uriparser/uriparser.changes

518 lines
22 KiB
Plaintext

-------------------------------------------------------------------
Wed May 22 11:52:17 UTC 2024 - Gus Kenion <gus.kenion@suse.com>
- CVE-2024-34402.patch: Protect against integer overflow in
ComposeQueryEngine (bsc#1223887, CVE-2024-34402)
- CVE-2024-34403.patch: Protect against integer overflow in
ComposeQueryMallocExMm (bsc#1223888, CVE-2024-34403)
-------------------------------------------------------------------
Mon Oct 17 11:52:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 0.9.7:
* Fixed: Multiple issues with IPv6 and IPvFuture literal parsing
(GitHub #146, GitHub #150)
Thanks to Scallop Ye for the report and the pull request!
* Fixed: Fix symbol visibility for -DBUILD_SHARED_LIBS=OFF (GitHub #139,
GitHub #141); thanks to Mariusz Zaborski for the report!
* Fixed: For MinGW, use size_t for inet_ntop declaration and fix macro
checks for both MinGW and mingw-w64 (GitHub #131)
* Fixed: Compiler warnings (GitHub #132, GitHub #152)
* Improved: Use name UriConfig.h rather than generic config.h for the
config header file to avoid name clashes and also include it through
"UriConfig.h" with quotes rather than <UriConfig.h> so that it is found
in quote path locations (GitHub #149)
Thanks to Gaspard Petit for bringing this up!
* Improved: Document need for UriConfig.h in UriMemory.c (GitHub #136)
* Infrastructure: Add (support for) Visual Studio 17/2022 (GitHub #152)
* Infrastructure: Drop (support for) Visual Studio <=14/2015 (GitHub #152)
* Infrastructure: Update Clang from 13 to 15 (GitHub #143, GitHub #151)
* Infrastructure: Make MinGW with 32bit Wine on Ubuntu 20.04 possible
(GitHub #142, GitHub #144, GitHub #145)
* Soname: 1:30:0 — see https://verbump.de/ for what these numbers do
-------------------------------------------------------------------
Mon May 16 23:19:39 UTC 2022 - Andrew Daugherity <adaugherity@tamu.edu>
- fix cmake build (incorrect line continuation - %%make_jobs is not part of the
%%cmake call; it only worked in distros where it printed a deprecation
warning before invoking make)
- replace deprecated %%make_jobs with %%cmake_build
- fix building docs: need graphviz-gd to produce PNG files and
ghostscript-fonts-std for the fonts used
-------------------------------------------------------------------
Sun Jan 9 20:48:18 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 0.9.6 (bsc#1194365, bsc#1194364):
* Fixed: [CVE-2021-46141]
Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner*
functions where the text range in .hostText would not be duped using
malloc but remain unchanged (and hence "not owned") for URIs with
an IPv4 or IPv6 address hostname; depending on how an application
uses uriparser, this could lead the application into a use-after-free
situation.
As the second half, fix uriFreeUriMembers* functions that would not
free .hostText memory for URIs with an IPv4 or IPv6 address host;
also, calling uriFreeUriMembers* multiple times on a URI of this
very nature would result in trying to free pointers to stack
(rather than heap) memory (GitHub #121, GitHub #124)
Commit 987b046e41f407d17c622e580fc82a5e834b4329
Commit b1a34743bc1472e055d886e29e9b53f670eb3282
* Fixed: [CVE-2021-46142]
Fix functions uriNormalizeSyntax* for out-of-memory situations
(i.e. malloc returning NULL) for URIs containing empty segments
(any of user info, host text, query, or fragment) where previously
pointers to stack (rather than heap) memory were freed (GitHub #122,
GitHub #124)
-------------------------------------------------------------------
Sun May 16 17:55:31 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 0.9.5:
* Fixed: Fix a bug regarding section "5.2.4. Remove Dot Segments"
of RFC 3986 that affected both normalization and reference resolution
with regard to trailing slashes (GitHub #92, #97)
Thanks to Dan Pape for the report!
* Fixed: MinGW: Fix name of static library (GitHub #90)
Thanks to SpaceIm for the patch and Sandro Mani for review!
* Fixed: Use correct inline marker "__forceinline" for Intel C++ Compiler
(GitHub #93)
Thanks to jensenrichardson for the patch!
* Fixed: Link against pthreads for (default) -DURIPARSER_BUILD_TESTS=ON
(GitHub #99, #100)
* Fixed: When integrated using CMake function add_subdirectory, installation
could fail due to lack of prefix ${CMAKE_CURRENT_SOURCE_DIR} (GitHub #98)
Thanks for the patch to Shehzan Mohammed!
* Fixed: Addressed MSVC compile warning about lack of /EHsc when compiling
the C++ test suite code (GitHub #102)
* Fixed: Stopped misadvertising wide characters as Unicode support
(GitHub #104)
* Added: CMake option URIPARSER_WARNINGS_AS_ERRORS=(ON|OFF)
to turn compile warnings into errors, defaults to "OFF" (GitHub #102)
* Improved: pkg-config: Use ${prefix} and ${exec_prefix} to ease
overriding variables using --define-variable=NAME=VALUE,
e.g. as done on OpenWRT (GitHub #91)
Thanks to Karel Kočí for the pull request!
* Improved: Auto-detection of the qhelpgenerator command based on CMake
package "Qt5Help" when available. CMake option "QHG_LOCATION" can still
be used to enforce a specific location (GitHub #103)
Thanks for his help to Andreas Sturmlechner!
* Improved: Make documentation use pkg-config in example on how to
check for uriparser from within configure.ac (GNU Autoconf)
(GitHub #37, #106)
* Improved: In testing code, add a missing 'extern "C"' (GitHub #109)
Thanks to Jørgen Ibsen for the patch!
* Soname: 1:28:0 — see https://verbump.de/ for what these numbers do
-------------------------------------------------------------------
Tue Jul 28 09:34:10 UTC 2020 - Martin Rey <mrey@suse.com>
- Update to version 0.9.4
* Fixed: testrunner: No longer crashes when compiled with NDEBUG
(GitHub #67)
* Fixed: CMake: Support GTest 1.8.0 (GitHub #68)
Thanks to Ryan Schmidt for the related report!
* Fixed: CMake: Use variable GTEST_INCLUDE_DIRS (with plural "S")
rather than GTEST_INCLUDE_DIR (GitHub #79, #81)
Thanks to Wouter Beek for the related report!
* Improved: CMake: Send config summary to stdout, not stderr
(GitHub #72)
Thanks to Scott Donelan for the patch!
* Improved: Make -DURIPARSER_BUILD_TESTS=OFF unlock compilation
without a C++ compiler; thanks to Fabrice Fontaine for the
patch! (GitHub #69)
* Added: Functions to make UriUri[AW] instances independent of
the original URI string (GitHub #77 and #78)
New functions:
uriMakeOwner[AW]
uriMakeOwnerMm[AW]
* Added: CMake option URIPARSER_ENABLE_INSTALL to toggle
installation of files, defaults to "ON" (GitHub #74, #75)
Thanks to Scott Donelan for the patch!
* Soname: 1:26:0
-------------------------------------------------------------------
Mon Jul 22 18:58:11 UTC 2019 - Todd R <toddrme2178@gmail.com>
- Update to version 0.9.3
* Fixed: pkg-config: Fix version line in liburiparser.pc (GitHub #65)
* Changed: MinGW: Add library version suffix to DLL name
Thanks to Sandro Mani for the patch! (GitHub #63, #64)
* Soname: 1:26:0
- Update to version 0.9.2
* Fixed: Add missing extern "C" wrapper to UriIp4.h for use from C++
* Fixed: Linking error for symbol defaultMemoryManager from mixing C and C++
Thanks to Jørgen Ibsen for the report! (GitHub #52)
* Fixed: Link errors on Haiku regarding function inet_ntop (GitHub #45)
Thanks to Schrijvers Luc for the patch!
* Fixed: Mark API functions with __declspec(dllexport) and
__declspec(dllimport) in *.h files for Visual Studio (GitHub #60)
* Improved: Use -fvisibility=hidden by default with supporting compilers,
e.g. GCC and Clang (GitHub #60)
* Changed: Migrated from GNU Autotools to CMake (GitHub #17, #47, #56, #59)
Thanks for their support with the CMake migration to:
- David Demelier
- Jørgen Ibsen
- KangLin
- Kouhei Sutou
- myd7349
- Richard Hodges
- Zachary Lund
* Removed: All Windows-related build systems other than CMake
* Soname: 1:25:0
- Switch to cmake build
- Split docs into own subpackage
-------------------------------------------------------------------
Wed Jan 16 14:00:52 UTC 2019 - adam.majer@suse.de
- Update to version 0.9.1
* Fixed Out-of-bounds read in uriParse*Ex* for incomplete URIs
with IPv6 addresses with embedded IPv4 address, e.g. "//[::44.1"
mitigated if passed parameter <afterLast> points to readable
memory containing a '\0' byte. (bsc#1122193, CVE-2018-20721)
* Fixed: When parsing a malformed URI with an IPvFuture address
(e.g. "http://[vA.123456" missing "]"), errorPos would point
to the first character after "v" than the actual position of the
error (here: the end of the string)
* Fixed: uriToStringCharsRequired* reported 1 more byte than
needed for IPv4 address URIs (GitHub #41);
* Improved: For parse errors, waterproof errorPos <= afterLast
* Soname: 1:24:0
-------------------------------------------------------------------
Fri Nov 16 10:45:59 UTC 2018 - adam.majer@suse.de
- Update to version 0.9.0
* Fixed: Out-of-bounds write in uriComposeQuery* and
uriComposeQueryEx* (bsc#1115722, CVE-2018-19198)
* Fixed: Detect integer overflow in uriComposeQuery* and
uriComposeQueryEx* (bsc#1115723, CVE-2018-19199)
* Fixed: Protect uriResetUri* against acting on NULL input
(bsc#1115724, CVE-2018-19200)
* Changed: Marked as deprecated:
Deprecated functions:
uriNormalizeSyntaxMaskRequired[AW]
uriParseUri[AW]
uriParseUriEx[AW]
Added: Add convenience functions to ease user code to parse a single URI
New functions:
uriParseSingleUri[AW]
uriParseSingleUriEx[AW]
uriParseSingleUriExMm[AW]
Added: Support for custom memory managers (GitHub #26, #35), see Doxygen
New functions (as extension of existing ones):
uriAddBaseUriExMm[AW]
uriComposeQueryMallocExMm[AW]
uriDissectQueryMallocExMm[AW]
uriFreeQueryListMm[AW]
uriFreeUriMembersMm[AW]
uriNormalizeSyntaxExMm[AW]
uriParseSingleUriExMm[AW]
uriRemoveBaseUriMm[AW]
New functions (for convenience):
uriCompleteMemoryManager
uriEmulateCalloc
uriEmulateReallocarray
uriTestMemoryManager
New error codes:
URI_ERROR_MEMORY_MANAGER_FAULTY
URI_ERROR_MEMORY_MANAGER_INCOMPLETE
New types:
UriFuncCalloc
UriFuncFree
UriFuncMalloc
UriFuncRealloc
UriFuncReallocarray
UriMemoryManager
* Added: Add non-void versions of uriNormalizeSyntaxMaskRequired*
* Changed: Migrate test suite from CppTest to GoogleTest
* Improved: Make test suite free of memory leaks
* Removed: Support for pointless define URI_SIZEDOWN
* Soname: 1:23:0
- Changes in version 0.8.6
* Fixed: Bad/NULL .hostText.afterLast when parsing certain rather
pathologic but well-formed URIs with empty host
* Fixed: Fix uriRemoveBaseUri for case where scheme, host name,
IPvFuture address or path segments of the source address were
string prefixes of the related counterpart in the base URI.
* Fixed: Make UriStringToUnixFilename and UriStringToWindowsFilename
support minimal representation a la RFC 8089, e.g. file:/bin/bash
* Soname: 1:22:0
- uriparser-doxygen.patch: dropped, not needed
- package documentation
-------------------------------------------------------------------
Thu Mar 1 11:54:00 UTC 2018 - adam.majer@suse.de
- Fix unit test building when cpptest is available.
-------------------------------------------------------------------
Mon Feb 26 08:32:38 UTC 2018 - adam.majer@suse.de
- Fix License - the source code contains LGPL licensed test suite.
The library itself is licensed under BSD license. Use SPDX v3
- Test suite requires cpptest, which we don't have at the moment.
- spec-cleaner cleanup.
-------------------------------------------------------------------
Wed Feb 21 09:03:53 UTC 2018 - adam.majer@suse.de
- Package COPYING and other basic documentation
- Drop HTML documentation, for now, since it has no content.
-------------------------------------------------------------------
Wed Feb 21 08:32:54 UTC 2018 - adam.majer@suse.de
- Fix Group of the library subpackage
-------------------------------------------------------------------
Tue Feb 20 11:30:54 UTC 2018 - jengelh@inai.de
- Merge subpackage uriparse into uriparser main package,
and rename liburiparser-devel to uriparser-devel.
-------------------------------------------------------------------
Tue Feb 20 08:18:20 UTC 2018 - adam.majer@suse.de
- Rename package to comply with openSUSE packaging guidelines
(bnc#1081686, sr#577196)
- Rename changes and spec file and drop usage of pkg_name
-------------------------------------------------------------------
Tue Feb 13 09:36:48 UTC 2018 - jengelh@inai.de
- Remove pointless --with-pic (no effect with --disable-static)
- Ensure neutrality of description.
-------------------------------------------------------------------
Thu Feb 8 07:22:51 UTC 2018 - aloisio@gmx.com
- Update to version 0.8.5
* Changed: The uriparser project has moved from SourceForge to
GitHub:
Code + issue tracker: https://github.com/uriparser/uriparser
New website: https://uriparser.github.io/
Please update any links of yours, accordingly. Thank you!
* Fixed: Memleak in out-of-memory clean-up code
of URI normalization, related to SF.net bug #28.
Thanks to Chris Hills for the report!
* Fixed: Fix compilation of uriparse(1) on FreeBSD
Thanks to Ed Schouten for the patch!
* Fixed: Fix C90 compilation errors
Thanks to Joel Cunningham for the patches!
* Fixed: Space requirements documented for
uriWindowsFilenameToUriStringA
given URI "file://server1/file1.txt" (SF.net bug #31)
Thanks to threedyd for the report!
* Fixed: Compiler warnings
Thanks to Joel Cunningham for the patches!
* Fixed: Stop exporting internal function RemoveBaseUriImpl
Thanks to Joel Cunningham for the report!
* Fixed: API documentation front page no longer empty with
Doxygen 1.8.13
* Fixed: "make -C doc install" fixed for lack of .map files
* Improved: Communicate that absolutePath is always URI_FALSE
for URIs with a host in uriparse CLI tool output and Uri.h
header
(GitHub #2, SF.net #30)
* Soname: 1:21:0
version 0.8.4
* Fixed: Stack overflow on parsing malformed IPv6 addresses with
more than eigtht quads. Thanks to Alexander Klink for the
report!
* Soname: 1:20:0
version 0.8.3
* Fixed: uriCompareRange reported NULL pointer and range of
length zero as equal, by mistake.
Thanks to Robert Kausch and his Coverity report.
* Fixed: Use-after-free in out-of-memory code of uriMakeOwner.
Thanks to Chris Hills and his Klocwork-based report (SF.net
bug #28)
* Soname: 1:19:0
version 0.8.2
* Fixed: Broken conversion from/to Windows network shares
(SF.net bug #21)
Thanks to Adam Gross and Dmitry Repkin!
* Fixed: Limit uriCompareRange return values to -1/0/1 (SF.net
bug #24)
As a side effect, this fixes the test suite for AArch64.
Thanks to Marcin Juszkiewicz for the patch!
* Fixed: MinGW Makefile:
LIB_DIR fixed from ../../lib leftover to ../../src (SF.net
bug #27)
Thanks to Dmytro Zagashev for the report!
* Fixed: Add missing NULL checks to UriStringToFilename (SF.net
bug #25)
Thanks to Jerome Custodio for the report!
* Changed: Leave inlining decisions to GCC
* Soname: 1:18:0
- Refreshed uriparser-doxygen.patch
- Spec cleanup
-------------------------------------------------------------------
Thu Feb 19 21:23:41 UTC 2015 - p.drouand@gmail.com
- Update to version 0.8.1
* Fixed: Sync URI_VER_* preprocessor defines (were at 0.7.6, bug #23)
* Fixed: Bug in internal function that may flip uriEqualsUri results around
* Added: Function uriAddBaseUriEx allowing to resolve URIs with
a scheme identical to that of the base URI to resolve against
as if the URI to resolve had no scheme specified, when flag
URI_RESOLVE_IDENTICAL_SCHEME_COMPAT is specified (feature request #4)
* Soname: 1:17:0
- Update uriparser-0.7.5-doxygen.patch
> uriparser-doxygen.patch
- Add pkgconfig(libxdot) require; new upstream dependency
- Update download source Url to current sourceforge location
- Split out uriparse binary into his own package
-------------------------------------------------------------------
Tue May 27 01:44:02 UTC 2014 - crrodriguez@opensuse.org
- Extend uriparser-0.7.5-doxygen.patch so doxygen does not
generate timestamped files.
-------------------------------------------------------------------
Sun Feb 3 07:08:05 UTC 2013 - coolo@suse.com
- update license to new format
-------------------------------------------------------------------
Mon Jan 30 13:02:12 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections per specfile guideline suggestions
- Parallel building using %_smp_mflags
-------------------------------------------------------------------
Sun May 1 17:35:27 UTC 2011 - toddrme2178@gmail.com
- Added 32bit compatibility libraries
-------------------------------------------------------------------
Mon Sep 6 12:19:32 UTC 2010 - coolo@novell.com
- fix compile, newer doxygen does not use .gif anymore
-------------------------------------------------------------------
Fri Apr 9 14:42:24 UTC 2010 - davejplater@gmail.com
- Update to version 0.7.5 fixed doxygen build with uriparser-0.7.5-doxygen.patch
- Upstream changes :-
* Added: pkg-config file
* Fixed: File Doxyfile.in was missing from release archives
Thanks to Rakesh Pandit for reporting!
* Fixed: Doc generation troubles
* Changed: No longer shipping bundled libcpptest
* Changed: New dependencies:
- libcpptest 1.1.0 or later
- pkg-config (for libcpptest detection)
Both dependencies can be disable through configuring
with --disable-test, which excludes the test suite
from compilation.
* Soname: 1:10:0
-------------------------------------------------------------------
Sun Sep 6 11:16:00 CEST 2009 - meissner@suse.de
- use correct version in .spec file, removed unnecessary CFLAGS/CXXFLAGS
stuff now default.
-------------------------------------------------------------------
Tue Dec 23 12:00:13 CET 2008 - pascal.bleser@opensuse.org
- update to version 0.7.4:
* fixes null pointer de-referencing and memory leaks in two places
- changes from 0.7.3:
* fixes a small bug with parsing
-------------------------------------------------------------------
Sun Sep 7 11:19:39 CEST 2008 - schwab@suse.de
- Remove conflicting libtool macros.
-------------------------------------------------------------------
Tue Sep 2 11:11:06 CEST 2008 - crrodriguez@suse.de
- update to version 0.7.2
Fixed: Bad cleanup logic in functions
uriAddBaseUri(..)
uriRemoveBaseUri(..)
Previously you needed to call uriFreeUriMembers on return code
URI_ERROR_MALLOC and only then. So that's why these functions now
take cleanup off your shoulders. An extra call to uriFreeUriMembers
from your side is still needed in case of success.
* Soname: 1:7:0
-------------------------------------------------------------------
Mon Apr 28 05:19:30 CEST 2008 - crrodriguez@suse.de
- update to version 0.7.1
* Fixed: Bogus syntax error when parsing URIs with port-like
passwords, e.g. "http://user:21@host/" (#1948038)
Thanks to Friedrich Delgado Friedrichs for reporting!
* Fixed: Parser did not handle trailing slashes correctly in some cases,
which also made the structures produced from parsing "http://e.com/"
and "http://e.com" indistinguishable. (#1950126)
Thanks to Edward Z. Yang for reporting!
-------------------------------------------------------------------
Sat Apr 5 00:33:20 CEST 2008 - crrodriguez@suse.de
- update to version 0.7.0
* Added: Dissection and composition of query strings
* Added: Documentation improvements
(in|out|inout indicators, addition of \since and \see)
* Changed: Code::Blocks project files updated from file format
version 1.4 to 1.6, which is produced by Code::Blocks 8.02
* Added: Code::Blocks workspace file
* Changed: Soname set to 1:5:0
-------------------------------------------------------------------
Wed Mar 12 00:26:30 CET 2008 - crrodriguez@suse.de
- fix buildRequires
-------------------------------------------------------------------
Mon Feb 25 23:55:22 CET 2008 - crrodriguez@suse.de
- version 0.6.4
* Added: Syntax-based normalization can now handle relative URIs,
e.g. "../../a/b/.././c" is normalized to "../../a/c"
* Fixed: Normalization code could free foreign memory
* Fixed: Normalization processed the path segment even when asked not to
* Fixed: Documentation bug not requiring enough memory for the output
buffer when converting a relative file URI back to a filename
* Changed: Soname set to 1:4:0
-------------------------------------------------------------------
Mon Feb 11 16:25:06 CET 2008 - crrodriguez@suse.de
- version 0.6.3
- Fixed: Two major crash bugs in normalization code
- Added: Brief usage tutorial
- Changed: Soname set to 1:3:0
-------------------------------------------------------------------
Mon Feb 4 05:24:36 CET 2008 - crrodriguez@suse.de
- version 0.6.1
-------------------------------------------------------------------
Thu Oct 18 03:07:01 UTC 2007 - crrodriguez@suse.de
- update to version 0.6.0 , liburiparse1
-------------------------------------------------------------------
Wed Aug 15 22:51:19 CEST 2007 - crrodriguez@suse.de
- first package for the OBS