|
From: | Markus Doppelbauer |
Subject: | Re: [libmicrohttpd] libmicrohttpd 0.9.71 released |
Date: | Sat, 12 Sep 2020 09:31:10 +0200 |
User-agent: | Evolution 3.36.4-0ubuntu1 |
That was fast! I have to say thank you. Best wishes Markus -------- Weitergeleitete Nachricht -------- Von: Christian Grothoff <grothoff@gnunet.org> Antwort an: libmicrohttpd development and user mailinglist <libmicrohttpd@gnu.org> Betreff: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released Datum: Fri, 11 Sep 2020 22:09:46 +0200 Hi Markus, Thanks for reporting, fixed in c7fce141..16c13329. Happy hacking! -Christian On 9/11/20 2:04 PM, Markus Doppelbauer wrote: Hello,The percent-encoded post-processor (current git ) segfaults.ASAN reports: global-buffer-overflowA testcase is attached.Best wishesMarkus-------- Weitergeleitete Nachricht --------*Von*: Christian Grothoff <grothoff@gnunet.org<mailto:Christian%20Grothoff%20%3cgrothoff@gnunet.org%3e>>*Antwort an*: libmicrohttpd development and user mailinglist<libmicrohttpd@gnu.org<mailto:libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicrohttpd@gnu.org%3e>>*An*: libmicrohttpd <libmicrohttpd@gnu.org<mailto:libmicrohttpd%20%3clibmicrohttpd@gnu.org%3e>>*Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released*Datum*: Sun, 28 Jun 2020 22:04:49 +0200Dear all,I'm happy to announce the release of GNU libmicrohttpd 0.9.71.This release fixes a potential buffer overflow and is thus considered asecurity release. Please upgrade as soon as possible. Thanks to NicolasMora for finding and reporting the issue.Additionally, the release fixes the following issues:* Proper uncorking with GnuTLS to ensure 'last bytes' aretransmitted over TLS connections even if we are congested* Fixes wrong values returned by PostProcessor given certainparser boundaries* Improved documentation, fixed spelling mistakes* Fixed several socket handling issues on OS XFurthermore, the release introduces an 'enum MHD_Result' instead of#defines for MHD_YES/MHD_NO. This is intended to make it easier to checkfor certain API misuse bugs by providing better types (not everything isan 'int'). While this does NOT change the binary API, this change_will_ cause compiler warnings for all legacy code -- until 'int' isreplaced with 'enum MHD_Result'.If you want your code to build without warnings on both older and newerMHD releases, you may want to introduce a MHD_RESULT as done here:https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.hThat said, this being a security release it may be a good time to notbuild nicely against older versions.Happy hacking!Christian |
[Prev in Thread] | Current Thread | [Next in Thread] |