On Thu, December 1, 2016 5:07 am, Jeremie Courreges-Anglas wrote: > Jeremie Courreges-Anglas <j...@wxcvbn.org> writes: > >> trondd <tro...@kagu-tsuchi.com> writes: >> >>> Update links+ to 2.14 >>> >>> Fixes some security related issues: >>> >>> * Limit keepalive of ciphers with 64-bit block size to mitigate >>> the SWEET32 attack >>> * Improved tor hardening - when the user toggles the "Only Proxies" >>> option >>> (i.e. when connecting to tor), we reset certain other options to their >>> default values, so that it is not possible to identify user behind tor >>> based on the selected options. >>> * Security bug fixed: Don't load or render the content of >>> "407 Proxy Authentication Required" reply when using https proxy. >>> This avoids the FalseCONNECT attack. >>> Also, don't allow 401 and 407 responses to set cookies. >> >> Should this be backported to -stable? > > It appears so, as discussed with Tim. Could someone give this a shot > on -stable? Please include the output of > ''make port-lib-depends-check''. >
I built it on -stable last night, but with my own diff. It built and ran without X. I won't have access to a -stable system with X until later today. I don't recall any problem with lib-depends-check. I can run your diff on another non-gui -stable right now and double check the depends. Tim.
