diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2019-10-07 11:18:45 +0300 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2019-10-07 11:37:21 +0300 |
commit | 7b6a8e23b0de18262a42e44432f955517d71d796 (patch) | |
tree | fd970bff2fa436e9e434a6b36e3a7166d967b163 /gnu/packages/patches/aria2-CVE-2019-3500.patch | |
parent | d3e22bcc1141cd33dde7017f51058f18d428917c (diff) | |
download | guix-7b6a8e23b0de18262a42e44432f955517d71d796.tar.gz |
gnu: aria2: Update to 1.35.0.
* gnu/packages/bittorrent.scm (aria2): Update to 1.35.0. [source]: Use new upstream uri. Remove patch. * gnu/packages/patches/aria2-CVE-2019-3500.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it.
Diffstat (limited to 'gnu/packages/patches/aria2-CVE-2019-3500.patch')
-rw-r--r-- | gnu/packages/patches/aria2-CVE-2019-3500.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/gnu/packages/patches/aria2-CVE-2019-3500.patch b/gnu/packages/patches/aria2-CVE-2019-3500.patch deleted file mode 100644 index 891c9047ba..0000000000 --- a/gnu/packages/patches/aria2-CVE-2019-3500.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2019-3500: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3500 -https://github.com/aria2/aria2/issues/1329 - -Patch copied from upstream source repository: - -https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a - -From 37368130ca7de5491a75fd18a20c5c5cc641824a Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -Date: Sat, 5 Jan 2019 09:32:40 +0900 -Subject: [PATCH] Mask headers - ---- - src/HttpConnection.cc | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/src/HttpConnection.cc b/src/HttpConnection.cc -index 77cb9d27a..be5b97723 100644 ---- a/src/HttpConnection.cc -+++ b/src/HttpConnection.cc -@@ -102,11 +102,17 @@ std::string HttpConnection::eraseConfidentialInfo(const std::string& request) - std::string result; - std::string line; - while (getline(istr, line)) { -- if (util::startsWith(line, "Authorization: Basic")) { -- result += "Authorization: Basic ********\n"; -+ if (util::istartsWith(line, "Authorization: ")) { -+ result += "Authorization: <snip>\n"; - } -- else if (util::startsWith(line, "Proxy-Authorization: Basic")) { -- result += "Proxy-Authorization: Basic ********\n"; -+ else if (util::istartsWith(line, "Proxy-Authorization: ")) { -+ result += "Proxy-Authorization: <snip>\n"; -+ } -+ else if (util::istartsWith(line, "Cookie: ")) { -+ result += "Cookie: <snip>\n"; -+ } -+ else if (util::istartsWith(line, "Set-Cookie: ")) { -+ result += "Set-Cookie: <snip>\n"; - } - else { - result += line; -@@ -154,8 +160,8 @@ std::unique_ptr<HttpResponse> HttpConnection::receiveResponse() - const auto& proc = outstandingHttpRequests_.front()->getHttpHeaderProcessor(); - if (proc->parse(socketRecvBuffer_->getBuffer(), - socketRecvBuffer_->getBufferLength())) { -- A2_LOG_INFO( -- fmt(MSG_RECEIVE_RESPONSE, cuid_, proc->getHeaderString().c_str())); -+ A2_LOG_INFO(fmt(MSG_RECEIVE_RESPONSE, cuid_, -+ eraseConfidentialInfo(proc->getHeaderString()).c_str())); - auto result = proc->getResult(); - if (result->getStatusCode() / 100 == 1) { - socketRecvBuffer_->drain(proc->getLastBytesProcessed()); |