Releases: SecurityRonin/lzo
Releases · SecurityRonin/lzo
Release list
lzo 0.1.1
Documentation, validation, and metadata only — no API or behaviour change from 0.1.0.
- Differential validation vs
rust-lzo(an independent, Linux-derived decoder, used only as a local oracle): identical output on the full real corpus and across 3,000,000 mutation-fuzz inputs with zero divergence and no panics. docs/validation.md— full methodology (reference round-trips, a 32.4 MB real-world corpus, the differential check, fuzzing, coverage) with scope limits stated plainly; real-content regression vectors added.- Positioning reframed around the real differentiator: safety against malicious/crafted/corrupted input —
#![forbid(unsafe_code)], fuzz-hardened, typed errors.
lzo 0.1.0
First release of lzo — a GPL-free, safe, no_std, pure-Rust LZO1X decompressor.
Decode raw lzo1x blocks (from lzop, the Linux kernel/initramfs, btrfs, or any tool built on liblzo2) with zero C, zero dependencies, and #![forbid(unsafe_code)].
Highlights
- Pure Rust, zero deps,
#![forbid(unsafe_code)]— links cleanly into MIT/Apache projects (unlike the GPL-2.0 Rust LZO ports). no_std— the coredecompress_intoneeds no allocator; an optionalallocfeature adds the allocatingdecompressconvenience.- Decodes every
lzo1xvariant —lzo1x_1,lzo1x_1_15,lzo1x_999share one decompressor. - Validated against round-trip vectors produced by the reference C
liblzo2lzo1x_1_compress(literals, the zero-byte length extension, M1–M4 matches, overlapping copies, end-of-stream marker). - Hardened — bounds-checked, never panics on arbitrary/crafted/corrupted input, returns a typed
Error; fuzz-build-checked in CI; 100% line + 100% e2e coverage.
Scope
Decompression only (v1). Raw LZO1X has no container, so the caller supplies the output capacity — mirroring C lzo1x_decompress_safe. The kernel's bitstream-version (RLE) extension is out of scope.
Install
[dependencies]
lzo = { git = "https://github.com/SecurityRonin/lzo", tag = "v0.1.0" }