$OpenBSD: patch-lib_url_c,v 1.2 2014/02/03 21:52:14 naddy Exp $

Security fix for CVE-2014-0015: re-use of wrong HTTP NTLM connection
http://curl.haxx.se/docs/adv_20140129.html

--- lib/url.c.orig	Mon Dec 16 23:02:35 2013
+++ lib/url.c	Sun Feb  2 11:57:42 2014
@@ -2886,8 +2886,8 @@ ConnectionExists(struct SessionHandle *data,
   struct connectdata *check;
   struct connectdata *chosen = 0;
   bool canPipeline = IsPipeliningPossible(data, needle);
-  bool wantNTLM = (data->state.authhost.want==CURLAUTH_NTLM) ||
-                  (data->state.authhost.want==CURLAUTH_NTLM_WB) ? TRUE : FALSE;
+  bool wantNTLM = (data->state.authhost.want & CURLAUTH_NTLM) ||
+    (data->state.authhost.want & CURLAUTH_NTLM_WB) ? TRUE : FALSE;
   struct connectbundle *bundle;
 
   *force_reuse = FALSE;
