libmicrohttpd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] libmicrohttpd 0.9.71 released


From: Christian Grothoff
Subject: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released
Date: Fri, 10 Jul 2020 15:08:47 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0

Fixed in 8c773704..9b39de8d. Thanks for reporting! -Christian   

On 7/6/20 7:15 PM, Markus Doppelbauer wrote:
> There is a second issue parsing url-encoded post requests.
> I have attached a testcase (same ugly code as last time).
> "text" should be "text, text" not "text%2C text".
> 
> Best wishes
> 
> 
> -------- Weitergeleitete Nachricht --------
> *Von*: Christian Grothoff <grothoff@gnunet.org
> <mailto:Christian%20Grothoff%20%3cgrothoff@gnunet.org%3e>>
> *Antwort an*: libmicrohttpd development and user mailinglist
> <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicrohttpd@gnu.org%3e>>
> *An*: libmicrohttpd <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20%3clibmicrohttpd@gnu.org%3e>>
> *Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released
> *Datum*: Sun, 28 Jun 2020 22:04:49 +0200
> 
> Dear all,
> 
> 
> I'm happy to announce the release of GNU libmicrohttpd 0.9.71.
> 
> 
> This release fixes a potential buffer overflow and is thus considered a
> 
> security release. Please upgrade as soon as possible.  Thanks to Nicolas
> 
> Mora for finding and reporting the issue.
> 
> 
> Additionally, the release fixes the following issues:
> 
> 
> * Proper uncorking with GnuTLS to ensure 'last bytes' are
> 
>   transmitted over TLS connections even if we are congested
> 
> * Fixes wrong values returned by PostProcessor given certain
> 
>   parser boundaries
> 
> * Improved documentation, fixed spelling mistakes
> 
> * Fixed several socket handling issues on OS X
> 
> 
> Furthermore, the release introduces an 'enum MHD_Result' instead of
> 
> #defines for MHD_YES/MHD_NO. This is intended to make it easier to check
> 
> for certain API misuse bugs by providing better types (not everything is
> 
> an 'int').  While this does NOT change the binary API, this change
> 
> _will_ cause compiler warnings for all legacy code -- until 'int' is
> 
> replaced with 'enum MHD_Result'.
> 
> 
> If you want your code to build without warnings on both older and newer
> 
> MHD releases, you may want to introduce a MHD_RESULT as done here:
> 
> 
> https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h
> 
> 
> 
> That said, this being a security release it may be a good time to not
> 
> build nicely against older versions.
> 
> 
> 
> Happy hacking!
> 
> 
> Christian
> 
> 

Attachment: 0x939E6BE1E29FC3CC.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]