untrusted comment: verify with openbsd-65-base.pub
RWSZaRmt1LEQT+WUe/2bgbwGu+LLYB9gllvjJyEo/ACKmEjureeDovJLhY1hmh8acP5Bmjde32MfmQnak3vWmLsWpN7gmxVVdQY=

OpenBSD 6.5 errata 026, December 20, 2019:

ftp(1) will follow remote redirects to local files.

Apply by doing:
   signify -Vep /etc/signify/openbsd-65-base.pub -x 026_ftp.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install ftp:
   cd /usr/src/usr.bin/ftp
   make obj
   make
   make install

Index: usr.bin/ftp/fetch.c
===================================================================
RCS file: /cvs/src/usr.bin/ftp/fetch.c,v
diff -u -p -u -r1.167 fetch.c
--- usr.bin/ftp/fetch.c 10 Feb 2018 06:25:16 -0000      1.167
+++ usr.bin/ftp/fetch.c 19 Dec 2019 00:08:51 -0000
@@ -241,6 +241,9 @@ url_get(const char *origline, const char
       } else
               errx(1, "url_get: Invalid URL '%s'", newline);

+       if (isfileurl && redirect_loop > 0)
+               errx(1, "Redirection to local file not permitted");
+
       if (isfileurl) {
               path = host;
       } else {

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.