1 files changed, 0 insertions, 41 deletions

diff --git a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch b/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
deleted file mode 100644
index 953c6aa3b2bc..000000000000
--- a/net-libs/xrootd/files/xrootd-4.12.4-http_secret_leakage.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-Backported from 5.0.2. Not quite sure if xrootd-4 is actually vulnerable
-to this - but just in case.
-
-From fff97c2dc6703dc1ba8b28b1bf67eeb278ff3e22 Mon Sep 17 00:00:00 2001
-From: Andrew Hanushevsky <abh@stanford.edu>
-Date: Wed, 2 Sep 2020 23:13:52 -0700
-Subject: [PATCH] [HTTP] Prevent secret key leakage if specified in the config
- file.
-
----
- src/XrdHttp/XrdHttpProtocol.cc | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/XrdHttp/XrdHttpProtocol.cc b/src/XrdHttp/XrdHttpProtocol.cc
-index 66b89df20ed..5f50f2aeadd 100644
---- a/src/XrdHttp/XrdHttpProtocol.cc
-+++ b/src/XrdHttp/XrdHttpProtocol.cc
-@@ -1986,6 +1986,7 @@ int XrdHttpProtocol::xsslcafile(XrdOucStream & Config) {
- 
- int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
-   char *val;
-+  bool inFile = false;
- 
-   // Get the path
-   //
-@@ -2001,6 +2002,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
-   // otherwise, the token itself is the secretkey
-   if (val[0] == '/') {
-     struct stat st;
-+    inFile = true;
-     if ( stat(val, &st) ) {
-       eDest.Emsg("Config", errno, "stat shared secret key file", val);
-       return 1;
-@@ -2059,6 +2061,7 @@ int XrdHttpProtocol::xsecretkey(XrdOucStream & Config) {
-   // Record the path
-   if (secretkey) free(secretkey);
-   secretkey = strdup(val);
-+  if (!inFile) Config.noEcho();
- 
-   return 0;
- }