linux/poky.git/meta/recipes-devtools/ruby, branch morty Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=morty 2018-05-15T10:01:17+00:00 ruby: Update to 2.4.4 2018-05-15T10:01:17+00:00 Armin Kuster akuster808@gmail.com 2018-05-03T16:00:59+00:00 urn:sha1:e31e85d86996796eac51afc0510391f51f7df013 The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) (From OE-Core rev: 43721cc12ce782603ecdc0aa3a514bc6c8d4f97f) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for Morty context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: fix typo in gmp PACKAGECONFIG option 2018-05-15T10:01:17+00:00 Andre McCurdy armccurdy@gmail.com 2018-01-22T23:38:06+00:00 urn:sha1:3be01630d8859ca8f14d44056deb4088ca3735bc (From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) (From OE-Core rev: a9b55cbec9f5ff11f92f50c529049e83ac898043) (From OE-Core rev: b52c5967c24c37c0da48984a45521206e17e4291) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: remove spurious db build dependency 2018-05-15T10:01:17+00:00 Ross Burton ross.burton@intel.com 2017-11-01T09:57:53+00:00 urn:sha1:ced662c5a56f5950725d5d7e5558b53719dff8d9 The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) (From OE-Core rev: 20d9821e9131c3d715ed629ad38eed802f737056) (From OE-Core rev: 5885a5f85096659445e752cee1525c43f4f38d73) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: update to 2.4.3 2018-03-04T11:12:12+00:00 Armin Kuster akuster808@gmail.com 2018-02-19T21:06:35+00:00 urn:sha1:c323026d9ca3f57628dca4114ed394a279637427 This fixes a segfault in arm64 multilib. Drop CVE-2017-14064.patch Additional CVE included are 2.4.3: CVE-2017-17405: Command injection vulnerability in Net::FTP Additional CVE included are 2.4.2: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON Ruby Gems: DNS request hijacking vulnerability. (CVE-2017-0902) ANSI escape sequence vulnerability. (CVE-2017-0899) DoS vulnerability in the query command. (CVE-2017-0900) vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901) (From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: update to 2.4.0 2018-01-14T22:10:54+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2018-01-12T16:20:01+00:00 urn:sha1:bbc0795ada93d943bf534289eaa7c07c5ffb7d44 Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby (up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8) (From OE-Core rev: 4734a4b41898e3df252b6234ed1270a915fd1f68) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: Security fix for CVE-2017-14064 2017-11-21T14:43:55+00:00 Rajkumar Veer rveer@mvista.com 2017-11-04T17:45:58+00:00 urn:sha1:eb70e899c48abec05d547e43c98c9b1185ccd95d Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 (From OE-Core rev: 8d53b03e8fa1bc20c0d77d6cd7869bd7f7325987) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: Security fix for CVE-2017-14033 2017-11-21T14:43:55+00:00 Rajkumar Veer rveer@mvista.com 2017-11-04T17:43:01+00:00 urn:sha1:ecd6e7d10175d269a3424996f7e71ac48be3c613 affects ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 (From OE-Core rev: 6033983453ff7b39d9d0d0a64353611128e26fae) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: Security fix for CVE-2017-9229 2017-11-21T14:43:55+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-04T17:41:02+00:00 urn:sha1:32c81fb55d9889c46ca7f7854522a9d01df290c0 affects ruby < 2.4.1 (From OE-Core rev: a636bf8cb5063f349b2af6594b131af6852b3076) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: Secruity fix for CVE-2017-9226 2017-11-21T14:43:55+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-04T17:39:42+00:00 urn:sha1:7039d1ad320d3bb48c0b031340ceb8a5cd273290 affects ruby < 2.4.1 (From OE-Core rev: 0c1eec0c6a789e1e9dbfcc66c3fb8c7d1d8b4e99) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> ruby: Security fix for CVE-2017-9228 2017-11-21T14:43:55+00:00 Thiruvadi Rajaraman trajaraman@mvista.com 2017-11-04T17:37:48+00:00 urn:sha1:7f7e00483a1c1e45e1104035433cb2981214e777 affects ruby < 2.4.1 (From OE-Core rev: cdfb60a7b573c034868ef27d8eb2c667f2a7ad1d) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>