Age | Commit message (Collapse) | Author |
|
Apply some changes on the Ruby makefiles in order to fix the reproducibility:
- use a fixed timestamp,
- sort linked objects,
- doesn't use the current date,
- and use UTC date.
[YOCTO #14268]
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59b07ab51ff932a4632a31675445ba4192bae36b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport a patch to fix CVE-2021-31799.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE-2021-31810:
A malicious FTP server can use the PASV response to trick Net::FTP into
connecting back to a given IP address and port. This potentially makes
Net::FTP extract information about services that are otherwise private
and not disclosed (e.g., the attacker can conduct port scans and service
banner extractions).
CVE-2021-32066:
Net::IMAP does not raise an exception when StartTLS fails with an
unknown response, which might allow man-in-the-middle attackers to
bypass the TLS protections by leveraging a network position between the
client and the registry to block the StartTLS command, aka a “StartTLS
stripping attack.”
References:
https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/
Patches from:
https://github.com/ruby/ruby/commit/bf4d05173c7cf04d8892e4b64508ecf7902717cd
https://github.com/ruby/ruby/commit/e2ac25d0eb66de99f098d6669cf4f06796aa6256
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b6949a028fd31bd04ed0478fb34a58b971f31e1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The coroutine implementation in ruby has either arch specific
implementations or it falls back to slower ucontext API based
implementation assuming libc will provide the needed APIs, however musl
does not implement ucontext APIs like glibc, therefore fallback is to
use libucontext library on musl. However, libucontext is not ported to
riscv yet. which means on musl/riscv ruby is unbuildable, however a
third option is to use copy implementation for coroutines, which will be
not as good performance-wise, but it will do the job, therefore for now
use copy implementation for rv32/rv64 when using musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop 0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch
as files removed upstream.
License-Update: formatting
Drop autoconf270.patch, as no longer needed with 3.0.0
(I verified against master-next which has the new autoconf).
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop a macro we don't need which was breaking with autoconf 2.70.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The integrated Tcl/Tk module was removed in Ruby 2.4[1] back in 2016, so this
build dependency can be removed.
[1] https://github.com/ruby/ruby/commit/303dc3c591e324b6bbc691326d8bea76fe3b8fda
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
updates also fix CVE-2020-25613
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
coroutines in ruby 2.7+ needs ucontext APIs which are not available in
musl but an external library is available to provide them so use it
Use cached values for ac_cv_func_isnan and ac_cv_func_isinf this is not
detected correctly by configure on musl
on ARM drop using old arm32 implementation of coroutine which is slow and
inefficient
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
work for musl since it uses glibc specific functions e.g.
getcontext/swapcontext/swapcontext also see [1]
This patch reverts back to using arm32 implementation for coroutines on
arm
[1] https://bugs.ruby-lang.org/issues/16455#change-83442
[2] https://github.com/ruby/ruby/commit/6c6bf9ffcbfeb8be9d9c342e7604b74ec819e88a#diff-7fccec8474e2184cd2518046bf39d54cL10
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After update to 2.7.0, it fails to start ptest of ruby with errors:
| ./test/runner.rb:11:in `require_relative': cannot load such file --
/usr/lib64/ruby/ptest/tool/test/runner (LoadError)
and
| test/rdoc/test_rdoc_attr.rb: cannot load such file -- rdoc/version
| test/did_you_mean/spell_checking/test_key_name_check.rb: cannot load
such file -- /usr/lib64/ruby/ptest/lib/did_you_mean
Install the required files for the ptest.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
Removed since it is included in 2.7.0.
refresh the following patch:
0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
add the following patch to solve build error:
0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch
[error message]
ERROR: ruby-2.7.0-r0 do_package_qa: QA Issue:
/usr/lib/ruby/gems/2.7.0/gems/racc-1.4.16/bin/y2racc contained in
package ruby requires /usr/local/bin/ruby, but no providers found in
RDEPENDS_ruby? [file-rdeps]
format of file COPYING is updated.
LEGAL notice information is updated.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
one of the build steps ruby has is that it generated rb_mjit_header.h
during configure using gcc preprocessor using -dD which emits built-in
defines as well, problem happens when this header is later included in
subsequent compiles, where compiler errors out stating that an existing
internal define is redefined
| /tmp/20200123-2021083-2c601q.h:13849:9: error: "__has_include" cannot be used as a macro name
| 13849 | #define __has_include __has_include
| | ^~~~~~~~~~~~~
| compilation terminated due to -Wfatal-errors.
Since compiler already will take care of it internally we can edit it
out from this header file
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There isn't anything specific about the target in these cases an in
general recipes should touch CFLAGS. This ensures people don't
copy/paste bad example usages. In reality, behaviour is mostly
unchanged.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* the (new?) ruby expects some additional compiled libraries
to run, so we need to copy them as part of ptest.
Fixes errors like:
# ruby ./runner.rb ./-ext-/vm/test_at_exit.rb
Run options:
# Running tests:
[1/1] TestVM#test_at_exit = 0.06 s
1) Failure:
TestVM#test_at_exit [/usr/lib/ruby/ptest/test/-ext-/vm/test_at_exit.rb:7]:
1. [1/2] Assertion for "stdout"
| <["begin", "end"]> expected but was
| <[]>.
2. [2/2] Assertion for "stderr"
| <[]> expected but was
| <["-:1:in `require': cannot load such file -- -test-/vm/at_exit (LoadError)",
| "\tfrom -:1:in `<main>'"]>.
* the 'erb' test can't find the erb binary, as we're not
running this from within the build directory
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Most patches had to be refreshed
Note that we can now drop
EXTRA_AUTORECONF += "--exclude=aclocal"
from the recipe, as ruby upstream now fully supports
runnning aclocal:
https://github.com/ruby/ruby/pull/1793/commits/df9bf70cd2275a3ddc3108f392214fcc4a9b0859
https://github.com/ruby/ruby/commit/ec43478f34de262ebdd2922c488e265344b489c3
Also note that 'created.rid' is not being installed
anymore since v2.6.0
While additional LICENSEs were added to the recipe,
they should always have been mentioned in this recipe,
i.e. the license checksum was updated only because:
* URLs were updated
* new imported components were mentioned (with no new licenses)
* formatting was changed
* dates were updated
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When IPv6 support is disabled, this recipe mis-configures
ruby so that it end up non-working:
--enable-wide-getaddrinfo instructs ruby to re-implement
the standard getaddinfo(), but IPv6 support is still
automatically detected via ext/socket/extconf.rb
independently of that flag.
To re-implement getaddrinfo(), ruby uses the obsolete
getipnodebyaddr() and getipnodebyname() functions - i.e.
according to the man-page, glibc provided those only in
glibc 2.1.91-95; and of course compilation fails. [1]
Switch to ruby's standard --enable-ipv6= configure
options to make the build work without warnings, and
ruby work at runtime as well.
[1] Compilation and linking actually succeed, albeit with
a warning regarding implicit declaration / unresolved
symbols. The error is only obvious at runtime due to the
unresolved symbols...
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The configure script does not detect isnan/isinf as macros
as is the case in musl:
checking for isinf... no
checking for isnan... no
Backport an upstream patch from 2.7.0-preview1 to address this:
checking whether isinf is declared... yes
checking whether isnan is declared... yes
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The CVE patches here address the original problem in
a different way to how upstream solved it, and are
superfluous.
Ruby updated to Onigmo v6.1.3+669ac999761 before its
v2.5.0 release, and both CVEs were fixed before Onigmo
v6.1.3:
https://github.com/k-takata/Onigmo/releases/tag/Onigmo-6.1.3
https://github.com/k-takata/Onigmo/commits/Onigmo-6.1.3
https://github.com/k-takata/Onigmo/commit/40945546578004bf40e6f884834bcad4054c70f7
https://github.com/k-takata/Onigmo/commit/783b7ef491e1422e4be7407ccc3e4305e5013507
Because the issues were fixed differently here and
in Ruby (Onigmo), patch never complained about
duplicatation during recipe updates.
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jóhann Friðriksson <jofr@foss.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ext module fiddle depend on libffi, in ruby source tree,
there is in internal libffi in case target platfrom don't
install libffi, but autotools.bbclass delete configure
under libffi and not run autoreconf to regenerate one.so
we met this error:
ruby-2.5.3/ext/fiddle/libffi-3.2.1/configure: No such file or directory
the fix is add depend and extra_oeconf to use libffi in the system
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently
applied all gem extraction fails as the realpath check is done against
the full path including the file to be extracted which will always fail
as the file hasnt been extracted yet
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add dependency on readline-native to fix the following issue
uninitialized constant Logfile
| Check ext/fiddle/mkmf.log for more details.
| readline:
| Could not be configured. It will not be installed.
|
build/tmp/work/x86_64-linux/ruby-native/2.5.1-r0/ruby-2.5.1/ext/readline/extconf.rb:62:
Neither readline nor libedit was found
| Check ext/readline/mkmf.log for more details.
| *** Fix the problems, then remove these directories and try again if
you want.
Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Find out rbconfig.rb and created.rid from ${B}/.installed.list
and remove build host directories
- For rbconfig.rb, parse it like python's _sysconfigdata.py
[snip rbconfig.rb]
26 CONFIG["INSTALL"] = 'install -c'
[snip rbconfig.rb]
- For created.rid, it records file created time, just strip ${WORKDIR} prefix.
[snip created.rid]
840 /ruby-2.5.1/doc/maintainers.rdoc Fri, 22 Dec 2017 23:08:05 +0000
[snip created.rid]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Directory traversal vulnerability as described by
https://nvd.nist.gov/vuln/detail/CVE-2018-1000073.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: Checksum of LEGAL file updated for changes to
upstream URL and addition of Wayback Machine url
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.Upgrade ruby form 2.4.2 to 2.5.0.
2.Update the checksum of LIC_FILES_CHKSUM.
3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream.
4.Modify ruby-CVE-2017-9226.patch, since the data has been changed.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The dbm module uses gdbm by default which is also a build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2017-9226 : check too big code point value for single byte
CVE-2017-9227 : access to invalid address by reg->dmin value
CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class()
CVE-2017-9229 : access to invalid address by reg->dmax value
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use DATA_ENSURE(1) before access.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains
the same.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is latest in 2.2 series, helps with compile
using clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|