Skip to content
Snippets Groups Projects
ChangeLog 16.9 KiB
Newer Older
1.2304.0, 2023-04-18
- change of release number scheme, now like rsyslog
Rainer Gerhards's avatar
Rainer Gerhards committed
- fix Fix CVE-2020-12762
  Note: the CVE did not affect rsyslog use due to size limits
  Thanks to Wang Haitao for the patch.
0.99.9 2021-01-26
Rainer Gerhards's avatar
Rainer Gerhards committed
- add API fjson_object_get_uint()
  Thanks to Janmejay Singh for contributing the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
- add API fjson_object_array_del_idx()
  Thanks to Noriko Hosoi for contributing the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
- bugfix for dangling pointer that causes segfault
  The other functions assume that the memory is either set to NULL or a valid
  json object. The array_list_del_idx function only moves the elements, but
  does not set the pointer to null, which causes the same pointer to remain
  in the list (outside of arr->length). Then, when array_list_put_idx is
  called, the array_list_expand_internal leaps out, meaning that it has not
  set the indices outside of the requested length to 0. array_list_put_idx
  finds the pointer, tries to free it and a double free will be incurred,
  because the actual element is still in the list.
  Thanks to Michael van der Werve for contributing the patch.
0.99.8 2017-12-18
Rainer Gerhards's avatar
Rainer Gerhards committed
- make build under gcc7 with strict settings (warning==error)
Rainer Gerhards's avatar
Rainer Gerhards committed
- bugfix: constant key names not properly handled
  if fjson_object_object_add_ex() is used with option
  FJSON_OBJECT_KEY_IS_CONSTANT, fjson_object_object_del() will still
  try to delete the key name. Depending on use, this can lead to
  double-free, use-after-free or no problem.
  see also https://github.com/rsyslog/rsyslog/issues/1839
  closes https://github.com/rsyslog/libfastjson/issues/148
Rainer Gerhards's avatar
Rainer Gerhards committed
- fix potentially invalid return value of fjson_object_iter_begin
  this could lead to callers doing improper opreations and thus
  could lead to a segfault in callers
  detected by Coverity scan, CID 198891
- fix small potential memory leak in json_tokener (unlinkely to occur)
  detected by Coverity Scan, CID 198890
Rainer Gerhards's avatar
Rainer Gerhards committed
0.99.7 2017-10-17
Rainer Gerhards's avatar
Rainer Gerhards committed
- added option for case-insensitive comparisons
  This permits to search for json keys in a case-sensitive way.
  The default is "off", as this is against the JSON spec. However,
  rsyslog needs this capability to increase usability inside the
  variable system.
  We add a new API call to switch between case-sensitive and
  case-insensitive comparison, with case-sensitive being the default.
  closes https://github.com/rsyslog/libfastjson/issues/142
Rainer Gerhards's avatar
Rainer Gerhards committed
- Removed userdata and custom-serialization functions
  Reasoning (from pull request):
  The library uses the concept of "userdata" and "custom serialization
  functions" that can be set from user space. However, to effectively
  make use of this feature, a user must have a deep understanding of
  the internal data representation of the library, which makes this
  feature not very useful.
  But what is worse: internally, the library itself also sometimes
  assigns data to this userdata member (especially when working with
  doubles), and it also sometimes assigns alternative serialization
  functions. This makes the feature even more unusable, because as a
  user you never can know when the userdata pointer is save to use
  for your own settings, and when you must leave it alone because
  it is used by the library.
  Long story short. In this pull request I got rid of the userdata
  pointer completely. The case where the library was using the
  "userdata" (for storing the original string representation of a
  parsed double) has been moved into the union that is already used
  for storing values.
  see also: https://github.com/rsyslog/libfastjson/pull/141
  Thanks to Emiel Bruijntjes for the patch.
0.99.6 2017-06-19
- fix a build issue under Solaris
0.99.5 2017-05-03
- fix tautology comparison in tautology in `fjson_object_iter_equal`
Rainer Gerhards's avatar
Rainer Gerhards committed
- made build under Solaris again
Rainer Gerhards's avatar
Rainer Gerhards committed
- made to build under AIX
  Thanks to github user purnimam1 for the patch
- fix floating point representation when fractional part is missing
Rainer Gerhards's avatar
Rainer Gerhards committed
  see also https://github.com/rsyslog/libfastjson/issues/126
  Thanks to Jan Gerhards for the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
- m4: fix detection of atomics
  In cross-compilation, it is impossible to run code at configure time to
  detect the target specifics.
  As such, AC_TRY_RUN fails miserably to detect reliably that atomic
  intrisics are present in a toolchain, and decides they are not just
  because this is cross-compilation.
  Instead of AC_TRY_RUN, use AC_LINK_IFELSE that does not need to actually
  run code, since all we're interested in is whether the intrisics are
  present (or not). Fix both the 32- and 64-bit variants, even if the
  latter is not used currently.
  Fixes build failures detected by the Buildroot autobuilders, like:
    http://autobuild.buildroot.org/results/23a/23ac0e742ed3a70ae4d038f8c9eadc23e708f671/build-end.log
    http://autobuild.buildroot.org/results/192/1923d0b570adba494f83747a9610ea6ec35f5223/build-end.log
  and many other cases, espcially on architectures where such intrsics are
  present, but where the toolchain does not have threads (and anyway, it
  is much more efficient to use the intrisics rather than use mutexes).
  Thanks to Yann E. MORIN for the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
- add fjson_object_dump() and fjson_object_write() functions
  ... that make it possible to dump the json tree without having to
  dynamically allocate a string, and to write the tree to a FILE*.
  NOTE: right now, most of the code is simply copied from the functions
  that use the "printbuf" for writing the data. I have not touched the old
  printbuf-implementation, because some other code may still rely on it.
  However, in my opinion these printbuf-based functions (if it is desirable
  to keep them in the first place) can now be re-implemented to use the more
  flexible fjson_object_dump() function.
  MAINTAINER NOTE: we need to performance-test any new implementation and will
  do so. The results will ultimately decide which parts of the code remain in
  the codebase.
  Thanks to Emiel Bruijntjes for the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
0.99.4 2016-08-03
Rainer Gerhards's avatar
Rainer Gerhards committed
- fix tautology comparison in tautology in `fjson_object_iter_equal`
  Thanks to Andres Stieger for the patch
- improve build system to handle slightly older autoconf versions
Rainer Gerhards's avatar
Rainer Gerhards committed
- fix build problems with gcc6
  Thanks to Andres Stieger for the patch
Rainer Gerhards's avatar
Rainer Gerhards committed
0.99.3 2016-07-11
Rainer Gerhards's avatar
Rainer Gerhards committed
- new dependency: autoconf-archive
Rainer Gerhards's avatar
Rainer Gerhards committed
- exit() is no longer called in unexpected situations
  The previous code called exit on some occasions and did not
  give the caller a chance to do any cleanup or handling on
  it's own. This has completely been removed. Note that it was
  very unlikely that this problem affected a caller, as exit()
  was only called under very rare circumstances (e.g. OOM).
- fjson_version now returns configure VERSION
  This avoid inconsistency.
Rainer Gerhards's avatar
Rainer Gerhards committed
- removal of Windows and Android bits
  Thanks to Michael Biebl for the patch.
- fixes of the build system
  Thanks to Michael Biebl for the patch.
Rainer Gerhards's avatar
Rainer Gerhards committed
- dropped support for Windows and Android as we do not target
  these platforms
Rainer Gerhards's avatar
Rainer Gerhards committed
- "make distcheck" now works
Rainer Gerhards's avatar
Rainer Gerhards committed
- fix invalid Unicode representation for some non US-ASCII
  characters when printed as string. Note that this could
  potentially also lead to a segfault
Rainer Gerhards's avatar
Rainer Gerhards committed
0.99.2 2016-03-07
Rainer Gerhards's avatar
Rainer Gerhards committed
- new API: json_object_get_member_count()
- make comaptible with autoconf < 2.64
Rainer Gerhards's avatar
Rainer Gerhards committed

0.99.1
Rainer Gerhards's avatar
Rainer Gerhards committed
was never released, but version number has accidently been used by
some Adiscon packages. In order to prevent confusion, we have
decided not to use this version number for any official version.
Rainer Gerhards's avatar
Rainer Gerhards committed
0.99.0 2015-12-22
Rainer Gerhards's avatar
Rainer Gerhards committed
- bugfix: reference counting was not thread-safe
0.12

  * Address security issues:
    * CVE-2013-6371: hash collision denial of service
    * CVE-2013-6370: buffer overflow if size_t is larger than int

  * Avoid potential overflow in json_object_get_double

  * Eliminate the mc_abort() function and MC_ABORT macro.

  * Make the json_tokener_errors array local.  It has been deprecated for
     a while, and json_tokener_error_desc() should be used instead.

  * change the floating point output format to %.17g so values with 
     more than 6 digits show up in the output.

  * Remove the old libjson.so name compatibility support.  The library is
      only created as libjson-c.so now and headers are only installed 
      into the ${prefix}/json-c directory.

  * When supported by the linker, add the -Bsymbolic-functions flag.

  * Various changes to fix the build on MSVC.

  * Make strict mode more strict:
    * number must not start with 0
    * no single-quote strings
    * no comments
    * trailing char not allowed
    * only allow lowercase literals
  * Added a json_object_new_double_s() convenience function to allow
    an exact string representation of a double to be specified when
    creating the object and use it in json_tokener_parse_ex() so
    a re-serialized object more exactly matches the input.

  * IMPORTANT: the name of the library has changed to libjson-c.so and
     the header files are now in include/json-c.
     The pkgconfig name has also changed from json to json-c.
     You should change your build to use appropriate -I and -l options.
     A compatibility shim is in place so builds using the old name will
     continue to work, but that will be removed in the next release.
  * Maximum recursion depth is now a runtime option.
     json_tokener_new() is provided for compatibility.
     json_tokener_new_ex(depth)
  * Include json_object_iterator.h in the installed headers.
  * Add support for building on Android.
  * Rewrite json_object_object_add to replace just the value if the key already exists so keys remain valid.
  * Make it safe to delete keys while iterating with the json_object_object_foreach macro.
  * Add a json_set_serializer() function to allow the string output of a json_object to be customized.
  * Make float parsing locale independent.
  * Add a json_tokener_set_flags() function and a JSON_TOKENER_STRICT flag.
  * Enable -Werror when building.
  * speed improvements to parsing 64-bit integers on systems with working sscanf
  * Add a json_object_object_length function.
  * Fix a bug (buffer overrun) when expanding arrays to more than 64 entries.

  * Add a json_object_to_json_string_ext() function to allow output to be
     formatted in a more human readable form.
  * Add json_object_object_get_ex(), a NULL-safe get object method, to be able
     to distinguish between a key not present and the value being NULL.
  * Add an alternative iterator implementation, see json_object_iterator.h
  * Make json_object_iter public to enable external use of the
     json_object_object_foreachC macro.
  * Add a printbuf_memset() function to provide an effecient way to set and
     append things like whitespace indentation.
  * Adjust json_object_is_type and json_object_get_type so they return
      json_type_null for NULL objects and handle NULL passed to
      json_objct_object_get().
  * Rename boolean type to json_bool.
  * Fix various compile issues for Visual Studio and MinGW.
  * Allow json_tokener_parse_ex() to be re-used to parse multiple object.
     Also, fix some parsing issues with capitalized hexadecimal numbers and
     number in E notation.
  * Add json_tokener_get_error() and json_tokener_error_desc() to better 
     encapsulate the process of retrieving errors while parsing.
  * Various improvements to the documentation of many functions.
  * Add new json_object_array_sort() function.
  * Fix a bug in json_object_get_int(), which would incorrectly return 0
    when called on a string type object.
    Eric Haszlakiewicz
  * Add a json_type_to_name() function.
    Eric Haszlakiewicz
  * Add a json_tokener_parse_verbose() function.
    Jehiah Czebotar
  * Improve support for null bytes within JSON strings.
    Jehiah Czebotar
  * Fix file descriptor leak if memory allocation fails in json_util
    Zachary Blair, zack_blair at hotmail dot com
  * Add int64 support. Two new functions json_object_net_int64 and
    json_object_get_int64. Binary compatibility preserved.
    Eric Haszlakiewicz, EHASZLA at transunion com
    Rui Miguel Silva Seabra, rms at 1407 dot org
  * Fix subtle bug in linkhash where lookup could hang after all slots
    were filled then successively freed.
    Spotted by Jean-Marc Naud, j dash m at newtraxtech dot com
  * Make json_object_from_file take const char *filename
    Spotted by Vikram Raj V, vsagar at attinteractive dot com
  * Add handling of surrogate pairs (json_tokener.c, test4.c, Makefile.am)
    Brent Miller, bdmiller at yahoo dash inc dot com
  * Correction to comment describing printbuf_memappend in printbuf.h
    Brent Miller, bdmiller at yahoo dash inc dot com

  * Add README.html README-WIN32.html config.h.win32 to Makefile.am
    Michael Clark, <michael@metaparadigm.com>
Christopher Watford's avatar
Christopher Watford committed
  * Add const qualifier to the json_tokener_parse functions
    Eric Haszlakiewicz, EHASZLA at transunion dot com
  * Rename min and max so we can never clash with C or C++ std library
Michael Clark's avatar
Michael Clark committed
    Ian Atha, thatha at yahoo dash inc dot com
Christopher Watford's avatar
Christopher Watford committed
  * Fix any noticeable spelling or grammar errors.
  * Make sure every va_start has a va_end.
  * Check all pointers for validity.
    Erik Hovland, erik at hovland dot org
  * Fix json_object_get_boolean to return false for empty string
    Spotted by Vitaly Kruglikov, Vitaly dot Kruglikov at palm dot com
  * optimizations to json_tokener_parse_ex(), printbuf_memappend()
    Brent Miller, bdmiller at yahoo dash inc dot com
  * Disable REFCOUNT_DEBUG by default in json_object.c
  * Don't use this as a variable, so we can compile with a C++ compiler
  * Add casts from void* to type of assignment when using malloc 
  * Add #ifdef __cplusplus guards to all of the headers
  * Add typedefs for json_object, json_tokener, array_list, printbuf, lh_table
    Michael Clark, <michael@metaparadigm.com>
  * Null pointer dereference fix. Fix json_object_get_boolean strlen test
    to not return TRUE for zero length string. Remove redundant includes.
    Erik Hovland, erik at hovland dot org
  * Fixed warning reported by adding -Wstrict-prototypes
    -Wold-style-definition to the compilatin flags.
    Dotan Barak, dotanba at gmail dot com
  * Add const correctness to public interfaces
    Gerard Krol, g dot c dot krol at student dot tudelft dot nl

  * Add va_end for every va_start
    Dotan Barak, dotanba at gmail dot com
  * Add macros to enable compiling out debug code
    Geoffrey Young, geoff at modperlcookbook dot org
  * Fix bug with use of capital E in numbers with exponents
    Mateusz Loskot, mateusz at loskot dot net
  * Add stddef.h include
  * Patch allows for json-c compile with -Werror and not fail due to
    -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations
    Geoffrey Young, geoff at modperlcookbook dot org
0.7
  * Add escaping of backslash to json output
  * Add escaping of foward slash on tokenizing and output
  * Changes to internal tokenizer from using recursion to
    using a depth state structure to allow incremental parsing

0.6
  * Fix bug in escaping of control characters
    Johan Björklund, johbjo09 at kth dot se
  * Remove include "config.h" from headers (should only
    be included from .c files)
    Michael Clark <michael@metaparadigm.com>

0.5
  * Make headers C++ compatible by change *this to *obj
  * Add ifdef C++ extern "C" to headers
  * Use simpler definition of min and max in bits.h
    Larry Lansing, llansing at fuzzynerd dot com

  * Remove automake 1.6 requirement
  * Move autogen commands into autogen.sh. Update README
  * Remove error pointer special case for Windows
  * Change license from LGPL to MIT
    Michael Clark <michael@metaparadigm.com>

0.4
  * Fix additional error case in object parsing
  * Add back sign reversal in nested object parse as error pointer
    value is negative, while error value is positive.
    Michael Clark <michael@metaparadigm.com>

0.3
  * fix pointer arithmetic bug for error pointer check in is_error() macro
  * fix type passed to printbuf_memappend in json_tokener
  * update autotools bootstrap instructions in README
    Michael Clark <michael@metaparadigm.com>

0.2
  * printbuf.c - C. Watford (christopher.watford@gmail.com)
    Added a Win32/Win64 compliant implementation of vasprintf
  * debug.c - C. Watford (christopher.watford@gmail.com)
    Removed usage of vsyslog on Win32/Win64 systems, needs to be handled
    by a configure script
  * json_object.c - C. Watford (christopher.watford@gmail.com)
    Added scope operator to wrap usage of json_object_object_foreach, this
    needs to be rethought to be more ANSI C friendly
  * json_object.h - C. Watford (christopher.watford@gmail.com)
    Added Microsoft C friendly version of json_object_object_foreach
  * json_tokener.c - C. Watford (christopher.watford@gmail.com)
    Added a Win32/Win64 compliant implementation of strndup
  * json_util.c - C. Watford (christopher.watford@gmail.com)
    Added cast and mask to suffice size_t v. unsigned int conversion
    correctness 
  * json_tokener.c - sign reversal issue on error info for nested object parse
    spotted by Johan Björklund (johbjo09 at kth.se)
  * json_object.c - escape " in json_escape_str
  * Change to automake and libtool to build shared and static library
    Michael Clark <michael@metaparadigm.com>
	
0.1
  * initial release