Fix directory traversal vulnerability.

Security:	CAN-2004-1487
Security:	http://vuxml.FreeBSD.org/06f142ff-4df3-11d9-a9e7-0001020eed82.html
		(part of)
Obtained from:	SuSE
Approved by:	erwin (mentor)

ftp/wget-devel/Makefile

@@ -7,7 +7,7 @@
 
 PORTNAME=	wget-devel
 PORTVERSION=	1.9.1
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	ftp www
 MASTER_SITES=	${MASTER_SITE_GNU}
 MASTER_SITE_SUBDIR=	wget

ftp/wget-devel/files/patch-CAN-2004-1487

@@ -0,0 +1,51 @@
+diff -ruN wget-LFS-20040909/src/http.c wget-LFS-20040909.patched/src/http.c
+--- src/http.c.orig	2004-09-09 19:28:26.000000000 -0700
++++ src/http.c	2005-02-21 04:13:05.000000000 -0800
+@@ -1719,6 +1719,7 @@
+   /* Open the local file.  */
+   if (!output_stream)
+     {
++      sanitize_path(*hs->local_file);
+       mkalldirs (*hs->local_file);
+       if (opt.backups)
+ 	rotate_backups (*hs->local_file);
+diff -ruN wget-LFS-20040909/src/utils.c wget-LFS-20040909.patched/src/utils.c
+--- src/utils.c.orig	2004-09-09 13:32:07.000000000 -0700
++++ src/utils.c	2005-02-21 04:11:54.000000000 -0800
+@@ -368,6 +368,25 @@
+ #endif
+ }
+ 
++
++char *
++sanitize_path(char *path)
++{
++	char *str = NULL;
++
++	/* evilhost/../ */
++	while ((str = strstr(path,  "..")) != NULL)
++		memcpy(str, "__", 2);
++	/* evilhost/.bashrc */
++	while ((str = strstr(path, "/.")) != NULL)
++		str[1] = '_';
++	/* .bashrc */
++	if (*path == '.')
++		*path = '_';
++	return path;
++}
++
++
+ /* Returns 0 if PATH is a directory, 1 otherwise (any kind of file).
+    Returns 0 on error.  */
+ int
+diff -ruN wget-LFS-20040909/src/utils.h wget-LFS-20040909.patched/src/utils.h
+--- src/utils.h.orig	2004-09-09 21:05:36.000000000 -0700
++++ src/utils.h	2005-02-21 04:04:07.000000000 -0800
+@@ -83,6 +83,7 @@
+ int make_directory PARAMS ((const char *));
+ char *unique_name PARAMS ((const char *, int));
+ char *file_merge PARAMS ((const char *, const char *));
++char *sanitize_path PARAMS ((char *));
+ 
+ int acceptable PARAMS ((const char *));
+ int accdir PARAMS ((const char *s, enum accd));