--- a/components/curl/patches/015-CVE-2014-3613-part2.patch Fri Apr 10 18:00:20 2015 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-From ceab2ea8f0c0fc4c4be219240ccf99ddc2de7b22 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <[email protected]>
-Date: Tue, 19 Aug 2014 21:11:20 +0200
-Subject: [PATCH 2/2] cookies: reject incoming cookies set for TLDs
-
-Test 61 was modified to verify this.
-
-Reported-by: Tim Ruehsen
----
- lib/cookie.c | 6 ++++++
- tests/data/test61 | 1 +
- 2 files changed, 7 insertions(+)
-
-This problem has been fixed upstream in curl version 7.38.0
-
---- lib/cookie.c.orig 2014-09-04 10:48:44.170722741 -0700
-+++ lib/cookie.c 2014-09-04 10:44:28.980086252 -0700
-@@ -303,6 +303,7 @@
- }
- else if(Curl_raw_equal("domain", name)) {
- bool is_ip;
-+ const char *dotp;
-
- /* note that this name may or may not have a preceeding dot, but
- we don't care about that, we treat the names the same anyway */
-@@ -347,6 +348,11 @@
-
- is_ip = isip(domain ? domain : whatptr);
-
-+ /* check for more dots */
-+ dotp = strchr(whatptr, '.');
-+ if(!dotp)
-+ domain=":";
-+
- if(!domain
- || (is_ip && !strcmp(whatptr, domain))
- || (!is_ip && tailmatch(whatptr, domain))) {
---- tests/data/test61.orig 2014-09-04 10:50:40.756783312 -0700
-+++ tests/data/test61 2014-09-04 10:53:06.461671210 -0700
-@@ -22,6 +22,8 @@
- Set-Cookie: test3=maybe; domain=foo.com; path=/moo; secure
- Set-Cookie: test4=no; domain=nope.foo.com; path=/moo; secure
- Set-Cookie: test5=name; domain=anything.com; path=/ ; secure
-+Set-Cookie: fake=fooledyou; domain=..com; path=/;
-+Set-Cookie: supercookie=fooledyou; domain=.com; path=/;
- Content-Length: 4
-
- boo