[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] libmicrohttpd 0.9.71 released
From: |
Christian Grothoff |
Subject: |
Re: [libmicrohttpd] libmicrohttpd 0.9.71 released |
Date: |
Fri, 10 Jul 2020 15:08:47 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
Fixed in 8c773704..9b39de8d. Thanks for reporting! -Christian
On 7/6/20 7:15 PM, Markus Doppelbauer wrote:
> There is a second issue parsing url-encoded post requests.
> I have attached a testcase (same ugly code as last time).
> "text" should be "text, text" not "text%2C text".
>
> Best wishes
>
>
> -------- Weitergeleitete Nachricht --------
> *Von*: Christian Grothoff <grothoff@gnunet.org
> <mailto:Christian%20Grothoff%20%3cgrothoff@gnunet.org%3e>>
> *Antwort an*: libmicrohttpd development and user mailinglist
> <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicrohttpd@gnu.org%3e>>
> *An*: libmicrohttpd <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20%3clibmicrohttpd@gnu.org%3e>>
> *Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released
> *Datum*: Sun, 28 Jun 2020 22:04:49 +0200
>
> Dear all,
>
>
> I'm happy to announce the release of GNU libmicrohttpd 0.9.71.
>
>
> This release fixes a potential buffer overflow and is thus considered a
>
> security release. Please upgrade as soon as possible. Thanks to Nicolas
>
> Mora for finding and reporting the issue.
>
>
> Additionally, the release fixes the following issues:
>
>
> * Proper uncorking with GnuTLS to ensure 'last bytes' are
>
> transmitted over TLS connections even if we are congested
>
> * Fixes wrong values returned by PostProcessor given certain
>
> parser boundaries
>
> * Improved documentation, fixed spelling mistakes
>
> * Fixed several socket handling issues on OS X
>
>
> Furthermore, the release introduces an 'enum MHD_Result' instead of
>
> #defines for MHD_YES/MHD_NO. This is intended to make it easier to check
>
> for certain API misuse bugs by providing better types (not everything is
>
> an 'int'). While this does NOT change the binary API, this change
>
> _will_ cause compiler warnings for all legacy code -- until 'int' is
>
> replaced with 'enum MHD_Result'.
>
>
> If you want your code to build without warnings on both older and newer
>
> MHD releases, you may want to introduce a MHD_RESULT as done here:
>
>
> https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h
>
>
>
> That said, this being a security release it may be a good time to not
>
> build nicely against older versions.
>
>
>
> Happy hacking!
>
>
> Christian
>
>
0x939E6BE1E29FC3CC.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature