Merge branch 'master' into staging

4 files changed, 107 insertions, 1 deletions

diff --git a/gnu/packages/patches/aria2-CVE-2019-3500.patch b/gnu/packages/patches/aria2-CVE-2019-3500.patch
new file mode 100644
index 0000000000..891c9047ba
--- /dev/null
+++ b/gnu/packages/patches/aria2-CVE-2019-3500.patch
@@ -0,0 +1,55 @@
+Fix CVE-2019-3500:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3500
+https://github.com/aria2/aria2/issues/1329
+
+Patch copied from upstream source repository:
+
+https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
+
+From 37368130ca7de5491a75fd18a20c5c5cc641824a Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Sat, 5 Jan 2019 09:32:40 +0900
+Subject: [PATCH] Mask headers
+
+---
+ src/HttpConnection.cc | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/src/HttpConnection.cc b/src/HttpConnection.cc
+index 77cb9d27a..be5b97723 100644
+--- a/src/HttpConnection.cc
++++ b/src/HttpConnection.cc
+@@ -102,11 +102,17 @@ std::string HttpConnection::eraseConfidentialInfo(const std::string& request)
+   std::string result;
+   std::string line;
+   while (getline(istr, line)) {
+-    if (util::startsWith(line, "Authorization: Basic")) {
+-      result += "Authorization: Basic ********\n";
++    if (util::istartsWith(line, "Authorization: ")) {
++      result += "Authorization: <snip>\n";
+     }
+-    else if (util::startsWith(line, "Proxy-Authorization: Basic")) {
+-      result += "Proxy-Authorization: Basic ********\n";
++    else if (util::istartsWith(line, "Proxy-Authorization: ")) {
++      result += "Proxy-Authorization: <snip>\n";
++    }
++    else if (util::istartsWith(line, "Cookie: ")) {
++      result += "Cookie: <snip>\n";
++    }
++    else if (util::istartsWith(line, "Set-Cookie: ")) {
++      result += "Set-Cookie: <snip>\n";
+     }
+     else {
+       result += line;
+@@ -154,8 +160,8 @@ std::unique_ptr<HttpResponse> HttpConnection::receiveResponse()
+   const auto& proc = outstandingHttpRequests_.front()->getHttpHeaderProcessor();
+   if (proc->parse(socketRecvBuffer_->getBuffer(),
+                   socketRecvBuffer_->getBufferLength())) {
+-    A2_LOG_INFO(
+-        fmt(MSG_RECEIVE_RESPONSE, cuid_, proc->getHeaderString().c_str()));
++    A2_LOG_INFO(fmt(MSG_RECEIVE_RESPONSE, cuid_,
++                    eraseConfidentialInfo(proc->getHeaderString()).c_str()));
+     auto result = proc->getResult();
+     if (result->getStatusCode() / 100 == 1) {
+       socketRecvBuffer_->drain(proc->getLastBytesProcessed());
diff --git a/gnu/packages/patches/docker-engine-test-noinstall.patch b/gnu/packages/patches/docker-engine-test-noinstall.patch
new file mode 100644
index 0000000000..85d56a3465
--- /dev/null
+++ b/gnu/packages/patches/docker-engine-test-noinstall.patch
@@ -0,0 +1,23 @@
+Last-Update: 2018-06-18
+Forwarded: not-needed
+Author: Dmitry Smirnov <onlyjob@debian.org>
+Description: prevents test-time installation that causes FTBFS.
+~~~~
+ go test net: open /usr/lib/go-1.10/pkg/linux_amd64/net.a: permission denied
+~~~~
+
+--- a/hack/test/unit
++++ b/hack/test/unit
+@@ -18,12 +18,8 @@
+ 
+ exclude_paths="/vendor/|/integration"
+ pkg_list=$(go list $TESTDIRS | grep -vE "($exclude_paths)")
+ 
+-# install test dependencies once before running tests for each package. This
+-# significantly reduces the runtime.
+-go test -i "${BUILDFLAGS[@]}" $pkg_list
+-
+ for pkg in $pkg_list; do
+     go test "${BUILDFLAGS[@]}" \
+         -cover \
+         -coverprofile=profile.out \
diff --git a/gnu/packages/patches/docker-fix-tests.patch b/gnu/packages/patches/docker-fix-tests.patch
new file mode 100644
index 0000000000..3e3e318e25
--- /dev/null
+++ b/gnu/packages/patches/docker-fix-tests.patch
@@ -0,0 +1,28 @@
+Author: Danny Milosavljevic <dannym@scratchpost.org>
+The socket name ended up too long inside the container.
+Use a shorter one.
+--- a/pkg/authorization/authz_unix_test.go	2019-01-10 01:55:02.997985947 +0100
++++ b/pkg/authorization/authz_unix_test.go	2019-01-10 02:03:21.177439757 +0100
+@@ -24,7 +24,7 @@
+ )
+ 
+ const (
+-	pluginAddress = "authz-test-plugin.sock"
++	pluginAddress = "/tmp/authz-test-plugin.sock"
+ )
+ 
+ func TestAuthZRequestPluginError(t *testing.T) {
+@@ -263,12 +263,7 @@
+ 
+ // createTestPlugin creates a new sample authorization plugin
+ func createTestPlugin(t *testing.T) *authorizationPlugin {
+-	pwd, err := os.Getwd()
+-	if err != nil {
+-		t.Fatal(err)
+-	}
+-
+-	client, err := plugins.NewClient("unix:///"+path.Join(pwd, pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true})
++	client, err := plugins.NewClient("unix:///"+path.Join("/", pluginAddress), &tlsconfig.Options{InsecureSkipVerify: true})
+ 	if err != nil {
+ 		t.Fatalf("Failed to create client %v", err)
+ 	}
diff --git a/gnu/packages/patches/kinit-kdeinit-libpath.patch b/gnu/packages/patches/kinit-kdeinit-libpath.patch
index 89cf1a941d..6382e8804b 100644
--- a/gnu/packages/patches/kinit-kdeinit-libpath.patch
+++ b/gnu/packages/patches/kinit-kdeinit-libpath.patch
@@ -23,7 +23,7 @@ pkgs/development/libraries/kde-frameworks/kinit/kinit-libpath.patch
 -                    l.load();
 -                }
 +                // Try to load the library relative to the active profiles.
-+                QByteArrayList profiles = qgetenv("LIBRARY_PATH").split(':');
++                QByteArrayList profiles = qgetenv("KDEINIT5_LIBRARY_PATH").split(':');
 +                for (const QByteArray &profile: profiles) {
 +                    if (!profile.isEmpty()) {
 +                        l.setFileName(QFile::decodeName(profile) + QStringLiteral("/") + libpath);