More precise length check in _asn1_get_indefinite_length_string().

[platform/upstream/libtasn1.git] / NEWS

GNU Libtasn1 NEWS                                     -*- outline -*-

* Noteworthy changes in release 3.6 (unreleased) [stable]
- Corrected an off-by-one error in ASN.1 DER tag decoding.

* Noteworthy changes in release 3.5 (released 2014-05-01) [stable]
- Correctly handle decoding of recursive CHOICE options.
- Allow deleting elements of SET OF. Patch by Jean-Louis Thekekara.
- Several small bug fixes found by coverity.
- Code improvements contributed by Kurt Roeckx.

* Noteworthy changes in release 3.4 (released 2013-11-25) [stable]
- Added asn1_delete_structure2() which allows zeroizing the contents
  of all values in the structure prior to deinitialization.
- The parser accepts negative numbers in an INTEGER range (but
  still does no enforce them).

* Noteworthy changes in release 3.3 (released 2013-03-23) [stable]
- More precise overflow checks using gnulib's intprops module.
- Updates to compile in Android systems.

* Noteworthy changes in release 3.2 (released 2012-11-30) [stable]
- Corrected buffer overflow in the error reporting of the parser (reported
  by Andreas Metzler).

* Noteworthy changes in release 3.1 (released 2012-11-24) [stable]
- Completed rename of types:
  ASN1_ARRAY_TYPE -> asn1_static_node (was asn1_static_node_t)
- Added new types: VisibleString, NumericString, IA5String, TeletexString,
  PrintableString, UniversalString, BMPString, UTF8String. When re-defined
  a warning is being print instead of failing.
- Parser outputs more detailed syntax error messages.
- Added asn1_decode_simple_der() and asn1_encode_simple_der().
- Added asn1_read_value_type() to return value and type.
- Introduced ASN1_ETYPE_UTC_TIME and ASN1_ETYPE_GENERALIZED_TIME

* Noteworthy changes in release 3.0 (2012-10-28) [stable]
- Added tool in tests/ to benchmark X.509 structure decoding.
- Added asn1_read_node_value() to obtain a node's value.
- Optimizations in internal tree allocation.
- Optimizations in tree search.
- libtasn1.h no longer exports internal structures.
- Types were renamed for consistency:
  ASN1_DATA_NODE -> asn1_data_node_st
  ASN1_ARRAY_TYPE -> asn1_static_node
  ASN1_TYPE -> asn1_node
  ASN1_TYPE_EMPTY -> NULL
  static_struct_asn -> asn1_static_node_st
  node_asn_struct -> asn1_node_st
  node_asn -> asn1_node_st
  (the old types are still available as definitions)

* Noteworthy changes in release 2.13 (2012-05-31) [stable]
- Updated fix for DER decoding issue to not depend on specific compilers.
- Updated DER decoding check to apply to short form integers as well.

* Noteworthy changes in release 2.12 (2012-03-19) [stable]
- Cleanup license headers.
- build: Update gnulib files.
- Corrected DER decoding issue (reported by Matthew Hall).
  Added self check to detect the problem, see tests/Test_overflow.c.
  This problem can lead to at least remotely triggered crashes, see
  further analysis on the libtasn1 mailing list.

* Noteworthy changes in release 2.11 (2011-11-25) [stable]
- qa: Now builds without compiler warnings with Solaris CC.
- qa: Added clang analysis.  Fixed cyclomatic complexity output.
- tests: Added self-test of bit string functions.
- build: Added windows/libtasn14win.mk rules to produce Windows binaries.
- build: Don't hard code path to perl in doc/gdoc.
- Various minor fixes.

* Noteworthy changes in release 2.10 (2011-10-25) [stable]
- lib: Small optimization, possibly working around gcc/valgrind issue.
- build: Update gnulib files.
- asn1Coding: actually implement the -c parameter.
- asn1Decoding: the -c parameter serves no purpose, remove it.
- doc: Add examples to asn1Coding and asn1Decoding description.

* Noteworthy changes in release 2.9 (2010-12-06) [stable]
- tests: Link to gnulib to avoid build error related to 'rpl_ftello' on Solaris.
  Reported by Dagobert Michelsen.
- doc: Fix bug reporting address to point at help-libtasn1@gnu.org.
- doc: Fix Returns: documentation in Texinfo.  Reported by Jeffrey Walton.
- build: Update gnulib files.

* Noteworthy changes in release 2.8 (2010-09-25) [stable]
- Update gnulib files.
- Use Libtool 2.2.10 to ease MinGW64 builds.

* Noteworthy changes in release 2.7 (2010-05-20) [stable]
- Doc: Build a PDF manual using GTK-DOC.
- Doc: Fix of asn1_check_version, documentation was missing from last release.
- Build: Avoid warnings about ignored visibility attributes on Windows.

* Noteworthy changes in release 2.6 (2010-04-20) [stable]
- Fix build failure on platforms without support for GNU LD version scripts.
- libtasn1: Simplified implementation of asn1_check_version.
- tests: Improved self-checks.
- Update gnulib files, fix many syntax-check nits, indent code,
  fix license templates.

* Noteworthy changes in release 2.5 (2010-03-15) [stable]
- doc: Improve GTK-DOC comments.
- misc: Updated gnulib files.

* Noteworthy changes in release 2.4 (2010-01-18) [stable]
- Doc fixes.
- Updated gnulib files.
- Clean up copyright notices.

* Noteworthy changes in release 2.3 (2009-07-29) [stable]
- Libtasn1 is now an official GNU project.
- Solve build problem on Tru64 related to TRUE/FALSE.
- More careful decoding of OIDs.
- Fixed warning in ASN1.y.
- Use "Software libraries" info dircategory.
- Drop GPL/LGPL copies from the manual (not needed there).
- New configure parameters to set packaging specific information.
  The parameters are --with-packager, --with-packager-version, and
  --with-packager-bug-reports.  See
  <http://article.gmane.org/gmane.comp.lib.gnulib.bugs/17791> for more
  details.

* Noteworthy changes in release 2.2 (2009-05-20) [stable]
- Change how the ASN1_API decorator is used in libtasn1.h, for GTK-DOC.
- Changed license of libtasn1.pc from GPLv3+ to LGPLv2.1+.
  Reported by Jeff Cai <Jeff.Cai@Sun.COM>.
- Building with many warning flags now requires --enable-gcc-warnings.
- Some warnings fixed.

* Noteworthy changes in release 2.1 (2009-04-17) [stable]
- Fix compilation failure on platforms that can't generate empty archives,
  e.g., Mac OS X.  Reported by David Reiser <dbreiser@gmail.com>.

* Noteworthy changes in release 2.0 (2009-04-13) [stable]
- Optimized tree generation.
- ASN1 parser code re-generated using Bison 2.4.1.
- Build with more warning flags.  Many compiler warnings fixed.
- Compiled with -fvisibility=hidden by default if supported.
  See http://gcc.gnu.org/wiki/Visibility
- The libtasn1-config tool has been removed.
  For application developers, please stop using libtasn1-config for
  finding libtasn1, use proper autoconf checks or pkg-config instead.
  For users that need a libtasn1 that provides a libtasn1-config
  script (for use with older applications), use libtasn1 v1.x instead.
  Version 1.x is still supported.

* Noteworthy changes in release 1.8 (2009-01-16) [stable]
- Fix crlf self-test under Mingw+Wine.
- Fix build problems on platforms that lack stdint.h.
  Reported by Dagobert Michelsen <dam@opencsw.org> in
  <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3377>.

* Noteworthy changes in release 1.7 (2008-11-17) [stable]
- Add libtasn1-config for compatibility.
  Please stop use it as it will disappear in v2.0!
  Use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Read PKCS#12 blob as binary file, fixes self-tests under Mingw.
- Fix use of __attribute__ ((deprecated)) to work on non-GCC (#106548).

* Noteworthy changes in release 1.6 (2008-11-10) [stable]
- Fixed namespace violation for MAX_NAME_SIZE and MAX_ERROR_DESCRIPTION_SIZE.
  The new names are ASN1_MAX_NAME_SIZE and ASN1_MAX_ERROR_DESCRIPTION_SIZE.
- Fixed namespace violation for libtasn1_perror and libtasn1_strerror.
  The new names are asn1_perror and asn1_strerror.
- Fix namespace violation for LIBASN1_VERSION.
  The new name is ASN1_VERSION.
- Decoder can now decode BER encoded octet strings.
- doc: Change license on the manual to GFDLv1.3+.
- doc: Sync gdoc script with GnuTLS, changes license on man-pages to GAP.
- doc: Improve gtk-doc manual.
- Assumes system has strdup and string.h.
- Remove libtasn1-config and libtasn1.m4,
  use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Change detection of when to use a linker version script,
  use --enable-ld-version-script or --disable-ld-version-script to
  override auto-detection logic.
- API and ABI changes since last version:
  asn1_get_length_ber: New function.
  ASN1_VERSION: New symbol, replaces LIBTASN1_VERSION.
  asn1_strerror: New function, replaces libtasn1_strerror.
  asn1_perror: New function, replaces libtasn1_perror.
  libtasn1_strerror: Marked as deprecated.
  libtasn1_perror: Marked as deprecated.
  LIBTASN1_VERSION: Deprecated.

* Noteworthy changes in release 1.5 (2008-07-29) [stable]
- Update gnulib files.
- Fix memory leaks, from Christian Grothoff <christian@grothoff.org>.

* Noteworthy changes in release 1.4 (2008-04-21) [stable]
- Update gnulib files.
- Replace uses of alloca with malloc.

* Noteworthy changes in release 1.3 (2008-02-01) [stable]
- Handle 'INTEGER { ... } (a..b)' regression.
  Revert parts of earlier fix.  asn1Parser can now again parse src/pkix.asn1.
  The ASN1.c file was generated using Bison 2.3.
- Move examples from src/ to new directory examples/.
- Duplicate copy of divergated pkix.asn removed.
- Merge unnecessary lib/defines.h into lib/int.h.
- Configure no longer tries to use gcc -pipe.
- Update gnulib files.
- Fix mem leak in self-test.

* Noteworthy changes in release 1.2 (2007-12-10) [stable]
- Update gnulib files.

* Noteworthy changes in release 1.1 (2007-08-31) [stable]
- Fix bug that made asn1_check_version believe that 1.0 is older than 0.3.10.

* Noteworthy changes in release 1.0 (2007-08-31) [stable]
- The self-tests, command line tools and build infrastructure have
  been re-licensed from GPLv2 to GPLv3.
- Doc fixes.
- Update gnulib files.

* Noteworthy changes in release 0.3.10 (2007-05-25)
- Update gnulib files.

* Noteworthy changes in release 0.3.9 (2007-03-02)
- In generated code, config.h is pulled in if HAVE_CONFIG_H.
- Development changes: changed from CVS to GIT as an experiment.
  I push my changes to <http://repo.or.cz/w/libtasn1.git>.
- Autoconf 2.61 and automake 1.10 is required.

* Noteworthy changes in release 0.3.8 (2006-11-16)
- Fix reading of binary files in asn1Decoding, for Windows.

* Noteworthy changes in release 0.3.7 (2006-10-19)
- When asn1_der_coding encoded a TYPE_NULL and the output buffer is
  NULL, it would not increment the counter properly, so the size of
  the required buffer would be off by one.  Fixed.  Reported by
  Stephen Wrobleski <steve@localtoast.org>.
- Fix configure to respect user-definable flags.  Reported by "Diego
  'Flameeyes' Pettenò" <flameeyes@gentoo.org>.
- The --help and --version outputs from the tools have been improved.

* Noteworthy changes in release 0.3.6 (2006-08-13)
- Fix man pages to use \- instead of - for negative signs (as in "-1").
- Add -I's when building in src/, so that unistd.h etc is found on
  systems that doesn't have them.
- Valgrind isn't used for cross-compilation by default, and there is
  also --disable-valgrind-tests to unconditionally disable it.
- Valgrind is invoked without parameters, put things you like into
  ~/.valgrindrc instead.

* Noteworthy changes in release 0.3.5 (2006-06-27)
- Fix asn1_octet_der to handle writes of zero-length buffers, before
  it did not write the ASN.1 length for a zero-length buffer.  This caused
  ASN.1 encodings to be incorrect on 64-bit platforms.
- Add self test that attempt to trigger the above bug.
- Fix test of -Wno-pointer-sign.
- Improve cross-compilation to MinGW by using AC_LIBTOOL_WIN32_DLL.

* Noteworthy changes in release 0.3.4 (2006-05-10)
- Really fix encodings.
- Add new self test, tests/Test_encoding.c.
- Self tests are ran under valgrind, if it is available.
- We test for the -Wno-pointer-sign parameter before using it.

* Noteworthy changes in release 0.3.3 (2006-05-07)
- Add some 'const' to prototypes.
- Remove some 'unsigned' keywords.
- Corrected asn1_der_coding() bug introduced when it became reentrant.
  Now it produces correct encodings.

* Noteworthy changes in release 0.3.2
- Corrected bug in asn1_der_coding() which overwrited some
  data in the original structure.
- The asn1Parser, asn1Coding and asn1Decoding programs are now installed.

* Noteworthy changes in release 0.3.1
- Support constant size bit strings, as in 'BIT STRING (SIZE(42))'.
  Reported by Cyril Holweck <cyril.holweck@q-free.com>.
- Add two more APIs required by GnuTLS.
- New public APIs:
  asn1_find_node function
  asn1_copy_node

* Noteworthy changes in release 0.3.0
- Export DER utility functions, mostly so that GnuTLS can avoid using
  libtasn1 internals.
- The _asn1* symbols are not exported in the shared library file (when
  using GNU ld).
- The library can now be built using Visual Studio, and the project
  files are included in windows/.
- New public APIs:
  asn1_get_tag_der
  asn1_octet_der
  asn1_get_octet_der
  asn1_bit_der
  asn1_get_bit_der
  asn1_get_length_der
  asn1_length_der

* Noteworthy changes in release 0.2.18
- Fix out-of-bounds access in DER decoding, reported by Evgeny Legerov.
- Add 'const' keyword to some prototypes, thanks to Frediano ZIGLIO.
- Fixed typo in src/Makefile.am to make it build with objdir != srcdir,
  thanks to Bernard Leak.
- Update of gnulib files.
- Typo fixes in comments, e.g. finish libasn1 to libtasn1 renaming,
  use LGPL boiler plate on some files in lib/.

* Noteworthy changes in release 0.2.17
- Fixed typo to make it build.

* Noteworthy changes in release 0.2.16
- * Noteworthy changes in release script added again.

* Noteworthy changes in release 0.2.15
- Gnulib is used to implement memmove if your system does not have it.
- Simplified assert/error handling slightly.

* Noteworthy changes in release 0.2.14
- Some build fixes.
- Pkg-config script 'libtasn1.pc' added.
- Postal address to FSF in license updated.

* Noteworthy changes in release 0.2.13
- * Noteworthy changes in release number in libtasn1.h updated properly.

* Noteworthy changes in release 0.2.12
- Manual converted to Texinfo format.
- Manual in GTK-DOC and DevHelp formats added.
- Man pages for all functions added.
- Various internal cleanups.

* Noteworthy changes in release 0.2.11
- Added the self test with "make check" target
- Added management of ANY type with null length
- Corrected some writes to invalid data.

* Noteworthy changes in release 0.2.10
- Added scripts to assist in libtasn1 version detection
  from configure scripts.
- Corrected a DER decoding bug which was reported
  by Max Vozeler <max@hinterhof.net>.

* Noteworthy changes in release 0.2.9
- Accept negative numbers as range in INTEGER declarations

* Noteworthy changes in release 0.2.8
- Add asn1_delete_element function

* Noteworthy changes in release 0.2.7
- Added versioned symbols.

* Noteworthy changes in release 0.2.6
- ASN.1 parser accepts these kinds of integer definitions:
  "INTEGER (5 | 10)" and
  "INTEGER (5)"
- Comments start at "--" and finish at the "end of line" or
  with another "--".

* Noteworthy changes in release 0.2.5
- Bug fix in ordering procedure for SET OF and SEQUENCE OF
  types coding.
- Manage structured format (BER encoding) in
  asn1_der_decoding, asn1_decoding_element and
  asn1_der_decoding_startEnd for OCTET STRING type.
- Manage SEQUENCE and SET empty structure.
- Manage "indefinite length method" in asn1_der_decoding,
  asn1_decoding_element and asn1_der_decoding_startEnd
  for the following types:
  SEQUENCE, SEQUENCE OF, SET, and SET OF.
- Bug fix in asn1_read_value with NULL parameter in case
  of BIT STRING

* Noteworthy changes in release 0.2.4
- Bug fix in asn1_der_coding with NULL parameter
- Manage DEFAULT option with OBJECT IDENTIFIER

* Noteworthy changes in release 0.2.3
- Chenge asn1_find_structure_from_oid prototype
- Chenge asn1_find_structure_from_oid prototype
- Add ASN1_MEM_ALLOC_ERROR return value

* Noteworthy changes in release 0.2.2
- Add vector length check in asn1_der_coding function
- Add vector length check in asn1_der_coding function
- Add vector length check in asn1_read_value function
- Add asn1_check_version function

* Noteworthy changes in release 0.2.1
- Add asn1_find_structure_from_oid function
- Add asn1_read_tag function

* Noteworthy changes in release 0.2.0
- Support for other platforms
- Change asn1_create_element function interface (dest_name not needed any more)
- Change OBJECT IDENTIFIER syntax: numbers must be separated by dot in
  asn1_write_element and asn1_read_element functions (e.g. "1.2.3.4")

* Noteworthy changes in release 0.1.2
- Added GeneralString type
- Fixed a DER encoding bug when nested tags are used

* Noteworthy changes in release 0.1.1
- Renamed to libtasn1
- Functions which return a string for error description
  now accept a NULL argument.
- License is now GNU Lesser GPL

* Noteworthy changes in release 0.1.0
- Initial release

----------------------------------------------------------------------
Copyright (C) 2002-2014 Free Software Foundation, Inc.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.