From dec252d4be106093ecce599085d08ef84f84a848 Mon Sep 17 00:00:00 2001
From: Martin Mitas <mity@morous.org>
Date: Sun, 21 Jan 2024 10:39:06 +0100
Subject: [PATCH] Bump version 0.5.1 and update CHANGELOG.md.
---
CHANGELOG.md | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++
CMakeLists.txt | 2 +-
2 files changed, 60 insertions(+), 1 deletion(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f91f108..46b1795 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,65 @@
# MD4C Change Log
+## Version 0.5.1
+
+Changes:
+
+ * LaTeX math extension (`MD_FLAG_LATEXMATHSPANS`) now requires that opener
+ mark is not immediately preceded with alpha-numeric character and similarly
+ that closer mark is not immediately followed with alpha-numeric character.
+
+ So for example `foo$ x + y = z $` is not recognized as LaTeX equation
+ anymore because there is no space between `foo` and the opening `$`.
+
+ * Table extension (`MD_FLAG_TABLES`) now recognizes only tables with no more
+ than 128 columns. This limit has been imposed to prevent a pathological
+ case of quadratic output size explosion which could be used as DoS attack
+ vector.
+
+ * We are now more strict with `MD_FLAG_PERMISSIVExxxAUTOLINKS` family of
+ extensions with respect to non-alphanumeric characters, with the aim to
+ mitigate false positive detections.
+
+ Only relatively few selected non-alphanumeric are now allowed in permissive
+ e-mail auto-links (`MD_FLAG_PERMISSIVEEMAILAUTOLINKS`):
+ - `.`, `-`, `_`, `+` in user name part of e-mail address; and
+ - `.`, `-`, `_` in host part of the e-mail address.
+
+ Similarly for URL and e-mail auto-links (`MD_FLAG_PERMISSIVEURLAUTOLINKS` and
+ `MD_FLAG_PERMISSIVEWWWAUTOLINKS`):
+ - `.`, `-`, `_` in host part of the URL;
+ - `/`, `.`, `-`, `_` in path part of the URL;
+ - `&`, `.`, `-`, `+`, `_`, `=`, `(`, `)` in the query part of the URL
+ (additionally, if present, `(` and `)` must form balanced pairs); and
+ - `.`, `-`, `+`, `_` in the fragment part of the URL.
+
+ Furthermore these characters (with some exceptions like where they serve as
+ delimiter characters, e.g. `/` for paths) are generally accepted only when
+ an alphanumeric character both precedes and follows them (i.e. these cannot
+ be "stacked" together).
+
+Fixes:
+
+ * Fix several bugs where we haven't properly respected already resolved spans
+ of higher precedence level in handling of permissive auto-links extensions
+ (family of `MD_FLAG_PERMISSIVExxxAUTOLINKS` flags), LaTeX math extension
+ (`MD_FLAG_LATEXMATHSPANS`) and wiki-links extension (`MD_FLAG_WIKILINKS`)
+ of the form `[[label|text]]` (with pipe `|`). In some complex cases this
+ could lead to invalid internal parser state and memory corruption.
+
+ Identified with [OSS-Fuzz](https://github.com/google/oss-fuzz).
+
+ * [#222](https://github.com/mity/md4c/issues/222):
+ Fix strike-through extension (`MD_FLAG_STRIKETHROUGH`) which did not respect
+ same rules for pairing opener and closer marks as other emphasis spans.
+
+ * [#223](https://github.com/mity/md4c/issues/223):
+ Fix incorrect handling of new-line character just at the beginning and/or
+ end of a code span where we were not following CommonMark specification
+ requirements correctly.
+
+
## Version 0.5.0
Changes:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index be781e5..1a4be6e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4,7 +4,7 @@ project(MD4C C)
set(MD_VERSION_MAJOR 0)
set(MD_VERSION_MINOR 5)
-set(MD_VERSION_RELEASE 0)
+set(MD_VERSION_RELEASE 1)
set(MD_VERSION "${MD_VERSION_MAJOR}.${MD_VERSION_MINOR}.${MD_VERSION_RELEASE}")
set(PROJECT_VERSION "${MD_VERSION}")