<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-devtools/ruby, branch uninative-1.8</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-1.8</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=uninative-1.8'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2018-02-06T11:06:27+00:00</updated>
<entry>
<title>ruby: 2.4.2 -&gt; 2.5.0</title>
<updated>2018-02-06T11:06:27+00:00</updated>
<author>
<name>Huang Qiyu</name>
<email>huangqy.fnst@cn.fujitsu.com</email>
</author>
<published>2018-01-30T08:58:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a62c43a363245740c9a7250e5795983197a46896'/>
<id>urn:sha1:a62c43a363245740c9a7250e5795983197a46896</id>
<content type='text'>
1.Upgrade ruby form 2.4.2 to 2.5.0.
2.Update the checksum of LIC_FILES_CHKSUM.
3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream.
4.Modify ruby-CVE-2017-9226.patch, since the data has been changed.

(From OE-Core rev: 67b9f407f7c40c63c7f9518b4ee3d4d1cc7c75ce)

Signed-off-by: Huang Qiyu &lt;huangqy.fnst@cn.fujitsu.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: fix typo in gmp PACKAGECONFIG option</title>
<updated>2018-01-26T13:09:10+00:00</updated>
<author>
<name>Andre McCurdy</name>
<email>armccurdy@gmail.com</email>
</author>
<published>2018-01-22T23:38:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=70e5e10d7f8b632b255a8cb21ae17ebb203dd12d'/>
<id>urn:sha1:70e5e10d7f8b632b255a8cb21ae17ebb203dd12d</id>
<content type='text'>
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)

Signed-off-by: Andre McCurdy &lt;armccurdy@gmail.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: remove spurious db build dependency</title>
<updated>2017-11-05T22:33:23+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2017-11-01T09:57:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=12510f2b565bd91efa2e455c03395ed49c457ff7'/>
<id>urn:sha1:12510f2b565bd91efa2e455c03395ed49c457ff7</id>
<content type='text'>
The dbm module uses gdbm by default which is also a build dependency.

(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: upgrade to 2.4.2</title>
<updated>2017-11-05T22:33:21+00:00</updated>
<author>
<name>Leonardo Sandoval</name>
<email>leonardo.sandoval.gonzalez@linux.intel.com</email>
</author>
<published>2017-10-12T18:35:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=36ba73e495a3f4e75a1be813fb73b5ad27990784'/>
<id>urn:sha1:36ba73e495a3f4e75a1be813fb73b5ad27990784</id>
<content type='text'>
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe &amp; repo.

    commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
    Author: hsbt &lt;hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e&gt;
    Date:   Wed Apr 12 00:21:18 2017 +0000

        Merge json-2.0.4.

          * https://github.com/flori/json/releases/tag/v2.0.4
          * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204

        git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)

Signed-off-by: Leonardo Sandoval &lt;leonardo.sandoval.gonzalez@linux.intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: CVE-2017-14064</title>
<updated>2017-09-18T10:07:30+00:00</updated>
<author>
<name>Ovidiu Panait</name>
<email>ovidiu.panait@windriver.com</email>
</author>
<published>2017-09-15T11:36:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=80aa68fa758652b168bbd9235f8e8b77d7904cf5'/>
<id>urn:sha1:80aa68fa758652b168bbd9235f8e8b77d7904cf5</id>
<content type='text'>
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064

Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85

(From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70)

Signed-off-by: Ovidiu Panait &lt;ovidiu.panait@windriver.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: fix CVE-2017-922{6-9}</title>
<updated>2017-08-19T21:15:39+00:00</updated>
<author>
<name>Joe Slater</name>
<email>jslater@windriver.com</email>
</author>
<published>2017-08-18T17:43:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ee195eb03460e9dca41084695d4775ec830cfde7'/>
<id>urn:sha1:ee195eb03460e9dca41084695d4775ec830cfde7</id>
<content type='text'>
CVE-2017-9226 : check too big code point value for single byte
CVE-2017-9227 : access to invalid address by reg-&gt;dmin value
CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class()
CVE-2017-9229 : access to invalid address by reg-&gt;dmax value

(From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7)

Signed-off-by: Joe Slater &lt;jslater@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: fix CVE-2017-9224</title>
<updated>2017-08-18T09:40:26+00:00</updated>
<author>
<name>Joe Slater</name>
<email>jslater@windriver.com</email>
</author>
<published>2017-08-16T21:46:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=391127b00291bddba010813f9e033a31290c3b66'/>
<id>urn:sha1:391127b00291bddba010813f9e033a31290c3b66</id>
<content type='text'>
Use DATA_ENSURE(1) before access.

(From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f)

Signed-off-by: Joe Slater &lt;jslater@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>meta: Add/fix missing Upstream-Status to patches</title>
<updated>2017-06-27T09:38:43+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2017-06-26T10:52:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a5bf271c7c4cf5d3bfdf8d1b05eec70ca43726b8'/>
<id>urn:sha1:a5bf271c7c4cf5d3bfdf8d1b05eec70ca43726b8</id>
<content type='text'>
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.

(From OE-Core rev: 563cab8e823c3fde8ae4785ceaf4d68a5d3e25df)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: upgrade to 2.4.1</title>
<updated>2017-05-25T22:59:32+00:00</updated>
<author>
<name>Leonardo Sandoval</name>
<email>leonardo.sandoval.gonzalez@linux.intel.com</email>
</author>
<published>2017-05-22T18:47:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=560d654ebba53838e96099bd86555abee9cf970c'/>
<id>urn:sha1:560d654ebba53838e96099bd86555abee9cf970c</id>
<content type='text'>
(From OE-Core rev: 3ff2d0bc7a8e7a7e8c8e953dc0ccf84d891688ef)

Signed-off-by: Leonardo Sandoval &lt;leonardo.sandoval.gonzalez@linux.intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ruby: upgrade 2.3.3 -&gt; 2.4.0</title>
<updated>2017-03-01T23:27:11+00:00</updated>
<author>
<name>Leonardo Sandoval</name>
<email>leonardo.sandoval.gonzalez@linux.intel.com</email>
</author>
<published>2017-02-21T17:03:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=db9b183d5c8067fc0eaf96e6c8e0e81258f4ff1c'/>
<id>urn:sha1:db9b183d5c8067fc0eaf96e6c8e0e81258f4ff1c</id>
<content type='text'>
Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains
the same.

(From OE-Core rev: 2bbad067b6b928d4615df938d0e41fa84e451c15)

Signed-off-by: Leonardo Sandoval &lt;leonardo.sandoval.gonzalez@linux.intel.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
