summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/ruby/ruby_3.3.5.bb
Commit message (Collapse)AuthorAgeFilesLines
* ruby-ptest : some ptest fixesJiaying Song2025-09-011-2/+5
| | | | | | | | | | | | | | | | | - Skip the test_rm_r_no_permissions test under the root user, as deletion always succeeds. - Filter out tests under the -ext- directory in run-ptest. Due to the commit [1],the packaging of .so test files under the .ext directory was removed. As a result, adjust the test filtering rules to avoid test failures caused by missing files. - Add installation of rdoc.rb and did_you_mean.rb files in do_install_ptest to ensure complete test dependencies. - Add init.rb file to PTEST installation path. (From OE-Core rev: fbbfbfd59fe74c6f742af29d32fae1327068b9ff) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: fix CVE-2025-27221Divya Chellam2025-06-021-0/+2
| | | | | | | | | | | | | | | | | | | In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27221 Upstream-patches: https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495 https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5 (From OE-Core rev: 421d7011269f4750f5942b815d68f77fa4559d69) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: fix CVE-2025-27220Divya Chellam2025-04-011-0/+1
| | | | | | | | | | | | | | | | In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. Reference: https://security-tracker.debian.org/tracker/CVE-2025-27220 Upstream-patch: https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 (From OE-Core rev: 8c31f8e142894f103409ee10deccc22fdeea897c) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: Fix CVE-2025-27219Ashish Sharma2025-03-151-0/+1
| | | | | | | | | Upstream-Status: Backport from [https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab] (From OE-Core rev: 7e0a96b5c0b7a5ca593df83861086d0980ea72e9) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby: upgrade 3.2.2 -> 3.3.5Yogita Urade2024-10-181-0/+140
Includes fix for CVE-2024-41123 & CVE-2024-41946 Release notes: https://github.com/ruby/ruby/releases/tag/v3_3_5 Rebase: 0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch 0006-Make-gemspecs-reproducible.patch Drop: 0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch 0002-Obey-LDFLAGS-for-the-link-of-libruby.patch CVE-2023-36617_1.patch CVE-2023-36617_2.patch CVE-2024-27281.patch CVE-2024-27282.patch (merged upstream) 0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch 0002-template-Makefile.in-filter-out-f-prefix-map.patch remove_has_include_macros.patch (code rewritten upstream) License-Update: Updated LEGAL section (From OE-Core rev: 69ffe5bc09260918fb32bfcb29586dcaa1958a5c) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>