|Subject:||Re: [libmicrohttpd] libmicrohttpd 0.9.71 released|
|Date:||Fri, 11 Sep 2020 14:04:46 +0200|
The percent-encoded post-processor (current git ) segfaults.
ASAN reports: global-buffer-overflow
A testcase is attached.
-------- Weitergeleitete Nachricht --------
Von: Christian Grothoff <firstname.lastname@example.org>
Antwort an: libmicrohttpd development and user mailinglist <email@example.com>
An: libmicrohttpd <firstname.lastname@example.org>
Betreff: [libmicrohttpd] libmicrohttpd 0.9.71 released
Datum: Sun, 28 Jun 2020 22:04:49 +0200
I'm happy to announce the release of GNU libmicrohttpd 0.9.71.
This release fixes a potential buffer overflow and is thus considered a
security release. Please upgrade as soon as possible. Thanks to Nicolas
Mora for finding and reporting the issue.
Additionally, the release fixes the following issues:
* Proper uncorking with GnuTLS to ensure 'last bytes' are
transmitted over TLS connections even if we are congested
* Fixes wrong values returned by PostProcessor given certain
* Improved documentation, fixed spelling mistakes
* Fixed several socket handling issues on OS X
Furthermore, the release introduces an 'enum MHD_Result' instead of
#defines for MHD_YES/MHD_NO. This is intended to make it easier to check
for certain API misuse bugs by providing better types (not everything is
an 'int'). While this does NOT change the binary API, this change
_will_ cause compiler warnings for all legacy code -- until 'int' is
replaced with 'enum MHD_Result'.
If you want your code to build without warnings on both older and newer
MHD releases, you may want to introduce a MHD_RESULT as done here:
That said, this being a security release it may be a good time to not
build nicely against older versions.
Description: Text Data
|[Prev in Thread]||Current Thread||[Next in Thread]|