Import tnftp-20141031.vendor/tnftp/20141031

9 files changed, 162 insertions, 88 deletions

diff --git a/ChangeLog b/ChangeLog
index d8586566f413..9a73a1825ddc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,15 @@
-$NetBSD: ChangeLog,v 1.62 2013/05/05 13:53:38 lukem Exp $
+$NetBSD: ChangeLog,v 1.63 2014/10/31 04:13:56 lukem Exp $
+
+
+Fri Oct 31 04:07:38 UTC 2014	lukem
+
+	* Release as "tnftp 20141031".
+
+	* Merge NetBSD usr.bin/ftp from 20130220 to 20141026:
+		- Don't pay attention to special characters if they don't
+		  come from the command line (from jmcneill).
+		  Fixes CVE-2014-8517.
+		- PR/34796: Hauke Fath: ftp does not timeout on http fetches.
 
 Sun May  5 13:51:47 UTC 2013	lukem
 
diff --git a/NEWS b/NEWS
index f6d42c7e274f..108fffedb395 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,14 @@
-$NetBSD: NEWS,v 1.9 2013/05/05 13:53:38 lukem Exp $
+$NetBSD: NEWS,v 1.10 2014/10/31 04:06:54 lukem Exp $
 
-This is tnftp version 20130505.
+This is tnftp version 20141031.
+
+Changes in tnftp from 20130505 to 20141031:
+
+	Ignore special character behaviour in filenames not provided
+	by the user.
+	Fixes CVE-2014-8517.
+
+	Fix timeout on HTTP fetches.
 
 Changes in tnftp from 20100108 to 20130505:
 
diff --git a/THANKS b/THANKS
index a3184ef042fd..6927a4bbf194 100644
--- a/THANKS
+++ b/THANKS
@@ -19,9 +19,11 @@ Douwe Kiela
 Eugene Kotlyarov
 Geoff Wing
 Giles Lean
+Hauke Fath
 Havard Eidnes
 Hubert Feyrer
 ITOH Yasufumi
+Jared McNeill
 Jason R. Thorpe
 John Hawkinson
 Joseph S. Myers
diff --git a/configure b/configure
index 46be18cb1df5..5ebabe7665b9 100755
--- a/configure
+++ b/configure
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.ac Revision: 1.25 .
+# From configure.ac Revision: 1.26 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for tnftp 20130505.
+# Generated by GNU Autoconf 2.69 for tnftp 20141031.
 #
 # Report bugs to <lukem@NetBSD.org>.
 #
@@ -13,7 +13,7 @@
 # gives unlimited permission to copy, distribute and modify it.
 #
 #
-# Copyright (c) 1999-2013 The NetBSD Foundation, Inc.
+# Copyright (c) 1999-2014 The NetBSD Foundation, Inc.
 # All rights reserved.
 #
 ## -------------------- ##
@@ -596,8 +596,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='tnftp'
 PACKAGE_TARNAME='tnftp'
-PACKAGE_VERSION='20130505'
-PACKAGE_STRING='tnftp 20130505'
+PACKAGE_VERSION='20141031'
+PACKAGE_STRING='tnftp 20141031'
 PACKAGE_BUGREPORT='lukem@NetBSD.org'
 PACKAGE_URL=''
 
@@ -1333,7 +1333,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures tnftp 20130505 to adapt to many kinds of systems.
+\`configure' configures tnftp 20141031 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1403,7 +1403,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of tnftp 20130505:";;
+     short | recursive ) echo "Configuration of tnftp 20141031:";;
    esac
   cat <<\_ACEOF
 
@@ -1518,7 +1518,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-tnftp configure 20130505
+tnftp configure 20141031
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1526,7 +1526,7 @@ This configure script is free software; the Free Software Foundation
 gives unlimited permission to copy, distribute and modify it.
 
 
-Copyright (c) 1999-2013 The NetBSD Foundation, Inc.
+Copyright (c) 1999-2014 The NetBSD Foundation, Inc.
 All rights reserved.
 
 _ACEOF
@@ -2103,7 +2103,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by tnftp $as_me 20130505, which was
+It was created by tnftp $as_me 20141031, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3067,7 +3067,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='tnftp'
- VERSION='20130505'
+ VERSION='20141031'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -15274,7 +15274,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by tnftp $as_me 20130505, which was
+This file was extended by tnftp $as_me 20141031, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -15340,7 +15340,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-tnftp config.status 20130505
+tnftp config.status 20141031
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index a96d2abedbe6..6c30f7595a96 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,15 +1,15 @@
-#       $NetBSD: configure.ac,v 1.25 2013/05/05 13:50:50 lukem Exp $
+#       $NetBSD: configure.ac,v 1.26 2014/10/31 04:03:54 lukem Exp $
 #
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([tnftp], [20130505], [lukem@NetBSD.org])
+AC_INIT([tnftp], [20141031], [lukem@NetBSD.org])
 AC_PREREQ([2.69])
 
 AC_COPYRIGHT([
-Copyright (c) 1999-2013 The NetBSD Foundation, Inc.
+Copyright (c) 1999-2014 The NetBSD Foundation, Inc.
 All rights reserved.
 ])
-AC_REVISION([$Revision: 1.25 $])
+AC_REVISION([$Revision: 1.26 $])
 
 AS_SHELL_SANITIZE()
 
diff --git a/libnetbsd/glob.c b/libnetbsd/glob.c
index eeb49f29275a..8df8cd734922 100644
--- a/libnetbsd/glob.c
+++ b/libnetbsd/glob.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: glob.c,v 1.11 2013/05/05 13:20:16 lukem Exp $	*/
+/*	$NetBSD: glob.c,v 1.12 2014/05/05 00:20:45 lukem Exp $	*/
 /*	from: NetBSD: glob.c,v 1.34 2013/02/21 18:17:43 christos Exp	*/
 
 /*
@@ -176,8 +176,8 @@ static void	 qprintf(const char *, Char *);
 #endif
 
 int
-glob(const char * __restrict pattern, int flags, int (*errfunc)(const char *,
-    int), glob_t * __restrict pglob)
+glob(const char * pattern, int flags, int (*errfunc)(const char *,
+    int), glob_t * pglob)
 {
 	const unsigned char *patnext;
 	int c;
diff --git a/src/fetch.c b/src/fetch.c
index e9589e044ed1..6981f77fff86 100644
--- a/src/fetch.c
+++ b/src/fetch.c
@@ -1,5 +1,5 @@
-/*	$NetBSD: fetch.c,v 1.19 2013/05/05 11:17:30 lukem Exp $	*/
-/*	from	NetBSD: fetch.c,v 1.202 2013/02/23 13:47:36 christos Exp	*/
+/*	$NetBSD: fetch.c,v 1.20 2014/10/31 03:37:59 lukem Exp $	*/
+/*	from	NetBSD: fetch.c,v 1.206 2014/10/26 16:21:59 christos Exp	*/
 
 /*-
  * Copyright (c) 1997-2009 The NetBSD Foundation, Inc.
@@ -39,7 +39,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID(" NetBSD: fetch.c,v 1.202 2013/02/23 13:47:36 christos Exp  ");
+__RCSID(" NetBSD: fetch.c,v 1.206 2014/10/26 16:21:59 christos Exp  ");
 #endif /* not lint */
 
 /*
@@ -87,6 +87,7 @@ typedef enum {
 } url_t;
 
 __dead static void	aborthttp(int);
+__dead static void	timeouthttp(int);
 #ifndef NO_AUTH
 static int	auth_url(const char *, char **, const char *, const char *);
 static void	base64_encode(const unsigned char *, size_t, unsigned char *);
@@ -499,8 +500,10 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 {
 	struct addrinfo		hints, *res, *res0 = NULL;
 	int			error;
-	sigfunc volatile	oldintr;
-	sigfunc volatile	oldintp;
+	sigfunc volatile	oldint;
+	sigfunc volatile	oldpipe;
+	sigfunc volatile	oldalrm;
+	sigfunc volatile	oldquit;
 	int volatile		s;
 	struct stat		sb;
 	int volatile		ischunked;
@@ -526,6 +529,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	int			(*volatile closefunc)(FILE *);
 	FETCH			*volatile fin;
 	FILE			*volatile fout;
+	const char		*volatile penv = proxyenv;
 	time_t			mtime;
 	url_t			urltype;
 	in_port_t		portnum;
@@ -533,9 +537,9 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	void			*ssl;
 #endif
 
-	DPRINTF("fetch_url: `%s' proxyenv `%s'\n", url, STRorNULL(proxyenv));
+	DPRINTF("%s: `%s' proxyenv `%s'\n", __func__, url, STRorNULL(penv));
 
-	oldintr = oldintp = NULL;
+	oldquit = oldalrm = oldint = oldpipe = NULL;
 	closefunc = NULL;
 	fin = NULL;
 	fout = NULL;
@@ -546,6 +550,9 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	rval = 1;
 	uuser = pass = host = path = decodedpath = puser = ppass = NULL;
 
+	if (sigsetjmp(httpabort, 1))
+		goto cleanup_fetch_url;
+
 	if (parse_url(url, "URL", &urltype, &uuser, &pass, &host, &port,
 	    &portnum, &path) == -1)
 		goto cleanup_fetch_url;
@@ -571,7 +578,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	url_decode(decodedpath);
 
 	if (outfile)
-		savefile = ftp_strdup(outfile);
+		savefile = outfile;
 	else {
 		cp = strrchr(decodedpath, '/');		/* find savefile */
 		if (cp != NULL)
@@ -579,7 +586,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		else
 			savefile = ftp_strdup(decodedpath);
 	}
-	DPRINTF("fetch_url: savefile `%s'\n", savefile);
+	DPRINTF("%s: savefile `%s'\n", __func__, savefile);
 	if (EMPTYSTRING(savefile)) {
 		if (urltype == FTP_URL_T) {
 			rval = fetch_ftp(url);
@@ -595,8 +602,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	rangestart = rangeend = entitylen = -1;
 	mtime = -1;
 	if (restartautofetch) {
-		if (strcmp(savefile, "-") != 0 && *savefile != '|' &&
-		    stat(savefile, &sb) == 0)
+		if (stat(savefile, &sb) == 0)
 			restart_point = sb.st_size;
 	}
 	if (urltype == FILE_URL_T) {		/* file:// URLs */
@@ -631,18 +637,18 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		const char *leading;
 		int hasleading;
 
-		if (proxyenv == NULL) {
+		if (penv == NULL) {
 #ifdef WITH_SSL
 			if (urltype == HTTPS_URL_T)
-				proxyenv = getoptionvalue("https_proxy");
+				penv = getoptionvalue("https_proxy");
 #endif
-			if (proxyenv == NULL && IS_HTTP_TYPE(urltype))
-				proxyenv = getoptionvalue("http_proxy");
+			if (penv == NULL && IS_HTTP_TYPE(urltype))
+				penv = getoptionvalue("http_proxy");
 			else if (urltype == FTP_URL_T)
-				proxyenv = getoptionvalue("ftp_proxy");
+				penv = getoptionvalue("ftp_proxy");
 		}
 		direction = "retrieved";
-		if (! EMPTYSTRING(proxyenv)) {			/* use proxy */
+		if (! EMPTYSTRING(penv)) {			/* use proxy */
 			url_t purltype;
 			char *phost, *ppath;
 			char *pport, *no_proxy;
@@ -689,10 +695,10 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 			if (isproxy) {
 				if (restart_point) {
 					warnx("Can't restart via proxy URL `%s'",
-					    proxyenv);
+					    penv);
 					goto cleanup_fetch_url;
 				}
-				if (parse_url(proxyenv, "proxy URL", &purltype,
+				if (parse_url(penv, "proxy URL", &purltype,
 				    &puser, &ppass, &phost, &pport, &pportnum,
 				    &ppath) == -1)
 					goto cleanup_fetch_url;
@@ -702,8 +708,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				    EMPTYSTRING(phost) ||
 				    (! EMPTYSTRING(ppath)
 				     && strcmp(ppath, "/") != 0)) {
-					warnx("Malformed proxy URL `%s'",
-					    proxyenv);
+					warnx("Malformed proxy URL `%s'", penv);
 					FREEPTR(phost);
 					FREEPTR(pport);
 					FREEPTR(ppath);
@@ -729,7 +734,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				FREEPTR(ppath);
 				urltype = purltype;
 			}
-		} /* ! EMPTYSTRING(proxyenv) */
+		} /* ! EMPTYSTRING(penv) */
 
 		memset(&hints, 0, sizeof(hints));
 		hints.ai_flags = 0;
@@ -801,9 +806,13 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 			goto cleanup_fetch_url;
 		}
 
+		oldalrm = xsignal(SIGALRM, timeouthttp);
+		alarmtimer(quit_time ? quit_time : 60);
 		fin = fetch_fdopen(s, "r+");
 		fetch_set_ssl(fin, ssl);
+		alarmtimer(0);
 
+		alarmtimer(quit_time ? quit_time : 60);
 		/*
 		 * Construct and send the request.
 		 */
@@ -890,11 +899,15 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		fetch_printf(fin, "\r\n");
 		if (fetch_flush(fin) == EOF) {
 			warn("Writing HTTP request");
+			alarmtimer(0);
 			goto cleanup_fetch_url;
 		}
+		alarmtimer(0);
 
 				/* Read the response */
+		alarmtimer(quit_time ? quit_time : 60);
 		len = fetch_getline(fin, buf, sizeof(buf), &errormsg);
+		alarmtimer(0);
 		if (len < 0) {
 			if (*errormsg == '\n')
 				errormsg++;
@@ -903,7 +916,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		}
 		while (len > 0 && (ISLWS(buf[len-1])))
 			buf[--len] = '\0';
-		DPRINTF("fetch_url: received `%s'\n", buf);
+		DPRINTF("%s: received `%s'\n", __func__, buf);
 
 				/* Determine HTTP response code */
 		cp = strchr(buf, ' ');
@@ -918,7 +931,9 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 
 				/* Read the rest of the header. */
 		while (1) {
+			alarmtimer(quit_time ? quit_time : 60);
 			len = fetch_getline(fin, buf, sizeof(buf), &errormsg);
+			alarmtimer(0);
 			if (len < 0) {
 				if (*errormsg == '\n')
 					errormsg++;
@@ -929,7 +944,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				buf[--len] = '\0';
 			if (len == 0)
 				break;
-			DPRINTF("fetch_url: received `%s'\n", buf);
+			DPRINTF("%s: received `%s'\n", __func__, buf);
 
 		/*
 		 * Look for some headers
@@ -941,8 +956,8 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				filesize = STRTOLL(cp, &ep, 10);
 				if (filesize < 0 || *ep != '\0')
 					goto improper;
-				DPRINTF("fetch_url: parsed len as: " LLF "\n",
-				    (LLT)filesize);
+				DPRINTF("%s: parsed len as: " LLF "\n",
+				    __func__, (LLT)filesize);
 
 			} else if (match_token(&cp, "Content-Range:")) {
 				if (! match_token(&cp, "bytes"))
@@ -1013,8 +1028,8 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 
 			} else if (match_token(&cp, "Location:")) {
 				location = ftp_strdup(cp);
-				DPRINTF("fetch_url: parsed location as `%s'\n",
-				    cp);
+				DPRINTF("%s: parsed location as `%s'\n",
+				    __func__, cp);
 
 			} else if (match_token(&cp, "Transfer-Encoding:")) {
 				if (match_token(&cp, "binary")) {
@@ -1029,19 +1044,20 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 					goto cleanup_fetch_url;
 				}
 				ischunked++;
-				DPRINTF("fetch_url: using chunked encoding\n");
+				DPRINTF("%s: using chunked encoding\n",
+				    __func__);
 
 			} else if (match_token(&cp, "Proxy-Authenticate:")
 				|| match_token(&cp, "WWW-Authenticate:")) {
 				if (! (token = match_token(&cp, "Basic"))) {
-					DPRINTF(
-			"fetch_url: skipping unknown auth scheme `%s'\n",
-						    token);
+					DPRINTF("%s: skipping unknown auth "
+					    "scheme `%s'\n", __func__, token);
 					continue;
 				}
 				FREEPTR(auth);
 				auth = ftp_strdup(token);
-				DPRINTF("fetch_url: parsed auth as `%s'\n", cp);
+				DPRINTF("%s: parsed auth as `%s'\n",
+				    __func__, cp);
 			}
 
 		}
@@ -1123,7 +1139,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				apass = NULL;
 			}
 			if (auth_url(auth, authp, auser, apass) == 0) {
-				rval = fetch_url(url, proxyenv,
+				rval = fetch_url(url, penv,
 				    proxyauth, wwwauth);
 				memset(*authp, 0, strlen(*authp));
 				FREEPTR(*authp);
@@ -1140,18 +1156,26 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		}
 	}		/* end of ftp:// or http:// specific setup */
 
-			/* Open the output file. */
-	if (strcmp(savefile, "-") == 0) {
-		fout = stdout;
-	} else if (*savefile == '|') {
-		oldintp = xsignal(SIGPIPE, SIG_IGN);
-		fout = popen(savefile + 1, "w");
-		if (fout == NULL) {
-			warn("Can't execute `%s'", savefile + 1);
-			goto cleanup_fetch_url;
+	/* Open the output file. */
+
+	/*
+	 * Only trust filenames with special meaning if they came from
+	 * the command line
+	 */
+	if (outfile == savefile) {
+		if (strcmp(savefile, "-") == 0) {
+			fout = stdout;
+		} else if (*savefile == '|') {
+			oldpipe = xsignal(SIGPIPE, SIG_IGN);
+			fout = popen(savefile + 1, "w");
+			if (fout == NULL) {
+				warn("Can't execute `%s'", savefile + 1);
+				goto cleanup_fetch_url;
+			}
+			closefunc = pclose;
 		}
-		closefunc = pclose;
-	} else {
+	}
+	if (fout == NULL) {
 		if ((rangeend != -1 && rangeend <= restart_point) ||
 		    (rangestart == -1 && filesize != -1 && filesize <= restart_point)) {
 			/* already done */
@@ -1180,10 +1204,8 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	}
 
 			/* Trap signals */
-	if (sigsetjmp(httpabort, 1))
-		goto cleanup_fetch_url;
-	(void)xsignal(SIGQUIT, psummary);
-	oldintr = xsignal(SIGINT, aborthttp);
+	oldquit = xsignal(SIGQUIT, psummary);
+	oldint = xsignal(SIGINT, aborthttp);
 
 	assert(rcvbuf_size > 0);
 	if ((size_t)rcvbuf_size > bufsize) {
@@ -1195,6 +1217,10 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 
 	bytes = 0;
 	hashbytes = mark;
+	if (oldalrm) {
+		(void)xsignal(SIGALRM, oldalrm);
+		oldalrm = NULL;
+	}
 	progressmeter(-1);
 
 			/* Finally, suck down the file. */
@@ -1241,7 +1267,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 				warnx("Unexpected data following chunk-size");
 				goto cleanup_fetch_url;
 			}
-			DPRINTF("fetch_url: got chunk-size of " LLF "\n",
+			DPRINTF("%s: got chunk-size of " LLF "\n", __func__,
 			    (LLT)chunksize);
 			if (chunksize == 0) {
 				lastchunk = 1;
@@ -1251,7 +1277,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 					/* transfer file or chunk */
 		while (1) {
 			struct timeval then, now, td;
-			off_t bufrem;
+			volatile off_t bufrem;
 
 			if (rate_get)
 				(void)gettimeofday(&then, NULL);
@@ -1299,6 +1325,7 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
  chunkdone:
 		if (ischunked) {
 			if (fetch_getln(xferbuf, bufsize, fin) == NULL) {
+				alarmtimer(0);
 				warnx("Unexpected EOF reading chunk CRLF");
 				goto cleanup_fetch_url;
 			}
@@ -1350,10 +1377,14 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 	warnx("Improper response from `%s:%s'", host, port);
 
  cleanup_fetch_url:
-	if (oldintr)
-		(void)xsignal(SIGINT, oldintr);
-	if (oldintp)
-		(void)xsignal(SIGPIPE, oldintp);
+	if (oldint)
+		(void)xsignal(SIGINT, oldint);
+	if (oldpipe)
+		(void)xsignal(SIGPIPE, oldpipe);
+	if (oldalrm)
+		(void)xsignal(SIGALRM, oldalrm);
+	if (oldquit)
+		(void)xsignal(SIGQUIT, oldpipe);
 	if (fin != NULL)
 		fetch_close(fin);
 	else if (s != -1)
@@ -1362,7 +1393,8 @@ fetch_url(const char *url, const char *proxyenv, char *proxyauth, char *wwwauth)
 		(*closefunc)(fout);
 	if (res0)
 		freeaddrinfo(res0);
-	FREEPTR(savefile);
+	if (savefile != outfile)
+		FREEPTR(savefile);
 	FREEPTR(uuser);
 	if (pass != NULL)
 		memset(pass, 0, strlen(pass));
@@ -1388,12 +1420,32 @@ static void
 aborthttp(int notused)
 {
 	char msgbuf[100];
-	size_t len;
+	int len;
 
 	sigint_raised = 1;
 	alarmtimer(0);
-	len = strlcpy(msgbuf, "\nHTTP fetch aborted.\n", sizeof(msgbuf));
-	write(fileno(ttyout), msgbuf, len);
+	if (fromatty) {
+		len = snprintf(msgbuf, sizeof(msgbuf),
+		    "\n%s: HTTP fetch aborted.\n", getprogname());
+		if (len > 0)
+			write(fileno(ttyout), msgbuf, len);
+	}
+	siglongjmp(httpabort, 1);
+}
+
+static void
+timeouthttp(int notused)
+{
+	char msgbuf[100];
+	int len;
+
+	alarmtimer(0);
+	if (fromatty) {
+		len = snprintf(msgbuf, sizeof(msgbuf),
+		    "\n%s: HTTP fetch timeout.\n", getprogname());
+		if (len > 0)
+			write(fileno(ttyout), msgbuf, len);
+	}
 	siglongjmp(httpabort, 1);
 }
 
diff --git a/src/ssl.h b/src/ssl.h
index 8e4f25082813..217fcdf512c1 100644
--- a/src/ssl.h
+++ b/src/ssl.h
@@ -1,5 +1,5 @@
-/*	$NetBSD: ssl.h,v 1.1.1.1 2013/05/05 10:40:57 lukem Exp $	*/
-/*	from	NetBSD: ssl.h,v 1.1 2012/12/21 18:07:36 christos Exp	*/
+/*	$NetBSD: ssl.h,v 1.2 2014/10/31 03:57:14 lukem Exp $	*/
+/*	from	NetBSD: ssl.h,v 1.2 2014/01/07 02:07:08 joerg Exp	*/
 
 /*-
  * Copyright (c) 2012 The NetBSD Foundation, Inc.
@@ -31,7 +31,8 @@
 #define FETCH struct fetch_connect
 struct fetch_connect;
 
-int fetch_printf(struct fetch_connect *, const char *fmt, ...);
+int fetch_printf(struct fetch_connect *, const char *fmt, ...)
+    ;
 int fetch_fileno(struct fetch_connect *);
 int fetch_error(struct fetch_connect *);
 int fetch_flush(struct fetch_connect *);
diff --git a/src/version.h b/src/version.h
index 6ae9f3f81f79..f5ad9721c387 100644
--- a/src/version.h
+++ b/src/version.h
@@ -1,5 +1,5 @@
-/*	$NetBSD: version.h,v 1.5 2013/05/05 11:17:31 lukem Exp $	*/
-/*	from	NetBSD: version.h,v 1.84 2013/05/05 10:40:19 lukem Exp	*/
+/*	$NetBSD: version.h,v 1.6 2014/10/31 03:37:59 lukem Exp $	*/
+/*	from	NetBSD: version.h,v 1.85 2014/10/31 03:27:18 lukem Exp	*/
 
 /*-
  * Copyright (c) 1999-2009 The NetBSD Foundation, Inc.
@@ -35,5 +35,5 @@
 #endif
 
 #ifndef FTP_VERSION
-#define	FTP_VERSION	"20130220"
+#define	FTP_VERSION	"20141026"
 #endif