[ViewVC] Diff of: cvs/CBOR-XS/Changes

Comparing CBOR-XS/Changes (file contents):
Revision 1.36 by root, Sat Nov 30 18:13:53 2013 UTC vs.
Revision 1.91 by root, Sat Oct 23 03:00:30 2021 UTC

1	Revision history for Perl extension CBOR::XS	1	Revision history for Perl extension CBOR::XS
2		2
3	TODO: pack_keys?	3	TODO: pack_keys?
4	TODO: document encode_cbor_sharing?	4	TODO: document encode_cbor_sharing?
		5	TODO: weaken cyclic structures?
		6	TODO: large negative integers
		7	TODO: type cast tests.
		8	TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb?
		9	TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill?
5		10
		11	1.85 Sat 23 Oct 2021 04:59:56 CEST
		12	- left debugging printf in code, need a test for that :(
		13
		14	1.84 Thu 21 Oct 2021 03:11:52 CEST
		15	- fix a bug in validate_utf8 where we call perl's is_utf8_string with
		16	a lenght of zero for empty strings, but perl interprets that as
		17	"calculate length", causing spurious validation errors for
		18	empty strings.
		19	- include validate_utf8 in new_safe.
		20	- avoid some warnings.
		21
		22	1.83 Tue Dec 8 09:27:06 CET 2020
		23	- add CBOR::XS::as_map cast function.
		24
		25	1.82 Tue Dec 1 02:47:40 CET 2020
		26	- add CBOR::XS::as_bool cast function.
		27
		28	1.81 Mon Nov 30 19:29:33 CET 2020
		29	- cast functions were broken due to last-minute renaming. thats
		30	what you get for not having a tessuite.
		31	- Math::BigInt and Math::BigFloat are pretty broken (again),
		32	so disable some tests. (try printing the bigfloat
		33	799999999999999999998E99999999999999999998).
		34
		35	1.8 Sun Nov 29 22:35:13 CET 2020
		36	- experimental support for some type casts, as well as embedding
		37	raw cbor data.
		38
		39	1.71 Thu Nov 15 20:52:13 CET 2018
		40	- work around what smells like a perl bug w.r.t. exceptions
		41	thrown in callbacks.
		42	- update libecb.
		43
		44	1.7 Tue Jun 27 04:02:23 CEST 2017
		45	- SECURITY FIX: fix two bugs found by american fuzzy lop,
		46	upgrade is advised if you accept data from untrusted
		47	sources.
		48	- an out-of bound sharedref or stringref index could cause an
		49	out of bounds access - might be exploitable.
		50	- a decoding error during indefinite array or hash decoding
		51	could cause an endless loop.
		52
		53	1.6 Wed Dec 7 15:13:23 CET 2016
		54	- greatly expand the SECURITY IMPLICATIONS and similar sections.
		55	- new constructor new_safe, to create a secure CBOR::XS object.
		56	- new option forbid_objects, to disallow serialisation.
		57	- new CBOR::XS::safe_filter functionality.
		58	- fix a crash when decoding a cyclic data structure using
		59	stringref/pack_strings when allow_cycles is disabled.
		60	- fix a crash when decoding hash keys with length >= 2**31.
		61	- avoid unreasonably long decoding times for certain
		62	types of (corrupt) cbor texts.
		63	- support arrays and hashes with >= 2**31 members.
		64	- avoid overflow on pointer arithmetic when checking whether enough
		65	data is available.
		66	- fix a memory leak that occured when decoding failed while decoding
		67	a tagged value.
		68	- do not leak the partially constructed result when stringifying
		69	a hash key throws an exception.
		70	- various code size and efficiency optimizations (reduced code
		71	from 42 to 40kB on my system, despite the new features).
		72
		73	1.5 Wed Apr 27 11:38:39 CEST 2016
		74	- Math::BigFloat madness workaround, see
		75	http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
		76	(bugreport by zdm@softvisio.net).
		77	- add text_keys and text_strings options to force CBOR text encoding
		78	for perl hash keys or all strings, as a result of discussions
		79	with Fredrik Ljunggren.
		80	- implement support for arbitrary-exponent numbers (see
		81	http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265)
		82	for both en- and decoding.
		83	- implement support for rational numbers (see
		84	http://peteroupc.github.io/CBOR/rational.html, tag 30) for both
		85	en- and decoding.
		86	- the above effectively implements all registered CBOR extensions
		87	in a sensible manner.
		88	- remove some weird dead code that was duplicated (%FILTER).
		89	- add t/58_hv.t, which tests hashes and the new text_* flags.
		90	hashes apparently were not encoded at all in any of the existing
		91	tests.
		92	- document Math::BigFloat base-2 performance/crash issues.
		93	- use stability canary.
		94
		95	1.41 Thu 25 Feb 15:22:03 CET 2016
		96	- avoid perl panics on nested FREEZE/THAW calls (testcase by
		97	Victor Efimov).
		98
		99	1.4 Mon Feb 8 05:10:15 CET 2016
		100	- buffer overflow fix: a fast path during decoding did not check
		101	remaining length when decoding hash keys, found by fuzzing.
		102	This can potentially leak information in the error message
		103	or crash the process.
		104	- use C style { 0 } struct initializer.
		105	- upgrade libecb.
		106
		107	1.3 Mon Apr 27 22:21:04 CEST 2015
		108	- the incremental parser didn't properly parse tagged values
		109	(testcase by Mons Anderson).
		110	- slightly speed up encoding of plain (nonmagical) arrays.
		111	- try to clarify further that effectively all 32 bit architectures
		112	have 64 bit integer support.
		113	- upgrade libecb.
		114
		115	1.26 Sat Oct 25 08:35:44 CEST 2014
		116	- update the t/57_incr.t subtest that would rely on 64 bit ints.
		117	- disable t/50_rfc.t test that fails because of broken data::dumper.
		118
		119	1.25 Sun Jan 5 15:19:14 CET 2014
		120	- map key decoding was pretty much botched due to the recent cleanups.
		121	- work around Time::Piece->epoch returning a string value, avoid encoding
		122	this as a tag 1 string.
		123	- enable more testcases in t/50_rfc.t, now that they work :)
		124
		125	1.2 Tue Dec 10 22:06:42 CET 2013
		126	- implement an incremental decoder.
		127
		128	1.12 Tue Dec 3 11:23:22 CET 2013
		129	- work around broken Time::Piece (in old versions of the module, %z doesn't
		130	work as documented, gives different results on different platforms(!)).
		131
		132	1.11 Sun Dec 1 18:00:00 CET 2013
		133	- new setting: validate_utf8, for when you can't trust your cbor data.
		134	- do not leak memory on decoding errors, when allow_cycles is enabled.
		135	- add default filters for tags 0 and 1, using Time::Piece.
		136	- more tests added.
		137
		138	1.1 Sat Nov 30 19:14:27 CET 2013
6	- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode	139	- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode
7	cyclic data structures (to avoid memleaks in unsuspecting code).	140	cyclic data structures (to avoid memleaks in unsuspecting code).
8	- no longer "share" references that aren't, i.e.	141	- no longer "share" references that aren't, i.e. true/false/null/error/tagged.
9	as true/false/null/error/tagged.
10	- fix stringref w.r.t. indefinite-length strings.	142	- fix stringref w.r.t. indefinite-length strings.
11	- verify indefinite-length string chunk types.	143	- verify indefinite-length string chunk types.
12	- do not allow extremely large arrays - assume an array element	144	- do not allow extremely large arrays - assume an array element
13	requires at least one CBOR byte.	145	requires at least one CBOR byte, to avoid memory exhaustion attacks.
14	- major code overhaul.	146	- major code overhaul.
15		147
16	1.0 Thu Nov 28 16:43:31 CET 2013	148	1.0 Thu Nov 28 16:43:31 CET 2013
17	- use the now official tag values for extensions. remove the	149	- use the now official tag values for extensions. remove the
18	experimental notice. it's the real thing now, with real bugs.	150	experimental notice. it's the real thing now, with real bugs.

Diff Legend

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines

Comparing CBOR-XS/Changes (file contents): Revision 1.36 by root, Sat Nov 30 18:13:53 2013 UTC vs. Revision 1.91 by root, Sat Oct 23 03:00:30 2021 UTC

Diff Legend

Comparing CBOR-XS/Changes (file contents):
Revision 1.36 by root, Sat Nov 30 18:13:53 2013 UTC vs.
Revision 1.91 by root, Sat Oct 23 03:00:30 2021 UTC