patch wget to prevent debug output from printing binary request bodies (#10486)

wget using openssl for tls (which we compile with), with --debug turned on prints the body of ocsp requests (if --ocsp is specified; it's off by default) to stderr even though it's the body is binary.

This change patches wget with the proposed fix for upstream issue.

Author: tobiasb-ms

SPECS/wget/set-debug_skip_body-for-OCSP-requests-in-openssl-tls-provider.patch

@@ -0,0 +1,66 @@
+From 3359e3e182a24722d601dfa5e4652143817ef24f Mon Sep 17 00:00:00 2001
+From: "Tobias Brick (he/him)" <tobiasb@microsoft.com>
+Date: Mon, 16 Sep 2024 15:34:19 +0000
+Subject: [PATCH] set debug_skip_body for OCSP requests in openssl tls provider
+
+---
+ include/wget/wget.h      | 1 +
+ libwget/http_highlevel.c | 6 ++++++
+ libwget/ssl_openssl.c    | 1 +
+ 3 files changed, 8 insertions(+)
+
+diff --git a/include/wget/wget.h b/include/wget/wget.h
+index 62ec38364..2dfe56968 100644
+--- a/include/wget/wget.h
++++ b/include/wget/wget.h
+@@ -250,6 +250,7 @@ WGET_BEGIN_DECLS
+ #define WGET_HTTP_BODY_SAVEAS           2018
+ #define WGET_HTTP_USER_DATA             2019
+ #define WGET_HTTP_RESPONSE_IGNORELENGTH 2020
++#define WGET_HTTP_DEBUG_SKIP_BODY       2021
+ 
+ // definition of error conditions
+ typedef enum {
+diff --git a/libwget/http_highlevel.c b/libwget/http_highlevel.c
+index 14c5bea72..3971f8ed0 100644
+--- a/libwget/http_highlevel.c
++++ b/libwget/http_highlevel.c
+@@ -83,6 +83,7 @@ wget_http_response *wget_http_get(int first_key, ...)
+ 	size_t bodylen = 0;
+ 	const void *body = NULL;
+ 	void *header_user_data = NULL, *body_user_data = NULL;
++	bool debug_skip_body = 0;
+ 
+ 	struct {
+ 		bool
+@@ -157,6 +158,9 @@ wget_http_response *wget_http_get(int first_key, ...)
+ 			body = va_arg(args, const void *);
+ 			bodylen = va_arg(args, size_t);
+ 			break;
++		case WGET_HTTP_DEBUG_SKIP_BODY:
++			debug_skip_body = 1;
++			break;
+ 		default:
+ 			error_printf(_("Unknown option %d\n"), key);
+ 			va_end(args);
+@@ -239,6 +243,8 @@ wget_http_response *wget_http_get(int first_key, ...)
+ 			if (body && bodylen)
+ 				wget_http_request_set_body(req, NULL, wget_memdup(body, bodylen), bodylen);
+ 
++			req->debug_skip_body = debug_skip_body;
++
+ 			rc = wget_http_send_request(conn, req);
+ 
+ 			if (rc == 0) {
+diff --git a/libwget/ssl_openssl.c b/libwget/ssl_openssl.c
+index 6cac6ecb0..7a52792d8 100644
+--- a/libwget/ssl_openssl.c
++++ b/libwget/ssl_openssl.c
+@@ -762,6 +762,7 @@ static OCSP_REQUEST *send_ocsp_request(const char *uri,
+ 		WGET_HTTP_HEADER_ADD, "Content-Type", "application/ocsp-request",
+ 		WGET_HTTP_MAX_REDIRECTIONS, 5,
+ 		WGET_HTTP_BODY, ocspreq_bytes, ocspreq_bytes_len,
++		WGET_HTTP_DEBUG_SKIP_BODY,
+ 		0);
+ 
+ 	OPENSSL_free(ocspreq_bytes);

SPECS/wget/wget.spec

@@ -3,7 +3,7 @@
 Summary:        An advanced file and recursive website downloader
 Name:           wget
 Version:        2.1.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPL-3.0-or-later AND LGPL-3.0-or-later AND GFDL-1.3-or-later
 URL:            https://gitlab.com/gnuwget/wget2
 Group:          System Environment/NetworkingPrograms
@@ -29,6 +29,8 @@ Patch0005:      0005-Accept-progress-dot-.-for-backwards-compatibility.patch
 Patch0006:      0006-Disable-TCP-Fast-Open-by-default.patch
 # https://github.com/rockdaboot/wget2/issues/342
 Patch0007:      fix-ssl-read-and-write-error-check.patch
+# https://github.com/rockdaboot/wget2/issues/344
+Patch0008:      set-debug_skip_body-for-OCSP-requests-in-openssl-tls-provider.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -155,6 +157,9 @@ echo ".so man1/%{name}.1" > %{buildroot}%{_mandir}/man1/wget.1
 %{_mandir}/man3/libwget*.3*
 
 %changelog
+* Wed Sep 18 2024 Tobias Brick <tobiasb@microsoft.com> - 2.1.0-4
+- Add patch to prevent debug output from printing binary request bodies.
+
 * Fri Sep 13 2024 Tobias Brick <tobiasb@microsoft.com> - 2.1.0-3
 - Add patch to fix SSL read and write error check.