Hello community, here is the log from the commit of package rubygem-json for openSUSE:Factory checked in at 2017-04-17 10:26:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-json (Old) and /work/SRC/openSUSE:Factory/.rubygem-json.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-json" Mon Apr 17 10:26:45 2017 rev:23 rq:487584 version:2.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-json/rubygem-json.changes 2017-01-25 23:27:53.481564066 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-json.new/rubygem-json.changes 2017-04-17 10:26:46.914215135 +0200 @@ -1,0 +2,12 @@ +Wed Apr 12 04:37:17 UTC 2017 - coolo@suse.com + +- updated to version 2.0.4 + see installed CHANGES.md + + ## 2017-03-23 (2.0.4) + * Raise exception for incomplete unicode surrogates/character escape + sequences. This problem was reported by Daniel Gollahon (dgollahon). + * Fix arbitrary heap exposure problem. This problem was reported by Ahmad + Sherif (ahmadsherif). + +------------------------------------------------------------------- Old: ---- json-2.0.3.gem New: ---- json-2.0.4.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-json.spec ++++++ --- /var/tmp/diff_new_pack.oLlAhu/_old 2017-04-17 10:26:47.874079201 +0200 +++ /var/tmp/diff_new_pack.oLlAhu/_new 2017-04-17 10:26:47.878078635 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-json -Version: 2.0.3 +Version: 2.0.4 Release: 0 %define mod_name json %define mod_full_name %{mod_name}-%{version} ++++++ json-2.0.3.gem -> json-2.0.4.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGES.md new/CHANGES.md --- old/CHANGES.md 2017-01-12 15:19:10.000000000 +0100 +++ new/CHANGES.md 2017-04-11 12:35:46.000000000 +0200 @@ -1,5 +1,10 @@ # Changes +## 2017-03-23 (2.0.4) + * Raise exception for incomplete unicode surrogates/character escape + sequences. This problem was reported by Daniel Gollahon (dgollahon). + * Fix arbitrary heap exposure problem. This problem was reported by Ahmad + Sherif (ahmadsherif). ## 2017-01-12 (2.0.3) * Set `required_ruby_version` to 1.9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/VERSION new/VERSION --- old/VERSION 2017-01-12 15:19:10.000000000 +0100 +++ new/VERSION 2017-04-11 12:35:46.000000000 +0200 @@ -1 +1 @@ -2.0.3 +2.0.4 Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/json/ext/fbuffer/fbuffer.h new/ext/json/ext/fbuffer/fbuffer.h --- old/ext/json/ext/fbuffer/fbuffer.h 2017-01-12 15:19:10.000000000 +0100 +++ new/ext/json/ext/fbuffer/fbuffer.h 2017-04-11 12:35:46.000000000 +0200 @@ -12,9 +12,6 @@ #define RFLOAT_VALUE(val) (RFLOAT(val)->value) #endif -#ifndef RARRAY_PTR -#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr -#endif #ifndef RARRAY_LEN #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/json/ext/generator/generator.c new/ext/json/ext/generator/generator.c --- old/ext/json/ext/generator/generator.c 2017-01-12 15:19:10.000000000 +0100 +++ new/ext/json/ext/generator/generator.c 2017-04-11 12:35:46.000000000 +0200 @@ -308,7 +308,7 @@ char *result; if (len <= 0) return NULL; result = ALLOC_N(char, len); - memccpy(result, ptr, 0, len); + memcpy(result, ptr, len); return result; } @@ -1062,7 +1062,7 @@ } } else { if (state->indent) ruby_xfree(state->indent); - state->indent = strdup(RSTRING_PTR(indent)); + state->indent = fstrndup(RSTRING_PTR(indent), len); state->indent_len = len; } return Qnil; @@ -1100,7 +1100,7 @@ } } else { if (state->space) ruby_xfree(state->space); - state->space = strdup(RSTRING_PTR(space)); + state->space = fstrndup(RSTRING_PTR(space), len); state->space_len = len; } return Qnil; @@ -1136,7 +1136,7 @@ } } else { if (state->space_before) ruby_xfree(state->space_before); - state->space_before = strdup(RSTRING_PTR(space_before)); + state->space_before = fstrndup(RSTRING_PTR(space_before), len); state->space_before_len = len; } return Qnil; @@ -1173,7 +1173,7 @@ } } else { if (state->object_nl) ruby_xfree(state->object_nl); - state->object_nl = strdup(RSTRING_PTR(object_nl)); + state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); state->object_nl_len = len; } return Qnil; @@ -1208,7 +1208,7 @@ } } else { if (state->array_nl) ruby_xfree(state->array_nl); - state->array_nl = strdup(RSTRING_PTR(array_nl)); + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); state->array_nl_len = len; } return Qnil; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/json/ext/generator/generator.h new/ext/json/ext/generator/generator.h --- old/ext/json/ext/generator/generator.h 2017-01-12 15:19:10.000000000 +0100 +++ new/ext/json/ext/generator/generator.h 2017-04-11 12:35:46.000000000 +0200 @@ -1,7 +1,6 @@ #ifndef _GENERATOR_H_ #define _GENERATOR_H_ -#include <string.h> #include <math.h> #include <ctype.h> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/json/ext/parser/parser.c new/ext/json/ext/parser/parser.c --- old/ext/json/ext/parser/parser.c 2017-01-12 15:19:10.000000000 +0100 +++ new/ext/json/ext/parser/parser.c 2017-04-11 12:35:46.000000000 +0200 @@ -1435,13 +1435,21 @@ break; case 'u': if (pe > stringEnd - 4) { - return Qnil; + rb_enc_raise( + EXC_ENCODING eParserError, + "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p + ); } else { UTF32 ch = unescape_unicode((unsigned char *) ++pe); pe += 3; if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { pe++; - if (pe > stringEnd - 6) return Qnil; + if (pe > stringEnd - 6) { + rb_enc_raise( + EXC_ENCODING eParserError, + "%u: incomplete surrogate pair at '%s'", __LINE__, p + ); + } if (pe[0] == '\' && pe[1] == 'u') { UTF32 sur = unescape_unicode((unsigned char *) pe + 2); ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) @@ -1471,7 +1479,7 @@ } -#line 1475 "parser.c" +#line 1483 "parser.c" enum {JSON_string_start = 1}; enum {JSON_string_first_final = 8}; enum {JSON_string_error = 0}; @@ -1479,7 +1487,7 @@ enum {JSON_string_en_main = 1}; -#line 504 "parser.rl" +#line 512 "parser.rl" static int @@ -1501,15 +1509,15 @@ *result = rb_str_buf_new(0); -#line 1505 "parser.c" +#line 1513 "parser.c" { cs = JSON_string_start; } -#line 525 "parser.rl" +#line 533 "parser.rl" json->memo = p; -#line 1513 "parser.c" +#line 1521 "parser.c" { if ( p == pe ) goto _test_eof; @@ -1534,7 +1542,7 @@ goto st0; goto st2; tr2: -#line 490 "parser.rl" +#line 498 "parser.rl" { *result = json_string_unescape(*result, json->memo + 1, p); if (NIL_P(*result)) { @@ -1545,14 +1553,14 @@ {p = (( p + 1))-1;} } } -#line 501 "parser.rl" +#line 509 "parser.rl" { p--; {p++; cs = 8; goto _out;} } goto st8; st8: if ( ++p == pe ) goto _test_eof8; case 8: -#line 1556 "parser.c" +#line 1564 "parser.c" goto st0; st3: if ( ++p == pe ) @@ -1628,7 +1636,7 @@ _out: {} } -#line 527 "parser.rl" +#line 535 "parser.rl" if (json->create_additions && RTEST(match_string = json->match_string)) { VALUE klass; @@ -1808,7 +1816,7 @@ } -#line 1812 "parser.c" +#line 1820 "parser.c" enum {JSON_start = 1}; enum {JSON_first_final = 10}; enum {JSON_error = 0}; @@ -1816,7 +1824,7 @@ enum {JSON_en_main = 1}; -#line 720 "parser.rl" +#line 728 "parser.rl" /* @@ -1833,16 +1841,16 @@ GET_PARSER; -#line 1837 "parser.c" +#line 1845 "parser.c" { cs = JSON_start; } -#line 736 "parser.rl" +#line 744 "parser.rl" p = json->source; pe = p + json->len; -#line 1846 "parser.c" +#line 1854 "parser.c" { if ( p == pe ) goto _test_eof; @@ -1876,7 +1884,7 @@ cs = 0; goto _out; tr2: -#line 712 "parser.rl" +#line 720 "parser.rl" { char *np = JSON_parse_value(json, p, pe, &result, 0); if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;} @@ -1886,7 +1894,7 @@ if ( ++p == pe ) goto _test_eof10; case 10: -#line 1890 "parser.c" +#line 1898 "parser.c" switch( (*p) ) { case 13: goto st10; case 32: goto st10; @@ -1975,7 +1983,7 @@ _out: {} } -#line 739 "parser.rl" +#line 747 "parser.rl" if (cs >= JSON_first_final && p == pe) { return result; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ext/json/ext/parser/parser.rl new/ext/json/ext/parser/parser.rl --- old/ext/json/ext/parser/parser.rl 2017-01-12 15:19:10.000000000 +0100 +++ new/ext/json/ext/parser/parser.rl 2017-04-11 12:35:46.000000000 +0200 @@ -446,13 +446,21 @@ break; case 'u': if (pe > stringEnd - 4) { - return Qnil; + rb_enc_raise( + EXC_ENCODING eParserError, + "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p + ); } else { UTF32 ch = unescape_unicode((unsigned char *) ++pe); pe += 3; if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { pe++; - if (pe > stringEnd - 6) return Qnil; + if (pe > stringEnd - 6) { + rb_enc_raise( + EXC_ENCODING eParserError, + "%u: incomplete surrogate pair at '%s'", __LINE__, p + ); + } if (pe[0] == '\' && pe[1] == 'u') { UTF32 sur = unescape_unicode((unsigned char *) pe + 2); ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) Binary files old/json.gemspec and new/json.gemspec differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/json_pure.gemspec new/json_pure.gemspec --- old/json_pure.gemspec 2017-01-12 15:19:10.000000000 +0100 +++ new/json_pure.gemspec 2017-04-11 12:35:46.000000000 +0200 @@ -1,14 +1,14 @@ # -*- encoding: utf-8 -*- -# stub: json_pure 2.0.3 ruby lib +# stub: json_pure 2.0.4 ruby lib Gem::Specification.new do |s| s.name = "json_pure".freeze - s.version = "2.0.3" + s.version = "2.0.4" s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= s.require_paths = ["lib".freeze] s.authors = ["Florian Frank".freeze] - s.date = "2017-01-12" + s.date = "2017-04-10" s.description = "This is a JSON implementation in pure Ruby.".freeze s.email = "flori@ping.de".freeze s.extra_rdoc_files = ["README.md".freeze] @@ -17,7 +17,7 @@ s.licenses = ["Ruby".freeze] s.rdoc_options = ["--title".freeze, "JSON implemention for ruby".freeze, "--main".freeze, "README.md".freeze] s.required_ruby_version = Gem::Requirement.new(">= 1.9".freeze) - s.rubygems_version = "2.6.8".freeze + s.rubygems_version = "2.6.11".freeze s.summary = "JSON Implementation for Ruby".freeze s.test_files = ["./tests/test_helper.rb".freeze] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/json/version.rb new/lib/json/version.rb --- old/lib/json/version.rb 2017-01-12 15:19:10.000000000 +0100 +++ new/lib/json/version.rb 2017-04-11 12:35:46.000000000 +0200 @@ -1,7 +1,7 @@ # frozen_string_literal: false module JSON # JSON version - VERSION = '2.0.3' + VERSION = '2.0.4' VERSION_ARRAY = VERSION.split(/./).map { |x| x.to_i } # :nodoc: VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2017-01-12 15:19:10.000000000 +0100 +++ new/metadata 2017-04-11 12:35:46.000000000 +0200 @@ -1,14 +1,14 @@ --- !ruby/object:Gem::Specification name: json version: !ruby/object:Gem::Version - version: 2.0.3 + version: 2.0.4 platform: ruby authors: - Florian Frank autorequire: bindir: bin cert_chain: [] -date: 2017-01-12 00:00:00.000000000 Z +date: 2017-04-11 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: rake @@ -180,7 +180,7 @@ version: '0' requirements: [] rubyforge_project: -rubygems_version: 2.6.8 +rubygems_version: 2.6.11 signing_key: specification_version: 4 summary: JSON Implementation for Ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tests/json_encoding_test.rb new/tests/json_encoding_test.rb --- old/tests/json_encoding_test.rb 2017-01-12 15:19:10.000000000 +0100 +++ new/tests/json_encoding_test.rb 2017-04-11 12:35:46.000000000 +0200 @@ -79,6 +79,8 @@ json = '["\ud840\udc01"]' assert_equal json, generate(utf8, :ascii_only => true) assert_equal utf8, parse(json) + assert_raises(JSON::ParserError) { parse('"\u"') } + assert_raises(JSON::ParserError) { parse('"\ud800"') } end def test_chars