ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/CBOR-XS/Changes
(Generate patch)

Comparing CBOR-XS/Changes (file contents):
Revision 1.14 by root, Mon Oct 28 22:50:50 2013 UTC vs.
Revision 1.86 by root, Fri Dec 4 02:57:14 2020 UTC

1Revision history for Perl extension CBOR::XS 1Revision history for Perl extension CBOR::XS
2 2
3TODO: cbor::xs::tagged methods 3TODO: pack_keys?
4TODO: G_EVAL for callbacks 4TODO: document encode_cbor_sharing?
5TODO: weaken cyclic structures?
6TODO: large negative integers
7TODO: type cast tests.
8TODO: as_map (for non-string keys)
9TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb?
10TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill?
5 11
121.82 Tue Dec 1 02:47:40 CET 2020
13 - add CBOR::XS::as_bool cast function.
14
151.81 Mon Nov 30 19:29:33 CET 2020
16 - cast functions were broken due to last-minute renaming. thats
17 what you get for not having a tessuite.
18 - Math::BigInt and Math::BigFloat are pretty broken (again),
19 so disable some tests. (try printing the bigfloat
20 799999999999999999998E99999999999999999998).
21
221.8 Sun Nov 29 22:35:13 CET 2020
23 - experimental support for some type casts, as well as embedding
24 raw cbor data.
25
261.71 Thu Nov 15 20:52:13 CET 2018
27 - work around what smells like a perl bug w.r.t. exceptions
28 thrown in callbacks.
29 - update libecb.
30
311.7 Tue Jun 27 04:02:23 CEST 2017
32 - SECURITY FIX: fix two bugs found by american fuzzy lop,
33 upgrade is advised if you accept data from untrusted
34 sources.
35 - an out-of bound sharedref or stringref index could cause an
36 out of bounds access - might be exploitable.
37 - a decoding error during indefinite array or hash decoding
38 could cause an endless loop.
39
401.6 Wed Dec 7 15:13:23 CET 2016
41 - greatly expand the SECURITY IMPLICATIONS and similar sections.
42 - new constructor new_safe, to create a secure CBOR::XS object.
43 - new option forbid_objects, to disallow serialisation.
44 - new CBOR::XS::safe_filter functionality.
45 - fix a crash when decoding a cyclic data structure using
46 stringref/pack_strings when allow_cycles is disabled.
47 - fix a crash when decoding hash keys with length >= 2**31.
48 - avoid unreasonably long decoding times for certain
49 types of (corrupt) cbor texts.
50 - support arrays and hashes with >= 2**31 members.
51 - avoid overflow on pointer arithmetic when checking whether enough
52 data is available.
53 - fix a memory leak that occured when decoding failed while decoding
54 a tagged value.
55 - do not leak the partially constructed result when stringifying
56 a hash key throws an exception.
57 - various code size and efficiency optimizations (reduced code
58 from 42 to 40kB on my system, despite the new features).
59
601.5 Wed Apr 27 11:38:39 CEST 2016
61 - Math::BigFloat madness workaround, see
62 http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
63 (bugreport by zdm@softvisio.net).
64 - add text_keys and text_strings options to force CBOR text encoding
65 for perl hash keys or all strings, as a result of discussions
66 with Fredrik Ljunggren.
67 - implement support for arbitrary-exponent numbers (see
68 http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265)
69 for both en- and decoding.
70 - implement support for rational numbers (see
71 http://peteroupc.github.io/CBOR/rational.html, tag 30) for both
72 en- and decoding.
73 - the above effectively implements all registered CBOR extensions
74 in a sensible manner.
75 - remove some weird dead code that was duplicated (%FILTER).
76 - add t/58_hv.t, which tests hashes and the new text_* flags.
77 hashes apparently were not encoded at all in any of the existing
78 tests.
79 - document Math::BigFloat base-2 performance/crash issues.
80 - use stability canary.
81
821.41 Thu 25 Feb 15:22:03 CET 2016
83 - avoid perl panics on nested FREEZE/THAW calls (testcase by
84 Victor Efimov).
85
861.4 Mon Feb 8 05:10:15 CET 2016
87 - buffer overflow fix: a fast path during decoding did not check
88 remaining length when decoding hash keys, found by fuzzing.
89 This can potentially leak information in the error message
90 or crash the process.
91 - use C style { 0 } struct initializer.
92 - upgrade libecb.
93
941.3 Mon Apr 27 22:21:04 CEST 2015
95 - the incremental parser didn't properly parse tagged values
96 (testcase by Mons Anderson).
97 - slightly speed up encoding of plain (nonmagical) arrays.
98 - try to clarify further that effectively all 32 bit architectures
99 have 64 bit integer support.
100 - upgrade libecb.
101
1021.26 Sat Oct 25 08:35:44 CEST 2014
103 - update the t/57_incr.t subtest that would rely on 64 bit ints.
104 - disable t/50_rfc.t test that fails because of broken data::dumper.
105
1061.25 Sun Jan 5 15:19:14 CET 2014
107 - map key decoding was pretty much botched due to the recent cleanups.
108 - work around Time::Piece->epoch returning a string value, avoid encoding
109 this as a tag 1 string.
110 - enable more testcases in t/50_rfc.t, now that they work :)
111
1121.2 Tue Dec 10 22:06:42 CET 2013
113 - implement an incremental decoder.
114
1151.12 Tue Dec 3 11:23:22 CET 2013
116 - work around broken Time::Piece (in old versions of the module, %z doesn't
117 work as documented, gives different results on different platforms(!)).
118
1191.11 Sun Dec 1 18:00:00 CET 2013
120 - new setting: validate_utf8, for when you can't trust your cbor data.
121 - do not leak memory on decoding errors, when allow_cycles is enabled.
122 - add default filters for tags 0 and 1, using Time::Piece.
123 - more tests added.
124
1251.1 Sat Nov 30 19:14:27 CET 2013
126 - INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode
127 cyclic data structures (to avoid memleaks in unsuspecting code).
128 - no longer "share" references that aren't, i.e. true/false/null/error/tagged.
129 - fix stringref w.r.t. indefinite-length strings.
130 - verify indefinite-length string chunk types.
131 - do not allow extremely large arrays - assume an array element
132 requires at least one CBOR byte, to avoid memory exhaustion attacks.
133 - major code overhaul.
134
1351.0 Thu Nov 28 16:43:31 CET 2013
136 - use the now official tag values for extensions. remove the
137 experimental notice. it's the real thing now, with real bugs.
138 - renamed allow_stringref to pack_strings.
139 - port to perl <= 5.16.
140 - slightly improve the documentation.
141
1420.09 Fri Nov 22 16:54:18 CET 2013
143 - bignum/bigfloat/decimal support.
144 - uri support.
145 - tag filter functions support for decoding.
146 - do not support reference-to-1/0/undef anymore, you need to use
147 the Types::Serialiser objects now.
148 - experimental sharable extension support (http://cbor.schmorp.de/value-sharing).
149 - experimental stringref extension support (http://cbor.schmorp.de/stringref).
150 - implement indirection tag (http://cbor.schmorp.de/indirection).
151
1520.08 Wed Oct 30 11:10:43 CET 2013
153 - defused another too fragile test.
154
1550.07 Tue Oct 29 23:04:07 CET 2013
156 - don't crash in decode when silly values are passed in.
157 - considerably speed up map decoding when map keys
158 are utf-8 or byte strings.
159 - raising an exception in THAW should now work without
160 leaking.
161
1620.06 Tue Oct 29 16:56:07 CET 2013
6 - do not leak when deserialiasing via THAW. 163 - do not leak when deserialiasing via THAW.
164 - implement and document CBOR::XS creation/access/mutate
165 methods.
7 166
80.05 Mon Oct 28 22:27:47 CET 2013 1670.05 Mon Oct 28 22:27:47 CET 2013
9 - do not leak hash keys on decoding. 168 - do not leak hash keys on decoding.
10 169
110.04 Sun Oct 27 23:47:47 CET 2013 1700.04 Sun Oct 27 23:47:47 CET 2013

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines