ruby: update to 2.4.3

This fixes a segfault in arm64 multilib. Drop CVE-2017-14064.patch Additional CVE included are 2.4.3: CVE-2017-17405: Command injection vulnerability in Net::FTP Additional CVE included are 2.4.2: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON Ruby Gems: DNS request hijacking vulnerability. (CVE-2017-0902) ANSI escape sequence vulnerability. (CVE-2017-0899) DoS vulnerability in the query command. (CVE-2017-0900) vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901) (From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2018-02-19 13:06:35 -0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-03-04 11:12:12 +0000
commit: c323026d9ca3f57628dca4114ed394a279637427 (patch)
tree: 9152e5fcddf83c40946b79c0e75f43caf8c4b2f4
parent: 3c735b01da4ddcf81b426b9f032e8f8494401fae (diff)
download: poky-c323026d9ca3f57628dca4114ed394a279637427.tar.gz
2 files changed, 2 insertions, 356 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
deleted file mode 100644
index 700d1bc58e..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch
+++ /dev/null
@@ -1,353 +0,0 @@
-From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001
-From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date: Sat, 22 Apr 2017 07:29:01 +0000
-Subject: [PATCH] merge revision(s) 58323,58324:
-        Merge json-2.0.4.
-          * https://github.com/flori/json/releases/tag/v2.0.4
-          * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
-        Use `assert_raise` instead of `assert_raises`.
-git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-Upstream-Status: Backport
-CVE: CVE-2017-14064
-Signed-off-by: Armin Kuster <akuster@mvisa.com>
---
- ext/json/fbuffer/fbuffer.h       |   3 ---
- ext/json/generator/generator.c   |  12 +++++-----
- ext/json/generator/generator.h   |   1 -
- ext/json/json.gemspec            | Bin 5473 -> 5474 bytes
- ext/json/lib/json/version.rb     |   2 +-
- ext/json/parser/parser.c         |  48 +++++++++++++++++++++++----------------
- ext/json/parser/parser.rl        |  14 +++++++++---
- test/json/json_encoding_test.rb  |   2 ++
- test/json/json_generator_test.rb |   0
- version.h                        |   2 +-
- 10 files changed, 49 insertions(+), 35 deletions(-)
- mode change 100755 => 100644 test/json/json_generator_test.rb
-Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h
-===================================================================
--- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h
-+++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h
-@@ -12,9 +12,6 @@
- #define RFLOAT_VALUE(val) (RFLOAT(val)->value)
- #endif
- 
-#ifndef RARRAY_PTR
-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
-#endif
- #ifndef RARRAY_LEN
- #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
- #endif
-Index: ruby-2.4.0/ext/json/generator/generator.c
-===================================================================
--- ruby-2.4.0.orig/ext/json/generator/generator.c
-+++ ruby-2.4.0/ext/json/generator/generator.c
-@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, u
-   char *result;
-   if (len <= 0) return NULL;
-   result = ALLOC_N(char, len);
-  memccpy(result, ptr, 0, len);
-+  memcpy(result, ptr, len);
-   return result;
- }
- 
-@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel
-         }
-     } else {
-         if (state->indent) ruby_xfree(state->indent);
-        state->indent = strdup(RSTRING_PTR(indent));
-+        state->indent = fstrndup(RSTRING_PTR(indent), len);
-         state->indent_len = len;
-     }
-     return Qnil;
-@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self
-         }
-     } else {
-         if (state->space) ruby_xfree(state->space);
-        state->space = strdup(RSTRING_PTR(space));
-+        state->space = fstrndup(RSTRING_PTR(space), len);
-         state->space_len = len;
-     }
-     return Qnil;
-@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL
-         }
-     } else {
-         if (state->space_before) ruby_xfree(state->space_before);
-        state->space_before = strdup(RSTRING_PTR(space_before));
-+        state->space_before = fstrndup(RSTRING_PTR(space_before), len);
-         state->space_before_len = len;
-     }
-     return Qnil;
-@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE
-         }
-     } else {
-         if (state->object_nl) ruby_xfree(state->object_nl);
-        state->object_nl = strdup(RSTRING_PTR(object_nl));
-+        state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
-         state->object_nl_len = len;
-     }
-     return Qnil;
-@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s
-         }
-     } else {
-         if (state->array_nl) ruby_xfree(state->array_nl);
-        state->array_nl = strdup(RSTRING_PTR(array_nl));
-+        state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
-         state->array_nl_len = len;
-     }
-     return Qnil;
-Index: ruby-2.4.0/ext/json/generator/generator.h
-===================================================================
--- ruby-2.4.0.orig/ext/json/generator/generator.h
-+++ ruby-2.4.0/ext/json/generator/generator.h
-@@ -1,7 +1,6 @@
- #ifndef _GENERATOR_H_
- #define _GENERATOR_H_
- 
-#include <string.h>
- #include <math.h>
- #include <ctype.h>
- 
-Index: ruby-2.4.0/ext/json/lib/json/version.rb
-===================================================================
--- ruby-2.4.0.orig/ext/json/lib/json/version.rb
-+++ ruby-2.4.0/ext/json/lib/json/version.rb
-@@ -1,7 +1,7 @@
- # frozen_string_literal: false
- module JSON
-   # JSON version
-  VERSION         = '2.0.2'
-+  VERSION         = '2.0.4'
-   VERSION_ARRAY   = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
-   VERSION_MAJOR   = VERSION_ARRAY[0] # :nodoc:
-   VERSION_MINOR   = VERSION_ARRAY[1] # :nodoc:
-Index: ruby-2.4.0/ext/json/parser/parser.c
-===================================================================
--- ruby-2.4.0.orig/ext/json/parser/parser.c
-+++ ruby-2.4.0/ext/json/parser/parser.c
-@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE
-                     break;
-                 case 'u':
-                     if (pe > stringEnd - 4) {
-                        return Qnil;
-+                      rb_enc_raise(
-+                        EXC_ENCODING eParserError,
-+                        "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
-+                      );
-                     } else {
-                         UTF32 ch = unescape_unicode((unsigned char *) ++pe);
-                         pe += 3;
-                         if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
-                             pe++;
-                            if (pe > stringEnd - 6) return Qnil;
-+                            if (pe > stringEnd - 6) {
-+                              rb_enc_raise(
-+                                EXC_ENCODING eParserError,
-+                                "%u: incomplete surrogate pair at '%s'", __LINE__, p
-+                                );
-+                            }
-                             if (pe[0] == '\\' && pe[1] == 'u') {
-                                 UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
-                                 ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
-@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE
- }
- 
- 
-#line 1475 "parser.c"
-+#line 1483 "parser.c"
- enum {JSON_string_start = 1};
- enum {JSON_string_first_final = 8};
- enum {JSON_string_error = 0};
-@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
- enum {JSON_string_en_main = 1};
- 
- 
-#line 504 "parser.rl"
-+#line 512 "parser.rl"
- 
- 
- static int
-@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars
- 
-     *result = rb_str_buf_new(0);
- 
-#line 1505 "parser.c"
-+#line 1513 "parser.c"
-        {
-        cs = JSON_string_start;
-        }
- 
-#line 525 "parser.rl"
-+#line 533 "parser.rl"
-     json->memo = p;
- 
-#line 1513 "parser.c"
-+#line 1521 "parser.c"
-        {
-        if ( p == pe )
-                goto _test_eof;
-@@ -1534,7 +1542,7 @@ case 2:
-                goto st0;
-        goto st2;
- tr2:
-#line 490 "parser.rl"
-+#line 498 "parser.rl"
-        {
-         *result = json_string_unescape(*result, json->memo + 1, p);
-         if (NIL_P(*result)) {
-@@ -1545,14 +1553,14 @@ tr2:
-             {p = (( p + 1))-1;}
-         }
-     }
-#line 501 "parser.rl"
-+#line 509 "parser.rl"
-        { p--; {p++; cs = 8; goto _out;} }
-        goto st8;
- st8:
-        if ( ++p == pe )
-                goto _test_eof8;
- case 8:
-#line 1556 "parser.c"
-+#line 1564 "parser.c"
-        goto st0;
- st3:
-        if ( ++p == pe )
-@@ -1628,7 +1636,7 @@ case 7:
-        _out: {}
-        }
- 
-#line 527 "parser.rl"
-+#line 535 "parser.rl"
- 
-     if (json->create_additions && RTEST(match_string = json->match_string)) {
-           VALUE klass;
-@@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour
-     }
-     FORCE_UTF8(source);
-   } else {
-    source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
-+    source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
-   }
- #endif
-     return source;
-@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc
- }
- 
- 
-#line 1812 "parser.c"
-+#line 1820 "parser.c"
- enum {JSON_start = 1};
- enum {JSON_first_final = 10};
- enum {JSON_error = 0};
-@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
- enum {JSON_en_main = 1};
- 
- 
-#line 720 "parser.rl"
-+#line 728 "parser.rl"
- 
- 
- /*
-@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
-   GET_PARSER;
- 
- 
-#line 1837 "parser.c"
-+#line 1845 "parser.c"
-        {
-        cs = JSON_start;
-        }
- 
-#line 736 "parser.rl"
-+#line 744 "parser.rl"
-   p = json->source;
-   pe = p + json->len;
- 
-#line 1846 "parser.c"
-+#line 1854 "parser.c"
-        {
-        if ( p == pe )
-                goto _test_eof;
-@@ -1876,7 +1884,7 @@ st0:
- cs = 0;
-        goto _out;
- tr2:
-#line 712 "parser.rl"
-+#line 720 "parser.rl"
-        {
-         char *np = JSON_parse_value(json, p, pe, &result, 0);
-         if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
-@@ -1886,7 +1894,7 @@ st10:
-        if ( ++p == pe )
-                goto _test_eof10;
- case 10:
-#line 1890 "parser.c"
-+#line 1898 "parser.c"
-        switch( (*p) ) {
-                case 13: goto st10;
-                case 32: goto st10;
-@@ -1975,7 +1983,7 @@ case 9:
-        _out: {}
-        }
- 
-#line 739 "parser.rl"
-+#line 747 "parser.rl"
- 
-   if (cs >= JSON_first_final && p == pe) {
-     return result;
-Index: ruby-2.4.0/ext/json/parser/parser.rl
-===================================================================
--- ruby-2.4.0.orig/ext/json/parser/parser.rl
-+++ ruby-2.4.0/ext/json/parser/parser.rl
-@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE
-                     break;
-                 case 'u':
-                     if (pe > stringEnd - 4) {
-                        return Qnil;
-+                      rb_enc_raise(
-+                        EXC_ENCODING eParserError,
-+                        "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
-+                      );
-                     } else {
-                         UTF32 ch = unescape_unicode((unsigned char *) ++pe);
-                         pe += 3;
-                         if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
-                             pe++;
-                            if (pe > stringEnd - 6) return Qnil;
-+                            if (pe > stringEnd - 6) {
-+                              rb_enc_raise(
-+                                EXC_ENCODING eParserError,
-+                                "%u: incomplete surrogate pair at '%s'", __LINE__, p
-+                                );
-+                            }
-                             if (pe[0] == '\\' && pe[1] == 'u') {
-                                 UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
-                                 ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16)
-@@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour
-     }
-     FORCE_UTF8(source);
-   } else {
-    source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
-+    source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
-   }
- #endif
-     return source;
-Index: ruby-2.4.0/test/json/json_encoding_test.rb
-===================================================================
--- ruby-2.4.0.orig/test/json/json_encoding_test.rb
-+++ ruby-2.4.0/test/json/json_encoding_test.rb
-@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes
-     json = '["\ud840\udc01"]'
-     assert_equal json, generate(utf8, :ascii_only => true)
-     assert_equal utf8, parse(json)
-+    assert_raise(JSON::ParserError) { parse('"\u"') }
-+    assert_raise(JSON::ParserError) { parse('"\ud800"') }
-   end
- 
-   def test_chars
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.3.bb
index b08837cfe8..668bc96901 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.3.bb
@@ -6,11 +6,10 @@ SRC_URI += " \
           file://ruby-CVE-2017-9227.patch \
           file://ruby-CVE-2017-9228.patch \
           file://ruby-CVE-2017-9229.patch \
-           file://CVE-2017-14064.patch \
           "
-SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"
+SRC_URI[md5sum] = "a00e0d49b454f4c0e528e7852d642925"
-SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"
+SRC_URI[sha256sum] = "fd0375582c92045aa7d31854e724471fb469e11a4b08ff334d39052ccaaa3a98"
 # it's unknown to configure script, but then passed to extconf.rb
 # maybe it's not really needed as we're hardcoding the result with
author	Armin Kuster <akuster808@gmail.com>	2018-02-19 13:06:35 -0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-03-04 11:12:12 +0000
commit	c323026d9ca3f57628dca4114ed394a279637427 (patch)
tree	9152e5fcddf83c40946b79c0e75f43caf8c4b2f4
parent	3c735b01da4ddcf81b426b9f032e8f8494401fae (diff)
download	poky-c323026d9ca3f57628dca4114ed394a279637427.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch deleted file mode 100644 index 700d1bc58e..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch +++ /dev/null
@@ -1,353 +0,0 @@
1	From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001
2	From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
3	Date: Sat, 22 Apr 2017 07:29:01 +0000
4	Subject: [PATCH] merge revision(s) 58323,58324:
5
6	Merge json-2.0.4.
7
8	* https://github.com/flori/json/releases/tag/v2.0.4
9	* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
10	Use `assert_raise` instead of `assert_raises`.
11
12	git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
13
14	Upstream-Status: Backport
15	CVE: CVE-2017-14064
16
17	Signed-off-by: Armin Kuster <akuster@mvisa.com>
18
19	---
20	ext/json/fbuffer/fbuffer.h \| 3 ---
21	ext/json/generator/generator.c \| 12 +++++-----
22	ext/json/generator/generator.h \| 1 -
23	ext/json/json.gemspec \| Bin 5473 -> 5474 bytes
24	ext/json/lib/json/version.rb \| 2 +-
25	ext/json/parser/parser.c \| 48 +++++++++++++++++++++++----------------
26	ext/json/parser/parser.rl \| 14 +++++++++---
27	test/json/json_encoding_test.rb \| 2 ++
28	test/json/json_generator_test.rb \| 0
29	version.h \| 2 +-
30	10 files changed, 49 insertions(+), 35 deletions(-)
31	mode change 100755 => 100644 test/json/json_generator_test.rb
32
33	Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h
34	===================================================================
35	--- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h
36	+++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h
37	@@ -12,9 +12,6 @@
38	#define RFLOAT_VALUE(val) (RFLOAT(val)->value)
39	#endif
40
41	-#ifndef RARRAY_PTR
42	-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr
43	-#endif
44	#ifndef RARRAY_LEN
45	#define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len
46	#endif
47	Index: ruby-2.4.0/ext/json/generator/generator.c
48	===================================================================
49	--- ruby-2.4.0.orig/ext/json/generator/generator.c
50	+++ ruby-2.4.0/ext/json/generator/generator.c
51	@@ -308,7 +308,7 @@ static char fstrndup(const char ptr, u
52	char *result;
53	if (len <= 0) return NULL;
54	result = ALLOC_N(char, len);
55	- memccpy(result, ptr, 0, len);
56	+ memcpy(result, ptr, len);
57	return result;
58	}
59
60	@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel
61	}
62	} else {
63	if (state->indent) ruby_xfree(state->indent);
64	- state->indent = strdup(RSTRING_PTR(indent));
65	+ state->indent = fstrndup(RSTRING_PTR(indent), len);
66	state->indent_len = len;
67	}
68	return Qnil;
69	@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self
70	}
71	} else {
72	if (state->space) ruby_xfree(state->space);
73	- state->space = strdup(RSTRING_PTR(space));
74	+ state->space = fstrndup(RSTRING_PTR(space), len);
75	state->space_len = len;
76	}
77	return Qnil;
78	@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL
79	}
80	} else {
81	if (state->space_before) ruby_xfree(state->space_before);
82	- state->space_before = strdup(RSTRING_PTR(space_before));
83	+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
84	state->space_before_len = len;
85	}
86	return Qnil;
87	@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE
88	}
89	} else {
90	if (state->object_nl) ruby_xfree(state->object_nl);
91	- state->object_nl = strdup(RSTRING_PTR(object_nl));
92	+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
93	state->object_nl_len = len;
94	}
95	return Qnil;
96	@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s
97	}
98	} else {
99	if (state->array_nl) ruby_xfree(state->array_nl);
100	- state->array_nl = strdup(RSTRING_PTR(array_nl));
101	+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
102	state->array_nl_len = len;
103	}
104	return Qnil;
105	Index: ruby-2.4.0/ext/json/generator/generator.h
106	===================================================================
107	--- ruby-2.4.0.orig/ext/json/generator/generator.h
108	+++ ruby-2.4.0/ext/json/generator/generator.h
109	@@ -1,7 +1,6 @@
110	#ifndef _GENERATOR_H_
111	#define _GENERATOR_H_
112
113	-#include <string.h>
114	#include <math.h>
115	#include <ctype.h>
116
117	Index: ruby-2.4.0/ext/json/lib/json/version.rb
118	===================================================================
119	--- ruby-2.4.0.orig/ext/json/lib/json/version.rb
120	+++ ruby-2.4.0/ext/json/lib/json/version.rb
121	@@ -1,7 +1,7 @@
122	# frozen_string_literal: false
123	module JSON
124	# JSON version
125	- VERSION = '2.0.2'
126	+ VERSION = '2.0.4'
127	VERSION_ARRAY = VERSION.split(/\./).map { \|x\| x.to_i } # :nodoc:
128	VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
129	VERSION_MINOR = VERSION_ARRAY[1] # :nodoc:
130	Index: ruby-2.4.0/ext/json/parser/parser.c
131	===================================================================
132	--- ruby-2.4.0.orig/ext/json/parser/parser.c
133	+++ ruby-2.4.0/ext/json/parser/parser.c
134	@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE
135	break;
136	case 'u':
137	if (pe > stringEnd - 4) {
138	- return Qnil;
139	+ rb_enc_raise(
140	+ EXC_ENCODING eParserError,
141	+ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
142	+ );
143	} else {
144	UTF32 ch = unescape_unicode((unsigned char *) ++pe);
145	pe += 3;
146	if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
147	pe++;
148	- if (pe > stringEnd - 6) return Qnil;
149	+ if (pe > stringEnd - 6) {
150	+ rb_enc_raise(
151	+ EXC_ENCODING eParserError,
152	+ "%u: incomplete surrogate pair at '%s'", __LINE__, p
153	+ );
154	+ }
155	if (pe[0] == '\\' && pe[1] == 'u') {
156	UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
157	ch = (((ch & 0x3F) << 10) \| ((((ch >> 6) & 0xF) + 1) << 16)
158	@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE
159	}
160
161
162	-#line 1475 "parser.c"
163	+#line 1483 "parser.c"
164	enum {JSON_string_start = 1};
165	enum {JSON_string_first_final = 8};
166	enum {JSON_string_error = 0};
167	@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0};
168	enum {JSON_string_en_main = 1};
169
170
171	-#line 504 "parser.rl"
172	+#line 512 "parser.rl"
173
174
175	static int
176	@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars
177
178	*result = rb_str_buf_new(0);
179
180	-#line 1505 "parser.c"
181	+#line 1513 "parser.c"
182	{
183	cs = JSON_string_start;
184	}
185
186	-#line 525 "parser.rl"
187	+#line 533 "parser.rl"
188	json->memo = p;
189
190	-#line 1513 "parser.c"
191	+#line 1521 "parser.c"
192	{
193	if ( p == pe )
194	goto _test_eof;
195	@@ -1534,7 +1542,7 @@ case 2:
196	goto st0;
197	goto st2;
198	tr2:
199	-#line 490 "parser.rl"
200	+#line 498 "parser.rl"
201	{
202	result = json_string_unescape(result, json->memo + 1, p);
203	if (NIL_P(*result)) {
204	@@ -1545,14 +1553,14 @@ tr2:
205	{p = (( p + 1))-1;}
206	}
207	}
208	-#line 501 "parser.rl"
209	+#line 509 "parser.rl"
210	{ p--; {p++; cs = 8; goto _out;} }
211	goto st8;
212	st8:
213	if ( ++p == pe )
214	goto _test_eof8;
215	case 8:
216	-#line 1556 "parser.c"
217	+#line 1564 "parser.c"
218	goto st0;
219	st3:
220	if ( ++p == pe )
221	@@ -1628,7 +1636,7 @@ case 7:
222	_out: {}
223	}
224
225	-#line 527 "parser.rl"
226	+#line 535 "parser.rl"
227
228	if (json->create_additions && RTEST(match_string = json->match_string)) {
229	VALUE klass;
230	@@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour
231	}
232	FORCE_UTF8(source);
233	} else {
234	- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
235	+ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
236	}
237	#endif
238	return source;
239	@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc
240	}
241
242
243	-#line 1812 "parser.c"
244	+#line 1820 "parser.c"
245	enum {JSON_start = 1};
246	enum {JSON_first_final = 10};
247	enum {JSON_error = 0};
248	@@ -1816,7 +1824,7 @@ enum {JSON_error = 0};
249	enum {JSON_en_main = 1};
250
251
252	-#line 720 "parser.rl"
253	+#line 728 "parser.rl"
254
255
256	/*
257	@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self)
258	GET_PARSER;
259
260
261	-#line 1837 "parser.c"
262	+#line 1845 "parser.c"
263	{
264	cs = JSON_start;
265	}
266
267	-#line 736 "parser.rl"
268	+#line 744 "parser.rl"
269	p = json->source;
270	pe = p + json->len;
271
272	-#line 1846 "parser.c"
273	+#line 1854 "parser.c"
274	{
275	if ( p == pe )
276	goto _test_eof;
277	@@ -1876,7 +1884,7 @@ st0:
278	cs = 0;
279	goto _out;
280	tr2:
281	-#line 712 "parser.rl"
282	+#line 720 "parser.rl"
283	{
284	char *np = JSON_parse_value(json, p, pe, &result, 0);
285	if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
286	@@ -1886,7 +1894,7 @@ st10:
287	if ( ++p == pe )
288	goto _test_eof10;
289	case 10:
290	-#line 1890 "parser.c"
291	+#line 1898 "parser.c"
292	switch( (*p) ) {
293	case 13: goto st10;
294	case 32: goto st10;
295	@@ -1975,7 +1983,7 @@ case 9:
296	_out: {}
297	}
298
299	-#line 739 "parser.rl"
300	+#line 747 "parser.rl"
301
302	if (cs >= JSON_first_final && p == pe) {
303	return result;
304	Index: ruby-2.4.0/ext/json/parser/parser.rl
305	===================================================================
306	--- ruby-2.4.0.orig/ext/json/parser/parser.rl
307	+++ ruby-2.4.0/ext/json/parser/parser.rl
308	@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE
309	break;
310	case 'u':
311	if (pe > stringEnd - 4) {
312	- return Qnil;
313	+ rb_enc_raise(
314	+ EXC_ENCODING eParserError,
315	+ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p
316	+ );
317	} else {
318	UTF32 ch = unescape_unicode((unsigned char *) ++pe);
319	pe += 3;
320	if (UNI_SUR_HIGH_START == (ch & 0xFC00)) {
321	pe++;
322	- if (pe > stringEnd - 6) return Qnil;
323	+ if (pe > stringEnd - 6) {
324	+ rb_enc_raise(
325	+ EXC_ENCODING eParserError,
326	+ "%u: incomplete surrogate pair at '%s'", __LINE__, p
327	+ );
328	+ }
329	if (pe[0] == '\\' && pe[1] == 'u') {
330	UTF32 sur = unescape_unicode((unsigned char *) pe + 2);
331	ch = (((ch & 0x3F) << 10) \| ((((ch >> 6) & 0xF) + 1) << 16)
332	@@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour
333	}
334	FORCE_UTF8(source);
335	} else {
336	- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding());
337	+ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding());
338	}
339	#endif
340	return source;
341	Index: ruby-2.4.0/test/json/json_encoding_test.rb
342	===================================================================
343	--- ruby-2.4.0.orig/test/json/json_encoding_test.rb
344	+++ ruby-2.4.0/test/json/json_encoding_test.rb
345	@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes
346	json = '["\ud840\udc01"]'
347	assert_equal json, generate(utf8, :ascii_only => true)
348	assert_equal utf8, parse(json)
349	+ assert_raise(JSON::ParserError) { parse('"\u"') }
350	+ assert_raise(JSON::ParserError) { parse('"\ud800"') }
351	end
352
353	def test_chars


diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.3.bb index b08837cfe8..668bc96901 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.0.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.3.bb
@@ -6,11 +6,10 @@ SRC_URI += " \
6	file://ruby-CVE-2017-9227.patch \	6	file://ruby-CVE-2017-9227.patch \
7	file://ruby-CVE-2017-9228.patch \	7	file://ruby-CVE-2017-9228.patch \
8	file://ruby-CVE-2017-9229.patch \	8	file://ruby-CVE-2017-9229.patch \
9	file://CVE-2017-14064.patch \
10	"	9	"
11		10
12	SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625"	11	SRC_URI[md5sum] = "a00e0d49b454f4c0e528e7852d642925"
13	SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d"	12	SRC_URI[sha256sum] = "fd0375582c92045aa7d31854e724471fb469e11a4b08ff334d39052ccaaa3a98"
14		13
15	# it's unknown to configure script, but then passed to extconf.rb	14	# it's unknown to configure script, but then passed to extconf.rb
16	# maybe it's not really needed as we're hardcoding the result with	15	# maybe it's not really needed as we're hardcoding the result with