libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] libmicrohttpd 0.9.71 released

From: Christian Grothoff
Subject: Re: [libmicrohttpd] libmicrohttpd 0.9.71 released
Date: Fri, 11 Sep 2020 22:09:46 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0 
Hi Markus,

Thanks for reporting, fixed in c7fce141..16c13329.

Happy hacking!

-Christian

On 9/11/20 2:04 PM, Markus Doppelbauer wrote:
> Hello,
> 
> The percent-encoded post-processor (current git ) segfaults.
> ASAN reports: global-buffer-overflow
> A testcase is attached.
> 
> Best wishes
> Markus
> 
> 
> 
> -------- Weitergeleitete Nachricht --------
> *Von*: Christian Grothoff <grothoff@gnunet.org
> <mailto:Christian%20Grothoff%20%3cgrothoff@gnunet.org%3e>>
> *Antwort an*: libmicrohttpd development and user mailinglist
> <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20development%20and%20user%20mailinglist%20%3clibmicrohttpd@gnu.org%3e>>
> *An*: libmicrohttpd <libmicrohttpd@gnu.org
> <mailto:libmicrohttpd%20%3clibmicrohttpd@gnu.org%3e>>
> *Betreff*: [libmicrohttpd] libmicrohttpd 0.9.71 released
> *Datum*: Sun, 28 Jun 2020 22:04:49 +0200
> 
> Dear all,
> 
> 
> I'm happy to announce the release of GNU libmicrohttpd 0.9.71.
> 
> 
> This release fixes a potential buffer overflow and is thus considered a
> 
> security release. Please upgrade as soon as possible.  Thanks to Nicolas
> 
> Mora for finding and reporting the issue.
> 
> 
> Additionally, the release fixes the following issues:
> 
> 
> * Proper uncorking with GnuTLS to ensure 'last bytes' are
> 
>   transmitted over TLS connections even if we are congested
> 
> * Fixes wrong values returned by PostProcessor given certain
> 
>   parser boundaries
> 
> * Improved documentation, fixed spelling mistakes
> 
> * Fixed several socket handling issues on OS X
> 
> 
> Furthermore, the release introduces an 'enum MHD_Result' instead of
> 
> #defines for MHD_YES/MHD_NO. This is intended to make it easier to check
> 
> for certain API misuse bugs by providing better types (not everything is
> 
> an 'int').  While this does NOT change the binary API, this change
> 
> _will_ cause compiler warnings for all legacy code -- until 'int' is
> 
> replaced with 'enum MHD_Result'.
> 
> 
> If you want your code to build without warnings on both older and newer
> 
> MHD releases, you may want to introduce a MHD_RESULT as done here:
> 
> 
> https://git.gnunet.org/gnunet.git/tree/src/include/gnunet_mhd_compat.h
> 
> 
> 
> That said, this being a security release it may be a good time to not
> 
> build nicely against older versions.
> 
> 
> 
> Happy hacking!
> 
> 
> Christian
> 
>

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]