ruby-changes:33374
From: hsbt <ko1@a...>
Date: Fri, 28 Mar 2014 09:19:22 +0900 (JST)
Subject: [ruby-changes:33374] hsbt:r45453 (trunk): * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to
hsbt 2014-03-28 09:19:15 +0900 (Fri, 28 Mar 2014) New Revision: 45453 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=45453 Log: * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to libyaml-0.1.6 for CVE-2014-2525. * ext/psych/yaml/config.h: ditto. * ext/psych/yaml/scanner.c: ditto. * ext/psych/yaml/yaml_private.h: ditto. Modified files: trunk/ChangeLog trunk/ext/psych/lib/psych.rb trunk/ext/psych/yaml/config.h trunk/ext/psych/yaml/scanner.c trunk/ext/psych/yaml/yaml_private.h Index: ChangeLog =================================================================== --- ChangeLog (revision 45452) +++ ChangeLog (revision 45453) @@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Fri Mar 28 09:11:06 2014 SHIBATA Hiroshi <shibata.hiroshi@g...> + + * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to + libyaml-0.1.6 for CVE-2014-2525. + * ext/psych/yaml/config.h: ditto. + * ext/psych/yaml/scanner.c: ditto. + * ext/psych/yaml/yaml_private.h: ditto. + Thu Mar 27 18:58:10 2014 Nobuyoshi Nakada <nobu@r...> * re.c (match_regexp): set regexp for MatchData from string. Index: ext/psych/yaml/yaml_private.h =================================================================== --- ext/psych/yaml/yaml_private.h (revision 45452) +++ ext/psych/yaml/yaml_private.h (revision 45453) @@ -146,9 +146,12 @@ yaml_string_join( https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/yaml_private.h#L146 (string).start = (string).pointer = (string).end = 0) #define STRING_EXTEND(context,string) \ - (((string).pointer+5 < (string).end) \ + ((((string).pointer+5 < (string).end) \ || yaml_string_extend(&(string).start, \ - &(string).pointer, &(string).end)) + &(string).pointer, &(string).end)) ? \ + 1 : \ + ((context)->error = YAML_MEMORY_ERROR, \ + 0)) #define CLEAR(context,string) \ ((string).pointer = (string).start, \ Index: ext/psych/yaml/scanner.c =================================================================== --- ext/psych/yaml/scanner.c (revision 45452) +++ ext/psych/yaml/scanner.c (revision 45453) @@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/scanner.c#L2629 /* Check if it is a URI-escape sequence. */ if (CHECK(parser->buffer, '%')) { + if (!STRING_EXTEND(parser, string)) + goto error; + if (!yaml_parser_scan_uri_escapes(parser, directive, start_mark, &string)) goto error; } Index: ext/psych/yaml/config.h =================================================================== --- ext/psych/yaml/config.h (revision 45452) +++ ext/psych/yaml/config.h (revision 45453) @@ -1,11 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/config.h#L1 - #define PACKAGE_NAME "yaml" #define PACKAGE_TARNAME "yaml" -#define PACKAGE_VERSION "0.1.5" -#define PACKAGE_STRING "yaml 0.1.5" +#define PACKAGE_VERSION "0.1.6" +#define PACKAGE_STRING "yaml 0.1.6" #define PACKAGE_BUGREPORT "http://pyyaml.org/newticket?component libyaml" #define PACKAGE_URL "" #define YAML_VERSION_MAJOR 0 #define YAML_VERSION_MINOR 1 -#define YAML_VERSION_PATCH 5 -#define YAML_VERSION_STRING "0.1.5" +#define YAML_VERSION_PATCH 6 +#define YAML_VERSION_STRING "0.1.6" Index: ext/psych/lib/psych.rb =================================================================== --- ext/psych/lib/psych.rb (revision 45452) +++ ext/psych/lib/psych.rb (revision 45453) @@ -217,7 +217,7 @@ require 'psych/class_loader' https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych.rb#L217 module Psych # The version is Psych you're using - VERSION = '2.0.4' + VERSION = '2.0.5' # The version of libyaml Psych is using LIBYAML_VERSION = Psych.libyaml_version.join '.' -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/