@@ -82,8 +82,14 @@ sub download_cmd($) {
}
return $have_curl
- ? (qw(curl -f --connect-timeout 20 --retry 5 --location), $check_certificate ? '' : '--insecure', shellwords($ENV{CURL_OPTIONS} || ''), $url)
- : (qw(wget --tries=5 --timeout=20 --output-document=-), $check_certificate ? '' : '--no-check-certificate', shellwords($ENV{WGET_OPTIONS} || ''), $url)
+ ? (qw(curl -f --connect-timeout 20 --retry 5 --location),
+ shellwords($check_certificate ? '' : '--insecure'),
+ shellwords($ENV{CURL_OPTIONS} || ''),
+ $url)
+ : (qw(wget --tries=5 --timeout=20 --output-document=-),
+ shellwords($check_certificate ? '' : '--no-check-certificate'),
+ shellwords($ENV{WGET_OPTIONS} || ''),
+ $url)
;
}
Several users of wget for downloads (curl is not available in the system) have reported broken download functionality: wget --tries=5 --timeout=20 --output-document=- https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.142.tar.xz http://: Invalid host name. Fix it by properly handling of shell arguments with shellwords(). Fixes: #10692 Fixes: 90c6e3aedf16 ("scripts: always check certificates") Signed-off-by: Petr Štetiar <ynezz@true.cz> --- scripts/download.pl | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)