Re: [security] Update www/curl to version 7.43.0

To: Pierre Pronchery <khorben%defora.org@localhost>
Subject: Re: [security] Update www/curl to version 7.43.0
From: David Laight <david%l8s.co.uk@localhost>
Date: Thu, 16 Jul 2015 10:52:51 +0100

On Thu, Jul 02, 2015 at 04:22:32PM +0200, Pierre Pronchery wrote:
> 			Hi,
> 
> On 06/29/15 18:41, Alistair Crooks wrote:
> > Despite the fact that the freeze is now over, I've been informed that
> > there are problems with curl 7.43.0 caching "Content-Length" between
> > requests on the same connection. Probably best to wait for a fixed
> > version to come from upstream.
> 
> Is this really a new issue from this release?
> 
> All I could find was this, from 2003 or older:
> http://curl.haxx.se/docs/knownbugs.html
> 
> > 5. libcurl doesn't treat the content-length of compressed data properly, as
> >   it seems HTTP servers send the *uncompressed* length in that header and
> >   libcurl thinks of it as the *compressed* length. Some explanations are here:
> >   http://curl.haxx.se/mail/lib-2003-06/0146.html

That problem (of broken http servers) recently caused massive problems
for firefox when they tried to tighten the rules.

	David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- [security] Update www/curl to version 7.43.0
  - From: Pierre Pronchery
- Re: [security] Update www/curl to version 7.43.0
  - From: Alistair Crooks
- Re: [security] Update www/curl to version 7.43.0
  - From: Pierre Pronchery

Prev by Date: Re: wip/tme ready for review
Next by Date: Re: Tool to find dependencies precisely
Previous by Thread: Re: [security] Update www/curl to version 7.43.0
Next by Thread: Re: [security] Update www/curl to version 7.43.0
Indexes:

Home | Main Index | Thread Index | Old Index