# HG changeset patch
# User Rich Burridge <rich.burridge@oracle.com>
# Date 1384528452 28800
# Node ID 3754a17bfb14d5eaa88cc620cedc1358bf6d9d93
# Parent  a35bff6c7563c8bcf625ec28dc2fe035f435f8b2
17799440 problem in LIBRARY/CURL

diff -r a35bff6c7563 -r 3754a17bfb14 components/curl/patches/010-CVE-2013-4545.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/curl/patches/010-CVE-2013-4545.patch	Fri Nov 15 07:14:12 2013 -0800
@@ -0,0 +1,21 @@
+CVE-2013-4545: Setting only CURLOPT_SSL_VERIFYHOST without 
+CURLOPT_SSL_VERIFYPEER set should still verify that the host 
+name fields in the server certificate is fine or return failure.
+
+Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
+Reported-by: Ishan SinghLevett
+
+Relevant upstream patch at:
+https://github.com/bagder/curl/commit/3c3622b6
+
+--- lib/ssluse.c.orig	2013-11-14 15:22:45.714764527 -0800
++++ lib/ssluse.c	2013-11-14 15:25:10.416516780 -0800
+@@ -2471,7 +2471,7 @@
+    * operations.
+    */
+ 
+-  if(!data->set.ssl.verifypeer)
++  if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
+     (void)servercert(conn, connssl, FALSE);
+   else
+     retcode = servercert(conn, connssl, TRUE);