From 592ab485a70ab4c8e4cefc37bbdfb76110f9205e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 9 Jan 2022 18:59:51 +0100 Subject: New upstream version 0.9.6 --- ChangeLog | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index a3d7844..cf1a837 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,50 @@ NOTE: uriparser is looking for help with a few things: https://github.com/uriparser/uriparser/labels/help%20wanted If you can help, please get in touch. Thanks! +2022-01-06 -- 0.9.6 + +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: [CVE-2021-46141] + Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* + functions where the text range in .hostText would not be duped using + malloc but remain unchanged (and hence "not owned") for URIs with + an IPv4 or IPv6 address hostname; depending on how an application + uses uriparser, this could lead the application into a use-after-free + situation. + As the second half, fix uriFreeUriMembers* functions that would not + free .hostText memory for URIs with an IPv4 or IPv6 address host; + also, calling uriFreeUriMembers* multiple times on a URI of this + very nature would result in trying to free pointers to stack + (rather than heap) memory (GitHub #121, GitHub #124) + Commit 987b046e41f407d17c622e580fc82a5e834b4329 + Commit b1a34743bc1472e055d886e29e9b53f670eb3282 + * Fixed: [CVE-2021-46142] + Fix functions uriNormalizeSyntax* for out-of-memory situations + (i.e. malloc returning NULL) for URIs containing empty segments + (any of user info, host text, query, or fragment) where previously + pointers to stack (rather than heap) memory were freed (GitHub #122, + GitHub #124) + Commit c0483990e6b5b454f7c8752b36760cfcb0d093f5 +>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + * Fixed: CMake: Call "enable_language(CXX)" prior to tinkering with + CMAKE_CXX_* variables (GitHub #110) + Thanks to Alexander Richardson for the patch (originally at libexpat) + * Fixed: CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR + and CMAKE_INSTALL_INCLUDEDIR (GitHub #114) + Thanks to Rafael Fontenelle for bringing this up (originally at libexpat) + * Fixed: Windows: Address MSVC compiler warnings (GitHub #111, GitHub #113) + * Fixed: Documentation: Space requirements for uriUriStringToUnixFilename + did not take into account short form "file:/bin/bash" of RFC 8089 of 2017 + (with prefix "file:/" rather than "file:///") that uriparser supports + since release 0.8.6 in 2018 (GitHub #118, GitHub #119) + * Fixed: Compile error with MinGW GCC 9 related to a mismatched prototype + for function inet_ntop (GitHub #117, GitHub #120) + Thanks to Sandro Mani for the report! + * Fixed: Compile warnings in test suite code (GitHub #120) + * Improved: Respect variable ${CPP} in doc/preprocess.sh (GitHub #115) + * Added: Test suite invocation for MinGW using Wine (GitHub #120) + * Soname: 1:29:0 — see https://verbump.de/ for what these numbers do + 2021-03-18 -- 0.9.5 * Fixed: Fix a bug regarding section "5.2.4. Remove Dot Segments" -- cgit v1.2.3