New upstream version 1.0.1+dfsgupstream/1.0.1+dfsgupstream

1 files changed, 192 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 8f19bbf..5b1ed29 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,196 @@ NOTE: uriparser is looking for help with a few things:
       https://github.com/uriparser/uriparser/labels/help%20wanted
       If you can help, please get in touch.  Thanks!
 
+2026-04-27 -- 1.0.1
+
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed: [CVE-2026-42371]
+      Protect from integer overflow in text range comparison.
+      Thanks for the report and pull request to Joshua W. Windle! (GitHub #298)
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed: Fix `reallocarray` preprocessor handling for Illumos (GitHub #289)
+  * Improved: Fix an in-code comment typo in src/UriCommon.c;
+      Thanks for the report and pull request to Tim Düsterhus! (GitHub #290)
+  * Improved: CMake: Start enforcing supported C++ standard (GitHub #295)
+  * Improved: Allow use of C++11 to future unit tests (GitHub #296)
+  * Infrastructure: Cover compilation with Visual Studio 18 2026 (GitHub #301)
+  * Infrastructure: Address warning on CMake <3.10 in CI (GitHub #297)
+  * Soname: 3:1:2 — see https://verbump.de/ for what these numbers do
+      (liburiparser.so.1.2.1)
+
+2025-12-15 -- 1.0.0
+
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Fixed: [CVE-2025-67899]
+      Protect from stack overflow during parsing by dissolving all 13 cases
+      of recursion, both direct and indirect. The attack vector was long
+      (or crafted) URI input. The known impact is denial of service or more.
+      Thanks for the report to Sergey Svistunov!
+      Thanks for in-depth review to Tim Düsterhus! (sponsored by Tideways GmbH)
+      Thanks for C callgraph tool "egypt" (https://www.gson.org/egypt/)
+        to Andreas Gustafsson and for "dot_find_cycles.py" to Jason Antman!
+      (GitHub #282, GitHub #284)
+>>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  * Changed: Start requiring a C99 compiler (GitHub #264, GitHub #273)
+  * Changed: Require CMake >=3.15.0 (GitHub #270)
+  * Changed: Stop building tests by default (GitHub #283)
+  * Fixed: Normalization of URIs with leading dot segments
+      produced ambiguous results in the sense that a reparse
+      after normalization would have misinterpreted path parts
+      as a host (GitHub #262, GitHub #263, GitHub #265)
+      Examples of affected URIs:
+      - "scheme:/.//path1/path2"
+      - "/.//path1/path2"
+      - ".//path1/path2"
+      The fix is to not remove that dot segment.
+      Thanks to Ignace Nyamagana Butera and to Tim Düsterhus for the report!
+  * Fixed: Insufficient pointer alignment from allocation wrappers
+      used in the implementation of function uriCompleteMemoryManager.
+      (GitHub #261)
+      Thanks to Matthew Fernandez and Rolf Eike Beer for the report and review!
+  * Fixed: Do not set `absolutePath` for empty paths when removing host
+      Thanks for the report and pull request to Tim Düsterhus!
+      (GitHub #275, GitHub #276)
+  * Fixed: Documentation of functions uriCompleteMemoryManager,
+      uriEmulateCalloc, uriEmulateReallocarray and uriTestMemoryManager
+      (GitHub #261)
+  * Fixed: CMake: Remake approach to static CRT with MSVC compilers
+      Old: -DURIPARSER_MSVC_RUNTIME=/MT
+      New: -DURIPARSER_MSVC_STATIC_CRT=ON
+      (GitHub #270)
+  * Fixed: Documentation: Get CMake variables list back in sync and sorted
+      in the readme (GitHub #270)
+  * Fixed: Various typos found by Codespell
+      (https://github.com/codespell-project/codespell) (GitHub #259)
+  * Added: Add a new (and recommended to use) version of uriTestMemoryManager
+      that can challenge pointer alignment (GitHub #261)
+      New functions:
+        uriTestMemoryManagerEx
+  * Improved: Increase test coverage by mutation testing
+      Thanks for the pull request to Tim Düsterhus! (GitHub #266)
+  * Improved: Address compiler warning -Wunused-but-set-variable (GitHub #268)
+  * Improved: Deduplicate internal char set macros (GitHub #280)
+  * Infrastructure: Enable stack traces from UndefinedBehaviorSanitizer in CI
+      via environment variable UBSAN_OPTIONS (GitHub #261)
+  * Infrastructure: Bump GoogleTest to 1.12.0 in AppVeyor CI to fix the build
+      with CMake >=3.5 (GitHub #261)
+  * Infrastructure: Migrate Windows CI from AppVeyor to GitHub Actions
+      (GitHub #270)
+  * Infrastructure: Make GitHub Actions detect and reject known typos using
+      Codespell (https://github.com/codespell-project/codespell) (GitHub #259)
+  * Infrastructure: Update Clang from 20 to 21 (GitHub #267)
+  * Infrastructure: Start specifying CXX and CXXFLAGS for fuzzing CI
+      (GitHub #268)
+  * Infrastructure: Make CI report on test coverage using LLVM, and offer
+      these reports for download (GitHub #32, GitHub #269)
+  * Infrastructure: Make CI enforce clang-format clean code (GitHub #272)
+  * Soname: 3:0:2 — see https://verbump.de/ for what these numbers do
+      (liburiparser.so.1.2.0)
+
+2025-09-03 -- 0.9.9
+
+  * Changed: Require CMake >=3.10.0 (GitHub #204)
+  * Fixed: Dissolve undefined behavior in parsing of URIs (GitHub #252)
+      Thanks to Tim Düsterhus for the report!
+  * Fixed: Normalized percent-encoded octets should have uppercase letters
+      in the host (GitHub #221, GitHub #222)
+      Thanks to Máté Kocsis for the pull request!
+  * Fixed: Fix documentation of uriEscape (GitHub #206, GitHub #207)
+  * Fixed: Docstring typo in ParseIpFourAddress (GitHub #254)
+  * Fixed: Documentation: Make Mainpage.txt bypass the C preprocessor
+      (GitHub #226, GitHub #227)
+  * Fixed: Documentation: Migrate Doxygen from ${CPP} to ${CC} -E (GitHub #192)
+  * Fixed: Fix macros URI_VER_SUFFIX_UNICODE and URI_VER_UNICODE (GitHub #258)
+      Thanks to Tim Düsterhus for the report and patch!
+  * Added: Support for copying Uri structures (GitHub #200, GitHub #230,
+      GitHub #237, GitHub #240, GitHub #250, GitHub #251)
+      Thanks to Máté Kocsis and to Tim Düsterhus!
+      New functions:
+        uriCopyUri[AW]
+        uriCopyUriMm[AW]
+  * Added: Add port normalization to NormalizeSyntax function (GitHub #231)
+  * Added: Add function HasHost to the public API (GitHub #234)
+      Thanks to Máté Kocsis for the pull request!
+      New functions:
+        uriHasHost[AW]
+  * Added: Support obtaining base runtime version (GitHub #219, GitHub #258)
+      New functions:
+        uriBaseRuntimeVersion[AW]
+  * Added: CMake: Add alias "uriparser::uriparser" (GitHub #197)
+  * Added: Integrate fuzzers from google/oss-fuzz repository and
+      improve those fuzzers on top (GitHub #209, GitHub #211, GitHub #212,
+      GitHub #214)
+      Thanks to @tyler92 for two of the related pull requests!
+  * Added: Support setting individual components of a UriUri[AW] structure
+      (GitHub #196, GitHub #249)
+      Part of this work was commissioned by the PHP Foundation.
+      Thanks to Máté Kocsis and Tim Düsterhus for the detailed review!
+      New functions:
+        uriIsWellFormedFragment[AW]
+        uriIsWellFormedHostIp4[AW]
+        uriIsWellFormedHostIp6[AW]
+        uriIsWellFormedHostIp6Mm[AW]
+        uriIsWellFormedHostIpFuture[AW]
+        uriIsWellFormedHostIpFutureMm[AW]
+        uriIsWellFormedHostRegName[AW]
+        uriIsWellFormedPath[AW]
+        uriIsWellFormedPort[AW]
+        uriIsWellFormedQuery[AW]
+        uriIsWellFormedScheme[AW]
+        uriIsWellFormedUserInfo[AW]
+        uriParseIpSixAddress[AW]
+        uriParseIpSixAddressMm[AW]
+        uriSetFragment[AW]
+        uriSetFragmentMm[AW]
+        uriSetHostAuto[AW]
+        uriSetHostAutoMm[AW]
+        uriSetHostIp4[AW]
+        uriSetHostIp4Mm[AW]
+        uriSetHostIp6[AW]
+        uriSetHostIp6Mm[AW]
+        uriSetHostIpFuture[AW]
+        uriSetHostIpFutureMm[AW]
+        uriSetHostRegName[AW]
+        uriSetHostRegNameMm[AW]
+        uriSetPath[AW]
+        uriSetPathMm[AW]
+        uriSetPortText[AW]
+        uriSetPortTextMm[AW]
+        uriSetQuery[AW]
+        uriSetQueryMm[AW]
+        uriSetScheme[AW]
+        uriSetSchemeMm[AW]
+        uriSetUserInfo[AW]
+        uriSetUserInfoMm[AW]
+  * Improved: CMake: Compile with -std=c90 by default (GitHub #232)
+  * Improved: Be consequent about and document .hostData.ipFuture .hostText
+      relation (GitHub #243)
+  * Improved: Document and cover FreeUriMembers after memset with zeros
+      (GitHub #238, GitHub #239)
+  * Improved: CLI tool "uriparse": Add missing hostData.ipFuture output
+      (GitHub #253)
+  * Improved: tests: Mass-replace ASSERT_TRUE([..] == [..]) by ASSERT_EQ
+      (GitHub #235)
+  * Improved: tests: Leverage assertion EXPECT_STREQ (GitHub #257)
+  * Improved: Percent encoding related code cleanup (GitHub #242)
+  * Improved: Documentation: Update some URLs to new HTTPS locations
+      Thanks to Hanno Böck for the pull request!
+      (GitHub #224)
+  * Improved: Documentation: Hide URI_PUBLIC (GitHub #236)
+  * Improved: Convert remaining DOS (CR/LF) newlines to Unix newlines
+      Thanks to Hanno Böck for the pull request!
+      (GitHub #225)
+  * Improved: Rename misleading variable doneMask to revertMask
+      (GitHub #233, GitHub #244)
+  * Improved: Make licensing easier to discover (GitHub #246)
+  * Changed: Documentation: For the Qt Compressed Help file, migrate from
+      naming ".qch" to "-doc.qch" (GitHub #191)
+  * Infrastructure: Update Clang from 18 to 20 (GitHub #217, GitHub #228)
+  * Infrastructure: Bump CI to Ubuntu 24.04 (GitHub #216)
+  * Infrastructure: Adapt to breaking changes in CI (GitHub #199, GitHub #204)
+  * Soname: 2:0:1 — see https://verbump.de/ for what these numbers do
+      (liburiparser.so.1.1.0)
+
 2024-05-05 -- 0.9.8
 
 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -28,6 +218,7 @@ NOTE: uriparser is looking for help with a few things:
   * Infrastructure: Pin GitHub Actions to specific commits for security
       (GitHub #165)
   * Soname: 1:31:0 — see https://verbump.de/ for what these numbers do
+      (liburiparser.so.1.0.31)
 
 2022-10-05 -- 0.9.7
 
@@ -223,7 +414,7 @@ NOTE: uriparser is looking for help with a few things:
       Protect uriResetUri* against acting on NULL input
       Commit f58c25069cf4a986fe17a80c5b38687e31feb539
 >>>>>>>>>>>>> SECURITY >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  * Fixed: Be fully compliant to C89 (Gitub #28) and C++98 in test code
+  * Fixed: Be fully compliant to C89 (GitHub #28) and C++98 in test code
   * Fixed: Fix off-by-one in uriComposeQueryCharsRequired* and ...Ex*
       Reported space requirements were 1 byte bigger than necessary
   * Changed: Marked as deprecated: