ruby: update to 2.4.0

Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby (up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8) (From OE-Core rev: 4734a4b41898e3df252b6234ed1270a915fd1f68) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alexander.kanavin@linux.intel.com> 2018-01-12 18:20:01 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-01-14 22:10:54 +0000
commit: bbc0795ada93d943bf534289eaa7c07c5ffb7d44 (patch)
tree: a4799babf05503dd1ae12dbedb76725c7c82ff08 /meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
parent: e6aadcc2a04ae4e85b1cb00c5c9ce1c0f76ee871 (diff)
download: poky-bbc0795ada93d943bf534289eaa7c07c5ffb7d44.tar.gz
1 files changed, 59 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
new file mode 100644
index 0000000000..6e765bf6dc
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
@@ -0,0 +1,59 @@
+From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako@sofnec.co.jp>
+Date: Wed, 24 May 2017 10:27:04 +0900
+Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
+---
+ regexec.c |   27 +++++++++++++++++----------
+ 1 file changed, 17 insertions(+), 10 deletions(-)
+--- end of original header
+CVE: CVE-2017-9229
+Upstream-Status: Inappropriate [not author]
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+diff --git a/regexec.c b/regexec.c
+index 49bcc50..c0626ef 100644
+--- a/regexec.c
+++ b/regexec.c
+@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
+     }
+     else {
+       if (reg->dmax != ONIG_INFINITE_DISTANCE) {
+-       *low = p - reg->dmax;
+-       if (*low > s) {
+-         *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+-                                                             *low, end, (const UChar** )low_prev);
+-         if (low_prev && IS_NULL(*low_prev))
+-           *low_prev = onigenc_get_prev_char_head(reg->enc,
+-                                                  (pprev ? pprev : s), *low, end);
+        if (p - str < reg->dmax) {
+          *low = (UChar* )str;
+          if (low_prev)
+            *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
+        }
+        else {
+-         if (low_prev)
+-           *low_prev = onigenc_get_prev_char_head(reg->enc,
+-                                              (pprev ? pprev : str), *low, end);
+          *low = p - reg->dmax;
+          if (*low > s) {
+            *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
+                                                 *low, end, (const UChar** )low_prev);
+            if (low_prev && IS_NULL(*low_prev))
+              *low_prev = onigenc_get_prev_char_head(reg->enc,
+                                                     (pprev ? pprev : s), *low, end);
+          }
+          else {
+            if (low_prev)
+              *low_prev = onigenc_get_prev_char_head(reg->enc,
+                                                     (pprev ? pprev : str), *low, end);
+          }
+        }
+       }
+     }
+-- 
+1.7.9.5
author	Alexander Kanavin <alexander.kanavin@linux.intel.com>	2018-01-12 18:20:01 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-01-14 22:10:54 +0000
commit	bbc0795ada93d943bf534289eaa7c07c5ffb7d44 (patch)
tree	a4799babf05503dd1ae12dbedb76725c7c82ff08 /meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
parent	e6aadcc2a04ae4e85b1cb00c5c9ce1c0f76ee871 (diff)
download	poky-bbc0795ada93d943bf534289eaa7c07c5ffb7d44.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch new file mode 100644 index 0000000000..6e765bf6dc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
@@ -0,0 +1,59 @@
	1	From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
	2	From: "K.Kosako" <kosako@sofnec.co.jp>
	3	Date: Wed, 24 May 2017 10:27:04 +0900
	4	Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
	5
	6	---
	7	regexec.c \| 27 +++++++++++++++++----------
	8	1 file changed, 17 insertions(+), 10 deletions(-)
	9
	10	--- end of original header
	11
	12	CVE: CVE-2017-9229
	13
	14	Upstream-Status: Inappropriate [not author]
	15	Signed-off-by: Joe Slater <joe.slater@windriver.com>
	16
	17	diff --git a/regexec.c b/regexec.c
	18	index 49bcc50..c0626ef 100644
	19	--- a/regexec.c
	20	+++ b/regexec.c
	21	@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
	22	}
	23	else {
	24	if (reg->dmax != ONIG_INFINITE_DISTANCE) {
	25	- *low = p - reg->dmax;
	26	- if (*low > s) {
	27	- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
	28	- low, end, (const UChar* )low_prev);
	29	- if (low_prev && IS_NULL(*low_prev))
	30	- *low_prev = onigenc_get_prev_char_head(reg->enc,
	31	- (pprev ? pprev : s), *low, end);
	32	+ if (p - str < reg->dmax) {
	33	+ low = (UChar )str;
	34	+ if (low_prev)
	35	+ low_prev = onigenc_get_prev_char_head(reg->enc, str, low, end);
	36	}
	37	else {
	38	- if (low_prev)
	39	- *low_prev = onigenc_get_prev_char_head(reg->enc,
	40	- (pprev ? pprev : str), *low, end);
	41	+ *low = p - reg->dmax;
	42	+ if (*low > s) {
	43	+ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
	44	+ low, end, (const UChar* )low_prev);
	45	+ if (low_prev && IS_NULL(*low_prev))
	46	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
	47	+ (pprev ? pprev : s), *low, end);
	48	+ }
	49	+ else {
	50	+ if (low_prev)
	51	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
	52	+ (pprev ? pprev : str), *low, end);
	53	+ }
	54	}
	55	}
	56	}
	57	--
	58	1.7.9.5
	59