diff options
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-devtools/ruby/ruby.inc | 4 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/extmk.patch | 16 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch | 41 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch | 15 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch | 32 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch | 59 | ||||
-rw-r--r-- | meta/recipes-devtools/ruby/ruby_2.5.0.bb (renamed from meta/recipes-devtools/ruby/ruby_2.4.2.bb) | 7 |
7 files changed, 16 insertions, 158 deletions
diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc index 9a52a6965f..fd3911ba75 100644 --- a/meta/recipes-devtools/ruby/ruby.inc +++ b/meta/recipes-devtools/ruby/ruby.inc | |||
@@ -8,10 +8,10 @@ HOMEPAGE = "http://www.ruby-lang.org/" | |||
8 | SECTION = "devel/ruby" | 8 | SECTION = "devel/ruby" |
9 | LICENSE = "Ruby | BSD | GPLv2" | 9 | LICENSE = "Ruby | BSD | GPLv2" |
10 | LIC_FILES_CHKSUM = "\ | 10 | LIC_FILES_CHKSUM = "\ |
11 | file://COPYING;md5=8a960b08d972f43f91ae84a6f00dcbfb \ | 11 | file://COPYING;md5=340948e1882e579731841bf49cdc22c1 \ |
12 | file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\ | 12 | file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\ |
13 | file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\ | 13 | file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\ |
14 | file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \ | 14 | file://LEGAL;md5=8f871f3f03732c018a5fa9b185958231 \ |
15 | " | 15 | " |
16 | 16 | ||
17 | DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline" | 17 | DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline" |
diff --git a/meta/recipes-devtools/ruby/ruby/extmk.patch b/meta/recipes-devtools/ruby/ruby/extmk.patch index a5b2184af5..404b9af7aa 100644 --- a/meta/recipes-devtools/ruby/ruby/extmk.patch +++ b/meta/recipes-devtools/ruby/ruby/extmk.patch | |||
@@ -2,13 +2,15 @@ Upstream-Status: Pending | |||
2 | diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb | 2 | diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb |
3 | --- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600 | 3 | --- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600 |
4 | +++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600 | 4 | +++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600 |
5 | @@ -354,8 +354,8 @@ | 5 | @@ -413,8 +413,8 @@ def $mflags.defined?(var) |
6 | $ruby = '$(topdir)/miniruby' + EXEEXT | ||
7 | end | 6 | end |
8 | $ruby << " -I'$(topdir)'" | 7 | $ruby = [$ruby] |
9 | +$ruby << " -I'$(top_srcdir)/lib'" | 8 | $ruby << "-I'$(topdir)'" |
9 | +$ruby << "-I'$(top_srcdir)/lib'" | ||
10 | unless CROSS_COMPILING | 10 | unless CROSS_COMPILING |
11 | - $ruby << " -I'$(top_srcdir)/lib'" | 11 | - $ruby << "-I'$(top_srcdir)/lib'" |
12 | $ruby << " -I'$(extout)/$(arch)' -I'$(extout)/common'" if $extout | 12 | $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout |
13 | $ruby << " -I./- -I'$(top_srcdir)/ext' -rpurelib.rb" | ||
14 | ENV["RUBYLIB"] = "-" | 13 | ENV["RUBYLIB"] = "-" |
14 | end | ||
15 | -- | ||
16 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch deleted file mode 100644 index 848139b7e3..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch +++ /dev/null | |||
@@ -1,41 +0,0 @@ | |||
1 | From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Tue, 23 May 2017 10:28:58 +0900 | ||
4 | Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access | ||
5 | |||
6 | --- | ||
7 | regexec.c | 5 ----- | ||
8 | 1 file changed, 5 deletions(-) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9224 | ||
13 | |||
14 | Context modified so that patch applies for version 2.4.1. | ||
15 | |||
16 | Upstream-Status: Pending | ||
17 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
18 | |||
19 | |||
20 | diff --git a/regexec.c b/regexec.c | ||
21 | index 35fef11..d4e577d 100644 | ||
22 | --- a/regexec.c | ||
23 | +++ b/regexec.c | ||
24 | @@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, | ||
25 | NEXT; | ||
26 | |||
27 | CASE(OP_EXACT1) MOP_IN(OP_EXACT1); | ||
28 | -#if 0 | ||
29 | DATA_ENSURE(1); | ||
30 | if (*p != *s) goto fail; | ||
31 | p++; s++; | ||
32 | -#endif | ||
33 | - if (*p != *s++) goto fail; | ||
34 | - DATA_ENSURE(0); | ||
35 | - p++; | ||
36 | MOP_OUT; | ||
37 | break; | ||
38 | |||
39 | -- | ||
40 | 1.7.9.5 | ||
41 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch index 0f2a4307cc..89437bba74 100644 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch | |||
@@ -20,22 +20,13 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com> | |||
20 | 20 | ||
21 | --- ruby-2.4.1.orig/regparse.c | 21 | --- ruby-2.4.1.orig/regparse.c |
22 | +++ ruby-2.4.1/regparse.c | 22 | +++ ruby-2.4.1/regparse.c |
23 | @@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src, | ||
24 | if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { | ||
25 | prev = p; | ||
26 | num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); | ||
27 | - if (num < 0) return ONIGERR_TOO_BIG_NUMBER; | ||
28 | + if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER; | ||
29 | if (p == prev) { /* can't read nothing. */ | ||
30 | num = 0; /* but, it's not error */ | ||
31 | } | ||
32 | @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod | 23 | @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod |
33 | switch (*state) { | 24 | switch (*state) { |
34 | case CCS_VALUE: | 25 | case CCS_VALUE: |
35 | if (*type == CCV_SB) { | 26 | if (*type == CCV_SB) { |
36 | + if (*vs > 0xff) | 27 | + if (*from > 0xff) |
37 | + return ONIGERR_INVALID_CODE_POINT_VALUE; | 28 | + return ONIGERR_INVALID_CODE_POINT_VALUE; |
38 | + | 29 | + |
39 | BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs)); | 30 | BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from)); |
40 | if (IS_NOT_NULL(asc_cc)) | 31 | if (IS_NOT_NULL(asc_cc)) |
41 | BITSET_SET_BIT(asc_cc->bs, (int )(*vs)); | 32 | BITSET_SET_BIT(asc_cc->bs, (int )(*from)); |
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch deleted file mode 100644 index 85e7ccb369..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Tue, 23 May 2017 16:15:35 +0900 | ||
4 | Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value | ||
5 | |||
6 | --- | ||
7 | regexec.c | 2 ++ | ||
8 | 1 file changed, 2 insertions(+) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9227 | ||
13 | |||
14 | Upstream-Status: Inappropriate [not author] | ||
15 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
16 | |||
17 | diff --git a/regexec.c b/regexec.c | ||
18 | index d4e577d..2fa0f3d 100644 | ||
19 | --- a/regexec.c | ||
20 | +++ b/regexec.c | ||
21 | @@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, | ||
22 | } | ||
23 | else { | ||
24 | UChar *q = p + reg->dmin; | ||
25 | + | ||
26 | + if (q >= end) return 0; /* fail */ | ||
27 | while (p < q) p += enclen(reg->enc, p, end); | ||
28 | } | ||
29 | } | ||
30 | -- | ||
31 | 1.7.9.5 | ||
32 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch deleted file mode 100644 index 6e765bf6dc..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch +++ /dev/null | |||
@@ -1,59 +0,0 @@ | |||
1 | From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Wed, 24 May 2017 10:27:04 +0900 | ||
4 | Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value | ||
5 | |||
6 | --- | ||
7 | regexec.c | 27 +++++++++++++++++---------- | ||
8 | 1 file changed, 17 insertions(+), 10 deletions(-) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9229 | ||
13 | |||
14 | Upstream-Status: Inappropriate [not author] | ||
15 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
16 | |||
17 | diff --git a/regexec.c b/regexec.c | ||
18 | index 49bcc50..c0626ef 100644 | ||
19 | --- a/regexec.c | ||
20 | +++ b/regexec.c | ||
21 | @@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const | ||
22 | } | ||
23 | else { | ||
24 | if (reg->dmax != ONIG_INFINITE_DISTANCE) { | ||
25 | - *low = p - reg->dmax; | ||
26 | - if (*low > s) { | ||
27 | - *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, | ||
28 | - *low, end, (const UChar** )low_prev); | ||
29 | - if (low_prev && IS_NULL(*low_prev)) | ||
30 | - *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
31 | - (pprev ? pprev : s), *low, end); | ||
32 | + if (p - str < reg->dmax) { | ||
33 | + *low = (UChar* )str; | ||
34 | + if (low_prev) | ||
35 | + *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end); | ||
36 | } | ||
37 | else { | ||
38 | - if (low_prev) | ||
39 | - *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
40 | - (pprev ? pprev : str), *low, end); | ||
41 | + *low = p - reg->dmax; | ||
42 | + if (*low > s) { | ||
43 | + *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, | ||
44 | + *low, end, (const UChar** )low_prev); | ||
45 | + if (low_prev && IS_NULL(*low_prev)) | ||
46 | + *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
47 | + (pprev ? pprev : s), *low, end); | ||
48 | + } | ||
49 | + else { | ||
50 | + if (low_prev) | ||
51 | + *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
52 | + (pprev ? pprev : str), *low, end); | ||
53 | + } | ||
54 | } | ||
55 | } | ||
56 | } | ||
57 | -- | ||
58 | 1.7.9.5 | ||
59 | |||
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.2.bb b/meta/recipes-devtools/ruby/ruby_2.5.0.bb index 239d775f14..1ac7f2aa5a 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.2.bb +++ b/meta/recipes-devtools/ruby/ruby_2.5.0.bb | |||
@@ -1,15 +1,12 @@ | |||
1 | require ruby.inc | 1 | require ruby.inc |
2 | 2 | ||
3 | SRC_URI += " \ | 3 | SRC_URI += " \ |
4 | file://ruby-CVE-2017-9224.patch \ | ||
5 | file://ruby-CVE-2017-9226.patch \ | 4 | file://ruby-CVE-2017-9226.patch \ |
6 | file://ruby-CVE-2017-9227.patch \ | ||
7 | file://ruby-CVE-2017-9228.patch \ | 5 | file://ruby-CVE-2017-9228.patch \ |
8 | file://ruby-CVE-2017-9229.patch \ | ||
9 | " | 6 | " |
10 | 7 | ||
11 | SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c" | 8 | SRC_URI[md5sum] = "f4711f856fe14de222b9da3d3b8efa89" |
12 | SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c" | 9 | SRC_URI[sha256sum] = "46e6f3630f1888eb653b15fa811d77b5b1df6fd7a3af436b343cfe4f4503f2ab" |
13 | 10 | ||
14 | # it's unknown to configure script, but then passed to extconf.rb | 11 | # it's unknown to configure script, but then passed to extconf.rb |
15 | # maybe it's not really needed as we're hardcoding the result with | 12 | # maybe it's not really needed as we're hardcoding the result with |