ruby: fix CVE-2023-36617

Backport two patches [1] [2] to fix CVE-2023-36617 (From OE-Core rev: 7a40082e4e080eaf5f88bd24f7169b7731028529) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Meenali Gupta <meenali.gupta@windriver.com> 2023-09-27 03:39:35 +0000
committer: Steve Sakoman <steve@sakoman.com> 2023-09-30 09:43:59 -1000
commit: a54b91946cff4ec8a417b74bdb2c7f22ef0c9b11 (patch)
tree: 28cb89db11a5af5c285aac180d4b6a1da1122624 /meta/recipes-devtools/ruby/ruby_3.1.3.bb
parent: a1b812eefa6a8ac64bd5e5f24010c80f2bd541ad (diff)
download: poky-a54b91946cff4ec8a417b74bdb2c7f22ef0c9b11.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 72030508dd..228a2204db 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -31,6 +31,8 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
           file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
           file://CVE-2023-28756.patch \
           file://CVE-2023-28755.patch \
+           file://CVE-2023-36617_1.patch \
+           file://CVE-2023-36617_2.patch \
           "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
author	Meenali Gupta <meenali.gupta@windriver.com>	2023-09-27 03:39:35 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-09-30 09:43:59 -1000
commit	a54b91946cff4ec8a417b74bdb2c7f22ef0c9b11 (patch)
tree	28cb89db11a5af5c285aac180d4b6a1da1122624 /meta/recipes-devtools/ruby/ruby_3.1.3.bb
parent	a1b812eefa6a8ac64bd5e5f24010c80f2bd541ad (diff)
download	poky-a54b91946cff4ec8a417b74bdb2c7f22ef0c9b11.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 72030508dd..228a2204db 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -31,6 +31,8 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
31	file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \	31	file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
32	file://CVE-2023-28756.patch \	32	file://CVE-2023-28756.patch \
33	file://CVE-2023-28755.patch \	33	file://CVE-2023-28755.patch \
		34	file://CVE-2023-36617_1.patch \
		35	file://CVE-2023-36617_2.patch \
34	"	36	"
35	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"	37	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
36		38