summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-devtools/ruby/ruby.inc4
-rw-r--r--meta/recipes-devtools/ruby/ruby/extmk.patch16
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch41
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch15
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch32
-rw-r--r--meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch59
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.5.0.bb (renamed from meta/recipes-devtools/ruby/ruby_2.4.2.bb)7
7 files changed, 16 insertions, 158 deletions
diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc
index 9a52a6965f..fd3911ba75 100644
--- a/meta/recipes-devtools/ruby/ruby.inc
+++ b/meta/recipes-devtools/ruby/ruby.inc
@@ -8,10 +8,10 @@ HOMEPAGE = "http://www.ruby-lang.org/"
8SECTION = "devel/ruby" 8SECTION = "devel/ruby"
9LICENSE = "Ruby | BSD | GPLv2" 9LICENSE = "Ruby | BSD | GPLv2"
10LIC_FILES_CHKSUM = "\ 10LIC_FILES_CHKSUM = "\
11 file://COPYING;md5=8a960b08d972f43f91ae84a6f00dcbfb \ 11 file://COPYING;md5=340948e1882e579731841bf49cdc22c1 \
12 file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\ 12 file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\
13 file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\ 13 file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\
14 file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \ 14 file://LEGAL;md5=8f871f3f03732c018a5fa9b185958231 \
15" 15"
16 16
17DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline" 17DEPENDS = "ruby-native zlib openssl tcl libyaml gdbm readline"
diff --git a/meta/recipes-devtools/ruby/ruby/extmk.patch b/meta/recipes-devtools/ruby/ruby/extmk.patch
index a5b2184af5..404b9af7aa 100644
--- a/meta/recipes-devtools/ruby/ruby/extmk.patch
+++ b/meta/recipes-devtools/ruby/ruby/extmk.patch
@@ -2,13 +2,15 @@ Upstream-Status: Pending
2diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb 2diff -ru ruby-1.8.7-p248.orig/ext/extmk.rb ruby-1.8.7-p248/ext/extmk.rb
3--- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600 3--- ruby-1.8.7-p248.orig/ext/extmk.rb 2009-12-24 03:01:58.000000000 -0600
4+++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600 4+++ ruby-1.8.7-p248/ext/extmk.rb 2010-02-12 15:55:27.370061558 -0600
5@@ -354,8 +354,8 @@ 5@@ -413,8 +413,8 @@ def $mflags.defined?(var)
6 $ruby = '$(topdir)/miniruby' + EXEEXT
7 end 6 end
8 $ruby << " -I'$(topdir)'" 7 $ruby = [$ruby]
9+$ruby << " -I'$(top_srcdir)/lib'" 8 $ruby << "-I'$(topdir)'"
9+$ruby << "-I'$(top_srcdir)/lib'"
10 unless CROSS_COMPILING 10 unless CROSS_COMPILING
11- $ruby << " -I'$(top_srcdir)/lib'" 11- $ruby << "-I'$(top_srcdir)/lib'"
12 $ruby << " -I'$(extout)/$(arch)' -I'$(extout)/common'" if $extout 12 $ruby << "-I'$(extout)/$(arch)'" << "-I'$(extout)/common'" if $extout
13 $ruby << " -I./- -I'$(top_srcdir)/ext' -rpurelib.rb"
14 ENV["RUBYLIB"] = "-" 13 ENV["RUBYLIB"] = "-"
14 end
15--
16
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
deleted file mode 100644
index 848139b7e3..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
+++ /dev/null
@@ -1,41 +0,0 @@
1From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
2From: "K.Kosako" <kosako@sofnec.co.jp>
3Date: Tue, 23 May 2017 10:28:58 +0900
4Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
5
6---
7 regexec.c | 5 -----
8 1 file changed, 5 deletions(-)
9
10--- end of original header
11
12CVE: CVE-2017-9224
13
14Context modified so that patch applies for version 2.4.1.
15
16Upstream-Status: Pending
17Signed-off-by: Joe Slater <joe.slater@windriver.com>
18
19
20diff --git a/regexec.c b/regexec.c
21index 35fef11..d4e577d 100644
22--- a/regexec.c
23+++ b/regexec.c
24@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
25 NEXT;
26
27 CASE(OP_EXACT1) MOP_IN(OP_EXACT1);
28-#if 0
29 DATA_ENSURE(1);
30 if (*p != *s) goto fail;
31 p++; s++;
32-#endif
33- if (*p != *s++) goto fail;
34- DATA_ENSURE(0);
35- p++;
36 MOP_OUT;
37 break;
38
39--
401.7.9.5
41
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
index 0f2a4307cc..89437bba74 100644
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch
@@ -20,22 +20,13 @@ Signed-off-by: Joe Slater <joe.slater@windriver.com>
20 20
21--- ruby-2.4.1.orig/regparse.c 21--- ruby-2.4.1.orig/regparse.c
22+++ ruby-2.4.1/regparse.c 22+++ ruby-2.4.1/regparse.c
23@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src,
24 if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) {
25 prev = p;
26 num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc);
27- if (num < 0) return ONIGERR_TOO_BIG_NUMBER;
28+ if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER;
29 if (p == prev) { /* can't read nothing. */
30 num = 0; /* but, it's not error */
31 }
32@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod 23@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod
33 switch (*state) { 24 switch (*state) {
34 case CCS_VALUE: 25 case CCS_VALUE:
35 if (*type == CCV_SB) { 26 if (*type == CCV_SB) {
36+ if (*vs > 0xff) 27+ if (*from > 0xff)
37+ return ONIGERR_INVALID_CODE_POINT_VALUE; 28+ return ONIGERR_INVALID_CODE_POINT_VALUE;
38+ 29+
39 BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs)); 30 BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*from));
40 if (IS_NOT_NULL(asc_cc)) 31 if (IS_NOT_NULL(asc_cc))
41 BITSET_SET_BIT(asc_cc->bs, (int )(*vs)); 32 BITSET_SET_BIT(asc_cc->bs, (int )(*from));
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
deleted file mode 100644
index 85e7ccb369..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001
2From: "K.Kosako" <kosako@sofnec.co.jp>
3Date: Tue, 23 May 2017 16:15:35 +0900
4Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value
5
6---
7 regexec.c | 2 ++
8 1 file changed, 2 insertions(+)
9
10--- end of original header
11
12CVE: CVE-2017-9227
13
14Upstream-Status: Inappropriate [not author]
15Signed-off-by: Joe Slater <joe.slater@windriver.com>
16
17diff --git a/regexec.c b/regexec.c
18index d4e577d..2fa0f3d 100644
19--- a/regexec.c
20+++ b/regexec.c
21@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
22 }
23 else {
24 UChar *q = p + reg->dmin;
25+
26+ if (q >= end) return 0; /* fail */
27 while (p < q) p += enclen(reg->enc, p, end);
28 }
29 }
30--
311.7.9.5
32
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
deleted file mode 100644
index 6e765bf6dc..0000000000
--- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001
2From: "K.Kosako" <kosako@sofnec.co.jp>
3Date: Wed, 24 May 2017 10:27:04 +0900
4Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value
5
6---
7 regexec.c | 27 +++++++++++++++++----------
8 1 file changed, 17 insertions(+), 10 deletions(-)
9
10--- end of original header
11
12CVE: CVE-2017-9229
13
14Upstream-Status: Inappropriate [not author]
15Signed-off-by: Joe Slater <joe.slater@windriver.com>
16
17diff --git a/regexec.c b/regexec.c
18index 49bcc50..c0626ef 100644
19--- a/regexec.c
20+++ b/regexec.c
21@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const
22 }
23 else {
24 if (reg->dmax != ONIG_INFINITE_DISTANCE) {
25- *low = p - reg->dmax;
26- if (*low > s) {
27- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
28- *low, end, (const UChar** )low_prev);
29- if (low_prev && IS_NULL(*low_prev))
30- *low_prev = onigenc_get_prev_char_head(reg->enc,
31- (pprev ? pprev : s), *low, end);
32+ if (p - str < reg->dmax) {
33+ *low = (UChar* )str;
34+ if (low_prev)
35+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end);
36 }
37 else {
38- if (low_prev)
39- *low_prev = onigenc_get_prev_char_head(reg->enc,
40- (pprev ? pprev : str), *low, end);
41+ *low = p - reg->dmax;
42+ if (*low > s) {
43+ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s,
44+ *low, end, (const UChar** )low_prev);
45+ if (low_prev && IS_NULL(*low_prev))
46+ *low_prev = onigenc_get_prev_char_head(reg->enc,
47+ (pprev ? pprev : s), *low, end);
48+ }
49+ else {
50+ if (low_prev)
51+ *low_prev = onigenc_get_prev_char_head(reg->enc,
52+ (pprev ? pprev : str), *low, end);
53+ }
54 }
55 }
56 }
57--
581.7.9.5
59
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.2.bb b/meta/recipes-devtools/ruby/ruby_2.5.0.bb
index 239d775f14..1ac7f2aa5a 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.0.bb
@@ -1,15 +1,12 @@
1require ruby.inc 1require ruby.inc
2 2
3SRC_URI += " \ 3SRC_URI += " \
4 file://ruby-CVE-2017-9224.patch \
5 file://ruby-CVE-2017-9226.patch \ 4 file://ruby-CVE-2017-9226.patch \
6 file://ruby-CVE-2017-9227.patch \
7 file://ruby-CVE-2017-9228.patch \ 5 file://ruby-CVE-2017-9228.patch \
8 file://ruby-CVE-2017-9229.patch \
9 " 6 "
10 7
11SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c" 8SRC_URI[md5sum] = "f4711f856fe14de222b9da3d3b8efa89"
12SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c" 9SRC_URI[sha256sum] = "46e6f3630f1888eb653b15fa811d77b5b1df6fd7a3af436b343cfe4f4503f2ab"
13 10
14# it's unknown to configure script, but then passed to extconf.rb 11# it's unknown to configure script, but then passed to extconf.rb
15# maybe it's not really needed as we're hardcoding the result with 12# maybe it's not really needed as we're hardcoding the result with