Commit dcb1288c authored by Natanael Copa's avatar Natanael Copa
Browse files

main/wget: security fix (CVE-2010-2252)

fixes #768
(cherry picked from commit 0492cb45)

Conflicts:

	main/wget/APKBUILD
parent 159f49ad
......@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter at gmail>
pkgname=wget
pkgver=1.12
pkgrel=2
pkgrel=3
pkgdesc="A network utility to retrieve files from the Web"
url="http://www.gnu.org/software/wget/wget.html"
license="GPL3"
......@@ -10,7 +10,17 @@ depends=
makedepends="openssl-dev"
subpackages="$pkgname-doc"
install="wget.post-deinstall"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
wget-1.12-CVE-2010-2252.patch"
prepare() {
cd "$srcdir"/$pkgname-$pkgver
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
esac
done
}
build() {
cd "$srcdir/$pkgname-$pkgver"
......@@ -21,7 +31,12 @@ build() {
--infodir=/usr/share/info \
--disable-nls
make || return 1
}
package() {
cd "$srcdir/$pkgname-$pkgver"
make DESTDIR="$pkgdir" install
}
md5sums="141461b9c04e454dc8933c9d1f2abf83 wget-1.12.tar.gz"
md5sums="141461b9c04e454dc8933c9d1f2abf83 wget-1.12.tar.gz
03d0dc81b22dea62ddcd8409906cb685 wget-1.12-CVE-2010-2252.patch"
http://bugs.gentoo.org/329941
based on upstream commit, but tweaked to work with wget-1.12 and
remove useless style changes
------------------------------------------------------------
revno: 2409
committer: Giuseppe Scrivano <gscrivano@gnu.org>
branch nick: wget
timestamp: Wed 2010-07-28 21:22:22 +0200
message:
Introduce --trust-server-names. Close CVE-2010-2252.
diff:
NEWS:
** By default, on server redirects, use the original URL to get the
local file name. Close CVE-2010-2252.
ChangeLog:
2010-07-28 Giuseppe Scrivano <gscrivano@gnu.org>
* http.h (http_loop): Add new argument `original_url'
* http.c (http_loop): Add new argument `original_url'. Use
`original_url' to get a filename if `trustservernames' is false.
* init.c (commands): Add "trustservernames".
* options.h (library): Add variable `trustservernames'.
* main.c (option_data): Add trust-server-names.
(print_help): Describe --trust-server-names.
* retr.c (retrieve_url): Pass new argument to `http_loop'.
=== modified file 'doc/wget.texi'
--- ./doc/wget.texi 2010-05-27 10:45:15 +0000
+++ ./doc/wget.texi 2010-07-28 19:22:22 +0000
@@ -1498,6 +1498,13 @@
@code{Content-Disposition} headers to describe what the name of a
downloaded file should be.
+@cindex Trust server names
+@item --trust-server-names
+
+If this is set to on, on a redirect the last component of the
+redirection URL will be used as the local file name. By default it is
+used the last component in the original URL.
+
@cindex authentication
@item --auth-no-challenge
@@ -2810,6 +2817,10 @@
Turn on recognition of the (non-standard) @samp{Content-Disposition}
HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
+@item trust_server_names = on/off
+If set to on, use the last component of a redirection URL for the local
+file name.
+
@item continue = on/off
If set to on, force continuation of preexistent partially retrieved
files. See @samp{-c} before setting it.
=== modified file 'src/http.c'
--- ./src/http.c 2010-07-20 17:42:13 +0000
+++ ./src/http.c 2010-07-28 19:22:22 +0000
@@ -2593,8 +2593,9 @@
/* The genuine HTTP loop! This is the part where the retrieval is
retried, and retried, and retried, and... */
uerr_t
-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
- int *dt, struct url *proxy, struct iri *iri)
+http_loop (struct url *u, struct url *original_url, char **newloc,
+ char **local_file, const char *referer, int *dt, struct url *proxy,
+ struct iri *iri)
{
int count;
bool got_head = false; /* used for time-stamping and filename detection */
@@ -2641,7 +2642,8 @@
}
else if (!opt.content_disposition)
{
- hstat.local_file = url_file_name (u);
+ hstat.local_file =
+ url_file_name (opt.trustservernames ? u : original_url);
got_name = true;
}
@@ -2679,7 +2681,7 @@
/* Send preliminary HEAD request if -N is given and we have an existing
* destination file. */
- file_name = url_file_name (u);
+ file_name = url_file_name (opt.trustservernames ? u : original_url);
if (opt.timestamping
&& !opt.content_disposition
&& file_exists_p (file_name))
=== modified file 'src/http.h'
--- ./src/http.h 2010-05-08 19:56:15 +0000
+++ ./src/http.h 2010-07-28 19:22:22 +0000
@@ -33,8 +33,8 @@
struct url;
-uerr_t http_loop (struct url *, char **, char **, const char *, int *,
- struct url *, struct iri *);
+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
+ int *, struct url *, struct iri *);
void save_cookies (void);
void http_cleanup (void);
time_t http_atotm (const char *);
=== modified file 'src/init.c'
--- ./src/init.c 2010-05-08 19:56:15 +0000
+++ ./src/init.c 2010-07-28 19:22:22 +0000
@@ -252,6 +252,7 @@
{ "timeout", NULL, cmd_spec_timeout },
{ "timestamping", &opt.timestamping, cmd_boolean },
{ "tries", &opt.ntry, cmd_number_inf },
+ { "trustservernames", &opt.trustservernames, cmd_boolean },
{ "useproxy", &opt.use_proxy, cmd_boolean },
{ "user", &opt.user, cmd_string },
{ "useragent", NULL, cmd_spec_useragent },
=== modified file 'src/main.c'
--- ./src/main.c 2010-06-20 10:10:35 +0000
+++ ./src/main.c 2010-07-28 19:22:22 +0000
@@ -266,5 +266,6 @@
{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
{ "tries", 't', OPT_VALUE, "tries", -1 },
+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
{ "user", 0, OPT_VALUE, "user", -1 },
{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
@@ -680,6 +681,8 @@
N_("\
-I, --include-directories=LIST list of allowed directories.\n"),
N_("\
+ --trust-server-names use the name specified by the redirection url last component.\n"),
+ N_("\
-X, --exclude-directories=LIST list of excluded directories.\n"),
N_("\
-np, --no-parent don't ascend to the parent directory.\n"),
=== modified file 'src/options.h'
--- ./src/options.h 2010-05-08 19:56:15 +0000
+++ ./src/options.h 2010-07-28 19:22:22 +0000
@@ -242,6 +242,7 @@
char *encoding_remote;
char *locale;
+ bool trustservernames;
#ifdef __VMS
int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
#endif /* def __VMS */
=== modified file 'src/retr.c'
--- ./src/retr.c 2010-05-08 19:56:15 +0000
+++ ./src/retr.c 2010-07-28 19:22:22 +0000
@@ -731,7 +731,8 @@
#endif
|| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
{
- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
+ proxy_url, iri);
}
else if (u->scheme == SCHEME_FTP)
{
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment