Links 2.20 has been released on August 26: http://links.twibright.com/download/ChangeLog It fixes one security issue. Mageia 6 is also affected.
Status comment: (none) => Fixed upstream in 2.20Whiteboard: (none) => MGA6TOO
Advisory ======== Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains <link rel="dns-prefetch" href="http://host.domain/">. References ========== http://links.twibright.com/download/ChangeLog Files ===== Uploaded to core/updates_testing links-2.20-1.mga7 links-graphic-2.20-1.mga7 links-common-2.20-1.mga7 from links-2.20-1.mga7.src.rpm
Advisory ======== Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains <link rel="dns-prefetch" href="http://host.domain/">. References ========== http://links.twibright.com/download/ChangeLog Files ===== Uploaded to core/updates_testing links-2.20-1.mga6 links-graphic-2.20-1.mga6 links-common-2.20-1.mga6 from links-2.20-1.mga6.src.rpm
Assignee: smelror => qa-bugs
Installed and tested without issues. Tested with and without a tor proxy. Tried to use online DNS leak tests but none of the one I tried worked, probably due to lack of javascript or some other incompatibility. Since I have a local DNS server, I checked if if the local address where visible and when using tor they where not visible. Also used wireshark to check for DNS requests and didn't see any when using a tor proxy. For now that is the best I can do to check for any DNS leaks. If anyone has a better method, I will try it. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.2.10-desktop-1.mga7 #1 SMP Sun Aug 25 17:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | egrep ^links links-2.19-1.mga7 links-common-2.19-1.mga7
CC: (none) => mageiaWhiteboard: MGA6TOO => MGA6TOO MGA7-64-OK
A links 2.20.1 hotfix (dealing with its interaction with libevent) came out. It's being updated in Cauldron now. We should probably update the update candidate too.
Dropping ok until 2.20.1 is built / tested
Whiteboard: MGA6TOO MGA7-64-OK => MGA6TOOCC: (none) => tmb
MGA6-64 Plasma on Lenovo B50 Installing 2.20 versions without issues First used links-text as is, works OK. Then installed and activated Tor and used links-graphics. Pointing to www.google.be results in a page mentioning unusual operations, and I couldn't get any further. Pointed then to my own pages on my own desktop running httpd with for all purposes default settings (except Document root): access was simply refused. Pointed then to my webspace onmy ISP's sites: worked flawlessly. So I cann't see anything wrong with links. The fact that wheb Tor is activated, some sites block this off seems as far as this update is concerned not a problem.
Whiteboard: MGA6TOO => MGA6TOO MGA6-64-OKCC: (none) => herman.viaene
In Mageia 7 Plasma, 64-bit: The following 3 packages are going to be installed: - links-2.20-1.mga7.x86_64 - links-common-2.20-1.mga7.x86_64 - links-graphic-2.20-1.mga7.x86_64 Install was clean. I don't use links, so wouldn't know a regression if it hit me in the nose. But, based on it working in Comment 6, and a clean install in Mageia 7, I am OKing it for M7 and validating. Advisories in Comments 2 and 3.
Whiteboard: MGA6TOO MGA6-64-OK => MGA6TOO, MGA7-64-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0270.html
Status: NEW => RESOLVEDResolution: (none) => FIXED