wget 1.12-r2 doesn't follow the HTTP 307 Temporary Redirect command issued by the server when saving/naming the file. Steps of reproduction: 1) When running e.g.: wget "http://www.jamendo.com/get/album/id/album/archiverestricted/redirect/41474/?p2pnet=bittorrent&are=ogg3" 2) I get this result: wget "http://www.jamendo.com/get/album/id/album/archiverestricted/redirect/41474/?p2pnet=bittorrent&are=ogg3" 20.nov.10 08.55 --2010-11-20 08:56:32-- http://www.jamendo.com/get/album/id/album/archiverestricted/redirect/41474/?p2pnet=bittorrent&are=ogg3 Razrešuje se www.jamendo.com (www.jamendo.com)...81.92.227.170 Povezujem se na www.jamendo.com (www.jamendo.com)|81.92.227.170|:80... priključen. HTTP zahteva poslana, čakam odgovor... 307 Temporary redirect Položaj: http://archive12restricted.jamendo.com/41474/The%20Very%20Sexuals%20-%20Post-Apocalyptic%20Love%20--%20Jamendo%20-%20OGG%20Vorbis%20q7%20-%202009.03.08%20%5Bwww.jamendo.com%5D.zip [spremljam] --2010-11-20 08:56:32-- http://archive12restricted.jamendo.com/41474/The%20Very%20Sexuals%20-%20Post-Apocalyptic%20Love%20--%20Jamendo%20-%20OGG%20Vorbis%20q7%20-%202009.03.08%20%5Bwww.jamendo.com%5D.zip Razrešuje se archive12restricted.jamendo.com (archive12restricted.jamendo.com)...81.92.227.170 Znova se uporablja povezava z www.jamendo.com:80. HTTP zahteva poslana, čakam odgovor... 200 OK Dolžina: 44655310 (43M) [application/zip] Saving to: `index.html?p2pnet=bittorrent&are=ogg3' Expected result (and how it works in version 1.12): wget "http://www.jamendo.com/get/album/id/album/archiverestricted/redirect/41474/?p2pnet=bittorrent&are=ogg3" 20.nov.10 08.59 --2010-11-20 08:59:44-- http://www.jamendo.com/get/album/id/album/archiverestricted/redirect/41474/?p2pnet=bittorrent&are=ogg3 Razrešuje se www.jamendo.com (www.jamendo.com)...81.92.227.170 Povezujem se na www.jamendo.com (www.jamendo.com)|81.92.227.170|:80... priključen. HTTP zahteva poslana, čakam odgovor... 307 Temporary redirect Položaj: http://archive12restricted.jamendo.com/41474/The%20Very%20Sexuals%20-%20Post-Apocalyptic%20Love%20--%20Jamendo%20-%20OGG%20Vorbis%20q7%20-%202009.03.08%20%5Bwww.jamendo.com%5D.zip [spremljam] --2010-11-20 08:59:45-- http://archive12restricted.jamendo.com/41474/The%20Very%20Sexuals%20-%20Post-Apocalyptic%20Love%20--%20Jamendo%20-%20OGG%20Vorbis%20q7%20-%202009.03.08%20%5Bwww.jamendo.com%5D.zip Razrešuje se archive12restricted.jamendo.com (archive12restricted.jamendo.com)...81.92.227.170 Znova se uporablja povezava z www.jamendo.com:80. HTTP zahteva poslana, čakam odgovor... 200 OK Dolžina: 44655310 (43M) [application/zip] Saving to: `The Very Sexuals - Post-Apocalyptic Love -- Jamendo - OGG Vorbis q7 - 2009.03.08 [www.jamendo.com].zip' The relevant USE flags I use are: USE="idn ipv6 nls ssl -debug -ntlm -static" (full emerge --info will be attached) My current workaround is to mask 1.12-r2 and use 1.12.
Created attachment 254889 [details] emerge --info Full 'emerge --info' output
--trust-server-names ... read CVE-2010-2252
Oh, so this changed from a feature to a security bug? OK, thanks for explaining…