diff options
| author |   Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> | 2017-10-12 11:35:23 -0700 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-05-07 15:56:28 +0100 |
| commit | 59fed1c288bc8d5549fffccedcc24ae9f4f32dac (patch) | |
| tree | 9f3683327ebf722017dc60a7a557b616f0f17ef3 | |
| parent | 60c360c0561f1ff5ff2135c4557f5992f9485617 (diff) | |
| download | openembedded-core-contrib-59fed1c288bc8d5549fffccedcc24ae9f4f32dac.tar.gz | |
ruby: upgrade to 2.4.2
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch | 87 | ||||
| -rw-r--r-- | meta/recipes-devtools/ruby/ruby_2.4.2.bb (renamed from meta/recipes-devtools/ruby/ruby_2.4.1.bb) | 5 |
2 files changed, 2 insertions, 90 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch deleted file mode 100644 index 88e693c94e..0000000000 --- a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-14064.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 -From: Florian Frank <flori@ping.de> -Date: Thu, 2 Mar 2017 12:12:33 +0100 -Subject: [PATCH] Fix arbitrary heap exposure problem - -Upstream-Status: Backport -CVE: CVE-2017-14064 - -Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> ---- - ext/json/generator/generator.c | 12 ++++++------ - ext/json/generator/generator.h | 1 - - 2 files changed, 6 insertions(+), 7 deletions(-) - -diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c -index ef85bb7..c88818c 100644 ---- a/ext/json/generator/generator.c -+++ b/ext/json/generator/generator.c -@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { - char *result; - if (len <= 0) return NULL; - result = ALLOC_N(char, len); -- memccpy(result, ptr, 0, len); -+ memcpy(result, ptr, len); - return result; - } - -@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) - } - } else { - if (state->indent) ruby_xfree(state->indent); -- state->indent = strdup(RSTRING_PTR(indent)); -+ state->indent = fstrndup(RSTRING_PTR(indent), len); - state->indent_len = len; - } - return Qnil; -@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) - } - } else { - if (state->space) ruby_xfree(state->space); -- state->space = strdup(RSTRING_PTR(space)); -+ state->space = fstrndup(RSTRING_PTR(space), len); - state->space_len = len; - } - return Qnil; -@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) - } - } else { - if (state->space_before) ruby_xfree(state->space_before); -- state->space_before = strdup(RSTRING_PTR(space_before)); -+ state->space_before = fstrndup(RSTRING_PTR(space_before), len); - state->space_before_len = len; - } - return Qnil; -@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) - } - } else { - if (state->object_nl) ruby_xfree(state->object_nl); -- state->object_nl = strdup(RSTRING_PTR(object_nl)); -+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); - state->object_nl_len = len; - } - return Qnil; -@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) - } - } else { - if (state->array_nl) ruby_xfree(state->array_nl); -- state->array_nl = strdup(RSTRING_PTR(array_nl)); -+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); - state->array_nl_len = len; - } - return Qnil; -diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h -index 900b4d5..c367a62 100644 ---- a/ext/json/generator/generator.h -+++ b/ext/json/generator/generator.h -@@ -1,7 +1,6 @@ - #ifndef _GENERATOR_H_ - #define _GENERATOR_H_ - --#include <string.h> - #include <math.h> - #include <ctype.h> - --- -2.10.2 - diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.2.bb index 7d27ac84ec..b471154a22 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.2.bb @@ -6,11 +6,10 @@ SRC_URI += " \ file://ruby-CVE-2017-9227.patch \ file://ruby-CVE-2017-9228.patch \ file://ruby-CVE-2017-9229.patch \ - file://ruby-CVE-2017-14064.patch \ " -SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" -SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250" +SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c" +SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c" # it's unknown to configure script, but then passed to extconf.rb # maybe it's not really needed as we're hardcoding the result with |