[前][次][番号順一覧][スレッド一覧]

ruby-changes:33374

From: hsbt <ko1@a...>
Date: Fri, 28 Mar 2014 09:19:22 +0900 (JST)
Subject: [ruby-changes:33374] hsbt:r45453 (trunk): * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to

hsbt	2014-03-28 09:19:15 +0900 (Fri, 28 Mar 2014)

  New Revision: 45453

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=45453

  Log:
    * ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to
      libyaml-0.1.6 for CVE-2014-2525.
    * ext/psych/yaml/config.h: ditto.
    * ext/psych/yaml/scanner.c: ditto.
    * ext/psych/yaml/yaml_private.h: ditto.

  Modified files:
    trunk/ChangeLog
    trunk/ext/psych/lib/psych.rb
    trunk/ext/psych/yaml/config.h
    trunk/ext/psych/yaml/scanner.c
    trunk/ext/psych/yaml/yaml_private.h
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 45452)
+++ ChangeLog	(revision 45453)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Fri Mar 28 09:11:06 2014  SHIBATA Hiroshi  <shibata.hiroshi@g...>
+
+	* ext/psych/lib/psych.rb: Merge psych-2.0.5. bump version to
+	  libyaml-0.1.6 for CVE-2014-2525.
+	* ext/psych/yaml/config.h: ditto.
+	* ext/psych/yaml/scanner.c: ditto.
+	* ext/psych/yaml/yaml_private.h: ditto.
+
 Thu Mar 27 18:58:10 2014  Nobuyoshi Nakada  <nobu@r...>
 
 	* re.c (match_regexp): set regexp for MatchData from string.
Index: ext/psych/yaml/yaml_private.h
===================================================================
--- ext/psych/yaml/yaml_private.h	(revision 45452)
+++ ext/psych/yaml/yaml_private.h	(revision 45453)
@@ -146,9 +146,12 @@ yaml_string_join( https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/yaml_private.h#L146
      (string).start = (string).pointer = (string).end = 0)
 
 #define STRING_EXTEND(context,string)                                           \
-    (((string).pointer+5 < (string).end)                                        \
+    ((((string).pointer+5 < (string).end)                                       \
         || yaml_string_extend(&(string).start,                                  \
-            &(string).pointer, &(string).end))
+            &(string).pointer, &(string).end)) ?                                \
+         1 :                                                                    \
+        ((context)->error = YAML_MEMORY_ERROR,                                  \
+         0))
 
 #define CLEAR(context,string)                                                   \
     ((string).pointer = (string).start,                                         \
Index: ext/psych/yaml/scanner.c
===================================================================
--- ext/psych/yaml/scanner.c	(revision 45452)
+++ ext/psych/yaml/scanner.c	(revision 45453)
@@ -2629,6 +2629,9 @@ yaml_parser_scan_tag_uri(yaml_parser_t * https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/scanner.c#L2629
         /* Check if it is a URI-escape sequence. */
 
         if (CHECK(parser->buffer, '%')) {
+            if (!STRING_EXTEND(parser, string))
+                goto error;
+
             if (!yaml_parser_scan_uri_escapes(parser,
                         directive, start_mark, &string)) goto error;
         }
Index: ext/psych/yaml/config.h
===================================================================
--- ext/psych/yaml/config.h	(revision 45452)
+++ ext/psych/yaml/config.h	(revision 45453)
@@ -1,11 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ext/psych/yaml/config.h#L1
-
 #define PACKAGE_NAME "yaml"
 #define PACKAGE_TARNAME "yaml"
-#define PACKAGE_VERSION "0.1.5"
-#define PACKAGE_STRING "yaml 0.1.5"
+#define PACKAGE_VERSION "0.1.6"
+#define PACKAGE_STRING "yaml 0.1.6"
 #define PACKAGE_BUGREPORT "http://pyyaml.org/newticket?component libyaml"
 #define PACKAGE_URL ""
 #define YAML_VERSION_MAJOR 0
 #define YAML_VERSION_MINOR 1
-#define YAML_VERSION_PATCH 5
-#define YAML_VERSION_STRING "0.1.5"
+#define YAML_VERSION_PATCH 6
+#define YAML_VERSION_STRING "0.1.6"
Index: ext/psych/lib/psych.rb
===================================================================
--- ext/psych/lib/psych.rb	(revision 45452)
+++ ext/psych/lib/psych.rb	(revision 45453)
@@ -217,7 +217,7 @@ require 'psych/class_loader' https://github.com/ruby/ruby/blob/trunk/ext/psych/lib/psych.rb#L217
 
 module Psych
   # The version is Psych you're using
-  VERSION         = '2.0.4'
+  VERSION         = '2.0.5'
 
   # The version of libyaml Psych is using
   LIBYAML_VERSION = Psych.libyaml_version.join '.'

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]