Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package uriparser for openSUSE:Factory checked in at 2026-01-13 21:36:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/uriparser (Old) and /work/SRC/openSUSE:Factory/.uriparser.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "uriparser" Tue Jan 13 21:36:26 2026 rev:15 rq:1327052 version:1.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/uriparser/uriparser.changes 2025-06-13 18:47:43.688441795 +0200 +++ /work/SRC/openSUSE:Factory/.uriparser.new.1928/uriparser.changes 2026-01-13 21:37:40.975751379 +0100 @@ -1,0 +2,169 @@ +Tue Jan 13 14:05:09 UTC 2026 - Adam Majer <[email protected]> + +- Update to 1.0.0 (bsc#1255000, CVE-2025-67899) + * Fixed: [CVE-2025-67899] + Protect from stack overflow during parsing by dissolving all 13 cases + of recursion, both direct and indirect. The attack vector was long + (or crafted) URI input. The known impact is denial of service or more. + Thanks for the report to Sergey Svistunov! + Thanks for in-depth review to Tim Düsterhus! (sponsored by Tideways GmbH) + Thanks for C callgraph tool "egypt" (https://www.gson.org/egypt/) + to Andreas Gustafsson and for "dot_find_cycles.py" to Jason Antman! + * Changed: Start requiring a C99 compiler (GitHub #264, GitHub #273) + * Changed: Require CMake >=3.15.0 (GitHub #270) + * Fixed: Normalization of URIs with leading dot segments + produced ambiguous results in the sense that a reparse + after normalization would have misinterpreted path parts + as a host (GitHub #262, GitHub #263, GitHub #265) + Examples of affected URIs: + - "scheme:/.//path1/path2" + - "/.//path1/path2" + - ".//path1/path2" + The fix is to not remove that dot segment. + Thanks to Ignace Nyamagana Butera and to Tim Düsterhus for the report! + * Fixed: Insufficient pointer alignment from allocation wrappers + used in the implementation of function uriCompleteMemoryManager. + (GitHub #261) + Thanks to Matthew Fernandez and Rolf Eike Beer for the report and review! + * Fixed: Do not set `absolutePath` for empty paths when removing host + Thanks for the report and pull request to Tim Düsterhus! + (GitHub #275, GitHub #276) + * Fixed: Documentation of functions uriCompleteMemoryManager, + uriEmulateCalloc, uriEmulateReallocarray and uriTestMemoryManager + (GitHub #261) + * Fixed: CMake: Remake approach to static CRT with MSVC compilers + Old: -DURIPARSER_MSVC_RUNTIME=/MT + New: -DURIPARSER_MSVC_STATIC_CRT=ON + (GitHub #270) + * Fixed: Documentation: Get CMake variables list back in sync and sorted + in the readme (GitHub #270) + * Fixed: Various typos found by Codespell + (https://github.com/codespell-project/codespell) (GitHub #259) + * Added: Add a new (and recommended to use) version of uriTestMemoryManager + that can challenge pointer alignment (GitHub #261) + New functions: + uriTestMemoryManagerEx + * Improved: Increase test coverage by mutation testing + Thanks for the pull request to Tim Düsterhus! (GitHub #266) + * Improved: Address compiler warning -Wunused-but-set-variable (GitHub #268) + * Improved: Deduplicate internal char set macros (GitHub #280) + * Infrastructure: Enable stack traces from UndefinedBehaviorSanitizer in CI + via environment variable UBSAN_OPTIONS (GitHub #261) + * Infrastructure: Bump GoogleTest to 1.12.0 in AppVeyor CI to fix the build + with CMake >=3.5 (GitHub #261) + * Infrastructure: Migrate Windows CI from AppVeyor to GitHub Actions + (GitHub #270) + * Infrastructure: Make GitHub Actions detect and reject known typos using + Codespell (https://github.com/codespell-project/codespell) (GitHub #259) + * Infrastructure: Update Clang from 20 to 21 (GitHub #267) + * Infrastructure: Start specifying CXX and CXXFLAGS for fuzzing CI + (GitHub #268) + * Infrastructure: Make CI report on test coverage using LLVM, and offer + these reports for download (GitHub #32, GitHub #269) + * Infrastructure: Make CI enforce clang-format clean code (GitHub #272) + * Soname: 3:0:2 — see https://verbump.de/ for what these numbers do + (liburiparser.so.1.2.0) + + Changes in 0.9.9: + * Fixed: Dissolve undefined behavior in parsing of URIs (GitHub #252) + Thanks to Tim Düsterhus for the report! + * Fixed: Normalized percent-encoded octets should have uppercase letters + in the host (GitHub #221, GitHub #222) + Thanks to Máté Kocsis for the pull request! + * Fixed: Fix documentation of uriEscape (GitHub #206, GitHub #207) + * Fixed: Docstring typo in ParseIpFourAddress (GitHub #254) + * Fixed: Documentation: Make Mainpage.txt bypass the C preprocessor + (GitHub #226, GitHub #227) + * Fixed: Documentation: Migrate Doxygen from ${CPP} to ${CC} -E (GitHub #192) + * Fixed: Fix macros URI_VER_SUFFIX_UNICODE and URI_VER_UNICODE (GitHub #258) + Thanks to Tim Düsterhus for the report and patch! + * Added: Support for copying Uri structures (GitHub #200, GitHub #230, + GitHub #237, GitHub #240, GitHub #250, GitHub #251) + Thanks to Máté Kocsis and to Tim Düsterhus! + New functions: + uriCopyUri[AW] + uriCopyUriMm[AW] + * Added: Add port normalization to NormalizeSyntax function (GitHub #231) + * Added: Add function HasHost to the public API (GitHub #234) + Thanks to Máté Kocsis for the pull request! + New functions: + uriHasHost[AW] + * Added: Support obtaining base runtime version (GitHub #219, GitHub #258) + New functions: + uriBaseRuntimeVersion[AW] + * Added: CMake: Add alias "uriparser::uriparser" (GitHub #197) + * Added: Integrate fuzzers from google/oss-fuzz repository and + improve those fuzzers on top (GitHub #209, GitHub #211, GitHub #212, + GitHub #214) + Thanks to @tyler92 for two of the related pull requests! + * Added: Support setting individual components of a UriUri[AW] structure + (GitHub #196, GitHub #249) + Part of this work was commissioned by the PHP Foundation. + Thanks to Máté Kocsis and Tim Düsterhus for the detailed review! + New functions: + uriIsWellFormedFragment[AW] + uriIsWellFormedHostIp4[AW] + uriIsWellFormedHostIp6[AW] + uriIsWellFormedHostIp6Mm[AW] + uriIsWellFormedHostIpFuture[AW] + uriIsWellFormedHostIpFutureMm[AW] + uriIsWellFormedHostRegName[AW] + uriIsWellFormedPath[AW] + uriIsWellFormedPort[AW] + uriIsWellFormedQuery[AW] + uriIsWellFormedScheme[AW] + uriIsWellFormedUserInfo[AW] + uriParseIpSixAddress[AW] + uriParseIpSixAddressMm[AW] + uriSetFragment[AW] + uriSetFragmentMm[AW] + uriSetHostAuto[AW] + uriSetHostAutoMm[AW] + uriSetHostIp4[AW] + uriSetHostIp4Mm[AW] + uriSetHostIp6[AW] + uriSetHostIp6Mm[AW] + uriSetHostIpFuture[AW] + uriSetHostIpFutureMm[AW] + uriSetHostRegName[AW] + uriSetHostRegNameMm[AW] + uriSetPath[AW] + uriSetPathMm[AW] + uriSetPortText[AW] + uriSetPortTextMm[AW] + uriSetQuery[AW] + uriSetQueryMm[AW] + uriSetScheme[AW] + uriSetSchemeMm[AW] + uriSetUserInfo[AW] + uriSetUserInfoMm[AW] + * Improved: CMake: Compile with -std=c90 by default (GitHub #232) + * Improved: Be consequent about and document .hostData.ipFuture .hostText + relation (GitHub #243) + * Improved: Document and cover FreeUriMembers after memset with zeros + (GitHub #238, GitHub #239) + * Improved: CLI tool "uriparse": Add missing hostData.ipFuture output + (GitHub #253) + * Improved: tests: Mass-replace ASSERT_TRUE([..] == [..]) by ASSERT_EQ + (GitHub #235) + * Improved: tests: Leverage assertion EXPECT_STREQ (GitHub #257) + * Improved: Percent encoding related code cleanup (GitHub #242) + * Improved: Documentation: Update some URLs to new HTTPS locations + Thanks to Hanno Böck for the pull request! + (GitHub #224) + * Improved: Documentation: Hide URI_PUBLIC (GitHub #236) + * Improved: Convert remaining DOS (CR/LF) newlines to Unix newlines + Thanks to Hanno Böck for the pull request! + (GitHub #225) + * Improved: Rename misleading variable doneMask to revertMask + (GitHub #233, GitHub #244) + * Improved: Make licensing easier to discover (GitHub #246) + * Changed: Documentation: For the Qt Compressed Help file, migrate from + naming ".qch" to "-doc.qch" (GitHub #191) + * Infrastructure: Update Clang from 18 to 20 (GitHub #217, GitHub #228) + * Infrastructure: Bump CI to Ubuntu 24.04 (GitHub #216) + * Infrastructure: Adapt to breaking changes in CI (GitHub #199, GitHub #204) + * Soname: 2:0:1 — see https://verbump.de/ for what these numbers do + (liburiparser.so.1.1.0) + +------------------------------------------------------------------- Old: ---- uriparser-0.9.8.tar.xz New: ---- uriparser-1.0.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ uriparser.spec ++++++ --- /var/tmp/diff_new_pack.7qWYtp/_old 2026-01-13 21:37:41.907790137 +0100 +++ /var/tmp/diff_new_pack.7qWYtp/_new 2026-01-13 21:37:41.907790137 +0100 @@ -1,7 +1,7 @@ # # spec file for package uriparser # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,10 +24,10 @@ %define so_ver 1 Name: uriparser -Version: 0.9.8 +Version: 1.0.0 Release: 0 Summary: A strictly RFC 3986 compliant URI parsing library -License: BSD-3-Clause AND LGPL-2.1-or-later +License: Apache-2.0 AND BSD-3-Clause AND LGPL-2.1-or-later Group: Development/Libraries/C and C++ URL: https://uriparser.github.io Source: https://github.com/uriparser/uriparser/releases/download/uriparser-%{version}/uriparser-%{version}.tar.xz @@ -128,16 +128,16 @@ %postun -n liburiparser%{so_ver} -p /sbin/ldconfig %files -%license COPYING +%license COPYING.BSD-3-Clause %{_bindir}/uriparse %files -n liburiparser%{so_ver} -%license COPYING +%license COPYING.BSD-3-Clause %{_libdir}/liburiparser.so.%{so_ver} %{_libdir}/liburiparser.so.%{so_ver}.* %files devel -%license COPYING +%license COPYING.BSD-3-Clause %doc ChangeLog THANKS AUTHORS %{_includedir}/%{name}/ %{_libdir}/liburiparser.so @@ -145,9 +145,9 @@ %{_libdir}/pkgconfig/liburiparser.pc %files doc -%license COPYING +%license COPYING.BSD-3-Clause %doc doc/Mainpage.txt %dir %{_docdir}/%{name}/ %{_docdir}/%{name}/html/ -%{_docdir}/%{name}/%{name}-%{version}.qch +%{_docdir}/%{name}/%{name}-%{version}-doc.qch ++++++ uriparser-0.9.8.tar.xz -> uriparser-1.0.0.tar.xz ++++++ ++++ 34551 lines of diff (skipped)
