From 4d852801deae38d796b9411807a7587ea53de67c Mon Sep 17 00:00:00 2001 From: Lev Walkin Date: Sun, 12 Oct 2014 17:46:13 -0700 Subject: tabs -> spaces --- ChangeLog | 940 +++++++++++++++++++++++++++++++------------------------------- 1 file changed, 470 insertions(+), 470 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9d82812c..aaa1eee5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,524 +7,524 @@ * Introduce --enable-ASN_DEBUG configure flag to emit long debug output. 0.9.26: 2014-Sep-11 - * Updated asn1c-usage.pdf. - * Made -fskeletons-copy a default option; removed cmdline option. - * Made -fnative-types a default option; removed cmdline option. - Added -fwide-types for backwards compatibility. + * Updated asn1c-usage.pdf. + * Made -fskeletons-copy a default option; removed cmdline option. + * Made -fnative-types a default option; removed cmdline option. + Added -fwide-types for backwards compatibility. * Add -fline-refs to avoid being unfriendly to version control systems. * Default constraint checking fix. Thanks to Bartosz Marcinkiewicz * Get rid of non-standard pointer arithmetics on void* pointer. * PER-encoding of integers wider than 32 bits. -0.9.24: 2013-Mar-16 - - * GeneralizedTime fix for working with time offsets which are not - representable in whole hours. (Severity: low; Security impact: low) - Thanks to IP Fabrics, Inc. - * Added -fincludes-quoted to asn1c to generate #includes in "double" - instead of quotes. - * PER encoding correctness fix. (Severity: high; Security impact: low) - Reported by Grzegorz Aksamit. - * ENUMERATED extension values check relaxed. Reported by Gabriel Burca. - * Fixed decimal decoding of REAL values in -fnative-types mode - (Severity: medium; Security impact: medium) - * Removed webcgi subproject (introduced in 2004) as useless. - -0.9.22: 2008-Nov-19 - - * Added -pdu=all and -pdu= switches to asn1c. - * Added PER support for most known-multiplier string types: - IA5String, VisibleString, PrintableString, BMPString, UniversalString; - useful types: GeneralizedTime, UTCTime, ObjectDescriptor; - as well as REAL and OBJECT IDENTIFIER. - TODO: SET type. - * Added PER support for extensions in SEQUENCE. - * Multiple enhancements by Daniele Varrazzo - * Fixed explicit tagging of an in-lined constructed type. - (Severity: low; Security impact: none). - * Memory leak fixed in SET OF / SEQUENCE OF when wrong encoding - is encountered. (Severity: medium; Security impact: low) - * Fixed extensibility handling of second SEQUENCE production. - (Severity: low; Security impact: none) - * Added DEFAULT handling for known multiplier string. - * Added a sample OMA ULP decoder (./examples/sample.source.ULP). - * Added full-width 32-bit integer encoding support in PER. - * Fixed 1-byte OOB write issue with non-standard and Windows - memory allocators (Severity: low; Security impact: medium). - Reported by Sheng Yu. - -0.9.21: 2006-Sep-17 - - * skeletons/standard-modules directory is now used for standard types. - * Fixed class field access problem (Test case 98) - (Severity: medium; Security impact: none) - * Refactored Information Object Classes parsing. - * Refactored Parameterization support. - * [typedef enum foo {}] foo_e; is now e_foo, see #1287989 - * Refactored ValueSetTypeAssignment parsing. - * asn-decoder-template.c renamed into converter-sample.c - * MEGACO (Media Gateway Control Protocol) decoder sample added. - * First release of PER encoder (does not encode SETs yet). - * Added a sample LDAP decoder (./examples/sample.source.LDAP3). - * Added a sample 3GPP RRC decoder (./examples/sample.source.RRC). - * Added a sample MEGACO (H.248.1) decoder (sample.source.MEGACO). - -0.9.20: 2006-Mar-06 - - * SET OF CHOICE, SEQUENCE OF CHOICE and a certain named S/O types - are represented differently in XER. THIS IS AN INCOMPATIBLE CHANGE. - (Test case 70) (Severity: low; Security impact: low) - * asn1c: Removed -ftypes88 command line option. - * Started PER implementation. Somewhat experimental! - -0.9.19: 2005-Oct-06 - - * A proper solution to circular references. No kludge flags - should be necessary anymore to produce reference-free code: - recursive dependencies are resolved automatically. - * Test cases 73 & 92 keep track of various circular references. - * Introduced compiler directives to allow finer control over the - generated code ("----" in comments), (Test case 93). - * New feature for unber(1): -s bytes. - * Mandatory elements map for SET was not getting generated properly. - (Test case 94) (Severity: high; Security impact: low) - * asn1c: new command line option: -fskeletons-copy. - -0.9.18: 2005-Aug-14 - - * The obsolete X.208 syntax is handled gracefully now (compound types' - member names are invented on the fly). (Test case 87). - * Generating enumeration tables for INTEGER types (Test case 88). - * Generating enumeration tables for BIT STRING types (Test case 89). - * Conditional INTEGER/ENUMERATED representation: long vs. INTEGER_t - type is chosen based on PER visible constraints (Test cases 90, 91). - * Union structures for CHOICE type are not anonymous anymore. - * Made unber(1) program more verbose: effective structure length is - now displayed as L="" at the closing tag. (Test check-xxber.sh). - * Fixed unber(1)'s -1 switch for indefinite encoding length. - * New command line option for unber(1): -m to enable minimalistic mode. - -0.9.17: 2005-Aug-07 - - * Tagging mode is implicitly IMPLICIT if AUTOMATIC TAGS is used, #30.6. - (Test cases 55, 86). - * Started to use extern "C" {} in skeleton headers. - * Introduced -finline-choice command line option to fix - yet another class of circular references. - -0.9.16: 2005-July-04 - - * GeneralizedTime API now supports fractions of seconds. - Thanks to Bent Nicolaisen for support. - * ASN.1 parser has been tweaked to allow parsing something like - "SEQUENCE----comment----", which is ambiguous for many reasons. - * XER decoder better handles not-yet-defined future extensions. +0.9.24: 2013-Mar-16 + + * GeneralizedTime fix for working with time offsets which are not + representable in whole hours. (Severity: low; Security impact: low) + Thanks to IP Fabrics, Inc. + * Added -fincludes-quoted to asn1c to generate #includes in "double" + instead of quotes. + * PER encoding correctness fix. (Severity: high; Security impact: low) + Reported by Grzegorz Aksamit. + * ENUMERATED extension values check relaxed. Reported by Gabriel Burca. + * Fixed decimal decoding of REAL values in -fnative-types mode + (Severity: medium; Security impact: medium) + * Removed webcgi subproject (introduced in 2004) as useless. + +0.9.22: 2008-Nov-19 + + * Added -pdu=all and -pdu= switches to asn1c. + * Added PER support for most known-multiplier string types: + IA5String, VisibleString, PrintableString, BMPString, UniversalString; + useful types: GeneralizedTime, UTCTime, ObjectDescriptor; + as well as REAL and OBJECT IDENTIFIER. + TODO: SET type. + * Added PER support for extensions in SEQUENCE. + * Multiple enhancements by Daniele Varrazzo + * Fixed explicit tagging of an in-lined constructed type. + (Severity: low; Security impact: none). + * Memory leak fixed in SET OF / SEQUENCE OF when wrong encoding + is encountered. (Severity: medium; Security impact: low) + * Fixed extensibility handling of second SEQUENCE production. + (Severity: low; Security impact: none) + * Added DEFAULT handling for known multiplier string. + * Added a sample OMA ULP decoder (./examples/sample.source.ULP). + * Added full-width 32-bit integer encoding support in PER. + * Fixed 1-byte OOB write issue with non-standard and Windows + memory allocators (Severity: low; Security impact: medium). + Reported by Sheng Yu. + +0.9.21: 2006-Sep-17 + + * skeletons/standard-modules directory is now used for standard types. + * Fixed class field access problem (Test case 98) + (Severity: medium; Security impact: none) + * Refactored Information Object Classes parsing. + * Refactored Parameterization support. + * [typedef enum foo {}] foo_e; is now e_foo, see #1287989 + * Refactored ValueSetTypeAssignment parsing. + * asn-decoder-template.c renamed into converter-sample.c + * MEGACO (Media Gateway Control Protocol) decoder sample added. + * First release of PER encoder (does not encode SETs yet). + * Added a sample LDAP decoder (./examples/sample.source.LDAP3). + * Added a sample 3GPP RRC decoder (./examples/sample.source.RRC). + * Added a sample MEGACO (H.248.1) decoder (sample.source.MEGACO). + +0.9.20: 2006-Mar-06 + + * SET OF CHOICE, SEQUENCE OF CHOICE and a certain named S/O types + are represented differently in XER. THIS IS AN INCOMPATIBLE CHANGE. + (Test case 70) (Severity: low; Security impact: low) + * asn1c: Removed -ftypes88 command line option. + * Started PER implementation. Somewhat experimental! + +0.9.19: 2005-Oct-06 + + * A proper solution to circular references. No kludge flags + should be necessary anymore to produce reference-free code: + recursive dependencies are resolved automatically. + * Test cases 73 & 92 keep track of various circular references. + * Introduced compiler directives to allow finer control over the + generated code ("----" in comments), (Test case 93). + * New feature for unber(1): -s bytes. + * Mandatory elements map for SET was not getting generated properly. + (Test case 94) (Severity: high; Security impact: low) + * asn1c: new command line option: -fskeletons-copy. + +0.9.18: 2005-Aug-14 + + * The obsolete X.208 syntax is handled gracefully now (compound types' + member names are invented on the fly). (Test case 87). + * Generating enumeration tables for INTEGER types (Test case 88). + * Generating enumeration tables for BIT STRING types (Test case 89). + * Conditional INTEGER/ENUMERATED representation: long vs. INTEGER_t + type is chosen based on PER visible constraints (Test cases 90, 91). + * Union structures for CHOICE type are not anonymous anymore. + * Made unber(1) program more verbose: effective structure length is + now displayed as L="" at the closing tag. (Test check-xxber.sh). + * Fixed unber(1)'s -1 switch for indefinite encoding length. + * New command line option for unber(1): -m to enable minimalistic mode. + +0.9.17: 2005-Aug-07 + + * Tagging mode is implicitly IMPLICIT if AUTOMATIC TAGS is used, #30.6. + (Test cases 55, 86). + * Started to use extern "C" {} in skeleton headers. + * Introduced -finline-choice command line option to fix + yet another class of circular references. + +0.9.16: 2005-July-04 + + * GeneralizedTime API now supports fractions of seconds. + Thanks to Bent Nicolaisen for support. + * ASN.1 parser has been tweaked to allow parsing something like + "SEQUENCE----comment----", which is ambiguous for many reasons. + * XER decoder better handles not-yet-defined future extensions. 0.9.15: 2005-July-02 - * Compiler now checks 64-bit overflows in constraints range handling - code. No effect on the code produced by the compiler. - * Compiler support for tagged and marked parametrized members. - * Empty tags to element map avoided. - * Compiled code GCC 4.x compatibility. - -0.9.14: 2005-Apr-29 - - * Fixed check-70.-fnative-integers.c test (it was failing - when no test directory was found). - -0.9.13: 2005-Apr-24 - - * Added extra const qualifiers into the support code. - * More RFC variations supported in crfc2asn1.pl. - * Refined string values compatibility. (Test cases 77, 78). - * Support for ContainedSubtype constraints. (Test case 16). - * Parsing support for CONSTRAINED BY. (Test case 79). - * Support for CharsDefn (Quadruple and Tuple, most used in - ASN1-CHARACTER-MODULE) (Test case 80). - * Pretty-printing support for WITH COMPONENT[S]. (Test case 82). - * Streamed OCTET STRING decoding of large values: fixed allocation - problem introduced in 0.9.9. (Severity: high; Security impact: medium) - Reported by Yann Grossel . - * Fixed BASIC-XER encoding of REAL numbers. - -0.9.12: 2005-Mar-10 - - * Fixed a name clash in produced constraint checking code. - * #includes are now in single quotes (to solve a name - clash with system's on a Win32 system). - * Small refinement of XML DTD generation (`asn1c -X`). - * Relaxed XER processing rules to skip extra whitespace - in some more places. It also skips XML comments (although - XML comments in XER are prohibited by X.693, #8.2.1). - (Test case 70) (Severity: medium; Security impact: none) - Reported by . - * Constraints on primitive types being defined are now supported. - (Test case 74) (Severity: low; Security impact: none) - * XMLValueList generation fixed for CHOICE type. - (Severity: medium; Security impact: none) - * Added the GSM TAP3 decoder into ./examples/sample.source.TAP3 - -0.9.11: 2005-Mar-04 - - * Released -fcompound-names to fix the name clashes in the code - produced by the asn1c. - * Released -fno-include-deps to avoid #including non-critical - external dependencies. - * Compiler is taught to produce compilable code for yet another class - of circular ASN.1 type references. - * X.693:8.3.4 prohibits anything but SignedNumber; fixed XER codec. - * Fixed ENUMERATED identifier to value conversion in XER. - Reported by . - * If the compiled file contents are the same as in already existing - file (left from previous compilation), the old file is retained. - This prevents thrashing `make` dependencies if amount of changes in - the original ASN.1 module(s) is small. - -0.9.10: 2005-Feb-25 - - * Completed the XER XMLValueList encoding and decoding. - * Native integer type is now using "long". - * Fixed #1150856. Reported by . - * Some WIN32 portability fixes. - -0.9.9: 2005-Feb-22 - - * First release of XER (XML) decoding implementation (somewhat - experimental). - * ANY allocation routine fixed. - Reported by . - * Fixed tag parsing (tags like "[ 0 ]" were not supported). - * Compiler now checks for duplicate ASN.1 types across modules. - -0.9.8: 2005-Jan-17 - - * [NEW PLATFORM] Compiled and tested on Linux @ alpha64 (LP64). - Some code needed to be fixed regarding int-long conversions - (mostly inside the test suite), and floating point handling - code needed to be restructured to handle signalling NAN and - other floating point exceptions quietly. Smooth transition! - * [NEW PLATFORM] Compiled and tested on Sun Solaris 9 @ sparc. - Improved includes/defines of/for system headers. - * -X command line option added to asn1c to generate XML DTD. - * Empty SEQUENCE and SET clauses are now allowed. - * Removed confusion between &xNN; and &#xNN; in enber and unber. - * Removed order dependency in DEFAULT references to ENUMERATED - identifiers (./tests/68-*-OK.asn1). - * ber_dec_rval_t renamed into asn_dec_rval_t: more generality. - * Extensions in CHOICE types are properly marked as non-pointers - (Test case 59) (Severity: medium; Security impact: medium) - Reported by . - * Tagged CHOICE type is now supported again. - (Test case 59) (Severity: low; Security impact: low) - Reported by . - * Implemented der_encode_to_buffer() procedure. - -0.9.7.1: 2004-Oct-12 - - * Fixed automatic tagging for extensions of compound types. - * Fixed ParametrizedReference parsing: {} are now recognized. - -0.9.7: 2004-Oct-11 - - * Finished CXER implementation by adding SET and SET OF canonical - ordering support. - * Fixed unber(1) limits controlling logic. - * Removed C99'izm from the x509dump, now understood by older compilers. - * Enhanced UTF8String constraint validation, now it checks - for the minimal encoding length; API of UTF8String_length() changed. - * Fixed SEQUENCE dealing with premature termination of the - optionals-laden indefinite length structure. The code was previously - refusing to parse such structures. - * Fixed explicitly tagged ANY type encoding and decoding - (Severity: medium; Security impact: low). - * Fixed CHOICE code spin when indefinite length structures appear - in the extensions (Severity: medium; Security impact: medium). - Reported by . - * BIT STRING now stores the number of unused octets in a separate field. - -0.9.6: 2004-Sep-29 - - * Added several security firewalls: decoder's stack usage control - and the stricter checking of the TLV length. - * Implemented BASIC-XER encoding support (X.693). - * Implemented unber(1) and enber(1) for BER<->XML translation. - * Implemented CGI for online ASN.1 compilation (asn1c/webcgi). - * Implemented the sample X.509 decoder (./examples/sample.source.PKIX1). - * NamedType is now supported for SET OF/SEQUENCE OF type. - * Added -fno-constraints option to asn1c, which disabled generation of - ASN.1 subtype constraints checking code. - * Added ASN1C_ENVIRONMENT_VERSION and get_asn1c_environment_version(). - * Fixed ANY type decoding (Severity: high; Security impact: low). - * Fixed BER decoder restartability problem with certain primitive - types (BOOLEAN, INTEGER, and REAL). The problem occured when the - encoding of such type is split between several bytes. - (Severity: high; Security impact: low) - * Support for cross-referencing type definitions (updated ./tests/43-*). - * Fixed pretty-printing of the REAL type. Added lots of test cases. - * Renamed asn1_* into asn_* in function and type names. - * Updated documentation. - -0.9.5: 2004-Sep-17 - - * Fixed CER (common BER) decoder code. See check-25.c/VisibleString - case for details. X.690 specifies that inner structures in BER - encoding must be tagged by stripping off the outer tag for each - subsequent containment level. See also X.690: 8.21.5.4 and - the "Spouse" case in A.3. - (Severity: medium; Security impact: low) - * Added converters between any generic type and the ANY type. - * Parser fixed: Information Object Class fields may be taged. - * Parser fixed: tagged types inside SEQUENCE OF/SET OF support. - * Improved DEFAULT Value parsing and pretty-printing. - * Condition on distinct tags checker was incorrectly dealing with - tagged CHOICE types. Fixed. Modified tests/37-indirect-choice-OK.asn1 - * Improved type name generation code ("struct foo" vs "foo_t"). - * Fixed constraint checking code incorrectly dealing with imported - types with constraint values defined in other modules. - * Real REAL support! (Haven't tested denormals support yet!) - See skeletons/tests/check-REAL.c - -0.9.4: 2004-Sep-10 - - * More support for recursive type definitions. - * Explicit support for ANY type decoding. - * Refactored tags processing code. - * Fixed constraints checking code: non-exploitable buffer overflow. - (Severity: medium; Security impact: low) - -0.9.3: 2004-Sep-07 - - * Extended constraints support in parametrized types. - * Better support for parametrization and constraints handling. - * Better handling of recursive type definitions. - * Added support for ANY type. - -0.9.2: 2004-Aug-24 - - * More flexible subtype constraints handling, with relaxed - PER visibility rules for actual constraints checking code generator. - * Indirect references in constraints resolver code fixed. - * Avoided compilation warning on gcc 3.3.3 systems. - * Better ValueSet printing. - -0.9.1: 2004-Aug-23 - - * Documentation updated: doc/asn1c-usage.pdf - * Fixed OBJECT IDENTIFIER human-readable printing. - Reported by . - -0.9: 2004-Aug-23 - - * Reworked subtype constraints handling, aiming at PER-applicability. - * BOOLEAN and NULL are now implemented in terms of native int type. - * Compiler now links in only necessary skeleton files. - * -t option added to asn1c to ease manual BER/CER/DER decoding. - * Added support COMPONENTS OF construct. - * Numerous parser fixes and enhancements. - * Better constraint failure reporting. - -0.8.19: 2004-Aug-18 - - * Fixed BER encoder (problem encoding large tag values) - (Severity: medium; Security impact: low) - -0.8.18: 2004-Aug-12 - - * Parser: fixed multiple IMPORTS problem (incorrect assertion). - * Parser: constraints extensibility parsing fix. - -0.8.17: 2004-Aug-11 - - * Improved compiler output: duplicate #includes eliminated. - * Win32 portability fixes. - * More compatibility with C++ or non-GCC compilers. - -0.8.16: 2004-Jul-22 - - * Fixed application-level problem in SET OF/SEQUENCE OF array cleanup. - (Severity: medium; Security impact: low) - * Improved asn_GT2time() and added asn_time2{GT,UT}() functions. - * BIT STRING pretty-printing. - -0.8.15: 2004-Jul-20 - - * Fixed parser: memory leak in free_struct code for SET OF/SEQUENCE OF. - (Severity: high; Security impact: medium) - * Fixed parser: invalid memory reference in code constructing tags. - (Test case 48) (Severity: high; Security impact: medium) - When encoding data for certain ASN.1 specifications containing - explicit tags, the tag is always written incorrectly due to - incorrect memory reference. The encoding will almost always produce - unparseable data and might well reference unmapped region so program - would produce segmentation violation. Fortunately, memory is - read, not written, so remote exploits cannot execute arbitrary - code and triggering unmapped memory reference is highly unlikely - even it attacker knows the code (basically, the compiler should place - asn1_DEF_... right before the end of the mapped memory region, which - is extremely rare). - * Improved INTEGER type printing. + * Compiler now checks 64-bit overflows in constraints range handling + code. No effect on the code produced by the compiler. + * Compiler support for tagged and marked parametrized members. + * Empty tags to element map avoided. + * Compiled code GCC 4.x compatibility. + +0.9.14: 2005-Apr-29 + + * Fixed check-70.-fnative-integers.c test (it was failing + when no test directory was found). + +0.9.13: 2005-Apr-24 + + * Added extra const qualifiers into the support code. + * More RFC variations supported in crfc2asn1.pl. + * Refined string values compatibility. (Test cases 77, 78). + * Support for ContainedSubtype constraints. (Test case 16). + * Parsing support for CONSTRAINED BY. (Test case 79). + * Support for CharsDefn (Quadruple and Tuple, most used in + ASN1-CHARACTER-MODULE) (Test case 80). + * Pretty-printing support for WITH COMPONENT[S]. (Test case 82). + * Streamed OCTET STRING decoding of large values: fixed allocation + problem introduced in 0.9.9. (Severity: high; Security impact: medium) + Reported by Yann Grossel . + * Fixed BASIC-XER encoding of REAL numbers. + +0.9.12: 2005-Mar-10 + + * Fixed a name clash in produced constraint checking code. + * #includes are now in single quotes (to solve a name + clash with system's on a Win32 system). + * Small refinement of XML DTD generation (`asn1c -X`). + * Relaxed XER processing rules to skip extra whitespace + in some more places. It also skips XML comments (although + XML comments in XER are prohibited by X.693, #8.2.1). + (Test case 70) (Severity: medium; Security impact: none) + Reported by . + * Constraints on primitive types being defined are now supported. + (Test case 74) (Severity: low; Security impact: none) + * XMLValueList generation fixed for CHOICE type. + (Severity: medium; Security impact: none) + * Added the GSM TAP3 decoder into ./examples/sample.source.TAP3 + +0.9.11: 2005-Mar-04 + + * Released -fcompound-names to fix the name clashes in the code + produced by the asn1c. + * Released -fno-include-deps to avoid #including non-critical + external dependencies. + * Compiler is taught to produce compilable code for yet another class + of circular ASN.1 type references. + * X.693:8.3.4 prohibits anything but SignedNumber; fixed XER codec. + * Fixed ENUMERATED identifier to value conversion in XER. + Reported by . + * If the compiled file contents are the same as in already existing + file (left from previous compilation), the old file is retained. + This prevents thrashing `make` dependencies if amount of changes in + the original ASN.1 module(s) is small. + +0.9.10: 2005-Feb-25 + + * Completed the XER XMLValueList encoding and decoding. + * Native integer type is now using "long". + * Fixed #1150856. Reported by . + * Some WIN32 portability fixes. + +0.9.9: 2005-Feb-22 + + * First release of XER (XML) decoding implementation (somewhat + experimental). + * ANY allocation routine fixed. + Reported by . + * Fixed tag parsing (tags like "[ 0 ]" were not supported). + * Compiler now checks for duplicate ASN.1 types across modules. + +0.9.8: 2005-Jan-17 + + * [NEW PLATFORM] Compiled and tested on Linux @ alpha64 (LP64). + Some code needed to be fixed regarding int-long conversions + (mostly inside the test suite), and floating point handling + code needed to be restructured to handle signalling NAN and + other floating point exceptions quietly. Smooth transition! + * [NEW PLATFORM] Compiled and tested on Sun Solaris 9 @ sparc. + Improved includes/defines of/for system headers. + * -X command line option added to asn1c to generate XML DTD. + * Empty SEQUENCE and SET clauses are now allowed. + * Removed confusion between &xNN; and &#xNN; in enber and unber. + * Removed order dependency in DEFAULT references to ENUMERATED + identifiers (./tests/68-*-OK.asn1). + * ber_dec_rval_t renamed into asn_dec_rval_t: more generality. + * Extensions in CHOICE types are properly marked as non-pointers + (Test case 59) (Severity: medium; Security impact: medium) + Reported by . + * Tagged CHOICE type is now supported again. + (Test case 59) (Severity: low; Security impact: low) + Reported by . + * Implemented der_encode_to_buffer() procedure. + +0.9.7.1: 2004-Oct-12 + + * Fixed automatic tagging for extensions of compound types. + * Fixed ParametrizedReference parsing: {} are now recognized. + +0.9.7: 2004-Oct-11 + + * Finished CXER implementation by adding SET and SET OF canonical + ordering support. + * Fixed unber(1) limits controlling logic. + * Removed C99'izm from the x509dump, now understood by older compilers. + * Enhanced UTF8String constraint validation, now it checks + for the minimal encoding length; API of UTF8String_length() changed. + * Fixed SEQUENCE dealing with premature termination of the + optionals-laden indefinite length structure. The code was previously + refusing to parse such structures. + * Fixed explicitly tagged ANY type encoding and decoding + (Severity: medium; Security impact: low). + * Fixed CHOICE code spin when indefinite length structures appear + in the extensions (Severity: medium; Security impact: medium). + Reported by . + * BIT STRING now stores the number of unused octets in a separate field. + +0.9.6: 2004-Sep-29 + + * Added several security firewalls: decoder's stack usage control + and the stricter checking of the TLV length. + * Implemented BASIC-XER encoding support (X.693). + * Implemented unber(1) and enber(1) for BER<->XML translation. + * Implemented CGI for online ASN.1 compilation (asn1c/webcgi). + * Implemented the sample X.509 decoder (./examples/sample.source.PKIX1). + * NamedType is now supported for SET OF/SEQUENCE OF type. + * Added -fno-constraints option to asn1c, which disabled generation of + ASN.1 subtype constraints checking code. + * Added ASN1C_ENVIRONMENT_VERSION and get_asn1c_environment_version(). + * Fixed ANY type decoding (Severity: high; Security impact: low). + * Fixed BER decoder restartability problem with certain primitive + types (BOOLEAN, INTEGER, and REAL). The problem occured when the + encoding of such type is split between several bytes. + (Severity: high; Security impact: low) + * Support for cross-referencing type definitions (updated ./tests/43-*). + * Fixed pretty-printing of the REAL type. Added lots of test cases. + * Renamed asn1_* into asn_* in function and type names. + * Updated documentation. + +0.9.5: 2004-Sep-17 + + * Fixed CER (common BER) decoder code. See check-25.c/VisibleString + case for details. X.690 specifies that inner structures in BER + encoding must be tagged by stripping off the outer tag for each + subsequent containment level. See also X.690: 8.21.5.4 and + the "Spouse" case in A.3. + (Severity: medium; Security impact: low) + * Added converters between any generic type and the ANY type. + * Parser fixed: Information Object Class fields may be taged. + * Parser fixed: tagged types inside SEQUENCE OF/SET OF support. + * Improved DEFAULT Value parsing and pretty-printing. + * Condition on distinct tags checker was incorrectly dealing with + tagged CHOICE types. Fixed. Modified tests/37-indirect-choice-OK.asn1 + * Improved type name generation code ("struct foo" vs "foo_t"). + * Fixed constraint checking code incorrectly dealing with imported + types with constraint values defined in other modules. + * Real REAL support! (Haven't tested denormals support yet!) + See skeletons/tests/check-REAL.c + +0.9.4: 2004-Sep-10 + + * More support for recursive type definitions. + * Explicit support for ANY type decoding. + * Refactored tags processing code. + * Fixed constraints checking code: non-exploitable buffer overflow. + (Severity: medium; Security impact: low) + +0.9.3: 2004-Sep-07 + + * Extended constraints support in parametrized types. + * Better support for parametrization and constraints handling. + * Better handling of recursive type definitions. + * Added support for ANY type. + +0.9.2: 2004-Aug-24 + + * More flexible subtype constraints handling, with relaxed + PER visibility rules for actual constraints checking code generator. + * Indirect references in constraints resolver code fixed. + * Avoided compilation warning on gcc 3.3.3 systems. + * Better ValueSet printing. + +0.9.1: 2004-Aug-23 + + * Documentation updated: doc/asn1c-usage.pdf + * Fixed OBJECT IDENTIFIER human-readable printing. + Reported by . + +0.9: 2004-Aug-23 + + * Reworked subtype constraints handling, aiming at PER-applicability. + * BOOLEAN and NULL are now implemented in terms of native int type. + * Compiler now links in only necessary skeleton files. + * -t option added to asn1c to ease manual BER/CER/DER decoding. + * Added support COMPONENTS OF construct. + * Numerous parser fixes and enhancements. + * Better constraint failure reporting. + +0.8.19: 2004-Aug-18 + + * Fixed BER encoder (problem encoding large tag values) + (Severity: medium; Security impact: low) + +0.8.18: 2004-Aug-12 + + * Parser: fixed multiple IMPORTS problem (incorrect assertion). + * Parser: constraints extensibility parsing fix. + +0.8.17: 2004-Aug-11 + + * Improved compiler output: duplicate #includes eliminated. + * Win32 portability fixes. + * More compatibility with C++ or non-GCC compilers. + +0.8.16: 2004-Jul-22 + + * Fixed application-level problem in SET OF/SEQUENCE OF array cleanup. + (Severity: medium; Security impact: low) + * Improved asn_GT2time() and added asn_time2{GT,UT}() functions. + * BIT STRING pretty-printing. + +0.8.15: 2004-Jul-20 + + * Fixed parser: memory leak in free_struct code for SET OF/SEQUENCE OF. + (Severity: high; Security impact: medium) + * Fixed parser: invalid memory reference in code constructing tags. + (Test case 48) (Severity: high; Security impact: medium) + When encoding data for certain ASN.1 specifications containing + explicit tags, the tag is always written incorrectly due to + incorrect memory reference. The encoding will almost always produce + unparseable data and might well reference unmapped region so program + would produce segmentation violation. Fortunately, memory is + read, not written, so remote exploits cannot execute arbitrary + code and triggering unmapped memory reference is highly unlikely + even it attacker knows the code (basically, the compiler should place + asn1_DEF_... right before the end of the mapped memory region, which + is extremely rare). + * Improved INTEGER type printing. -0.8.14: 2004-Jun-30 +0.8.14: 2004-Jun-30 - * Fixed compiler: extensibility of CHOICE and SET type has not been - taken into account during table construction. - (Test case 47) (Severity: high; Security impact: low) + * Fixed compiler: extensibility of CHOICE and SET type has not been + taken into account during table construction. + (Test case 47) (Severity: high; Security impact: low) -0.8.13: 2004-Jun-29 +0.8.13: 2004-Jun-29 - * Fixed compiler: the skip values for IMPLICIT tagging were broken - in some complex cases where one type is defined using another. - (Test case 46) (Severity: medium; Security impact: low). - * Added -fknown-extern-type command line parameter to asn1c. - * Removed -N command line flag and underlying functionality - to honor KISS principle. + * Fixed compiler: the skip values for IMPLICIT tagging were broken + in some complex cases where one type is defined using another. + (Test case 46) (Severity: medium; Security impact: low). + * Added -fknown-extern-type command line parameter to asn1c. + * Removed -N command line flag and underlying functionality + to honor KISS principle. -0.8.12: 2004-Jun-17 +0.8.12: 2004-Jun-17 - * RELATIVE-OID and OBJECT IDENTIFIER encoders/decoders are not bound - anymore to an integer type of specific size (unsigned long). The - size of an integer must be provided explicitly. - See {OBJECT_IDENTIFIER|RELATIVE_OID}_{get|set}_arcs(). - * SEQUENCE BER decoder fixed again for complex CHOICE case - (Test case 44) (Severity: medium; Security impact: low). + * RELATIVE-OID and OBJECT IDENTIFIER encoders/decoders are not bound + anymore to an integer type of specific size (unsigned long). The + size of an integer must be provided explicitly. + See {OBJECT_IDENTIFIER|RELATIVE_OID}_{get|set}_arcs(). + * SEQUENCE BER decoder fixed again for complex CHOICE case + (Test case 44) (Severity: medium; Security impact: low). -0.8.11: 2004-Jun-05 +0.8.11: 2004-Jun-05 - * Enforced stricter conformance with C standards. - * SEQUENCE BER decoder is now equipped with the sorted map - in case of complex CHOICE descendants. Test case 44 created. + * Enforced stricter conformance with C standards. + * SEQUENCE BER decoder is now equipped with the sorted map + in case of complex CHOICE descendants. Test case 44 created. -0.8.10: 2004-Jun-02 +0.8.10: 2004-Jun-02 - * Added const qualifier where necessary. - * Changed position of outmost_tag fetcher within asn1_TYPE_descriptor_t - structure. + * Added const qualifier where necessary. + * Changed position of outmost_tag fetcher within asn1_TYPE_descriptor_t + structure. -0.8.9: 2004-May-26 +0.8.9: 2004-May-26 - * Added *_{get|set}_arcs_*() functions for OBJECT IDENTIFIER - and RELATIVE-OID, together with test cases. + * Added *_{get|set}_arcs_*() functions for OBJECT IDENTIFIER + and RELATIVE-OID, together with test cases. -0.8.8: 2004-May-09 +0.8.8: 2004-May-09 - * Introduced subtype constraints support (incomplete!). - * Fixed compiler. If the last member of the SEQUENCE is OPTIONAL - and absent in the encoding, and the type is extensible (...) or - EXTENSIBILITY IMPLIED flag is set, then the structure could not - be correctly decoded. (Severity: high; Security impact: low). - * Compiler: fixed recursive ASN.1 types inclusion (Severity: low, - Security impact: none). - * Parser: IMPORTS/FROM fixes, now allowing multiple sections. - * NEW PLATFORM: Compiled and tested on MacOS X (@ PowerPC). - No major portability issues experienced. + * Introduced subtype constraints support (incomplete!). + * Fixed compiler. If the last member of the SEQUENCE is OPTIONAL + and absent in the encoding, and the type is extensible (...) or + EXTENSIBILITY IMPLIED flag is set, then the structure could not + be correctly decoded. (Severity: high; Security impact: low). + * Compiler: fixed recursive ASN.1 types inclusion (Severity: low, + Security impact: none). + * Parser: IMPORTS/FROM fixes, now allowing multiple sections. + * NEW PLATFORM: Compiled and tested on MacOS X (@ PowerPC). + No major portability issues experienced. -0.8.7: 2004-Apr-11 T-version-0-8-7 +0.8.7: 2004-Apr-11 T-version-0-8-7 - * Fixed SEQUENCE BER decoder: if the last member of the SEQUENCE is - OPTIONAL and absent in the encoding, RC_FAIL was returned instead - of RC_OK (Severity: high; Security impact: low). - * Added test case to check the above problem. - * Added test case to check -fnative-integers mode. + * Fixed SEQUENCE BER decoder: if the last member of the SEQUENCE is + OPTIONAL and absent in the encoding, RC_FAIL was returned instead + of RC_OK (Severity: high; Security impact: low). + * Added test case to check the above problem. + * Added test case to check -fnative-integers mode. -0.8.6: 2004-Apr-03 T-version-0-8-6 +0.8.6: 2004-Apr-03 T-version-0-8-6 - * Fixed compiler output for embedded ASN.1 structures. + * Fixed compiler output for embedded ASN.1 structures. -0.8.5: 2004-Mar-28 T-version-0-8-5 +0.8.5: 2004-Mar-28 T-version-0-8-5 - * Fixed ber_tlv_length() computation problem (Severity: high, - Security impact: none). - Reported by + * Fixed ber_tlv_length() computation problem (Severity: high, + Security impact: none). + Reported by -0.8.4: 2004-Mar-22 +0.8.4: 2004-Mar-22 - * Removed RC_ITAG enumeration element from BER decoder. - This return code did not have much practical value. + * Removed RC_ITAG enumeration element from BER decoder. + This return code did not have much practical value. -0.8.3: 2004-Mar-14 T-version-0-8-3 +0.8.3: 2004-Mar-14 T-version-0-8-3 - * Fixed SET::BER decoder: restart after reaching a buffer boundary - weas broken (Severity: high; Security impact: low). - * Fixed OCTET STRING::BER decoder: restart after reaching a buffer - boundary was broken (Severity: high; Security impact: low). - Reported by - * Added test cases to check decoders restartability. - * Slightly more general INTEGER2long decoder. - * Allowed nested /* C-type */ comments, as per X.680:2002. + * Fixed SET::BER decoder: restart after reaching a buffer boundary + weas broken (Severity: high; Security impact: low). + * Fixed OCTET STRING::BER decoder: restart after reaching a buffer + boundary was broken (Severity: high; Security impact: low). + Reported by + * Added test cases to check decoders restartability. + * Slightly more general INTEGER2long decoder. + * Allowed nested /* C-type */ comments, as per X.680:2002. -0.8.2: 2004-Mar-01 T-version-0-8-2 +0.8.2: 2004-Mar-01 T-version-0-8-2 - * Fixed SEQUENCE BER decoder: an OPTIONAL element was required, where - should not have been (Severity: major; Security impact: low). - * Fixed print_struct pointer inheritance. - * Added -fno-c99 and -funnamed-unions + * Fixed SEQUENCE BER decoder: an OPTIONAL element was required, where + should not have been (Severity: major; Security impact: low). + * Fixed print_struct pointer inheritance. + * Added -fno-c99 and -funnamed-unions -0.8.1: 2004-Feb-22 +0.8.1: 2004-Feb-22 - * -R switch to asn1c: Omit support code, compile only the tables. - * Introduced NativeInteger pseudotype. - * Corrected the informal print_struct()'s output format. + * -R switch to asn1c: Omit support code, compile only the tables. + * Introduced NativeInteger pseudotype. + * Corrected the informal print_struct()'s output format. -0.8.0: 2004-Feb-03 T-version-0-8-0 +0.8.0: 2004-Feb-03 T-version-0-8-0 - * Some documentation is created (a .pdf and a short manual page). - * Last touches to the code. + * Some documentation is created (a .pdf and a short manual page). + * Last touches to the code. -0.7.9: 2004-Feb-01 T-version-0-7-9 +0.7.9: 2004-Feb-01 T-version-0-7-9 - * Human readable printing support. - * Support for implicit (standard) constraints. + * Human readable printing support. + * Support for implicit (standard) constraints. -0.7.8: 2004-Jan-31 +0.7.8: 2004-Jan-31 - * SET now rejects duplicate fields in the data stream. + * SET now rejects duplicate fields in the data stream. -0.7.7: 2004-Jan-25 +0.7.7: 2004-Jan-25 - * Added types: GeneralizedTime and UTCTime. + * Added types: GeneralizedTime and UTCTime. -0.7.6: 2004-Jan-24 T-version-0-7-6 +0.7.6: 2004-Jan-24 T-version-0-7-6 - * DER encoding of a SET OF now involves dynamic sorting. + * DER encoding of a SET OF now involves dynamic sorting. -0.7.5: 2004-Jan-24 T-version-0-7-5 +0.7.5: 2004-Jan-24 T-version-0-7-5 - * DER encoding of a SET with untagged CHOICE - now involves dynamic sorting. + * DER encoding of a SET with untagged CHOICE + now involves dynamic sorting. -0.7.0: 2004-Jan-19 T-version-0-7-0 +0.7.0: 2004-Jan-19 T-version-0-7-0 - * A bunch of DER encoders is implemented. + * A bunch of DER encoders is implemented. -0.6.6: 2004-Jan-11 +0.6.6: 2004-Jan-11 - * Implemented CHOICE decoder. - * Implemented destructors support. + * Implemented CHOICE decoder. + * Implemented destructors support. -0.6.5: 2004-Jan-03 +0.6.5: 2004-Jan-03 - * Implemented SET decoder. - * Implemented SET OF and SEQUENCE OF decoders. + * Implemented SET decoder. + * Implemented SET OF and SEQUENCE OF decoders. -0.6.4: 2003-Dec-31 +0.6.4: 2003-Dec-31 - * Implemented BOOLEAN, NULL, ENUMERATED decoders. - * Implemented OCTET STRING decoder. - * Implemented BIT STRING decoder. + * Implemented BOOLEAN, NULL, ENUMERATED decoders. + * Implemented OCTET STRING decoder. + * Implemented BIT STRING decoder. -0.6: 2003-Dec-30 +0.6: 2003-Dec-30 - * First decoding of a BER-encoded structure! + * First decoding of a BER-encoded structure! -0.5: 2003-Dec-28 +0.5: 2003-Dec-28 - * Framework and most of the compiler backbone coding done. + * Framework and most of the compiler backbone coding done. -0.1: 2003-Nov-28 +0.1: 2003-Nov-28 - * Programming started. + * Programming started. === Bug importance disclosure terms === @@ -532,23 +532,23 @@ SEVERITY. This term applies to the frequence the particular construct is used in the real world. The higher the frequency, the more chances of triggering this bug. - low: The ASN.1 specifications which could trigger - this kind of bug are not widespread. - medium: The particular ASN.1 construct is used quite often, - so the chance of triggering an error is considerable. - high: This fix is considered urgent, or the particular ASN.1 - construct triggering this bug is in wide use. + low: The ASN.1 specifications which could trigger + this kind of bug are not widespread. + medium: The particular ASN.1 construct is used quite often, + so the chance of triggering an error is considerable. + high: This fix is considered urgent, or the particular ASN.1 + construct triggering this bug is in wide use. SECURITY IMPACT. This term applies to the amount of potential damage a bug exploitation could cause. - none: No malicious exploitation is possible. - low: The local exploitation is unlikely; the remote exploitation - is impossible. - medium: The remote exploitation is possible when a particular ASN.1 - construct is being used. If possible, only hard failure, spin - or memory leak are the possible outcome: no shellcode - injection could possibly be carried by the attack. - high: The remote shellcode injection is possible, or the bug is - otherwise remotely exploitable for most specifications. + none: No malicious exploitation is possible. + low: The local exploitation is unlikely; the remote exploitation + is not possible. + medium: The remote exploitation is possible when a particular ASN.1 + construct is being used. If possible, only hard failure, spin + or memory leak are the possible outcome: no shellcode + injection could possibly be carried by the attack. + high: The remote shellcode injection is possible, or the bug is + otherwise remotely exploitable for most specifications. -- cgit v1.2.3