CVSROOT:        /cvs
Module name:    ports
Changes by:     j...@cvs.openbsd.org    2016/12/01 12:32:02

Modified files:
        www/links+     : Tag: OPENBSD_6_0 Makefile distinfo 
        www/links+/patches: Tag: OPENBSD_6_0 patch-html_c patch-https_c 

Log message:
SECURITY update to links-2.14

Relevant changes:
* Limit keepalive of ciphers with 64-bit block size to mitigate
the SWEET32 attack
* Improved tor hardening - when the user toggles the "Only Proxies" option
(i.e. when connecting to tor), we reset certain other options to their
default values, so that it is not possible to identify user behind tor
based on the selected options.
* Security bug fixed: Don't load or render the content of
"407 Proxy Authentication Required" reply when using https proxy.
This avoids the FalseCONNECT attack.
Also, don't allow 401 and 407 responses to set cookies.

Tested on 6.0 by Tim Meunier (maintainer)

Reply via email to