For details see:
https://github.com/OISF/libhtp/releases/tag/0.5.43
"htp: do not log content-encoding: none
htp: do not error on multiple 100 Continue
readme: remove note on libhtp not being stable
uri: fix compile warning strict-prototypes
bstr: fix compile warning strict-prototypes
fuzz_diff: Free the rust test object.
github: add CIFuzz workflow"
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
(Scanty) release notes:
0.5.33 (27 April 2020)
----------------------
- compression bomb protection
- memory handling issue found by Oss-Fuzz
- improve handling of anomalies in traffic
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
