ruby-changes:60604
From: usa <ko1@a...>
Date: Tue, 31 Mar 2020 19:51:44 +0900 (JST)
Subject: [ruby-changes:60604] 68180523b6 (ruby_2_4): merge revision(s) 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01: [Backport #16698]
https://git.ruby-lang.org/ruby.git/commit/?id=68180523b6 From 68180523b64dea925f35741def24560ed4dbf331 Mon Sep 17 00:00:00 2001 From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Tue, 31 Mar 2020 10:51:26 +0000 Subject: merge revision(s) 36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01: [Backport #16698] backport 80b5a0ff2a7709367178f29d4ebe1c54122b1c27 partially as a securify fix for CVE-2020-10663. The patch was provided by Jeremy Evans. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67856 b2dd03c8-39d4-4d8f-98ff-823fe69b080e git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67873 b2dd03c8-39d4-4d8f-98ff-823fe69b080e diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c index c0a240a..cd7aeb2 100644 --- a/ext/json/parser/parser.c +++ b/ext/json/parser/parser.c @@ -1802,7 +1802,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/json/parser/parser.c#L1802 } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl index 9e1341e..4c99643 100644 --- a/ext/json/parser/parser.rl +++ b/ext/json/parser/parser.rl @@ -697,7 +697,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self) https://github.com/ruby/ruby/blob/trunk/ext/json/parser/parser.rl#L697 } else { json->max_nesting = 100; json->allow_nan = 0; - json->create_additions = 1; + json->create_additions = 0; json->create_id = rb_funcall(mJSON, i_create_id, 0); json->object_class = Qnil; json->array_class = Qnil; diff --git a/version.h b/version.h index 8d1b50f..bbea6a5 100644 --- a/version.h +++ b/version.h @@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1 #define RUBY_VERSION "2.4.9" -#define RUBY_RELEASE_DATE "2019-10-02" -#define RUBY_PATCHLEVEL 362 +#define RUBY_RELEASE_DATE "2020-03-31" +#define RUBY_PATCHLEVEL 363 -#define RUBY_RELEASE_YEAR 2019 -#define RUBY_RELEASE_MONTH 10 -#define RUBY_RELEASE_DAY 2 +#define RUBY_RELEASE_YEAR 2020 +#define RUBY_RELEASE_MONTH 3 +#define RUBY_RELEASE_DAY 31 #include "ruby/version.h" -- cgit v0.10.2 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/