| 1 | Revision history for Perl extension CBOR::XS |
1 | Revision history for Perl extension CBOR::XS |
| 2 | |
2 | |
| 3 | TODO: pack_keys? |
3 | TODO: pack_keys? |
| 4 | TODO: document encode_cbor_sharing? |
4 | TODO: document encode_cbor_sharing? |
| 5 | TODO: weaken cyclic structures? |
|
|
| 6 | TODO: allowed_classes or so? |
|
|
| 7 | TODO: large negative integers |
5 | TODO: large negative integers |
| 8 | TODO: russian guy test case exception |
6 | TODO: type cast tests. |
| 9 | TODO: allow_objects |
7 | TODO: round-tripping of types, such as float16 - maybe types::Serialiser support? |
| 10 | 1.51 |
8 | TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb? |
| 11 | - point out security implications of having unsafe THAW |
9 | TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill? |
| 12 | function/methods in your process. |
10 | |
|
|
11 | 1.87 Fri 08 Sep 2023 22:14:18 CEST |
|
|
12 | - shared references were not decoded correctly: instead of getting |
|
|
13 | multiple references to the same object, you got the same |
|
|
14 | reference to the same object, causing a number of issues. For |
|
|
15 | example, modifying the reference would modify all places the |
|
|
16 | reference was used, and encoding the decoded structure would |
|
|
17 | unshare the previously shared hashes, as trheir reference count |
|
|
18 | would be 1. Fixing this was rather involved, as perl lacks the |
|
|
19 | ability to easily swap or copy arrays and hashes. |
|
|
20 | - \0, \1, \undef do not work, and were not intended to ever work, as |
|
|
21 | special values, despite being mentioned in the documentation (reported |
|
|
22 | by nuclightq). |
|
|
23 | - new feature: allow_weak_cycles. |
|
|
24 | |
|
|
25 | 1.86 Thu 04 Nov 2021 17:48:16 CET |
|
|
26 | - fixed a wrong printf format specifier (reported by Petr Písař). |
|
|
27 | |
|
|
28 | 1.85 Sat 23 Oct 2021 04:59:56 CEST |
|
|
29 | - left debugging printf in code, need a test for that :( |
|
|
30 | |
|
|
31 | 1.84 Thu 21 Oct 2021 03:11:52 CEST |
|
|
32 | - fix a bug in validate_utf8 where we call perl's is_utf8_string with |
|
|
33 | a lenght of zero for empty strings, but perl interprets that as |
|
|
34 | "calculate length", causing spurious validation errors for |
|
|
35 | empty strings. |
|
|
36 | - include validate_utf8 in new_safe. |
|
|
37 | - avoid some warnings. |
|
|
38 | |
|
|
39 | 1.83 Tue Dec 8 09:27:06 CET 2020 |
|
|
40 | - add CBOR::XS::as_map cast function. |
|
|
41 | |
|
|
42 | 1.82 Tue Dec 1 02:47:40 CET 2020 |
|
|
43 | - add CBOR::XS::as_bool cast function. |
|
|
44 | |
|
|
45 | 1.81 Mon Nov 30 19:29:33 CET 2020 |
|
|
46 | - cast functions were broken due to last-minute renaming. thats |
|
|
47 | what you get for not having a tessuite. |
|
|
48 | - Math::BigInt and Math::BigFloat are pretty broken (again), |
|
|
49 | so disable some tests. (try printing the bigfloat |
|
|
50 | 799999999999999999998E99999999999999999998). |
|
|
51 | |
|
|
52 | 1.8 Sun Nov 29 22:35:13 CET 2020 |
|
|
53 | - experimental support for some type casts, as well as embedding |
|
|
54 | raw cbor data. |
|
|
55 | |
|
|
56 | 1.71 Thu Nov 15 20:52:13 CET 2018 |
|
|
57 | - work around what smells like a perl bug w.r.t. exceptions |
|
|
58 | thrown in callbacks. |
|
|
59 | - update libecb. |
|
|
60 | |
|
|
61 | 1.7 Tue Jun 27 04:02:23 CEST 2017 |
|
|
62 | - SECURITY FIX: fix two bugs found by american fuzzy lop, |
|
|
63 | upgrade is advised if you accept data from untrusted |
|
|
64 | sources. |
|
|
65 | - an out-of bound sharedref or stringref index could cause an |
|
|
66 | out of bounds access - might be exploitable. |
|
|
67 | - a decoding error during indefinite array or hash decoding |
|
|
68 | could cause an endless loop. |
|
|
69 | |
|
|
70 | 1.6 Wed Dec 7 15:13:23 CET 2016 |
|
|
71 | - greatly expand the SECURITY IMPLICATIONS and similar sections. |
|
|
72 | - new constructor new_safe, to create a secure CBOR::XS object. |
|
|
73 | - new option forbid_objects, to disallow serialisation. |
|
|
74 | - new CBOR::XS::safe_filter functionality. |
| 13 | - fix a crash when decoding a cyclic data structure using |
75 | - fix a crash when decoding a cyclic data structure using |
| 14 | stringref/pack_strings when allow_cycles is disabled. |
76 | stringref/pack_strings when allow_cycles is disabled. |
| 15 | - fix a crash when decoding hash keys with length >= 2**31. |
77 | - fix a crash when decoding hash keys with length >= 2**31. |
| 16 | - avoid unreasonably long decoding times for certain |
78 | - avoid unreasonably long decoding times for certain |
| 17 | types of data corruption. |
79 | types of (corrupt) cbor texts. |
| 18 | - support arrays and hashes with >= 2**31 members. |
80 | - support arrays and hashes with >= 2**31 members. |
| 19 | - avoid overflow on pointer arithmetic when checking whether enough |
81 | - avoid overflow on pointer arithmetic when checking whether enough |
| 20 | data is available. |
82 | data is available. |
| 21 | - fix a memory leak that occured when decoding failed while decoding |
83 | - fix a memory leak that occured when decoding failed while decoding |
| 22 | a tagged value. |
84 | a tagged value. |
|
|
85 | - do not leak the partially constructed result when stringifying |
|
|
86 | a hash key throws an exception. |
|
|
87 | - various code size and efficiency optimizations (reduced code |
|
|
88 | from 42 to 40kB on my system, despite the new features). |
| 23 | |
89 | |
| 24 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
90 | 1.5 Wed Apr 27 11:38:39 CEST 2016 |
| 25 | - Math::BigFloat madness workaround, see |
91 | - Math::BigFloat madness workaround, see |
| 26 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
92 | http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
| 27 | (bugreport by zdm@softvisio.net). |
93 | (bugreport by zdm@softvisio.net). |
