Navigation:
Browse pkgsrc
(this page)
New packages:Log Message:
Update to 0.7.0.6
Changes from https://github.com/bos/aeson
0.7.0.6
- Actually fix the DoS vulnerability by using the scientific parser
(Parse a number using the new scientific parser)
The old rational parser applied realToFrac (fromRational . toRational)
to the Scientific number to construct a new Scientific number. This
had
the disadvantage that scientific numbers with big exponents like
1e1000000000 are converted from (Scientific 1 1000000000) to
(Scientific (1*10^1000000000) 0). If the Integer coefficient of the
latter is later evaluated it will allocate all memory.
This is the first step needed to fix #198.
0.7.0.5
- Bump attoparsec dep
- Constrain the bounds on attoparsec and scientific
- Update import location of scientificBuilder for v0.3.0.0
- Add warning about space-usage on the Fixed instance
- Use Scientific.toRealFloat instead of realToFrac in scientificToNumber
- Renamed fromRealFloat back to fromFloatDigits
- Use Scientific.fromRealFloat and Scientific.toRealFloat
- Use floor on Scientifics again
scientific-0.3 provides a DoS safe floor.
- Use scientific >= 0.3.1
scientific-0.3.1 exports the Text and ByteString Scientific Builders
from the following modules respectively:
- Data.Text.Lazy.Builder.Scientific
- Data.ByteString.Builder.Scientific
0.7.0.3
- Improve parseJSON failure message for Either
This fixes #193.
- Export `withScientific` function in `Data.Aeson`
Fixes #191.
- Reduce duplication, simplify CPP macros
| Revision | Action | file |
| 1.14 | modify | wip/hs-aeson/Makefile |
| 1.12 | modify | wip/hs-aeson/buildlink3.mk |
| 1.6 | modify | wip/hs-aeson/distinfo |