On Thu, December 1, 2016 5:07 am, Jeremie Courreges-Anglas wrote:
> Jeremie Courreges-Anglas <j...@wxcvbn.org> writes:
>> trondd <tro...@kagu-tsuchi.com> writes:
>>> Update links+ to 2.14
>>> Fixes some security related issues:
>>> * Limit keepalive of ciphers with 64-bit block size to mitigate
>>> the SWEET32 attack
>>> * Improved tor hardening - when the user toggles the "Only Proxies"
>>> (i.e. when connecting to tor), we reset certain other options to their
>>> default values, so that it is not possible to identify user behind tor
>>> based on the selected options.
>>> * Security bug fixed: Don't load or render the content of
>>> "407 Proxy Authentication Required" reply when using https proxy.
>>> This avoids the FalseCONNECT attack.
>>> Also, don't allow 401 and 407 responses to set cookies.
>> Should this be backported to -stable?
> It appears so, as discussed with Tim. Could someone give this a shot
> on -stable? Please include the output of
> ''make port-lib-depends-check''.
I built it on -stable last night, but with my own diff. It built and ran
without X. I won't have access to a -stable system with X until later
today. I don't recall any problem with lib-depends-check. I can run your
diff on another non-gui -stable right now and double check the depends.