diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..dfe5ef3
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/uriparser-0.7.5.tar.gz
diff --git a/.uriparser.metadata b/.uriparser.metadata
new file mode 100644
index 0000000..986064d
--- /dev/null
+++ b/.uriparser.metadata
@@ -0,0 +1 @@
+c7631babf4020799d7d4a0d75c742aaf58413125 SOURCES/uriparser-0.7.5.tar.gz
diff --git a/SOURCES/uriparser-0.7.5-CVE-2018-19198-fix.patch b/SOURCES/uriparser-0.7.5-CVE-2018-19198-fix.patch
new file mode 100644
index 0000000..41fc95a
--- /dev/null
+++ b/SOURCES/uriparser-0.7.5-CVE-2018-19198-fix.patch
@@ -0,0 +1,73 @@
+From 864f5d4c127def386dd5cc926ad96934b297f04e Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 23 Sep 2018 20:07:25 +0200
+Subject: [PATCH] UriQuery.c: Fix out-of-bounds-write in ComposeQuery and ...Ex
+
+Reported by Google Autofuzz team
+---
+ lib/UriQuery.c |  1 +
+ test/test.cpp  | 32 ++++++++++++++++++++++++++++++++
+ 2 files changed, 33 insertions(+)
+
+diff --git a/lib/UriQuery.c b/lib/UriQuery.c
+index 5fd6b68..eb22157 100644
+--- a/lib/UriQuery.c
++++ b/lib/UriQuery.c
+@@ -219,6 +219,7 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
+ 
+ 			/* Copy key */
+ 			if (firstItem == URI_TRUE) {
++				ampersandLen = 1;
+ 				firstItem = URI_FALSE;
+ 			} else {
+ 				write[0] = _UT('&');
+diff --git a/test/test.cpp b/test/test.cpp
+index 41e3912..dbb8adb 100644
+--- a/test/test.cpp
++++ b/test/test.cpp
+@@ -91,6 +91,7 @@ class UriSuite : public Suite {
+ 		TEST_ADD(UriSuite::testCrash_MakeOwner_Bug20080207)
+ 		TEST_ADD(UriSuite::testQueryList)
+ 		TEST_ADD(UriSuite::testQueryListPair)
++		TEST_ADD(UriSuite::testQueryCompositionMathWrite_GoogleAutofuzz113244572)
+ 		TEST_ADD(UriSuite::testFreeCrash_Bug20080827)
+ 	}
+ 
+@@ -1501,6 +1502,37 @@ Rule                                | Example | hostSet | absPath | emptySeg
+ 		testQueryListPairHelper("one=two=three=four", "one", "two=three=four", "one=two%3Dthree%3Dfour");
+ 	}
+ 
++	void testQueryCompositionMathWrite_GoogleAutofuzz113244572() {
++		UriQueryListA second = { .key = "\x11", .value = NULL, .next = NULL };
++		UriQueryListA first = { .key = "\x01", .value = "\x02", .next = &second };
++
++		const UriBool spaceToPlus = URI_TRUE;
++		const UriBool normalizeBreaks = URI_FALSE;  /* for factor 3 but 6 */
++
++		const int charsRequired = (3 + 1 + 3) + 1 + (3);
++
++		{
++			// Minimum space to hold everything fine
++			const char * const expected = "%01=%02" "&" "%11";
++			char dest[charsRequired + 1];
++			int charsWritten;
++			TEST_ASSERT(uriComposeQueryExA(dest, &first, sizeof(dest),
++					&charsWritten, spaceToPlus, normalizeBreaks)
++				== URI_SUCCESS);
++			TEST_ASSERT(! strcmp(dest, expected));
++			TEST_ASSERT(charsWritten == strlen(expected) + 1);
++		}
++
++		{
++			// Previous math failed to take ampersand into account
++			char dest[charsRequired + 1 - 1];
++			int charsWritten;
++			TEST_ASSERT(uriComposeQueryExA(dest, &first, sizeof(dest),
++					&charsWritten, spaceToPlus, normalizeBreaks)
++				== URI_ERROR_OUTPUT_TOO_LARGE);
++		}
++	}
++
+ 	void testFreeCrash_Bug20080827() {
+ 		char const * const sourceUri = "abc";
+ 		char const * const baseUri = "http://www.example.org/";
diff --git a/SOURCES/uriparser-0.7.5-CVE-2018-19199-fix.patch b/SOURCES/uriparser-0.7.5-CVE-2018-19199-fix.patch
new file mode 100644
index 0000000..ebcef27
--- /dev/null
+++ b/SOURCES/uriparser-0.7.5-CVE-2018-19199-fix.patch
@@ -0,0 +1,42 @@
+From f76275d4a91b28d687250525d3a0c5509bbd666f Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping <sebastian@pipping.org>
+Date: Sun, 23 Sep 2018 21:30:39 +0200
+Subject: [PATCH] UriQuery.c: Catch integer overflow in ComposeQuery and ...Ex
+
+---
+ lib/UriQuery.c | 14 ++++++++++++--
+ 1 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/lib/UriQuery.c b/lib/UriQuery.c
+index 45acf5a..9165ec8 100644
+--- a/lib/UriQuery.c
++++ b/lib/UriQuery.c
+@@ -64,6 +64,10 @@
+ 
+ 
+ 
++#include <limits.h>
++
++
++
+ static int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
+ 		const URI_TYPE(QueryList) * queryList,
+ 		int maxChars, int * charsWritten, int * charsRequired,
+@@ -197,9 +201,15 @@ int URI_FUNC(ComposeQueryEngine)(URI_CHAR * dest,
+ 		const URI_CHAR * const value = queryList->value;
+ 		const int worstCase = (normalizeBreaks == URI_TRUE ? 6 : 3);
+ 		const int keyLen = (key == NULL) ? 0 : (int)URI_STRLEN(key);
+-		const int keyRequiredChars = worstCase * keyLen;
++		int keyRequiredChars;
+ 		const int valueLen = (value == NULL) ? 0 : (int)URI_STRLEN(value);
+-		const int valueRequiredChars = worstCase * valueLen;
++		int valueRequiredChars;
++
++		if ((keyLen >= INT_MAX / worstCase) || (valueLen >= INT_MAX / worstCase)) {
++			return URI_ERROR_OUTPUT_TOO_LARGE;
++		}
++		keyRequiredChars = worstCase * keyLen;
++		valueRequiredChars = worstCase * valueLen;
+ 
+ 		if (dest == NULL) {
+ 			if (firstItem == URI_TRUE) {
diff --git a/SOURCES/uriparser-0.7.5-doc_Makefile_in.patch b/SOURCES/uriparser-0.7.5-doc_Makefile_in.patch
new file mode 100644
index 0000000..85b5758
--- /dev/null
+++ b/SOURCES/uriparser-0.7.5-doc_Makefile_in.patch
@@ -0,0 +1,11 @@
+--- uriparser-0.7.5.org/doc/Makefile.in	2010-09-07 17:02:01.000000000 +0530
++++ uriparser-0.7.5/doc/Makefile.in	2010-09-07 17:02:11.000000000 +0530
+@@ -344,7 +344,7 @@
+ 
+ install-data-local:
+ 	$(MKDIR_P) "$(DESTDIR)$(docdir)/html"  ## Didn't work with installdirs-local
+-	$(INSTALL_DATA) html/*.{css,gif,html,png} "$(DESTDIR)$(docdir)/html/"
++	$(INSTALL_DATA) html/*.{css,html,png} "$(DESTDIR)$(docdir)/html/"
+ 
+ uninstall-local:
+ 	-rm -Rf "$(DESTDIR)$(docdir)/html"
diff --git a/SPECS/uriparser.spec b/SPECS/uriparser.spec
new file mode 100644
index 0000000..dbadccf
--- /dev/null
+++ b/SPECS/uriparser.spec
@@ -0,0 +1,171 @@
+Name:           uriparser
+Version:        0.7.5
+Release:        10%{?dist}
+Summary:        URI parsing library - RFC 3986
+
+Group:          System Environment/Libraries
+License:        BSD
+URL:            http://%{name}.sourceforge.net/
+Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Patch0:         uriparser-0.7.5-doc_Makefile_in.patch
+# Backport of https://github.com/uriparser/uriparser/commit/864f5d4c127def386dd5cc926ad96934b297f04e
+# Fixes CVE-2018-19198 (rhbz#1652002)
+Patch1:         uriparser-0.7.5-CVE-2018-19198-fix.patch
+# Backport of https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f
+# Fixes CVE-2018-19199 (rhbz#1652001)
+Patch2:         uriparser-0.7.5-CVE-2018-19199-fix.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires:  doxygen, graphviz, cpptest-devel
+Requires:       cpptest
+
+%description
+Uriparser is a strictly RFC 3986 compliant URI parsing library written
+in C. uriparser is cross-platform, fast, supports Unicode and is
+licensed under the New BSD license.
+
+%package	devel
+Summary:        Development files for %{name}
+Group:          Development/Libraries
+Requires:       %{name} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+%prep
+%setup -q
+%patch0 -p1 -b .doc_Makefile_in
+%patch1 -p1
+%patch2 -p1
+sed -i 's/\r//' THANKS
+sed -i 's/\r//' COPYING
+iconv -f iso-8859-1 -t utf-8 -o THANKS{.utf8,}
+mv THANKS{.utf8,}
+
+%build
+%configure --disable-static
+cd doc;
+
+# Remove qhelpgenerator dependency, by commenting these lines in
+# Doxygen.in
+## .qch output
+## QCH_FILE = "../uriparser-doc-0.7.5.qch"
+## QHG_LOCATION = "qhelpgenerator"
+sed -i 's/^# .qch output.*//' Doxyfile.in
+sed -i 's/^QCH.*//' Doxyfile.in
+sed -i 's/^QHG.*//' Doxyfile.in
+
+%configure; make %{?_smp_mflags}; cd ..
+make %{?_smp_mflags}
+
+# doc folder has separate configure file
+#cd doc;
+# fix for automated autotool calls
+#touch aclocal.m4 configure Makefile.in
+# jkucera: escape %%; this line was commented out, but with no effect as
+#          %%configure is a multiline macro and macros are expanded first by
+#          rpm; thus, configure and make were still invoked; escaping %% has a
+#          side effect that docdir became %%{_datadir}/doc/uriparser-doc
+#          (./doc/configure sets PACKAGE=uriparser-doc); invoking ./configure
+#          on the commented line below triggers regenerating Makefiles from
+#          their Makefile.in templates and hence all @docdir@ occurences are
+#          substituted by %%{_datadir}/doc/uriparser (./configure sets
+#          PACKAGE_TARNAME=uriparser)
+#%%configure; make %%{?_smp_mflags}
+
+%check
+make check
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p"
+
+find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
+# jkucera: s/uriparser/uriparser-doc/g (see my note few lines above)
+mv ${RPM_BUILD_ROOT}%{_datadir}/doc/uriparser-doc/html \
+ ${RPM_BUILD_ROOT}%{_datadir}/doc/%{name}-%{version}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root,-)
+%doc THANKS AUTHORS COPYING ChangeLog
+%{_libdir}/*.so.*
+
+%files devel
+%defattr(-,root,root,-)
+%doc doc/html
+%{_includedir}/*
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+
+%changelog
+* Tue Nov 27 2018 Jiri Kucera <jkucera@redhat.com> - 0.7.5-10
+- Fix CVE-2018-19198, CVE-2018-19199
+  Fix unescaped %% in a comment
+  Resolves: #1652002, #1652001
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 0.7.5-9
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 0.7.5-8
+- Mass rebuild 2013-12-27
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Sep 07 2010 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.5-3
+- Fixed FTBFS
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Fri Mar 06 2009 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.5-1
+- Upgrade to 0.7.5:
+-  Improved docs
+-  Test suite
+- 0.7.4
+-  Cleaned up code and fixed memory leaks
+- 0.7.3
+-  Builds for Cygwin, minor bug fix
+-  Changes in build system.
+-  Added: Qt Assistant documentation output
+- 0.7.2
+-  Improved and cleaned API 
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Sep 06 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-6
+- changed document file handling in spec, used better method - %%doc
+
+* Fri Sep 05 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-5
+- fixed group, removed redundant args for %%setup
+- included ChangeLog, fixed html folder path in %%files
+- fixed automated autotool calls
+
+* Sat Aug 23 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-4
+- changed name according to naming guidelines
+
+* Sat Aug 23 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-3
+- fixed buildrequires tag
+
+* Sun Aug 10 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-2
+- added documentation
+
+* Sat Aug 9 2008 Rakesh Pandit <rakesh@fedoraproject.org> 0.7.1-1
+- Initial build