Hello community,
here is the log from the commit of package rubygem-json for openSUSE:Factory
checked in at 2017-04-17 10:26:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-json (Old)
and /work/SRC/openSUSE:Factory/.rubygem-json.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-json"
Mon Apr 17 10:26:45 2017 rev:23 rq:487584 version:2.0.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-json/rubygem-json.changes
2017-01-25 23:27:53.481564066 +0100
+++ /work/SRC/openSUSE:Factory/.rubygem-json.new/rubygem-json.changes
2017-04-17 10:26:46.914215135 +0200
@@ -1,0 +2,12 @@
+Wed Apr 12 04:37:17 UTC 2017 - co...@suse.com
+
+- updated to version 2.0.4
+ see installed CHANGES.md
+
+ ## 2017-03-23 (2.0.4)
+ * Raise exception for incomplete unicode surrogates/character escape
+ sequences. This problem was reported by Daniel Gollahon (dgollahon).
+ * Fix arbitrary heap exposure problem. This problem was reported by Ahmad
+ Sherif (ahmadsherif).
+
+-------------------------------------------------------------------
Old:
----
json-2.0.3.gem
New:
----
json-2.0.4.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-json.spec ++++++
--- /var/tmp/diff_new_pack.oLlAhu/_old 2017-04-17 10:26:47.874079201 +0200
+++ /var/tmp/diff_new_pack.oLlAhu/_new 2017-04-17 10:26:47.878078635 +0200
@@ -24,7 +24,7 @@
#
Name: rubygem-json
-Version: 2.0.3
+Version: 2.0.4
Release: 0
%define mod_name json
%define mod_full_name %{mod_name}-%{version}
++++++ json-2.0.3.gem -> json-2.0.4.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGES.md new/CHANGES.md
--- old/CHANGES.md 2017-01-12 15:19:10.000000000 +0100
+++ new/CHANGES.md 2017-04-11 12:35:46.000000000 +0200
@@ -1,5 +1,10 @@
# Changes
+## 2017-03-23 (2.0.4)
+ * Raise exception for incomplete unicode surrogates/character escape
+ sequences. This problem was reported by Daniel Gollahon (dgollahon).
+ * Fix arbitrary heap exposure problem. This problem was reported by Ahmad
+ Sherif (ahmadsherif).
## 2017-01-12 (2.0.3)
* Set `required_ruby_version` to 1.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/VERSION new/VERSION
--- old/VERSION 2017-01-12 15:19:10.000000000 +0100
+++ new/VERSION 2017-04-11 12:35:46.000000000 +0200
@@ -1 +1 @@
-2.0.3
+2.0.4
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/json/ext/fbuffer/fbuffer.h
new/ext/json/ext/fbuffer/fbuffer.h
--- old/ext/json/ext/fbuffer/fbuffer.h 2017-01-12 15:19:10.000000000 +0100
+++ new/ext/json/ext/fbuffer/fbuffer.h 2017-04-11 12:35:46.000000000 +0200
@@ -12,9 +12,6 @@
#define RFLOAT_VALUE(val) (RFLOAT(val)->value)
#endif
-#ifndef RARRAY_PTR
-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
-#endif
#ifndef RARRAY_LEN
#define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/json/ext/generator/generator.c
new/ext/json/ext/generator/generator.c
--- old/ext/json/ext/generator/generator.c 2017-01-12 15:19:10.000000000
+0100
+++ new/ext/json/ext/generator/generator.c 2017-04-11 12:35:46.000000000
+0200
@@ -308,7 +308,7 @@
char *result;
if (len <= 0) return NULL;
result = ALLOC_N(char, len);
- memccpy(result, ptr, 0, len);
+ memcpy(result, ptr, len);
return result;
}
@@ -1062,7 +1062,7 @@
}
} else {
if (state->indent) ruby_xfree(state->indent);
- state->indent = strdup(RSTRING_PTR(indent));
+ state->indent = fstrndup(RSTRING_PTR(indent), len);
state->indent_len = len;
}
return Qnil;
@@ -1100,7 +1100,7 @@
}
} else {
if (state->space) ruby_xfree(state->space);
- state->space = strdup(RSTRING_PTR(space));
+ state->space = fstrndup(RSTRING_PTR(space), len);
state->space_len = len;
}
return Qnil;
@@ -1136,7 +1136,7 @@
}
} else {
if (state->space_before) ruby_xfree(state->space_before);
- state->space_before = strdup(RSTRING_PTR(space_before));
+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
state->space_before_len = len;
}
return Qnil;
@@ -1173,7 +1173,7 @@
}
} else {
if (state->object_nl) ruby_xfree(state->object_nl);
- state->object_nl = strdup(RSTRING_PTR(object_nl));
+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
state->object_nl_len = len;
}
return Qnil;
@@ -1208,7 +1208,7 @@
}
} else {
if (state->array_nl) ruby_xfree(state->array_nl);
- state->array_nl = strdup(RSTRING_PTR(array_nl));
+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
state->array_nl_len = len;
}
return Qnil;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/json/ext/generator/generator.h
new/ext/json/ext/generator/generator.h
--- old/ext/json/ext/generator/generator.h 2017-01-12 15:19:10.000000000
+0100
+++ new/ext/json/ext/generator/generator.h 2017-04-11 12:35:46.000000000
+0200
@@ -1,7 +1,6 @@
#ifndef _GENERATOR_H_
#define _GENERATOR_H_
-#include <string.h>
#include <math.h>
#include <ctype.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/json/ext/parser/parser.c
new/ext/json/ext/parser/parser.c
--- old/ext/json/ext/parser/parser.c 2017-01-12 15:19:10.000000000 +0100
+++ new/ext/json/ext/parser/parser.c 2017-04-11 12:35:46.000000000 +0200
@@ -1435,13 +1435,21 @@
break;
case 'u':
if (pe > stringEnd - 4) {
- return Qnil;
+ rb_enc_raise(
+ EXC_ENCODING eParserError,
+ "%u: incomplete unicode character escape sequence at
'%s'", __LINE__, p
+ );
} else {
UTF32 ch = unescape_unicode((unsigned char *) ++pe);
pe += 3;
if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
pe++;
- if (pe > stringEnd - 6) return Qnil;
+ if (pe > stringEnd - 6) {
+ rb_enc_raise(
+ EXC_ENCODING eParserError,
+ "%u: incomplete surrogate pair at '%s'",
__LINE__, p
+ );
+ }
if (pe[0] == '\\' && pe[1] == 'u') {
UTF32 sur = unescape_unicode((unsigned char *)
pe + 2);
ch = (((ch & 0x3F) << 10) | ((((ch >> 6) &
0xF) + 1) << 16)
@@ -1471,7 +1479,7 @@
}
-#line 1475 "parser.c"
+#line 1483 "parser.c"
enum {JSON_string_start = 1};
enum {JSON_string_first_final = 8};
enum {JSON_string_error = 0};
@@ -1479,7 +1487,7 @@
enum {JSON_string_en_main = 1};
-#line 504 "parser.rl"
+#line 512 "parser.rl"
static int
@@ -1501,15 +1509,15 @@
*result = rb_str_buf_new(0);
-#line 1505 "parser.c"
+#line 1513 "parser.c"
{
cs = JSON_string_start;
}
-#line 525 "parser.rl"
+#line 533 "parser.rl"
json->memo = p;
-#line 1513 "parser.c"
+#line 1521 "parser.c"
{
if ( p == pe )
goto _test_eof;
@@ -1534,7 +1542,7 @@
goto st0;
goto st2;
tr2:
-#line 490 "parser.rl"
+#line 498 "parser.rl"
{
*result = json_string_unescape(*result, json->memo + 1, p);
if (NIL_P(*result)) {
@@ -1545,14 +1553,14 @@
{p = (( p + 1))-1;}
}
}
-#line 501 "parser.rl"
+#line 509 "parser.rl"
{ p--; {p++; cs = 8; goto _out;} }
goto st8;
st8:
if ( ++p == pe )
goto _test_eof8;
case 8:
-#line 1556 "parser.c"
+#line 1564 "parser.c"
goto st0;
st3:
if ( ++p == pe )
@@ -1628,7 +1636,7 @@
_out: {}
}
-#line 527 "parser.rl"
+#line 535 "parser.rl"
if (json->create_additions && RTEST(match_string = json->match_string)) {
VALUE klass;
@@ -1808,7 +1816,7 @@
}
-#line 1812 "parser.c"
+#line 1820 "parser.c"
enum {JSON_start = 1};
enum {JSON_first_final = 10};
enum {JSON_error = 0};
@@ -1816,7 +1824,7 @@
enum {JSON_en_main = 1};
-#line 720 "parser.rl"
+#line 728 "parser.rl"
/*
@@ -1833,16 +1841,16 @@
GET_PARSER;
-#line 1837 "parser.c"
+#line 1845 "parser.c"
{
cs = JSON_start;
}
-#line 736 "parser.rl"
+#line 744 "parser.rl"
p = json->source;
pe = p + json->len;
-#line 1846 "parser.c"
+#line 1854 "parser.c"
{
if ( p == pe )
goto _test_eof;
@@ -1876,7 +1884,7 @@
cs = 0;
goto _out;
tr2:
-#line 712 "parser.rl"
+#line 720 "parser.rl"
{
char *np = JSON_parse_value(json, p, pe, &result, 0);
if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = ((
np))-1;}
@@ -1886,7 +1894,7 @@
if ( ++p == pe )
goto _test_eof10;
case 10:
-#line 1890 "parser.c"
+#line 1898 "parser.c"
switch( (*p) ) {
case 13: goto st10;
case 32: goto st10;
@@ -1975,7 +1983,7 @@
_out: {}
}
-#line 739 "parser.rl"
+#line 747 "parser.rl"
if (cs >= JSON_first_final && p == pe) {
return result;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ext/json/ext/parser/parser.rl
new/ext/json/ext/parser/parser.rl
--- old/ext/json/ext/parser/parser.rl 2017-01-12 15:19:10.000000000 +0100
+++ new/ext/json/ext/parser/parser.rl 2017-04-11 12:35:46.000000000 +0200
@@ -446,13 +446,21 @@
break;
case 'u':
if (pe > stringEnd - 4) {
- return Qnil;
+ rb_enc_raise(
+ EXC_ENCODING eParserError,
+ "%u: incomplete unicode character escape sequence at
'%s'", __LINE__, p
+ );
} else {
UTF32 ch = unescape_unicode((unsigned char *) ++pe);
pe += 3;
if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
pe++;
- if (pe > stringEnd - 6) return Qnil;
+ if (pe > stringEnd - 6) {
+ rb_enc_raise(
+ EXC_ENCODING eParserError,
+ "%u: incomplete surrogate pair at '%s'",
__LINE__, p
+ );
+ }
if (pe[0] == '\\' && pe[1] == 'u') {
UTF32 sur = unescape_unicode((unsigned char *)
pe + 2);
ch = (((ch & 0x3F) << 10) | ((((ch >> 6) &
0xF) + 1) << 16)
Binary files old/json.gemspec and new/json.gemspec differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/json_pure.gemspec new/json_pure.gemspec
--- old/json_pure.gemspec 2017-01-12 15:19:10.000000000 +0100
+++ new/json_pure.gemspec 2017-04-11 12:35:46.000000000 +0200
@@ -1,14 +1,14 @@
# -*- encoding: utf-8 -*-
-# stub: json_pure 2.0.3 ruby lib
+# stub: json_pure 2.0.4 ruby lib
Gem::Specification.new do |s|
s.name = "json_pure".freeze
- s.version = "2.0.3"
+ s.version = "2.0.4"
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if
s.respond_to? :required_rubygems_version=
s.require_paths = ["lib".freeze]
s.authors = ["Florian Frank".freeze]
- s.date = "2017-01-12"
+ s.date = "2017-04-10"
s.description = "This is a JSON implementation in pure Ruby.".freeze
s.email = "fl...@ping.de".freeze
s.extra_rdoc_files = ["README.md".freeze]
@@ -17,7 +17,7 @@
s.licenses = ["Ruby".freeze]
s.rdoc_options = ["--title".freeze, "JSON implemention for ruby".freeze,
"--main".freeze, "README.md".freeze]
s.required_ruby_version = Gem::Requirement.new(">= 1.9".freeze)
- s.rubygems_version = "2.6.8".freeze
+ s.rubygems_version = "2.6.11".freeze
s.summary = "JSON Implementation for Ruby".freeze
s.test_files = ["./tests/test_helper.rb".freeze]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/json/version.rb new/lib/json/version.rb
--- old/lib/json/version.rb 2017-01-12 15:19:10.000000000 +0100
+++ new/lib/json/version.rb 2017-04-11 12:35:46.000000000 +0200
@@ -1,7 +1,7 @@
# frozen_string_literal: false
module JSON
# JSON version
- VERSION = '2.0.3'
+ VERSION = '2.0.4'
VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2017-01-12 15:19:10.000000000 +0100
+++ new/metadata 2017-04-11 12:35:46.000000000 +0200
@@ -1,14 +1,14 @@
--- !ruby/object:Gem::Specification
name: json
version: !ruby/object:Gem::Version
- version: 2.0.3
+ version: 2.0.4
platform: ruby
authors:
- Florian Frank
autorequire:
bindir: bin
cert_chain: []
-date: 2017-01-12 00:00:00.000000000 Z
+date: 2017-04-11 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: rake
@@ -180,7 +180,7 @@
version: '0'
requirements: []
rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 2.6.11
signing_key:
specification_version: 4
summary: JSON Implementation for Ruby
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/tests/json_encoding_test.rb
new/tests/json_encoding_test.rb
--- old/tests/json_encoding_test.rb 2017-01-12 15:19:10.000000000 +0100
+++ new/tests/json_encoding_test.rb 2017-04-11 12:35:46.000000000 +0200
@@ -79,6 +79,8 @@
json = '["\ud840\udc01"]'
assert_equal json, generate(utf8, :ascii_only => true)
assert_equal utf8, parse(json)
+ assert_raises(JSON::ParserError) { parse('"\u"') }
+ assert_raises(JSON::ParserError) { parse('"\ud800"') }
end
def test_chars
