aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools/ruby
AgeCommit message (Collapse)Author
2018-07-26ruby: security fix CVE 2018-1000073Joe Slater
Directory traversal vulnerability as described by https://nvd.nist.gov/vuln/detail/CVE-2018-1000073. Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-05-04ruby: upgrade to version 2.5.1Maxin B. John
License-Update: Checksum of LEGAL file updated for changes to upstream URL and addition of Wayback Machine url Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-11ruby: refresh patchesRoss Burton
The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-02-06ruby: 2.4.2 -> 2.5.0Huang Qiyu
1.Upgrade ruby form 2.4.2 to 2.5.0. 2.Update the checksum of LIC_FILES_CHKSUM. 3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream. 4.Modify ruby-CVE-2017-9226.patch, since the data has been changed. Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-01-26ruby: fix typo in gmp PACKAGECONFIG optionAndre McCurdy
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-11-05ruby: remove spurious db build dependencyRoss Burton
The dbm module uses gdbm by default which is also a build dependency. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-11-05ruby: upgrade to 2.4.2Leonardo Sandoval
The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-09-18ruby: CVE-2017-14064Ovidiu Panait
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14064 Upstream patch: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-08-19ruby: fix CVE-2017-922{6-9}Joe Slater
CVE-2017-9226 : check too big code point value for single byte CVE-2017-9227 : access to invalid address by reg->dmin value CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class() CVE-2017-9229 : access to invalid address by reg->dmax value Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-08-17ruby: fix CVE-2017-9224Joe Slater
Use DATA_ENSURE(1) before access. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-06-27meta: Add/fix missing Upstream-Status to patchesRichard Purdie
This adds or fixes the Upstream-Status for all remaining patches missing it in OE-Core. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-05-25ruby: upgrade to 2.4.1Leonardo Sandoval
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-03-01ruby: upgrade 2.3.3 -> 2.4.0Leonardo Sandoval
Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains the same. Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-03-01ruby: fix upstream version checkAlexander Kanavin
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-03-01recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-22ruby: upgrade to 2.3.3Edwin Plauchu
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-30ruby: upgrade to 2.3.1Edwin Plauchu
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-05-14ruby: obey LDFLAGS for the link of librubyChristopher Larson
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-05-13ruby: Upgrade to 2.2.5Khem Raj
This is latest in 2.2 series, helps with compile using clang Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-18ruby: break out ri-docs and rdoc into separate packagesIoan-Adrian Ratiu
The ri (Ruby Interactive) documentation for the Ruby standard library consumes a significant amount of space on disk. It is useful to developers, but is usually not necessary for users who just want to run applications written in Ruby. Break it out into a separate package so Ruby can be installed without it. Also break out the rdoc documentation generator in its own package. Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-12-16meta: more removals of redunant FILES_${PN}-dbgRoss Burton
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless there's a very good reason, recipes should have a single -dev and -dbg package. Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-12-01ruby-native: Depend on openssl-nativeKhem Raj
This dependency is floating otherwise, It races against openssl-native and when openssl config does not match with openssl on build host the build fails occasionally x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is disabled. # error RIPEMD is disabled. Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2015-09-11ruby: add a recipe from meta-rubyAlexander Kanavin
Ruby is required to build webkit. Use trim_version() to build the major release, and remove redundant S assignment (RB). Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>