1 | Revision history for Perl extension CBOR::XS |
1 | Revision history for Perl extension CBOR::XS |
|
|
2 | |
|
|
3 | TODO: pack_keys? |
|
|
4 | TODO: document encode_cbor_sharing? |
|
|
5 | TODO: weaken cyclic structures? |
|
|
6 | TODO: large negative integers |
|
|
7 | TODO: type cast tests. |
|
|
8 | TODO: round-tripping of types, such as float16 - maybe types::Serialiser support? |
|
|
9 | TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb? |
|
|
10 | TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill? |
|
|
11 | |
|
|
12 | 1.86 Thu 04 Nov 2021 17:48:16 CET |
|
|
13 | - fixed a wrong printf format specifier (reported by Petr Písař). |
|
|
14 | |
|
|
15 | 1.85 Sat 23 Oct 2021 04:59:56 CEST |
|
|
16 | - left debugging printf in code, need a test for that :( |
|
|
17 | |
|
|
18 | 1.84 Thu 21 Oct 2021 03:11:52 CEST |
|
|
19 | - fix a bug in validate_utf8 where we call perl's is_utf8_string with |
|
|
20 | a lenght of zero for empty strings, but perl interprets that as |
|
|
21 | "calculate length", causing spurious validation errors for |
|
|
22 | empty strings. |
|
|
23 | - include validate_utf8 in new_safe. |
|
|
24 | - avoid some warnings. |
|
|
25 | |
|
|
26 | 1.83 Tue Dec 8 09:27:06 CET 2020 |
|
|
27 | - add CBOR::XS::as_map cast function. |
|
|
28 | |
|
|
29 | 1.82 Tue Dec 1 02:47:40 CET 2020 |
|
|
30 | - add CBOR::XS::as_bool cast function. |
|
|
31 | |
|
|
32 | 1.81 Mon Nov 30 19:29:33 CET 2020 |
|
|
33 | - cast functions were broken due to last-minute renaming. thats |
|
|
34 | what you get for not having a tessuite. |
|
|
35 | - Math::BigInt and Math::BigFloat are pretty broken (again), |
|
|
36 | so disable some tests. (try printing the bigfloat |
|
|
37 | 799999999999999999998E99999999999999999998). |
|
|
38 | |
|
|
39 | 1.8 Sun Nov 29 22:35:13 CET 2020 |
|
|
40 | - experimental support for some type casts, as well as embedding |
|
|
41 | raw cbor data. |
|
|
42 | |
|
|
43 | 1.71 Thu Nov 15 20:52:13 CET 2018 |
|
|
44 | - work around what smells like a perl bug w.r.t. exceptions |
|
|
45 | thrown in callbacks. |
|
|
46 | - update libecb. |
|
|
47 | |
|
|
48 | 1.7 Tue Jun 27 04:02:23 CEST 2017 |
|
|
49 | - SECURITY FIX: fix two bugs found by american fuzzy lop, |
|
|
50 | upgrade is advised if you accept data from untrusted |
|
|
51 | sources. |
|
|
52 | - an out-of bound sharedref or stringref index could cause an |
|
|
53 | out of bounds access - might be exploitable. |
|
|
54 | - a decoding error during indefinite array or hash decoding |
|
|
55 | could cause an endless loop. |
|
|
56 | |
|
|
57 | 1.6 Wed Dec 7 15:13:23 CET 2016 |
|
|
58 | - greatly expand the SECURITY IMPLICATIONS and similar sections. |
|
|
59 | - new constructor new_safe, to create a secure CBOR::XS object. |
|
|
60 | - new option forbid_objects, to disallow serialisation. |
|
|
61 | - new CBOR::XS::safe_filter functionality. |
|
|
62 | - fix a crash when decoding a cyclic data structure using |
|
|
63 | stringref/pack_strings when allow_cycles is disabled. |
|
|
64 | - fix a crash when decoding hash keys with length >= 2**31. |
|
|
65 | - avoid unreasonably long decoding times for certain |
|
|
66 | types of (corrupt) cbor texts. |
|
|
67 | - support arrays and hashes with >= 2**31 members. |
|
|
68 | - avoid overflow on pointer arithmetic when checking whether enough |
|
|
69 | data is available. |
|
|
70 | - fix a memory leak that occured when decoding failed while decoding |
|
|
71 | a tagged value. |
|
|
72 | - do not leak the partially constructed result when stringifying |
|
|
73 | a hash key throws an exception. |
|
|
74 | - various code size and efficiency optimizations (reduced code |
|
|
75 | from 42 to 40kB on my system, despite the new features). |
|
|
76 | |
|
|
77 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
|
|
78 | - Math::BigFloat madness workaround, see |
|
|
79 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
|
|
80 | (bugreport by zdm@softvisio.net). |
|
|
81 | - add text_keys and text_strings options to force CBOR text encoding |
|
|
82 | for perl hash keys or all strings, as a result of discussions |
|
|
83 | with Fredrik Ljunggren. |
|
|
84 | - implement support for arbitrary-exponent numbers (see |
|
|
85 | http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265) |
|
|
86 | for both en- and decoding. |
|
|
87 | - implement support for rational numbers (see |
|
|
88 | http://peteroupc.github.io/CBOR/rational.html, tag 30) for both |
|
|
89 | en- and decoding. |
|
|
90 | - the above effectively implements all registered CBOR extensions |
|
|
91 | in a sensible manner. |
|
|
92 | - remove some weird dead code that was duplicated (%FILTER). |
|
|
93 | - add t/58_hv.t, which tests hashes and the new text_* flags. |
|
|
94 | hashes apparently were not encoded at all in any of the existing |
|
|
95 | tests. |
|
|
96 | - document Math::BigFloat base-2 performance/crash issues. |
|
|
97 | - use stability canary. |
|
|
98 | |
|
|
99 | 1.41 Thu 25 Feb 15:22:03 CET 2016 |
|
|
100 | - avoid perl panics on nested FREEZE/THAW calls (testcase by |
|
|
101 | Victor Efimov). |
|
|
102 | |
|
|
103 | 1.4 Mon Feb 8 05:10:15 CET 2016 |
|
|
104 | - buffer overflow fix: a fast path during decoding did not check |
|
|
105 | remaining length when decoding hash keys, found by fuzzing. |
|
|
106 | This can potentially leak information in the error message |
|
|
107 | or crash the process. |
|
|
108 | - use C style { 0 } struct initializer. |
|
|
109 | - upgrade libecb. |
|
|
110 | |
|
|
111 | 1.3 Mon Apr 27 22:21:04 CEST 2015 |
|
|
112 | - the incremental parser didn't properly parse tagged values |
|
|
113 | (testcase by Mons Anderson). |
|
|
114 | - slightly speed up encoding of plain (nonmagical) arrays. |
|
|
115 | - try to clarify further that effectively all 32 bit architectures |
|
|
116 | have 64 bit integer support. |
|
|
117 | - upgrade libecb. |
|
|
118 | |
|
|
119 | 1.26 Sat Oct 25 08:35:44 CEST 2014 |
|
|
120 | - update the t/57_incr.t subtest that would rely on 64 bit ints. |
|
|
121 | - disable t/50_rfc.t test that fails because of broken data::dumper. |
|
|
122 | |
|
|
123 | 1.25 Sun Jan 5 15:19:14 CET 2014 |
|
|
124 | - map key decoding was pretty much botched due to the recent cleanups. |
|
|
125 | - work around Time::Piece->epoch returning a string value, avoid encoding |
|
|
126 | this as a tag 1 string. |
|
|
127 | - enable more testcases in t/50_rfc.t, now that they work :) |
|
|
128 | |
|
|
129 | 1.2 Tue Dec 10 22:06:42 CET 2013 |
|
|
130 | - implement an incremental decoder. |
|
|
131 | |
|
|
132 | 1.12 Tue Dec 3 11:23:22 CET 2013 |
|
|
133 | - work around broken Time::Piece (in old versions of the module, %z doesn't |
|
|
134 | work as documented, gives different results on different platforms(!)). |
|
|
135 | |
|
|
136 | 1.11 Sun Dec 1 18:00:00 CET 2013 |
|
|
137 | - new setting: validate_utf8, for when you can't trust your cbor data. |
|
|
138 | - do not leak memory on decoding errors, when allow_cycles is enabled. |
|
|
139 | - add default filters for tags 0 and 1, using Time::Piece. |
|
|
140 | - more tests added. |
|
|
141 | |
|
|
142 | 1.1 Sat Nov 30 19:14:27 CET 2013 |
|
|
143 | - INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode |
|
|
144 | cyclic data structures (to avoid memleaks in unsuspecting code). |
|
|
145 | - no longer "share" references that aren't, i.e. true/false/null/error/tagged. |
|
|
146 | - fix stringref w.r.t. indefinite-length strings. |
|
|
147 | - verify indefinite-length string chunk types. |
|
|
148 | - do not allow extremely large arrays - assume an array element |
|
|
149 | requires at least one CBOR byte, to avoid memory exhaustion attacks. |
|
|
150 | - major code overhaul. |
|
|
151 | |
|
|
152 | 1.0 Thu Nov 28 16:43:31 CET 2013 |
|
|
153 | - use the now official tag values for extensions. remove the |
|
|
154 | experimental notice. it's the real thing now, with real bugs. |
|
|
155 | - renamed allow_stringref to pack_strings. |
|
|
156 | - port to perl <= 5.16. |
|
|
157 | - slightly improve the documentation. |
|
|
158 | |
|
|
159 | 0.09 Fri Nov 22 16:54:18 CET 2013 |
|
|
160 | - bignum/bigfloat/decimal support. |
|
|
161 | - uri support. |
|
|
162 | - tag filter functions support for decoding. |
|
|
163 | - do not support reference-to-1/0/undef anymore, you need to use |
|
|
164 | the Types::Serialiser objects now. |
|
|
165 | - experimental sharable extension support (http://cbor.schmorp.de/value-sharing). |
|
|
166 | - experimental stringref extension support (http://cbor.schmorp.de/stringref). |
|
|
167 | - implement indirection tag (http://cbor.schmorp.de/indirection). |
|
|
168 | |
|
|
169 | 0.08 Wed Oct 30 11:10:43 CET 2013 |
|
|
170 | - defused another too fragile test. |
|
|
171 | |
|
|
172 | 0.07 Tue Oct 29 23:04:07 CET 2013 |
|
|
173 | - don't crash in decode when silly values are passed in. |
|
|
174 | - considerably speed up map decoding when map keys |
|
|
175 | are utf-8 or byte strings. |
|
|
176 | - raising an exception in THAW should now work without |
|
|
177 | leaking. |
|
|
178 | |
|
|
179 | 0.06 Tue Oct 29 16:56:07 CET 2013 |
|
|
180 | - do not leak when deserialiasing via THAW. |
|
|
181 | - implement and document CBOR::XS creation/access/mutate |
|
|
182 | methods. |
|
|
183 | |
|
|
184 | 0.05 Mon Oct 28 22:27:47 CET 2013 |
|
|
185 | - do not leak hash keys on decoding. |
|
|
186 | |
|
|
187 | 0.04 Sun Oct 27 23:47:47 CET 2013 |
|
|
188 | - implement TO_CBOR/FREEZE/THAW serialisation protocols. |
|
|
189 | - requested perl-object and generic-object tags from iana. |
|
|
190 | - switched to Types::Serialiser for true, false and error. |
|
|
191 | - disabled some fragile tests (thanks, andk). |
|
|
192 | |
|
|
193 | 0.03 Sun Oct 27 00:28:41 CEST 2013 |
|
|
194 | - improve 32 bit platform compatibility. |
|
|
195 | - take more advantage of ecb.h. |
|
|
196 | - preliminary and bare-bones tagged support. |
|
|
197 | - improved docs. |
2 | |
198 | |
3 | 0.02 Sat Oct 26 13:08:05 CEST 2013 |
199 | 0.02 Sat Oct 26 13:08:05 CEST 2013 |
4 | - no aborts left. |
200 | - no aborts left. |
5 | - add $CBOR::XS::MAGIC. |
201 | - add $CBOR::XS::MAGIC. |
6 | - preliminary tagged decoding to arrayref. |
202 | - preliminary tagged decoding to arrayref. |