ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/CBOR-XS/Changes
(Generate patch)

Comparing CBOR-XS/Changes (file contents):
Revision 1.74 by root, Sat Nov 26 00:47:02 2016 UTC vs.
Revision 1.81 by root, Sun Nov 29 22:59:49 2020 UTC

1Revision history for Perl extension CBOR::XS 1Revision history for Perl extension CBOR::XS
2 2
3TODO: pack_keys? 3TODO: pack_keys?
4TODO: document encode_cbor_sharing? 4TODO: document encode_cbor_sharing?
5TODO: weaken cyclic structures? 5TODO: weaken cyclic structures?
6TODO: allowed_classes or so?
7TODO: large negative integers 6TODO: large negative integers
8TODO: russian guy test case exception 7TODO: type cast tests.
91.6 8TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb?
10 - point out security implications of having unsafe THAW 9TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill?
11 function/methods in your process. 10
111.81
12 - Math::BigInt and Math::BigFloat are pretty broken (again),
13 so disable some tests. (try printing the bigfloat
14 799999999999999999998E99999999999999999998).
15
161.8 Sun Nov 29 22:35:13 CET 2020
17 - experimental support for some type casts, as well as embedding
18 raw cbor data.
19
201.71 Thu Nov 15 20:52:13 CET 2018
21 - work around what smells like a perl bug w.r.t. exceptions
22 thrown in callbacks.
23 - update libecb.
24
251.7 Tue Jun 27 04:02:23 CEST 2017
26 - SECURITY FIX: fix two bugs found by american fuzzy lop,
27 upgrade is advised if you accept data from untrusted
28 sources.
29 - an out-of bound sharedref or stringref index could cause an
30 out of bounds access - might be exploitable.
31 - a decoding error during indefinite array or hash decoding
32 could cause an endless loop.
33
341.6 Wed Dec 7 15:13:23 CET 2016
35 - greatly expand the SECURITY IMPLICATIONS and similar sections.
12 - new constructor new_safe, to create a secure CBOR::XS object. 36 - new constructor new_safe, to create a secure CBOR::XS object.
13 - new option forbid_objects, to disallow serialisation. 37 - new option forbid_objects, to disallow serialisation.
14 - new CBOR::XS::safe_filter functionality. 38 - new CBOR::XS::safe_filter functionality.
15 - fix a crash when decoding a cyclic data structure using 39 - fix a crash when decoding a cyclic data structure using
16 stringref/pack_strings when allow_cycles is disabled. 40 stringref/pack_strings when allow_cycles is disabled.
17 - fix a crash when decoding hash keys with length >= 2**31. 41 - fix a crash when decoding hash keys with length >= 2**31.
18 - avoid unreasonably long decoding times for certain 42 - avoid unreasonably long decoding times for certain
19 types of data corruption. 43 types of (corrupt) cbor texts.
20 - support arrays and hashes with >= 2**31 members. 44 - support arrays and hashes with >= 2**31 members.
21 - avoid overflow on pointer arithmetic when checking whether enough 45 - avoid overflow on pointer arithmetic when checking whether enough
22 data is available. 46 data is available.
23 - fix a memory leak that occured when decoding failed while decoding 47 - fix a memory leak that occured when decoding failed while decoding
24 a tagged value. 48 a tagged value.
25 - do not leak the partially constructed result when stringifying 49 - do not leak the partially constructed result when stringifying
26 a hash key throws an exception. 50 a hash key throws an exception.
27 - various code size and efficiency optimizations (reduced code 51 - various code size and efficiency optimizations (reduced code
28 from 42 to 40kB on my system, despite the new code). 52 from 42 to 40kB on my system, despite the new features).
29 53
301.5 Wed Apr 27 11:38:39 CEST 2016 541.5 Wed Apr 27 11:38:39 CEST 2016
31 - Math::BigFloat madness workaround, see 55 - Math::BigFloat madness workaround, see
32 http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html 56 http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html
33 (bugreport by zdm@softvisio.net). 57 (bugreport by zdm@softvisio.net).

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines