summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/ruby
Commit message (Collapse)AuthorAgeFilesLines
* ruby: fix CVE-2019-16254Rahul Chauhan2020-03-162-0/+107
| | | | | | | | (From OE-Core rev: b8e6eb473f3697ab76f30ca8a0abe584d3d10fa6) Signed-off-by: Rahul Chauhan <rahulchauhankitps@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix non-IPv6 supportAndré Draszik2019-10-021-6/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When IPv6 support is disabled, this recipe mis-configures ruby so that it end up non-working: --enable-wide-getaddrinfo instructs ruby to re-implement the standard getaddinfo(), but IPv6 support is still automatically detected via ext/socket/extconf.rb independently of that flag. To re-implement getaddrinfo(), ruby uses the obsolete getipnodebyaddr() and getipnodebyname() functions - i.e. according to the man-page, glibc provided those only in glibc 2.1.91-95; and of course compilation fails. [1] Switch to ruby's standard --enable-ipv6= configure options to make the build work without warnings, and ruby work at runtime as well. [1] Compilation and linking actually succeed, albeit with a warning regarding implicit declaration / unresolved symbols. The error is only obvious at runtime due to the unresolved symbols... (From OE-Core rev: 6ff71dd308b1611df7a8ea811a79b7cb884c99e9) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: configure mis-detects isnan/isinf on muslAndré Draszik2019-10-022-0/+102
| | | | | | | | | | | | | | | | | The configure script does not detect isnan/isinf as macros as is the case in musl: checking for isinf... no checking for isnan... no Backport an upstream patch from 2.7.0-preview1 to address this: checking whether isinf is declared... yes checking whether isnan is declared... yes (From OE-Core rev: b1afaccdba31341cace4b8d84d118ca76098587e) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: drop long-merged CVE patchesAndré Draszik2019-10-023-68/+0
| | | | | | | | | | | | | | | | | | | | | | | | The CVE patches here address the original problem in a different way to how upstream solved it, and are superfluous. Ruby updated to Onigmo v6.1.3+669ac999761 before its v2.5.0 release, and both CVEs were fixed before Onigmo v6.1.3: https://github.com/k-takata/Onigmo/releases/tag/Onigmo-6.1.3 https://github.com/k-takata/Onigmo/commits/Onigmo-6.1.3 https://github.com/k-takata/Onigmo/commit/40945546578004bf40e6f884834bcad4054c70f7 https://github.com/k-takata/Onigmo/commit/783b7ef491e1422e4be7407ccc3e4305e5013507 Because the issues were fixed differently here and in Ruby (Onigmo), patch never complained about duplicatation during recipe updates. (From OE-Core rev: 90dbe9019c81e25923ed450df80b4401d16287b4) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: Adding zlib-native to native dependenciesJohann Fridriksson2019-08-131-1/+1
| | | | | | | (From OE-Core rev: c558da63d6ec16a5b0c09a2e558ce72606b33436) Signed-off-by: Jóhann Friðriksson <jofr@foss.dk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: update to 2.5.5Oleksandr Kravchuk2019-07-021-2/+2
| | | | | | | (From OE-Core rev: f2c5659968dcdb44ceaf030b45b1e3baf3be7a7e) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: add ptestChangqing Li2019-04-123-1/+24
| | | | | | | (From OE-Core rev: 46f47b700ef7f58c8095db9bd3b4b867a6447360) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: make ext module fiddle can compile successChangqing Li2019-04-122-1/+2
| | | | | | | | | | | | | | | | ext module fiddle depend on libffi, in ruby source tree, there is in internal libffi in case target platfrom don't install libffi, but autotools.bbclass delete configure under libffi and not run autoreconf to regenerate one.so we met this error: ruby-2.5.3/ext/fiddle/libffi-3.2.1/configure: No such file or directory the fix is add depend and extra_oeconf to use libffi in the system (From OE-Core rev: 55acc9b477919208d91781dbe9a03136f895a94b) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: remove CVE-2018-1000073.patch as already fixedGrandbois, Brett2019-02-122-35/+0
| | | | | | | | | | | | rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently applied all gem extraction fails as the realpath check is done against the full path including the file to be extracted which will always fail as the file hasnt been extracted yet (From OE-Core rev: 479620023aa0af9467ca1d2807cf7bedd73327f6) Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby.inc: Add dependency on readline-nativeManjukumar Matha2019-02-021-1/+1
| | | | | | | | | | | | | | | | | | | | Add dependency on readline-native to fix the following issue uninitialized constant Logfile | Check ext/fiddle/mkmf.log for more details. | readline: | Could not be configured. It will not be installed. | build/tmp/work/x86_64-linux/ruby-native/2.5.1-r0/ruby-2.5.1/ext/readline/extconf.rb:62: Neither readline nor libedit was found | Check ext/readline/mkmf.log for more details. | *** Fix the problems, then remove these directories and try again if you want. (From OE-Core rev: b25acc546b6fc684da9cc8a3a01e44cd195e209b) Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade 2.5.1 -> 2.5.3Ross Burton2018-12-051-2/+2
| | | | | | | (From OE-Core rev: 17a8576375fadbfa44e9272a942bf12887b5e1a2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: improve reproducibilityHongxu Jia2018-08-291-0/+20
| | | | | | | | | | | | | | | | | | | | Find out rbconfig.rb and created.rid from ${B}/.installed.list and remove build host directories - For rbconfig.rb, parse it like python's _sysconfigdata.py [snip rbconfig.rb] 26 CONFIG["INSTALL"] = 'install -c' [snip rbconfig.rb] - For created.rid, it records file created time, just strip ${WORKDIR} prefix. [snip created.rid] 840 /ruby-2.5.1/doc/maintainers.rdoc Fri, 22 Dec 2017 23:08:05 +0000 [snip created.rid] (From OE-Core rev: 853e0499be449c71378c087e08b1926be8e2ac87) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: security fix CVE 2018-1000073Joe Slater2018-07-262-0/+35
| | | | | | | | | | | Directory traversal vulnerability as described by https://nvd.nist.gov/vuln/detail/CVE-2018-1000073. (From OE-Core rev: 1a0a1785766c12003e3f8848852af84cae203e6b) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade to version 2.5.1Maxin B. John2018-05-042-3/+3
| | | | | | | | | | | License-Update: Checksum of LEGAL file updated for changes to upstream URL and addition of Wayback Machine url (From OE-Core rev: 98f889ca4a07c54165d3d983582639951b8ef32e) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: refresh patchesRoss Burton2018-03-111-10/+7
| | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 44e650f961888b75797da8ecc23654f672c5fae6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: 2.4.2 -> 2.5.0Huang Qiyu2018-02-067-158/+16
| | | | | | | | | | | | | 1.Upgrade ruby form 2.4.2 to 2.5.0. 2.Update the checksum of LIC_FILES_CHKSUM. 3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream. 4.Modify ruby-CVE-2017-9226.patch, since the data has been changed. (From OE-Core rev: 67b9f407f7c40c63c7f9518b4ee3d4d1cc7c75ce) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix typo in gmp PACKAGECONFIG optionAndre McCurdy2018-01-261-1/+1
| | | | | | | | (From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: remove spurious db build dependencyRoss Burton2017-11-051-1/+1
| | | | | | | | | The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade to 2.4.2Leonardo Sandoval2017-11-052-90/+2
| | | | | | | | | | | | | | | | | | | | | | The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e (From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: CVE-2017-14064Ovidiu Panait2017-09-182-0/+88
| | | | | | | | | | | | | | | | | | | | Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14064 Upstream patch: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 (From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix CVE-2017-922{6-9}Joe Slater2017-08-195-0/+170
| | | | | | | | | | | | CVE-2017-9226 : check too big code point value for single byte CVE-2017-9227 : access to invalid address by reg->dmin value CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class() CVE-2017-9229 : access to invalid address by reg->dmax value (From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix CVE-2017-9224Joe Slater2017-08-182-0/+45
| | | | | | | | | Use DATA_ENSURE(1) before access. (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Add/fix missing Upstream-Status to patchesRichard Purdie2017-06-271-0/+1
| | | | | | | | | This adds or fixes the Upstream-Status for all remaining patches missing it in OE-Core. (From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade to 2.4.1Leonardo Sandoval2017-05-251-2/+2
| | | | | | | | (From OE-Core rev: 3ff2d0bc7a8e7a7e8c8e953dc0ccf84d891688ef) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade 2.3.3 -> 2.4.0Leonardo Sandoval2017-03-012-4/+4
| | | | | | | | | | | Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains the same. (From OE-Core rev: 2bbad067b6b928d4615df938d0e41fa84e451c15) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix upstream version checkAlexander Kanavin2017-03-011-0/+1
| | | | | | | | (From OE-Core rev: 0299731f9c11fda2e0a17600f758e0d7ff31fbbe) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-1/+1
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade to 2.3.3Edwin Plauchu2016-12-221-2/+2
| | | | | | | | (From OE-Core rev: 99000d8bc30fe1eed60499140efa3a4cf0360478) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: upgrade to 2.3.1Edwin Plauchu2016-11-302-3/+5
| | | | | | | | (From OE-Core rev: 11063a01d4511b2688ea7ba2d7359e4e07328c66) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: obey LDFLAGS for the link of librubyChristopher Larson2016-05-142-1/+30
| | | | | | | (From OE-Core rev: 8da33111c924be0bef8e175c53dbd3a439dc9788) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: Upgrade to 2.2.5Khem Raj2016-05-131-6/+2
| | | | | | | | | | This is latest in 2.2 series, helps with compile using clang (From OE-Core rev: 9f1a8cc84105b077cb5896997b220f1f583075b5) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: break out ri-docs and rdoc into separate packagesIoan-Adrian Ratiu2016-02-191-2/+11
| | | | | | | | | | | | | | | | | The ri (Ruby Interactive) documentation for the Ruby standard library consumes a significant amount of space on disk. It is useful to developers, but is usually not necessary for users who just want to run applications written in Ruby. Break it out into a separate package so Ruby can be installed without it. Also break out the rdoc documentation generator in its own package. (From OE-Core rev: adc53d40932151b4822ce2ac74cb31306684ba95) Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: more removals of redunant FILES_${PN}-dbgRoss Burton2015-12-161-5/+0
| | | | | | | | | | In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. (From OE-Core rev: a3b000643898d7402b9e57c02e8d10e677cc9722) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby-native: Depend on openssl-nativeKhem Raj2015-12-011-1/+1
| | | | | | | | | | | | | | | | | This dependency is floating otherwise, It races against openssl-native and when openssl config does not match with openssl on build host the build fails occasionally x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is disabled. # error RIPEMD is disabled. Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6 (From OE-Core rev: d0c8d98077622a700d92384f676770cb4d6d4f46) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: add a recipe from meta-rubyAlexander Kanavin2015-09-123-0/+93
Ruby is required to build webkit. Use trim_version() to build the major release, and remove redundant S assignment (RB). (From OE-Core rev: 10fd3b41449d1af15ac9432bc1a7fe26c6f1dae1) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>