# HG changeset patch
# User Rich Burridge <rich.burridge@oracle.com>
# Date 1420839077 28800
# Node ID 70f156a8291059ea6b17b5ea5594403beb7090f8
# Parent  4f3b656821cd7ce3451a9d8b73cfb7de0e21b52d
20306105 problem in LIBRARY/CURL

diff -r 4f3b656821cd -r 70f156a82910 components/curl/patches/018-CVE-2014-8150.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/curl/patches/018-CVE-2014-8150.patch	Fri Jan 09 13:31:17 2015 -0800
@@ -0,0 +1,29 @@
+From 4e2ac2afa94f014a2a015c48c678e2367a63ae82 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 25 Dec 2014 23:55:03 +0100
+Subject: [PATCH] url-parsing: reject CRLFs within URLs
+
+Bug: http://curl.haxx.se/docs/adv_20150108B.html
+Reported-by: Andrey Labunets
+---
+ lib/url.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+This fix is already available upstream in curl version 7.40.0
+
+--- lib/url.c.orig	2015-01-05 17:12:46.302124082 -0800
++++ lib/url.c	2015-01-05 17:13:15.299976184 -0800
+@@ -3545,6 +3545,13 @@
+ 
+   *prot_missing = FALSE;
+ 
++  /* We might pass the entire URL into the request so we need to make sure
++   * there are no bad characters in there.*/ 
++  if(strpbrk(data->change.url, "\r\n")) {
++    failf(data, "Illegal characters found in URL");
++    return CURLE_URL_MALFORMAT;
++  }
++
+   /*************************************************************
+    * Parse the URL.
+    *