From 93578f9e20394e40cc7aa0fa5cd3659000831e23a6e12ca5403a7ef6956d0ad7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 31 May 2021 09:20:40 +0000 Subject: [PATCH] Accepting request 895667 from home:jmoellers:branches:network:utilities OBS-URL: https://build.opensuse.org/request/show/895667 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wget?expand=0&rev=112 --- ...c-Introduce-truncate_filename-option.patch | 110 ++++++++++++++++ wget-do-not-propagate-credentials.patch | 118 ++++++++++++++++++ wget.changes | 19 +++ wget.spec | 4 + 4 files changed, 251 insertions(+) create mode 100644 0001-src-main.c-Introduce-truncate_filename-option.patch create mode 100644 wget-do-not-propagate-credentials.patch diff --git a/0001-src-main.c-Introduce-truncate_filename-option.patch b/0001-src-main.c-Introduce-truncate_filename-option.patch new file mode 100644 index 0000000..b6afc5a --- /dev/null +++ b/0001-src-main.c-Introduce-truncate_filename-option.patch @@ -0,0 +1,110 @@ +Index: wget-1.21.1/src/url.c +=================================================================== +--- wget-1.21.1.orig/src/url.c ++++ wget-1.21.1/src/url.c +@@ -1652,6 +1652,50 @@ convert_fname (char *fname) + } + #endif + ++/* Check if the length of path element is acceptable. ++ If it's longer than OS-defined maximum, truncate it. */ ++static void ++possibly_truncate_pathel (char *pathel) { ++ size_t len = strlen (pathel); ++ size_t max_length; ++ ++#ifdef WINDOWS ++ if (MAX_PATH > (len + CHOMP_BUFFER + 2)) ++ { ++ max_length = MAX_PATH - (len + CHOMP_BUFFER + 2); ++ /* FIXME: In Windows a filename is usually limited to 255 characters. ++ To really be accurate you could call GetVolumeInformation() to get ++ lpMaximumComponentLength ++ ++ Only FAT16 actually uses the 8.3 standard; this shouldn't be worrisome. ++ */ ++ if (max_length > 255) ++ { ++ max_length = 255; ++ } ++ } ++ else ++ { ++ max_length = 0; ++ } ++#else ++ max_length = get_max_length (pathel, len, _PC_NAME_MAX) - CHOMP_BUFFER; ++#endif ++ if (max_length > 0 && len > max_length) ++ { ++ logprintf (LOG_NOTQUIET, "The name is too long, %lu chars total.\n", ++ (unsigned long) len); ++ logprintf (LOG_NOTQUIET, "Trying to shorten...\n"); ++ ++ /* Truncate path element. */ ++ pathel[max_length] = '\0'; ++ ++ logprintf (LOG_NOTQUIET, "New name is %s.\n", pathel); ++ } ++ ++ return; ++} ++ + /* Append to DEST the directory structure that corresponds the + directory part of URL's path. For example, if the URL is + http://server/dir1/dir2/file, this appends "/dir1/dir2". +@@ -1686,7 +1730,11 @@ append_dir_structure (const struct url * + + if (dest->tail) + append_char ('/', dest); ++ ++ *next = '\0'; /* temporarily isolate the next element */ ++ possibly_truncate_pathel(pathel); + append_uri_pathel (pathel, next, true, dest); ++ *next = '/'; + } + } + +@@ -1796,41 +1844,8 @@ url_file_name (const struct url *u, char + temp_fnres.size = 0; + temp_fnres.tail = 0; + append_string (fname, &temp_fnres); +- xfree (fname); +- +- /* Check that the length of the file name is acceptable. */ +-#ifdef WINDOWS +- if (MAX_PATH > (fnres.tail + CHOMP_BUFFER + 2)) +- { +- max_length = MAX_PATH - (fnres.tail + CHOMP_BUFFER + 2); +- /* FIXME: In Windows a filename is usually limited to 255 characters. +- To really be accurate you could call GetVolumeInformation() to get +- lpMaximumComponentLength +- */ +- if (max_length > 255) +- { +- max_length = 255; +- } +- } +- else +- { +- max_length = 0; +- } +-#else +- max_length = get_max_length (fnres.base, fnres.tail, _PC_NAME_MAX) - CHOMP_BUFFER; +-#endif +- if (max_length > 0 && strlen (temp_fnres.base) > max_length) +- { +- logprintf (LOG_NOTQUIET, "The name is too long, %lu chars total.\n", +- (unsigned long) strlen (temp_fnres.base)); +- logprintf (LOG_NOTQUIET, "Trying to shorten...\n"); +- +- /* Shorten the file name. */ +- temp_fnres.base[max_length] = '\0'; +- +- logprintf (LOG_NOTQUIET, "New name is %s.\n", temp_fnres.base); +- } + ++ xfree (fname); + xfree (fname_len_check); + + /* The filename has already been 'cleaned' by append_uri_pathel() above. So, diff --git a/wget-do-not-propagate-credentials.patch b/wget-do-not-propagate-credentials.patch new file mode 100644 index 0000000..3035f97 --- /dev/null +++ b/wget-do-not-propagate-credentials.patch @@ -0,0 +1,118 @@ +Index: wget-1.21.1/src/http.c +=================================================================== +--- wget-1.21.1.orig/src/http.c ++++ wget-1.21.1/src/http.c +@@ -3155,6 +3155,33 @@ fail: + } + #endif /* HAVE_METALINK */ + ++/* ++ * Check if the corresponding header line should not ++ * be sent after a redirect ++ */ ++static inline int ++unredirectable_headerline(char *line) ++{ ++ static struct { ++ size_t len; ++ char *name; ++ } field_name[] = { ++ { 14, "Authorization:" }, ++ { 7, "Cookie:" }, ++ { 0, NULL } ++ }; ++ int i; ++ ++ /* ++ * Note: According to RFC 2616, Field names are case-insensitive. ++ */ ++ for (i = 0; field_name[i].name != NULL; i++) ++ if (strncasecmp(line, field_name[i].name, field_name[i].len) == 0) ++ return 1; ++ ++ return 0; ++} ++ + /* Retrieve a document through HTTP protocol. It recognizes status + code, and correctly handles redirections. It closes the network + socket. If it receives an error from the functions below it, it +@@ -3167,7 +3194,7 @@ fail: + server, and u->url will be requested. */ + static uerr_t + gethttp (const struct url *u, struct url *original_url, struct http_stat *hs, +- int *dt, struct url *proxy, struct iri *iri, int count) ++ int *dt, struct url *proxy, struct iri *iri, int count, int location_changed) + { + struct request *req = NULL; + +@@ -3314,7 +3341,16 @@ gethttp (const struct url *u, struct url + { + int i; + for (i = 0; opt.user_headers[i]; i++) +- request_set_user_header (req, opt.user_headers[i]); ++ { ++ /* ++ * IF we have been redirected ++ * AND the user-supplied header line should NOT be sent to the new host ++ * DO NOT append that header line ++ */ ++ if (location_changed && unredirectable_headerline(opt.user_headers[i])) ++ continue; ++ request_set_user_header (req, opt.user_headers[i]); ++ } + } + + proxyauth = NULL; +@@ -4232,7 +4268,7 @@ check_retry_on_http_error (const int sta + uerr_t + http_loop (const struct url *u, struct url *original_url, char **newloc, + char **local_file, const char *referer, int *dt, struct url *proxy, +- struct iri *iri) ++ struct iri *iri, int location_changed) + { + int count; + bool got_head = false; /* used for time-stamping and filename detection */ +@@ -4424,7 +4460,7 @@ http_loop (const struct url *u, struct u + *dt &= ~SEND_NOCACHE; + + /* Try fetching the document, or at least its head. */ +- err = gethttp (u, original_url, &hstat, dt, proxy, iri, count); ++ err = gethttp (u, original_url, &hstat, dt, proxy, iri, count, location_changed); + + /* Time? */ + tms = datetime_str (time (NULL)); +Index: wget-1.21.1/src/http.h +=================================================================== +--- wget-1.21.1.orig/src/http.h ++++ wget-1.21.1/src/http.h +@@ -36,7 +36,7 @@ as that of the covered work. */ + struct url; + + uerr_t http_loop (const struct url *, struct url *, char **, char **, const char *, +- int *, struct url *, struct iri *); ++ int *, struct url *, struct iri *, int); + void save_cookies (void); + void http_cleanup (void); + time_t http_atotm (const char *); +Index: wget-1.21.1/src/retr.c +=================================================================== +--- wget-1.21.1.orig/src/retr.c ++++ wget-1.21.1/src/retr.c +@@ -886,7 +886,7 @@ retrieve_url (struct url * orig_parsed, + { + uerr_t result; + char *url; +- bool location_changed; ++ bool location_changed = 0; + bool iri_fallbacked = 0; + int dummy; + char *mynewloc, *proxy; +@@ -985,7 +985,7 @@ retrieve_url (struct url * orig_parsed, + } + #endif + result = http_loop (u, orig_parsed, &mynewloc, &local_file, refurl, dt, +- proxy_url, iri); ++ proxy_url, iri, location_changed); + } + else if (u->scheme == SCHEME_FTP + #ifdef HAVE_SSL diff --git a/wget.changes b/wget.changes index f0708b6..e3e42e6 100644 --- a/wget.changes +++ b/wget.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Mon May 10 13:15:35 UTC 2021 - Josef Möllers + +- When running recursively, wget will verify the length of the whole + URL when saving the files. This will make it overwrite files with + truncated names, throwing the "The name is too long, ... trying to + shorten" messages. The patch moves the length check code to a + separate function and call it from the append_dir_structure() for each + path element. + [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch] + +------------------------------------------------------------------- +Mon May 10 13:13:14 UTC 2021 - Josef Möllers + +- If wget for an http URL is redirected to a different site (hostname + parts of URLs differ), then any "Authenticate" and "Cookie" header + entries are discarded. + [bsc#1175551, wget-do-not-propagate-credentials.patch] + ------------------------------------------------------------------- Sun Jan 24 14:21:24 UTC 2021 - Dirk Müller diff --git a/wget.spec b/wget.spec index 584b20e..97337ae 100644 --- a/wget.spec +++ b/wget.spec @@ -34,6 +34,8 @@ Patch6: wget-1.14-no-ssl-comp.patch Patch7: wget-fix-pod-syntax.diff Patch8: wget-errno-clobber.patch Patch9: remove-env-from-shebang.patch +Patch10: wget-do-not-propagate-credentials.patch +Patch11: 0001-src-main.c-Introduce-truncate_filename-option.patch BuildRequires: automake BuildRequires: gpgme-devel >= 0.4.2 BuildRequires: libcares-devel @@ -79,6 +81,8 @@ This can be done in script files or via the command line. %patch7 -p1 %patch8 -p1 %patch9 -p1 +%patch10 -p1 +%patch11 -p1 %build %if 0%{?suse_version} > 1110