--- Convert-UUlib/Changes 2002/04/06 02:28:35 1.11 +++ Convert-UUlib/Changes 2020/02/25 21:10:01 1.65 @@ -1,14 +1,178 @@ Revision history for Perl extension Convert::UUlib. +_FP_gets still 70% of scan time. decode time: 24% _FP_gets, uulib_crc32 23%, UUValidData 11% + + - some further µ-optimisations in hot code. + +1.62 Mon Feb 17 23:19:42 CET 2020 + - major performance improvement by simplifying code in _FP_gets + to not use fscanf. This might slow things down on platforms + with very slow fgetc. + +1.61 Sun Feb 9 18:38:29 CET 2020 + - lint uulib: fix some format string type mismatches + and some other minor issues. + +1.6 Thu Oct 24 17:11:54 CEST 2019 + - fix heap overflow (testcase by Noel Duffy, reported + by Robert Scheck). The defense-in-depth mechanism based + on mmap should make this unexploitable for other than denial + of service, on systems supporting mmap/mprotect. + +1.5 Sat Jul 11 03:56:06 CEST 2015 + - fix a heap overflow (testcase by Krzysztof Wojtaś). + - on systems that support it (posix + mmap + map_anonymous), + allocate all dynamic areas via mmap and put four guard + pages around them, to catch similar heap overflows + safely in the future. + - find a safer way to pass in CC/CFLAGS to uulib. + - added stability canary support. + +1.4 Sun May 29 17:17:01 CEST 2011 + - avoid a classical buffer overflow in case a progress + message is too long. + - this release adds dependencies for snprintf/vsnprintf. + - some uuencode encoders do not generate a final "space" line + before the "end" marker, so do not rely on the line to be there. + +1.34 Tue Dec 14 22:20:00 CET 2010 + - fix a one-byte-past-end-write buffer overflow in UURepairData + (reported, analysed and testcase provided by Marco Walther). + - quoted-printable decoding was completely broken, try a fix. + +1.33 Wed Oct 28 09:04:38 CET 2009 + - handle yEnc files with part end=0 and total= more gracefully. + I wish yEnc had been created by somebody who knows; + what he does; + but I doubt he even knows; + what he did. + +1.32 Wed Sep 16 20:07:13 CEST 2009 + - Due to a glitch with CVS, configure lacked executable bits. + (Quickly reported by Anton Berezin). + +1.31 Wed Sep 16 09:04:30 CEST 2009 + - do not use system-replacements for case-insensitive string + functions when found, as they are broken on too many systems + (mostly bsds, as usual, but at least some versions of GNU/Linux + disagree with themselves apparently). Analyzed by Anton Berezin. + +1.3 Sat Aug 29 01:24:35 CEST 2009 + - major changes, new bugs and changes in decoding behaviour are + expected (but not intended). + - major scanning and decoding speed-up (by a factor of 4), + by replacing ultra-slow _FP_gets and improving IsKnownHeader + (but fgets is *still* responsible for >50% if the time). + - new option OPT_AUTOCHECK to disable O(n) UUCheckGlobalList + call after every loadfile, majorly speeds up large decodes + (easily by a factor of 10..100). + - allow "Smerge -1" to call UUCheckGlobalList. + - majorly speed up part insertion (still O(n), but much faster). + - allow for 1023 octet headers instead of the standard + 255 octet ones. + - support strcasestr, strcasecmp, strncasecmp for added speed. + +1.12 Mon Oct 13 14:11:01 CEST 2008 + - use the yencode filesize as additional matching criterium + to avoid false matches. + - made the example decoder more verbose w.r.t. error handling. + - removed potentially confusing decode_temp calls from + example decoder. + +1.11 Fri Jun 13 15:32:30 CEST 2008 + - don't ask. + +1.10 Fri Jun 13 14:22:42 CEST 2008 + - fix an infinite-looping problem when scanning in freestyle + mode (testcase provided by Pieter Geens and Reinhard Pfau). + +1.09 Fri May 25 19:38:11 CEST 2007 + - create something sensible, trust a windows program to fuck + it up: work around literal "(null)" filenames in yenc-encoded + files. + - some minor cleanups. + +1.08 Sat Dec 16 23:27:13 CET 2006 + - URGENT update, the last release did not + decode files correctly, usually not at all. + - my last patch was, of course, completely bogus. + (sorry. looked simple...). + +1.07 Sun Dec 10 17:41:46 CET 2006 + - fixed an uninitialised variable based on analysis + and patch by Mark Martinec. + +1.06 Tue Dec 6 00:56:05 CET 2005 + - fix a number of int/long format errors in the encoding part and + fix some signed/unsigned char problems of unknown relevance, + reported by Jonas Smedegaard. + - new EXPERIMENTAL options OPT_RBUF and OPT_WBUF to set default + stdio buffer size for reading and writing files. + +1.051 Thu Mar 3 18:00:52 CET 2005 + - change of contact address. + - updated perl parts to GPLv2. + +1.05 Fri Feb 25 22:50:27 CET 2005 + - fix a (likely exploitable) segfault problem, (tracked down + and/or reported by Mark Martinec and Robert Lewis). + +1.04 Tue Dec 28 15:08:44 CET 2004 + - slightly improved subject filename extraction. + Also see the filename callback in the example-decoder. + +1.03 Sun Apr 18 22:05:43 CEST 2004 + - upgrade to uudeview-0.5.20, which supposedly fixes a few buffer + overflows. However, judging from the patch these vulnerabilities + were not present in the Convert-UUlib version (I might err, though, + documentation on the actual exploits is scarce). + As every uudeview update usually brings more instability than stability + I advise against using this version until it has proven itself + to be stable, or 1.02 is proven to contain the same buffer overflows. + +1.02 Sun Apr 18 16:47:26 CEST 2004 + - renamed crc32 to uulib_crc32, to work around yet another + shortcoming in this oh-so-outdated macosx. + +1.01 Sun Feb 1 19:49:51 CET 2004 + - make it compile with 5.005_03 (reported by Anton Berezin). + - very short files might not be detected because the header + parsing code might skip them. + +1.0 Thu Nov 6 14:32:08 CET 2003 + - change bracket policy to give priority to (x/y) over (x), + and use the last bracket found otherwise. + - part numbers at the end of the subject are now recognized. + - updated to uulib-0.5.19. Differences and bugfixes kept. + +0.31 Wed Oct 16 01:22:34 CEST 2002 + - no internal code changes. + - much better documentation, now considered "useful". + - removed the procedural interface. + - fought the wish to perl-5.8'ify and thus simplify the code :(). + - stress-tested version 0.3 against 70000 data postings since sunday. + +0.3 Sun Oct 13 15:12:11 CEST 2002 + - updated to uulib 0.5.18. As expected, some but not all of my bugfixes + have went into uulib, so the number of differences decreased a bit + again. + - I found out that the library is being sold commercially by Frank + Pilhofer, disregarding the GPL and ignoring the rights of the people + who sent in patches :( + - vastly more useful documentation in the .pm file. + - much smaller distribution filesize ;) + +0.213 Sat Jul 27 21:16:30 CEST 2002 + - fixed another buffer overflow, also added a santity check to fgets. + 0.212 Sat Apr 6 03:52:13 CEST 2002 - fix yEnc decoding support. - new option OPT_DOTDOT, that makes uulib unescape dot-escaping. - increased linelength to 1195. 0.211 Fri Apr 5 23:56:46 CEST 2002 - - *sigh*. new version of uulib, new braindamaged buffer overflows. - I would not use this code in a virus-scanner, despite my efforts - to fix uulib. Diffs like "line length 256 => 300" should have + - *sigh*. new version of uulib, new braindamaged buffer overflows + fixed. Diffs like "line length 256 => 300" should have alerted me... 0.21 Sun Mar 31 22:06:05 CEST 2002