[前][次][番号順一覧][スレッド一覧]

ruby-changes:33731

From: nagachika <ko1@a...>
Date: Mon, 5 May 2014 00:45:40 +0900 (JST)
Subject: [ruby-changes:33731] nagachika:r45812 (ruby_2_1): merge revision(s) r45453, r45455, r45577: [Backport #9798]

nagachika	2014-05-05 00:45:33 +0900 (Mon, 05 May 2014)

  New Revision: 45812

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=45812

  Log:
    merge revision(s) r45453,r45455,r45577: [Backport #9798]
    
    * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to
      libyaml-0.1.6 for CVE-2014-2525.
    
    * ext/psych/yaml/config.h: ditto.
    
    * ext/psych/yaml/scanner.c: ditto.
    
    * ext/psych/yaml/yaml_private.h: ditto.
    
    * ext/psych/psych.gemspec: update gemspec for psych-2.0.5

  Modified directories:
    branches/ruby_2_1/
  Modified files:
    branches/ruby_2_1/ChangeLog
    branches/ruby_2_1/ext/psych/lib/psych.rb
    branches/ruby_2_1/ext/psych/psych.gemspec
    branches/ruby_2_1/ext/psych/yaml/config.h
    branches/ruby_2_1/ext/psych/yaml/scanner.c
    branches/ruby_2_1/ext/psych/yaml/yaml_private.h
    branches/ruby_2_1/version.h
Index: ruby_2_1/ChangeLog
===================================================================
--- ruby_2_1/ChangeLog	(revision 45811)
+++ ruby_2_1/ChangeLog	(revision 45812)
@@ -1,3 +1,15 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ChangeLog#L1
+Mon May  5 00:42:35 2014  SHIBATA Hiroshi  <shibata.hiroshi@g...>
+
+	* ext/psych/psych.gemspec: update gemspec for psych-2.0.5
+
+Mon May  5 00:42:35 2014  SHIBATA Hiroshi  <shibata.hiroshi@g...>
+
+	* ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to
+	  libyaml-0.1.6 for CVE-2014-2525.
+	* ext/psych/yaml/config.h: ditto.
+	* ext/psych/yaml/scanner.c: ditto.
+	* ext/psych/yaml/yaml_private.h: ditto.
+
 Mon May  5 00:35:20 2014  Aaron Patterson <aaron@t...>
 
 	* ext/psych/lib/psych/visitors/yaml_tree.rb: support dumping Encoding
Index: ruby_2_1/ext/psych/yaml/yaml_private.h
===================================================================
--- ruby_2_1/ext/psych/yaml/yaml_private.h	(revision 45811)
+++ ruby_2_1/ext/psych/yaml/yaml_private.h	(revision 45812)
@@ -146,9 +146,12 @@ yaml_string_join( https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/yaml/yaml_private.h#L146
      (string).start = (string).pointer = (string).end = 0)
 
 #define STRING_EXTEND(context,string)                                           \
-    (((string).pointer+5 < (string).end)                                        \
+    ((((string).pointer+5 < (string).end)                                       \
         || yaml_string_extend(&(string).start,                                  \
-            &(string).pointer, &(string).end))
+            &(string).pointer, &(string).end)) ?                                \
+         1 :                                                                    \
+        ((context)->error = YAML_MEMORY_ERROR,                                  \
+         0))
 
 #define CLEAR(context,string)                                                   \
     ((string).pointer = (string).start,                                         \
Index: ruby_2_1/ext/psych/yaml/scanner.c
===================================================================
--- ruby_2_1/ext/psych/yaml/scanner.c	(revision 45811)
+++ ruby_2_1/ext/psych/yaml/scanner.c	(revision 45812)
@@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/yaml/scanner.c#L2629
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+                goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
Index: ruby_2_1/ext/psych/yaml/config.h
===================================================================
--- ruby_2_1/ext/psych/yaml/config.h	(revision 45811)
+++ ruby_2_1/ext/psych/yaml/config.h	(revision 45812)
@@ -1,11 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/yaml/config.h#L1
-
 #define PACKAGE_NAME "yaml"
 #define PACKAGE_TARNAME "yaml"
-#define PACKAGE_VERSION "0.1.5"
-#define PACKAGE_STRING "yaml 0.1.5"
+#define PACKAGE_VERSION "0.1.6"
+#define PACKAGE_STRING "yaml 0.1.6"
 #define PACKAGE_BUGREPORT "http://pyyaml.org/newticket?component libyaml"
 #define PACKAGE_URL ""
 #define YAML_VERSION_MAJOR 0
 #define YAML_VERSION_MINOR 1
-#define YAML_VERSION_PATCH 5
-#define YAML_VERSION_STRING "0.1.5"
+#define YAML_VERSION_PATCH 6
+#define YAML_VERSION_STRING "0.1.6"
Index: ruby_2_1/ext/psych/lib/psych.rb
===================================================================
--- ruby_2_1/ext/psych/lib/psych.rb	(revision 45811)
+++ ruby_2_1/ext/psych/lib/psych.rb	(revision 45812)
@@ -21,7 +21,7 @@ require 'psych/class_loader' https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/lib/psych.rb#L21
 #
 # Psych is a YAML parser and emitter.
 # Psych leverages libyaml [Home page: http://pyyaml.org/wiki/LibYAML]
-# or [Git repo: https://github.com/zerotao/libyaml] for its YAML parsing
+# or [HG repo: https://bitbucket.org/xi/libyaml] for its YAML parsing
 # and emitting capabilities. In addition to wrapping libyaml, Psych also
 # knows how to serialize and de-serialize most Ruby objects to and from
 # the YAML format.
@@ -217,7 +217,7 @@ require 'psych/class_loader' https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/lib/psych.rb#L217
 
 module Psych
   # The version is Psych you're using
-  VERSION         = '2.0.4'
+  VERSION         = '2.0.5'
 
   # The version of libyaml Psych is using
   LIBYAML_VERSION = Psych.libyaml_version.join '.'
Index: ruby_2_1/ext/psych/psych.gemspec
===================================================================
--- ruby_2_1/ext/psych/psych.gemspec	(revision 45811)
+++ ruby_2_1/ext/psych/psych.gemspec	(revision 45812)
@@ -2,12 +2,12 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/psych.gemspec#L2
 
 Gem::Specification.new do |s|
   s.name = "psych"
-  s.version = "2.0.3"
+  s.version = "2.0.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Aaron Patterson"]
-  s.date = "2014-02-04"
+  s.date = "2014-03-27"
   s.description = "Psych is a YAML parser and emitter.  Psych leverages libyaml[http://pyyaml.org/wiki/LibYAML]\nfor its YAML parsing and emitting capabilities.  In addition to wrapping\nlibyaml, Psych also knows how to serialize and de-serialize most Ruby objects\nto and from the YAML format."
   s.email = ["aaron@t..."]
   s.extensions = ["ext/psych/extconf.rb"]
@@ -17,7 +17,7 @@ Gem::Specification.new do |s| https://github.com/ruby/ruby/blob/trunk/ruby_2_1/ext/psych/psych.gemspec#L17
   s.rdoc_options = ["--main", "README.rdoc"]
   s.required_ruby_version = Gem::Requirement.new(">= 1.9.2")
   s.rubyforge_project = "psych"
-  s.rubygems_version = "2.2.1"
+  s.rubygems_version = "2.2.2"
   s.summary = "Psych is a YAML parser and emitter"
   s.test_files = ["test/psych/handlers/test_recorder.rb", "test/psych/json/test_stream.rb", "test/psych/nodes/test_enumerable.rb", "test/psych/test_alias_and_anchor.rb", "test/psych/test_array.rb", "test/psych/test_boolean.rb", "test/psych/test_class.rb", "test/psych/test_coder.rb", "test/psych/test_date_time.rb", "test/psych/test_deprecated.rb", "test/psych/test_document.rb", "test/psych/test_emitter.rb", "test/psych/test_encoding.rb", "test/psych/test_engine_manager.rb", "test/psych/test_exception.rb", "test/psych/test_hash.rb", "test/psych/test_json_tree.rb", "test/psych/test_merge_keys.rb", "test/psych/test_nil.rb", "test/psych/test_null.rb", "test/psych/test_numeric.rb", "test/psych/test_object.rb", "test/psych/test_object_references.rb", "test/psych/test_omap.rb", "test/psych/test_parser.rb", "test/psych/test_psych.rb", "test/psych/test_safe_load.rb", "test/psych/test_scalar.rb", "test/psych/test_scalar_scanner.rb", "test/psych/test_serialize_subclasses.rb", "test/psyc
 h/test_set.rb", "test/psych/test_stream.rb", "test/psych/test_string.rb", "test/psych/test_struct.rb", "test/psych/test_symbol.rb", "test/psych/test_tainted.rb", "test/psych/test_to_yaml_properties.rb", "test/psych/test_tree_builder.rb", "test/psych/test_yaml.rb", "test/psych/test_yamldbm.rb", "test/psych/test_yamlstore.rb", "test/psych/visitors/test_depth_first.rb", "test/psych/visitors/test_emitter.rb", "test/psych/visitors/test_to_ruby.rb", "test/psych/visitors/test_yaml_tree.rb"]
 end
Index: ruby_2_1/version.h
===================================================================
--- ruby_2_1/version.h	(revision 45811)
+++ ruby_2_1/version.h	(revision 45812)
@@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_1/version.h#L1
 #define RUBY_VERSION "2.1.2"
 #define RUBY_RELEASE_DATE "2014-05-05"
-#define RUBY_PATCHLEVEL 85
+#define RUBY_PATCHLEVEL 86
 
 #define RUBY_RELEASE_YEAR 2014
 #define RUBY_RELEASE_MONTH 5

Property changes on: ruby_2_1
___________________________________________________________________
Modified: svn:mergeinfo
   Merged /trunk:r45453,45455,45577


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]