From bd4e4d2065f86103fc1e164bfa4c613e298cff90 Mon Sep 17 00:00:00 2001 From: wangmy Date: Mon, 17 Jan 2022 08:28:57 +0800 Subject: uriparser: upgrade 0.9.5 -> 0.9.6 Changelog: ========= * Fixed: [CVE-2021-46141] Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner* functions where the text range in .hostText would not be duped using malloc but remain unchanged (and hence "not owned") for URIs with an IPv4 or IPv6 address hostname; depending on how an application uses uriparser, this could lead the application into a use-after-free situation. As the second half, fix uriFreeUriMembers* functions that would not free .hostText memory for URIs with an IPv4 or IPv6 address host; also, calling uriFreeUriMembers* multiple times on a URI of this very nature would result in trying to free pointers to stack (rather than heap) memory (GitHub #121, GitHub #124) Commit 987b046e41f407d17c622e580fc82a5e834b4329 Commit b1a34743bc1472e055d886e29e9b53f670eb3282 * Fixed: [CVE-2021-46142] Fix functions uriNormalizeSyntax* for out-of-memory situations (i.e. malloc returning NULL) for URIs containing empty segments (any of user info, host text, query, or fragment) where previously pointers to stack (rather than heap) memory were freed (GitHub #122, GitHub #124) Commit c0483990e6b5b454f7c8752b36760cfcb0d093f5 * Fixed: CMake: Call "enable_language(CXX)" prior to tinkering with CMAKE_CXX_* variables (GitHub #110) * Fixed: CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR (GitHub #114) * Fixed: Windows: Address MSVC compiler warnings (GitHub #111, GitHub #113) * Fixed: Documentation: Space requirements for uriUriStringToUnixFilename did not take into account short form "file:/bin/bash" of RFC 8089 of 2017 (with prefix "file:/" rather than "file:///") that uriparser supports since release 0.8.6 in 2018 (GitHub #118, GitHub #119) * Fixed: Compile error with MinGW GCC 9 related to a mismatched prototype for function inet_ntop (GitHub #117, GitHub #120) * Fixed: Compile warnings in test suite code (GitHub #120) * Improved: Respect variable ${CPP} in doc/preprocess.sh (GitHub #115) * Added: Test suite invocation for MinGW using Wine (GitHub #120) * Soname: 1:29:0 - see https://verbump.de/ for what these numbers do Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- meta-oe/recipes-support/uriparser/uriparser_0.9.5.bb | 16 ---------------- meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 16 deletions(-) delete mode 100644 meta-oe/recipes-support/uriparser/uriparser_0.9.5.bb create mode 100644 meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb diff --git a/meta-oe/recipes-support/uriparser/uriparser_0.9.5.bb b/meta-oe/recipes-support/uriparser/uriparser_0.9.5.bb deleted file mode 100644 index f506223589..0000000000 --- a/meta-oe/recipes-support/uriparser/uriparser_0.9.5.bb +++ /dev/null @@ -1,16 +0,0 @@ -SUMMARY = "RFC 3986 compliant URI parsing library" -HOMEPAGE = "https://uriparser.github.io" - -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://COPYING;md5=fcc5a53146c2401f4b4f6a3bdf3f0168" - -SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${BP}/${BP}.tar.gz" -SRC_URI[sha256sum] = "1987466a798becb5441a491d29e762ab1a4817a525f82ef239e3d38f85605a77" - -UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" - -inherit cmake - -EXTRA_OECMAKE += "-DURIPARSER_BUILD_DOCS:BOOL=OFF -DURIPARSER_BUILD_TESTS:BOOL=OFF" - -BBCLASSEXTEND += "native" diff --git a/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb b/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb new file mode 100644 index 0000000000..0d45a15595 --- /dev/null +++ b/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb @@ -0,0 +1,16 @@ +SUMMARY = "RFC 3986 compliant URI parsing library" +HOMEPAGE = "https://uriparser.github.io" + +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=fcc5a53146c2401f4b4f6a3bdf3f0168" + +SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${BP}/${BP}.tar.gz" +SRC_URI[sha256sum] = "10e6f90d359c1087c45f907f95e527a8aca84422251081d1533231e031a084ff" + +UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases" + +inherit cmake + +EXTRA_OECMAKE += "-DURIPARSER_BUILD_DOCS:BOOL=OFF -DURIPARSER_BUILD_TESTS:BOOL=OFF" + +BBCLASSEXTEND += "native" -- cgit 1.2.3-korg