| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Find out rbconfig.rb and created.rid from ${B}/.installed.list
and remove build host directories
- For rbconfig.rb, parse it like python's _sysconfigdata.py
[snip rbconfig.rb]
26 CONFIG["INSTALL"] = 'install -c'
[snip rbconfig.rb]
- For created.rid, it records file created time, just strip ${WORKDIR} prefix.
[snip created.rid]
840 /ruby-2.5.1/doc/maintainers.rdoc Fri, 22 Dec 2017 23:08:05 +0000
[snip created.rid]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Directory traversal vulnerability as described by
https://nvd.nist.gov/vuln/detail/CVE-2018-1000073.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: Checksum of LEGAL file updated for changes to
upstream URL and addition of Wayback Machine url
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.Upgrade ruby form 2.4.2 to 2.5.0.
2.Update the checksum of LIC_FILES_CHKSUM.
3.Delete ruby-CVE-2017-9224.patch, ruby-CVE-2017-9227.patch, ruby-CVE-2017-9229.patch, since it is integrated upstream.
4.Modify ruby-CVE-2017-9226.patch, since the data has been changed.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The dbm module uses gdbm by default which is also a build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2017-9226 : check too big code point value for single byte
CVE-2017-9227 : access to invalid address by reg->dmin value
CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class()
CVE-2017-9229 : access to invalid address by reg->dmax value
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use DATA_ENSURE(1) before access.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains
the same.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is latest in 2.2 series, helps with compile
using clang
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ri (Ruby Interactive) documentation for the Ruby standard library
consumes a significant amount of space on disk. It is useful to
developers, but is usually not necessary for users who just want to run
applications written in Ruby. Break it out into a separate package so
Ruby can be installed without it.
Also break out the rdoc documentation generator in its own package.
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In some recipes overly-split -dbg packages were merged into PN-dbg. Unless
there's a very good reason, recipes should have a single -dev and -dbg package.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This dependency is floating otherwise, It races against openssl-native
and when openssl config does not match with openssl on build host the
build fails occasionally
x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is
disabled.
# error RIPEMD is disabled.
Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Ruby is required to build webkit.
Use trim_version() to build the major release, and remove redundant S assignment
(RB).
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Ross Burton
Hongxu Jia
Joe Slater
Maxin B. John
Huang Qiyu
Andre McCurdy
Leonardo Sandoval
Ovidiu Panait
Joe Slater
Richard Purdie
Alexander Kanavin
Peter Kjellerstedt
Edwin Plauchu
Edwin Plauchu
Christopher Larson
Khem Raj
Ioan-Adrian Ratiu