new file mode 100644
@@ -0,0 +1,73 @@
+From 5f13a7645e565c5c1a06f3ef86e97afb856fb364 Mon Sep 17 00:00:00 2001
+From: Stefan Eissing <stefan@eissing.org>
+Date: Fri, 6 Mar 2026 14:54:09 +0100
+Subject: [PATCH] proxy-auth: additional tests
+
+Also eliminate the special handling for socks proxy match.
+
+Closes #20837
+
+Upstream-Status: Backport [https://github.com/curl/curl/commit/5f13a7645e565c5c1a06f3]
+Backported by Ubuntu team https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1ubuntu1.23/curl_7.81.0-1ubuntu1.23.debian.tar.xz
+
+CVE: CVE-2026-3784
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ lib/url.c | 28 +++++++---------------------
+ tests/http/test_13_proxy_auth.py | 20 ++++++++++++++++++++
+ tests/http/testenv/curl.py | 18 +++++++++++++++---
+ 3 files changed, 42 insertions(+), 24 deletions(-)
+
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -930,33 +930,15 @@ proxy_info_matches(const struct proxy_in
+ {
+ if((data->proxytype == needle->proxytype) &&
+ (data->port == needle->port) &&
+- Curl_safe_strcasecompare(data->host.name, needle->host.name))
+- return TRUE;
++ curl_strequal(data->host.name, needle->host.name)) {
+
++ if(Curl_timestrcmp(data->user, needle->user) ||
++ Curl_timestrcmp(data->passwd, needle->passwd))
++ return FALSE;
++ return TRUE;
++ }
+ return FALSE;
+ }
+-
+-static bool
+-socks_proxy_info_matches(const struct proxy_info *data,
+- const struct proxy_info *needle)
+-{
+- if(!proxy_info_matches(data, needle))
+- return FALSE;
+-
+- /* the user information is case-sensitive
+- or at least it is not defined as case-insensitive
+- see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 */
+-
+- /* curl_strequal does a case insentive comparison, so do not use it here! */
+- if(Curl_timestrcmp(data->user, needle->user) ||
+- Curl_timestrcmp(data->passwd, needle->passwd))
+- return FALSE;
+- return TRUE;
+-}
+-#else
+-/* disabled, won't get called */
+-#define proxy_info_matches(x,y) FALSE
+-#define socks_proxy_info_matches(x,y) FALSE
+ #endif
+
+ /* A connection has to have been idle for a shorter time than 'maxage_conn'
+@@ -1282,8 +1264,8 @@ ConnectionExists(struct Curl_easy *data,
+ continue;
+
+ if(needle->bits.socksproxy &&
+- !socks_proxy_info_matches(&needle->socks_proxy,
+- &check->socks_proxy))
++ !proxy_info_matches(&needle->socks_proxy,
++ &check->socks_proxy))
+ continue;
+ #endif
+ if(needle->bits.conn_to_host != check->bits.conn_to_host)
@@ -75,6 +75,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \
file://CVE-2026-1965-2.patch \
file://CVE-2026-3783-pre1.patch \
file://CVE-2026-3783.patch \
+ file://CVE-2026-3784.patch \
"
SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c"