[DRE-commits] [chef] 03/17: Dropped patch json_create_CVE-2013-0269_workaround - superseded upstream.
Stefano Rivera
stefano at rivera.za.net
Wed Jan 15 15:55:30 UTC 2014
This is an automated email from the git hooks/post-receive script.
stefanor pushed a commit to branch master
in repository chef.
commit 95567eebe913a21122c79c8ebbd7f7cfeb59f319
Author: Stefano Rivera <stefanor at debian.org>
Date: Thu Jan 9 15:25:48 2014 +0200
Dropped patch json_create_CVE-2013-0269_workaround - superseded upstream.
---
debian/changelog | 1 +
.../json_create_CVE-2013-0269_workaround.diff | 165 ---------------------
debian/patches/series | 1 -
3 files changed, 1 insertion(+), 166 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e4cf076..0cafe7d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
chef (11.8.2-1) UNRELEASED; urgency=medium
* New upstream version (Closes: #707079)
+ * Dropped patch json_create_CVE-2013-0269_workaround - superseded upstream.
-- Stefano Rivera <stefanor at debian.org> Thu, 09 Jan 2014 15:19:11 +0200
diff --git a/debian/patches/json_create_CVE-2013-0269_workaround.diff b/debian/patches/json_create_CVE-2013-0269_workaround.diff
deleted file mode 100644
index fa5beb6..0000000
--- a/debian/patches/json_create_CVE-2013-0269_workaround.diff
+++ /dev/null
@@ -1,165 +0,0 @@
-diff --git a/lib/chef/cookbook_version.rb b/lib/chef/cookbook_version.rb
-index 1c2deef..c7c9503 100644
---- a/lib/chef/cookbook_version.rb
-+++ b/lib/chef/cookbook_version.rb
-@@ -807,7 +807,7 @@ class Chef
- cookbook_version.manifest = o
-
- # We don't need the following step when we decide to stop supporting deprecated operators in the metadata (e.g. <<, >>)
-- cookbook_version.manifest["metadata"] = JSON.parse(cookbook_version.metadata.to_json)
-+ cookbook_version.manifest["metadata"] = Chef::JSONCompat.from_json(cookbook_version.metadata.to_json)
-
- cookbook_version.freeze_version if o["frozen?"]
- cookbook_version
-diff --git a/lib/chef/json_compat.rb b/lib/chef/json_compat.rb
-index 9f59a41..4e14a11 100644
---- a/lib/chef/json_compat.rb
-+++ b/lib/chef/json_compat.rb
-@@ -24,6 +24,22 @@ class Chef
- class JSONCompat
- JSON_MAX_NESTING = 1000
-
-+ JSON_CLASS = "json_class".freeze
-+
-+ CHEF_APICLIENT = "Chef::ApiClient".freeze
-+ CHEF_CHECKSUM = "Chef::Checksum".freeze
-+ CHEF_COOKBOOKVERSION = "Chef::CookbookVersion".freeze
-+ CHEF_DATABAG = "Chef::DataBag".freeze
-+ CHEF_DATABAGITEM = "Chef::DataBagItem".freeze
-+ CHEF_ENVIRONMENT = "Chef::Environment".freeze
-+ CHEF_NODE = "Chef::Node".freeze
-+ CHEF_ROLE = "Chef::Role".freeze
-+ CHEF_SANDBOX = "Chef::Sandbox".freeze
-+ CHEF_RESOURCE = "Chef::Resource".freeze
-+ CHEF_RESOURCECOLLECTION = "Chef::ResourceCollection".freeze
-+ CHEF_WEBUIUSER = "Chef::WebUIUser".freeze
-+ CHEF_OPENIDREGISTRAION = "Chef::OpenIDRegistration".freeze
-+
- class <<self
- # See CHEF-1292/PL-538. Increase the max nesting for JSON, which defaults
- # to 19, and isn't enough for some (for example, a Node within a Node)
-@@ -38,7 +54,49 @@ class Chef
-
- # Just call the JSON gem's parse method with a modified :max_nesting field
- def from_json(source, opts = {})
-- ::JSON.parse(source, opts_add_max_nesting(opts))
-+ obj = ::Yajl::Parser.parse(source)
-+
-+ unless obj.kind_of?(Hash) || obj.kind_of?(Array)
-+ raise JSON::ParserError, "Top level JSON object must be a Hash or Array (actual: #{obj.class})"
-+ end
-+
-+ # The old default in the json gem (which we are mimicing because we
-+ # sadly rely on this misfeature) is to "create additions" i.e., convert
-+ # JSON objects into ruby objects. Explicit :create_additions => false
-+ # is required to turn it off.
-+ if opts[:create_additions].nil? || opts[:create_additions]
-+ map_to_rb_obj(obj)
-+ else
-+ obj
-+ end
-+ rescue Yajl::ParseError => e
-+ raise JSON::ParserError, e.message
-+ end
-+
-+ # Look at an object that's a basic type (from json parse) and convert it
-+ # to an instance of Chef classes if desired.
-+ def map_to_rb_obj(json_obj)
-+ res = case json_obj
-+ when Hash
-+ mapped_hash = map_hash_to_rb_obj(json_obj)
-+ if json_obj.has_key?(JSON_CLASS) && (class_to_inflate = class_for_json_class(json_obj[JSON_CLASS]))
-+ class_to_inflate.json_create(mapped_hash)
-+ else
-+ mapped_hash
-+ end
-+ when Array
-+ json_obj.map {|e| map_to_rb_obj(e) }
-+ else
-+ json_obj
-+ end
-+ res
-+ end
-+
-+ def map_hash_to_rb_obj(json_hash)
-+ json_hash.each do |key, value|
-+ json_hash[key] = map_to_rb_obj(value)
-+ end
-+ json_hash
- end
-
- def to_json(obj, opts = nil)
-@@ -48,6 +106,44 @@ class Chef
- def to_json_pretty(obj, opts = nil)
- ::JSON.pretty_generate(obj, opts_add_max_nesting(opts))
- end
-+
-+
-+ def class_for_json_class(json_class)
-+ case json_class
-+ when CHEF_APICLIENT
-+ Chef::ApiClient
-+ when CHEF_CHECKSUM
-+ Chef::Checksum
-+ when CHEF_COOKBOOKVERSION
-+ Chef::CookbookVersion
-+ when CHEF_DATABAG
-+ Chef::DataBag
-+ when CHEF_DATABAGITEM
-+ Chef::DataBagItem
-+ when CHEF_ENVIRONMENT
-+ Chef::Environment
-+ when CHEF_NODE
-+ Chef::Node
-+ when CHEF_ROLE
-+ Chef::Role
-+ when CHEF_SANDBOX
-+ Chef::Sandbox
-+ when CHEF_RESOURCE
-+ Chef::Resource
-+ when CHEF_RESOURCECOLLECTION
-+ Chef::ResourceCollection
-+ when CHEF_WEBUIUSER
-+ Chef::WebUIUser
-+ when CHEF_OPENIDREGISTRAION
-+ Chef::OpenIDRegistration
-+ when /^Chef::Resource/
-+ Chef::Resource.find_subclass_by_name(json_class)
-+ else
-+ raise JSON::ParserError, "Unsupported `json_class` type '#{json_class}'"
-+ end
-+ end
-+
- end
- end
- end
-+
-diff --git a/lib/chef/resource.rb b/lib/chef/resource.rb
-index 2fd3942..b8f7603 100644
---- a/lib/chef/resource.rb
-+++ b/lib/chef/resource.rb
-@@ -74,6 +74,24 @@ F
- FORBIDDEN_IVARS = [:@run_context, :@node, :@not_if, :@only_if]
- HIDDEN_IVARS = [:@allowed_actions, :@resource_name, :@source_line, :@run_context, :@name, :@node]
-
-+ # Track all subclasses of Resource. This is used so names can be looked up
-+ # when attempting to deserialize from JSON. (See: json_compat)
-+ def self.resource_classes
-+ @resource_classes ||= []
-+ end
-+
-+ # Callback when subclass is defined. Adds subclass to list of subclasses.
-+ def self.inherited(subclass)
-+ resource_classes << subclass
-+ end
-+
-+ # Look up a subclass by +class_name+ which should be a string that matches
-+ # `Subclass.name`
-+ def self.find_subclass_by_name(class_name)
-+ resource_classes.first {|c| c.name == class_name }
-+ end
-+
-+
- include Chef::Mixin::CheckHelper
- include Chef::Mixin::ParamsValidate
- include Chef::Mixin::Language
diff --git a/debian/patches/series b/debian/patches/series
index 9055a0d..0a49035 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1 @@
remove_rubygems.diff
-json_create_CVE-2013-0269_workaround.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/chef.git
More information about the Pkg-ruby-extras-commits
mailing list