ruby: 2.4.2 -> 2.5.0

1.Upgrade ruby form 2.4.2 to 2.5.0. 2.Update the checksum of LIC_FILES_CHKSUM. 3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream. 4.Modify ruby-CVE-2017-9226.patch, since the data has been changed. (From OE-Core rev: 67b9f407f7c40c63c7f9518b4ee3d4d1cc7c75ce) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> 2018-01-30 16:58:38 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-02-06 11:06:27 +0000
commit: a62c43a363245740c9a7250e5795983197a46896 (patch)
tree: 6b83fe30743e9701834bb42d54444b02b6bd908b /meta/recipes-devtools/ruby/ruby
parent: 5f0c4c785d7c6daa25cfd5e4ff939afb0ff2294a (diff)
download: poky-a62c43a363245740c9a7250e5795983197a46896.tar.gz
5 files changed, 12 insertions, 151 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/extmk.patch b/meta/recipes-devtools/ruby/ruby/extmk.patch
index a5b2184af5..404b9af7aa 100644
--- a/meta/recipes-devtools/ruby/ruby/extmk.patch
+++ b/meta/recipes-devtools/ruby/ruby/extmk.patch
@@ -2,13 +2,15 @@ Upstream-Status: Pending
 diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb
 --- ruby-1.8.7-p248.orig/ext/extmk.rb   2009-12-24 03:01:58.000000000 -0600
 +++ ruby-1.8.7-p248/ext/extmk.rb        2010-02-12 15:55:27.370061558 -0600
-@@ -354,8 +354,8 @@
+@@ -413,8 +413,8 @@ def $mflags.defined?(var)
-   $ruby = '$(topdir)/miniruby' + EXEEXT
 end
- $ruby << " -I'$(topdir)'"
+ $ruby = [$ruby]
-+$ruby << " -I'$(top_srcdir)/lib'"
+ $ruby << "-I'$(topdir)'"
+$ruby << "-I'$(top_srcdir)/lib'"
 unless CROSS_COMPILING
-  $ruby << " -I'$(top_srcdir)/lib'"
+-  $ruby << "-I'$(top_srcdir)/lib'"
-   $ruby << " -I'$(extout)/$(arch)' -I'$(extout)/common'" if $extout
+   $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout
-   $ruby << " -I./- -I'$(top_srcdir)/ext' -rpurelib.rb"
   ENV["RUBYLIB"] = "-"
+ end
+-- 
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
deleted file mode 100644
index 848139b7e3..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Tue, 23 May 2017 10:28:58 +0900
-Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
---
- regexec.c |    5 -----
- 1 file changed, 5 deletions(-)
--- end of original header
-CVE: CVE-2017-9224
-Context modified so that patch applies for version 2.4.1.
-Upstream-Status: Pending
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-diff --git a/regexec.c b/regexec.c
-index 35fef11..d4e577d 100644
--- a/regexec.c
-+++ b/regexec.c
-@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
-       NEXT;
-     CASE(OP_EXACT1)  MOP_IN(OP_EXACT1);
-#if 0
-       DATA_ENSURE(1);
-       if (*p != *s) goto fail;
-       p++; s++;
-#endif
-      if (*p != *s++) goto fail;
-      DATA_ENSURE(0);
-      p++;
-       MOP_OUT;
-       break;
- 
-- 
-1.7.9.5
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
index 0f2a4307cc..89437bba74 100644
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -20,22 +20,13 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com>
 --- ruby-2.4.1.orig/regparse.c
 +++ ruby-2.4.1/regparse.c
-@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
-       if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
-        prev = p;
-        num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
-       if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
-+       if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
-        if (p == prev) {  /* can't read nothing. */
-          num = 0; /* but, it's not error */
-        }
 @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
   switch (*state) {
   case CCS_VALUE:
     if (*type == CCV_SB) {
-+      if (*vs > 0xff)
+      if (*from > 0xff)
 +          return ONIGERR_INVALID_CODE_POINT_VALUE;
 +
-       BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs));
+       BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
       if (IS_NOT_NULL(asc_cc))
-        BITSET_SET_BIT(asc_cc->bs, (int )(*vs));
+        BITSET_SET_BIT(asc_cc->bs, (int )(*from));
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
deleted file mode 100644
index 85e7ccb369..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Tue, 23 May 2017 16:15:35 +0900
-Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
---
- regexec.c |    2 ++
- 1 file changed, 2 insertions(+)
--- end of original header
-CVE: CVE-2017-9227
-Upstream-Status: Inappropriate [not author]
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-diff --git a/regexec.c b/regexec.c
-index d4e577d..2fa0f3d 100644
--- a/regexec.c
-+++ b/regexec.c
-@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
-     }
-     else {
-       UChar *q = p + reg->dmin;
-+
-+      if (q >= end) return 0; /* fail */
-       while (p < q) p += enclen(reg->enc, p, end);
-     }
-   }
-- 
-1.7.9.5
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
deleted file mode 100644
index 6e765bf6dc..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Wed, 24 May 2017 10:27:04 +0900
-Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
---
- regexec.c |   27 +++++++++++++++++----------
- 1 file changed, 17 insertions(+), 10 deletions(-)
--- end of original header
-CVE: CVE-2017-9229
-Upstream-Status: Inappropriate [not author]
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-diff --git a/regexec.c b/regexec.c
-index 49bcc50..c0626ef 100644
--- a/regexec.c
-+++ b/regexec.c
-@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
-     }
-     else {
-       if (reg->dmax != ONIG_INFINITE_DISTANCE) {
-       *low = p - reg->dmax;
-       if (*low > s) {
-         *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
-                                                             *low, end, (const UChar** )low_prev);
-         if (low_prev && IS_NULL(*low_prev))
-           *low_prev = onigenc_get_prev_char_head(reg->enc,
-                                                  (pprev ? pprev : s), *low, end);
-+        if (p - str < reg->dmax) {
-+          *low = (UChar* )str;
-+          if (low_prev)
-+            *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
-        }
-        else {
-         if (low_prev)
-           *low_prev = onigenc_get_prev_char_head(reg->enc,
-                                              (pprev ? pprev : str), *low, end);
-+          *low = p - reg->dmax;
-+          if (*low > s) {
-+            *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
-+                                                 *low, end, (const UChar** )low_prev);
-+            if (low_prev && IS_NULL(*low_prev))
-+              *low_prev = onigenc_get_prev_char_head(reg->enc,
-+                                                     (pprev ? pprev : s), *low, end);
-+          }
-+          else {
-+            if (low_prev)
-+              *low_prev = onigenc_get_prev_char_head(reg->enc,
-+                                                     (pprev ? pprev : str), *low, end);
-+          }
-        }
-       }
-     }
-- 
-1.7.9.5
author	Huang Qiyu <huangqy.fnst@cn.fujitsu.com>	2018-01-30 16:58:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-02-06 11:06:27 +0000
commit	a62c43a363245740c9a7250e5795983197a46896 (patch)
tree	6b83fe30743e9701834bb42d54444b02b6bd908b /meta/recipes-devtools/ruby/ruby
parent	5f0c4c785d7c6daa25cfd5e4ff939afb0ff2294a (diff)
download	poky-a62c43a363245740c9a7250e5795983197a46896.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/extmk.patch b/meta/recipes-devtools/ruby/ruby/extmk.patch index a5b2184af5..404b9af7aa 100644 --- a/meta/recipes-devtools/ruby/ruby/extmk.patch +++ b/meta/recipes-devtools/ruby/ruby/extmk.patch
@@ -2,13 +2,15 @@ Upstream-Status: Pending
2	diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb	2	diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb
3	--- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600	3	--- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600
4	+++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600	4	+++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600
5	@@ -354,8 +354,8 @@	5	@@ -413,8 +413,8 @@ def $mflags.defined?(var)
6	$ruby = '$(topdir)/miniruby' + EXEEXT
7	end	6	end
8	$ruby << " -I'$(topdir)'"	7	$ruby = [$ruby]
9	+$ruby << " -I'$(top_srcdir)/lib'"	8	$ruby << "-I'$(topdir)'"
		9	+$ruby << "-I'$(top_srcdir)/lib'"
10	unless CROSS_COMPILING	10	unless CROSS_COMPILING
11	- $ruby << " -I'$(top_srcdir)/lib'"	11	- $ruby << "-I'$(top_srcdir)/lib'"
12	$ruby << " -I'$(extout)/$(arch)' -I'$(extout)/common'" if $extout	12	$ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout
13	$ruby << " -I./- -I'$(top_srcdir)/ext' -rpurelib.rb"
14	ENV["RUBYLIB"] = "-"	13	ENV["RUBYLIB"] = "-"
		14	end
		15	--
		16


diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch deleted file mode 100644 index 848139b7e3..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch +++ /dev/null
@@ -1,41 +0,0 @@
1	From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
2	From: "K.Kosako" <kosako@sofnec.co.jp>
3	Date: Tue, 23 May 2017 10:28:58 +0900
4	Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
5
6	---
7	regexec.c \| 5 -----
8	1 file changed, 5 deletions(-)
9
10	--- end of original header
11
12	CVE: CVE-2017-9224
13
14	Context modified so that patch applies for version 2.4.1.
15
16	Upstream-Status: Pending
17	Signed-off-by: Joe Slater <joe.slater@windriver.com>
18
19
20	diff --git a/regexec.c b/regexec.c
21	index 35fef11..d4e577d 100644
22	--- a/regexec.c
23	+++ b/regexec.c
24	@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
25	NEXT;
26
27	CASE(OP_EXACT1) MOP_IN(OP_EXACT1);
28	-#if 0
29	DATA_ENSURE(1);
30	if (p != s) goto fail;
31	p++; s++;
32	-#endif
33	- if (p != s++) goto fail;
34	- DATA_ENSURE(0);
35	- p++;
36	MOP_OUT;
37	break;
38
39	--
40	1.7.9.5
41


diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch index 0f2a4307cc..89437bba74 100644 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -20,22 +20,13 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com>
20		20
21	--- ruby-2.4.1.orig/regparse.c	21	--- ruby-2.4.1.orig/regparse.c
22	+++ ruby-2.4.1/regparse.c	22	+++ ruby-2.4.1/regparse.c
23	@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
24	if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
25	prev = p;
26	num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
27	- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
28	+ if (num < 0 \|\| 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
29	if (p == prev) { /* can't read nothing. */
30	num = 0; /* but, it's not error */
31	}
32	@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod	23	@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
33	switch (*state) {	24	switch (*state) {
34	case CCS_VALUE:	25	case CCS_VALUE:
35	if (*type == CCV_SB) {	26	if (*type == CCV_SB) {
36	+ if (*vs > 0xff)	27	+ if (*from > 0xff)
37	+ return ONIGERR_INVALID_CODE_POINT_VALUE;	28	+ return ONIGERR_INVALID_CODE_POINT_VALUE;
38	+	29	+
39	BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs));	30	BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
40	if (IS_NOT_NULL(asc_cc))	31	if (IS_NOT_NULL(asc_cc))
41	BITSET_SET_BIT(asc_cc->bs, (int )(*vs));	32	BITSET_SET_BIT(asc_cc->bs, (int )(*from));


diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch deleted file mode 100644 index 85e7ccb369..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch +++ /dev/null
@@ -1,32 +0,0 @@
1	From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
2	From: "K.Kosako" <kosako@sofnec.co.jp>
3	Date: Tue, 23 May 2017 16:15:35 +0900
4	Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
5
6	---
7	regexec.c \| 2 ++
8	1 file changed, 2 insertions(+)
9
10	--- end of original header
11
12	CVE: CVE-2017-9227
13
14	Upstream-Status: Inappropriate [not author]
15	Signed-off-by: Joe Slater <joe.slater@windriver.com>
16
17	diff --git a/regexec.c b/regexec.c
18	index d4e577d..2fa0f3d 100644
19	--- a/regexec.c
20	+++ b/regexec.c
21	@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
22	}
23	else {
24	UChar *q = p + reg->dmin;
25	+
26	+ if (q >= end) return 0; /* fail */
27	while (p < q) p += enclen(reg->enc, p, end);
28	}
29	}
30	--
31	1.7.9.5
32


diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch deleted file mode 100644 index 6e765bf6dc..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch +++ /dev/null
@@ -1,59 +0,0 @@
1	From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
2	From: "K.Kosako" <kosako@sofnec.co.jp>
3	Date: Wed, 24 May 2017 10:27:04 +0900
4	Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
5
6	---
7	regexec.c \| 27 +++++++++++++++++----------
8	1 file changed, 17 insertions(+), 10 deletions(-)
9
10	--- end of original header
11
12	CVE: CVE-2017-9229
13
14	Upstream-Status: Inappropriate [not author]
15	Signed-off-by: Joe Slater <joe.slater@windriver.com>
16
17	diff --git a/regexec.c b/regexec.c
18	index 49bcc50..c0626ef 100644
19	--- a/regexec.c
20	+++ b/regexec.c
21	@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
22	}
23	else {
24	if (reg->dmax != ONIG_INFINITE_DISTANCE) {
25	- *low = p - reg->dmax;
26	- if (*low > s) {
27	- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
28	- low, end, (const UChar* )low_prev);
29	- if (low_prev && IS_NULL(*low_prev))
30	- *low_prev = onigenc_get_prev_char_head(reg->enc,
31	- (pprev ? pprev : s), *low, end);
32	+ if (p - str < reg->dmax) {
33	+ low = (UChar )str;
34	+ if (low_prev)
35	+ low_prev = onigenc_get_prev_char_head(reg->enc, str, low, end);
36	}
37	else {
38	- if (low_prev)
39	- *low_prev = onigenc_get_prev_char_head(reg->enc,
40	- (pprev ? pprev : str), *low, end);
41	+ *low = p - reg->dmax;
42	+ if (*low > s) {
43	+ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
44	+ low, end, (const UChar* )low_prev);
45	+ if (low_prev && IS_NULL(*low_prev))
46	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
47	+ (pprev ? pprev : s), *low, end);
48	+ }
49	+ else {
50	+ if (low_prev)
51	+ *low_prev = onigenc_get_prev_char_head(reg->enc,
52	+ (pprev ? pprev : str), *low, end);
53	+ }
54	}
55	}
56	}
57	--
58	1.7.9.5
59