[ViewVC] Diff of: cvs/CBOR-XS/Changes

Comparing CBOR-XS/Changes (file contents):
Revision 1.10 by root, Sun Oct 27 22:35:15 2013 UTC vs.
Revision 1.97 by root, Fri Sep 8 05:47:10 2023 UTC

1	Revision history for Perl extension CBOR::XS	1	Revision history for Perl extension CBOR::XS
2		2
		3	TODO: pack_keys?
		4	TODO: document encode_cbor_sharing?
		5	TODO: weaken cyclic structures?
		6	TODO: large negative integers
		7	TODO: type cast tests.
		8	TODO: round-tripping of types, such as float16 - maybe types::Serialiser support?
		9	TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb?
		10	TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill?
		11
		12	TODO: as_object -> key value pair list to allow non-string hash keys
		13	- shared references were not decoded correctly: instead of getting
		14	multiple references to the same object, you got the same
		15	reference to the same object, causing a number of issues. For
		16	example, modifying the reference would modify all places the
		17	reference was used, and encoding the decoded structure would
		18	unshare the previously shared hashes, as trheir reference count
		19	would be 1. Fixcing this was rather involved, as perl lacks the ability
		20	to easily swap or copy arrays and hashes.
		21	- \0, \1, \undef do not work, and were not intended to ever work, as
		22	special values, despite being mentioned in the documentation (reported
		23	by nuclightq).
		24
		25	1.86 Thu 04 Nov 2021 17:48:16 CET
		26	- fixed a wrong printf format specifier (reported by Petr Písař).
		27
		28	1.85 Sat 23 Oct 2021 04:59:56 CEST
		29	- left debugging printf in code, need a test for that :(
		30
		31	1.84 Thu 21 Oct 2021 03:11:52 CEST
		32	- fix a bug in validate_utf8 where we call perl's is_utf8_string with
		33	a lenght of zero for empty strings, but perl interprets that as
		34	"calculate length", causing spurious validation errors for
		35	empty strings.
		36	- include validate_utf8 in new_safe.
		37	- avoid some warnings.
		38
		39	1.83 Tue Dec 8 09:27:06 CET 2020
		40	- add CBOR::XS::as_map cast function.
		41
		42	1.82 Tue Dec 1 02:47:40 CET 2020
		43	- add CBOR::XS::as_bool cast function.
		44
		45	1.81 Mon Nov 30 19:29:33 CET 2020
		46	- cast functions were broken due to last-minute renaming. thats
		47	what you get for not having a tessuite.
		48	- Math::BigInt and Math::BigFloat are pretty broken (again),
		49	so disable some tests. (try printing the bigfloat
		50	799999999999999999998E99999999999999999998).
		51
		52	1.8 Sun Nov 29 22:35:13 CET 2020
		53	- experimental support for some type casts, as well as embedding
		54	raw cbor data.
		55
		56	1.71 Thu Nov 15 20:52:13 CET 2018
		57	- work around what smells like a perl bug w.r.t. exceptions
		58	thrown in callbacks.
		59	- update libecb.
		60
		61	1.7 Tue Jun 27 04:02:23 CEST 2017
		62	- SECURITY FIX: fix two bugs found by american fuzzy lop,
		63	upgrade is advised if you accept data from untrusted
		64	sources.
		65	- an out-of bound sharedref or stringref index could cause an
		66	out of bounds access - might be exploitable.
		67	- a decoding error during indefinite array or hash decoding
		68	could cause an endless loop.
		69
		70	1.6 Wed Dec 7 15:13:23 CET 2016
		71	- greatly expand the SECURITY IMPLICATIONS and similar sections.
		72	- new constructor new_safe, to create a secure CBOR::XS object.
		73	- new option forbid_objects, to disallow serialisation.
		74	- new CBOR::XS::safe_filter functionality.
		75	- fix a crash when decoding a cyclic data structure using
		76	stringref/pack_strings when allow_cycles is disabled.
		77	- fix a crash when decoding hash keys with length >= 2**31.
		78	- avoid unreasonably long decoding times for certain
		79	types of (corrupt) cbor texts.
		80	- support arrays and hashes with >= 2**31 members.
		81	- avoid overflow on pointer arithmetic when checking whether enough
		82	data is available.
		83	- fix a memory leak that occured when decoding failed while decoding
		84	a tagged value.
		85	- do not leak the partially constructed result when stringifying
		86	a hash key throws an exception.
		87	- various code size and efficiency optimizations (reduced code
		88	from 42 to 40kB on my system, despite the new features).
		89
		90	1.5 Wed Apr 27 11:38:39 CEST 2016
		91	- Math::BigFloat madness workaround, see
		92	http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
		93	(bugreport by zdm@softvisio.net).
		94	- add text_keys and text_strings options to force CBOR text encoding
		95	for perl hash keys or all strings, as a result of discussions
		96	with Fredrik Ljunggren.
		97	- implement support for arbitrary-exponent numbers (see
		98	http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265)
		99	for both en- and decoding.
		100	- implement support for rational numbers (see
		101	http://peteroupc.github.io/CBOR/rational.html, tag 30) for both
		102	en- and decoding.
		103	- the above effectively implements all registered CBOR extensions
		104	in a sensible manner.
		105	- remove some weird dead code that was duplicated (%FILTER).
		106	- add t/58_hv.t, which tests hashes and the new text_* flags.
		107	hashes apparently were not encoded at all in any of the existing
		108	tests.
		109	- document Math::BigFloat base-2 performance/crash issues.
		110	- use stability canary.
		111
		112	1.41 Thu 25 Feb 15:22:03 CET 2016
		113	- avoid perl panics on nested FREEZE/THAW calls (testcase by
		114	Victor Efimov).
		115
		116	1.4 Mon Feb 8 05:10:15 CET 2016
		117	- buffer overflow fix: a fast path during decoding did not check
		118	remaining length when decoding hash keys, found by fuzzing.
		119	This can potentially leak information in the error message
		120	or crash the process.
		121	- use C style { 0 } struct initializer.
		122	- upgrade libecb.
		123
		124	1.3 Mon Apr 27 22:21:04 CEST 2015
		125	- the incremental parser didn't properly parse tagged values
		126	(testcase by Mons Anderson).
		127	- slightly speed up encoding of plain (nonmagical) arrays.
		128	- try to clarify further that effectively all 32 bit architectures
		129	have 64 bit integer support.
		130	- upgrade libecb.
		131
		132	1.26 Sat Oct 25 08:35:44 CEST 2014
		133	- update the t/57_incr.t subtest that would rely on 64 bit ints.
		134	- disable t/50_rfc.t test that fails because of broken data::dumper.
		135
		136	1.25 Sun Jan 5 15:19:14 CET 2014
		137	- map key decoding was pretty much botched due to the recent cleanups.
		138	- work around Time::Piece->epoch returning a string value, avoid encoding
		139	this as a tag 1 string.
		140	- enable more testcases in t/50_rfc.t, now that they work :)
		141
		142	1.2 Tue Dec 10 22:06:42 CET 2013
		143	- implement an incremental decoder.
		144
		145	1.12 Tue Dec 3 11:23:22 CET 2013
		146	- work around broken Time::Piece (in old versions of the module, %z doesn't
		147	work as documented, gives different results on different platforms(!)).
		148
		149	1.11 Sun Dec 1 18:00:00 CET 2013
		150	- new setting: validate_utf8, for when you can't trust your cbor data.
		151	- do not leak memory on decoding errors, when allow_cycles is enabled.
		152	- add default filters for tags 0 and 1, using Time::Piece.
		153	- more tests added.
		154
		155	1.1 Sat Nov 30 19:14:27 CET 2013
		156	- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode
		157	cyclic data structures (to avoid memleaks in unsuspecting code).
		158	- no longer "share" references that aren't, i.e. true/false/null/error/tagged.
		159	- fix stringref w.r.t. indefinite-length strings.
		160	- verify indefinite-length string chunk types.
		161	- do not allow extremely large arrays - assume an array element
		162	requires at least one CBOR byte, to avoid memory exhaustion attacks.
		163	- major code overhaul.
		164
		165	1.0 Thu Nov 28 16:43:31 CET 2013
		166	- use the now official tag values for extensions. remove the
		167	experimental notice. it's the real thing now, with real bugs.
		168	- renamed allow_stringref to pack_strings.
		169	- port to perl <= 5.16.
		170	- slightly improve the documentation.
		171
		172	0.09 Fri Nov 22 16:54:18 CET 2013
		173	- bignum/bigfloat/decimal support.
		174	- uri support.
		175	- tag filter functions support for decoding.
		176	- do not support reference-to-1/0/undef anymore, you need to use
		177	the Types::Serialiser objects now.
		178	- experimental sharable extension support (http://cbor.schmorp.de/value-sharing).
		179	- experimental stringref extension support (http://cbor.schmorp.de/stringref).
		180	- implement indirection tag (http://cbor.schmorp.de/indirection).
		181
		182	0.08 Wed Oct 30 11:10:43 CET 2013
		183	- defused another too fragile test.
		184
		185	0.07 Tue Oct 29 23:04:07 CET 2013
		186	- don't crash in decode when silly values are passed in.
		187	- considerably speed up map decoding when map keys
		188	are utf-8 or byte strings.
		189	- raising an exception in THAW should now work without
		190	leaking.
		191
		192	0.06 Tue Oct 29 16:56:07 CET 2013
		193	- do not leak when deserialiasing via THAW.
		194	- implement and document CBOR::XS creation/access/mutate
		195	methods.
		196
		197	0.05 Mon Oct 28 22:27:47 CET 2013
		198	- do not leak hash keys on decoding.
		199
		200	0.04 Sun Oct 27 23:47:47 CET 2013
3	- implement TO_CBOR/FREEZE/THAW serialisation protocols.	201	- implement TO_CBOR/FREEZE/THAW serialisation protocols.
4	- requested perl-object and generic-object tags from iana.	202	- requested perl-object and generic-object tags from iana.
5	- switched to Types::Serialiser for true, false and error.	203	- switched to Types::Serialiser for true, false and error.
6	- disabled some fragile tests (thanks, andk).	204	- disabled some fragile tests (thanks, andk).
7		205

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing CBOR-XS/Changes (file contents): Revision 1.10 by root, Sun Oct 27 22:35:15 2013 UTC vs. Revision 1.97 by root, Fri Sep 8 05:47:10 2023 UTC

Diff Legend

Comparing CBOR-XS/Changes (file contents):
Revision 1.10 by root, Sun Oct 27 22:35:15 2013 UTC vs.
Revision 1.97 by root, Fri Sep 8 05:47:10 2023 UTC