summaryrefslogtreecommitdiff
path: root/ChangeLog
blob: 420320dfec066a084c584e16bcd410d6480eca5d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
NOTE: uriparser is looking for help with a few things:
      https://github.com/uriparser/uriparser/labels/help%20wanted
      If you can help, please get in touch.  Thanks!

2019-01-02 -- 0.9.1

>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  * Fixed:
      Out-of-bounds read in uriParse*Ex* for incomplete URIs with IPv6
      addresses with embedded IPv4 address, e.g. "//[::44.1";
      mitigated if passed parameter <afterLast> points to readable memory
      containing a '\0' byte.
      Thanks to Joergen Ibsen for the report!
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  * Fixed: When parsing a malformed URI with an IPvFuture address
      (e.g. "http://[vA.123456" missing "]"), errorPos would point to the first
      character after "v" than the actual position of the error (here: the end
      of the string)
  * Fixed: uriToStringCharsRequired* reported 1 more byte than actually needed
      for IPv4 address URIs (GitHub #41); Thanks to @gyh007 for the patch!
  * Fixed: Compilation with MinGW
      Thanks to Sandro Mani for the patch!
  * Fixed: Drop use of asprintf from the test suite for MinGW (GitHub #40)
  * Improved: For parse errors, waterproof errorPos <= afterLast
  * Soname: 1:24:0

2018-10-27 -- 0.9.0

>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  * Fixed: [CVE-2018-19198]
      Out-of-bounds write in uriComposeQuery* and uriComposeQueryEx*
      Commit 864f5d4c127def386dd5cc926ad96934b297f04e
      Thanks to Google Autofuzz team for the report!
  * Fixed: [CVE-2018-19199]
      Detect integer overflow in uriComposeQuery* and uriComposeQueryEx*
      Commit f76275d4a91b28d687250525d3a0c5509bbd666f
      Thanks to Google Autofuzz team for the report!
  * Fixed: [CVE-2018-19200]
      Protect uriResetUri* against acting on NULL input
      Commit f58c25069cf4a986fe17a80c5b38687e31feb539
>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  * Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code
  * Fixed: Fix off-by-one in uriComposeQueryCharsRequired* and ...Ex*
      Reported space requirements were 1 byte bigger than necessary
  * Changed: Marked as deprecated:
      Deprecated functions:
        uriNormalizeSyntaxMaskRequired[AW]
        uriParseUri[AW]
        uriParseUriEx[AW]
  * Added: Add convenience functions to ease user code to parse a single URI
      New functions:
        uriParseSingleUri[AW]
        uriParseSingleUriEx[AW]
        uriParseSingleUriExMm[AW]
  * Added: Support for custom memory managers (GitHub #26, #35), see Doxygen
      New functions (as extension of existing ones):
        uriAddBaseUriExMm[AW]
        uriComposeQueryMallocExMm[AW]
        uriDissectQueryMallocExMm[AW]
        uriFreeQueryListMm[AW]
        uriFreeUriMembersMm[AW]
        uriNormalizeSyntaxExMm[AW]
        uriParseSingleUriExMm[AW]
        uriRemoveBaseUriMm[AW]
      New functions (for convenience):
        uriCompleteMemoryManager
        uriEmulateCalloc
        uriEmulateReallocarray
        uriTestMemoryManager
      New error codes:
        URI_ERROR_MEMORY_MANAGER_FAULTY
        URI_ERROR_MEMORY_MANAGER_INCOMPLETE
      New types:
        UriFuncCalloc
        UriFuncFree
        UriFuncMalloc
        UriFuncRealloc
        UriFuncReallocarray
        UriMemoryManager
  * Added: Add non-void versions of uriNormalizeSyntaxMaskRequired*
      New functions:
        uriNormalizeSyntaxMaskRequiredEx[AW]
  * Changed: Migrate test suite from CppTest to GoogleTest 1.8.1
  * Improved: Make test suite free of memory leaks (GitHub #31)
      Thanks to AddressSanitizer!
  * Removed: Support for pointless define URI_SIZEDOWN (GitHub #29)
      Related configure option --enable-sizedown has also been removed.
  * Soname: 1:23:0

2018-08-18 -- 0.8.6

  * Fixed: Bad/NULL .hostText.afterLast when parsing certain rather pathologic
      but well-formed URIs with empty host (e.g. "//:%aa@") (GitHub #15)
      Thanks to Kurt Schwehr for the report!
  * Fixed: Fix uriRemoveBaseUri for case where scheme, host name,
      IPvFuture address or path segments of the source address were
      string prefixes of the related counterpart in the base URI.
      Thanks to Yang Yu for the patch! (GitHub #19, #20)
  * Fixed: Make UriStringToUnixFilename and UriStringToWindowsFilename
      support minimal representation a la RFC 8089, e.g. file:/bin/bash
      (compare to file:///bin/bash with three slashes) (GitHub #12, #14)
      Thanks to Zane van Iperen for the report!
  * Fixed: Documentation typos (GitHub #10, #11)
      Thanks to Graham Percival!
  * Improved: Made API docs of uriRemoveBaseUri more clear
      (related to GitHub #19)
  * Soname: 1:22:0

2018-02-07 -- 0.8.5

  * Changed: The uriparser project has moved from SourceForge to GitHub:
      Code + issue tracker: https://github.com/uriparser/uriparser
      New website: https://uriparser.github.io/
      Please update any links of yours, accordingly. Thank you!
  * Fixed: Memleak in out-of-memory clean-up code
      of URI normalization, related to SF.net bug #28.
      Thanks to Chris Hills for the report!
  * Fixed: Fix compilation of uriparse(1) on FreeBSD
      Thanks to Ed Schouten for the patch!
  * Fixed: Fix C90 compilation errors
      Thanks to Joel Cunningham for the patches!
  * Fixed: Space requirements documented for uriWindowsFilenameToUriStringA
      given URI "file://server1/file1.txt" (SF.net bug #31)
      Thanks to threedyd for the report!
  * Fixed: Compiler warnings
      Thanks to Joel Cunningham for the patches!
  * Fixed: Stop exporting internal function RemoveBaseUriImpl
      Thanks to Joel Cunningham for the report!
  * Fixed: API documentation front page no longer empty with Doxygen 1.8.13
  * Fixed: "make -C doc install" fixed for lack of .map files
  * Improved: Communicate that absolutePath is always URI_FALSE for URIs
      with a host in uriparse CLI tool output and Uri.h header
      (GitHub #2, SF.net #30)
  * Soname: 1:21:0

2015-10-12 -- 0.8.4

  * Fixed: Stack overflow on parsing malformed IPv6 addresses with
      more than eigtht quads.  Thanks to Alexander Klink for the report!
  * Soname: 1:20:0

2015-10-04 -- 0.8.3

  * Fixed: uriCompareRange reported NULL pointer and range of
      length zero as equal, by mistake.
      Thanks to Robert Kausch and his Coverity report.
  * Fixed: Use-after-free in out-of-memory code of uriMakeOwner.
      Thanks to Chris Hills and his Klocwork-based report (SF.net bug #28)
  * Soname: 1:19:0

2015-04-27 -- 0.8.2

  * Fixed: Broken conversion from/to Windows network shares (SF.net bug #21)
      Thanks to Adam Gross and Dmitry Repkin!
  * Fixed: Limit uriCompareRange return values to -1/0/1 (SF.net bug #24)
      As a side effect, this fixes the test suite for AArch64.
      Thanks to Marcin Juszkiewicz for the patch!
  * Fixed: MinGW Makefile:
      LIB_DIR fixed from ../../lib leftover to ../../src (SF.net bug #27)
      Thanks to Dmytro Zagashev for the report!
  * Fixed: Add missing NULL checks to UriStringToFilename (SF.net bug #25)
      Thanks to Jerome Custodio for the report!
  * Changed: Leave inlining decisions to GCC
  * Soname: 1:18:0

2014-10-20 -- 0.8.1

  * Fixed: Sync URI_VER_* preprocessor defines (were at 0.7.6, SF.net bug #23)
  * Fixed: Bug in internal function that may flip uriEqualsUri results around
  * Added: Function uriAddBaseUriEx allowing to resolve URIs with
      a scheme identical to that of the base URI to resolve against
      as if the URI to resolve had no scheme specified, when flag
      URI_RESOLVE_IDENTICAL_SCHEME_COMPAT is specified
      (SF.net feature request #4)
  * Soname: 1:17:0

2014-07-12 -- 0.8.0.1

  * Fixed: ISO C90 warnings (SF.net bug #20)
  * Changed: No longer ship RFC documents (to make things easier for Debian)
  * Soname: 1:16:0

2013-12-20 -- 0.8.0

  * Fixed: Resolution of relative URI "/" broken
      Thanks to Mo McRoberts for the patch!
  * Fixed: uriAddBaseUri produced uriUri objects with both host
      and the absolutePath flag set (while the absolutePath flag
      should only be true for URI objects without a host) when
      resolving absolute URIs like "/" or "/foo/bar".
      Now the absolutePath flag is set to URI_FALSE and an empty
      segment is added as necessary
  * Fixed: .errorCode could end up unset, previously
      Thanks to Radu Hociung for the patch!  (SF.net bug #16)
  * Fixed: Resolve use of non-POSIX "sed -r" used when building
     documentation  (SF.net bug #18)
     Thanks to Ryan Schmidt for reporting!
  * Fixed: Build DLL with -no-undefined on Windows
      Thanks to Michel Zou for the patch!  (SF.net bug #19)
  * Added: Command line tool "uriparse"
      Thanks to Radu Hociung for coding!  (SF.net feature request #3)
  * Soname: 1:15:0

2013-08-24 -- 0.7.9

  * Fixed: Error position ended up as NULL for some syntax errors.
      Thanks to Daniel Solano Gómez for the patch!  (SF.net bug #14)
  * Soname: 1:14:0

2013-05-13 -- 0.7.8

  * Fixed: Fix dissection of query string "q=hello&x=&y=" (SF.net bug #12)
      Thanks to Marc Novakowski for reporting!
  * Soname: 1:13:0

2012-04-05 -- 0.7.7

  * Fixed: Fix rejection of some valid characters for userinfo
      section, e.g. "http://%2Fuser:%2F21@host/" (SF.net bug #11)
  * Fixed: Fix rejection of valid double colon in userinfo
      section, e.g. "http://::@host/"
  * Soname: 1:12:0

2012-01-20 -- 0.7.6

  * Fixed: Qt Compressed Help file was not installed
  * Fixed: Shadow/VPATH build doc generation
  * Fixed: Compile error from Doxygen when configuring with
      neither --enable-doc nor --disable-doc
  * Fixed: Code documentation errors
      Thanks to Valentin Haenel for the patch!
  * Fixed: Fix include path in pkg-config, i.e. remove
      "/uriparser" suffix as uriparser's headers are meant to
      be included by statements like #include <uriparser/....> .
      Thanks to Philip de Nier for reporting!
  * Fixed: Compilation in context of Eclipse + Cygwin + wchar_t
      (SF.net bug #10)
      Thanks to Gary Mazzaferro for reporting!
  * Fixed: Selection of supported character widths at build
      time: <char *> or <wchar_t *> or both
  * Added: configure parameters to disable either character
      widths: --disable-char, --disable-wchar_t
  * Soname: 1:11:0

2009-03-04 -- 0.7.5

  * Added: pkg-config file
  * Fixed: File Doxyfile.in was missing from release archives
      Thanks to Rakesh Pandit for reporting!
  * Fixed: Doc generation troubles
  * Changed: No longer shipping bundled libcpptest
  * Changed: New dependencies:
      - libcpptest 1.1.0 or later
      - pkg-config
      The libcpptest dependency can be disabled through
      configuring with --disable-test, which excludes the
      test suite from compilation.
  * Soname: 1:10:0

2008-12-23 -- 0.7.4

  * Fixed: Null pointer de-referencing when dissecting query
      strings starting with "&" right after "?" (SF.net bug #7).
      Thanks to Harvey Vrsalovic for reporting!
  * Fixed: Memory leak in uriFreeQueryList function (SF.net bug #6)
      Thanks to Daniel Chapiesky for reporting!
  * Fixed: Memory leak in uriNormalizeSyntax(Ex) functions (SF.net bug #6)
      Thanks to Daniel Chapiesky for reporting!
  * Improved: Nested configure hacks resolved
  * Soname: 1:9:0

2008-11-08 -- 0.7.3

  * Fixed: Missing NULL check in parsing routines
      Thanks to Sezai Tekin for reporting!
  * Fixed: uriparser now builds on Cygwin
  * Fixed: Now shipping gnulib's config.guess from HEAD
      which is suitable for Haiku (SF.net bug #5)
  * Changed: swprintf requirement resolved
  * Changed: Build system changes:
      - configure option --enable-doc added
      - configure.in renamed to configure.ac
      - some Autotools files moved to build-aux directory
  * Added: Qt Assistant documentation output:
      - Qt Compressed Help (.qch) at <doc/uriparser-doc-*.qch>
      - Qt Help Project (.qhp) at <doc/html/index.qhp>
      Generation requires Doxygen 1.5.7.1-20081103 or later.
  * Soname: 1:8:0

2008-09-01 -- 0.7.2

  * Fixed: Bad cleanup logic in functions
      - uriAddBaseUri(..)
      - uriRemoveBaseUri(..)
      Previously you needed to call uriFreeUriMembers on return code
      URI_ERROR_MALLOC and only then. So that's why these functions now
      take cleanup off your shoulders. An extra call to uriFreeUriMembers
      from your side is still needed in case of success.
  * Soname: 1:7:0

2008-04-27 -- 0.7.1

  * Fixed: Bogus syntax error when parsing URIs with port-like
      passwords, e.g. "http://user:21@host/" (SF.net bug #1)
      Thanks to Friedrich Delgado Friedrichs for reporting!
  * Fixed: Parser did not handle trailing slashes correctly in some cases,
      which also made the structures produced from parsing "http://e.com/"
      and "http://e.com" indistinguishable. (SF.net bug #2)
      Thanks to Edward Z. Yang for reporting!

2008-04-04 -- 0.7.0

  * Added: Dissection and composition of query strings
  * Added: Documentation improvements
      (in|out|inout indicators, addition of \since and \see)
  * Changed: Code::Blocks project files updated from file format
      version 1.4 to 1.6, which is produced by Code::Blocks 8.02
  * Added: Code::Blocks workspace file
  * Soname: 1:5:0

2008-02-25 -- 0.6.4

  * Added: Syntax-based normalization can now handle relative URIs,
      e.g. "../../a/b/.././c" is normalized to "../../a/c"
  * Fixed: Normalization code could free foreign memory
  * Fixed: Normalization processed the path segment even when asked not to
  * Added: MinGW Makefile and related readme
      Thanks to Michael Anthony Puls II!
  * Fixed: Documentation bug not requiring enough memory for the output
      buffer when converting a relative file URI back to a filename
  * Soname: 1:4:0

2008-02-11 -- 0.6.3

  * Fixed: Two major crash bugs in normalization code
      Thanks to Adrian Manrique for the patch!
  * Added: Brief usage tutorial
  * Soname: 1:3:0

2008-02-08 -- 0.6.2

  * Fixed: Freeing a normalized URI like "http://test?"
      caused a crash. Thanks to Adrian Manrique for reporting!
  * Fixed: Filename <--> URI string conversion helpers can
      now handle relative URIs and filenames
  * Soname: 1:2:0

2007-12-23 -- 0.6.1

  * Fixed: Percent-encodings in hostnames were not repaired during normalization.
      Thanks to Adrian Manrique for reporting!
  * Fixed: Percent-encodings were fixed after dot removal not before during
      normalization.
      Thanks to Adrian Manrique for reporting!
  * Fixed: Include path order bug
      Thanks to Ed Schouten for reporting this!
  * Fixed: Shadow builds now possible
      Thanks to Adeodato Simó for the patch!
  * Added: Version guards for Autoconf/Automake
      Thanks to Martin Michlmayr for reporting!
  * Soname: 1:1:0

2007-09-17 -- 0.6.0

  * Fixed: Proper soname updates from now on, starting at 1:0:0
  * Removed: Visual Studio 2003 project files

2007-09-13 -- 0.5.2

  * Added: RemoveBaseUri function to create URI references
  * Added: Unix/Windows filename <--> URI string conversion helpers
  * Added: EscapeEx function to escape text blocks without zero termination
  * Fixed: Bug in ToString for URIs with scheme, path, but no host (e.g. "f:/.//g")
  * Fixed: AddBase now resolves ".//g" with base "f:/a" to "f:/.//g" instead of
      "f://g" which would result in "g" becoming the authority part when parsing
      a recomposition (ToString) of that URI structure. This is a whole in RFC 3986,
      see http://lists.w3.org/Archives/Public/uri/2007Aug/0003.html for details.

2007-08-09 -- 0.5.1

  * Fixed: Empty host bug (URIs like "///g")
  * Fixed: Relative URIs are no longer touched by normalization
  * Fixed: MergePath failed for empty paths
  * Fixed: Bug with "." segments in AddBase
      All of the above revealed by test cases from 4Suite (http://4suite.org/)

2007-07-28 -- 0.5.0

  * Added: Syntax-based normalization
  * Added: Percent-encoding function Escape
  * Improved: Malloc/NULL checks added
  * Added: New function UnescapeInPlaceEx can also decode '+' to ' '
      and convert line breaks
  * Added: Exact space computation for ToString, see ToStringCharsRequired
  * Added: --enable-sizedown for saving space and slower code
  * Fixed: Two internal functions were exposed in the API by mistake:
      uriPushToStack and uriStackToOctet
  * Added: Visual Studio 2005 project files
  * Removed: Legacy code (removal was announced for 0.5.0)

2007-07-06 -- 0.4.1

  * Fixed: ToString did not work for IPv4 and IPv6 hosts

2007-07-03 -- 0.4.0

  * Added: References resolution (think relative to absolute)
  * Added: Naive URI equality check
  * Added: URIs can now be converted back to strings
  * Fixed: The first path segment of a relative URI was eaten
      (functions ParseSegmentNz and ParseMustBeSegmentNzNc)
  * Fixed: uri->scheme.first was not reset in some cases
      (function ParseMustBeSegmentNzNc)
  * Improved: Test suite now built on "make check", not before
  * Fixed: Test suite always returned 0 (success)

2007-04-23 -- 0.3.4

  * Added: Shared library support (moved to libtool)

2007-04-03 -- 0.3.3

  * Fixed: Now unix EOLs constantly
  * Fixed: Added forgotten files to release package

2007-03-31 -- 0.3.2

  * Fixed: Now compiles on FreeBSD

2007-03-28 -- 0.3.1

  * Fixed: Now compiles on Mac OS X

2007-03-26 -- 0.3.0

  * Added: New API, old marked deprecated
  * Added: Unicode support (think wchar_t)
  * Added: Doxygen code documentation
  * Added: Test suite using CppTest
  * Changed: Library code is now licensed under the new BSD license.
      The test suite code is licensed under LGPL.

2006-12-08 -- 0.2.1