What's new in uriparser 0.9.8
May 5, 2024
- Fixed:
- Protect against integer overflow in ComposeQueryEngine
- Protect against integer overflow in ComposeQueryMallocExMm
- Changed: Require CMake >=3.5.0
- Added: CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a shared or static library for uriparser and that alone, falls back to standard BUILD_SHARED_LIBS if available, else defaults to "ON"
- Improved: Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a responsibility of the application using uriparser
- Improved: Document supported code points for functions uriEscape(Ex)W
- Infrastructure: Update Clang from 15 to 18
- Infrastructure: Adapt to breaking changes in Clang packaging
- Infrastructure: Get sanitizer CFLAGS and LDFLAGS back in sync
- Infrastructure: Pin GitHub Actions to specific commits for security
- Soname: 1:31:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.7 (Oct 5, 2022)
- Fixed: Multiple issues with IPv6 and IPvFuture literal parsing (GitHub #146, GitHub #150)Thanks to Scallop Ye for the report and the pull request!
- Fixed: Fix symbol visibility for -DBUILD_SHARED_LIBS=OFF (GitHub #139, GitHub #141); thanks to Mariusz Zaborski for the report!
- Fixed: For MinGW, use size_t for inet_ntop declaration and fix macro checks for both MinGW and mingw-w64 (GitHub #131)
- Fixed: Compiler warnings (GitHub #132, GitHub #152)
- Improved: Use name UriConfig.h rather than generic config.h for the config header file to avoid name clashes and also include it through "UriConfig.h" with quotes rather than <UriConfig.h> so that it is found in quote path locations (GitHub #149) Thanks to Gaspard Petit for bringing this up!
- Improved: Document need for UriConfig.h in UriMemory.c (GitHub #136)
- Infrastructure: Add (support for) Visual Studio 17/2022 (GitHub #152)
- Infrastructure: Drop (support for) Visual Studio <=14/2015 (GitHub #152)
- Infrastructure: Update Clang from 13 to 15 (GitHub #143, GitHub #151)
- Infrastructure: Make MinGW with 32bit Wine on Ubuntu 20.04 possible(GitHub #142, GitHub #144, GitHub #145)
- Soname: 1:30:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.6 (Jan 6, 2022)
- Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* functions where the text range in .hostText would not be duped using malloc but remain unchanged (and hence "not owned") for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses uriparser, this could lead the application into a use-after-free situation.
- As the second half, fix uriFreeUriMembers* functions that would not free .hostText memory for URIs with an IPv4 or IPv6 address host; also, calling uriFreeUriMembers* multiple times on a URI of this very nature would result in trying to free pointers to stack (rather than heap) memory (GitHub #121, GitHub #124)
- Commit 987b046e41f407d17c622e580fc82a5e834b4329
- Commit b1a34743bc1472e055d886e29e9b53f670eb3282
- Fixed: [CVE-2021-46142]
- Fix functions uriNormalizeSyntax* for out-of-memory situations (i.e. malloc returning NULL) for URIs containing empty segments (any of user info, host text, query, or fragment) where previously pointers to stack (rather than heap) memory were freed (GitHub #122,
- GitHub #124)
- Commit c0483990e6b5b454f7c8752b36760cfcb0d093f5
- Fixed: CMake: Call "enable_language(CXX)" prior to tinkering with
- CMAKE_CXX_* variables (GitHub #110)
- Thanks to Alexander Richardson for the patch (originally at libexpat)
- Fixed: CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR (GitHub #114)
- Thanks to Rafael Fontenelle for bringing this up (originally at libexpat)
- Fixed: Windows: Address MSVC compiler warnings (GitHub #111, GitHub #113)
- Fixed: Documentation: Space requirements for uriUriStringToUnixFilename did not take into account short form "file:/bin/bash" of RFC 8089 of 2017(with prefix "file:/" rather than "file:///") that uriparser supports since release 0.8.6 in 2018 (GitHub #118, GitHub #119)
- Fixed: Compile error with MinGW GCC 9 related to a mismatched prototype for function inet_ntop (GitHub #117, GitHub #120)
- Thanks to Sandro Mani for the report!
- Fixed: Compile warnings in test suite code (GitHub #120)
- Improved: Respect variable ${CPP} in doc/preprocess.sh (GitHub #115)
- Added: Test suite invocation for MinGW using Wine (GitHub #120)
- Soname: 1:29:0 — see https://verbump.de/ for what these numbers do
New in uriparser 0.9.3 (Apr 28, 2019)
- Fixed: pkg-config: Fix version line in liburiparser.pc (GitHub #65)
- Changed: MinGW: Add library version suffix to DLL name. Thanks to Sandro Mani for the patch! (GitHub #63, #64)
- Soname: 1:26:0
New in uriparser 0.9.1 (Jan 3, 2019)
- SECURITY:
- Fixed: Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6 addresses with embedded IPv4 address, e.g. "//[::44.1"; mitigated if passed parameter <afterLast> points to readable memory containing a '�' byte.
- Fixed: When parsing a malformed URI with an IPvFuture address (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first character after "v" than the actual position of the error (here: the end of the string)
- Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
- Fixed: Compilation with MinGW
- Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
- Improved: For parse errors, waterproof errorPos <= afterLast
New in uriparser 0.9.0 (Jan 3, 2019)
- Fixed: [CVE-2018-19198]:
- Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
- Commit 864f5d4c127def386dd5cc926ad96934b297f04e
- Fixed: [CVE-2018-19199]:
- Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
- Commit f76275d4a91b28d687250525d3a0c5509bbd666f
- Fixed: [CVE-2018-19200]:
- Protect uriResetUri* against acting on NULL input
- Commit f58c25069cf4a986fe17a80c5b38687e31feb539
- SECURITY:
- Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code
- Fixed: Fix off-by-one in uriComposeQueryCharsRequired* and ...Ex*. Reported space requirements were 1 byte bigger than necessary
- Changed: Marked as deprecated:
- Deprecated functions:
- uriNormalizeSyntaxMaskRequired[AW]
- uriParseUri[AW]
- uriParseUriEx[AW]
- Added: Add convenience functions to ease user code to parse a single URI:
- New functions:
- uriParseSingleUri[AW]
- uriParseSingleUriEx[AW]
- uriParseSingleUriExMm[AW]
- Added: Support for custom memory managers (GitHub #26, #35), see Doxygen:
- New functions (as extension of existing ones):
- uriAddBaseUriExMm[AW]
- uriComposeQueryMallocExMm[AW]
- uriDissectQueryMallocExMm[AW]
- uriFreeQueryListMm[AW]
- uriFreeUriMembersMm[AW]
- uriNormalizeSyntaxExMm[AW]
- uriParseSingleUriExMm[AW]
- uriRemoveBaseUriMm[AW]
- New functions (for convenience):
- uriCompleteMemoryManager
- uriEmulateCalloc
- uriEmulateReallocarray
- uriTestMemoryManager
- New error codes:
- URI_ERROR_MEMORY_MANAGER_FAULTY
- URI_ERROR_MEMORY_MANAGER_INCOMPLETE
- New types:
- UriFuncCalloc
- UriFuncFree
- UriFuncMalloc
- UriFuncRealloc
- UriFuncReallocarray
- UriMemoryManager
- Added:
- Add non-void versions of uriNormalizeSyntaxMaskRequired*:
- New functions:
- uriNormalizeSyntaxMaskRequiredEx[AW]
- Changed:
- Migrate test suite from CppTest to GoogleTest 1.8.1
- Improved:
- Make test suite free of memory leaks (GitHub #31)
- Removed:
- Support for pointless define URI_SIZEDOWN (GitHub #29)
- Related configure option --enable-sizedown has also been removed.
New in uriparser 0.8.6 (Jan 3, 2019)
- Fixed: Bad/NULL .hostText.afterLast when parsing certain rather pathologic but well-formed URIs with empty host (e.g. "//:�@") (GitHub #15)
- Fixed: Fix uriRemoveBaseUri for case where scheme, host name, IPvFuture address or path segments of the source address were string prefixes of the related counterpart in the base URI.
- Fixed: Make UriStringToUnixFilename and UriStringToWindowsFilename support minimal representation a la RFC 8089, e.g. file:/bin/bash (compare to file:///bin/bash with three slashes) (GitHub #12, #14)
- Fixed: Documentation typos (GitHub #10, #11)
- Improved: Made API docs of uriRemoveBaseUri more clear (related to GitHub #19)
New in uriparser 0.8.5 (Feb 20, 2018)
- Fixed: Memleak in out-of-memory clean-up code of URI normalization, related to SF.net bug #28. Thanks to Chris Hills for the report!
- Fixed: Fix compilation of uriparse(1) on FreeBSD. Thanks to Ed Schouten for the patch!
- Fixed: Fix C90 compilation errors. Thanks to Joel Cunningham for the patches!
- Fixed: Space requirements documented for uriWindowsFilenameToUriStringA given URI "file://server1/file1.txt" (SF.net bug #31). Thanks to threedyd for the report!
- Fixed: Compiler warnings. Thanks to Joel Cunningham for the patches!
- Fixed: Stop exporting internal function RemoveBaseUriImpl. Thanks to Joel Cunningham for the report!
- Fixed: API documentation front page no longer empty with Doxygen 1.8.13
- Fixed: "make -C doc install" fixed for lack of .map files
- Improved: Communicate that absolutePath is always URI_FALSE for URIs with a host in uriparse CLI tool output and Uri.h header (GitHub #2, SF.net #30)
- Soname: 1:21:0
New in uriparser 0.8.4 (Feb 20, 2018)
- Fixed: Stack overflow on parsing malformed IPv6 addresses with more than eigtht quads. Thanks to Alexander Klink for the report!
- Soname: 1:20:0
New in uriparser 0.8.3 (Feb 20, 2018)
- Fixed: uriCompareRange reported NULL pointer and range of length zero as equal, by mistake. Thanks to Robert Kausch and his Coverity report.
- Fixed: Use-after-free in out-of-memory code of uriMakeOwner. Thanks to Chris Hills and his Klocwork-based report (SF.net bug #28)
- Soname: 1:19:0
New in uriparser 0.8.2 (Feb 20, 2018)
- Fixed: Broken conversion from/to Windows network shares (SF.net bug #21). Thanks to Adam Gross and Dmitry Repkin!
- Fixed: Limit uriCompareRange return values to -1/0/1 (SF.net bug #24). As a side effect, this fixes the test suite for AArch64. Thanks to Marcin Juszkiewicz for the patch!
- Fixed: MinGW Makefile: LIB_DIR fixed from ../../lib leftover to ../../src (SF.net bug #27). Thanks to Dmytro Zagashev for the report!
- Fixed: Add missing NULL checks to UriStringToFilename (SF.net bug #25). Thanks to Jerome Custodio for the report!
- Changed: Leave inlining decisions to GCC
- Soname: 1:18:0
New in uriparser 0.8.0 (Dec 21, 2013)
- Fixed: Resolution of relative URI "/" broken
- Fixed: uriAddBaseUri produced uriUri objects with both host and the absolutePath flag set (while the absolutePath flag should only be true for URI objects without a host) when resolving absolute URIs like "/" or "/foo/bar". Now the absolutePath flag is set to URI_FALSE and an empty segment is added as necessary
- Fixed: .errorCode could end up unset, previously
- Fixed: Resolve use of non-POSIX "sed -r" used when building documentation (bug #18)
- Fixed: Build DLL with -no-undefined on Windows
- Added: Command line tool "uriparse"
- Soname: 1:15:0
New in uriparser 0.7.8 (May 13, 2013)
- Fixed: Fix dissection of query string "q=hello&x=&y=" (#3590761)
New in uriparser 0.7.7 (May 13, 2013)
- Fixed: Fix rejection of some valid characters for userinfo section
- Fixed: Fix rejection of valid double colon in userinfo section
- Soname: 1:12:0
New in uriparser 0.7.6 (Jan 21, 2012)
- Fixed: Qt Compressed Help file was not installed
- Fixed: Shadow/VPATH build doc generation
- Fixed: Compile error from Doxygen when configuring with
- neither --enable-doc nor --disable-doc
- Fixed: Code documentation errors
- Fixed: Fix include path in pkg-config, i.e. remove
- "/uriparser" suffix as uriparser's headers are meant to
- be included by statements like #include .
- Thanks to Philip de Nier for reporting!
- Fixed: Compilation in context of Eclipse + Cygwin + wchar_t
- (bug #3462912)
- Fixed: Selection of supported character widths at build
- time: or or both
- Added: configure parameters to disable either character
- widths: --disable-char, --disable-wchar_t
- Soname: 1:11:0
New in uriparser 0.7.5 (Jan 21, 2012)
- Added: pkg-config file
- Fixed: File Doxyfile.in was missing from release archives
- Thanks to Rakesh Pandit for reporting!
- Fixed: Doc generation troubles
- Changed: No longer shipping bundled libcpptest
- Changed: New dependencies:
- libcpptest 1.1.0 or later
- pkg-config
- The libcpptest dependency can be disabled through
- configuring with --disable-test, which excludes the
- test suite from compilation.
- Soname: 1:10:0
New in uriparser 0.7.4 (Jan 21, 2012)
- Fixed: Null pointer de-referencing when dissecting query
- strings starting with "&" right after "?" (#2418192).
- Thanks to Harvey Vrsalovic for reporting!
- Fixed: Memory leak in uriFreeQueryList function (#2413066)
- Thanks to Daniel Chapiesky for reporting!
- Fixed: Memory leak in uriNormalizeSyntax(Ex) functions (#2413066)
- Thanks to Daniel Chapiesky for reporting!
- Improved: Nested configure hacks resolved
- Soname: 1:9:0
New in uriparser 0.7.3 (Jan 21, 2012)
- Fixed: Missing NULL check in parsing routines
- Fixed: uriparser now builds on Cygwin
- Fixed: Now shipping gnulib's config.guess from HEAD
- which is suitable for Haiku (#2116355)
- Changed: swprintf requirement resolved
- Changed: Build system changes:
- configure option --enable-doc added
- configure.in renamed to configure.ac
- some Autotools files moved to build-aux directory
- Added: Qt Assistant documentation output:
- Qt Compressed Help (.qch) at
- Qt Help Project (.qhp) at
- Generation requires Doxygen 1.5.7.1-20081103 or later.
- Soname: 1:8:0
New in uriparser 0.7.2 (Jan 21, 2012)
- Fixed: Bad cleanup logic in functions
- uriAddBaseUri(..)
- uriRemoveBaseUri(..)
- Previously you needed to call uriFreeUriMembers on return code
- URI_ERROR_MALLOC and only then. So that's why these functions now
- take cleanup off your shoulders. An extra call to uriFreeUriMembers
- from your side is still needed in case of success.
- Soname: 1:7:0
New in uriparser 0.7.1 (Jan 21, 2012)
- Fixed: Bogus syntax error when parsing URIs with port-like
- passwords, e.g. "http://user:21@host/" (#1948038)
- Fixed: Parser did not handle trailing slashes correctly in some cases,
- which also made the structures produced from parsing "http://e.com/"
- and "http://e.com" indistinguishable.
New in uriparser 0.6.5 (Jan 21, 2012)
- Added: Dissection and composition of query strings
- Added: Documentation improvements
- (in|out|inout indicators, addition of \since and \see)
- Changed: Code::Blocks project files updated from file format
- version 1.4 to 1.6, which is produced by Code::Blocks 8.02
- Added: Code::Blocks workspace file
- Soname: 1:5:0
New in uriparser 0.6.4 (Jan 21, 2012)
- Added: Syntax-based normalization can now handle relative URIs,
- e.g. "../../a/b/.././c" is normalized to "../../a/c"
- Fixed: Normalization code could free foreign memory
- Fixed: Normalization processed the path segment even when asked not to
- Added: MinGW Makefile and related readme
- Fixed: Documentation bug not requiring enough memory for the output
- buffer when converting a relative file URI back to a filename
- Soname: 1:4:0
New in uriparser 0.6.3 (Jan 21, 2012)
- Fixed: Two major crash bugs in normalization code
- Thanks to Adrian Manrique for the patch!
- Added: Brief usage tutorial
- Soname: 1:3:0
New in uriparser 0.6.2 (Jan 21, 2012)
- Fixed: Freeing a normalized URI like "http://test?"
- caused a crash. Thanks to Adrian Manrique for reporting!
- Fixed: Filename URI string conversion helpers can
- now handle relative URIs and filenames
- Soname: 1:2:0
New in uriparser 0.6.1 (Dec 27, 2007)
- Fixed: Percent-encodings in hostnames were not repaired during normalization.
- Fixed: Percent-encodings were fixed after dot removal not before during normalization.
- Fixed: Include path order bug
- Fixed: Shadow builds now possible
- Added: Version guards for Autoconf/Automake
- Changed: Soname set to 1:1:0