1 |
Revision history for Perl extension CBOR::XS |
2 |
|
3 |
TODO: pack_keys? |
4 |
TODO: document encode_cbor_sharing? |
5 |
TODO: weaken cyclic structures? |
6 |
TODO: large negative integers |
7 |
TODO: type cast tests. |
8 |
TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb? |
9 |
TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill? |
10 |
TODO: as_bool, also in Types::Serialiser? |
11 |
|
12 |
1.81 Mon Nov 30 19:29:33 CET 2020 |
13 |
- cast funbctions were broken due to last-minute renaming. thats |
14 |
what you egt for not havign a tessuite. |
15 |
- Math::BigInt and Math::BigFloat are pretty broken (again), |
16 |
so disable some tests. (try printing the bigfloat |
17 |
799999999999999999998E99999999999999999998). |
18 |
|
19 |
1.8 Sun Nov 29 22:35:13 CET 2020 |
20 |
- experimental support for some type casts, as well as embedding |
21 |
raw cbor data. |
22 |
|
23 |
1.71 Thu Nov 15 20:52:13 CET 2018 |
24 |
- work around what smells like a perl bug w.r.t. exceptions |
25 |
thrown in callbacks. |
26 |
- update libecb. |
27 |
|
28 |
1.7 Tue Jun 27 04:02:23 CEST 2017 |
29 |
- SECURITY FIX: fix two bugs found by american fuzzy lop, |
30 |
upgrade is advised if you accept data from untrusted |
31 |
sources. |
32 |
- an out-of bound sharedref or stringref index could cause an |
33 |
out of bounds access - might be exploitable. |
34 |
- a decoding error during indefinite array or hash decoding |
35 |
could cause an endless loop. |
36 |
|
37 |
1.6 Wed Dec 7 15:13:23 CET 2016 |
38 |
- greatly expand the SECURITY IMPLICATIONS and similar sections. |
39 |
- new constructor new_safe, to create a secure CBOR::XS object. |
40 |
- new option forbid_objects, to disallow serialisation. |
41 |
- new CBOR::XS::safe_filter functionality. |
42 |
- fix a crash when decoding a cyclic data structure using |
43 |
stringref/pack_strings when allow_cycles is disabled. |
44 |
- fix a crash when decoding hash keys with length >= 2**31. |
45 |
- avoid unreasonably long decoding times for certain |
46 |
types of (corrupt) cbor texts. |
47 |
- support arrays and hashes with >= 2**31 members. |
48 |
- avoid overflow on pointer arithmetic when checking whether enough |
49 |
data is available. |
50 |
- fix a memory leak that occured when decoding failed while decoding |
51 |
a tagged value. |
52 |
- do not leak the partially constructed result when stringifying |
53 |
a hash key throws an exception. |
54 |
- various code size and efficiency optimizations (reduced code |
55 |
from 42 to 40kB on my system, despite the new features). |
56 |
|
57 |
1.5 Wed Apr 27 11:38:39 CEST 2016 |
58 |
- Math::BigFloat madness workaround, see |
59 |
http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html |
60 |
(bugreport by zdm@softvisio.net). |
61 |
- add text_keys and text_strings options to force CBOR text encoding |
62 |
for perl hash keys or all strings, as a result of discussions |
63 |
with Fredrik Ljunggren. |
64 |
- implement support for arbitrary-exponent numbers (see |
65 |
http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265) |
66 |
for both en- and decoding. |
67 |
- implement support for rational numbers (see |
68 |
http://peteroupc.github.io/CBOR/rational.html, tag 30) for both |
69 |
en- and decoding. |
70 |
- the above effectively implements all registered CBOR extensions |
71 |
in a sensible manner. |
72 |
- remove some weird dead code that was duplicated (%FILTER). |
73 |
- add t/58_hv.t, which tests hashes and the new text_* flags. |
74 |
hashes apparently were not encoded at all in any of the existing |
75 |
tests. |
76 |
- document Math::BigFloat base-2 performance/crash issues. |
77 |
- use stability canary. |
78 |
|
79 |
1.41 Thu 25 Feb 15:22:03 CET 2016 |
80 |
- avoid perl panics on nested FREEZE/THAW calls (testcase by |
81 |
Victor Efimov). |
82 |
|
83 |
1.4 Mon Feb 8 05:10:15 CET 2016 |
84 |
- buffer overflow fix: a fast path during decoding did not check |
85 |
remaining length when decoding hash keys, found by fuzzing. |
86 |
This can potentially leak information in the error message |
87 |
or crash the process. |
88 |
- use C style { 0 } struct initializer. |
89 |
- upgrade libecb. |
90 |
|
91 |
1.3 Mon Apr 27 22:21:04 CEST 2015 |
92 |
- the incremental parser didn't properly parse tagged values |
93 |
(testcase by Mons Anderson). |
94 |
- slightly speed up encoding of plain (nonmagical) arrays. |
95 |
- try to clarify further that effectively all 32 bit architectures |
96 |
have 64 bit integer support. |
97 |
- upgrade libecb. |
98 |
|
99 |
1.26 Sat Oct 25 08:35:44 CEST 2014 |
100 |
- update the t/57_incr.t subtest that would rely on 64 bit ints. |
101 |
- disable t/50_rfc.t test that fails because of broken data::dumper. |
102 |
|
103 |
1.25 Sun Jan 5 15:19:14 CET 2014 |
104 |
- map key decoding was pretty much botched due to the recent cleanups. |
105 |
- work around Time::Piece->epoch returning a string value, avoid encoding |
106 |
this as a tag 1 string. |
107 |
- enable more testcases in t/50_rfc.t, now that they work :) |
108 |
|
109 |
1.2 Tue Dec 10 22:06:42 CET 2013 |
110 |
- implement an incremental decoder. |
111 |
|
112 |
1.12 Tue Dec 3 11:23:22 CET 2013 |
113 |
- work around broken Time::Piece (in old versions of the module, %z doesn't |
114 |
work as documented, gives different results on different platforms(!)). |
115 |
|
116 |
1.11 Sun Dec 1 18:00:00 CET 2013 |
117 |
- new setting: validate_utf8, for when you can't trust your cbor data. |
118 |
- do not leak memory on decoding errors, when allow_cycles is enabled. |
119 |
- add default filters for tags 0 and 1, using Time::Piece. |
120 |
- more tests added. |
121 |
|
122 |
1.1 Sat Nov 30 19:14:27 CET 2013 |
123 |
- INCOMPATIBLE CHANGE: new decoder setting: allow_cyclic, needed to decode |
124 |
cyclic data structures (to avoid memleaks in unsuspecting code). |
125 |
- no longer "share" references that aren't, i.e. true/false/null/error/tagged. |
126 |
- fix stringref w.r.t. indefinite-length strings. |
127 |
- verify indefinite-length string chunk types. |
128 |
- do not allow extremely large arrays - assume an array element |
129 |
requires at least one CBOR byte, to avoid memory exhaustion attacks. |
130 |
- major code overhaul. |
131 |
|
132 |
1.0 Thu Nov 28 16:43:31 CET 2013 |
133 |
- use the now official tag values for extensions. remove the |
134 |
experimental notice. it's the real thing now, with real bugs. |
135 |
- renamed allow_stringref to pack_strings. |
136 |
- port to perl <= 5.16. |
137 |
- slightly improve the documentation. |
138 |
|
139 |
0.09 Fri Nov 22 16:54:18 CET 2013 |
140 |
- bignum/bigfloat/decimal support. |
141 |
- uri support. |
142 |
- tag filter functions support for decoding. |
143 |
- do not support reference-to-1/0/undef anymore, you need to use |
144 |
the Types::Serialiser objects now. |
145 |
- experimental sharable extension support (http://cbor.schmorp.de/value-sharing). |
146 |
- experimental stringref extension support (http://cbor.schmorp.de/stringref). |
147 |
- implement indirection tag (http://cbor.schmorp.de/indirection). |
148 |
|
149 |
0.08 Wed Oct 30 11:10:43 CET 2013 |
150 |
- defused another too fragile test. |
151 |
|
152 |
0.07 Tue Oct 29 23:04:07 CET 2013 |
153 |
- don't crash in decode when silly values are passed in. |
154 |
- considerably speed up map decoding when map keys |
155 |
are utf-8 or byte strings. |
156 |
- raising an exception in THAW should now work without |
157 |
leaking. |
158 |
|
159 |
0.06 Tue Oct 29 16:56:07 CET 2013 |
160 |
- do not leak when deserialiasing via THAW. |
161 |
- implement and document CBOR::XS creation/access/mutate |
162 |
methods. |
163 |
|
164 |
0.05 Mon Oct 28 22:27:47 CET 2013 |
165 |
- do not leak hash keys on decoding. |
166 |
|
167 |
0.04 Sun Oct 27 23:47:47 CET 2013 |
168 |
- implement TO_CBOR/FREEZE/THAW serialisation protocols. |
169 |
- requested perl-object and generic-object tags from iana. |
170 |
- switched to Types::Serialiser for true, false and error. |
171 |
- disabled some fragile tests (thanks, andk). |
172 |
|
173 |
0.03 Sun Oct 27 00:28:41 CEST 2013 |
174 |
- improve 32 bit platform compatibility. |
175 |
- take more advantage of ecb.h. |
176 |
- preliminary and bare-bones tagged support. |
177 |
- improved docs. |
178 |
|
179 |
0.02 Sat Oct 26 13:08:05 CEST 2013 |
180 |
- no aborts left. |
181 |
- add $CBOR::XS::MAGIC. |
182 |
- preliminary tagged decoding to arrayref. |
183 |
- indefinite encoding fixed. |
184 |
- half float decoding implemented. |
185 |
- t/50_rfc.t adds test vectors from the rfc, which |
186 |
are checked as applicable. |
187 |
|
188 |
0.01 Fri Oct 25 21:39:56 CEST 2013 |
189 |
- original version; cloned from JSON-XS |
190 |
|