Releases: maxmind/libmaxminddb
Releases · maxmind/libmaxminddb
1.4.0 - DO NOT USE
DO NOT USE. UNINTENDED ABI BREAK.
- A negative array index may now be used with
MMDB_get_value,
MMDB_vget_value, andMMDB_aget_value. This specifies the element
from the end of the array. For instance,-1would refer to the
last element of the array. PR by Kyle Box. GitHub #205. - On Windows, the file name passed to
MMDB_openis now expected to be
UTF-8 encoded. This allows Unicode characters to be used in file names.
As part of this change,mmdblookupon Windows now converts its
arguments to UTF-8. PR by Gerald Combs. GitHub #189 & #191. - Fix a memory leak that occurred when freeing an
MMDB_swhere the
database had no languages defined in the metadata. If you are using an
official MaxMind database, this leak does not affect you. Pull request
by Kókai Péter. GitHub #180. - Add
--disable-binariesoption toconfigure. Pull request by Fabrice
Fontaine. GitHub #166. - Previous releases incorrectly included
*.Pofiles in thetdirectory.
This has been corrected. Reported by Daniel Macks. GitHub #168. - The internal use of the
MMDB_snow has theconstmodifier. Public
functions that accepted anMMDB_sas an argument now also declare it as
const. Pull request by Kurt Johnson. GitHub #199. mmdblookupnow displays the prefix length for the record when using
the verbose flag. GitHub #172.
1.3.2
- Allocate memory for
MMDB_entry_data_list_sstructs in separate chunks
rather than one large chunk. This simplifies accessing memory in
MMDB_get_entry_data_list()and increases performance. It builds on the
changes in 1.3.0 and 1.3.1. - We no longer export
data_pool_*symbols. These are internal functions
but we were previously exporting them. Pull request by Faidon Liambotis.
GitHub #162. - Build with POSIX.1-2008 by default if the system supports it. This allows
use ofopen()withO_CLOEXEC. We retain support for systems that
provide only POSIX.1-2001. - Open the database with the
O_CLOEXECflag if the system provides it.
This avoids cases where we could leak fds when called in multi-threaded
programs thatfork()andexec(). Original report and PR by Brandon L
Black. - Added a test to ensure we export only intended symbols (e.g. MMDB_*).
1.3.1
- Fix build problems related to
rpl_malloc(). Pull request by Rainer
Gerhards. GitHub #152. - Fix a race to set and read data in a field on the
MMDB_sstruct
(ipv4_start_node). GitHub #153. - Fix cases of invalid memory access when using
MMDB_get_entry_data_list(). This was introduced in 1.3.0 and occurred
when performing large lookups. GitHub #153.
1.3.0
- Perform fewer memory allocations in
MMDB_get_entry_data_list(). This
significantly improves its performance. GitHub #147. - Fix
mmdblookup's build epoch reporting on some systems. Big endian
systems with a 32-bittime_tno longer show a database build date of
1970-01-01 00:00:00. Pull request by Rainer Jung. GitHub #143.
1.2.1
- Use autoconf to check the system's endianness rather than trying to do this
with compiler-defined macros like__BYTE_ORDER__. Apparently this didn't
work properly on a Sparc system. GitHub #120. - Several compiler warnings on Visual C++ were fixed. Pull request by Marcel
Raad. GitHub #130. - Fix segmentation faults found in
MMDB_open()using afl-fuzz. This
occurred on corrupt databases that had a data pointer large enough to
cause an integer overflow when doing bound checking. Reported by Ryan
Whitworth. GitHub #140. - Add --disable-tests option to
configure. Pull request by Fabrice
Fontaine. GitHub #136.
1.2.0 - Extended API for Iteration of Database
- Four additional fields were added to the end of the
MMDB_search_node_s
struct returned byMMDB_read_node. These fields allow the user to iterate
through the search tree without making undocumented assumptions about how
this library works internally and without knowing the specific details of
the database format. GitHub #110.
Minor Bug Fixes
1.1.5 - 2016-03-20
- Previously, reading a database with a pointer in the metadata would cause an
MMDB_INVALID_METADATA_ERRORto be returned. This was due to an invalid
offset being used when calculating the pointer. Thedata_sectionand
metadata_sectionfields now both point to the beginning of the data
section. Previously,data_sectionpointed to the beginning of the data
separator. This will not affect anyone using only documented fields from
MMDB_s. MMDB_lookup_sockaddrwill setmmdb_errorto
MMDB_IPV6_LOOKUP_IN_IPV4_DATABASE_ERRORif an IPv6sockaddris looked up
in an IPv4-only database. Previously onlyMMDB_lookup_stringwould set
this error code.- When resolving an address, this library now relies on
getaddrinfoto
determine the address family rather than trying to guess it itself.
Packaging fixes
1.1.4 - 2016-01-06
- Packaging fixes. The 1.1.3 tarball release contained a lot of extra junk in the t/ directory.
More overflow and malloc checks
This tarball has since been removed because it was not cleanly packaged. Use 1.1.4 or newer instead.
- Added several additional checks to make sure that we don't attempt to read
past the end of the databases's data section. Implemented by Tobias
Stoeckmann. GitHub #103. - When searching for the database metadata, there was a bug that caused the
code to think it had found valid metadata when none existed. In addition,
this could lead to an attempt to read past the end of the database
entirely. Finally, if there are multiple metadata markers in the database,
we treat the final one as the start of the metdata, instead of the first.
Implemented by Tobias Stoeckmann. GitHub #102. - Don't attempt to mmap a file that is too large to be mmapped on the
system. Implemented by Tobias Stoeckmann. GitHub #101. - Added a missing out of memory check when reading a file's
metadata. Implemented by Tobias Stoeckmann. GitHub #101. - Added several additional checks to make sure that we never attempt to
mallocmore thanSIZE_MAXmemory, which would lead to integer
overflow. This could only happen with pathological databases. Implemented by
Tobias Stoeckmann. GitHub #101.
Improved handling of corrupt databses and pkg-config support
- IMPORTANT: This release includes a number of important security fixes. Among these fixes is improved validation of the database metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases created earlier than January 28, 2014 had an invalid data type for the record_size in the metadata. Previously these databases worked on little endian machines with libmaxminddb but did not work on big endian machines. Due to increased safety checks when reading the file, these databases will no longer work on any platform. If you are using one of these databases, we recommend that you upgrade to the latest GeoLite2 or GeoIP2 database
- Added pkg-config support. If your system supports it, then running
make installnow installs alibmaxminddb.pcfile for pkgconfig. Implemented by
Jan Vcelak. - Several segmentation faults found with afl-fuzz were fixed. These were
caused by missing bounds checking and missing verification of data type. MMDB_get_entry_data_listwill now fail on data structures with a depth
greater than 512 and data structures that are cyclic. This should not
affect any known MaxMind DB in production. All databases produced by
MaxMind have a depth of less than five.