summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorThiruvadi Rajaraman <trajaraman@mvista.com>2017-11-04 10:35:54 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-11-21 14:43:55 +0000
commit5899c6b77c252fa025821bcbdc99d90c8efad60a (patch)
tree4956d2b0943afd950a8f20fef096ee0fee20cdb5 /meta
parentcab5a620accb47478b477a4a928032a53ed8baf8 (diff)
downloadpoky-5899c6b77c252fa025821bcbdc99d90c8efad60a.tar.gz
ruby: Security fix for CVE-2017-9227
affects ruby < 2.4.1 (From OE-Core rev: d83f18936a0eb470e8faf7adbd7c580c23fa3370) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch24
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.2.5.bb1
2 files changed, 25 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch
new file mode 100644
index 0000000000..f6eaefb7fd
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch
@@ -0,0 +1,24 @@
1commit 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
2Author: K.Kosako <kosako@sofnec.co.jp>
3Date: Tue May 23 16:15:35 2017 +0900
4
5 fix #58 : access to invalid address by reg->dmin value
6
7Upstream-Status: backport
8
9CVE: CVE-2017-9227
10Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
11
12Index: ruby-2.2.5/regexec.c
13===================================================================
14--- ruby-2.2.5.orig/regexec.c 2014-09-15 21:48:41.000000000 +0530
15+++ ruby-2.2.5/regexec.c 2017-08-30 12:18:04.054828426 +0530
16@@ -3678,6 +3678,8 @@
17 }
18 else {
19 UChar *q = p + reg->dmin;
20+
21+ if (q >= end) return 0; /* fail */
22 while (p < q) p += enclen(reg->enc, p, end);
23 }
24 }
diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
index 35882d18e6..e29eb9c9b4 100644
--- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.2.5.bb
@@ -5,6 +5,7 @@ SRC_URI[sha256sum] = "30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03c
5 5
6SRC_URI += "file://prevent-gc.patch \ 6SRC_URI += "file://prevent-gc.patch \
7 file://CVE-2016-7798.patch \ 7 file://CVE-2016-7798.patch \
8 file://CVE-2017-9227.patch \
8" 9"
9 10
10# it's unknown to configure script, but then passed to extconf.rb 11# it's unknown to configure script, but then passed to extconf.rb