1 |
root |
1.1 |
Revision history for Perl extension CBOR::XS |
2 |
|
|
|
3 |
root |
1.30 |
TODO: pack_keys? |
4 |
root |
1.36 |
TODO: document encode_cbor_sharing? |
5 |
root |
1.70 |
TODO: large negative integers |
6 |
root |
1.79 |
TODO: type cast tests. |
7 |
root |
1.93 |
TODO: round-tripping of types, such as float16 - maybe types::Serialiser support? |
8 |
root |
1.81 |
TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb? |
9 |
|
|
TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill? |
10 |
root |
1.84 |
|
11 |
root |
1.99 |
1.87 Fri 08 Sep 2023 22:14:18 CEST |
12 |
root |
1.97 |
- shared references were not decoded correctly: instead of getting |
13 |
|
|
multiple references to the same object, you got the same |
14 |
|
|
reference to the same object, causing a number of issues. For |
15 |
|
|
example, modifying the reference would modify all places the |
16 |
|
|
reference was used, and encoding the decoded structure would |
17 |
|
|
unshare the previously shared hashes, as trheir reference count |
18 |
root |
1.99 |
would be 1. Fixing this was rather involved, as perl lacks the |
19 |
|
|
ability to easily swap or copy arrays and hashes. |
20 |
root |
1.95 |
- \0, \1, \undef do not work, and were not intended to ever work, as |
21 |
|
|
special values, despite being mentioned in the documentation (reported |
22 |
|
|
by nuclightq). |
23 |
root |
1.98 |
- new feature: allow_weak_cycles. |
24 |
root |
1.95 |
|
25 |
root |
1.93 |
1.86 Thu 04 Nov 2021 17:48:16 CET |
26 |
root |
1.92 |
- fixed a wrong printf format specifier (reported by Petr Písař). |
27 |
|
|
|
28 |
root |
1.91 |
1.85 Sat 23 Oct 2021 04:59:56 CEST |
29 |
|
|
- left debugging printf in code, need a test for that :( |
30 |
|
|
|
31 |
root |
1.90 |
1.84 Thu 21 Oct 2021 03:11:52 CEST |
32 |
|
|
- fix a bug in validate_utf8 where we call perl's is_utf8_string with |
33 |
|
|
a lenght of zero for empty strings, but perl interprets that as |
34 |
|
|
"calculate length", causing spurious validation errors for |
35 |
|
|
empty strings. |
36 |
root |
1.89 |
- include validate_utf8 in new_safe. |
37 |
root |
1.88 |
- avoid some warnings. |
38 |
|
|
|
39 |
root |
1.87 |
1.83 Tue Dec 8 09:27:06 CET 2020 |
40 |
|
|
- add CBOR::XS::as_map cast function. |
41 |
|
|
|
42 |
root |
1.85 |
1.82 Tue Dec 1 02:47:40 CET 2020 |
43 |
root |
1.84 |
- add CBOR::XS::as_bool cast function. |
44 |
root |
1.81 |
|
45 |
root |
1.82 |
1.81 Mon Nov 30 19:29:33 CET 2020 |
46 |
root |
1.84 |
- cast functions were broken due to last-minute renaming. thats |
47 |
|
|
what you get for not having a tessuite. |
48 |
root |
1.81 |
- Math::BigInt and Math::BigFloat are pretty broken (again), |
49 |
|
|
so disable some tests. (try printing the bigfloat |
50 |
|
|
799999999999999999998E99999999999999999998). |
51 |
root |
1.79 |
|
52 |
root |
1.80 |
1.8 Sun Nov 29 22:35:13 CET 2020 |
53 |
root |
1.79 |
- experimental support for some type casts, as well as embedding |
54 |
|
|
raw cbor data. |
55 |
root |
1.76 |
|
56 |
root |
1.78 |
1.71 Thu Nov 15 20:52:13 CET 2018 |
57 |
|
|
- work around what smells like a perl bug w.r.t. exceptions |
58 |
|
|
thrown in callbacks. |
59 |
|
|
- update libecb. |
60 |
|
|
|
61 |
root |
1.77 |
1.7 Tue Jun 27 04:02:23 CEST 2017 |
62 |
|
|
- SECURITY FIX: fix two bugs found by american fuzzy lop, |
63 |
|
|
upgrade is advised if you accept data from untrusted |
64 |
|
|
sources. |
65 |
|
|
- an out-of bound sharedref or stringref index could cause an |
66 |
|
|
out of bounds access - might be exploitable. |
67 |
|
|
- a decoding error during indefinite array or hash decoding |
68 |
|
|
could cause an endless loop. |
69 |
|
|
|
70 |
root |
1.76 |
1.6 Wed Dec 7 15:13:23 CET 2016 |
71 |
root |
1.75 |
- greatly expand the SECURITY IMPLICATIONS and similar sections. |
72 |
root |
1.74 |
- new constructor new_safe, to create a secure CBOR::XS object. |
73 |
|
|
- new option forbid_objects, to disallow serialisation. |
74 |
|
|
- new CBOR::XS::safe_filter functionality. |
75 |
root |
1.69 |
- fix a crash when decoding a cyclic data structure using |
76 |
|
|
stringref/pack_strings when allow_cycles is disabled. |
77 |
root |
1.71 |
- fix a crash when decoding hash keys with length >= 2**31. |
78 |
|
|
- avoid unreasonably long decoding times for certain |
79 |
root |
1.75 |
types of (corrupt) cbor texts. |
80 |
root |
1.71 |
- support arrays and hashes with >= 2**31 members. |
81 |
|
|
- avoid overflow on pointer arithmetic when checking whether enough |
82 |
|
|
data is available. |
83 |
root |
1.72 |
- fix a memory leak that occured when decoding failed while decoding |
84 |
|
|
a tagged value. |
85 |
root |
1.73 |
- do not leak the partially constructed result when stringifying |
86 |
|
|
a hash key throws an exception. |
87 |
root |
1.74 |
- various code size and efficiency optimizations (reduced code |
88 |
root |
1.75 |
from 42 to 40kB on my system, despite the new features). |
89 |
root |
1.46 |
|
90 |
root |
1.67 |
1.5 Wed Apr 27 11:38:39 CEST 2016 |
91 |
root |
1.61 |
- Math::BigFloat madness workaround, see |
92 |
|
|
http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
93 |
root |
1.57 |
(bugreport by zdm@softvisio.net). |
94 |
root |
1.61 |
- add text_keys and text_strings options to force CBOR text encoding |
95 |
|
|
for perl hash keys or all strings, as a result of discussions |
96 |
|
|
with Fredrik Ljunggren. |
97 |
root |
1.64 |
- implement support for arbitrary-exponent numbers (see |
98 |
|
|
http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265) |
99 |
|
|
for both en- and decoding. |
100 |
root |
1.65 |
- implement support for rational numbers (see |
101 |
|
|
http://peteroupc.github.io/CBOR/rational.html, tag 30) for both |
102 |
|
|
en- and decoding. |
103 |
root |
1.67 |
- the above effectively implements all registered CBOR extensions |
104 |
root |
1.66 |
in a sensible manner. |
105 |
root |
1.67 |
- remove some weird dead code that was duplicated (%FILTER). |
106 |
root |
1.60 |
- add t/58_hv.t, which tests hashes and the new text_* flags. |
107 |
root |
1.67 |
hashes apparently were not encoded at all in any of the existing |
108 |
root |
1.60 |
tests. |
109 |
root |
1.67 |
- document Math::BigFloat base-2 performance/crash issues. |
110 |
root |
1.62 |
- use stability canary. |
111 |
root |
1.57 |
|
112 |
root |
1.56 |
1.41 Thu 25 Feb 15:22:03 CET 2016 |
113 |
|
|
- avoid perl panics on nested FREEZE/THAW calls (testcase by |
114 |
|
|
Victor Efimov). |
115 |
|
|
|
116 |
root |
1.54 |
1.4 Mon Feb 8 05:10:15 CET 2016 |
117 |
|
|
- buffer overflow fix: a fast path during decoding did not check |
118 |
|
|
remaining length when decoding hash keys, found by fuzzing. |
119 |
root |
1.55 |
This can potentially leak information in the error message |
120 |
|
|
or crash the process. |
121 |
root |
1.53 |
- use C style { 0 } struct initializer. |
122 |
root |
1.54 |
- upgrade libecb. |
123 |
root |
1.53 |
|
124 |
root |
1.52 |
1.3 Mon Apr 27 22:21:04 CEST 2015 |
125 |
|
|
- the incremental parser didn't properly parse tagged values |
126 |
|
|
(testcase by Mons Anderson). |
127 |
root |
1.50 |
- slightly speed up encoding of plain (nonmagical) arrays. |
128 |
root |
1.51 |
- try to clarify further that effectively all 32 bit architectures |
129 |
|
|
have 64 bit integer support. |
130 |
root |
1.52 |
- upgrade libecb. |
131 |
root |
1.50 |
|
132 |
root |
1.49 |
1.26 Sat Oct 25 08:35:44 CEST 2014 |
133 |
root |
1.47 |
- update the t/57_incr.t subtest that would rely on 64 bit ints. |
134 |
root |
1.48 |
- disable t/50_rfc.t test that fails because of broken data::dumper. |
135 |
root |
1.47 |
|
136 |
root |
1.46 |
1.25 Sun Jan 5 15:19:14 CET 2014 |
137 |
|
|
- map key decoding was pretty much botched due to the recent cleanups. |
138 |
|
|
- work around Time::Piece->epoch returning a string value, avoid encoding |
139 |
|
|
this as a tag 1 string. |
140 |
|
|
- enable more testcases in t/50_rfc.t, now that they work :) |
141 |
|
|
|
142 |
|
|
1.2 Tue Dec 10 22:06:42 CET 2013 |
143 |
|
|
- implement an incremental decoder. |
144 |
root |
1.39 |
|
145 |
root |
1.44 |
1.12 Tue Dec 3 11:23:22 CET 2013 |
146 |
root |
1.45 |
- work around broken Time::Piece (in old versions of the module, %z doesn't |
147 |
|
|
work as documented, gives different results on different platforms(!)). |
148 |
root |
1.43 |
|
149 |
root |
1.42 |
1.11 Sun Dec 1 18:00:00 CET 2013 |
150 |
root |
1.39 |
- new setting: validate_utf8, for when you can't trust your cbor data. |
151 |
|
|
- do not leak memory on decoding errors, when allow_cycles is enabled. |
152 |
root |
1.41 |
- add default filters for tags 0 and 1, using Time::Piece. |
153 |
root |
1.42 |
- more tests added. |
154 |
root |
1.30 |
|
155 |
root |
1.37 |
1.1 Sat Nov 30 19:14:27 CET 2013 |
156 |
root |
1.36 |
- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode |
157 |
|
|
cyclic data structures (to avoid memleaks in unsuspecting code). |
158 |
root |
1.37 |
- no longer "share" references that aren't, i.e. true/false/null/error/tagged. |
159 |
root |
1.32 |
- fix stringref w.r.t. indefinite-length strings. |
160 |
|
|
- verify indefinite-length string chunk types. |
161 |
root |
1.35 |
- do not allow extremely large arrays - assume an array element |
162 |
root |
1.37 |
requires at least one CBOR byte, to avoid memory exhaustion attacks. |
163 |
root |
1.34 |
- major code overhaul. |
164 |
root |
1.32 |
|
165 |
root |
1.31 |
1.0 Thu Nov 28 16:43:31 CET 2013 |
166 |
root |
1.28 |
- use the now official tag values for extensions. remove the |
167 |
|
|
experimental notice. it's the real thing now, with real bugs. |
168 |
root |
1.29 |
- renamed allow_stringref to pack_strings. |
169 |
root |
1.27 |
- port to perl <= 5.16. |
170 |
root |
1.31 |
- slightly improve the documentation. |
171 |
root |
1.27 |
|
172 |
root |
1.25 |
0.09 Fri Nov 22 16:54:18 CET 2013 |
173 |
root |
1.24 |
- bignum/bigfloat/decimal support. |
174 |
|
|
- uri support. |
175 |
|
|
- tag filter functions support for decoding. |
176 |
root |
1.21 |
- do not support reference-to-1/0/undef anymore, you need to use |
177 |
|
|
the Types::Serialiser objects now. |
178 |
|
|
- experimental sharable extension support (http://cbor.schmorp.de/value-sharing). |
179 |
root |
1.22 |
- experimental stringref extension support (http://cbor.schmorp.de/stringref). |
180 |
root |
1.21 |
- implement indirection tag (http://cbor.schmorp.de/indirection). |
181 |
|
|
|
182 |
root |
1.20 |
0.08 Wed Oct 30 11:10:43 CET 2013 |
183 |
root |
1.19 |
- defused another too fragile test. |
184 |
|
|
|
185 |
root |
1.18 |
0.07 Tue Oct 29 23:04:07 CET 2013 |
186 |
root |
1.17 |
- don't crash in decode when silly values are passed in. |
187 |
|
|
- considerably speed up map decoding when map keys |
188 |
|
|
are utf-8 or byte strings. |
189 |
root |
1.18 |
- raising an exception in THAW should now work without |
190 |
|
|
leaking. |
191 |
root |
1.17 |
|
192 |
root |
1.16 |
0.06 Tue Oct 29 16:56:07 CET 2013 |
193 |
root |
1.14 |
- do not leak when deserialiasing via THAW. |
194 |
root |
1.15 |
- implement and document CBOR::XS creation/access/mutate |
195 |
|
|
methods. |
196 |
root |
1.14 |
|
197 |
root |
1.13 |
0.05 Mon Oct 28 22:27:47 CET 2013 |
198 |
root |
1.12 |
- do not leak hash keys on decoding. |
199 |
|
|
|
200 |
root |
1.11 |
0.04 Sun Oct 27 23:47:47 CET 2013 |
201 |
root |
1.10 |
- implement TO_CBOR/FREEZE/THAW serialisation protocols. |
202 |
root |
1.7 |
- requested perl-object and generic-object tags from iana. |
203 |
root |
1.9 |
- switched to Types::Serialiser for true, false and error. |
204 |
root |
1.8 |
- disabled some fragile tests (thanks, andk). |
205 |
root |
1.7 |
|
206 |
root |
1.6 |
0.03 Sun Oct 27 00:28:41 CEST 2013 |
207 |
root |
1.4 |
- improve 32 bit platform compatibility. |
208 |
root |
1.5 |
- take more advantage of ecb.h. |
209 |
root |
1.6 |
- preliminary and bare-bones tagged support. |
210 |
|
|
- improved docs. |
211 |
root |
1.4 |
|
212 |
root |
1.3 |
0.02 Sat Oct 26 13:08:05 CEST 2013 |
213 |
|
|
- no aborts left. |
214 |
|
|
- add $CBOR::XS::MAGIC. |
215 |
|
|
- preliminary tagged decoding to arrayref. |
216 |
root |
1.2 |
- indefinite encoding fixed. |
217 |
|
|
- half float decoding implemented. |
218 |
|
|
- t/50_rfc.t adds test vectors from the rfc, which |
219 |
|
|
are checked as applicable. |
220 |
|
|
|
221 |
root |
1.1 |
0.01 Fri Oct 25 21:39:56 CEST 2013 |
222 |
|
|
- original version; cloned from JSON-XS |
223 |
|
|
|