[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget-1.13.4 save path regression/change
From: |
Giuseppe Scrivano |
Subject: |
Re: [Bug-wget] wget-1.13.4 save path regression/change |
Date: |
Mon, 26 Sep 2011 10:45:58 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) |
Hello Michael,
from the NEWS file (wget 1.13.3):
** By default, on server redirects, use the original URL to get the
local file name. Close CVE-2010-2252. This introduces a
backward-incompatibility; any script that relies on the old
behaviour must use --trust-server-names.
Cheers,
Giuseppe
Michael Shigorin <address@hidden> writes:
> Hello Micah,
> I've noted that wget-1.13.4 behaves differently on a situation
> involving redirects, weird thing is that it was spotted on SF
> which is quite typical use case for a wget user I guess.
>
> This manifests itself in pre-redirect basename being chosen
> for the save path, not the final location's one.
>
> Here's 1.13.4:
>
> $ wget
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> --2011-09-25 21:45:36--
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> Resolving sourceforge.net (sourceforge.net)... 216.34.181.60
> Connecting to sourceforge.net (sourceforge.net)|216.34.181.60|:80...
> connected.
> HTTP request sent, awaiting response... 302 Found
> Location:
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976337&use_mirror=netcologne
> [following]
> --2011-09-25 21:45:37--
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976337&use_mirror=netcologne
> Resolving downloads.sourceforge.net (downloads.sourceforge.net)...
> 216.34.181.59
> Connecting to downloads.sourceforge.net
> (downloads.sourceforge.net)|216.34.181.59|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location:
> http://netcologne.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> [following]
> --2011-09-25 21:45:37--
> http://netcologne.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> Resolving netcologne.dl.sourceforge.net (netcologne.dl.sourceforge.net)...
> 78.35.24.46, 2001:4dd0:1234:6::5f
> Connecting to netcologne.dl.sourceforge.net
> (netcologne.dl.sourceforge.net)|78.35.24.46|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 490732 (479K) [application/x-bzip2]
> Saving to: `download'
>
> 100%[======================================>] 490,732 412K/s in 1.2s
>
>
> 2011-09-25 21:45:38 (412 KB/s) - `download' saved [490732/490732]
>
> Here's as it was with 1.12:
>
> $ wget
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> --2011-09-25 21:50:39--
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> Resolving sourceforge.net... 216.34.181.60
> Connecting to sourceforge.net|216.34.181.60|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location:
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976639&use_mirror=heanet
> [following]
> --2011-09-25 21:50:39--
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976639&use_mirror=heanet
> Resolving downloads.sourceforge.net... 216.34.181.59
> Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location:
> http://heanet.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> [following]
> --2011-09-25 21:50:40--
> http://heanet.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> Resolving heanet.dl.sourceforge.net... 193.1.193.66,
> 2001:770:18:aa40::c101:c142
> Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 490732 (479K) [application/x-bzip2]
> Saving to: `pdsh-2.26.tar.bz2'
>
> 100%[======================================>] 490,732 119K/s in 4.1s
>
>
> 2011-09-25 21:50:44 (117 KB/s) - `pdsh-2.26.tar.bz2' saved [490732/490732]
>
> (I've downgraded the package and on the non-"screenshot" attempt
> it got redirected to the same netcologne mirror, so no server
> side difference seems involved)
>
> PS: I also chose to stay --with-ssl=openssl while the kinks
> are worked out, in particular the distribution's ca-certificates
> weren't used for verification.