Hello again, On Fri, Dec 19, 2025 at 05:16:50PM +0100, Florian Ernst wrote: > a new upstream release has been provided, its changes list > [...] > (Cf. <https://github.com/PJK/libcbor/releases/tag/v0.13.0>)
And now v0.14.0 is available (as a tag, but not yet(?) as a release), its changelog states | 0.14.0 (2026-04-07) | Fix NULL dereference in cbor_move, cbor_serialized_size, and | cbor_serialize_tag when a tag has no item set (reported by | Benjamin608608) | Document large-allocation risk in cbor_load and clarify test-only CMake | flags | Fix NULL dereference in cbor_copy/cbor_copy_definite on allocation | failure (reported by Benjamin608608) | Explicitly guard against size * 2 overflow in | cbor_builder_map_start_callback (reported by Benjamin608608) | Only generate CMake coverage build targets when explicitly enabled | Fix CMake feature macro names and ensure _CBOR_NODISCARD is defined with | [[nodiscard]] | Fix integer overflow in cbor_copy_definite() when accumulating | indefinite bytestring/string chunk lengths | Add bounds check in cbor_array_get() to return NULL on out-of-bounds | access | BREAKING: cbor_tag_set_item now releases the reference to the previous | tagged item | Previously, replacing the tagged item would leak the old item's | reference. If you were manually releasing the old item before calling | cbor_tag_set_item, you should remove the extra cbor_decref. | Potentially BREAKING: cbor_tag_item now returns NULL if the tag has no | item set | Previously, this would be undefined behavior (NULL pointer | dereference), so no valid clients should be affected. | Potentially BUILD BREAKING: CPack Debian package architecture is now | detected via dpkg instead of being hardcoded to amd64 | BUILD BREAKING: Remove deprecated CBOR_CUSTOM_ALLOC CMake option | The option has been a no-op since 0.10.0. If your build passes | -DCBOR_CUSTOM_ALLOC=ON, remove it. | Modernize CMake build: use project(VERSION ...), replace | add_definitions() with target-scoped target_compile_definitions(), | remove redundant include_directories() | Replace global CMAKE_C_FLAGS mutations with target-scoped | target_compile_options() via an INTERFACE library, and simplify LTO | configuration | Fix Windows CI: propagate _CRT_SECURE_NO_WARNINGS to examples/tests, | restrict LTO to Release builds, parallelize Windows CI build | Add cbor_map_get for key-based map lookup with a caller-supplied | equality function | Signature: cbor_map_get(map, key, eq) — pass any equality predicate, | e.g. cbor_structurally_equal | Parameterised equality allows type-specific comparators or custom | data-model semantics without library changes | See also: #96 | Add cbor_structurally_equal for encoding-level item comparison | Compares two items structurally: encoding width, | definite-vs-indefinite length, chunk boundaries, and map entry order | all count | Runs in O(n) time in the encoded byte size with no additional | allocations | See also: #96 | BREAKING: Fix NaN encoding in cbor_encode_half to preserve sign and | payload bits | Previously, all NaN values were encoded as 0x7E00 (positive quiet NaN, | zero payload). Now the sign bit and the top 10 mantissa bits are | preserved in the half-precision encoding. | _cbor_decode_half now reconstructs the NaN bit pattern faithfully, | enabling encode/decode round-trips. Previously it always returned the | C NAN constant. | Very small normal floats that previously rounded to +0 now round to ±0 | depending on their sign. | Clients that relied on all NaNs normalising to 0x7E00 will see | different output. See #215. (cf. <https://github.com/PJK/libcbor/blob/master/CHANGELOG.md> or <https://github.com/PJK/libcbor/compare/v0.13.0...v0.14.0#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4ed>) Cheers, Flo
signature.asc
Description: PGP signature
