diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-10-07 17:06:13 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-10-07 17:06:13 +0200 |
commit | 4d8d2fbaf3025337f7feff627282447db82a99d5 (patch) | |
tree | a524009a7ef257b894a6de73fd1e9b340fc735fd /gnu/packages/patches | |
parent | e08902d3cbb307e1523485becbbdaf9aed56ac4a (diff) | |
parent | fa984fa678f98ddc72cc89c6f6dc50ba4aff2487 (diff) | |
download | guix-4d8d2fbaf3025337f7feff627282447db82a99d5.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/aria2-CVE-2019-3500.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/gnu/packages/patches/aria2-CVE-2019-3500.patch b/gnu/packages/patches/aria2-CVE-2019-3500.patch deleted file mode 100644 index 891c9047ba..0000000000 --- a/gnu/packages/patches/aria2-CVE-2019-3500.patch +++ /dev/null @@ -1,55 +0,0 @@ -Fix CVE-2019-3500: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3500 -https://github.com/aria2/aria2/issues/1329 - -Patch copied from upstream source repository: - -https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a - -From 37368130ca7de5491a75fd18a20c5c5cc641824a Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -Date: Sat, 5 Jan 2019 09:32:40 +0900 -Subject: [PATCH] Mask headers - ---- - src/HttpConnection.cc | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/src/HttpConnection.cc b/src/HttpConnection.cc -index 77cb9d27a..be5b97723 100644 ---- a/src/HttpConnection.cc -+++ b/src/HttpConnection.cc -@@ -102,11 +102,17 @@ std::string HttpConnection::eraseConfidentialInfo(const std::string& request) - std::string result; - std::string line; - while (getline(istr, line)) { -- if (util::startsWith(line, "Authorization: Basic")) { -- result += "Authorization: Basic ********\n"; -+ if (util::istartsWith(line, "Authorization: ")) { -+ result += "Authorization: <snip>\n"; - } -- else if (util::startsWith(line, "Proxy-Authorization: Basic")) { -- result += "Proxy-Authorization: Basic ********\n"; -+ else if (util::istartsWith(line, "Proxy-Authorization: ")) { -+ result += "Proxy-Authorization: <snip>\n"; -+ } -+ else if (util::istartsWith(line, "Cookie: ")) { -+ result += "Cookie: <snip>\n"; -+ } -+ else if (util::istartsWith(line, "Set-Cookie: ")) { -+ result += "Set-Cookie: <snip>\n"; - } - else { - result += line; -@@ -154,8 +160,8 @@ std::unique_ptr<HttpResponse> HttpConnection::receiveResponse() - const auto& proc = outstandingHttpRequests_.front()->getHttpHeaderProcessor(); - if (proc->parse(socketRecvBuffer_->getBuffer(), - socketRecvBuffer_->getBufferLength())) { -- A2_LOG_INFO( -- fmt(MSG_RECEIVE_RESPONSE, cuid_, proc->getHeaderString().c_str())); -+ A2_LOG_INFO(fmt(MSG_RECEIVE_RESPONSE, cuid_, -+ eraseConfidentialInfo(proc->getHeaderString()).c_str())); - auto result = proc->getResult(); - if (result->getStatusCode() / 100 == 1) { - socketRecvBuffer_->drain(proc->getLastBytesProcessed()); |