Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: comex/rust-shlex
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.1.0
Choose a base ref
...
head repository: comex/rust-shlex
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.3.0
Choose a head ref
  • 11 commits
  • 25 files changed
  • 5 contributors

Commits on Aug 27, 2021

  1. Add badges to readme

    @fenhl
    fenhl authored Aug 27, 2021
    Configuration menu
    Copy the full SHA
    ca8e63a View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2022

  1. Adding fuzzers for unsafe code.

    @adetaylor
    adetaylor committed Feb 2, 2022
    Configuration menu
    Copy the full SHA
    6480b2c View commit details
    Browse the repository at this point in the history

Commits on Jun 24, 2022

  1. Merge pull request #11 from adetaylor/fuzz 

    Adding fuzzers for unsafe code.
    @fenhl
    fenhl authored Jun 24, 2022
    Configuration menu
    Copy the full SHA
    6064b48 View commit details
    Browse the repository at this point in the history

Commits on Dec 18, 2022

  1. Fix CI badge

    @atouchet
    atouchet authored Dec 18, 2022
    Configuration menu
    Copy the full SHA
    18d1dae View commit details
    Browse the repository at this point in the history

  2. Merge pull request #14 from atouchet/badge 

    Fix CI badge
    @fenhl
    fenhl authored Dec 18, 2022
    Configuration menu
    Copy the full SHA
    aa2d6e3 View commit details
    Browse the repository at this point in the history

Commits on Sep 4, 2023

  1. Add support for operating on byte strings 

    This adds a `bytes` submodule for operating on byte strings that might
contain invalid UTF-8. Where possible I have switched the functions that
operate on `str` to use the `bytes` functions internally to avoid
duplicating code and eliminate the potential for differing behavior
between the two functions.

It includes trivial tests that confirm that the `bytes` version of
functions actually work on invalid UTF-8.

Fixes #12
    @danielparks
    danielparks committed Sep 4, 2023
    Configuration menu
    Copy the full SHA
    879d212 View commit details
    Browse the repository at this point in the history

  2. Implement Shlex with bytes::Shlex.

    @danielparks
    danielparks committed Sep 4, 2023
    Configuration menu
    Copy the full SHA
    0c786d4 View commit details
    Browse the repository at this point in the history

Commits on Sep 5, 2023

  1. Merge pull request #15 from danielparks/bytes 

    Add support for operating on byte strings
    @fenhl
    fenhl authored Sep 5, 2023
    Configuration menu
    Copy the full SHA
    f44b62e View commit details
    Browse the repository at this point in the history

  2. Version bump

    @fenhl
    fenhl committed Sep 5, 2023
    Configuration menu
    Copy the full SHA
    fde8a71 View commit details
    Browse the repository at this point in the history

Commits on Jan 22, 2024

  1. Minimal fix for the high-severity issue without bumping MSRV 

    Ref: GHSA-r7qv-8r2h-pg27
    @comex
    comex committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    4c53044 View commit details
    Browse the repository at this point in the history

  2. Address security issues involving quote API 

    Ref: GHSA-r7qv-8r2h-pg27

- Deprecate quote APIs in favor of `try_` equivalents that complain
  about nul bytes.

- Also add a builder API, which allows re-enabling nul bytes without
  using the deprecated interface, and in the future can allow other
  things (as discussed in quoting_warning).

- Add documentation about various security risks that remain,
  particularly with interactive shells.

- Add fuzzers that actually verify round-trippability of the quote APIs
  against various shells, Python `shlex`, and C `wordexp`.

  - These are separate crates (as opposed to just being different files
    under `fuzz/fuzz_targets`) because they have different dependencies
    and build steps, and I don't want to agglomerate them all together.
    I've put them in the same workspace at least.

  - Also, check in Cargo.lock for the fuzzers, since they are binaries.

- Add explicit MSRV of 1.46.0.

  This crate didn't previously have an explicit MSRV, but `cargo msrv`
  tells me that shlex 1.2.0 works down to Rust 1.36.0.

  Since this is a security fix, ideally the MSRV wouldn't be bumped at
  all, but that's not really feasible since the new API uses
  `#[non_exhaustive]`, which was unstable in Rust 1.36.0.  In case anyone
  is stuck on old Rust versions, I separately released a shlex 1.2.1 that
  only has the fix for `{`/`}`/`\xa0`, without the API changes.

  However, even for the full release I'd still like to keep the MSRV
  reasonably old.  I picked 1.46.0 because it's the first version that
  wouldn't require completely redoing the `const fn` bitmask.

- Add more authors to Cargo.toml based on Git commits.
    @comex
    comex committed Jan 22, 2024
    Configuration menu
    Copy the full SHA
    4a0724b View commit details
    Browse the repository at this point in the history
Loading