packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!11 fix CVE-2020-10663

Browse Source 
Merge pull request !11 from zhanghua/openEuler-20.03-LTS
This commit is contained in:
openeuler-ci-bot 2020-06-23 10:53:24 +08:00 committed by Gitee
commit 4e715c7dec
2 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CVE-2020-10663.patch Normal file
View File

@ -0,0 +1,37 @@
From 85487773ba69ec2179cac77ed725cec1b6cdffc8 Mon Sep 17 00:00:00 2001
Subject: [PATCH] fix CVE-2020-10663
---
ext/json/parser/parser.c | 2 +-
ext/json/parser/parser.rl | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c
index d2e4eb6..ae90b2e 100644
--- a/ext/json/parser/parser.c
+++ b/ext/json/parser/parser.c
@@ -1815,7 +1815,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl
index 29900a4..f7dbcff 100644
--- a/ext/json/parser/parser.rl
+++ b/ext/json/parser/parser.rl
@@ -710,7 +710,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
--
2.23.0

10
ruby.spec
View File

@ -1,6 +1,6 @@
Name: ruby Name: ruby
Version: 2.5.1 Version: 2.5.1
Release: 105 Release: 106
Summary: Object-oriented scripting language interpreter Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: http://ruby-lang.org/ URL: http://ruby-lang.org/
@ -588,7 +588,13 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.* %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
%changelog %changelog
* Fri May 15 2020 huanghaitao <huanghaitao@huawei.com> - 2.5.1-105 * Mon Jun 22 2020 zhanghua <zhanghua40@huawei.com> - 2.5.1-106
- Type:cves
- ID:CVE-2020-10663
- SUG:restart
- DESC:fix CVE-2020-10663
* Thu May 07 2020 huanghaitao <huanghaitao@huawei.com> - 2.5.1-105
- Type:cves - Type:cves
- ID:CVE-2020-10933 - ID:CVE-2020-10933
- SUG:restart - SUG:restart