| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 80077479fd687a887cd321fe2e65dfd58edb5832)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
Removed since it is included in 2.7.0.
refresh the following patch:
0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
add the following patch to solve build error:
0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch
[error message]
ERROR: ruby-2.7.0-r0 do_package_qa: QA Issue:
/usr/lib/ruby/gems/2.7.0/gems/racc-1.4.16/bin/y2racc contained in
package ruby requires /usr/local/bin/ruby, but no providers found in
RDEPENDS_ruby? [file-rdeps]
format of file COPYING is updated.
LEGAL notice information is updated.
(From OE-Core rev: 3cdf5da514b424a6d78ba4e1412331b6cf2b3bff)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
one of the build steps ruby has is that it generated rb_mjit_header.h
during configure using gcc preprocessor using -dD which emits built-in
defines as well, problem happens when this header is later included in
subsequent compiles, where compiler errors out stating that an existing
internal define is redefined
| /tmp/20200123-2021083-2c601q.h:13849:9: error: "__has_include" cannot be used as a macro name
| 13849 | #define __has_include __has_include
| | ^~~~~~~~~~~~~
| compilation terminated due to -Wfatal-errors.
Since compiler already will take care of it internally we can edit it
out from this header file
(From OE-Core rev: b4f0df9a0e998af746bcd84cb81ea4ba0107f989)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most patches had to be refreshed
Note that we can now drop
EXTRA_AUTORECONF += "--exclude=aclocal"
from the recipe, as ruby upstream now fully supports
runnning aclocal:
https://github.com/ruby/ruby/pull/1793/commits/df9bf70cd2275a3ddc3108f392214fcc4a9b0859
https://github.com/ruby/ruby/commit/ec43478f34de262ebdd2922c488e265344b489c3
Also note that 'created.rid' is not being installed
anymore since v2.6.0
While additional LICENSEs were added to the recipe,
they should always have been mentioned in this recipe,
i.e. the license checksum was updated only because:
* URLs were updated
* new imported components were mentioned (with no new licenses)
* formatting was changed
* dates were updated
(From OE-Core rev: 7124051b3b2e91e81c7b8565104ae9c5bea10be1)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configure script does not detect isnan/isinf as macros
as is the case in musl:
checking for isinf... no
checking for isnan... no
Backport an upstream patch from 2.7.0-preview1 to address this:
checking whether isinf is declared... yes
checking whether isnan is declared... yes
(From OE-Core rev: b1afaccdba31341cace4b8d84d118ca76098587e)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVE patches here address the original problem in
a different way to how upstream solved it, and are
superfluous.
Ruby updated to Onigmo v6.1.3+669ac999761 before its
v2.5.0 release, and both CVEs were fixed before Onigmo
v6.1.3:
https://github.com/k-takata/Onigmo/releases/tag/Onigmo-6.1.3
https://github.com/k-takata/Onigmo/commits/Onigmo-6.1.3
https://github.com/k-takata/Onigmo/commit/40945546578004bf40e6f884834bcad4054c70f7
https://github.com/k-takata/Onigmo/commit/783b7ef491e1422e4be7407ccc3e4305e5013507
Because the issues were fixed differently here and
in Ruby (Onigmo), patch never complained about
duplicatation during recipe updates.
(From OE-Core rev: 90dbe9019c81e25923ed450df80b4401d16287b4)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 46f47b700ef7f58c8095db9bd3b4b867a6447360)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently
applied all gem extraction fails as the realpath check is done against
the full path including the file to be extracted which will always fail
as the file hasnt been extracted yet
(From OE-Core rev: 479620023aa0af9467ca1d2807cf7bedd73327f6)
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Directory traversal vulnerability as described by
https://nvd.nist.gov/vuln/detail/CVE-2018-1000073.
(From OE-Core rev: 1a0a1785766c12003e3f8848852af84cae203e6b)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 44e650f961888b75797da8ecc23654f672c5fae6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1.Upgrade ruby form 2.4.2 to 2.5.0.
2.Update the checksum of LIC_FILES_CHKSUM.
3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream.
4.Modify ruby-CVE-2017-9226.patch, since the data has been changed.
(From OE-Core rev: 67b9f407f7c40c63c7f9518b4ee3d4d1cc7c75ce)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
(From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-9226 : check too big code point value for single byte
CVE-2017-9227 : access to invalid address by reg->dmin value
CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class()
CVE-2017-9229 : access to invalid address by reg->dmax value
(From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Use DATA_ENSURE(1) before access.
(From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
(From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8da33111c924be0bef8e175c53dbd3a439dc9788)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
Ruby is required to build webkit.
Use trim_version() to build the major release, and remove redundant S assignment
(RB).
(From OE-Core rev: 10fd3b41449d1af15ac9432bc1a7fe26c6f1dae1)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
