$NetBSD: patch-aa,v 1.11.2.2 2010/11/23 21:14:45 spz Exp $

Back port of patch for CVE-2010-2252 for to version 1.12 of "wget" taken
from Debian:

http://packages.debian.org/sid/wget
http://ftp.de.debian.org/debian/pool/main/w/wget/wget_1.12-2.1.debian.tar.gz

--- src/http.c.orig	2009-09-22 04:02:18.000000000 +0100
+++ src/http.c	2010-11-22 18:53:25.000000000 +0000
@@ -2410,8 +2410,9 @@
 /* The genuine HTTP loop!  This is the part where the retrieval is
    retried, and retried, and retried, and...  */
 uerr_t
-http_loop (struct url *u, char **newloc, char **local_file, const char *referer,
-           int *dt, struct url *proxy, struct iri *iri)
+http_loop (struct url *u, struct url *original_url, char **newloc,
+           char **local_file, const char *referer, int *dt, struct url *proxy,
+           struct iri *iri)
 {
   int count;
   bool got_head = false;         /* used for time-stamping and filename detection */
@@ -2457,7 +2458,8 @@
     }
   else if (!opt.content_disposition)
     {
-      hstat.local_file = url_file_name (u);
+      hstat.local_file =
+        url_file_name (opt.trustservernames ? u : original_url);
       got_name = true;
     }
 
@@ -2497,7 +2499,7 @@
 
   /* Send preliminary HEAD request if -N is given and we have an existing
    * destination file. */
-  file_name = url_file_name (u);
+  file_name = url_file_name (opt.trustservernames ? u : original_url);
   if (opt.timestamping
       && !opt.content_disposition
       && file_exists_p (file_name))
@@ -2852,9 +2854,9 @@
 
           /* Remember that we downloaded the file for later ".orig" code. */
           if (*dt & ADDED_HTML_EXTENSION)
-            downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+            downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
           else
-            downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+            downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
 
           ret = RETROK;
           goto exit;
@@ -2885,9 +2887,9 @@
 
               /* Remember that we downloaded the file for later ".orig" code. */
               if (*dt & ADDED_HTML_EXTENSION)
-                downloaded_file(FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
+                downloaded_file (FILE_DOWNLOADED_AND_HTML_EXTENSION_ADDED, hstat.local_file);
               else
-                downloaded_file(FILE_DOWNLOADED_NORMALLY, hstat.local_file);
+                downloaded_file (FILE_DOWNLOADED_NORMALLY, hstat.local_file);
 
               ret = RETROK;
               goto exit;
