libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] libmicrohttpd 0.9.71 released

From: Markus Doppelbauer
Subject: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released
Date: Sat, 12 Sep 2020 09:31:10 +0200
User-agent: Evolution 3.36.4-0ubuntu1
That was fast!
I have to say thank you.
Best wishes
Markus


-------- Weitergeleitete Nachricht --------
Von: Christian Grothoff <grothoff@gnunet.org>
Antwort an: libmicrohttpd development and user mailinglist <libmicrohttpd@gnu.org>
An: libmicrohttpd@gnu.org
Betreff: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released
Datum: Fri, 11 Sep 2020 22:09:46 +0200

Hi Markus,

Thanks for reporting, fixed in c7fce141..16c13329.

Happy hacking!

-Christian

On 9/11/20 2:04 PM, Markus Doppelbauer wrote:
Hello,

The percent-encoded post-processor (current git ) segfaults.
ASAN reports: global-buffer-overflow
A testcase is attached.

Best wishes
Markus



-------- Weitergeleitete Nachricht --------
*Von*: Christian Grothoff <
grothoff@gnunet.org

<mailto:
Christian%20Grothoff%20%3cgrothoff@gnunet.org
%3e>>
*Antwort an*: libmicrohttpd development and user mailinglist
<
libmicrohttpd@gnu.org

<mailto:
libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicrohttpd@gnu.org
%3e>>
*An*: libmicrohttpd <
libmicrohttpd@gnu.org

<mailto:
libmicrohttpd%20%3clibmicrohttpd@gnu.org
%3e>>
*Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released
*Datum*: Sun, 28 Jun 2020 22:04:49 +0200

Dear all,


I'm happy to announce the release of GNU libmicrohttpd 0.9.71.


This release fixes a potential buffer overflow and is thus considered a

security release. Please upgrade as soon as possible.  Thanks to Nicolas

Mora for finding and reporting the issue.


Additionally, the release fixes the following issues:


* Proper uncorking with GnuTLS to ensure 'last bytes' are

  transmitted over TLS connections even if we are congested

* Fixes wrong values returned by PostProcessor given certain

  parser boundaries

* Improved documentation, fixed spelling mistakes

* Fixed several socket handling issues on OS X


Furthermore, the release introduces an 'enum MHD_Result' instead of

#defines for MHD_YES/MHD_NO. This is intended to make it easier to check

for certain API misuse bugs by providing better types (not everything is

an 'int').  While this does NOT change the binary API, this change

_will_ cause compiler warnings for all legacy code -- until 'int' is

replaced with 'enum MHD_Result'.


If you want your code to build without warnings on both older and newer

MHD releases, you may want to introduce a MHD_RESULT as done here:


https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h




That said, this being a security release it may be a good time to not

build nicely against older versions.



Happy hacking!


Christian



reply via email to
[Prev in Thread] Current Thread [Next in Thread]