Merge branch 'release/debian/0.9.8+dfsg-1'HEADdebian/0.9.8+dfsg-1master

13 files changed, 115 insertions, 37 deletions

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 168fa2b..f330d27 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -17,14 +17,14 @@ jobs:
         include:
           - name: Native Linux
             cmake_args: >-
-              -DCMAKE_C_COMPILER=clang-15
-              -DCMAKE_CXX_COMPILER=clang++-15
+              -DCMAKE_C_COMPILER=clang-18
+              -DCMAKE_CXX_COMPILER=clang++-18
             cflags: >-
               -fsanitize=address,undefined,leak
               -fno-sanitize-recover=all
               -fno-omit-frame-pointer
             ldflags: >-
-              -fsanitize=address
+              -fsanitize=address,undefined,leak
           - name: MingGW on Linux
             cmake_args: >-
               -DCMAKE_C_COMPILER=i686-w64-mingw32-gcc
@@ -34,7 +34,7 @@ jobs:
               -DMINGW=ON
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3.0.2
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b  # v4.1.4
 
       - name: Add Clang/LLVM repositories (Non-MinGW)
         if: "${{ ! contains(matrix.cmake_args, 'mingw') }}"
@@ -42,7 +42,7 @@ jobs:
           set -x
           source /etc/os-release
           wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
-          sudo add-apt-repository "deb http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-15 main"
+          sudo add-apt-repository "deb http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-18 main"
 
       - name: Install build dependencies
         run: |-
@@ -86,8 +86,8 @@ jobs:
         if: "${{ ! contains(matrix.cmake_args, 'mingw') }}"
         run: |-
           sudo apt-get install --yes --no-install-recommends -V \
-              clang-15 \
-              llvm-15
+              clang-18 \
+              libclang-rt-18-dev
 
       - name: Build, test and install
         run: |-
@@ -104,7 +104,7 @@ jobs:
             cd googletest-release-${GTEST_VERSION}/
 
             # Silence warning "Compatibility with CMake < 2.8.12 will be removed"
-            find -name CMakeLists.txt -print -exec sed 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.0.2)/' -i {} \;
+            find -name CMakeLists.txt -print -exec sed 's/cmake_minimum_required.*/cmake_minimum_required(VERSION 3.5.0)/' -i {} \;
 
             cmake \
                 -DBUILD_SHARED_LIBS=ON \
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 313092a..77f8ada 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,18 +34,18 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 # OF THE POSSIBILITY OF SUCH DAMAGE.
 #
-cmake_minimum_required(VERSION 3.3)
+cmake_minimum_required(VERSION 3.5.0)
 
 project(uriparser
     VERSION
-        0.9.7
+        0.9.8
     LANGUAGES
         C
 )
 
 # See https://verbump.de/ for what these numbers do
 set(URIPARSER_SO_CURRENT    1)
-set(URIPARSER_SO_REVISION  30)
+set(URIPARSER_SO_REVISION  31)
 set(URIPARSER_SO_AGE        0)
 
 include(CheckCCompilerFlag)
@@ -58,7 +58,12 @@ include(GNUInstallDirs)
 #
 # Configuration
 #
-option(BUILD_SHARED_LIBS "Build shared libraries (rather than static ones)" ON)
+if(DEFINED BUILD_SHARED_LIBS)
+    set(_URIPARSER_SHARED_LIBS_DEFAULT ${BUILD_SHARED_LIBS})
+else()
+    set(_URIPARSER_SHARED_LIBS_DEFAULT ON)
+endif()
+option(URIPARSER_SHARED_LIBS "Build shared libraries (rather than static ones)" ${_URIPARSER_SHARED_LIBS_DEFAULT})
 option(URIPARSER_BUILD_DOCS "Build API documentation (requires Doxygen, Graphviz, and (optional) Qt's qhelpgenerator)" ON)
 option(URIPARSER_BUILD_TESTS "Build test suite (requires GTest >=1.8.0)" ON)
 option(URIPARSER_BUILD_TOOLS "Build tools (e.g. CLI \"uriparse\")" ON)
@@ -83,6 +88,12 @@ if(URIPARSER_BUILD_TESTS)
     enable_language(CXX)
 endif()
 
+if(URIPARSER_SHARED_LIBS)
+    set(_URIPARSER_STATIC_OR_SHARED SHARED)
+else()
+    set(_URIPARSER_STATIC_OR_SHARED STATIC)
+endif()
+
 macro(uriparser_apply_msvc_runtime_to ref)
     string(REGEX REPLACE "/M[DT]d?" ${URIPARSER_MSVC_RUNTIME} ${ref} "${${ref}}")
 endmacro()
@@ -151,6 +162,7 @@ set(LIBRARY_CODE_FILES
 )
 
 add_library(uriparser
+    ${_URIPARSER_STATIC_OR_SHARED}
     ${API_HEADER_FILES}
     ${LIBRARY_CODE_FILES}
 )
@@ -175,7 +187,7 @@ set_property(
 )
 
 target_compile_definitions(uriparser PRIVATE URI_LIBRARY_BUILD)
-if (NOT BUILD_SHARED_LIBS)
+if (NOT URIPARSER_SHARED_LIBS)
     target_compile_definitions(uriparser PUBLIC URI_STATIC_BUILD)
 endif()
 if(NOT URIPARSER_BUILD_CHAR)
@@ -464,7 +476,7 @@ message(STATUS "================================================================
 message(STATUS "")
 message(STATUS "Configuration")
 message(STATUS "  Build type ............. ${CMAKE_BUILD_TYPE}")
-message(STATUS "  Shared libraries ....... ${BUILD_SHARED_LIBS}")
+message(STATUS "  Shared libraries ....... ${URIPARSER_SHARED_LIBS}")
 message(STATUS "  Compiler flags")
 message(STATUS "    C .................... ${CMAKE_C_FLAGS}")
 message(STATUS "    C++ .................. ${CMAKE_CXX_FLAGS}")
diff --git a/ChangeLog b/ChangeLog
index 7cf421b..8f19bbf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,33 @@ NOTE: uriparser is looking for help with a few things:
       https://github.com/uriparser/uriparser/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+2024-05-05 -- 0.9.8
+
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed: [CVE-2024-34402]
+      Protect against integer overflow in ComposeQueryEngine
+      (GitHub #183, GitHub #185)
+  * Fixed: [CVE-2024-34403]
+      Protect against integer overflow in ComposeQueryMallocExMm
+      (GitHub #183, GitHub #186)
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Changed: Require CMake >=3.5.0 (GitHub #172)
+  * Added: CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control,
+      whether to produce a shared or static library for uriparser
+      and that alone, falls back to standard BUILD_SHARED_LIBS
+      if available, else defaults to "ON" (GitHub #169, GitHub #170)
+  * Improved: Document that scheme-based normalization a la
+      section 6.2.3 of RFC 3986 is a responsibility of the application
+      using uriparser (GitHub #173, GitHub #174)
+  * Improved: Document supported code points for functions uriEscape(Ex)W
+      (GitHub #171, GitHub #175)
+  * Infrastructure: Update Clang from 15 to 18 (GitHub #161, GitHub #187)
+  * Infrastructure: Adapt to breaking changes in Clang packaging (GitHub #160)
+  * Infrastructure: Get sanitizer CFLAGS and LDFLAGS back in sync (GitHub #161)
+  * Infrastructure: Pin GitHub Actions to specific commits for security
+      (GitHub #165)
+  * Soname: 1:31:0 — see https://verbump.de/ for what these numbers do
+
 2022-10-05 -- 0.9.7
 
   * Fixed: Multiple issues with IPv6 and IPvFuture literal parsing
diff --git a/README.md b/README.md
index 2846e9d..d399ca2 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ please check out [https://uriparser.github.io/](https://uriparser.github.io/).
 # Example use from an existing CMake project
 
 ```cmake
-cmake_minimum_required(VERSION 3.3)
+cmake_minimum_required(VERSION 3.5.0)
 
 project(hello VERSION 1.0.0)
 
@@ -49,9 +49,6 @@ target_link_libraries(hello PUBLIC uriparser::uriparser)
 ## Available CMake options (and defaults)
 ```console
 # rm -f CMakeCache.txt ; cmake -LH . | grep -B1 ':.*=' | sed 's,--,,'
-// Build shared libraries (rather than static ones)
-BUILD_SHARED_LIBS:BOOL=ON
-
 // Choose the type of build, options are: None Debug Release RelWithDebInfo MinSizeRel ...
 CMAKE_BUILD_TYPE:STRING=
 
@@ -82,6 +79,9 @@ URIPARSER_ENABLE_INSTALL:BOOL=ON
 // Use of specific runtime library (/MT /MTd /MD /MDd) with MSVC
 URIPARSER_MSVC_RUNTIME:STRING=
 
+// Build shared libraries (rather than static ones)
+URIPARSER_SHARED_LIBS:BOOL=ON
+
 // Treat all compiler warnings as errors
 URIPARSER_WARNINGS_AS_ERRORS:BOOL=OFF
 ```
diff --git a/THANKS b/THANKS
index 3213f9b..a394948 100644
--- a/THANKS
+++ b/THANKS
@@ -67,7 +67,8 @@ Shehzan Mohammed
 SpaceIm
 Valentin Haenel
 Vitaly Lipatov
-Yang Yu
 Wouter Beek
+Yan Li
+Yang Yu
 Zachary Lund
 Zane van Iperen
diff --git a/cmake/test_find_package/CMakeLists.txt b/cmake/test_find_package/CMakeLists.txt
index a9609c5..77527cd 100644
--- a/cmake/test_find_package/CMakeLists.txt
+++ b/cmake/test_find_package/CMakeLists.txt
@@ -34,7 +34,7 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 # OF THE POSSIBILITY OF SUCH DAMAGE.
 #
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.5.0)
 
 project(test-find-package VERSION 1.0)
 
diff --git a/debian/changelog b/debian/changelog
index 7688ea0..6ff7498 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+uriparser (0.9.8+dfsg-1) unstable; urgency=medium
+
+  * New upstream release:
+    - Fixes CVE-2024-34402, CVE-2024-34403 (Closes: #1070376).
+  * debian/changelog:
+    - Add year 2024 to myself.
+  * debian/control:
+    - Change to new repository URL.
+  * Declare compliance with Debian Policy 4.7.0 (No changes needed).
+
+ -- Jörg Frings-Fürst <debian@jff.email>  Thu, 11 Jul 2024 16:49:54 +0200
+
 uriparser (0.9.7+dfsg-2) unstable; urgency=medium
 
   * debian/liburiparser-dev.install:
diff --git a/debian/control b/debian/control
index 3be17a8..d5bf0fd 100644
--- a/debian/control
+++ b/debian/control
@@ -11,11 +11,11 @@ Build-Depends:
  libqt5sql5-sqlite,
  qtbase5-dev,
  qttools5-dev-tools
-Standards-Version: 4.6.2.0
+Standards-Version: 4.7.0
 Rules-Requires-Root: no
 Homepage: http://uriparser.sourceforge.net
-Vcs-Git: git://jff.email/opt/git/uriparser.git
-Vcs-Browser: https://jff.email/cgit/uriparser.git
+Vcs-Git: https://git.jff.email/uriparser.git
+Vcs-Browser: https://git.jff.email/cgit/uriparser.git
 
 Package: liburiparser1
 Architecture: any
diff --git a/debian/copyright b/debian/copyright
index 6b2878e..11d2b7c 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -20,7 +20,7 @@ Copyright: 2014-2015 Sebastian Pipping <webmaster@hartwork.org>
 License: LGPL-2.1+
 
 Files: debian/*
-Copyright: 2014-2023 Jörg Frings-Fürst <debian@jff.email>
+Copyright: 2014-2024 Jörg Frings-Fürst <debian@jff.email>
 License: GPL-3+
 
 License: BSD-3-clause
diff --git a/debian/files b/debian/files
index 49030ce..174a831 100644
--- a/debian/files
+++ b/debian/files
@@ -1 +1 @@
-uriparser_0.9.7+dfsg-2_source.buildinfo libs optional
+uriparser_0.9.8+dfsg-1_source.buildinfo libs optional
diff --git a/include/uriparser/Uri.h b/include/uriparser/Uri.h
index d2c8610..b80ac6c 100644
--- a/include/uriparser/Uri.h
+++ b/include/uriparser/Uri.h
@@ -1,4 +1,4 @@
-/* 4bf720e0ca97527a28e4c30f1c35b36a0b5f2697265c5ddc81080eaab4344ef2 (0.9.7+)
+/* e8e2c75d033ddfe256fe87c3fd5a330a6f2c9cbb376ebd83a1b3263e804c766a (0.9.8+)
  *
  * uriparser - RFC 3986 URI parsing library
  *
@@ -352,10 +352,19 @@ URI_PUBLIC int URI_FUNC(FreeUriMembersMm)(URI_TYPE(Uri) * uri,
 /**
  * Percent-encodes all unreserved characters from the input string and
  * writes the encoded version to the output string.
- * Be sure to allocate <b>3 times</b> the space of the input buffer for
+ *
+ * NOTE: Be sure to allocate <b>3 times</b> the space of the input buffer for
  * the output buffer for <c>normalizeBreaks == URI_FALSE</c> and <b>6 times</b>
  * the space for <c>normalizeBreaks == URI_TRUE</c>
- * (since e.g. "\x0d" becomes "%0D%0A" in that case)
+ * (since e.g. "\x0d" becomes "%0D%0A" in that case).
+ *
+ * NOTE: The implementation treats (both <c>char</c> and) <c>wchar_t</c> units
+ * as code point integers, which works well for code points <c>U+0001</c> to <c>U+00ff</c>
+ * in host-native endianness but nothing more;
+ * in particular, using <c>uriEscapeExW</c> with arbitrary Unicode input will
+ * not produce healthy results.
+ * Passing UTF-8 input to <c>uriEscapeExA</c> may be useful in some scenarios.
+ * Keep in mind that uriparser is about %URI (RFC 3986) not %IRI (RFC 3987).
  *
  * @param inFirst           <b>IN</b>: Pointer to first character of the input text
  * @param inAfterLast       <b>IN</b>: Pointer after the last character of the input text
@@ -377,10 +386,19 @@ URI_PUBLIC URI_CHAR * URI_FUNC(EscapeEx)(const URI_CHAR * inFirst,
 /**
  * Percent-encodes all unreserved characters from the input string and
  * writes the encoded version to the output string.
- * Be sure to allocate <b>3 times</b> the space of the input buffer for
+ *
+ * NOTE: Be sure to allocate <b>3 times</b> the space of the input buffer for
  * the output buffer for <c>normalizeBreaks == URI_FALSE</c> and <b>6 times</b>
  * the space for <c>normalizeBreaks == URI_TRUE</c>
- * (since e.g. "\x0d" becomes "%0D%0A" in that case)
+ * (since e.g. "\x0d" becomes "%0D%0A" in that case).
+ *
+ * NOTE: The implementation treats (both <c>char</c> and) <c>wchar_t</c> units
+ * as code point integers, which works well for code points <c>U+0001</c> to <c>U+00ff</c>
+ * in host-native endianness but nothing more;
+ * in particular, using <c>uriEscapeW</c> with arbitrary Unicode input will
+ * not produce healthy results.
+ * Passing UTF-8 input to <c>uriEscapeA</c> may be useful in some scenarios.
+ * Keep in mind that uriparser is about %URI (RFC 3986) not %IRI (RFC 3987).
  *
  * @param in                <b>IN</b>: Text source
  * @param out               <b>OUT</b>: Encoded text destination
@@ -608,6 +626,10 @@ URI_PUBLIC int URI_FUNC(ToStringCharsRequired)(const URI_TYPE(Uri) * uri,
  * Converts a %URI structure back to text as described in
  * <a href="http://tools.ietf.org/html/rfc3986#section-5.3">section 5.3 of RFC 3986</a>.
  *
+ * NOTE: Scheme-based normalization
+ * (<a href="http://tools.ietf.org/html/rfc3986#section-6.2.3">section 6.2.3 of RFC 3986</a>)
+ * is not applied and is considered a responsibility of the application using uriparser.
+ *
  * @param dest           <b>OUT</b>: Output destination
  * @param uri            <b>IN</b>: %URI to convert
  * @param maxChars       <b>IN</b>: Maximum number of characters to copy <b>including</b> terminator
diff --git a/include/uriparser/UriBase.h b/include/uriparser/UriBase.h
index 5216b1d..dc3883e 100644
--- a/include/uriparser/UriBase.h
+++ b/include/uriparser/UriBase.h
@@ -55,7 +55,7 @@
 /* Version */
 #define URI_VER_MAJOR           0
 #define URI_VER_MINOR           9
-#define URI_VER_RELEASE         7
+#define URI_VER_RELEASE         8
 #define URI_VER_SUFFIX_ANSI     ""
 #define URI_VER_SUFFIX_UNICODE  URI_ANSI_TO_UNICODE(URI_VER_SUFFIX_ANSI)
 
diff --git a/src/UriQuery.c b/src/UriQuery.c
index b2734bc..bbc1548 100644
--- a/src/UriQuery.c
+++ b/src/UriQuery.c
@@ -70,6 +70,7 @@
 
 
 #include <limits.h>
+#include <stddef.h> /* size_t */
 
 
 
@@ -177,10 +178,13 @@ int URI_FUNC(ComposeQueryMallocExMm)(URI_CHAR ** dest,
 	if (res != URI_SUCCESS) {
 		return res;
 	}
+	if (charsRequired == INT_MAX) {
+	    return URI_ERROR_MALLOC;
+	}
 	charsRequired++;
 
 	/* Allocate space */
-	queryString = memory->malloc(memory, charsRequired * sizeof(URI_CHAR));
+	queryString = memory->calloc(memory, charsRequired, sizeof(URI_CHAR));
 	if (queryString == NULL) {
 		return URI_ERROR_MALLOC;
 	}
@@ -218,16 +222,16 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
 		const URI_CHAR * const key = queryList->key;
 		const URI_CHAR * const value = queryList->value;
 		const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
-		const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
+		const size_t keyLen = (key == NULL) ? 0 : URI_STRLEN(key);
 		int keyRequiredChars;
-		const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
+		const size_t valueLen = (value == NULL) ? 0 : URI_STRLEN(value);
 		int valueRequiredChars;
 
-		if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
+		if ((keyLen >= (size_t)INT_MAX / worstCase) || (valueLen >= (size_t)INT_MAX / worstCase)) {
 			return URI_ERROR_OUTPUT_TOO_LARGE;
 		}
-		keyRequiredChars = worstCase * keyLen;
-		valueRequiredChars = worstCase * valueLen;
+		keyRequiredChars = worstCase * (int)keyLen;
+		valueRequiredChars = worstCase * (int)valueLen;
 
 		if (dest == NULL) {
 			(*charsRequired) += ampersandLen + keyRequiredChars + ((value == NULL)