Re: [Bug-wget] wget-1.13.4 save path regression/change

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget-1.13.4 save path regression/change

From:	Giuseppe Scrivano
Subject:	Re: [Bug-wget] wget-1.13.4 save path regression/change
Date:	Mon, 26 Sep 2011 10:45:58 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)

Hello Michael,

from the NEWS file (wget 1.13.3):

** By default, on server redirects, use the original URL to get the
   local file name. Close CVE-2010-2252.  This introduces a
   backward-incompatibility; any script that relies on the old
   behaviour must use --trust-server-names.

Cheers,
Giuseppe



Michael Shigorin <address@hidden> writes:

>       Hello Micah,
> I've noted that wget-1.13.4 behaves differently on a situation
> involving redirects, weird thing is that it was spotted on SF
> which is quite typical use case for a wget user I guess.
>
> This manifests itself in pre-redirect basename being chosen
> for the save path, not the final location's one.
>
> Here's 1.13.4:
>
> $ wget 
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> --2011-09-25 21:45:36--  
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> Resolving sourceforge.net (sourceforge.net)... 216.34.181.60
> Connecting to sourceforge.net (sourceforge.net)|216.34.181.60|:80... 
> connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976337&use_mirror=netcologne
>  [following]
> --2011-09-25 21:45:37--  
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976337&use_mirror=netcologne
> Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 
> 216.34.181.59
> Connecting to downloads.sourceforge.net 
> (downloads.sourceforge.net)|216.34.181.59|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> http://netcologne.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
>  [following]
> --2011-09-25 21:45:37--  
> http://netcologne.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> Resolving netcologne.dl.sourceforge.net (netcologne.dl.sourceforge.net)... 
> 78.35.24.46, 2001:4dd0:1234:6::5f
> Connecting to netcologne.dl.sourceforge.net 
> (netcologne.dl.sourceforge.net)|78.35.24.46|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 490732 (479K) [application/x-bzip2]
> Saving to: `download'
>
> 100%[======================================>] 490,732      412K/s   in 1.2s   
>  
>
> 2011-09-25 21:45:38 (412 KB/s) - `download' saved [490732/490732]
>
> Here's as it was with 1.12:
>
> $ wget 
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> --2011-09-25 21:50:39--  
> http://sourceforge.net/projects/pdsh/files/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2/download
> Resolving sourceforge.net... 216.34.181.60
> Connecting to sourceforge.net|216.34.181.60|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976639&use_mirror=heanet
>  [following]
> --2011-09-25 21:50:39--  
> http://downloads.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2?r=&ts=1316976639&use_mirror=heanet
> Resolving downloads.sourceforge.net... 216.34.181.59
> Connecting to downloads.sourceforge.net|216.34.181.59|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: 
> http://heanet.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
>  [following]
> --2011-09-25 21:50:40--  
> http://heanet.dl.sourceforge.net/project/pdsh/pdsh/pdsh-2.26/pdsh-2.26.tar.bz2
> Resolving heanet.dl.sourceforge.net... 193.1.193.66, 
> 2001:770:18:aa40::c101:c142
> Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 490732 (479K) [application/x-bzip2]
> Saving to: `pdsh-2.26.tar.bz2'
>
> 100%[======================================>] 490,732      119K/s   in 4.1s   
>  
>
> 2011-09-25 21:50:44 (117 KB/s) - `pdsh-2.26.tar.bz2' saved [490732/490732]
>
> (I've downgraded the package and on the non-"screenshot" attempt
> it got redirected to the same netcologne mirror, so no server
> side difference seems involved)
>
> PS: I also chose to stay --with-ssl=openssl while the kinks
> are worked out, in particular the distribution's ca-certificates
> weren't used for verification.

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget-1.13.4 save path regression/change, Michael Shigorin, 2011/09/25
- Re: [Bug-wget] wget-1.13.4 save path regression/change, Giuseppe Scrivano <=
  - Re: [Bug-wget] wget-1.13.4 save path regression/change, Michael Shigorin, 2011/09/26

Prev by Date: Re: [Bug-wget] WARC output
Next by Date: Re: [Bug-wget] Introduction
Previous by thread: [Bug-wget] wget-1.13.4 save path regression/change
Next by thread: Re: [Bug-wget] wget-1.13.4 save path regression/change
Index(es):
- Date
- Thread