diff --git a/CHANGES b/CHANGES index 690eedb7e..e9b6c64c6 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,13 @@ Changelog +Daniel (26 October) +- James Bursa found out that curl_msnprintf() could write the trailing + zero-byte outside its given buffer size. This could happen if you generated + a very long error message as then libcurl would overwrite the ERRORBUFFER + with one byte. Using a non-existing very long local file:// name is one case + that could make this occur. + Daniel (24 October) - David Hull filed bug report #829827. It identified a problem with -C - if the full file already was downloaded and thus the server responded with a diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 299f87b30..f5d1cd081 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -24,6 +24,7 @@ This release includes the following changes: This release includes the following bugfixes: + o a rare ERRORBUFFER single-byte overflow was fixed o HTTP-resuming an already downloaded file works better o builds better on Solaris 8+ with gcc o --disable-eprt works now @@ -81,6 +82,7 @@ advice from friends like these: Neil Spring, Siddhartha Prakash Jain, Jon Turner, Vincent Bronner, Shard, Jeremy Friesner, Florian Schoppmann, Neil Dunbar, Frank Ticheler, Lachlan O'Dea, Dirk Manske, Domenico Andreoli, Gisle Vanem, Kimmo Kinnunen, Andrew - Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull + Fuller, Georg Horn, Andrés García, Dylan Ellicott, Kevin Roth, David Hull, + James Bursa Thanks! (and sorry if I forgot to mention someone)