[gentoo-commits] gentoo-x86 commit in net-misc/wget/files: wget-1.12-sni.patch wget-1.12-CVE-2010-2252.patch - gentoo-commits

From:	"Mike Frysinger (vapier)" <vapier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in net-misc/wget/files: wget-1.12-sni.patch wget-1.12-CVE-2010-2252.patch
Date:	Sat, 21 Aug 2010 22:18:30
Message-Id:	`20100821221817.146512004E@flycatcher.gentoo.org`

1

vapier      10/08/21 22:18:17

2

3

  Modified:             wget-1.12-sni.patch

4

  Added:                wget-1.12-CVE-2010-2252.patch

5

  Log:

6

  Add fix from upstream for CVE-2010-2252 #329941 by Stefan Behte.  Tweak by Sergei Trofimovich for IPv6 behavor in SNI patch #333839.

7

  (Portage version: 2.2_rc67/cvs/Linux x86_64)

8

9

Revision  Changes    Path

10

1.2                  net-misc/wget/files/wget-1.12-sni.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?rev=1.2&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?rev=1.2&content-type=text/plain

14

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?r1=1.1&r2=1.2

15

16

Index: wget-1.12-sni.patch

17

===================================================================

18

RCS file: /var/cvsroot/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch,v

19

retrieving revision 1.1

20

retrieving revision 1.2

21

diff -u -r1.1 -r1.2

22

--- wget-1.12-sni.patch	17 Jan 2010 22:28:19 -0000	1.1

23

+++ wget-1.12-sni.patch	21 Aug 2010 22:18:16 -0000	1.2

24

@@ -56,7 +56,7 @@

25

 +  if (is_valid_ipv4_address(name, endp))

26

 +    return true;

27

 +#ifdef ENABLE_IPV6

28

-+  if (is_valid_ipv4_address(name, endp))

29

++  if (is_valid_ipv6_address(name, endp))

30

 +    return true;

31

 +#endif

32

 +  return false;

1.1                  net-misc/wget/files/wget-1.12-CVE-2010-2252.patch

37

38

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-CVE-2010-2252.patch?rev=1.1&view=markup

39

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-CVE-2010-2252.patch?rev=1.1&content-type=text/plain

40

41

Index: wget-1.12-CVE-2010-2252.patch

42

===================================================================

43

http://bugs.gentoo.org/329941

44

45

based on upstream commit, but tweaked to work with wget-1.12 and

46

remove useless style changes

47

48

------------------------------------------------------------

49

revno: 2409

50

committer: Giuseppe Scrivano <gscrivano@×××.org>

51

branch nick: wget

52

timestamp: Wed 2010-07-28 21:22:22 +0200

53

message:

54

  Introduce --trust-server-names.  Close CVE-2010-2252.

55

diff:

56

57

NEWS:

58

** By default, on server redirects, use the original URL to get the

59

   local file name. Close CVE-2010-2252.

60

61

ChangeLog:

62

2010-07-28  Giuseppe Scrivano  <gscrivano@×××.org>

63

64

	* http.h (http_loop): Add new argument `original_url'

65

	* http.c (http_loop): Add new argument `original_url'.  Use

66

	`original_url' to get a filename if `trustservernames' is false.

67

68

	* init.c (commands): Add "trustservernames".

69

70

	* options.h (library): Add variable `trustservernames'.

71

72

	* main.c (option_data): Add trust-server-names.

73

	(print_help): Describe --trust-server-names.

74

75

	* retr.c (retrieve_url): Pass new argument to `http_loop'.

76

77

=== modified file 'doc/wget.texi'

78

--- doc/wget.texi	2010-05-27 10:45:15 +0000

79

+++ doc/wget.texi	2010-07-28 19:22:22 +0000

80

@@ -1498,6 +1498,13 @@

81

 @code{Content-Disposition} headers to describe what the name of a

82

 downloaded file should be.

83

84

+@cindex Trust server names

85

+@item --trust-server-names

86

+

87

+If this is set to on, on a redirect the last component of the

88

+redirection URL will be used as the local file name.  By default it is

89

+used the last component in the original URL.

90

+

91

 @cindex authentication

92

 @item --auth-no-challenge

93

94

@@ -2810,6 +2817,10 @@

95

 Turn on recognition of the (non-standard) @samp{Content-Disposition}

96

 HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.

97

98

+@item trust_server_names = on/off

99

+If set to on, use the last component of a redirection URL for the local

100

+file name.

101

+

102

 @item continue = on/off

103

 If set to on, force continuation of preexistent partially retrieved

104

 files.  See @samp{-c} before setting it.

105

106

=== modified file 'src/http.c'

107

--- src/http.c	2010-07-20 17:42:13 +0000

108

+++ src/http.c	2010-07-28 19:22:22 +0000

109

@@ -2593,8 +2593,9 @@

110

 /* The genuine HTTP loop!  This is the part where the retrieval is

111

    retried, and retried, and retried, and...  */

112

 uerr_t

113

-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,

114

-           int *dt, struct url *proxy, struct iri *iri)

115

+http_loop (struct url *u, struct url *original_url, char **newloc,

116

+           char **local_file, const char *referer, int *dt, struct url *proxy,

117

+           struct iri *iri)

118

{

119

   int count;

120

   bool got_head = false;         /* used for time-stamping and filename detection */

121

@@ -2641,7 +2642,8 @@

122

}

123

   else if (!opt.content_disposition)

124

{

125

-      hstat.local_file = url_file_name (u);

126

+      hstat.local_file =

127

+        url_file_name (opt.trustservernames ? u : original_url);

128

       got_name = true;

129

}

130

131

@@ -2679,7 +2681,7 @@

132

133

   /* Send preliminary HEAD request if -N is given and we have an existing

134

    * destination file. */

135

-  file_name = url_file_name (u);

136

+  file_name = url_file_name (opt.trustservernames ? u : original_url);

137

   if (opt.timestamping

138

       && !opt.content_disposition

139

       && file_exists_p (file_name))

140

=== modified file 'src/http.h'

141

--- src/http.h	2010-05-08 19:56:15 +0000

142

+++ src/http.h	2010-07-28 19:22:22 +0000

143

@@ -33,8 +33,8 @@

144

145

 struct url;

146

147

-uerr_t http_loop (struct url *, char **, char **, const char *, int *,

148

-		  struct url *, struct iri *);

149

+uerr_t http_loop (struct url *, struct url *, char **, char **, const char *,

150

+                  int *, struct url *, struct iri *);

151

 void save_cookies (void);

152

 void http_cleanup (void);

153

 time_t http_atotm (const char *);

154

155

=== modified file 'src/init.c'

156

--- src/init.c	2010-05-08 19:56:15 +0000

157

+++ src/init.c	2010-07-28 19:22:22 +0000

158

@@ -252,6 +252,7 @@

159

   { "timeout",          NULL,                   cmd_spec_timeout },

160

   { "timestamping",     &opt.timestamping,      cmd_boolean },

161

   { "tries",            &opt.ntry,              cmd_number_inf },

162

+  { "trustservernames", &opt.trustservernames,  cmd_boolean },

163

   { "useproxy",         &opt.use_proxy,         cmd_boolean },

164

   { "user",             &opt.user,              cmd_string },

165

   { "useragent",        NULL,                   cmd_spec_useragent },

166

167

=== modified file 'src/main.c'

168

--- src/main.c	2010-06-20 10:10:35 +0000

169

+++ src/main.c	2010-07-28 19:22:22 +0000

170

@@ -266,5 +266,6 @@

171

     { "timeout", 'T', OPT_VALUE, "timeout", -1 },

172

     { "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },

173

     { "tries", 't', OPT_VALUE, "tries", -1 },

174

+    { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },

175

     { "user", 0, OPT_VALUE, "user", -1 },

176

     { "user-agent", 'U', OPT_VALUE, "useragent", -1 },

177

@@ -680,6 +681,8 @@

178

     N_("\

179

   -I,  --include-directories=LIST  list of allowed directories.\n"),

180

     N_("\

181

+  --trust-server-names  use the name specified by the redirection url last component.\n"),

182

+    N_("\

183

   -X,  --exclude-directories=LIST  list of excluded directories.\n"),

184

     N_("\

185

   -np, --no-parent                 don't ascend to the parent directory.\n"),

186

187

=== modified file 'src/options.h'

188

--- src/options.h	2010-05-08 19:56:15 +0000

189

+++ src/options.h	2010-07-28 19:22:22 +0000

190

@@ -242,6 +242,7 @@

191

   char *encoding_remote;

192

   char *locale;

193

194

+  bool trustservernames;

195

 #ifdef __VMS

196

   int ftp_stmlf;                /* Force Stream_LF format for binary FTP. */

197

 #endif /* def __VMS */

198

199

=== modified file 'src/retr.c'

200

--- src/retr.c	2010-05-08 19:56:15 +0000

201

+++ src/retr.c	2010-07-28 19:22:22 +0000

202

@@ -731,7 +731,8 @@

203

 #endif

204

       || (proxy_url && proxy_url->scheme == SCHEME_HTTP))

205

{

206

-      result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);

207

+      result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,

208

+                          proxy_url, iri);

209

}

210

   else if (u->scheme == SCHEME_FTP)

211

{

1	vapier 10/08/21 22:18:17
2
3	Modified: wget-1.12-sni.patch
4	Added: wget-1.12-CVE-2010-2252.patch
5	Log:
6	Add fix from upstream for CVE-2010-2252 #329941 by Stefan Behte. Tweak by Sergei Trofimovich for IPv6 behavor in SNI patch #333839.
7	(Portage version: 2.2_rc67/cvs/Linux x86_64)
8
9	Revision Changes Path
10	1.2 net-misc/wget/files/wget-1.12-sni.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?rev=1.2&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?rev=1.2&content-type=text/plain
14	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch?r1=1.1&r2=1.2
15
16	Index: wget-1.12-sni.patch
17	===================================================================
18	RCS file: /var/cvsroot/gentoo-x86/net-misc/wget/files/wget-1.12-sni.patch,v
19	retrieving revision 1.1
20	retrieving revision 1.2
21	diff -u -r1.1 -r1.2
22	--- wget-1.12-sni.patch 17 Jan 2010 22:28:19 -0000 1.1
23	+++ wget-1.12-sni.patch 21 Aug 2010 22:18:16 -0000 1.2
24	@@ -56,7 +56,7 @@
25	+ if (is_valid_ipv4_address(name, endp))
26	+ return true;
27	+#ifdef ENABLE_IPV6
28	-+ if (is_valid_ipv4_address(name, endp))
29	++ if (is_valid_ipv6_address(name, endp))
30	+ return true;
31	+#endif
32	+ return false;
33
34
35
36	1.1 net-misc/wget/files/wget-1.12-CVE-2010-2252.patch
37
38	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-CVE-2010-2252.patch?rev=1.1&view=markup
39	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/wget/files/wget-1.12-CVE-2010-2252.patch?rev=1.1&content-type=text/plain
40
41	Index: wget-1.12-CVE-2010-2252.patch
42	===================================================================
43	http://bugs.gentoo.org/329941
44
45	based on upstream commit, but tweaked to work with wget-1.12 and
46	remove useless style changes
47
48	------------------------------------------------------------
49	revno: 2409
50	committer: Giuseppe Scrivano <gscrivano@×××.org>
51	branch nick: wget
52	timestamp: Wed 2010-07-28 21:22:22 +0200
53	message:
54	Introduce --trust-server-names. Close CVE-2010-2252.
55	diff:
56
57	NEWS:
58	** By default, on server redirects, use the original URL to get the
59	local file name. Close CVE-2010-2252.
60
61	ChangeLog:
62	2010-07-28 Giuseppe Scrivano <gscrivano@×××.org>
63
64	* http.h (http_loop): Add new argument `original_url'
65	* http.c (http_loop): Add new argument `original_url'. Use
66	`original_url' to get a filename if `trustservernames' is false.
67
68	* init.c (commands): Add "trustservernames".
69
70	* options.h (library): Add variable `trustservernames'.
71
72	* main.c (option_data): Add trust-server-names.
73	(print_help): Describe --trust-server-names.
74
75	* retr.c (retrieve_url): Pass new argument to `http_loop'.
76
77	=== modified file 'doc/wget.texi'
78	--- doc/wget.texi 2010-05-27 10:45:15 +0000
79	+++ doc/wget.texi 2010-07-28 19:22:22 +0000
80	@@ -1498,6 +1498,13 @@
81	@code{Content-Disposition} headers to describe what the name of a
82	downloaded file should be.
83
84	+@cindex Trust server names
85	+@item --trust-server-names
86	+
87	+If this is set to on, on a redirect the last component of the
88	+redirection URL will be used as the local file name. By default it is
89	+used the last component in the original URL.
90	+
91	@cindex authentication
92	@item --auth-no-challenge
93
94	@@ -2810,6 +2817,10 @@
95	Turn on recognition of the (non-standard) @samp{Content-Disposition}
96	HTTP header---if set to @samp{on}, the same as @samp{--content-disposition}.
97
98	+@item trust_server_names = on/off
99	+If set to on, use the last component of a redirection URL for the local
100	+file name.
101	+
102	@item continue = on/off
103	If set to on, force continuation of preexistent partially retrieved
104	files. See @samp{-c} before setting it.
105
106	=== modified file 'src/http.c'
107	--- src/http.c 2010-07-20 17:42:13 +0000
108	+++ src/http.c 2010-07-28 19:22:22 +0000
109	@@ -2593,8 +2593,9 @@
110	/* The genuine HTTP loop! This is the part where the retrieval is
111	retried, and retried, and retried, and... */
112	uerr_t
113	-http_loop (struct url u, char newloc, char local_file, const char referer,
114	- int dt, struct url proxy, struct iri *iri)
115	+http_loop (struct url u, struct url original_url, char **newloc,
116	+ char *local_file, const char referer, int dt, struct url proxy,
117	+ struct iri *iri)
118	{
119	int count;
120	bool got_head = false; /* used for time-stamping and filename detection */
121	@@ -2641,7 +2642,8 @@
122	}
123	else if (!opt.content_disposition)
124	{
125	- hstat.local_file = url_file_name (u);
126	+ hstat.local_file =
127	+ url_file_name (opt.trustservernames ? u : original_url);
128	got_name = true;
129	}
130
131	@@ -2679,7 +2681,7 @@
132
133	/* Send preliminary HEAD request if -N is given and we have an existing
134	* destination file. */
135	- file_name = url_file_name (u);
136	+ file_name = url_file_name (opt.trustservernames ? u : original_url);
137	if (opt.timestamping
138	&& !opt.content_disposition
139	&& file_exists_p (file_name))
140	=== modified file 'src/http.h'
141	--- src/http.h 2010-05-08 19:56:15 +0000
142	+++ src/http.h 2010-07-28 19:22:22 +0000
143	@@ -33,8 +33,8 @@
144
145	struct url;
146
147	-uerr_t http_loop (struct url , char , char , const char , int *,
148	- struct url , struct iri );
149	+uerr_t http_loop (struct url , struct url , char , char , const char *,
150	+ int , struct url , struct iri *);
151	void save_cookies (void);
152	void http_cleanup (void);
153	time_t http_atotm (const char *);
154
155	=== modified file 'src/init.c'
156	--- src/init.c 2010-05-08 19:56:15 +0000
157	+++ src/init.c 2010-07-28 19:22:22 +0000
158	@@ -252,6 +252,7 @@
159	{ "timeout", NULL, cmd_spec_timeout },
160	{ "timestamping", &opt.timestamping, cmd_boolean },
161	{ "tries", &opt.ntry, cmd_number_inf },
162	+ { "trustservernames", &opt.trustservernames, cmd_boolean },
163	{ "useproxy", &opt.use_proxy, cmd_boolean },
164	{ "user", &opt.user, cmd_string },
165	{ "useragent", NULL, cmd_spec_useragent },
166
167	=== modified file 'src/main.c'
168	--- src/main.c 2010-06-20 10:10:35 +0000
169	+++ src/main.c 2010-07-28 19:22:22 +0000
170	@@ -266,5 +266,6 @@
171	{ "timeout", 'T', OPT_VALUE, "timeout", -1 },
172	{ "timestamping", 'N', OPT_BOOLEAN, "timestamping", -1 },
173	{ "tries", 't', OPT_VALUE, "tries", -1 },
174	+ { "trust-server-names", 0, OPT_BOOLEAN, "trustservernames", -1 },
175	{ "user", 0, OPT_VALUE, "user", -1 },
176	{ "user-agent", 'U', OPT_VALUE, "useragent", -1 },
177	@@ -680,6 +681,8 @@
178	N_("\
179	-I, --include-directories=LIST list of allowed directories.\n"),
180	N_("\
181	+ --trust-server-names use the name specified by the redirection url last component.\n"),
182	+ N_("\
183	-X, --exclude-directories=LIST list of excluded directories.\n"),
184	N_("\
185	-np, --no-parent don't ascend to the parent directory.\n"),
186
187	=== modified file 'src/options.h'
188	--- src/options.h 2010-05-08 19:56:15 +0000
189	+++ src/options.h 2010-07-28 19:22:22 +0000
190	@@ -242,6 +242,7 @@
191	char *encoding_remote;
192	char *locale;
193
194	+ bool trustservernames;
195	#ifdef __VMS
196	int ftp_stmlf; /* Force Stream_LF format for binary FTP. */
197	#endif /* def __VMS */
198
199	=== modified file 'src/retr.c'
200	--- src/retr.c 2010-05-08 19:56:15 +0000
201	+++ src/retr.c 2010-07-28 19:22:22 +0000
202	@@ -731,7 +731,8 @@
203	#endif
204	\|\| (proxy_url && proxy_url->scheme == SCHEME_HTTP))
205	{
206	- result = http_loop (u, &mynewloc, &local_file, refurl, dt, proxy_url, iri);
207	+ result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt,
208	+ proxy_url, iri);
209	}
210	else if (u->scheme == SCHEME_FTP)
211	{

Gentoo Archives: gentoo-commits