Date: Sun, 5 Sep 2010 09:50:15 +0800 (CST) From: Joe Horn <joehorn@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: vd@FreeBSD.org Subject: ports/150293: [PATCH] ftp/wget: Security fix for CVE-2010-2252 Message-ID: <20100905015015.52D294DFC24@Leo.mi.chu.edu.tw> Resent-Message-ID: <201009050200.o8520CUE077758@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 150293 >Category: ports >Synopsis: [PATCH] ftp/wget: Security fix for CVE-2010-2252 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Sep 05 02:00:11 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Joe Horn >Release: FreeBSD 8.1-RELEASE amd64 >Organization: Taiwanese User >Environment: System: FreeBSD joehorn.idv.tw 8.1-RELEASE FreeBSD 8.1-RELEASE #2: Tue Jul 20 22:36:33 CST 2010 >Description: * Security fix for CVE-2010-2252 Ref: http://lists.gnu.org/archive/html/bug-wget/2010-07/msg00076.html * Bump PORTREVISION * Added file(s): - files/patch-NEWS - files/patch-doc_wget.texi - files/patch-src__ChangeLog - files/patch-src__http.c - files/patch-src__http.h - files/patch-src__init.c - files/patch-src__main.c - files/patch-src__options.h - files/patch-src__retr.c Port maintainer (vd@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.99 >How-To-Repeat: >Fix: --- wget-1.12_2.patch begins here --- diff -ruN --exclude=CVS /usr/ports/ftp/wget/Makefile /home/admin/joehorn/wget/Makefile --- /usr/ports/ftp/wget/Makefile 2010-06-04 16:09:18.000000000 +0800 +++ /home/admin/joehorn/wget/Makefile 2010-09-05 08:18:20.000000000 +0800 @@ -7,7 +7,7 @@ PORTNAME= wget DISTVERSION= 1.12 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= ftp www ipv6 MASTER_SITES= ${MASTER_SITE_GNU} MASTER_SITE_SUBDIR= wget diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-NEWS /home/admin/joehorn/wget/files/patch-NEWS --- /usr/ports/ftp/wget/files/patch-NEWS 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-NEWS 2010-09-05 09:04:12.000000000 +0800 @@ -0,0 +1,12 @@ +--- NEWS.orig 2010-09-05 09:02:34.000000000 +0800 ++++ NEWS 2010-09-05 09:03:05.000000000 +0800 +@@ -6,6 +6,9 @@ + + Please send GNU Wget bug reports to <bug-wget@gnu.org>. + ++** By default, on server redirects, use the original URL to get the ++ local file name. Close CVE-2010-2252. ++ + * Changes in Wget 1.12 + + ** Mailing list MOVED to bug-wget@gnu.org diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-doc_wget.texi /home/admin/joehorn/wget/files/patch-doc_wget.texi --- /usr/ports/ftp/wget/files/patch-doc_wget.texi 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-doc_wget.texi 2010-09-05 09:34:47.000000000 +0800 @@ -0,0 +1,27 @@ +--- doc/wget.texi.orig 2009-09-05 05:22:04.000000000 +0800 ++++ doc/wget.texi 2010-09-05 09:33:57.000000000 +0800 +@@ -1487,6 +1487,13 @@ + @code{Content-Disposition} headers to describe what the name of a + downloaded file should be. + ++@cindex Trust server names ++@item --trust-server-names ++ ++If this is set to on, on a redirect the last component of the ++redirection URL will be used as the local file name. By default it is ++used the last component in the original URL. ++ + @cindex authentication + @item --auth-no-challenge + +@@ -2799,6 +2806,10 @@ + Turn on recognition of the (non-standard) @samp{Content-Disposition} + HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}. + ++@item trust_server_names = on/off ++If set to on, use the last component of a redirection URL for the local ++file name. ++ + @item continue = on/off + If set to on, force continuation of preexistent partially retrieved + files. See @samp{-c} before setting it. diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__ChangeLog /home/admin/joehorn/wget/files/patch-src__ChangeLog --- /usr/ports/ftp/wget/files/patch-src__ChangeLog 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__ChangeLog 2010-09-05 09:10:03.000000000 +0800 @@ -0,0 +1,21 @@ +--- src/ChangeLog.orig 2010-09-05 09:08:31.000000000 +0800 ++++ src/ChangeLog 2010-09-05 09:09:32.000000000 +0800 +@@ -1,3 +1,18 @@ ++2010-07-28 Giuseppe Scrivano <address@hidden> ++ ++ * http.h (http_loop): Add new argument `original_url' ++ * http.c (http_loop): Add new argument `original_url'. Use ++ `original_url' to get a filename if `trustservernames' is false. ++ ++ * init.c (commands): Add "trustservernames". ++ ++ * options.h (library): Add variable `trustservernames'. ++ ++ * main.c (option_data): Add trust-server-names. ++ (print_help): Describe --trust-server-names. ++ ++ * retr.c (retrieve_url): Pass new argument to `http_loop'. ++ + 2009-09-22 Micah Cowan <micah@cowan.name> + + * openssl.c (ssl_check_certificate): Avoid reusing the same buffer diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__http.c /home/admin/joehorn/wget/files/patch-src__http.c --- /usr/ports/ftp/wget/files/patch-src__http.c 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__http.c 2010-09-05 09:14:48.000000000 +0800 @@ -0,0 +1,33 @@ +--- src/http.c.orig 2010-09-05 09:10:47.000000000 +0800 ++++ src/http.c 2010-09-05 09:14:13.000000000 +0800 +@@ -2410,8 +2410,9 @@ + /* The genuine HTTP loop! This is the part where the retrieval is + retried, and retried, and retried, and... */ + uerr_t +-http_loop (struct url *u, char **newloc, char **local_file, const char *referer, +- int *dt, struct url *proxy, struct iri *iri) ++http_loop (struct url *u, struct url *original_url, char **newloc, ++ char **local_file, const char *referer, int *dt, struct url *proxy, ++ struct iri *iri) + { + int count; + bool got_head = false; /* used for time-stamping and filename detection */ +@@ -2457,7 +2458,8 @@ + } + else if (!opt.content_disposition) + { +- hstat.local_file = url_file_name (u); ++ hstat.local_file = ++ url_file_name (opt.trustservernames ? u : original_url); + got_name = true; + } + +@@ -2497,7 +2499,7 @@ + + /* Send preliminary HEAD request if -N is given and we have an existing + * destination file. */ +- file_name = url_file_name (u); ++ file_name = url_file_name (opt.trustservernames ? u : original_url); + if (opt.timestamping + && !opt.content_disposition + && file_exists_p (file_name)) diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__http.h /home/admin/joehorn/wget/files/patch-src__http.h --- /usr/ports/ftp/wget/files/patch-src__http.h 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__http.h 2010-09-05 08:50:28.000000000 +0800 @@ -0,0 +1,13 @@ +--- src/http.h.orig 2010-09-05 08:46:50.000000000 +0800 ++++ src/http.h 2010-09-05 08:48:09.000000000 +0800 +@@ -33,8 +33,8 @@ + + struct url; + +-uerr_t http_loop (struct url *, char **, char **, const char *, int *, +- struct url *, struct iri *); ++uerr_t http_loop (struct url *, struct url *, char **, char **, const char *, ++ int *, struct url *, struct iri *); + void save_cookies (void); + void http_cleanup (void); + time_t http_atotm (const char *); diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__init.c /home/admin/joehorn/wget/files/patch-src__init.c --- /usr/ports/ftp/wget/files/patch-src__init.c 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__init.c 2010-09-05 09:18:20.000000000 +0800 @@ -0,0 +1,10 @@ +--- src/init.c.orig 2010-09-05 09:16:42.000000000 +0800 ++++ src/init.c 2010-09-05 09:17:35.000000000 +0800 +@@ -243,6 +243,7 @@ + { "timeout", NULL, cmd_spec_timeout }, + { "timestamping", &opt.timestamping, cmd_boolean }, + { "tries", &opt.ntry, cmd_number_inf }, ++ { "trustservernames", &opt.trustservernames, cmd_boolean }, + { "useproxy", &opt.use_proxy, cmd_boolean }, + { "user", &opt.user, cmd_string }, + { "useragent", NULL, cmd_spec_useragent }, diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__main.c /home/admin/joehorn/wget/files/patch-src__main.c --- /usr/ports/ftp/wget/files/patch-src__main.c 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__main.c 2010-09-05 09:22:24.000000000 +0800 @@ -0,0 +1,19 @@ +--- src/main.c.orig 2010-09-05 09:18:44.000000000 +0800 ++++ src/main.c 2010-09-05 09:21:33.000000000 +0800 +@@ -266,6 +266,7 @@ + { "timeout", 'T', OPT_VALUE, "timeout", -1 }, + { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 }, + { "tries", 't', OPT_VALUE, "tries", -1 }, ++ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 }, + { "user", 0, OPT_VALUE, "user", -1 }, + { "user-agent", 'U', OPT_VALUE, "useragent", -1 }, + { "verbose", 'v', OPT_BOOLEAN, "verbose", -1 }, +@@ -675,6 +676,8 @@ + N_("\ + -I, --include-directories=LIST list of allowed directories.\n"), + N_("\ ++ --trust-server-names use the name specified by the redirection url last component.\n"), ++ N_("\ + -X, --exclude-directories=LIST list of excluded directories.\n"), + N_("\ + -np, --no-parent don't ascend to the parent directory.\n"), diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__options.h /home/admin/joehorn/wget/files/patch-src__options.h --- /usr/ports/ftp/wget/files/patch-src__options.h 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__options.h 2010-09-05 09:23:47.000000000 +0800 @@ -0,0 +1,10 @@ +--- src/options.h.orig 2010-09-05 09:22:48.000000000 +0800 ++++ src/options.h 2010-09-05 09:23:12.000000000 +0800 +@@ -242,6 +242,7 @@ + char *encoding_remote; + char *locale; + ++ bool trustservernames; + #ifdef __VMS + int ftp_stmlf; /* Force Stream_LF format for binary FTP. */ + #endif /* def __VMS */ diff -ruN --exclude=CVS /usr/ports/ftp/wget/files/patch-src__retr.c /home/admin/joehorn/wget/files/patch-src__retr.c --- /usr/ports/ftp/wget/files/patch-src__retr.c 1970-01-01 08:00:00.000000000 +0800 +++ /home/admin/joehorn/wget/files/patch-src__retr.c 2010-09-05 08:52:40.000000000 +0800 @@ -0,0 +1,12 @@ +--- src/retr.c.orig 2010-09-05 08:51:29.000000000 +0800 ++++ src/retr.c 2010-09-05 08:52:15.000000000 +0800 +@@ -689,7 +689,8 @@ + #endif + || (proxy_url && proxy_url->scheme == SCHEME_HTTP)) + { +- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri); ++ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt, ++ proxy_url, iri); + } + else if (u->scheme == SCHEME_FTP) + { --- wget-1.12_2.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100905015015.52D294DFC24>