summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/ruby/ruby
Commit message (Collapse)AuthorAgeFilesLines
* ruby: upgrade to 2.4.2Leonardo Sandoval2018-05-071-87/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e (From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438) (From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: CVE-2017-14064Ovidiu Panait2017-09-181-0/+87
| | | | | | | | | | | | | | | | | | | | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14064 Upstream patch: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 (From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix CVE-2017-922{6-9}Joe Slater2017-08-194-0/+166
| | | | | | | | | | | | CVE-2017-9226 : check too big code point value for single byte CVE-2017-9227 : access to invalid address by reg->dmin value CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class() CVE-2017-9229 : access to invalid address by reg->dmax value (From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix CVE-2017-9224Joe Slater2017-08-181-0/+41
| | | | | | | | | Use DATA_ENSURE(1) before access. (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Add/fix missing Upstream-Status to patchesRichard Purdie2017-06-271-0/+1
| | | | | | | | | This adds or fixes the Upstream-Status for all remaining patches missing it in OE-Core. (From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: obey LDFLAGS for the link of librubyChristopher Larson2016-05-141-0/+28
| | | | | | | (From OE-Core rev: 8da33111c924be0bef8e175c53dbd3a439dc9788) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: add a recipe from meta-rubyAlexander Kanavin2015-09-121-0/+13
Ruby is required to build webkit. Use trim_version() to build the major release, and remove redundant S assignment (RB). (From OE-Core rev: 10fd3b41449d1af15ac9432bc1a7fe26c6f1dae1) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-24 12:23:10 +0000