commit: 298df7497c26df3488d86cf663f3fde7924d333b Author: callmetango <callmetango <AT> users <DOT> noreply <DOT> github <DOT> com> AuthorDate: Fri May 17 20:09:34 2019 +0000 Commit: Stefan Strogin <steils <AT> gentoo <DOT> org> CommitDate: Sun May 19 02:22:19 2019 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=298df749
net-misc/aria2: revbump to 1.34.0-r1 to sync with gentoo.git Reported-by: callmetango <callmetango <AT> users.noreply.github.com> Closes: https://github.com/gentoo/libressl/pull/295 Signed-off-by: Stefan Strogin <steils <AT> gentoo.org> ...{aria2-1.34.0.ebuild => aria2-1.34.0-r1.ebuild} | 8 ++-- .../aria2/files/aria2-1.34.0-mask-headers.patch | 46 ++++++++++++++++++++++ net-misc/aria2/metadata.xml | 1 - 3 files changed, 51 insertions(+), 4 deletions(-) diff --git a/net-misc/aria2/aria2-1.34.0.ebuild b/net-misc/aria2/aria2-1.34.0-r1.ebuild similarity index 95% rename from net-misc/aria2/aria2-1.34.0.ebuild rename to net-misc/aria2/aria2-1.34.0-r1.ebuild index 59c5d62..ceac9fc 100644 --- a/net-misc/aria2/aria2-1.34.0.ebuild +++ b/net-misc/aria2/aria2-1.34.0-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -10,7 +10,7 @@ HOMEPAGE="https://aria2.github.io/"; SRC_URI="https://github.com/aria2/${PN}/releases/download/release-${PV}/${P}.tar.xz"; LICENSE="GPL-2" -KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux" +KEYWORDS="amd64 ~arm ~ppc ~ppc64 ~sparc x86 ~amd64-linux ~x86-linux" SLOT="0" IUSE="adns bittorrent +gnutls jemalloc libressl libuv +libxml2 metalink +nettle nls sqlite scripts ssh ssl tcmalloc test xmlrpc" @@ -65,8 +65,10 @@ pkg_setup() { } src_prepare() { - eapply "${FILESDIR}"/aria2-libressl.patch eapply "${FILESDIR}"/${P}-make_unique.patch + # https://bugs.gentoo.org/674622 (CVE-2019-3500) + eapply "${FILESDIR}"/${P}-mask-headers.patch + eapply "${FILESDIR}"/aria2-libressl.patch default sed -i -e "s|/tmp|${T}|" test/*.cc test/*.txt || die "sed failed" } diff --git a/net-misc/aria2/files/aria2-1.34.0-mask-headers.patch b/net-misc/aria2/files/aria2-1.34.0-mask-headers.patch new file mode 100644 index 0000000..694681d --- /dev/null +++ b/net-misc/aria2/files/aria2-1.34.0-mask-headers.patch @@ -0,0 +1,46 @@ +From 37368130ca7de5491a75fd18a20c5c5cc641824a Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa <tatsuhir...@gmail.com> +Date: Sat, 5 Jan 2019 09:32:40 +0900 +Subject: [PATCH] Mask headers + +--- + src/HttpConnection.cc | 18 ++++++++++++------ + 1 file changed, 12 insertions(+), 6 deletions(-) + +diff --git a/src/HttpConnection.cc b/src/HttpConnection.cc +index 77cb9d27a..be5b97723 100644 +--- a/src/HttpConnection.cc ++++ b/src/HttpConnection.cc +@@ -102,11 +102,17 @@ std::string HttpConnection::eraseConfidentialInfo(const std::string& request) + std::string result; + std::string line; + while (getline(istr, line)) { +- if (util::startsWith(line, "Authorization: Basic")) { +- result += "Authorization: Basic ********\n"; ++ if (util::istartsWith(line, "Authorization: ")) { ++ result += "Authorization: <snip>\n"; + } +- else if (util::startsWith(line, "Proxy-Authorization: Basic")) { +- result += "Proxy-Authorization: Basic ********\n"; ++ else if (util::istartsWith(line, "Proxy-Authorization: ")) { ++ result += "Proxy-Authorization: <snip>\n"; ++ } ++ else if (util::istartsWith(line, "Cookie: ")) { ++ result += "Cookie: <snip>\n"; ++ } ++ else if (util::istartsWith(line, "Set-Cookie: ")) { ++ result += "Set-Cookie: <snip>\n"; + } + else { + result += line; +@@ -154,8 +160,8 @@ std::unique_ptr<HttpResponse> HttpConnection::receiveResponse() + const auto& proc = outstandingHttpRequests_.front()->getHttpHeaderProcessor(); + if (proc->parse(socketRecvBuffer_->getBuffer(), + socketRecvBuffer_->getBufferLength())) { +- A2_LOG_INFO( +- fmt(MSG_RECEIVE_RESPONSE, cuid_, proc->getHeaderString().c_str())); ++ A2_LOG_INFO(fmt(MSG_RECEIVE_RESPONSE, cuid_, ++ eraseConfidentialInfo(proc->getHeaderString()).c_str())); + auto result = proc->getResult(); + if (result->getStatusCode() / 100 == 1) { + socketRecvBuffer_->drain(proc->getLastBytesProcessed()); diff --git a/net-misc/aria2/metadata.xml b/net-misc/aria2/metadata.xml index 18fb229..e5e58f4 100644 --- a/net-misc/aria2/metadata.xml +++ b/net-misc/aria2/metadata.xml @@ -11,7 +11,6 @@ </maintainer> <use> <flag name="bittorrent">Enable support for the bittorrent protocol.</flag> - <flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> to replace the malloc() implementation with a possibly faster one</flag> <flag name="libuv">Use <pkg>dev-libs/libuv</pkg> backend.</flag> <flag name="libxml2">Use <pkg>dev-libs/libxml2</pkg> for XML parsing (preferred) instead of <pkg>dev-libs/expat</pkg>.</flag> <flag name="nettle">Use <pkg>dev-libs/nettle</pkg> and <pkg>dev-libs/gmp</pkg> for bittorrent/metalink crypto instead of <pkg>dev-libs/libgcrypt</pkg> (when <pkg>dev-libs/openssl</pkg> is not being used).</flag>
