From 67c3c4460e5d2a6e1cb7c03ba7154c54311b0622 Mon Sep 17 00:00:00 2001
From: Juha Kallioinen <juha.kallioinen@jolla.com>
Date: Wed, 6 Nov 2013 13:26:44 +0000
Subject: [PATCH] Set unrestricted auth option

Signed-off-by: Juha Kallioinen <juha.kallioinen@jolla.com>
---
 libzypp-12.2.0-unrestricted-auth.patch | 14 ++++++++++++++
 libzypp.changes                        |  3 +++
 libzypp.spec                           |  2 ++
 3 files changed, 19 insertions(+)
 create mode 100644 libzypp-12.2.0-unrestricted-auth.patch

diff --git a/libzypp-12.2.0-unrestricted-auth.patch b/libzypp-12.2.0-unrestricted-auth.patch
new file mode 100644
index 0000000..a5a210d
--- /dev/null
+++ b/libzypp-12.2.0-unrestricted-auth.patch
@@ -0,0 +1,14 @@
+diff -Naur a/zypp/media/MediaCurl.cc b/zypp/media/MediaCurl.cc
+--- a/zypp/media/MediaCurl.cc	2012-09-12 12:15:22.000000000 +0300
++++ b/zypp/media/MediaCurl.cc	2013-11-06 01:16:40.147685130 +0200
+@@ -591,6 +591,10 @@
+   // follow any Location: header that the server sends as part of
+   // an HTTP header (#113275)
+   SET_OPTION(CURLOPT_FOLLOWLOCATION, 1L);
++  // send user credentials to all hosts the site may redirect to.
++  // see "man curl" and acknowledge the potential security breach when
++  // using --location-trusted
++  SET_OPTION(CURLOPT_UNRESTRICTED_AUTH, 1L);
+   // 3 redirects seem to be too few in some cases (bnc #465532)
+   SET_OPTION(CURLOPT_MAXREDIRS, 6L);
+ 
diff --git a/libzypp.changes b/libzypp.changes
index 92149de..53a7f8a 100644
--- a/libzypp.changes
+++ b/libzypp.changes
@@ -1,3 +1,6 @@
+* Wed Nov 06 2013 Juha Kallioinen <juha.kallioinen@jolla.com> - 12.2.0
+- set unrestricted auth curl option
+
 * Fri Sep 20 2013 Juha Kallioinen <juha.kallioinen@jollamobile.com> - 12.2.0
 - rework netrc patch to also work in non-interactive client (zypper) mode
 
diff --git a/libzypp.spec b/libzypp.spec
index ba863d7..9c32d36 100644
--- a/libzypp.spec
+++ b/libzypp.spec
@@ -28,6 +28,7 @@ Patch0:         libzypp-11.1.0-remove-timestamp.patch
 Patch1:         use_gpg2.patch
 Patch2:         libzypp-12.2.0-enable-netrc-optional.patch
 Patch3:         tnhl-workaround.patch
+Patch4:         libzypp-12.2.0-unrestricted-auth.patch
 
 %description
 Package, Patch, Pattern, and Product Management
@@ -82,6 +83,7 @@ Authors:
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 mkdir build