summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorLeonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>2017-10-12 11:35:23 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-05-07 15:57:37 +0100
commitd9a5006a73ead66c1dc9f39a55bd43dce5b1f177 (patch)
tree6c0ce5c0cc288f2e6a38449541faf7c4e003fc01 /meta
parentce99882619e3fc68a70962e22055a36d1723f1c8 (diff)
downloadpoky-d9a5006a73ead66c1dc9f39a55bd43dce5b1f177.tar.gz
ruby: upgrade to 2.4.2
The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e (From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438) (From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch87
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.4.2.bb (renamed from meta/recipes-devtools/ruby/ruby_2.4.1.bb)5
2 files changed, 2 insertions, 90 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
deleted file mode 100644
index 88e693c94e..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch
+++ /dev/null
@@ -1,87 +0,0 @@
1From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
2From: Florian Frank <flori@ping.de>
3Date: Thu, 2 Mar 2017 12:12:33 +0100
4Subject: [PATCH] Fix arbitrary heap exposure problem
5
6Upstream-Status: Backport
7CVE: CVE-2017-14064
8
9Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
10---
11 ext/json/generator/generator.c | 12 ++++++------
12 ext/json/generator/generator.h | 1 -
13 2 files changed, 6 insertions(+), 7 deletions(-)
14
15diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c
16index ef85bb7..c88818c 100644
17--- a/ext/json/generator/generator.c
18+++ b/ext/json/generator/generator.c
19@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
20 char *result;
21 if (len <= 0) return NULL;
22 result = ALLOC_N(char, len);
23- memccpy(result, ptr, 0, len);
24+ memcpy(result, ptr, len);
25 return result;
26 }
27
28@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
29 }
30 } else {
31 if (state->indent) ruby_xfree(state->indent);
32- state->indent = strdup(RSTRING_PTR(indent));
33+ state->indent = fstrndup(RSTRING_PTR(indent), len);
34 state->indent_len = len;
35 }
36 return Qnil;
37@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
38 }
39 } else {
40 if (state->space) ruby_xfree(state->space);
41- state->space = strdup(RSTRING_PTR(space));
42+ state->space = fstrndup(RSTRING_PTR(space), len);
43 state->space_len = len;
44 }
45 return Qnil;
46@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
47 }
48 } else {
49 if (state->space_before) ruby_xfree(state->space_before);
50- state->space_before = strdup(RSTRING_PTR(space_before));
51+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
52 state->space_before_len = len;
53 }
54 return Qnil;
55@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
56 }
57 } else {
58 if (state->object_nl) ruby_xfree(state->object_nl);
59- state->object_nl = strdup(RSTRING_PTR(object_nl));
60+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
61 state->object_nl_len = len;
62 }
63 return Qnil;
64@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
65 }
66 } else {
67 if (state->array_nl) ruby_xfree(state->array_nl);
68- state->array_nl = strdup(RSTRING_PTR(array_nl));
69+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
70 state->array_nl_len = len;
71 }
72 return Qnil;
73diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h
74index 900b4d5..c367a62 100644
75--- a/ext/json/generator/generator.h
76+++ b/ext/json/generator/generator.h
77@@ -1,7 +1,6 @@
78 #ifndef _GENERATOR_H_
79 #define _GENERATOR_H_
80
81-#include <string.h>
82 #include <math.h>
83 #include <ctype.h>
84
85--
862.10.2
87
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.2.bb
index 7d27ac84ec..b471154a22 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.2.bb
@@ -6,11 +6,10 @@ SRC_URI += " \
6 file://ruby-CVE-2017-9227.patch \ 6 file://ruby-CVE-2017-9227.patch \
7 file://ruby-CVE-2017-9228.patch \ 7 file://ruby-CVE-2017-9228.patch \
8 file://ruby-CVE-2017-9229.patch \ 8 file://ruby-CVE-2017-9229.patch \
9 file://ruby-CVE-2017-14064.patch \
10 " 9 "
11 10
12SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" 11SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c"
13SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250" 12SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c"
14 13
15# it's unknown to configure script, but then passed to extconf.rb 14# it's unknown to configure script, but then passed to extconf.rb
16# maybe it's not really needed as we're hardcoding the result with 15# maybe it's not really needed as we're hardcoding the result with
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-03 11:06:57 +0000