, an
On Sun, Nov 05, 2023 at 12:57:40AM +, kaizu...@cock.li wrote:
> They blatantly don't care and deny the issue, and don't care that it breaks
> a feature Tor has had for over a decade. They respond with fallacies and
> irrational garbage. They don't acknowledge that an environment variable
> woul
On 2023-11-03 16:29, rhatto wrote:
On Thu, Sep 14, 2023 at 08:22:22PM +1000, Matt Jolly wrote:
I recently inadvertently opened a much larger can of worms than I'd
intended when fixing a bug reported downstream where cURL would,
when configured with certain DNS backends, fail to resolve .onion
ad
On Thu, Sep 14, 2023 at 08:22:22PM +1000, Matt Jolly wrote:
> I recently inadvertently opened a much larger can of worms than I'd
> intended when fixing a bug reported downstream where cURL would,
> when configured with certain DNS backends, fail to resolve .onion
> addresses.
>
> [...]
Hi Matt,
Hello Everyone,
I recently inadvertently opened a much larger can of worms than I'd
intended when fixing a bug reported downstream where cURL would,
when configured with certain DNS backends, fail to resolve .onion
addresses.
https://bugs.gentoo.org/887287
After doing some digging I discovered tha
