ruby: Security fix for CVE-2017-9228

affects ruby < 2.4.1 (From OE-Core rev: cdfb60a7b573c034868ef27d8eb2c667f2a7ad1d) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Thiruvadi Rajaraman <trajaraman@mvista.com> 2017-11-04 10:37:48 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-21 14:43:55 +0000
commit: 7f7e00483a1c1e45e1104035433cb2981214e777 (patch)
tree: a5dff7642a96f4689cd5f1c964b3817e9de6c487 /meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
parent: 5899c6b77c252fa025821bcbdc99d90c8efad60a (diff)
download: poky-7f7e00483a1c1e45e1104035433cb2981214e777.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
new file mode 100644
index 0000000000..dc911bb20b
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
@@ -0,0 +1,26 @@
+commit 3b63d12038c8d8fc278e81c942fa9bec7c704c8b
+Author: K.Kosako <kosako@sofnec.co.jp>
+Date:   Wed May 24 13:43:25 2017 +0900
+    fix #60 : invalid state(CCS_VALUE) in parse_char_class()
+Upstream-Status: Backport
+CVE: CVE-2017-9228
+Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
+Index: ruby-2.2.5/regparse.c
+===================================================================
+--- ruby-2.2.5.orig/regparse.c  2014-09-16 08:14:10.000000000 +0530
+++ ruby-2.2.5/regparse.c       2017-08-30 11:58:25.774275722 +0530
+@@ -4458,7 +4458,9 @@
+     }
+   }
+ 
+-  *state = CCS_VALUE;
+  if (*state != CCS_START)
+    *state = CCS_VALUE;
+
+   *type  = CCV_CLASS;
+   return 0;
+ }
author	Thiruvadi Rajaraman <trajaraman@mvista.com>	2017-11-04 10:37:48 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-11-21 14:43:55 +0000
commit	7f7e00483a1c1e45e1104035433cb2981214e777 (patch)
tree	a5dff7642a96f4689cd5f1c964b3817e9de6c487 /meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
parent	5899c6b77c252fa025821bcbdc99d90c8efad60a (diff)
download	poky-7f7e00483a1c1e45e1104035433cb2981214e777.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch new file mode 100644 index 0000000000..dc911bb20b --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch
@@ -0,0 +1,26 @@
	1	commit 3b63d12038c8d8fc278e81c942fa9bec7c704c8b
	2	Author: K.Kosako <kosako@sofnec.co.jp>
	3	Date: Wed May 24 13:43:25 2017 +0900
	4
	5	fix #60 : invalid state(CCS_VALUE) in parse_char_class()
	6
	7	Upstream-Status: Backport
	8
	9	CVE: CVE-2017-9228
	10	Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
	11
	12	Index: ruby-2.2.5/regparse.c
	13	===================================================================
	14	--- ruby-2.2.5.orig/regparse.c 2014-09-16 08:14:10.000000000 +0530
	15	+++ ruby-2.2.5/regparse.c 2017-08-30 11:58:25.774275722 +0530
	16	@@ -4458,7 +4458,9 @@
	17	}
	18	}
	19
	20	- *state = CCS_VALUE;
	21	+ if (*state != CCS_START)
	22	+ *state = CCS_VALUE;
	23	+
	24	*type = CCV_CLASS;
	25	return 0;
	26	}