]> sjero.net Git - wget/blobdiff - src/ChangeLog
projects / wget / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[svn] Fix for FTP directory traversal vulnerability (at least for Unix).
[wget] / src / ChangeLog
diff --git a/src/ChangeLog b/src/ChangeLog
index 95009b85ee9de0c7779c4f3dc77753ea1bbfcf97..4dcc6d62014aace36d421b1a70671f1233d54958 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,64 @@
+2003-01-11  Ian Abbott <abbotti@mev.co.uk>
+
+       * ftp.c (ftp_retrieve_glob): Reject insecure filenames as determined
+       by calling new function has_insecure_name_p.  This is based on a
+       patch by Red Hat.
+
+       * fnmatch.c (has_insecure_name_p): New function: returns non-zero
+       if filename starts with `/' or contains `../' and is therefore
+       considered insecure.
+
+       * fnmatch.h: Declare has_insecure_name_p().
+
+2002-08-03  Hrvoje Niksic  <hniksic@xemacs.org>
+
+       * init.c (cmd_file): Allocate RESULT correctly.
+
+2002-07-24  Hrvoje Niksic  <hniksic@xemacs.org>
+
+       * recur.c (retrieve_tree): Check whether downloaded_html_set is
+       non-NULL before using it.
+
+2002-05-27  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+       * html-parse.c (NAME_CHAR_P): Allow almost any character here.
+
+2002-05-24  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+       * progress.c (bar_set_params): Fall back to dot progress if the
+       terminal type is "emacs".
+
+2002-05-20  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+       * log.c: Don't #undef WGET_USE_STDARG.
+
+2002-05-16  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+       * hash.c (prime_size): Store the offset of the prime number in the
+       prime table.  When searching, start with the given offset.
+       (hash_table_new): Pass the pointer to ht->prime_offset to
+       prime_size.
+       (grow_hash_table): Ditto.
+       (prime_size): Make 13 the first prime to make empty hash tables
+       slightly smaller.
+
+2002-05-16  Ian Abbott  <abbotti@mev.co.uk>
+
+       * recur.c (download_child_p): Minor optimization to avoid an
+       unnecessary additional call to schemes_are_similar_p function.
+
+2002-05-16  Ian Abbott  <abbotti@mev.co.uk>
+
+       * url.c (schemes_are_similar_p): New function to test enumerated
+       scheme codes for similarity.
+
+       * url.h: Declare it.
+
+       * recur.c (download_child_p): Use it to compare schemes.  This
+       also fixes a bug that allows hosts to be spanned (without the
+       -H option) when the parent scheme is https and the child's is
+       http or vice versa.
+
 2002-05-14  Bill Richardson  <bill@riverstonenet.com>
 
        * ftp.c (getftp): Don't ftruncate stdout.
GNU Wget (from http://git.savannah.gnu.org/cgit/wget.git). Modified to allow selection of TCP source port. Clone using: git clone http://sjero.net/src/wget/ wget