| |
| 0.9.21: 2006-Sep-08 |
| |
| * skeletons/standard-modules directory is now used for standard types. |
| * Fixed class field access problem (Test case 98) |
| (Severity: medim; Security impact: none) |
| * Refactored Information Object Classes parsing. |
| * Refactored Parameterization support. |
| * [typedef enum foo {}] foo_e; is now e_foo, see #1287989 |
| * Refactored ValueSetTypeAssignment parsing. |
| * First release of PER encoder (does not encode SETs yet). |
| * asn-decoder-template.c renamed into converter-sample.c |
| * MEGACO (Media Gateway Control Protocol) decoder sample added. |
| |
| 0.9.20: 2006-Mar-06 |
| |
| * SET OF CHOICE, SEQUENCE OF CHOICE and a certain named S/O types |
| are represented differently in XER. THIS IS AN INCOMPATIBLE CHANGE. |
| (Test case 70) (Severity: low; Security impact: low) |
| * asn1c: Removed -ftypes88 command line option. |
| * Started PER implementation. Somewhat experimental! |
| |
| 0.9.19: 2005-Oct-06 |
| |
| * A proper solution to circular references. No kludge flags |
| should be necessary anymore to produce reference-free code: |
| recursive dependencies are resolved automatically. |
| * Test cases 73 & 92 keep track of various circular references. |
| * Introduced compiler directives to allow finer control over the |
| generated code ("--<ASN1C...>--" in comments), (Test case 93). |
| * New feature for unber(1): -s <skip> bytes. |
| * Mandatory elements map for SET was not getting generated properly. |
| (Test case 94) (Severity: high; Security impact: low) |
| * asn1c: new command line option: -fskeletons-copy. |
| |
| 0.9.18: 2005-Aug-14 |
| |
| * The obsolete X.208 syntax is handled gracefully now (compound types' |
| member names are invented on the fly). (Test case 87). |
| * Generating enumeration tables for INTEGER types (Test case 88). |
| * Generating enumeration tables for BIT STRING types (Test case 89). |
| * Conditional INTEGER/ENUMERATED representation: long vs. INTEGER_t |
| type is chosen based on PER visible constraints (Test cases 90, 91). |
| * Union structures for CHOICE type are not anonymous anymore. |
| * Made unber(1) program more verbose: effective structure length is |
| now displayed as L="<n>" at the closing tag. (Test check-xxber.sh). |
| * Fixed unber(1)'s -1 switch for indefinite encoding length. |
| * New command line option for unber(1): -m to enable minimalistic mode. |
| |
| 0.9.17: 2005-Aug-07 |
| |
| * Tagging mode is implicitly IMPLICIT if AUTOMATIC TAGS is used, #30.6. |
| (Test cases 55, 86). |
| * Started to use extern "C" {} in skeleton headers. |
| * Introduced -finline-choice command line option to fix |
| yet another class of circular references. |
| |
| 0.9.16: 2005-July-04 |
| |
| * GeneralizedTime API now supports fractions of seconds. |
| Thanks to Bent Nicolaisen <BN@JAI.com> for support. |
| * ASN.1 parser has been tweaked to allow parsing something like |
| "SEQUENCE----comment----", which is ambiguous for many reasons. |
| * XER decoder better handles not-yet-defined future extensions. |
| |
| 0.9.15: 2005-July-02 |
| |
| * Compiler now checks 64-bit overflows in constraints range handling |
| code. No effect on the code produced by the compiler. |
| * Compiler support for tagged and marked parametrized members. |
| * Empty tags to element map avoided. |
| * Compiled code GCC 4.x compatibility. |
| |
| 0.9.14: 2005-Apr-29 |
| |
| * Fixed check-70.-fnative-integers.c test (it was failing |
| when no test directory was found). |
| |
| 0.9.13: 2005-Apr-24 |
| |
| * Added extra const qualifiers into the support code. |
| * More RFC variations supported in crfc2asn1.pl. |
| * Refined string values compatibility. (Test cases 77, 78). |
| * Support for ContainedSubtype constraints. (Test case 16). |
| * Parsing support for CONSTRAINED BY. (Test case 79). |
| * Support for CharsDefn (Quadruple and Tuple, most used in |
| ASN1-CHARACTER-MODULE) (Test case 80). |
| * Pretty-printing support for WITH COMPONENT[S]. (Test case 82). |
| * Streamed OCTET STRING decoding of large values: fixed allocation |
| problem introduced in 0.9.9. (Severity: high; Security impact: medium) |
| Reported by Yann Grossel <olrick@users.sourceforge.net>. |
| * Fixed BASIC-XER encoding of REAL numbers. |
| |
| 0.9.12: 2005-Mar-10 |
| |
| * Fixed a name clash in produced constraint checking code. |
| * #includes are now in single quotes (to solve a name |
| clash with system's <time.h> on a Win32 system). |
| * Small refinement of XML DTD generation (`asn1c -X`). |
| * Relaxed XER processing rules to skip extra whitespace |
| in some more places. It also skips XML comments (although |
| XML comments in XER are prohibited by X.693, #8.2.1). |
| (Test case 70) (Severity: medium; Security impact: none) |
| Reported by <Dominique.Nerriec@alcatel.fr>. |
| * Constraints on primitive types being defined are now supported. |
| (Test case 74) (Severity: low; Security impact: none) |
| * XMLValueList generation fixed for CHOICE type. |
| (Severity: medium; Security impact: none) |
| * Added the GSM TAP3 decoder into ./examples/sample.source.TAP3 |
| |
| 0.9.11: 2005-Mar-04 |
| |
| * Released -fcompound-names to fix the name clashes in the code |
| produced by the asn1c. |
| * Released -fno-include-deps to avoid #including non-critical |
| external dependencies. |
| * Compiler is taught to produce compilable code for yet another class |
| of circular ASN.1 type references. |
| * X.693:8.3.4 prohibits anything but SignedNumber; fixed XER codec. |
| * Fixed ENUMERATED identifier to value conversion in XER. |
| Reported by <jacque.celaire@caramail.com>. |
| * If the compiled file contents are the same as in already existing |
| file (left from previous compilation), the old file is retained. |
| This prevents thrashing `make` dependencies if amount of changes in |
| the original ASN.1 module(s) is small. |
| |
| 0.9.10: 2005-Feb-25 |
| |
| * Completed the XER XMLValueList encoding and decoding. |
| * Native integer type is now using "long". |
| * Fixed #1150856. Reported by <vvvy@users.sourceforge.net>. |
| * Some WIN32 portability fixes. |
| |
| 0.9.9: 2005-Feb-22 |
| |
| * First release of XER (XML) decoding implementation (somewhat |
| experimental). |
| * ANY allocation routine fixed. |
| Reported by <mikko.ahonen@elma.net>. |
| * Fixed tag parsing (tags like "[ 0 ]" were not supported). |
| * Compiler now checks for duplicate ASN.1 types across modules. |
| |
| 0.9.8: 2005-Jan-17 |
| |
| * [NEW PLATFORM] Compiled and tested on Linux @ alpha64 (LP64). |
| Some code needed to be fixed regarding int-long conversions |
| (mostly inside the test suite), and floating point handling |
| code needed to be restructured to handle signalling NAN and |
| other floating point exceptions quietly. Smooth transition! |
| * [NEW PLATFORM] Compiled and tested on Sun Solaris 9 @ sparc. |
| Improved includes/defines of/for system headers. |
| * -X command line option added to asn1c to generate XML DTD. |
| * Empty SEQUENCE and SET clauses are now allowed. |
| * Removed confusion between &xNN; and &#xNN; in enber and unber. |
| * Removed order dependency in DEFAULT references to ENUMERATED |
| identifiers (./tests/68-*-OK.asn1). |
| * ber_dec_rval_t renamed into asn_dec_rval_t: more generality. |
| * Extensions in CHOICE types are properly marked as non-pointers |
| (Test case 59) (Severity: medium; Security impact: medium) |
| Reported by <roman.pfender@sdm.de>. |
| * Tagged CHOICE type is now supported again. |
| (Test case 59) (Severity: low; Security impact: low) |
| Reported by <orlinkata@dir.bg>. |
| * Implemented der_encode_to_buffer() procedure. |
| |
| 0.9.7.1: 2004-Oct-12 |
| |
| * Fixed automatic tagging for extensions of compound types. |
| * Fixed ParametrizedReference parsing: {} are now recognized. |
| |
| 0.9.7: 2004-Oct-11 |
| |
| * Finished CXER implementation by adding SET and SET OF canonical |
| ordering support. |
| * Fixed unber(1) limits controlling logic. |
| * Removed C99'izm from the x509dump, now understood by older compilers. |
| * Enhanced UTF8String constraint validation, now it checks |
| for the minimal encoding length; API of UTF8String_length() changed. |
| * Fixed SEQUENCE dealing with premature termination of the |
| optionals-laden indefinite length structure. The code was previously |
| refusing to parse such structures. |
| * Fixed explicitly tagged ANY type encoding and decoding |
| (Severity: medium; Security impact: low). |
| * Fixed CHOICE code spin when indefinite length structures appear |
| in the extensions (Severity: medium; Security impact: medium). |
| Reported by <siden@ul-gsm.ru>. |
| * BIT STRING now stores the number of unused octets in a separate field. |
| |
| 0.9.6: 2004-Sep-29 |
| |
| * Added several security firewalls: decoder's stack usage control |
| and the stricter checking of the TLV length. |
| * Implemented BASIC-XER encoding support (X.693). |
| * Implemented unber(1) and enber(1) for BER<->XML translation. |
| * Implemented CGI for online ASN.1 compilation (asn1c/webcgi). |
| * Implemented the sample X.509 decoder (./examples/sample.source.PKIX1). |
| * NamedType is now supported for SET OF/SEQUENCE OF type. |
| * Added -fno-constraints option to asn1c, which disabled generation of |
| ASN.1 subtype constraints checking code. |
| * Added ASN1C_ENVIRONMENT_VERSION and get_asn1c_environment_version(). |
| * Fixed ANY type decoding (Severity: high; Security impact: low). |
| * Fixed BER decoder restartability problem with certain primitive |
| types (BOOLEAN, INTEGER, and REAL). The problem occured when the |
| encoding of such type is split between several bytes. |
| (Severity: high; Security impact: low) |
| * Support for cross-referencing type definitions (updated ./tests/43-*). |
| * Fixed pretty-printing of the REAL type. Added lots of test cases. |
| * Renamed asn1_* into asn_* in function and type names. |
| * Updated documentation. |
| |
| 0.9.5: 2004-Sep-17 |
| |
| * Fixed CER (common BER) decoder code. See check-25.c/VisibleString |
| case for details. X.690 specifies that inner structures in BER |
| encoding must be tagged by stripping off the outer tag for each |
| subsequent containment level. See also X.690: 8.21.5.4 and |
| the "Spouse" case in A.3. |
| (Severity: medium; Security impact: low) |
| * Added converters between any generic type and the ANY type. |
| * Parser fixed: Information Object Class fields may be taged. |
| * Parser fixed: tagged types inside SEQUENCE OF/SET OF support. |
| * Improved DEFAULT Value parsing and pretty-printing. |
| * Condition on distinct tags checker was incorrectly dealing with |
| tagged CHOICE types. Fixed. Modified tests/37-indirect-choice-OK.asn1 |
| * Improved type name generation code ("struct foo" vs "foo_t"). |
| * Fixed constraint checking code incorrectly dealing with imported |
| types with constraint values defined in other modules. |
| * Real REAL support! (Haven't tested denormals support yet!) |
| See skeletons/tests/check-REAL.c |
| |
| 0.9.4: 2004-Sep-10 |
| |
| * More support for recursive type definitions. |
| * Explicit support for ANY type decoding. |
| * Refactored tags processing code. |
| * Fixed constraints checking code: non-exploitable buffer overflow. |
| (Severity: medium; Security impact: low) |
| |
| 0.9.3: 2004-Sep-07 |
| |
| * Extended constraints support in parametrized types. |
| * Better support for parametrization and constraints handling. |
| * Better handling of recursive type definitions. |
| * Added support for ANY type. |
| |
| 0.9.2: 2004-Aug-24 |
| |
| * More flexible subtype constraints handling, with relaxed |
| PER visibility rules for actual constraints checking code generator. |
| * Indirect references in constraints resolver code fixed. |
| * Avoided compilation warning on gcc 3.3.3 systems. |
| * Better ValueSet printing. |
| |
| 0.9.1: 2004-Aug-23 |
| |
| * Documentation updated: doc/asn1c-usage.pdf |
| * Fixed OBJECT IDENTIFIER human-readable printing. |
| Reported by <siden@ul-gsm.ru>. |
| |
| 0.9: 2004-Aug-23 |
| |
| * Reworked subtype constraints handling, aiming at PER-applicability. |
| * BOOLEAN and NULL are now implemented in terms of native int type. |
| * Compiler now links in only necessary skeleton files. |
| * -t option added to asn1c to ease manual BER/CER/DER decoding. |
| * Added support COMPONENTS OF construct. |
| * Numerous parser fixes and enhancements. |
| * Better constraint failure reporting. |
| |
| 0.8.19: 2004-Aug-18 |
| |
| * Fixed BER encoder (problem encoding large tag values) |
| (Severity: medium; Security impact: low) |
| |
| 0.8.18: 2004-Aug-12 |
| |
| * Parser: fixed multiple IMPORTS problem (incorrect assertion). |
| * Parser: constraints extensibility parsing fix. |
| |
| 0.8.17: 2004-Aug-11 |
| |
| * Improved compiler output: duplicate #includes eliminated. |
| * Win32 portability fixes. |
| * More compatibility with C++ or non-GCC compilers. |
| |
| 0.8.16: 2004-Jul-22 |
| |
| * Fixed application-level problem in SET OF/SEQUENCE OF array cleanup. |
| (Severity: medium; Security impact: low) |
| * Improved asn_GT2time() and added asn_time2{GT,UT}() functions. |
| * BIT STRING pretty-printing. |
| |
| 0.8.15: 2004-Jul-20 |
| |
| * Fixed parser: memory leak in free_struct code for SET OF/SEQUENCE OF. |
| (Severity: high; Security impact: medium) |
| * Fixed parser: invalid memory reference in code constructing tags. |
| (Test case 48) (Severity: high; Security impact: medium) |
| When encoding data for certain ASN.1 specifications containing |
| explicit tags, the tag is always written incorrectly due to |
| incorrect memory reference. The encoding will almost always produce |
| unparseable data and might well reference unmapped region so program |
| would produce segmentation violation. Fortunately, memory is |
| read, not written, so remote exploits cannot execute arbitrary |
| code and triggering unmapped memory reference is highly unlikely |
| even it attacker knows the code (basically, the compiler should place |
| asn1_DEF_... right before the end of the mapped memory region, which |
| is extremely rare). |
| * Improved INTEGER type printing. |
| |
| 0.8.14: 2004-Jun-30 |
| |
| * Fixed compiler: extensibility of CHOICE and SET type has not been |
| taken into account during table construction. |
| (Test case 47) (Severity: high; Security impact: low) |
| |
| 0.8.13: 2004-Jun-29 |
| |
| * Fixed compiler: the skip values for IMPLICIT tagging were broken |
| in some complex cases where one type is defined using another. |
| (Test case 46) (Severity: medium; Security impact: low). |
| * Added -fknown-extern-type command line parameter to asn1c. |
| * Removed -N command line flag and underlying functionality |
| to honor KISS principle. |
| |
| 0.8.12: 2004-Jun-17 |
| |
| * RELATIVE-OID and OBJECT IDENTIFIER encoders/decoders are not bound |
| anymore to an integer type of specific size (unsigned long). The |
| size of an integer must be provided explicitly. |
| See {OBJECT_IDENTIFIER|RELATIVE_OID}_{get|set}_arcs(). |
| * SEQUENCE BER decoder fixed again for complex CHOICE case |
| (Test case 44) (Severity: medium; Security impact: low). |
| |
| 0.8.11: 2004-Jun-05 |
| |
| * Enforced stricter conformance with C standards. |
| * SEQUENCE BER decoder is now equipped with the sorted map |
| in case of complex CHOICE descendants. Test case 44 created. |
| |
| 0.8.10: 2004-Jun-02 |
| |
| * Added const qualifier where necessary. |
| * Changed position of outmost_tag fetcher within asn1_TYPE_descriptor_t |
| structure. |
| |
| 0.8.9: 2004-May-26 |
| |
| * Added *_{get|set}_arcs_*() functions for OBJECT IDENTIFIER |
| and RELATIVE-OID, together with test cases. |
| |
| 0.8.8: 2004-May-09 |
| |
| * Introduced subtype constraints support (incomplete!). |
| * Fixed compiler. If the last member of the SEQUENCE is OPTIONAL |
| and absent in the encoding, and the type is extensible (...) or |
| EXTENSIBILITY IMPLIED flag is set, then the structure could not |
| be correctly decoded. (Severity: high; Security impact: low). |
| * Compiler: fixed recursive ASN.1 types inclusion (Severity: low, |
| Security impact: none). |
| * Parser: IMPORTS/FROM fixes, now allowing multiple sections. |
| * NEW PLATFORM: Compiled and tested on MacOS X (@ PowerPC). |
| No major portability issues experienced. |
| |
| 0.8.7: 2004-Apr-11 T-version-0-8-7 |
| |
| * Fixed SEQUENCE BER decoder: if the last member of the SEQUENCE is |
| OPTIONAL and absent in the encoding, RC_FAIL was returned instead |
| of RC_OK (Severity: high; Security impact: low). |
| * Added test case to check the above problem. |
| * Added test case to check -fnative-integers mode. |
| |
| 0.8.6: 2004-Apr-03 T-version-0-8-6 |
| |
| * Fixed compiler output for embedded ASN.1 structures. |
| |
| 0.8.5: 2004-Mar-28 T-version-0-8-5 |
| |
| * Fixed ber_tlv_length() computation problem (Severity: high, |
| Security impact: none). |
| Reported by <vss@high.net.ru> |
| |
| 0.8.4: 2004-Mar-22 |
| |
| * Removed RC_ITAG enumeration element from BER decoder. |
| This return code did not have much practical value. |
| |
| 0.8.3: 2004-Mar-14 T-version-0-8-3 |
| |
| * Fixed SET::BER decoder: restart after reaching a buffer boundary |
| weas broken (Severity: high; Security impact: low). |
| * Fixed OCTET STRING::BER decoder: restart after reaching a buffer |
| boundary was broken (Severity: high; Security impact: low). |
| Reported by <vss@high.net.ru> |
| * Added test cases to check decoders restartability. |
| * Slightly more general INTEGER2long decoder. |
| * Allowed nested /* C-type */ comments, as per X.680:2002. |
| |
| 0.8.2: 2004-Mar-01 T-version-0-8-2 |
| |
| * Fixed SEQUENCE BER decoder: an OPTIONAL element was required, where |
| should not have been (Severity: major; Security impact: low). |
| * Fixed print_struct pointer inheritance. |
| * Added -fno-c99 and -funnamed-unions |
| |
| 0.8.1: 2004-Feb-22 |
| |
| * -R switch to asn1c: Omit support code, compile only the tables. |
| * Introduced NativeInteger pseudotype. |
| * Corrected the informal print_struct()'s output format. |
| |
| 0.8.0: 2004-Feb-03 T-version-0-8-0 |
| |
| * Some documentation is created (a .pdf and a short manual page). |
| * Last touches to the code. |
| |
| 0.7.9: 2004-Feb-01 T-version-0-7-9 |
| |
| * Human readable printing support. |
| * Support for implicit (standard) constraints. |
| |
| 0.7.8: 2004-Jan-31 |
| |
| * SET now rejects duplicate fields in the data stream. |
| |
| 0.7.7: 2004-Jan-25 |
| |
| * Added types: GeneralizedTime and UTCTime. |
| |
| 0.7.6: 2004-Jan-24 T-version-0-7-6 |
| |
| * DER encoding of a SET OF now involves dynamic sorting. |
| |
| 0.7.5: 2004-Jan-24 T-version-0-7-5 |
| |
| * DER encoding of a SET with untagged CHOICE |
| now involves dynamic sorting. |
| |
| 0.7.0: 2004-Jan-19 T-version-0-7-0 |
| |
| * A bunch of DER encoders is implemented. |
| |
| 0.6.6: 2004-Jan-11 |
| |
| * Implemented CHOICE decoder. |
| * Implemented destructors support. |
| |
| 0.6.5: 2004-Jan-03 |
| |
| * Implemented SET decoder. |
| * Implemented SET OF and SEQUENCE OF decoders. |
| |
| 0.6.4: 2003-Dec-31 |
| |
| * Implemented BOOLEAN, NULL, ENUMERATED decoders. |
| * Implemented OCTET STRING decoder. |
| * Implemented BIT STRING decoder. |
| |
| 0.6: 2003-Dec-30 |
| |
| * First decoding of a BER-encoded structure! |
| |
| 0.5: 2003-Dec-28 |
| |
| * Framework and most of the compiler backbone coding done. |
| |
| 0.1: 2003-Nov-28 |
| |
| * Programming started. |
| |
| === Bug importance disclosure terms === |
| |
| SEVERITY. |
| This term applies to the frequence the particular construct is used |
| in the real world. The higher the frequency, the more chances of triggering |
| this bug. |
| low: The ASN.1 specifications which could trigger |
| this kind of bug are not widespread. |
| medium: The particular ASN.1 construct is used quite often, |
| so the chance of triggering an error is considerable. |
| high: This fix is considered urgent, or the particular ASN.1 |
| construct triggering this bug is in wide use. |
| |
| SECURITY IMPACT. |
| This term applies to the amount of potential damage a bug exploitation |
| could cause. |
| none: No malicious exploitation is possible. |
| low: The local exploitation is unlikely; the remote exploitation |
| is impossible. |
| medium: The remote exploitation is possible when a particular ASN.1 |
| construct is being used. If possible, only hard failure, spin |
| or memory leak are the possible outcome: no shellcode |
| injection could possibly be carried by the attack. |
| high: The remote shellcode injection is possible, or the bug is |
| otherwise remotely exploitable for most specifications. |
| |