Fix CVE-2019-3500:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3500
https://github.com/aria2/aria2/issues/1329

Patch copied from upstream source repository:

https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a

From 37368130ca7de5491a75fd18a20c5c5cc641824a Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 5 Jan 2019 09:32:40 +0900
Subject: [PATCH] Mask headers

---
 src/HttpConnection.cc | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/HttpConnection.cc b/src/HttpConnection.cc
index 77cb9d27a..be5b97723 100644
--- a/src/HttpConnection.cc
+++ b/src/HttpConnection.cc
@@ -102,11 +102,17 @@ std::string HttpConnection::eraseConfidentialInfo(const std::string& request)
   std::string result;
   std::string line;
   while (getline(istr, line)) {
-    if (util::startsWith(line, "Authorization: Basic")) {
-      result += "Authorization: Basic ********\n";
+    if (util::istartsWith(line, "Authorization: ")) {
+      result += "Authorization: <snip>\n";
     }
-    else if (util::startsWith(line, "Proxy-Authorization: Basic")) {
-      result += "Proxy-Authorization: Basic ********\n";
+    else if (util::istartsWith(line, "Proxy-Authorization: ")) {
+      result += "Proxy-Authorization: <snip>\n";
+    }
+    else if (util::istartsWith(line, "Cookie: ")) {
+      result += "Cookie: <snip>\n";
+    }
+    else if (util::istartsWith(line, "Set-Cookie: ")) {
+      result += "Set-Cookie: <snip>\n";
     }
     else {
       result += line;
@@ -154,8 +160,8 @@ std::unique_ptr<HttpResponse> HttpConnection::receiveResponse()
   const auto& proc = outstandingHttpRequests_.front()->getHttpHeaderProcessor();
   if (proc->parse(socketRecvBuffer_->getBuffer(),
                   socketRecvBuffer_->getBufferLength())) {
-    A2_LOG_INFO(
-        fmt(MSG_RECEIVE_RESPONSE, cuid_, proc->getHeaderString().c_str()));
+    A2_LOG_INFO(fmt(MSG_RECEIVE_RESPONSE, cuid_,
+                    eraseConfidentialInfo(proc->getHeaderString()).c_str()));
     auto result = proc->getResult();
     if (result->getStatusCode() / 100 == 1) {
       socketRecvBuffer_->drain(proc->getLastBytesProcessed());
fbabe8'>gnu</a>/<a href='/guix/log/gnu/machine?id=aa65bba301b66b9cc7557255b567df5e35fbabe8'>machine</a>/<a href='/guix/log/gnu/machine/digital-ocean.scm?id=aa65bba301b66b9cc7557255b567df5e35fbabe8'>digital-ocean.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/machine/digital-ocean.scm?id=aa65bba301b66b9cc7557255b567df5e35fbabe8&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-07-25 19:11:37 +0200'>2020-07-25</span></td><td><a href='/guix/commit/gnu/machine/digital-ocean.scm?id=d51bfe242fbe6f3f8f71d723e8fe0c7bbe711ba1'>Use 'formatted-message' instead of '&amp;message' where appropriate.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu.scm (%try-use-modules): Use 'formatted-message' instead of
'&amp;message'.
* gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error):
Likewise.
* gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise.
(machine-check-building-for-appropriate-system): Likewise.
(deploy-managed-host): Likewise.
(maybe-raise-unsupported-configuration-error): Likewise.
* gnu/packages.scm (search-patch): Likewise.
* gnu/services.scm (%service-with-default-value): Likewise.
(files-&gt;etc-directory): Likewise.
(fold-services): Likewise.
* gnu/system.scm (locale-name-&gt;definition*): Likewise.
* gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise.
(check-luks-device): Likewise.
* guix/channels.scm (latest-channel-instance): Likewise.
* guix/cve.scm (json-&gt;cve-items): Likewise.
* guix/git-authenticate.scm (commit-signing-key): Likewise.
(commit-authorized-keys): Likewise.
(authenticate-commit): Likewise.
(verify-introductory-commit): Likewise.
* guix/remote.scm (remote-pipe-for-gexp): Likewise.
* guix/scripts/graph.scm (assert-package): Likewise.
* guix/scripts/offload.scm (private-key-from-file*): Likewise.
* guix/ssh.scm (authenticate-server*): Likewise.
(open-ssh-session): Likewise.
(remote-inferior): Likewise.
* guix/ui.scm (matching-generations): Likewise.
* guix/upstream.scm (package-update): Likewise.
* tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"):
Catch 'formatted-message?'.
("authenticate-channel, wrong first commit signer"): Likewise.
* tests/lint.scm ("patches: not found"): Adjust message string.
* tests/packages.scm ("patch not found yields a run-time error"): Catch
'formatted-message?'.
* guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'.
(check-derivation): Ditto.
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-02-09 23:16:45 +0100'>2020-02-09</span></td><td><a href='/guix/commit/gnu/machine/digital-ocean.scm?id=e81344428726f3dae5d2a2e7bb296f46fcde6cc5'>Update e-mail address for Jakob L. Kreuze.</a><span class='msg-avail'>...<span class='msg-tooltip'>As requested here:
&lt;https://lists.gnu.org/archive/html/guix-devel/2020-02/msg00128.html&gt;.

* .mailmap: Add an entry for Jakob.
* gnu/machine.scm, gnu/machine/digital-ocean.scm, gnu/machine/ssh.scm,
gnu/packages/admin.scm, gnu/packages/i2p.scm, gnu/packages/music.scm,
gnu/packages/web.scm, gnu/tests/reconfigure.scm, guix/scripts/deploy.scm,
guix/scripts/system/reconfigure.scm: Update their e-mail address.
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>

Age	Commit message (Expand)	Author
2020-07-25	Use 'formatted-message' instead of '&message' where appropriate....* gnu.scm (%try-use-modules): Use 'formatted-message' instead of '&message'. * gnu/machine/digital-ocean.scm (maybe-raise-unsupported-configuration-error): Likewise. * gnu/machine/ssh.scm (machine-check-file-system-availability): Likewise. (machine-check-building-for-appropriate-system): Likewise. (deploy-managed-host): Likewise. (maybe-raise-unsupported-configuration-error): Likewise. * gnu/packages.scm (search-patch): Likewise. * gnu/services.scm (%service-with-default-value): Likewise. (files->etc-directory): Likewise. (fold-services): Likewise. * gnu/system.scm (locale-name->definition): Likewise. gnu/system/mapped-devices.scm (check-device-initrd-modules): Likewise. (check-luks-device): Likewise. * guix/channels.scm (latest-channel-instance): Likewise. * guix/cve.scm (json->cve-items): Likewise. * guix/git-authenticate.scm (commit-signing-key): Likewise. (commit-authorized-keys): Likewise. (authenticate-commit): Likewise. (verify-introductory-commit): Likewise. * guix/remote.scm (remote-pipe-for-gexp): Likewise. * guix/scripts/graph.scm (assert-package): Likewise. * guix/scripts/offload.scm (private-key-from-file): Likewise. guix/ssh.scm (authenticate-server): Likewise. (open-ssh-session): Likewise. (remote-inferior): Likewise. guix/ui.scm (matching-generations): Likewise. * guix/upstream.scm (package-update): Likewise. * tests/channels.scm ("latest-channel-instances, missing introduction for 'guix'"): Catch 'formatted-message?'. ("authenticate-channel, wrong first commit signer"): Likewise. * tests/lint.scm ("patches: not found"): Adjust message string. * tests/packages.scm ("patch not found yields a run-time error"): Catch 'formatted-message?'. * guix/lint.scm (check-patch-file-names): Handle 'formatted-message?'. (check-derivation): Ditto.	Ludovic Courtès
2020-02-09	Update e-mail address for Jakob L. Kreuze....As requested here: <https://lists.gnu.org/archive/html/guix-devel/2020-02/msg00128.html>. * .mailmap: Add an entry for Jakob. * gnu/machine.scm, gnu/machine/digital-ocean.scm, gnu/machine/ssh.scm, gnu/packages/admin.scm, gnu/packages/i2p.scm, gnu/packages/music.scm, gnu/packages/web.scm, gnu/tests/reconfigure.scm, guix/scripts/deploy.scm, guix/scripts/system/reconfigure.scm: Update their e-mail address.	Tobias Geerinckx-Rice