ruby-changes:60594
From: usa <ko1@a...>
Date: Tue, 31 Mar 2020 07:22:27 +0900 (JST)
Subject: [ruby-changes:60594] b379ecd8b6 (ruby_2_5): merge revision(s) 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01: [Backport #16698]
https://git.ruby-lang.org/ruby.git/commit/?id=b379ecd8b6 From b379ecd8b6832dfcd5dad353b6bfd41701e2d678 Mon Sep 17 00:00:00 2001 From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Mon, 30 Mar 2020 22:22:10 +0000 Subject: merge revision(s) 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01: [Backport #16698] backport 80b5a0ff2a7709367178f29d4ebe1c54122b1c27 partially as a securify fix for CVE-2020-10663. The patch was provided by Jeremy Evans. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67869 b2dd03c8-39d4-4d8f-98ff-823fe69b080e diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c index d2e4eb6..ae90b2e 100644 --- a/ext/json/parser/parser.c +++ b/ext/json/parser/parser.c @@ -1815,7 +1815,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/json/parser/parser.c#L1815 } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl index 29900a4..f7dbcff 100644 --- a/ext/json/parser/parser.rl +++ b/ext/json/parser/parser.rl @@ -710,7 +710,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/json/parser/parser.rl#L710 } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; diff --git a/version.h b/version.h index 56fcb94..c7af795 100644 --- a/version.h +++ b/version.h @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1 #define RUBY_VERSION "2.5.8" #define RUBY_RELEASE_DATE "2020-03-31" -#define RUBY_PATCHLEVEL 218 +#define RUBY_PATCHLEVEL 219 #define RUBY_RELEASE_YEAR 2020 #define RUBY_RELEASE_MONTH 3 -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/