aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/ruby
AgeCommit message (Collapse)Author
2018-05-15ruby: Update to 2.4.4Armin Kuster
The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for Morty context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-05-15ruby: fix typo in gmp PACKAGECONFIG optionAndre McCurdy
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) (From OE-Core rev: a9b55cbec9f5ff11f92f50c529049e83ac898043) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-05-15ruby: remove spurious db build dependencyRoss Burton
The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) (From OE-Core rev: 20d9821e9131c3d715ed629ad38eed802f737056) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-03-03ruby: update to 2.4.3Armin Kuster
This fixes a segfault in arm64 multilib. Drop CVE-2017-14064.patch Additional CVE included are 2.4.3: CVE-2017-17405: Command injection vulnerability in Net::FTP Additional CVE included are 2.4.2: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON Ruby Gems: DNS request hijacking vulnerability. (CVE-2017-0902) ANSI escape sequence vulnerability. (CVE-2017-0899) DoS vulnerability in the query command. (CVE-2017-0900) vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901) Signed-off-by: Armin Kuster <akuster808@gmail.com>
2018-01-13ruby: update to 2.4.0Alexander Kanavin
Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby (up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-21ruby: Security fix for CVE-2017-14064Rajkumar Veer
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Security fix for CVE-2017-14033Rajkumar Veer
affects ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Security fix for CVE-2017-9229Thiruvadi Rajaraman
affects ruby < 2.4.1 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Secruity fix for CVE-2017-9226Thiruvadi Rajaraman
affects ruby < 2.4.1 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Security fix for CVE-2017-9228Thiruvadi Rajaraman
affects ruby < 2.4.1 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Security fix for CVE-2017-9227Thiruvadi Rajaraman
affects ruby < 2.4.1 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: Security fix for CVE-2016-7798Thiruvadi Rajaraman
affectes ruby < 2.3.1 Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2017-11-21ruby: fix build of ruby-native with gcc7Joshua Lock
Marsalling is broken when ruby-2.2.x is built with gcc7, backport the change fix in Ruby SVN r57410 to apply to ruby 2.2.5: https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57410 Fixes [YOCTO #12271] Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-05-14ruby: obey LDFLAGS for the link of librubyChristopher Larson
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-13ruby: Upgrade to 2.2.5Khem Raj
This is latest in 2.2 series, helps with compile using clang Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18ruby: break out ri-docs and rdoc into separate packagesIoan-Adrian Ratiu
The ri (Ruby Interactive) documentation for the Ruby standard library consumes a significant amount of space on disk. It is useful to developers, but is usually not necessary for users who just want to run applications written in Ruby. Break it out into a separate package so Ruby can be installed without it. Also break out the rdoc documentation generator in its own package. Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-12-16meta: more removals of redunant FILES_${PN}-dbgRoss Burton
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-12-01ruby-native: Depend on openssl-nativeKhem Raj
This dependency is floating otherwise, It races against openssl-native and when openssl config does not match with openssl on build host the build fails occasionally x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is disabled. # error RIPEMD is disabled. Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-09-11ruby: add a recipe from meta-rubyAlexander Kanavin
Ruby is required to build webkit. Use trim_version() to build the major release, and remove redundant S assignment (RB). Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-30 22:20:53 +0000