new file mode 100644

@@ -0,0 +1,70 @@

+diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c

+index a135e28348..2cdca5685f 100644

+--- a/ext/json/generator/generator.c

+@@ -301,7 +301,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {

+   char *result;

+   if (len <= 0) return NULL;

+   result = ALLOC_N(char, len);

+-  memccpy(result, ptr, 0, len);

++  memcpy(result, ptr, len);

+   return result;

+ }

+ 

+@@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)

+         }

+     } else {

+         if (state->indent) ruby_xfree(state->indent);

+-        state->indent = strdup(RSTRING_PTR(indent));

++        state->indent = fstrndup(RSTRING_PTR(indent), len);

+         state->indent_len = len;

+     }

+     return Qnil;

+@@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)

+         }

+     } else {

+         if (state->space) ruby_xfree(state->space);

+-        state->space = strdup(RSTRING_PTR(space));

++        state->space = fstrndup(RSTRING_PTR(space), len);

+         state->space_len = len;

+     }

+     return Qnil;

+@@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)

+         }

+     } else {

+         if (state->space_before) ruby_xfree(state->space_before);

+-        state->space_before = strdup(RSTRING_PTR(space_before));

++        state->space_before = fstrndup(RSTRING_PTR(space_before), len);

+         state->space_before_len = len;

+     }

+     return Qnil;

+@@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)

+         }

+     } else {

+         if (state->object_nl) ruby_xfree(state->object_nl);

+-        state->object_nl = strdup(RSTRING_PTR(object_nl));

++        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);

+         state->object_nl_len = len;

+     }

+     return Qnil;

+@@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)

+         }

+     } else {

+         if (state->array_nl) ruby_xfree(state->array_nl);

+-        state->array_nl = strdup(RSTRING_PTR(array_nl));

++        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);

+         state->array_nl_len = len;

+     }

+     return Qnil;

+diff --git ext/json/generator/generator.h ext/json/generator/generator.h

+index 298c0a4965..6bbf817b7d 100644

+--- a/ext/json/generator/generator.h

+@@ -1,7 +1,6 @@

+ #ifndef _GENERATOR_H_

+ #define _GENERATOR_H_

+ 

+-#include <string.h>

+ #include <math.h>

+ #include <ctype.h>

+ 

@@ -1,7 +1,7 @@

 Summary:    Ruby

 Name:       ruby

 Version:    2.4.1

-Release:    4%{?dist}

+Release:    5%{?dist}

 License:    BSDL

 URL:        https://www.ruby-lang.org/en/

 Group:      System Environment/Security

@@ -14,6 +14,8 @@ Patch1:     ruby-CVE-2017-9226.patch

 Patch2:     ruby-CVE-2017-9227.patch

 Patch3:     ruby-CVE-2017-9229.patch

 Patch4:     ruby-CVE-2017-9228.patch

+#https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85

+Patch5:     ruby-CVE-2017-14064.patch

 BuildRequires:  openssl-devel

 BuildRequires:  ca-certificates

 BuildRequires:  readline-devel

@@ -33,6 +35,7 @@ This is useful for object-oriented scripting.

 %patch2 -p1

 %patch3 -p1

 %patch4 -p1

+%patch5 -p1

 %build

 ./configure \

     --prefix=%{_prefix}   \

@@ -63,6 +66,8 @@ rm -rf %{buildroot}/*

 %{_docdir}/%{name}-%{version}

 %{_mandir}/man1/*

 %changelog

+*   Fri Sep 15 2017 Xiaolin Li <xiaolinl@vmware.com> 2.4.1-5

+-   [security] CVE-2017-14064

 *   Tue Sep 05 2017 Chang Lee <changlee@vmware.com> 2.4.1-4

 -   Built with copy preserve mode and fixed %check

 *   Mon Jul 24 2017 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.4.1-3