Hello community, here is the log from the commit of package perl-JSON-XS for openSUSE:Factory checked in at 2016-04-28 16:52:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/perl-JSON-XS (Old) and /work/SRC/openSUSE:Factory/.perl-JSON-XS.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-JSON-XS" Changes: -------- --- /work/SRC/openSUSE:Factory/perl-JSON-XS/perl-JSON-XS.changes 2013-12-06 14:43:05.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.perl-JSON-XS.new/perl-JSON-XS.changes 2016-04-28 16:53:02.000000000 +0200 @@ -1,0 +2,9 @@ +Fri Mar 11 10:17:07 UTC 2016 - co...@suse.com + +- updated to 3.02 + see /usr/share/doc/packages/perl-JSON-XS/Changes + + TODO: how to cope with tagged values and standard json decoders + TODO: investigate magic (Eric Brine) + +------------------------------------------------------------------- Old: ---- JSON-XS-3.01.tar.gz New: ---- JSON-XS-3.02.tar.gz cpanspec.yml ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ perl-JSON-XS.spec ++++++ --- /var/tmp/diff_new_pack.ayiiEl/_old 2016-04-28 16:53:03.000000000 +0200 +++ /var/tmp/diff_new_pack.ayiiEl/_new 2016-04-28 16:53:03.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package perl-JSON-XS # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,20 +17,22 @@ Name: perl-JSON-XS -Version: 3.01 +Version: 3.02 Release: 0 +#Upstream: CHECK(GPL-1.0+ or Artistic-1.0) %define cpan_name JSON-XS Summary: JSON serialising/deserialising, done correctly and fast -License: GPL-1.0+ or Artistic-1.0 +License: Artistic-1.0 or GPL-1.0+ Group: Development/Libraries/Perl Url: http://search.cpan.org/dist/JSON-XS/ -Source: http://www.cpan.org/authors/id/M/ML/MLEHMANN/%{cpan_name}-%{version}.tar.gz +Source0: http://www.cpan.org/authors/id/M/ML/MLEHMANN/%{cpan_name}-%{version}.tar.gz +Source1: cpanspec.yml BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: perl BuildRequires: perl-macros +BuildRequires: perl(Canary::Stability) BuildRequires: perl(Types::Serialiser) BuildRequires: perl(common::sense) -#BuildRequires: perl(JSON::XS) Requires: perl(Types::Serialiser) Requires: perl(common::sense) %{perl_requires} @@ -59,7 +61,7 @@ %prep %setup -q -n %{cpan_name}-%{version} -find . -type f -print0 | xargs -0 chmod 644 +find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644 %build %{__perl} Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}" ++++++ JSON-XS-3.01.tar.gz -> JSON-XS-3.02.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/Changes new/JSON-XS-3.02/Changes --- old/JSON-XS-3.01/Changes 2013-10-29 16:55:22.000000000 +0100 +++ new/JSON-XS-3.02/Changes 2016-02-26 22:46:02.000000000 +0100 @@ -3,6 +3,20 @@ TODO: maybe detetc and croak on more invalid inputs (e.g. +-inf/nan) TODO: maybe avoid the reblessing and better support readonly objects. TODO: http://stevehanov.ca/blog/index.php?id=104 compression +TODO: how to cope with tagged values and standard json decoders +TODO: investigate magic (Eric Brine) + +3.02 Fri Feb 26 22:45:20 CET 2016 + - allow_nonref now affects booleans (\1, $Types::Serialiser::Boolean) + as well (reported by Alex Efros). + - allow literal tabs in strings in relaxed mode (patch by + lubo.rin...@gooddata.com). + - support "cbor" format in json_xs tool. + - support (and fix) calling encode and decode in list context + (reported by Вадим Власов). + - work around a bug in older perls crashing when presented + with shared hash keys (Reini Urban). + - use stability canary. 3.01 Tue Oct 29 16:55:15 CET 2013 - backport to perls < 5.18 (reported by Paul Howarth). @@ -11,7 +25,7 @@ - implemented an object tagging extension (using the Types::Serialiser serialisation protocol). - reworked the documentation regarding object serialisation, - add a new OBJECT SERIALISATION section that explains the + add a new OBJECT SERIALISATION section that explains th whole process. - new setting: allow_tags. - switch to Types::Serialiser booleans. @@ -142,7 +156,7 @@ - lifted the log2 rounding restriction of max_depth and max_size. - make booleans mutable by creating a copy instead of handing out the same scalar (reported by pasha sadri). - - added support for incremental json parsing (still EXPERIMENTAL). + - added support for incremental json parsing (still EXPERIMENTAL). - implemented and added a json_xs command line utility that can convert from/to a number of serialisation formats - tell me if you need more. - implement allow_unknown/get_allow_unknown methods. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/META.json new/JSON-XS-3.02/META.json --- old/JSON-XS-3.01/META.json 2013-10-29 16:55:40.000000000 +0100 +++ new/JSON-XS-3.02/META.json 2016-02-26 22:46:28.000000000 +0100 @@ -4,7 +4,7 @@ "unknown" ], "dynamic_config" : 1, - "generated_by" : "ExtUtils::MakeMaker version 6.8, CPAN::Meta::Converter version 2.120921", + "generated_by" : "ExtUtils::MakeMaker version 7.1, CPAN::Meta::Converter version 2.150001", "license" : [ "unknown" ], @@ -27,7 +27,8 @@ }, "configure" : { "requires" : { - "ExtUtils::MakeMaker" : "0" + "Canary::Stability" : "0", + "ExtUtils::MakeMaker" : "6.52" } }, "runtime" : { @@ -38,5 +39,5 @@ } }, "release_status" : "stable", - "version" : "3.01" + "version" : 3.02 } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/META.yml new/JSON-XS-3.02/META.yml --- old/JSON-XS-3.01/META.yml 2013-10-29 16:55:40.000000000 +0100 +++ new/JSON-XS-3.02/META.yml 2016-02-26 22:46:28.000000000 +0100 @@ -3,21 +3,22 @@ author: - unknown build_requires: - ExtUtils::MakeMaker: 0 + ExtUtils::MakeMaker: '0' configure_requires: - ExtUtils::MakeMaker: 0 + Canary::Stability: '0' + ExtUtils::MakeMaker: '6.52' dynamic_config: 1 -generated_by: 'ExtUtils::MakeMaker version 6.8, CPAN::Meta::Converter version 2.120921' +generated_by: 'ExtUtils::MakeMaker version 7.1, CPAN::Meta::Converter version 2.150001' license: unknown meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html - version: 1.4 + version: '1.4' name: JSON-XS no_index: directory: - t - inc requires: - Types::Serialiser: 0 - common::sense: 0 -version: 3.01 + Types::Serialiser: '0' + common::sense: '0' +version: 3.02 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/Makefile.PL new/JSON-XS-3.02/Makefile.PL --- old/JSON-XS-3.01/Makefile.PL 2013-10-28 22:28:41.000000000 +0100 +++ new/JSON-XS-3.02/Makefile.PL 2016-02-26 22:44:29.000000000 +0100 @@ -1,6 +1,8 @@ -use 5.008002; +use 5.008003; use ExtUtils::MakeMaker; +use Canary::Stability JSON::XS => 1, 5.008003; + WriteMakefile( dist => { PREOP => 'pod2text XS.pm | tee README >$(DISTVNAME)/README; chmod -R u=rwX,go=rX . ;', @@ -14,5 +16,6 @@ common::sense => 0, Types::Serialiser => 0, }, + CONFIGURE_REQUIRES => { ExtUtils::MakeMaker => 6.52, Canary::Stability => 0 }, ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/README new/JSON-XS-3.02/README --- old/JSON-XS-3.01/README 2013-10-29 16:55:40.000000000 +0100 +++ new/JSON-XS-3.02/README 2016-02-26 22:46:28.000000000 +0100 @@ -354,6 +354,16 @@ # neither this one... ] + * literal ASCII TAB characters in strings + + Literal ASCII TAB characters are now allowed in strings (and + treated as "\t"). + + [ + "Hello\tWorld", + "Hello<TAB>World", # literal <TAB> would not normally be allowed + ] + $json = $json->canonical ([$enable]) $enabled = $json->get_canonical If $enable is true (or missing), then the "encode" method will @@ -624,7 +634,7 @@ protocol and you need to know where the JSON text ends. JSON::XS->new->decode_prefix ("[1] the tail") - => ([], 3) + => ([1], 3) INCREMENTAL PARSING In some cases, there is the need for incremental parsing of JSON texts. @@ -1431,12 +1441,126 @@ deal with it, as major browser developers care only for features, not about getting security right). +"OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) + TL;DR: Due to security concerns, JSON::XS will not allow scalar data in + JSON texts by default - you need to create your own JSON::XS object and + enable "allow_nonref": + + my $json = JSON::XS->new->allow_nonref; + + $text = $json->encode ($data); + $data = $json->decode ($text); + + The long version: JSON being an important and supposedly stable format, + the IETF standardised it as RFC 4627 in 2006. Unfortunately, the + inventor of JSON, Dougles Crockford, unilaterally changed the definition + of JSON in javascript. Rather than create a fork, the IETF decided to + standardise the new syntax (apparently, so Iw as told, without finding + it very amusing). + + The biggest difference between thed original JSON and the new JSON is + that the new JSON supports scalars (anything other than arrays and + objects) at the toplevel of a JSON text. While this is strictly + backwards compatible to older versions, it breaks a number of protocols + that relied on sending JSON back-to-back, and is a minor security + concern. + + For example, imagine you have two banks communicating, and on one side, + trhe JSON coder gets upgraded. Two messages, such as 10 and 1000 might + then be confused to mean 101000, something that couldn't happen in the + original JSON, because niether of these messages would be valid JSON. + + If one side accepts these messages, then an upgrade in the coder on + either side could result in this becoming exploitable. + + This module has always allowed these messages as an optional extension, + by default disabled. The security concerns are the reason why the + default is still disabled, but future versions might/will likely upgrade + to the newer RFC as default format, so you are advised to check your + implementation and/or override the default with "->allow_nonref (0)" to + ensure that future versions are safe. + INTEROPERABILITY WITH OTHER MODULES "JSON::XS" uses the Types::Serialiser module to provide boolean constants. That means that the JSON true and false values will be comaptible to true and false values of iother modules that do the same, such as JSON::PP and CBOR::XS. +INTEROPERABILITY WITH OTHER JSON DECODERS + As long as you only serialise data that can be directly expressed in + JSON, "JSON::XS" is incapable of generating invalid JSON output (modulo + bugs, but "JSON::XS" has found more bugs in the official JSON testsuite + (1) than the official JSON testsuite has found in "JSON::XS" (0)). + + When you have trouble decoding JSON generated by this module using other + decoders, then it is very likely that you have an encoding mismatch or + the other decoder is broken. + + When decoding, "JSON::XS" is strict by default and will likely catch all + errors. There are currently two settings that change this: "relaxed" + makes "JSON::XS" accept (but not generate) some non-standard extensions, + and "allow_tags" will allow you to encode and decode Perl objects, at + the cost of not outputting valid JSON anymore. + + TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS + When you use "allow_tags" to use the extended (and also nonstandard and + invalid) JSON syntax for serialised objects, and you still want to + decode the generated When you want to serialise objects, you can run a + regex to replace the tagged syntax by standard JSON arrays (it only + works for "normal" packagesnames without comma, newlines or single + colons). First, the readable Perl version: + + # if your FREEZE methods return no values, you need this replace first: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; + + # this works for non-empty constructor arg lists: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; + + And here is a less readable version that is easy to adapt to other + languages: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; + + Here is an ECMAScript version (same regex): + + json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); + + Since this syntax converts to standard JSON arrays, it might be hard to + distinguish serialised objects from normal arrays. You can prepend a + "magic number" as first array element to reduce chances of a collision: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; + + And after decoding the JSON text, you could walk the data structure + looking for arrays with a first element of + "XU1peReLzT4ggEllLanBYq4G9VzliwKF". + + The same approach can be used to create the tagged format with another + encoder. First, you create an array with the magic string as first + member, the classname as second, and constructor arguments last, encode + it as part of your JSON structure, and then: + + $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; + + Again, this has some limitations - the magic string must not be encoded + with character escapes, and the constructor arguments must be non-empty. + +RFC7159 + Since this module was written, Google has written a new JSON RFC, RFC + 7159 (and RFC7158). Unfortunately, this RFC breaks compatibility with + both the original JSON specification on www.json.org and RFC4627. + + As far as I can see, you can get partial compatibility when parsing by + using "->allow_nonref". However, consider thew security implications of + doing so. + + I haven't decided yet when to break compatibility with RFC4627 by + default (and potentially leave applications insecure) and change the + default to follow RFC7159, but application authors are well advised to + call "->allow_nonref(0)" even if this is the current default, if they + cannot handle non-reference values, in preparation for the day when the4 + default will change. + THREADS This module is *not* guaranteed to be thread safe and there are no plans to change this until Perl gets thread support (as opposed to the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/XS.pm new/JSON-XS-3.02/XS.pm --- old/JSON-XS-3.01/XS.pm 2013-10-29 16:55:34.000000000 +0100 +++ new/JSON-XS-3.02/XS.pm 2016-02-26 22:46:21.000000000 +0100 @@ -103,7 +103,7 @@ use common::sense; -our $VERSION = 3.01; +our $VERSION = 3.02; our @ISA = qw(Exporter); our @EXPORT = qw(encode_json decode_json); @@ -406,6 +406,16 @@ # neither this one... ] +=item * literal ASCII TAB characters in strings + +Literal ASCII TAB characters are now allowed in strings (and treated as +C<\t>). + + [ + "Hello\tWorld", + "Hello<TAB>World", # literal <TAB> would not normally be allowed + ] + =back =item $json = $json->canonical ([$enable]) @@ -689,7 +699,7 @@ and you need to know where the JSON text ends. JSON::XS->new->decode_prefix ("[1] the tail") - => ([], 3) + => ([1], 3) =back @@ -1555,6 +1565,47 @@ security right). +=head1 "OLD" VS. "NEW" JSON (RFC 4627 VS. RFC 7159) + +TL;DR: Due to security concerns, JSON::XS will not allow scalar data in +JSON texts by default - you need to create your own JSON::XS object and +enable C<allow_nonref>: + + + my $json = JSON::XS->new->allow_nonref; + + $text = $json->encode ($data); + $data = $json->decode ($text); + +The long version: JSON being an important and supposedly stable format, +the IETF standardised it as RFC 4627 in 2006. Unfortunately, the inventor +of JSON, Dougles Crockford, unilaterally changed the definition of JSON in +javascript. Rather than create a fork, the IETF decided to standardise the +new syntax (apparently, so Iw as told, without finding it very amusing). + +The biggest difference between thed original JSON and the new JSON is that +the new JSON supports scalars (anything other than arrays and objects) at +the toplevel of a JSON text. While this is strictly backwards compatible +to older versions, it breaks a number of protocols that relied on sending +JSON back-to-back, and is a minor security concern. + +For example, imagine you have two banks communicating, and on one side, +trhe JSON coder gets upgraded. Two messages, such as C<10> and C<1000> +might then be confused to mean C<101000>, something that couldn't happen +in the original JSON, because niether of these messages would be valid +JSON. + +If one side accepts these messages, then an upgrade in the coder on either +side could result in this becoming exploitable. + +This module has always allowed these messages as an optional extension, by +default disabled. The security concerns are the reason why the default is +still disabled, but future versions might/will likely upgrade to the newer +RFC as default format, so you are advised to check your implementation +and/or override the default with C<< ->allow_nonref (0) >> to ensure that +future versions are safe. + + =head1 INTEROPERABILITY WITH OTHER MODULES C<JSON::XS> uses the L<Types::Serialiser> module to provide boolean @@ -1563,6 +1614,86 @@ such as L<JSON::PP> and L<CBOR::XS>. +=head1 INTEROPERABILITY WITH OTHER JSON DECODERS + +As long as you only serialise data that can be directly expressed in JSON, +C<JSON::XS> is incapable of generating invalid JSON output (modulo bugs, +but C<JSON::XS> has found more bugs in the official JSON testsuite (1) +than the official JSON testsuite has found in C<JSON::XS> (0)). + +When you have trouble decoding JSON generated by this module using other +decoders, then it is very likely that you have an encoding mismatch or the +other decoder is broken. + +When decoding, C<JSON::XS> is strict by default and will likely catch all +errors. There are currently two settings that change this: C<relaxed> +makes C<JSON::XS> accept (but not generate) some non-standard extensions, +and C<allow_tags> will allow you to encode and decode Perl objects, at the +cost of not outputting valid JSON anymore. + +=head2 TAGGED VALUE SYNTAX AND STANDARD JSON EN/DECODERS + +When you use C<allow_tags> to use the extended (and also nonstandard and +invalid) JSON syntax for serialised objects, and you still want to decode +the generated When you want to serialise objects, you can run a regex +to replace the tagged syntax by standard JSON arrays (it only works for +"normal" packagesnames without comma, newlines or single colons). First, +the readable Perl version: + + # if your FREEZE methods return no values, you need this replace first: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[\s*\]/[$1]/gx; + + # this works for non-empty constructor arg lists: + $json =~ s/\( \s* (" (?: [^\\":,]+|\\.|::)* ") \s* \) \s* \[/[$1,/gx; + +And here is a less readable version that is easy to adapt to other +languages: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/[$1,/g; + +Here is an ECMAScript version (same regex): + + json = json.replace (/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/g, "[$1,"); + +Since this syntax converts to standard JSON arrays, it might be hard to +distinguish serialised objects from normal arrays. You can prepend a +"magic number" as first array element to reduce chances of a collision: + + $json =~ s/\(\s*("([^\\":,]+|\\.|::)*")\s*\)\s*\[/["XU1peReLzT4ggEllLanBYq4G9VzliwKF",$1,/g; + +And after decoding the JSON text, you could walk the data +structure looking for arrays with a first element of +C<XU1peReLzT4ggEllLanBYq4G9VzliwKF>. + +The same approach can be used to create the tagged format with another +encoder. First, you create an array with the magic string as first member, +the classname as second, and constructor arguments last, encode it as part +of your JSON structure, and then: + + $json =~ s/\[\s*"XU1peReLzT4ggEllLanBYq4G9VzliwKF"\s*,\s*("([^\\":,]+|\\.|::)*")\s*,/($1)[/g; + +Again, this has some limitations - the magic string must not be encoded +with character escapes, and the constructor arguments must be non-empty. + + +=head1 RFC7159 + +Since this module was written, Google has written a new JSON RFC, RFC 7159 +(and RFC7158). Unfortunately, this RFC breaks compatibility with both the +original JSON specification on www.json.org and RFC4627. + +As far as I can see, you can get partial compatibility when parsing by +using C<< ->allow_nonref >>. However, consider thew security implications +of doing so. + +I haven't decided yet when to break compatibility with RFC4627 by default +(and potentially leave applications insecure) and change the default to +follow RFC7159, but application authors are well advised to call C<< +->allow_nonref(0) >> even if this is the current default, if they cannot +handle non-reference values, in preparation for the day when the4 default +will change. + + =head1 THREADS This module is I<not> guaranteed to be thread safe and there are no diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/XS.xs new/JSON-XS-3.02/XS.xs --- old/JSON-XS-3.01/XS.xs 2013-10-29 16:52:49.000000000 +0100 +++ new/JSON-XS-3.02/XS.xs 2016-02-26 22:41:10.000000000 +0100 @@ -81,16 +81,18 @@ #ifdef USE_ITHREADS # define JSON_SLOW 1 # define JSON_STASH (json_stash ? json_stash : gv_stashpv ("JSON::XS", 1)) +# define BOOL_STASH (bool_stash ? bool_stash : gv_stashpv ("Types::Serialiser::Boolean", 1)) #else # define JSON_SLOW 0 # define JSON_STASH json_stash +# define BOOL_STASH bool_stash #endif // the amount of HEs to allocate on the stack, when sorting keys #define STACK_HES 64 -static HV *json_stash, *types_boolean_stash; // JSON::XS:: -static SV *types_true, *types_false, *sv_json; +static HV *json_stash, *bool_stash; // JSON::XS::, Types::Serialiser::Boolean:: +static SV *bool_true, *bool_false, *sv_json; enum { INCR_M_WS = 0, // initial whitespace skipping, must be 0 @@ -301,6 +303,47 @@ return neg ? -accum : accum; } + +// target of scalar reference is bool? -1 == nope, 0 == false, 1 == true +static int +ref_bool_type (SV *sv) +{ + svtype svt = SvTYPE (sv); + + if (svt < SVt_PVAV) + { + STRLEN len = 0; + char *pv = svt ? SvPV (sv, len) : 0; + + if (len == 1) + if (*pv == '1') + return 1; + else if (*pv == '0') + return 0; + + } + + return -1; +} + +// returns whether scalar is not a reference in the sense of allow_nonref +static int +json_nonref (SV *scalar) +{ + if (!SvROK (scalar)) + return 1; + + scalar = SvRV (scalar); + + if (SvSTASH (scalar) == bool_stash) + return 1; + + if (!SvOBJECT (scalar) && ref_bool_type (scalar) >= 0) + return 1; + + return 0; +} + ///////////////////////////////////////////////////////////////////////////// // encoder @@ -703,12 +746,9 @@ if (expect_false (SvOBJECT (sv))) { - HV *boolean_stash = !JSON_SLOW || types_boolean_stash - ? types_boolean_stash - : gv_stashpv ("Types::Serialiser::Boolean", 1); HV *stash = SvSTASH (sv); - if (stash == boolean_stash) + if (stash == bool_stash) { if (SvIV (sv)) encode_str (enc, "true", 4, 0); @@ -720,7 +760,9 @@ int count; dSP; - ENTER; SAVETMPS; PUSHMARK (SP); + ENTER; SAVETMPS; + SAVESTACK_POS (); + PUSHMARK (SP); EXTEND (SP, 2); // we re-bless the reference to get overload and other niceties right PUSHs (sv_bless (sv_2mortal (newRV_inc (sv)), stash)); @@ -732,7 +774,7 @@ // catch this surprisingly common error if (SvROK (TOPs) && SvRV (TOPs) == sv) - croak ("%s::TO_JSON method returned same object as was passed instead of a new one", HvNAME (SvSTASH (sv))); + croak ("%s::FREEZE method returned same object as was passed instead of a new one", HvNAME (SvSTASH (sv))); encode_ch (enc, '('); encode_ch (enc, '"'); @@ -751,15 +793,14 @@ encode_ch (enc, ']'); - PUTBACK; - FREETMPS; LEAVE; } else if ((enc->json.flags & F_CONV_BLESSED) && (method = gv_fetchmethod_autoload (stash, "TO_JSON", 0))) { dSP; - ENTER; SAVETMPS; PUSHMARK (SP); + ENTER; SAVETMPS; + PUSHMARK (SP); // we re-bless the reference to get overload and other niceties right XPUSHs (sv_bless (sv_2mortal (newRV_inc (sv)), stash)); @@ -791,12 +832,11 @@ encode_av (enc, (AV *)sv); else if (svt < SVt_PVAV) { - STRLEN len = 0; - char *pv = svt ? SvPV (sv, len) : 0; + int bool_type = ref_bool_type (sv); - if (len == 1 && *pv == '1') + if (bool_type == 1) encode_str (enc, "true", 4, 0); - else if (len == 1 && *pv == '0') + else if (bool_type == 0) encode_str (enc, "false", 5, 0); else if (enc->json.flags & F_ALLOW_UNKNOWN) encode_str (enc, "null", 4, 0); @@ -889,7 +929,7 @@ { enc_t enc; - if (!(json->flags & F_ALLOW_NONREF) && !SvROK (scalar)) + if (!(json->flags & F_ALLOW_NONREF) && json_nonref (scalar)) croak ("hash- or arrayref expected (not a simple scalar, use allow_nonref to allow this)"); enc.json = *json; @@ -1106,6 +1146,8 @@ utf8 = 1; } + else if (ch == '\t' && dec->json.flags & F_RELAXED) + *cur++ = ch; else { --dec_cur; @@ -1437,7 +1479,7 @@ he = hv_iternext (hv); hv_iterinit (hv); - // the next line creates a mortal sv each time its called. + // the next line creates a mortal sv each time it's called. // might want to optimise this for common cases. cb = hv_fetch_ent (dec->json.cb_sk_object, hv_iterkeysv (he), 0, 0); @@ -1446,7 +1488,9 @@ dSP; int count; - ENTER; SAVETMPS; PUSHMARK (SP); + ENTER; SAVETMPS; + SAVESTACK_POS (); + PUSHMARK (SP); XPUSHs (HeVAL (he)); sv_2mortal (sv); @@ -1469,7 +1513,9 @@ dSP; int count; - ENTER; SAVETMPS; PUSHMARK (SP); + ENTER; SAVETMPS; + SAVESTACK_POS (); + PUSHMARK (SP); XPUSHs (sv_2mortal (sv)); PUTBACK; count = call_sv (dec->json.cb_object, G_ARRAY); SPAGAIN; @@ -1546,7 +1592,8 @@ dSP; - ENTER; SAVETMPS; PUSHMARK (SP); + ENTER; SAVETMPS; + PUSHMARK (SP); EXTEND (SP, len + 2); // we re-bless the reference to get overload and other niceties right PUSHs (tag); @@ -1598,9 +1645,9 @@ { dec->cur += 4; #if JSON_SLOW - types_true = get_bool ("Types::Serialiser::true"); + bool_true = get_bool ("Types::Serialiser::true"); #endif - return newSVsv (types_true); + return newSVsv (bool_true); } else ERR ("'true' expected"); @@ -1612,9 +1659,9 @@ { dec->cur += 5; #if JSON_SLOW - types_false = get_bool ("Types::Serialiser::false"); + bool_false = get_bool ("Types::Serialiser::false"); #endif - return newSVsv (types_false); + return newSVsv (bool_false); } else ERR ("'false' expected"); @@ -1651,9 +1698,12 @@ * makes perl ignore the magic in subsequent accesses. * also make a copy of non-PV values, to get them into a clean * state (SvPV should do that, but it's buggy, see below). + * + * SvIsCOW_shared_hash works around a bug in perl (possibly 5.16), + * as reported by Reini Urban. */ /*SvGETMAGIC (string);*/ - if (SvMAGICAL (string) || !SvPOK (string)) + if (SvMAGICAL (string) || !SvPOK (string) || SvIsCOW_shared_hash (string)) string = sv_2mortal (newSVsv (string)); SvUPGRADE (string, SVt_PV); @@ -1738,7 +1788,7 @@ sv = sv_2mortal (sv); - if (!(dec.json.flags & F_ALLOW_NONREF) && !SvROK (sv)) + if (!(dec.json.flags & F_ALLOW_NONREF) && json_nonref (sv)) croak ("JSON text must be an object or array (but found number, string, true, false or null, use allow_nonref to allow this)"); return sv; @@ -1918,11 +1968,10 @@ : i >= 'A' && i <= 'F' ? i - 'A' + 10 : -1; - json_stash = gv_stashpv ("JSON::XS" , 1); - types_boolean_stash = gv_stashpv ("Types::Serialiser::Boolean", 1); - - types_true = get_bool ("Types::Serialiser::true"); - types_false = get_bool ("Types::Serialiser::false"); + json_stash = gv_stashpv ("JSON::XS" , 1); + bool_stash = gv_stashpv ("Types::Serialiser::Boolean", 1); + bool_true = get_bool ("Types::Serialiser::true"); + bool_false = get_bool ("Types::Serialiser::false"); sv_json = newSVpv ("JSON", 0); SvREADONLY_on (sv_json); @@ -1934,8 +1983,8 @@ void CLONE (...) CODE: - json_stash = 0; - types_boolean_stash = 0; + json_stash = 0; + bool_stash = 0; void new (char *klass) PPCODE: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/JSON-XS-3.01/bin/json_xs new/JSON-XS-3.02/bin/json_xs --- old/JSON-XS-3.01/bin/json_xs 2013-10-28 22:56:48.000000000 +0100 +++ new/JSON-XS-3.02/bin/json_xs 2016-02-21 16:37:44.000000000 +0100 @@ -52,6 +52,8 @@ =item none - nothing is read, creates an C<undef> scalar - mainly useful with C<-e> +=item cbor - CBOR (via CBOR::XS) + =back =item -t toformat @@ -183,6 +185,7 @@ "bencode" => sub { require Convert::Bencode; Convert::Bencode::bdecode ($_) }, "clzf" => sub { require Compress::LZF; Compress::LZF::sthaw ($_) }, "yaml" => sub { require YAML; YAML::Load ($_) }, + "cbor" => sub { require CBOR::XS; CBOR::XS::decode_cbor ($_) }, "eval" => sub { my $v = eval "no strict; no warnings; no utf8;\n#line 1 \"input\"\n$_"; die "$@" if $@; $v }, ); ++++++ cpanspec.yml ++++++ --- #description_paragraphs: 3 #description: |- # override description from CPAN #summary: override summary from CPAN #no_testing: broken upstream #sources: # - source1 # - source2 #patches: # foo.patch: -p1 # bar.patch: #preamble: |- # BuildRequires: gcc-c++ #post_prep: |- # hunspell=`pkg-config --libs hunspell | sed -e 's,-l,,; s, *,,g'` # sed -i -e "s,hunspell-X,$hunspell," t/00-prereq.t Makefile.PL #post_build: |- # rm unused.files #post_install: |- # sed on %{name}.files license: Perl License #skip_noarch: 1 #custom_build: |- #./Build build flags=%{?_smp_mflags} --myflag #custom_test: |- #startserver && make test #ignore_requires: Bizarre::Module
