github GitoxideLabs/gitoxide gix-pack-v0.69.0
gix-pack v0.69.0
on GitHub

latest releases: v0.52.1, gitoxide-core-v0.56.0, gix-fsck-v0.20.0...
22 hours ago

Chore

  • Add fuzz-testing
    That's the only way to be reasonably sure it will not panic when parsing
    malformed files.
  • add package.include directives to control which files are packaged.

Bug Fixes

  • secure reading of corruped or malformed pack files, pack index or multi-indices

New Features (BREAKING)

  • enforce the specification of alloc_init_bytes to handle untrusted input
    This breaking change is intended to force a decision about how
    much memory allocation an untrusted party can command by tempering
    with binary file formats.
  • parameterize data
    Previously we'd hardcode a memory map, but now this is parameterised
    with a trait to allow accessing data in a more abstract form.
    This is primarily meant to speedup fuzz testing,
    but may also be useful later for portability.

Bug Fixes (BREAKING)

  • remove insecure leb64 and secure leb64_from_read from overflows

Commit Statistics

  • 20 commits contributed to the release over the course of 32 calendar days.
  • 32 days passed between releases.
  • 6 commits were understood as conventional.
  • 0 issues like '(#ID)' were seen in commit messages

Thanks Clippy

Clippy helped 1 time to make code idiomatic.

Commit Details

view details
  • Uncategorized
    • Update changelogs prior to release (f9fbcba)
    • Merge pull request #2530 from GitoxideLabs/advisories (63b8419)
    • Address auto-review (7429b15)
    • Add corpus-builder scripts when corpus files are available; auto-run artifacts in test suite (e64e3b8)
    • Add fuzz tests for 10 more crates, and related fixes (0396152)
    • Enforce the specification of alloc_init_bytes to handle untrusted input (91d0c26)
    • Secure reading of corruped or malformed pack files, pack index or multi-indices (1dc8ede)
    • Remove insecure leb64 and secure leb64_from_read from overflows (c0ab0f4)
    • Add fuzz-testing (cf5279d)
    • Parameterize data (3ef3916)
    • Add reproductions for all known advisories (392336f)
    • Merge pull request #2497 from cruessler/pass-hash-len-to-tree-ref-iter (7d50c30)
    • Review (d9b358b)
    • Adapt to changes in gix-object (6df1d55)
    • Merge pull request #2513 from GitoxideLabs/v2-diff (2a5db88)
    • Thanks clippy (e4f380e)
    • Merge pull request #2518 from GitoxideLabs/improvements (444a92b)
    • Add package.include directives to control which files are packaged. (3e05ca3)
    • Make package.include patterns more specific so they don't match ignored files (c2c917f)
    • Merge pull request #2480 from GitoxideLabs/report (98bae84)
Check out latest releases or
releases around GitoxideLabs/gitoxide gix-pack-v0.69.0

Don't miss a new gitoxide release

NewReleases is sending notifications on new releases.

Get notifications