net-misc/wget/files/wget-1.12-CVE-2010-2252.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 http://bugs.gentoo.org/329941

 based on upstream commit, but tweaked to work with wget-1.12 and
 remove useless style changes

 ------------------------------------------------------------
 revno: 2409
 committer: Giuseppe Scrivano <gscrivano@gnu.org>
 branch nick: wget
 timestamp: Wed 2010-07-28 21:22:22 +0200
 message:
   Introduce --trust-server-names.  Close CVE-2010-2252.
 diff:

 NEWS:
 ** By default, on server redirects, use the original URL to get the
    local file name. Close CVE-2010-2252.

 ChangeLog:
 2010-07-28  Giuseppe Scrivano  <gscrivano@gnu.org>

 	* http.h (http_loop): Add new argument `original_url'
 	* http.c (http_loop): Add new argument `original_url'.  Use
 	`original_url' to get a filename if `trustservernames' is false.

 	* init.c (commands): Add "trustservernames".

 	* options.h (library): Add variable `trustservernames'.

 	* main.c (option_data): Add trust-server-names.
 	(print_help): Describe --trust-server-names.

 	* retr.c (retrieve_url): Pass new argument to `http_loop'.

 === modified file 'doc/wget.texi'
 --- doc/wget.texi	2010-05-27 10:45:15 +0000
 +++ doc/wget.texi	2010-07-28 19:22:22 +0000
 @@ -1498,6 +1498,13 @@
  @code{Content-Disposition} headers to describe what the name of a
  downloaded file should be.

 +@cindex Trust server names
 +@item --trust-server-names
 +
 +If this is set to on, on a redirect the last component of the
 +redirection URL will be used as the local file name.  By default it is
 +used the last component in the original URL.
 +
  @cindex authentication
  @item --auth-no-challenge

 @@ -2810,6 +2817,10 @@
  Turn on recognition of the (non-standard) @samp{Content-Disposition}
  HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.

 +@item trust_server_names = on/off
 +If set to on, use the last component of a redirection URL for the local
 +file name.
 +
  @item continue = on/off
  If set to on, force continuation of preexistent partially retrieved
  files.  See @samp{-c} before setting it.

 === modified file 'src/http.c'
 --- src/http.c	2010-07-20 17:42:13 +0000
 +++ src/http.c	2010-07-28 19:22:22 +0000
 @@ -2593,8 +2593,9 @@
  /* The genuine HTTP loop!  This is the part where the retrieval is
     retried, and retried, and retried, and...  */
  uerr_t
 -http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
 -           int *dt, struct url *proxy, struct iri *iri)
 +http_loop (struct url *u, struct url *original_url, char **newloc,
 +           char **local_file, const char *referer, int *dt, struct url *proxy,
 +           struct iri *iri)
  {
    int count;
    bool got_head = false;         /* used for time-stamping and filename detection */
 @@ -2641,7 +2642,8 @@
      }
    else if (!opt.content_disposition)
      {
 -      hstat.local_file = url_file_name (u);
 +      hstat.local_file =
 +        url_file_name (opt.trustservernames ? u : original_url);
        got_name = true;
      }

 @@ -2679,7 +2681,7 @@

    /* Send preliminary HEAD request if -N is given and we have an existing
     * destination file. */
 -  file_name = url_file_name (u);
 +  file_name = url_file_name (opt.trustservernames ? u : original_url);
    if (opt.timestamping
        && !opt.content_disposition
        && file_exists_p (file_name))
 === modified file 'src/http.h'
 --- src/http.h	2010-05-08 19:56:15 +0000
 +++ src/http.h	2010-07-28 19:22:22 +0000
 @@ -33,8 +33,8 @@

  struct url;

 -uerr_t http_loop (struct url *, char **, char **, const char *, int *,
 -		  struct url *, struct iri *);
 +uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,
 +                  int *, struct url *, struct iri *);
  void save_cookies (void);
  void http_cleanup (void);
  time_t http_atotm (const char *);

 === modified file 'src/init.c'
 --- src/init.c	2010-05-08 19:56:15 +0000
 +++ src/init.c	2010-07-28 19:22:22 +0000
 @@ -252,6 +252,7 @@
    { "timeout",          NULL,                   cmd_spec_timeout },
    { "timestamping",     &opt.timestamping,      cmd_boolean },
    { "tries",            &opt.ntry,              cmd_number_inf },
 +  { "trustservernames", &opt.trustservernames,  cmd_boolean },
    { "useproxy",         &opt.use_proxy,         cmd_boolean },
    { "user",             &opt.user,              cmd_string },
    { "useragent",        NULL,                   cmd_spec_useragent },

 === modified file 'src/main.c'
 --- src/main.c	2010-06-20 10:10:35 +0000
 +++ src/main.c	2010-07-28 19:22:22 +0000
 @@ -266,5 +266,6 @@
      { "timeout", 'T', OPT_VALUE, "timeout", -1 },
      { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
      { "tries", 't', OPT_VALUE, "tries", -1 },
 +    { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
      { "user", 0, OPT_VALUE, "user", -1 },
      { "user-agent", 'U', OPT_VALUE, "useragent", -1 },
 @@ -680,6 +681,8 @@
      N_("\
    -I,  --include-directories=LIST  list of allowed directories.\n"),
      N_("\
 +       --trust-server-names        use the name specified by the redirection url last component.\n"),
 +    N_("\
    -X,  --exclude-directories=LIST  list of excluded directories.\n"),
      N_("\
    -np, --no-parent                 don't ascend to the parent directory.\n"),

 === modified file 'src/options.h'
 --- src/options.h	2010-05-08 19:56:15 +0000
 +++ src/options.h	2010-07-28 19:22:22 +0000
 @@ -242,6 +242,7 @@
    char *encoding_remote;
    char *locale;

 +  bool trustservernames;
  #ifdef __VMS
    int ftp_stmlf;                /* Force Stream_LF format for binary FTP. */
  #endif /* def __VMS */

 === modified file 'src/retr.c'
 --- src/retr.c	2010-05-08 19:56:15 +0000
 +++ src/retr.c	2010-07-28 19:22:22 +0000
 @@ -731,7 +731,8 @@
  #endif
        || (proxy_url && proxy_url->scheme == SCHEME_HTTP))
      {
 -      result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
 +      result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
 +                          proxy_url, iri);
      }
    else if (u->scheme == SCHEME_FTP)
      {

 make sure tests pass after this change
 https://bugs.gentoo.org/333965
 https://savannah.gnu.org/bugs/index.php?30841

 --- tests/Test-iri-forced-remote.px
 +++ tests/Test-iri-forced-remote.px
 @@ -174,7 +174,7 @@ my %urls = (
      },
  );

 -my $cmdline = $WgetTest::WGETPATH . " --iri --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";
 +my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";

  my $expected_error_code = 0;

 --- tests/Test-iri-list.px
 +++ tests/Test-iri-list.px
 @@ -143,7 +143,7 @@ my %urls = (
      },
  );

 -my $cmdline = $WgetTest::WGETPATH . " --iri -i http://localhost:{{port}}/url_list.txt";
 +my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names -i http://localhost:{{port}}/url_list.txt";

  my $expected_error_code = 0;

 --- tests/Test-iri.px
 +++ tests/Test-iri.px
 @@ -186,7 +186,7 @@ my %urls = (
      },
  );

 -my $cmdline = $WgetTest::WGETPATH . " --iri --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";
 +my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";

  my $expected_error_code = 0;
	http://bugs.gentoo.org/329941

	based on upstream commit, but tweaked to work with wget-1.12 and
	remove useless style changes

	------------------------------------------------------------
	revno: 2409
	committer: Giuseppe Scrivano <gscrivano@gnu.org>
	branch nick: wget
	timestamp: Wed 2010-07-28 21:22:22 +0200
	message:
	Introduce --trust-server-names. Close CVE-2010-2252.
	diff:

	NEWS:
	** By default, on server redirects, use the original URL to get the
	local file name. Close CVE-2010-2252.

	ChangeLog:
	2010-07-28 Giuseppe Scrivano <gscrivano@gnu.org>

	* http.h (http_loop): Add new argument `original_url'
	* http.c (http_loop): Add new argument `original_url'. Use
	`original_url' to get a filename if `trustservernames' is false.

	* init.c (commands): Add "trustservernames".

	* options.h (library): Add variable `trustservernames'.

	* main.c (option_data): Add trust-server-names.
	(print_help): Describe --trust-server-names.

	* retr.c (retrieve_url): Pass new argument to `http_loop'.

	=== modified file 'doc/wget.texi'
	--- doc/wget.texi 2010-05-27 10:45:15 +0000
	+++ doc/wget.texi 2010-07-28 19:22:22 +0000
	@@ -1498,6 +1498,13 @@
	@code{Content-Disposition} headers to describe what the name of a
	downloaded file should be.

	+@cindex Trust server names
	+@item --trust-server-names
	+
	+If this is set to on, on a redirect the last component of the
	+redirection URL will be used as the local file name. By default it is
	+used the last component in the original URL.
	+
	@cindex authentication
	@item --auth-no-challenge

	@@ -2810,6 +2817,10 @@
	Turn on recognition of the (non-standard) @samp{Content-Disposition}
	HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.

	+@item trust_server_names = on/off
	+If set to on, use the last component of a redirection URL for the local
	+file name.
	+
	@item continue = on/off
	If set to on, force continuation of preexistent partially retrieved
	files. See @samp{-c} before setting it.

	=== modified file 'src/http.c'
	--- src/http.c 2010-07-20 17:42:13 +0000
	+++ src/http.c 2010-07-28 19:22:22 +0000
	@@ -2593,8 +2593,9 @@
	/* The genuine HTTP loop! This is the part where the retrieval is
	retried, and retried, and retried, and... */
	uerr_t
	-http_loop (struct url u, char newloc, char local_file, const char referer,
	- int dt, struct url proxy, struct iri *iri)
	+http_loop (struct url u, struct url original_url, char **newloc,
	+ char *local_file, const char referer, int dt, struct url proxy,
	+ struct iri *iri)
	{
	int count;
	bool got_head = false; /* used for time-stamping and filename detection */
	@@ -2641,7 +2642,8 @@
	}
	else if (!opt.content_disposition)
	{
	- hstat.local_file = url_file_name (u);
	+ hstat.local_file =
	+ url_file_name (opt.trustservernames ? u : original_url);
	got_name = true;
	}

	@@ -2679,7 +2681,7 @@

	/* Send preliminary HEAD request if -N is given and we have an existing
	* destination file. */
	- file_name = url_file_name (u);
	+ file_name = url_file_name (opt.trustservernames ? u : original_url);
	if (opt.timestamping
	&& !opt.content_disposition
	&& file_exists_p (file_name))
	=== modified file 'src/http.h'
	--- src/http.h 2010-05-08 19:56:15 +0000
	+++ src/http.h 2010-07-28 19:22:22 +0000
	@@ -33,8 +33,8 @@

	struct url;

	-uerr_t http_loop (struct url , char , char , const char , int *,
	- struct url , struct iri );
	+uerr_t http_loop (struct url , struct url , char , char , const char *,
	+ int , struct url , struct iri *);
	void save_cookies (void);
	void http_cleanup (void);
	time_t http_atotm (const char *);

	=== modified file 'src/init.c'
	--- src/init.c 2010-05-08 19:56:15 +0000
	+++ src/init.c 2010-07-28 19:22:22 +0000
	@@ -252,6 +252,7 @@
	{ "timeout", NULL, cmd_spec_timeout },
	{ "timestamping", &opt.timestamping, cmd_boolean },
	{ "tries", &opt.ntry, cmd_number_inf },
	+ { "trustservernames", &opt.trustservernames, cmd_boolean },
	{ "useproxy", &opt.use_proxy, cmd_boolean },
	{ "user", &opt.user, cmd_string },
	{ "useragent", NULL, cmd_spec_useragent },

	=== modified file 'src/main.c'
	--- src/main.c 2010-06-20 10:10:35 +0000
	+++ src/main.c 2010-07-28 19:22:22 +0000
	@@ -266,5 +266,6 @@
	{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
	{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
	{ "tries", 't', OPT_VALUE, "tries", -1 },
	+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
	{ "user", 0, OPT_VALUE, "user", -1 },
	{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
	@@ -680,6 +681,8 @@
	N_("\
	-I, --include-directories=LIST list of allowed directories.\n"),
	N_("\
	+ --trust-server-names use the name specified by the redirection url last component.\n"),
	+ N_("\
	-X, --exclude-directories=LIST list of excluded directories.\n"),
	N_("\
	-np, --no-parent don't ascend to the parent directory.\n"),

	=== modified file 'src/options.h'
	--- src/options.h 2010-05-08 19:56:15 +0000
	+++ src/options.h 2010-07-28 19:22:22 +0000
	@@ -242,6 +242,7 @@
	char *encoding_remote;
	char *locale;

	+ bool trustservernames;
	#ifdef __VMS
	int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
	#endif /* def __VMS */

	=== modified file 'src/retr.c'
	--- src/retr.c 2010-05-08 19:56:15 +0000
	+++ src/retr.c 2010-07-28 19:22:22 +0000
	@@ -731,7 +731,8 @@
	#endif
	\|\| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
	{
	- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
	+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
	+ proxy_url, iri);
	}
	else if (u->scheme == SCHEME_FTP)
	{

	make sure tests pass after this change
	https://bugs.gentoo.org/333965
	https://savannah.gnu.org/bugs/index.php?30841

	--- tests/Test-iri-forced-remote.px
	+++ tests/Test-iri-forced-remote.px
	@@ -174,7 +174,7 @@ my %urls = (
	},
	);

	-my $cmdline = $WgetTest::WGETPATH . " --iri --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";
	+my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names --remote-encoding=iso-8859-1 -nH -r http://localhost:{{port}}/";

	my $expected_error_code = 0;

	--- tests/Test-iri-list.px
	+++ tests/Test-iri-list.px
	@@ -143,7 +143,7 @@ my %urls = (
	},
	);

	-my $cmdline = $WgetTest::WGETPATH . " --iri -i http://localhost:{{port}}/url_list.txt";
	+my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names -i http://localhost:{{port}}/url_list.txt";

	my $expected_error_code = 0;

	--- tests/Test-iri.px
	+++ tests/Test-iri.px
	@@ -186,7 +186,7 @@ my %urls = (
	},
	);

	-my $cmdline = $WgetTest::WGETPATH . " --iri --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";
	+my $cmdline = $WgetTest::WGETPATH . " --iri --trust-server-names --restrict-file-names=nocontrol -nH -r http://localhost:{{port}}/";

	my $expected_error_code = 0;