What's new in uriparser 0.9.8
May 5, 2024
- Fixed:
- Protect against integer overflow in ComposeQueryEngine
- Protect against integer overflow in ComposeQueryMallocExMm
- Changed: Require CMake >=3.5.0
- Added: CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a shared or static library for uriparser and that alone, falls back to standard BUILD_SHARED_LIBS if available, else defaults to "ON"
- Improved: Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a responsibility of the application using uriparser
- Improved: Document supported code points for functions uriEscape(Ex)W
- Infrastructure: Update Clang from 15 to 18
- Infrastructure: Adapt to breaking changes in Clang packaging
- Infrastructure: Get sanitizer CFLAGS and LDFLAGS back in sync
- Infrastructure: Pin GitHub Actions to specific commits for security
- Soname: 1:31:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.7 (Oct 5, 2022)
- Fixed: Multiple issues with IPv6 and IPvFuture literal parsing (GitHub #146, GitHub #150)Thanks to Scallop Ye for the report and the pull request!
- Fixed: Fix symbol visibility for -DBUILD_SHARED_LIBS=OFF (GitHub #139, GitHub #141); thanks to Mariusz Zaborski for the report!
- Fixed: For MinGW, use size_t for inet_ntop declaration and fix macro checks for both MinGW and mingw-w64 (GitHub #131)
- Fixed: Compiler warnings (GitHub #132, GitHub #152)
- Improved: Use name UriConfig.h rather than generic config.h for the config header file to avoid name clashes and also include it through "UriConfig.h" with quotes rather than <UriConfig.h> so that it is found in quote path locations (GitHub #149) Thanks to Gaspard Petit for bringing this up!
- Improved: Document need for UriConfig.h in UriMemory.c (GitHub #136)
- Infrastructure: Add (support for) Visual Studio 17/2022 (GitHub #152)
- Infrastructure: Drop (support for) Visual Studio <=14/2015 (GitHub #152)
- Infrastructure: Update Clang from 13 to 15 (GitHub #143, GitHub #151)
- Infrastructure: Make MinGW with 32bit Wine on Ubuntu 20.04 possible(GitHub #142, GitHub #144, GitHub #145)
- Soname: 1:30:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.6 (Jan 6, 2022)
- Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* functions where the text range in .hostText would not be duped using malloc but remain unchanged (and hence "not owned") for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses uriparser, this could lead the application into a use-after-free situation.
- As the second half, fix uriFreeUriMembers* functions that would not free .hostText memory for URIs with an IPv4 or IPv6 address host; also, calling uriFreeUriMembers* multiple times on a URI of this very nature would result in trying to free pointers to stack (rather than heap) memory (GitHub #121, GitHub #124)
- Commit 987b046e41f407d17c622e580fc82a5e834b4329
- Commit b1a34743bc1472e055d886e29e9b53f670eb3282
- Fixed: [CVE-2021-46142]
- Fix functions uriNormalizeSyntax* for out-of-memory situations (i.e. malloc returning NULL) for URIs containing empty segments (any of user info, host text, query, or fragment) where previously pointers to stack (rather than heap) memory were freed (GitHub #122,
- GitHub #124)
- Commit c0483990e6b5b454f7c8752b36760cfcb0d093f5
- Fixed: CMake: Call "enable_language(CXX)" prior to tinkering with
- CMAKE_CXX_* variables (GitHub #110)
- Thanks to Alexander Richardson for the patch (originally at libexpat)
- Fixed: CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR (GitHub #114)
- Thanks to Rafael Fontenelle for bringing this up (originally at libexpat)
- Fixed: Windows: Address MSVC compiler warnings (GitHub #111, GitHub #113)
- Fixed: Documentation: Space requirements for uriUriStringToUnixFilename did not take into account short form "file:/bin/bash" of RFC 8089 of 2017(with prefix "file:/" rather than "file:///") that uriparser supports since release 0.8.6 in 2018 (GitHub #118, GitHub #119)
- Fixed: Compile error with MinGW GCC 9 related to a mismatched prototype for function inet_ntop (GitHub #117, GitHub #120)
- Thanks to Sandro Mani for the report!
- Fixed: Compile warnings in test suite code (GitHub #120)
- Improved: Respect variable ${CPP} in doc/preprocess.sh (GitHub #115)
- Added: Test suite invocation for MinGW using Wine (GitHub #120)
- Soname: 1:29:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.3 (Apr 28, 2019)
- Fixed: pkg-config: Fix version line in liburiparser.pc (GitHub #65)
- Changed: MinGW: Add library version suffix to DLL name. Thanks to Sandro Mani for the patch! (GitHub #63, #64)
- Soname: 1:26:0
New in uriparser 0.9.1 (Jan 3, 2019)
- SECURITY:
- Fixed: Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//[::44.1"; mitigated if passed parameter <afterLast> points to readable memory containing a '