0.7.4

Other changes

• Update smallvec dependency to at least 1.6.1 due to a security advisory RUSTSEC-2021-0003. (#77)

0.7.3

This release fixes a number of decoding issues that can lead to panics on invalid input data. They have been assigned CVE-2023-39914.

Bug fixes

• Fixes various decoding that lead to a panic on invalid data.
  Specifically:
  • error out rather than panic when a nested value has a greater length than allowed by the outer value,
  • check that there is enough data available before skipping over a primitive value’s content,
  • check that enough data is available before trying to parse a tag value,
  • check for correct encoding of bit strings: don’t allow the number of unused bits to be greater than 7 and that they are zero for an empty bit string,
  • check for correct encoding of object identifiers: they cannot be empty and the last byte must have bit 7 cleared.

0.7.2

New

• Added an implementation of FromStr for Oid. (#71 by @Outurnate)

0.7.1

New

• Added a number of missing well-defined tags as Tag constants, specifically: CHARACTER STRING, TIME, DATA, TIME_OF_DAY, DATE_TIME, DURATION, OID-IRI, and RELATIVE-OID-IRI. (#67 by @lvkv)

Bug fixes

• Fix Tag::BMP_STRING to UNIVERSAL 30. (#67 by @lvkv)

0.7.0

Breaking Changes

• Redesign error handling in decode module (#65):
  • three error types, Source::Error, ContentError, and DecodeError, for data fetching errors, syntax errors, and a combination of these,
    respectively;
  • new trait IntoSource to convert a type into its Source implementation;
  • Source::advance now panics if advancing past the end of seen data.

0.6.1

New

• int::Unsigned can now be created from an arbitrary length big-endian representation of an unsigned integer. (#59)
• Add OctetString::take_opt_from. (#61)

0.6.0

Breaking Changes

• Minimum supported Rust version is now 1.42. (#56)
• Upgrade bytes to 1.0. (#57)

0.5.1

Bug Fixes

• Fix oid::Iter to actually iterate over the components. (#50)

0.5.0

Breaking

• Move extending a Captured to an explicit CapturedBuilder. This becomes necessary with bytes 0.5. Both these types now reside in the module captured with Captured re-exported at crate level. (#46, #47)

Dependencies

• Upgrade bytes to 0.5. (#43, thanks to @Fabian-Gruenbichler)
• Upgrade smallvec to 1.1. (#48)

0.4.2

Bug Fixes

• Fix handling of incomplete multi-byte tags. (#44, based on #41 by @dovreshef)