Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package perl-Cpanel-JSON-XS for
openSUSE:Factory checked in at 2023-03-10 22:08:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/perl-Cpanel-JSON-XS (Old)
and /work/SRC/openSUSE:Factory/.perl-Cpanel-JSON-XS.new.31432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "perl-Cpanel-JSON-XS"
Fri Mar 10 22:08:44 2023 rev:37 rq:1070673 version:4.36
Changes:
--------
--- /work/SRC/openSUSE:Factory/perl-Cpanel-JSON-XS/perl-Cpanel-JSON-XS.changes
2022-08-16 17:58:09.822925939 +0200
+++
/work/SRC/openSUSE:Factory/.perl-Cpanel-JSON-XS.new.31432/perl-Cpanel-JSON-XS.changes
2023-03-10 22:09:06.605605104 +0100
@@ -1,0 +2,21 @@
+Fri Mar 3 03:06:14 UTC 2023 - Tina Müller <[email protected]>
+
+- updated to 4.36
+ see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
+
+ 4.36 2023-03-02 (rurban)
+ - remove the SAVESTACK_POS noop. Merged from JSON-XS-3.02,
+ removed there with 4.0. requested to remove with
+ L<https://github.com/Perl/perl5/pull/20858>
+ 4.35 2023-02-22 (rurban)
+ - fix utf8 object stringification (jixam PR #212)
+ 4.34 2023-02-21 (rurban)
+ - fix c89 compilation regression, for loop init on centos. GH #211
+ 4.33 2023-02-21 (rurban)
+ - fix a security issue, decoding hash keys without ending :
+ (GH #208)
+ - check all bare hash keys for utf8 (GH #209)
+ - improve overload warnings (Graham Knop PR #205)
+ - fix a croak leak (GH #206)
+
+-------------------------------------------------------------------
Old:
----
Cpanel-JSON-XS-4.32.tar.gz
New:
----
Cpanel-JSON-XS-4.36.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ perl-Cpanel-JSON-XS.spec ++++++
--- /var/tmp/diff_new_pack.676jMh/_old 2023-03-10 22:09:07.085607289 +0100
+++ /var/tmp/diff_new_pack.676jMh/_new 2023-03-10 22:09:07.097607344 +0100
@@ -1,7 +1,7 @@
#
# spec file for package perl-Cpanel-JSON-XS
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define cpan_name Cpanel-JSON-XS
Name: perl-Cpanel-JSON-XS
-Version: 4.32
+Version: 4.36
Release: 0
License: Artistic-1.0 OR GPL-1.0-or-later
Summary: CPanel fork of JSON::XS, fast and correct serializing
@@ -48,6 +48,7 @@
%prep
%autosetup -n %{cpan_name}-%{version}
+
find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path
"*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
%build
++++++ Cpanel-JSON-XS-4.32.tar.gz -> Cpanel-JSON-XS-4.36.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/.github/workflows/testsuite.yml
new/Cpanel-JSON-XS-4.36/.github/workflows/testsuite.yml
--- old/Cpanel-JSON-XS-4.32/.github/workflows/testsuite.yml 2022-05-27
17:29:43.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/.github/workflows/testsuite.yml 2023-02-21
17:20:32.000000000 +0100
@@ -64,6 +64,7 @@
matrix:
perl-version:
[
+ "5.36",
"5.34",
"5.32",
"5.30",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/Changes
new/Cpanel-JSON-XS-4.36/Changes
--- old/Cpanel-JSON-XS-4.32/Changes 2022-08-13 09:06:11.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/Changes 2023-03-02 16:10:08.000000000 +0100
@@ -2,6 +2,24 @@
TODO: http://stevehanov.ca/blog/index.php?id=104 compression
+4.36 2023-03-02 (rurban)
+ - remove the SAVESTACK_POS noop. Merged from JSON-XS-3.02,
+ removed there with 4.0. requested to remove with
+ L<https://github.com/Perl/perl5/pull/20858>
+
+4.35 2023-02-22 (rurban)
+ - fix utf8 object stringification (jixam PR #212)
+
+4.34 2023-02-21 (rurban)
+ - fix c89 compilation regression, for loop init on centos. GH #211
+
+4.33 2023-02-21 (rurban)
+ - fix a security issue, decoding hash keys without ending :
+ (GH #208)
+ - check all bare hash keys for utf8 (GH #209)
+ - improve overload warnings (Graham Knop PR #205)
+ - fix a croak leak (GH #206)
+
4.32 2022-08-13 (rurban)
- fix new JSON::PP::Boolean overload redefinition warnings. GH #200
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/META.json
new/Cpanel-JSON-XS-4.36/META.json
--- old/Cpanel-JSON-XS-4.32/META.json 2022-08-13 09:12:24.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/META.json 2023-03-02 16:11:02.000000000 +0100
@@ -100,7 +100,7 @@
"url" : "https://github.com/rurban/Cpanel-JSON-XS";
}
},
- "version" : "4.32",
+ "version" : "4.36",
"x_contributors" : [
"Ashley Willis <[email protected]>",
"Chip Salzenberg <[email protected]>",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/META.yml
new/Cpanel-JSON-XS-4.36/META.yml
--- old/Cpanel-JSON-XS-4.32/META.yml 2022-08-13 09:12:24.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/META.yml 2023-03-02 16:11:02.000000000 +0100
@@ -48,7 +48,7 @@
bugtracker: https://github.com/rurban/Cpanel-JSON-XS/issues
license: http://dev.perl.org/licenses/
repository: https://github.com/rurban/Cpanel-JSON-XS
-version: '4.32'
+version: '4.36'
x_contributors:
- 'Ashley Willis <[email protected]>'
- 'Chip Salzenberg <[email protected]>'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/README
new/Cpanel-JSON-XS-4.36/README
--- old/Cpanel-JSON-XS-4.32/README 2022-08-13 09:12:25.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/README 2023-03-02 16:11:03.000000000 +0100
@@ -100,6 +100,8 @@
Changes to JSON::XS
+ - bare hashkeys are now checked for utf8. (GH #209)
+
- stricter decode_json() as documented. non-refs are disallowed. safe by
default. added a 2nd optional argument. decode() honors now
allow_nonref.
@@ -150,6 +152,9 @@
- additional fixes for:
+ - #208 - no security-relevant out-of-bounds reading of module memory
+ when decoding hash keys without ending ':'
+
- [cpan #88061] AIX atof without USE_LONG_DOUBLE
- #10 unshare_hek crash
@@ -171,6 +176,8 @@
- #167 sort tied hashes with canonical.
+ - #212 fix utf8 object stringification
+
- public maintenance and bugtracker
- use ppport.h, sanify XS.xs comment styles, harness C coding style
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/SIGNATURE
new/Cpanel-JSON-XS-4.36/SIGNATURE
--- old/Cpanel-JSON-XS-4.32/SIGNATURE 2022-08-13 09:12:24.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/SIGNATURE 2023-03-02 16:11:03.000000000 +0100
@@ -16,18 +16,18 @@
SHA256 aac2b4bbaa7b93eaf72300f60e167a17e05adcd721087f735ba55d2900f31490
.appveyor.yml
SHA256 082201a3cbd62a55f2e58ffbb991c4b2bb806de0009bc9497ffcc07202f60855
.github/FUNDING.yml
-SHA256 dc8d2b467fb2f4807932f97cf6b6cc57eccc4e3380fcf6e8e869564d20f0f3a9
.github/workflows/testsuite.yml
+SHA256 136c5a00ee7c7425150f18013743e7b0d30339eca0f08901d4cf6b8731a6b017
.github/workflows/testsuite.yml
SHA256 a3c34aba52e269e6cec558ecf9cff393138574189fdff26b183bee9cc2e0434f
.travis.yml
SHA256 c3f2a1a4f66382f796f71a571946722edba53cf3238152b26fd325f4c2f1a20f
.whitesource
SHA256 8de3540a3cd7ecc9a9dcb48975fe852c082fe17d4462f87bb72aa7cc47f083ad COPYING
-SHA256 f7a15fa8e7f0bb6f81f1d6c7256ef71472cf441ea7f0091ee139390c1986127e Changes
+SHA256 c758c617ed05c8a91a7336adbe53d79e4885f01a06fe84a1e48c42976a03f39e Changes
SHA256 a5378ebe65273d49047a21e94af087f70a303793ffed2a695c800ed965ac185d
MANIFEST
-SHA256 590d5e3443261262a8fa02a661f0d385309aad2260a50a2ea45ff185c2023116
META.json
-SHA256 5edfed308c0808cc7579e659bae406ff995b2449ea64e61b98663041941f0986
META.yml
+SHA256 051f716a2ea09f494bb2ea55a307b8bf84203eb86974a58e7ada4dd998403f7a
META.json
+SHA256 7e5f8393bdeafee479589ce902bac4c1ec8562266307f4456ff232db7c104aa6
META.yml
SHA256 31d74c68c91639bc34e18541091616d226713c6c49168d42eefab58535f5cd4a
Makefile.PL
-SHA256 08e9c93c93d50feaa087f9fd4db48cb2db9c0f0190524550ef42579b30266178 README
-SHA256 af2ee9271dcc11b400033006108124ab54a36dd0ab047154a2c9dd004192eed9 XS.pm
-SHA256 76b3a2015df7b9593c8cdd27c8cf77e712f9d60a98ca52bac36997cecc37baea XS.xs
+SHA256 9b6c604a239d0b8159655a2ccd5eec24298d9c3fb01fc516351129c4cd72578d README
+SHA256 c7f77033e88631292eb7eb75bce4d4bdfee700b83ede48d996a4dade5e3fd69e XS.pm
+SHA256 45dfa817ab8abe2eec0e814ef84016fb746d33543b2ec0f4b5cc88fc9a94b49f XS.xs
SHA256 c95e4b970183cbd6d1ec9c88c37a80f12bd2b66ed6be3c008ffd578d2f622c01
XS/Boolean.pm
SHA256 20596259e7e399ed1984a469a9a907be878499406d5285a11f1ab98f93aff44f
XS/Type.pm
SHA256 2f34a530b7ce981b0df9aacd2b6944ccf74c4a7f8bb49fde57b342663e7feb26
bin/cpanel_json_xs
@@ -46,7 +46,7 @@
SHA256 e88b03d3c8c5c85d4fc2c086848efd7d0fd7b69f839cf0936a698af77a7a59b8
t/09_pc_extra_number.t
SHA256 f177821982876d02403298d44ffe4e2193fdcd70b76da252b055f3eab8dd3cdf
t/104_sortby.t
SHA256 e8bf435b08bfd00e6ab7f278c6ce68ef8691011b80615fa372961f2d807f5c76
t/105_esc_slash.t
-SHA256 11a3b561ac5904abc84fee0003b9fb40425c29ae8eea7a69bc945e5b565af116
t/106_allow_barekey.t
+SHA256 8549eb57bd2ac40cbe57d8441f9188210ef0894c76626e3052ac40302f4f52a4
t/106_allow_barekey.t
SHA256 e267f630d9dd7001eb03a620d34782cd15f74548869971a37980293b137824f9
t/107_allow_singlequote.t
SHA256 f2047975a3b8392feb6a87d782ecc7746ae2117bde57f716cc90877c8850f2e0
t/108_decode.t
SHA256 e6f7738431bc8d77ad0b8ad2db9ab54426f7bbc86eb5f5794b1a4616f454baef
t/109_encode.t
@@ -64,7 +64,7 @@
SHA256 67295534f9f44b6c2fd9375a4baff3b959318ce2468d466204efd1aeb8caadae
t/120_type_all_string.t
SHA256 af3adbcc14e32df9fc2ef3f9a1502c1335a9e2da36ac54119be1f98fcabb4264
t/121_memleak.t
SHA256 782bc33e7b6e46d42a168713b0828db134c7885f67fdd35ac53619ba6476aef6
t/125_shared_boolean.t
-SHA256 b7a68af68d323e6878604ab4df7e4520f188ea3f2d7ff66ae7a3da7c4e86bc68
t/12_blessed.t
+SHA256 c9d8346f43da22bef00a08cb3064f699316daa1593432193b742d13d08fad9a8
t/12_blessed.t
SHA256 43a8dfc79182d0ea1462e9266bad1197bc172a9698c0fd002a8e9b0324112ca7
t/13_limit.t
SHA256 99275341c61a98875e26651c858941a299bf6a6fb99a2d60e04d22395b69e3fb
t/14_latin1.t
SHA256 7fb98299aabdc98c4e83404d8fb663d357f815d8dc524406c79b1fd1827531e4
t/15_prefix.t
@@ -84,7 +84,7 @@
SHA256 cf2181a691d5e1862d71e4e902928a0d899b9671e3633584efa8ae3f5cc0d174
t/31_bom.t
SHA256 59c743137453c8c4e9e785a15dcd057b0209d5ce160d683d7ab416dc37a92b6d
t/52_object.t
SHA256 3b9ce402e2d0cae8a525df4beca05f2656ba5cf02b074d02fd690fe97773d2d7
t/53_readonly.t
-SHA256 baa1cd8dc2dfbc01b7d78c5d4d3bd1dd759b15f70283eb752fabd55d632870db
t/54_stringify.t
+SHA256 a08be137b59c9cd58410bc41969e1e9e9fa2159469523394b6bfd0c798c00908
t/54_stringify.t
SHA256 f542b8cfd2bee5ab9ae92dd042e3bbf68a968ae959d0eeada43cd5cd53c8337a
t/55_modifiable.t
SHA256 7e825a17dc348ddee2b61e686a670115c31d80f372a7614e27811b9f3d795c79
t/96_interop.t
SHA256 f720857c5fb03c62aab4765610ab05326e5139505f823400605abaebedffeb32
t/96_interop_pp.t
@@ -436,22 +436,22 @@
SHA256 c32dc76195cae85cc51b2ee14d6999e2a1fd791162fcd3b0495e1ccdf1ecfd69
xt/checkchanges.t
SHA256 250be3b1b5ce2836369eaf375e9b2b2ad47516bcc1d01b77d79d31b7479007a0
xt/gh70-asan.t
SHA256 08e9482b1c2e030e1e2d0ee97fef5b70b76a4faf2be1178d22bed123a70c738c
xt/kwalitee.t
-SHA256 6b0825520e8a66e1be3f320beffffce7a14e2c49f61af61fe24d9807cb41fcee
xt/leaktrace.t
+SHA256 5bfbf6375182b5af97569b627fb31d7b4ea3bd1a8a7cd40bd615b67e235777db
xt/leaktrace.t
SHA256 f091e0f6946cfa8b7985d6ccda50d5050a8d1b42844019b3491c5df365227142
xt/manifest.t
SHA256 e6f32877ebc12cedb7756d3de7a7f715ffe2736be060fd49344565d2af0dfbbf
xt/meta.t
SHA256 3e77c26b01896ae196cbbc88f1a72530c4b0d412245b1f9df5184f782eccaec9
xt/perl_minimum_version.t
SHA256 763b7c3057710be453f94661badc01243f2ec528aa274760f6273e9eab443022
xt/pod-coverage.t
SHA256 85b87067a123cec4ca7b0268f4285274ce5216bb5bf6f4479d5988fce05b2295
xt/pod-spell-mistakes.t
-SHA256 c5f72383a02e5db78b4ef80a4cb48601dd1c9249bcc469200a6bbc0b26f62ed4
xt/pod-spelling.t
+SHA256 5a4c8ec0943d40da2d65d3e4325ba55168f0f4a243dad391431df3d89d73e3d3
xt/pod-spelling.t
SHA256 aca6f846869ab2e4881e807739086e1535b1438bd0e23d7a021360742736a6a9
xt/pod.t
-----BEGIN PGP SIGNATURE-----
-iQEzBAEBAwAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAmL3TtgACgkQtPYzOeZd
-ZBR9xAgAvKhIE4NZrYCY9ovoLct7ubCynE+2phxGvXCsOnWJpmoewAFX99XDVWLi
-MrLaZ+HTRxwj5j5ZTzT4Nl+Rw9jQbqJXdcf1GjKMexrF3kiG/rZ9yQgVeI/8sCzv
-JaR2Rj01AXs8kd4Bb+odTTOpMpE+lfdr0YKhwLAdlUtycuYN5CmD1Tr4037ShRNO
-dYmgs8qrBI42Eq5wBXORxglEerbU3us9ORY19jSOPzHEl8GceXqZi34EX+y+fZo9
-L5XIy1i8bGSNY1JgeJ5hVBGvSwUlzW27cqLLj0K6TC4EW4JF1RrFGOke0Sotiuj/
-jt8xdL90hnsj5hnIpMCts7Z5Ku5l/Q==
-=zRcT
+iQEzBAEBAwAdFiEEKJWogdNCcPq/6PdHtPYzOeZdZBQFAmQAvIYACgkQtPYzOeZd
+ZBQwPwgAgA86wo17rW1Gq+FdV026u7rPsTAPGqHFwu6KvsQ69hbJgMZ3GoYgBpde
+SR4con8eXLodMjInM0yYuZst05ukJhDf106QBlBUPNnU3DVLdroVLdmxscKkmTFQ
+GLTEJvxKAvCeUS5GkTTnCh0a4E0azWVXQFTWyCaXH2hmRAggmoQ65Ri2+QSBixgp
+wzacTtUXYxOz8G4ft/y4S8kkbL/BdTtIHds4KDa32kBNXabqTLsuq3Ri9ueiaXe8
+SS3lk8DL/a2dM16DuP/NNKXh8jCarwvo/6q+JO98Dw2uAXo4qzqFc56oy/Nlg7sy
+7BFJd0oTKnjspdwVeQ4kW+PyMx9R4A==
+=fF9I
-----END PGP SIGNATURE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/XS.pm
new/Cpanel-JSON-XS-4.36/XS.pm
--- old/Cpanel-JSON-XS-4.32/XS.pm 2022-08-13 09:06:11.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/XS.pm 2023-03-02 16:10:08.000000000 +0100
@@ -1,5 +1,5 @@
package Cpanel::JSON::XS;
-our $VERSION = '4.32';
+our $VERSION = '4.36';
our $XS_VERSION = $VERSION;
# $VERSION = eval $VERSION;
@@ -112,6 +112,8 @@
B<Changes to JSON::XS>
+- bare hashkeys are now checked for utf8. (GH #209)
+
- stricter decode_json() as documented. non-refs are disallowed.
safe by default.
added a 2nd optional argument. decode() honors now allow_nonref.
@@ -163,6 +165,9 @@
- additional fixes for:
+ - #208 - no security-relevant out-of-bounds reading of module memory
+ when decoding hash keys without ending ':'
+
- [cpan #88061] AIX atof without USE_LONG_DOUBLE
- #10 unshare_hek crash
@@ -184,6 +189,8 @@
- #167 sort tied hashes with canonical.
+ - #212 fix utf8 object stringification
+
- public maintenance and bugtracker
- use ppport.h, sanify XS.xs comment styles, harness C coding style
@@ -2340,6 +2347,7 @@
local $^W; # silence redefine warnings. no warnings 'redefine' does not help
# These already come with JSON::PP::Boolean. Avoid redefine warning.
if (!defined $JSON::PP::Boolean::VERSION or $JSON::PP::VERSION lt '4.00') {
+ &overload::unimport( 'overload', '0+', '++', '--' );
&overload::import( 'overload',
"0+" => sub { ${$_[0]} },
"++" => sub { $_[0] = ${$_[0]} + 1 },
@@ -2347,6 +2355,7 @@
);
}
# workaround 5.6 reserved keyword warning
+ &overload::unimport( 'overload', '""', 'eq', 'ne' );
&overload::import( 'overload',
'""' => sub { ${$_[0]} == 1 ? '1' : '0' }, # GH 29
'eq' => sub {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/XS.xs
new/Cpanel-JSON-XS-4.36/XS.xs
--- old/Cpanel-JSON-XS-4.32/XS.xs 2022-06-16 21:18:00.000000000 +0200
+++ new/Cpanel-JSON-XS-4.36/XS.xs 2023-03-02 16:10:08.000000000 +0100
@@ -1418,8 +1418,7 @@
cop.cop_hints &= ~HINT_BYTES;
#endif
- ENTER;
- SAVETMPS;
+ ENTER; SAVETMPS;
SAVEVPTR (PL_curcop);
PL_curcop = &cop;
@@ -1596,7 +1595,8 @@
}
} else {
/* manually call all possible magic on AV, HV, FM */
- if (SvGMAGICAL(sv)) mg_get(sv);
+ if (SvGMAGICAL(sv))
+ mg_get(sv);
if (MyAMG(sv)) { /* force a RV here */
SV* rv = newRV(SvREFCNT_inc(sv));
#if PERL_VERSION <= 8
@@ -1616,7 +1616,7 @@
if (pv && SvPOK(pv)) {
str = SvPVutf8_force(pv, len);
encode_ch (aTHX_ enc, '"');
- encode_str (aTHX_ enc, str, len, 0);
+ encode_str (aTHX_ enc, str, len, 1);
encode_ch (aTHX_ enc, '"');
SvREFCNT_dec(rv);
return;
@@ -1659,7 +1659,7 @@
else {
if (isref != 1)
encode_ch (aTHX_ enc, '"');
- encode_str (aTHX_ enc, str, len, 0);
+ encode_str (aTHX_ enc, str, len, 1);
if (isref != 1)
encode_ch (aTHX_ enc, '"');
}
@@ -1742,7 +1742,8 @@
dSP;
int count, items;
- ENTER; SAVETMPS; SAVESTACK_POS (); PUSHMARK (SP);
+ ENTER; SAVETMPS;
+ PUSHMARK (SP);
EXTEND (SP, 2);
PUSHs (rv);
PUSHs (MY_CXT.sv_json);
@@ -1788,8 +1789,8 @@
{
dSP;
- ENTER; SAVETMPS; PUSHMARK (SP);
-
+ ENTER; SAVETMPS;
+ PUSHMARK (SP);
XPUSHs (rv);
/* calling with G_SCALAR ensures that we always get a 1 return value
*/
@@ -2361,9 +2362,7 @@
dSP;
int is_negative;
- ENTER;
- SAVETMPS;
-
+ ENTER; SAVETMPS;
PUSHMARK (SP);
XPUSHs (sv);
PUTBACK;
@@ -2724,6 +2723,8 @@
INLINE void
decode_ws (dec_t *dec)
{
+ if (dec->cur >= dec->end)
+ return;
for (;;)
{
char ch = *dec->cur;
@@ -2750,7 +2751,7 @@
#define ERR(reason) SB dec->err = reason; goto fail; SE
-#define EXPECT_CH(ch) SB \
+#define EXPECT_CH(ch) SB \
if (*dec->cur != ch) \
ERR (# ch " expected"); \
++dec->cur; \
@@ -3819,12 +3820,28 @@
static void
hv_store_str (pTHX_ HV* hv, char *key, U32 len, SV* value)
{
- /* Note: not a utf8 hash key */
+ U32 i;
#if PERL_VERSION > 8 || (PERL_VERSION == 8 && PERL_SUBVERSION >= 9)
- hv_common (hv, NULL, key, len, 0,
+ int utf8 = 0;
+#else
+ I32 ulen = (I32)len;
+#endif
+ /* check utf8 hash key */
+ for (i=0; i<len; i++) {
+ if ((signed char)key[i] < 0) {
+#if PERL_VERSION > 8 || (PERL_VERSION == 8 && PERL_SUBVERSION >= 9)
+ utf8 = HVhek_UTF8;
+#else
+ ulen = -(I32)len;
+#endif
+ break;
+ }
+ }
+#if PERL_VERSION > 8 || (PERL_VERSION == 8 && PERL_SUBVERSION >= 9)
+ hv_common (hv, NULL, key, len, utf8,
HV_FETCH_ISSTORE|HV_FETCH_JUST_SV, value, 0);
#else
- hv_store (hv, key, len, value, 0);
+ hv_store (hv, key, ulen, value, 0);
#endif
}
@@ -3870,11 +3887,11 @@
}
else if (*dec->cur == 0x27)
endstr = 0x27;
- is_bare=0;
+ is_bare = 0;
++dec->cur;
} else {
EXPECT_CH ('"');
- is_bare=0;
+ is_bare = 0;
}
/* heuristic: assume that */
@@ -3923,7 +3940,8 @@
}
} // else overwrite it below
}
- decode_ws (dec); EXPECT_CH (':');
+ decode_ws (dec);
+ EXPECT_CH (':');
decode_ws (dec);
if (typesv)
@@ -3995,7 +4013,10 @@
}
dec->cur = p + 1;
- decode_ws (dec); if (*p != ':') EXPECT_CH (':');
+ if (dec->cur >= dec->end)
+ EXPECT_CH (':');
+ decode_ws (dec);
+ if (*p != ':') EXPECT_CH (':');
decode_ws (dec);
if (typesv)
@@ -4020,12 +4041,15 @@
}
else
{
- /* Note: not a utf8 hash key */
hv_store_str (aTHX_ hv, key, len, value);
}
break;
}
++p;
+ if (p > dec->end) {
+ dec->cur = p;
+ EXPECT_CH (':');
+ }
}
}
@@ -4075,7 +4099,8 @@
dSP;
I32 count;
- ENTER; SAVETMPS; SAVESTACK_POS (); PUSHMARK (SP);
+ ENTER; SAVETMPS;
+ PUSHMARK (SP);
XPUSHs (HeVAL (he));
sv_2mortal (sv);
@@ -4102,7 +4127,8 @@
dSP;
I32 count;
- ENTER; SAVETMPS; SAVESTACK_POS (); PUSHMARK (SP);
+ ENTER; SAVETMPS;
+ PUSHMARK (SP);
XPUSHs (sv_2mortal (sv));
PUTBACK; count = call_sv (dec->json.cb_object, G_ARRAY); SPAGAIN;
@@ -4184,7 +4210,8 @@
if (!method)
ERR ("cannot decode perl-object (package does not have a THAW method)");
- ENTER; SAVETMPS; SAVESTACK_POS (); PUSHMARK (SP);
+ ENTER; SAVETMPS;
+ PUSHMARK (SP);
EXTEND (SP, len + 2);
/* we re-bless the reference to get overload and other niceties right */
PUSHs (tag);
@@ -4485,11 +4512,16 @@
if (!sv)
{
SV *uni = sv_newmortal ();
-
+ COP cop = *PL_curcop;
+ if (dec.cur >= dec.end) // overshoot
+ {
+ croak ("%s, at character offset %d",
+ dec.err,
+ (int)ptr_to_index (aTHX_ string, dec.cur - SvPVX(string)));
+ }
#if PERL_VERSION >= 8
/* horrible hack to silence warning inside pv_uni_display */
/* TODO: Can be omitted with newer perls */
- COP cop = *PL_curcop;
cop.cop_warnings = pWARN_NONE;
ENTER;
SAVEVPTR (PL_curcop);
@@ -4499,12 +4531,14 @@
#endif
croak ("%s, at character offset %d (before \"%s\")",
dec.err,
- (int)ptr_to_index (aTHX_ string, dec.cur-SvPVX(string)),
- dec.cur != dec.end ? SvPV_nolen (uni) : "(end of string)");
+ (int)ptr_to_index (aTHX_ string, dec.cur - SvPVX(string)),
+ dec.cur < dec.end ? SvPV_nolen (uni) : "(end of string)");
}
- if (!(dec.json.flags & F_ALLOW_NONREF) && json_nonref(aTHX_ sv))
+ if (!(dec.json.flags & F_ALLOW_NONREF) && json_nonref(aTHX_ sv)) {
+ SvREFCNT_dec (sv);
croak ("JSON text must be an object or array (but found number, string,
true, false or null, use allow_nonref to allow this)");
+ }
if (UNLIKELY(converted && !(converted - 1))) /* with BOM, and UTF8 was not
set */
json->flags &= ~F_UTF8;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/t/106_allow_barekey.t
new/Cpanel-JSON-XS-4.36/t/106_allow_barekey.t
--- old/Cpanel-JSON-XS-4.32/t/106_allow_barekey.t 2020-10-27
18:29:11.000000000 +0100
+++ new/Cpanel-JSON-XS-4.36/t/106_allow_barekey.t 2023-02-22
16:34:03.000000000 +0100
@@ -1,6 +1,7 @@
-use Test::More tests => 4;
+use Test::More tests => 6;
use strict;
+use utf8;
use Cpanel::JSON::XS;
#########################
@@ -14,3 +15,13 @@
is($json->decode('{ foo : "bar"}')->{foo}, 'bar', 'with space');
is($json->decode(qq({\tfoo\t:"bar"}))->{foo}, 'bar', 'with tab');
+SKIP: {
+ skip "5.6 has no is_utf8", 2 if $] < 5.008;
+ my $r = $json->decode(qq({"füü": 1}));
+ my @k = keys %$r;
+ is(utf8::is_utf8($k[0]), 1, 'keep utf8 as string key');
+ $r = $json->decode(qq({füü: 1}));
+ @k = keys %$r;
+ is(utf8::is_utf8($k[0]), 1, 'keep utf8 as bare key');
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/t/12_blessed.t
new/Cpanel-JSON-XS-4.36/t/12_blessed.t
--- old/Cpanel-JSON-XS-4.32/t/12_blessed.t 2020-12-14 08:22:05.000000000
+0100
+++ new/Cpanel-JSON-XS-4.36/t/12_blessed.t 2023-02-22 16:39:16.000000000
+0100
@@ -1,6 +1,6 @@
use strict;
use Cpanel::JSON::XS;
-use Test::More tests => 22;
+use Test::More tests => 23;
package ZZ;
use overload ('""' => sub { "<ZZ:".${$_[0]}.">" } );
@@ -11,6 +11,7 @@
my $o1 = bless { a => 3 }, "XX"; # with TO_JSON
my $o2 = bless \(my $dummy1 = 1), "YY"; # without stringification
my $o3 = bless \(my $dummy2 = 1), "ZZ"; # with stringification
+my $o4 = bless \(my $dummy3 = "\x{1f603}"), "ZZ"; # with stringification
Unicode
if (eval 'require Hash::Util') {
if ($Hash::Util::VERSION > 0.05) {
@@ -40,6 +41,8 @@
TODO: {
local $TODO = '5.8.x' if $] < 5.010;
ok ($r eq '"<ZZ:1>"', "stringify overload with convert_blessed: $r / $o3");
+ $r = $js->encode ($o4);
+ ok ($r eq "\"<ZZ:\x{1f603}>\"", "stringify overload Unicode with
convert_blessed");
}
$js = Cpanel::JSON::XS->new;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/t/54_stringify.t
new/Cpanel-JSON-XS-4.36/t/54_stringify.t
--- old/Cpanel-JSON-XS-4.32/t/54_stringify.t 2020-12-14 08:22:05.000000000
+0100
+++ new/Cpanel-JSON-XS-4.36/t/54_stringify.t 2023-02-22 16:34:03.000000000
+0100
@@ -10,7 +10,7 @@
or plan skip_all => 'JSON 2.09 required for cross testing';
$ENV{PERL_JSON_BACKEND} = 'JSON::PP';
}
-plan $] < 5.008 ? (skip_all => "5.6 no AMG yet") : (tests => 18);
+plan $] < 5.008 ? (skip_all => "5.6 no AMG yet") : (tests => 19);
use Cpanel::JSON::XS;
my $time = localtime;
@@ -34,6 +34,12 @@
is( $enc, '{"obj":"Foo <foo>"}', "mg object stringified" )
or diag($enc);
+$object = bless ["\x{1f603}"], 'Foo';
+$enc = $json->encode( { obj => $object } );
+
+is( $enc, "{\"obj\":\"Foo <\x{1f603}>\"}", "mg object stringified Unicode" )
+ or diag($enc);
+
$enc = $json->encode( { time => $time } );
isa_ok($time, "Time::Piece");
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/xt/leaktrace.t
new/Cpanel-JSON-XS-4.36/xt/leaktrace.t
--- old/Cpanel-JSON-XS-4.32/xt/leaktrace.t 2020-10-27 18:39:10.000000000
+0100
+++ new/Cpanel-JSON-XS-4.36/xt/leaktrace.t 2023-02-21 17:20:32.000000000
+0100
@@ -4,7 +4,7 @@
use strict;
use constant HAS_LEAKTRACE => eval{ require Test::LeakTrace };
-use Test::More HAS_LEAKTRACE ? (tests => 1) : (skip_all => 'require
Test::LeakTrace');
+use Test::More HAS_LEAKTRACE ? (tests => 4) : (skip_all => 'require
Test::LeakTrace');
use Test::LeakTrace;
use Cpanel::JSON::XS;
@@ -22,3 +22,23 @@
$js->encode ( bless { k => 1 }, Temp1:: );
} '<', 1;
+
+# leak on allow_nonref croak, GH 206
+leaks_cmp_ok{
+ eval { decode_json('"asdf"') };
+ #print $@;
+} '<', 1;
+
+# illegal unicode croak
+leaks_cmp_ok{
+ eval { decode_json("{\"\x{c2}\x{c2}\"}") };
+ #print $@;
+} '<', 1;
+
+# wrong type croak
+leaks_cmp_ok{
+ use Cpanel::JSON::XS::Type;
+ my $js = Cpanel::JSON::XS->new->canonical->require_types;
+ eval { $js->encode([0], JSON_TYPE_FLOAT) };
+ #print $@;
+} '<', 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Cpanel-JSON-XS-4.32/xt/pod-spelling.t
new/Cpanel-JSON-XS-4.36/xt/pod-spelling.t
--- old/Cpanel-JSON-XS-4.32/xt/pod-spelling.t 2020-10-27 18:39:10.000000000
+0100
+++ new/Cpanel-JSON-XS-4.36/xt/pod-spelling.t 2023-02-22 16:34:03.000000000
+0100
@@ -43,15 +43,16 @@
DESERIALIZATION
Deserializing
ECMAscript
+GH
GPL
GoodData
+hashkeys
IETF
Iceweasel
JSON
JSON's
KOI
Lehmann
-Lehmann
MLEHMANN
Mojo
MongoDB
