Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
changes from changelog: 2022-01-06 -- 0.9.6 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: [CVE-2021-46141] Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* functions where the text range in .hostText would not be duped using malloc but remain unchanged (and hence "not owned") for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses uriparser, this could lead the application into a use-after-free situation. As the second half, fix uriFreeUriMembers* functions that would not free .hostText memory for URIs with an IPv4 or IPv6 address host; also, calling uriFreeUriMembers* multiple times on a URI of this very nature would result in trying to free pointers to stack (rather than heap) memory (GitHub #121, GitHub #124) Commit 987b046e41f407d17c622e580fc82a5e834b4329 Commit b1a34743bc1472e055d886e29e9b53f670eb3282 * Fixed: [CVE-2021-46142] Fix functions uriNormalizeSyntax* for out-of-memory situations (i.e. malloc returning NULL) for URIs containing empty segments (any of user info, host text, query, or fragment) where previously pointers to stack (rather than heap) memory were freed (GitHub #122, GitHub #124) Commit c0483990e6b5b454f7c8752b36760cfcb0d093f5 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> * Fixed: CMake: Call "enable_language(CXX)" prior to tinkering with CMAKE_CXX_* variables (GitHub #110) Thanks to Alexander Richardson for the patch (originally at libexpat) * Fixed: CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR (GitHub #114) Thanks to Rafael Fontenelle for bringing this up (originally at libexpat) * Fixed: Windows: Address MSVC compiler warnings (GitHub #111, GitHub #113) * Fixed: Documentation: Space requirements for uriUriStringToUnixFilename did not take into account short form "file:/bin/bash" of RFC 8089 of 2017 (with prefix "file:/" rather than "file:///") that uriparser supports since release 0.8.6 in 2018 (GitHub #118, GitHub #119) * Fixed: Compile error with MinGW GCC 9 related to a mismatched prototype for function inet_ntop (GitHub #117, GitHub #120) Thanks to Sandro Mani for the report! * Fixed: Compile warnings in test suite code (GitHub #120) * Improved: Respect variable ${CPP} in doc/preprocess.sh (GitHub #115) * Added: Test suite invocation for MinGW using Wine (GitHub #120) * Soname: 1:29:0 see https://verbump.de/ for what these numbers do
- Loading branch information