From 159e006ae73c039a2e9054d337b310fd3fac53ba Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Fri, 12 Jan 2018 18:20:01 +0200 Subject: ruby: update to 2.4.0 Existing version of ruby-native (2.2.5) was crashing on my machine (and others' too), yet a functional ruby is necessary to upgrade webkit to a version that less vulnerable to Spectre. I've performed the update by copying the ruby recipe directory over from the current pyro tree; if you want to see the list of specific commits, issue this command: git log 99656fecf4fa6e24ba49ecb7f26f893e733818a0 meta/recipes-devtools/ruby (up to commit e593d3aeb2ea5f08d6e0753133fe89e345b339e8) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 4734a4b41898e3df252b6234ed1270a915fd1f68) Signed-off-by: Armin Kuster --- meta/recipes-devtools/ruby/ruby.inc | 5 +- .../recipes-devtools/ruby/ruby/CVE-2016-7798.patch | 164 ----------- .../ruby/ruby/CVE-2017-14033.patch | 89 ------ .../ruby/ruby/CVE-2017-14064.patch | 312 +++++++++++++++++++-- .../recipes-devtools/ruby/ruby/CVE-2017-9226.patch | 33 --- .../recipes-devtools/ruby/ruby/CVE-2017-9227.patch | 24 -- .../recipes-devtools/ruby/ruby/CVE-2017-9228.patch | 26 -- .../recipes-devtools/ruby/ruby/CVE-2017-9229.patch | 36 --- meta/recipes-devtools/ruby/ruby/prevent-gc.patch | 32 --- .../ruby/ruby/ruby-CVE-2017-9224.patch | 41 +++ .../ruby/ruby/ruby-CVE-2017-9226.patch | 41 +++ .../ruby/ruby/ruby-CVE-2017-9227.patch | 32 +++ .../ruby/ruby/ruby-CVE-2017-9228.patch | 34 +++ .../ruby/ruby/ruby-CVE-2017-9229.patch | 59 ++++ meta/recipes-devtools/ruby/ruby_2.2.5.bb | 57 ---- meta/recipes-devtools/ruby/ruby_2.4.0.bb | 58 ++++ 16 files changed, 561 insertions(+), 482 deletions(-) delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch delete mode 100644 meta/recipes-devtools/ruby/ruby/prevent-gc.patch create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch create mode 100644 meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch delete mode 100644 meta/recipes-devtools/ruby/ruby_2.2.5.bb create mode 100644 meta/recipes-devtools/ruby/ruby_2.4.0.bb diff --git a/meta/recipes-devtools/ruby/ruby.inc b/meta/recipes-devtools/ruby/ruby.inc index fde67e9407..d71989889e 100644 --- a/meta/recipes-devtools/ruby/ruby.inc +++ b/meta/recipes-devtools/ruby/ruby.inc @@ -8,10 +8,10 @@ HOMEPAGE = "http://www.ruby-lang.org/" SECTION = "devel/ruby" LICENSE = "Ruby | BSD | GPLv2" LIC_FILES_CHKSUM = "\ - file://COPYING;md5=837b32593517ae48b9c3b5c87a5d288c \ + file://COPYING;md5=8a960b08d972f43f91ae84a6f00dcbfb \ file://BSDL;md5=19aaf65c88a40b508d17ae4be539c4b5\ file://GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263\ - file://LEGAL;md5=c440adb575ba4e6e2344c2630b6a5584\ + file://LEGAL;md5=daf349ad59dd19bd8c919171bff3c5d6 \ " DEPENDS = "ruby-native zlib openssl tcl libyaml db gdbm readline" @@ -22,6 +22,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://extmk.patch \ file://0002-Obey-LDFLAGS-for-the-link-of-libruby.patch \ " +UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" inherit autotools diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch b/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch deleted file mode 100644 index 2b8772ba41..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2016-7798.patch +++ /dev/null @@ -1,164 +0,0 @@ -cipher: don't set dummy encryption key in Cipher#initialize -Remove the encryption key initialization from Cipher#initialize. This -is effectively a revert of r32723 ("Avoid possible SEGV from AES -encryption/decryption", 2011-07-28). - -r32723, which added the key initialization, was a workaround for -Ruby Bug #2768. For some certain ciphers, calling EVP_CipherUpdate() -before setting an encryption key caused segfault. It was not a problem -until OpenSSL implemented GCM mode - the encryption key could be -overridden by repeated calls of EVP_CipherInit_ex(). But, it is not the -case for AES-GCM ciphers. Setting a key, an IV, a key, in this order -causes the IV to be reset to an all-zero IV. - -The problem of Bug #2768 persists on the current versions of OpenSSL. -So, make Cipher#update raise an exception if a key is not yet set by the -user. Since encrypting or decrypting without key does not make any -sense, this should not break existing applications. - -Users can still call Cipher#key= and Cipher#iv= multiple times with -their own responsibility. - -Reference: https://bugs.ruby-lang.org/issues/2768 -Reference: https://bugs.ruby-lang.org/issues/8221 - -Upstream-Status: Backport -CVE: CVE-2016-7798 - -Signed-off-by: Thiruvadi Rajaraman - -Index: ruby-2.2.2/ext/openssl/ossl_cipher.c -=================================================================== ---- ruby-2.2.2.orig/ext/openssl/ossl_cipher.c -+++ ruby-2.2.2/ext/openssl/ossl_cipher.c -@@ -35,6 +35,7 @@ - */ - VALUE cCipher; - VALUE eCipherError; -+static ID id_key_set; - - static VALUE ossl_cipher_alloc(VALUE klass); - static void ossl_cipher_free(void *ptr); -@@ -119,7 +120,6 @@ ossl_cipher_initialize(VALUE self, VALUE - EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *cipher; - char *name; -- unsigned char key[EVP_MAX_KEY_LENGTH]; - - name = StringValuePtr(str); - GetCipherInit(self, ctx); -@@ -131,14 +131,7 @@ ossl_cipher_initialize(VALUE self, VALUE - if (!(cipher = EVP_get_cipherbyname(name))) { - ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name); - } -- /* -- * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows -- * uninitialized key, but other EVPs (such as AES) does not allow it. -- * Calling EVP_CipherUpdate() without initializing key causes SEGV so we -- * set the data filled with "\0" as the key by default. -- */ -- memset(key, 0, EVP_MAX_KEY_LENGTH); -- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1) -+ if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) - ossl_raise(eCipherError, NULL); - - return self; -@@ -256,6 +249,8 @@ ossl_cipher_init(int argc, VALUE *argv, - if (EVP_CipherInit_ex(ctx, NULL, NULL, p_key, p_iv, mode) != 1) { - ossl_raise(eCipherError, NULL); - } -+ if (p_key) -+ rb_ivar_set(self, id_key_set, Qtrue); - - return self; - } -@@ -343,6 +338,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VAL - OPENSSL_cleanse(key, sizeof key); - OPENSSL_cleanse(iv, sizeof iv); - -+ rb_ivar_set(self, id_key_set, Qtrue); -+ - return Qnil; - } - -@@ -396,6 +393,9 @@ ossl_cipher_update(int argc, VALUE *argv - - rb_scan_args(argc, argv, "11", &data, &str); - -+ if (!RTEST(rb_attr_get(self, id_key_set))) -+ ossl_raise(eCipherError, "key not set"); -+ - StringValue(data); - in = (unsigned char *)RSTRING_PTR(data); - if ((in_len = RSTRING_LEN(data)) == 0) -@@ -495,6 +495,8 @@ ossl_cipher_set_key(VALUE self, VALUE ke - if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1) - ossl_raise(eCipherError, NULL); - -+ rb_ivar_set(self, id_key_set, Qtrue); -+ - return key; - } - -@@ -1013,5 +1015,7 @@ Init_ossl_cipher(void) - rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); - rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); - rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); -+ -+ id_key_set = rb_intern_const("key_set"); - } - -Index: ruby-2.2.2/test/openssl/test_cipher.rb -=================================================================== ---- ruby-2.2.2.orig/test/openssl/test_cipher.rb -+++ ruby-2.2.2/test/openssl/test_cipher.rb -@@ -80,6 +80,7 @@ class OpenSSL::TestCipher < Test::Unit:: - - def test_empty_data - @c1.encrypt -+ @c1.random_key - assert_raise(ArgumentError){ @c1.update("") } - end - -@@ -127,13 +128,10 @@ class OpenSSL::TestCipher < Test::Unit:: - assert_equal(pt, c2.update(ct) + c2.final) - } - end -- -- def test_AES_crush -- 500.times do -- assert_nothing_raised("[Bug #2768]") do -- # it caused OpenSSL SEGV by uninitialized key -- OpenSSL::Cipher::AES128.new("ECB").update "." * 17 -- end -+ def test_update_raise_if_key_not_set -+ assert_raise(OpenSSL::Cipher::CipherError) do -+ # it caused OpenSSL SEGV by uninitialized key [Bug #2768] -+ OpenSSL::Cipher::AES128.new("ECB").update "." * 17 - end - end - end -@@ -236,6 +234,23 @@ class OpenSSL::TestCipher < Test::Unit:: - end - - end -+ def test_aes_gcm_key_iv_order_issue -+ pt = "[ruby/openssl#49]" -+ cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt -+ cipher.key = "x" * 16 -+ cipher.iv = "a" * 12 -+ ct1 = cipher.update(pt) << cipher.final -+ tag1 = cipher.auth_tag -+ -+ cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt -+ cipher.iv = "a" * 12 -+ cipher.key = "x" * 16 -+ ct2 = cipher.update(pt) << cipher.final -+ tag2 = cipher.auth_tag -+ -+ assert_equal ct1, ct2 -+ assert_equal tag1, tag2 -+ end if has_cipher?("aes-128-gcm") - - private - diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch deleted file mode 100644 index cbcd18c788..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14033.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 1648afef33c1d97fb203c82291b8a61269e85d3b Mon Sep 17 00:00:00 2001 -From: Kazuki Yamaguchi -Date: Mon, 19 Sep 2016 15:38:44 +0900 -Subject: [PATCH] asn1: fix out-of-bounds read in decoding constructed objects - -OpenSSL::ASN1.{decode,decode_all,traverse} have a bug of out-of-bounds -read. int_ossl_asn1_decode0_cons() does not give the correct available -length to ossl_asn1_decode() when decoding the inner components of a -constructed object. This can cause out-of-bounds read if a crafted input -given. - -Reference: https://hackerone.com/reports/170316 - -Upstream-Status: Backport -CVE: CVE-2017-14033 - -Signed-off-by: Rajkumar Veer ---- - ext/openssl/ossl_asn1.c | 13 ++++++------- - test/test_asn1.rb | 23 +++++++++++++++++++++++ - 2 files changed, 29 insertions(+), 7 deletions(-) ---- a/ext/openssl/ossl_asn1.c -+++ b/ext/openssl/ossl_asn1.c -@@ -871,19 +871,18 @@ - { - VALUE value, asn1data, ary; - int infinite; -- long off = *offset; -+ long available_len, off = *offset; - - infinite = (j == 0x21); - ary = rb_ary_new(); - -- while (length > 0 || infinite) { -+ available_len = infinite ? max_len : length; -+ while (available_len > 0 ) { - long inner_read = 0; -- value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read); -+ value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read); - *num_read += inner_read; -- max_len -= inner_read; -+ available_len -= inner_read; - rb_ary_push(ary, value); -- if (length > 0) -- length -= inner_read; - - if (infinite && - NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC && -@@ -974,7 +973,7 @@ - if(j & V_ASN1_CONSTRUCTED) { - *pp += hlen; - off += hlen; -- asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read); -+ asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read); - inner_read += hlen; - } - else { ---- a/test/openssl/test_asn1.rb -+++ b/test/openssl/test_asn1.rb -@@ -595,6 +595,29 @@ - assert_equal(false, asn1.value[3].infinite_length) - end - -+ def test_decode_constructed_overread -+ test = %w{ 31 06 31 02 30 02 05 00 } -+ # ^ <- invalid -+ raw = [test.join].pack("H*") -+ ret = [] -+ assert_raise(OpenSSL::ASN1::ASN1Error) { -+ OpenSSL::ASN1.traverse(raw) { |x| ret << x } -+ } -+ assert_equal 2, ret.size -+ assert_equal 17, ret[0][6] -+ assert_equal 17, ret[1][6] -+ -+ test = %w{ 31 80 30 03 00 00 } -+ # ^ <- invalid -+ raw = [test.join].pack("H*") -+ ret = [] -+ assert_raise(OpenSSL::ASN1::ASN1Error) { -+ OpenSSL::ASN1.traverse(raw) { |x| ret << x } -+ } -+ assert_equal 1, ret.size -+ assert_equal 17, ret[0][6] -+ end -+ - private - - def assert_universal(tag, asn1) diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch index 073d214d88..700d1bc58e 100644 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch +++ b/meta/recipes-devtools/ruby/ruby/CVE-2017-14064.patch @@ -1,19 +1,54 @@ -From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001 -From: Florian Frank -Date: Thu, 2 Mar 2017 12:12:33 +0100 -Subject: [PATCH] Fix arbitrary heap exposure problem +From d86d283fcb35d1442a121b92030884523908a331 Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Sat, 22 Apr 2017 07:29:01 +0000 +Subject: [PATCH] merge revision(s) 58323,58324: + + Merge json-2.0.4. + + * https://github.com/flori/json/releases/tag/v2.0.4 + * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 + Use `assert_raise` instead of `assert_raises`. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58445 b2dd03c8-39d4-4d8f-98ff-823fe69b080e Upstream-Status: Backport CVE: CVE-2017-14064 -Signed-off-by: Rajkumar Veer +Signed-off-by: Armin Kuster + --- - ext/json/ext/generator/generator.c | 12 ++++++------ - ext/json/ext/generator/generator.h | 1 - - 2 files changed, 6 insertions(+), 7 deletions(-) ---- a/ext/json/generator/generator.c -+++ b/ext/json/generator/generator.c -@@ -301,7 +301,7 @@ + ext/json/fbuffer/fbuffer.h | 3 --- + ext/json/generator/generator.c | 12 +++++----- + ext/json/generator/generator.h | 1 - + ext/json/json.gemspec | Bin 5473 -> 5474 bytes + ext/json/lib/json/version.rb | 2 +- + ext/json/parser/parser.c | 48 +++++++++++++++++++++++---------------- + ext/json/parser/parser.rl | 14 +++++++++--- + test/json/json_encoding_test.rb | 2 ++ + test/json/json_generator_test.rb | 0 + version.h | 2 +- + 10 files changed, 49 insertions(+), 35 deletions(-) + mode change 100755 => 100644 test/json/json_generator_test.rb + +Index: ruby-2.4.0/ext/json/fbuffer/fbuffer.h +=================================================================== +--- ruby-2.4.0.orig/ext/json/fbuffer/fbuffer.h ++++ ruby-2.4.0/ext/json/fbuffer/fbuffer.h +@@ -12,9 +12,6 @@ + #define RFLOAT_VALUE(val) (RFLOAT(val)->value) + #endif + +-#ifndef RARRAY_PTR +-#define RARRAY_PTR(ARRAY) RARRAY(ARRAY)->ptr +-#endif + #ifndef RARRAY_LEN + #define RARRAY_LEN(ARRAY) RARRAY(ARRAY)->len + #endif +Index: ruby-2.4.0/ext/json/generator/generator.c +=================================================================== +--- ruby-2.4.0.orig/ext/json/generator/generator.c ++++ ruby-2.4.0/ext/json/generator/generator.c +@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, u char *result; if (len <= 0) return NULL; result = ALLOC_N(char, len); @@ -22,7 +57,7 @@ Signed-off-by: Rajkumar Veer return result; } -@@ -1055,7 +1055,7 @@ +@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE sel } } else { if (state->indent) ruby_xfree(state->indent); @@ -31,7 +66,7 @@ Signed-off-by: Rajkumar Veer state->indent_len = len; } return Qnil; -@@ -1093,7 +1093,7 @@ +@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self } } else { if (state->space) ruby_xfree(state->space); @@ -40,7 +75,7 @@ Signed-off-by: Rajkumar Veer state->space_len = len; } return Qnil; -@@ -1129,7 +1129,7 @@ +@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VAL } } else { if (state->space_before) ruby_xfree(state->space_before); @@ -49,7 +84,7 @@ Signed-off-by: Rajkumar Veer state->space_before_len = len; } return Qnil; -@@ -1166,7 +1166,7 @@ +@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE } } else { if (state->object_nl) ruby_xfree(state->object_nl); @@ -58,17 +93,19 @@ Signed-off-by: Rajkumar Veer state->object_nl_len = len; } return Qnil; -@@ -1201,7 +1201,7 @@ +@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE s } } else { if (state->array_nl) ruby_xfree(state->array_nl); - state->array_nl = strdup(RSTRING_PTR(array_nl)); -+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); ++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); state->array_nl_len = len; } return Qnil; ---- a/ext/json/generator/generator.h -+++ b/ext/json/generator/generator.h +Index: ruby-2.4.0/ext/json/generator/generator.h +=================================================================== +--- ruby-2.4.0.orig/ext/json/generator/generator.h ++++ ruby-2.4.0/ext/json/generator/generator.h @@ -1,7 +1,6 @@ #ifndef _GENERATOR_H_ #define _GENERATOR_H_ @@ -77,3 +114,240 @@ Signed-off-by: Rajkumar Veer #include #include +Index: ruby-2.4.0/ext/json/lib/json/version.rb +=================================================================== +--- ruby-2.4.0.orig/ext/json/lib/json/version.rb ++++ ruby-2.4.0/ext/json/lib/json/version.rb +@@ -1,7 +1,7 @@ + # frozen_string_literal: false + module JSON + # JSON version +- VERSION = '2.0.2' ++ VERSION = '2.0.4' + VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc: + VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: + VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: +Index: ruby-2.4.0/ext/json/parser/parser.c +=================================================================== +--- ruby-2.4.0.orig/ext/json/parser/parser.c ++++ ruby-2.4.0/ext/json/parser/parser.c +@@ -1435,13 +1435,21 @@ static VALUE json_string_unescape(VALUE + break; + case 'u': + if (pe > stringEnd - 4) { +- return Qnil; ++ rb_enc_raise( ++ EXC_ENCODING eParserError, ++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p ++ ); + } else { + UTF32 ch = unescape_unicode((unsigned char *) ++pe); + pe += 3; + if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { + pe++; +- if (pe > stringEnd - 6) return Qnil; ++ if (pe > stringEnd - 6) { ++ rb_enc_raise( ++ EXC_ENCODING eParserError, ++ "%u: incomplete surrogate pair at '%s'", __LINE__, p ++ ); ++ } + if (pe[0] == '\\' && pe[1] == 'u') { + UTF32 sur = unescape_unicode((unsigned char *) pe + 2); + ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) +@@ -1471,7 +1479,7 @@ static VALUE json_string_unescape(VALUE + } + + +-#line 1475 "parser.c" ++#line 1483 "parser.c" + enum {JSON_string_start = 1}; + enum {JSON_string_first_final = 8}; + enum {JSON_string_error = 0}; +@@ -1479,7 +1487,7 @@ enum {JSON_string_error = 0}; + enum {JSON_string_en_main = 1}; + + +-#line 504 "parser.rl" ++#line 512 "parser.rl" + + + static int +@@ -1501,15 +1509,15 @@ static char *JSON_parse_string(JSON_Pars + + *result = rb_str_buf_new(0); + +-#line 1505 "parser.c" ++#line 1513 "parser.c" + { + cs = JSON_string_start; + } + +-#line 525 "parser.rl" ++#line 533 "parser.rl" + json->memo = p; + +-#line 1513 "parser.c" ++#line 1521 "parser.c" + { + if ( p == pe ) + goto _test_eof; +@@ -1534,7 +1542,7 @@ case 2: + goto st0; + goto st2; + tr2: +-#line 490 "parser.rl" ++#line 498 "parser.rl" + { + *result = json_string_unescape(*result, json->memo + 1, p); + if (NIL_P(*result)) { +@@ -1545,14 +1553,14 @@ tr2: + {p = (( p + 1))-1;} + } + } +-#line 501 "parser.rl" ++#line 509 "parser.rl" + { p--; {p++; cs = 8; goto _out;} } + goto st8; + st8: + if ( ++p == pe ) + goto _test_eof8; + case 8: +-#line 1556 "parser.c" ++#line 1564 "parser.c" + goto st0; + st3: + if ( ++p == pe ) +@@ -1628,7 +1636,7 @@ case 7: + _out: {} + } + +-#line 527 "parser.rl" ++#line 535 "parser.rl" + + if (json->create_additions && RTEST(match_string = json->match_string)) { + VALUE klass; +@@ -1675,7 +1683,7 @@ static VALUE convert_encoding(VALUE sour + } + FORCE_UTF8(source); + } else { +- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding()); ++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding()); + } + #endif + return source; +@@ -1808,7 +1816,7 @@ static VALUE cParser_initialize(int argc + } + + +-#line 1812 "parser.c" ++#line 1820 "parser.c" + enum {JSON_start = 1}; + enum {JSON_first_final = 10}; + enum {JSON_error = 0}; +@@ -1816,7 +1824,7 @@ enum {JSON_error = 0}; + enum {JSON_en_main = 1}; + + +-#line 720 "parser.rl" ++#line 728 "parser.rl" + + + /* +@@ -1833,16 +1841,16 @@ static VALUE cParser_parse(VALUE self) + GET_PARSER; + + +-#line 1837 "parser.c" ++#line 1845 "parser.c" + { + cs = JSON_start; + } + +-#line 736 "parser.rl" ++#line 744 "parser.rl" + p = json->source; + pe = p + json->len; + +-#line 1846 "parser.c" ++#line 1854 "parser.c" + { + if ( p == pe ) + goto _test_eof; +@@ -1876,7 +1884,7 @@ st0: + cs = 0; + goto _out; + tr2: +-#line 712 "parser.rl" ++#line 720 "parser.rl" + { + char *np = JSON_parse_value(json, p, pe, &result, 0); + if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;} +@@ -1886,7 +1894,7 @@ st10: + if ( ++p == pe ) + goto _test_eof10; + case 10: +-#line 1890 "parser.c" ++#line 1898 "parser.c" + switch( (*p) ) { + case 13: goto st10; + case 32: goto st10; +@@ -1975,7 +1983,7 @@ case 9: + _out: {} + } + +-#line 739 "parser.rl" ++#line 747 "parser.rl" + + if (cs >= JSON_first_final && p == pe) { + return result; +Index: ruby-2.4.0/ext/json/parser/parser.rl +=================================================================== +--- ruby-2.4.0.orig/ext/json/parser/parser.rl ++++ ruby-2.4.0/ext/json/parser/parser.rl +@@ -446,13 +446,21 @@ static VALUE json_string_unescape(VALUE + break; + case 'u': + if (pe > stringEnd - 4) { +- return Qnil; ++ rb_enc_raise( ++ EXC_ENCODING eParserError, ++ "%u: incomplete unicode character escape sequence at '%s'", __LINE__, p ++ ); + } else { + UTF32 ch = unescape_unicode((unsigned char *) ++pe); + pe += 3; + if (UNI_SUR_HIGH_START == (ch & 0xFC00)) { + pe++; +- if (pe > stringEnd - 6) return Qnil; ++ if (pe > stringEnd - 6) { ++ rb_enc_raise( ++ EXC_ENCODING eParserError, ++ "%u: incomplete surrogate pair at '%s'", __LINE__, p ++ ); ++ } + if (pe[0] == '\\' && pe[1] == 'u') { + UTF32 sur = unescape_unicode((unsigned char *) pe + 2); + ch = (((ch & 0x3F) << 10) | ((((ch >> 6) & 0xF) + 1) << 16) +@@ -570,7 +578,7 @@ static VALUE convert_encoding(VALUE sour + } + FORCE_UTF8(source); + } else { +- source = rb_str_conv_enc(source, NULL, rb_utf8_encoding()); ++ source = rb_str_conv_enc(source, rb_enc_get(source), rb_utf8_encoding()); + } + #endif + return source; +Index: ruby-2.4.0/test/json/json_encoding_test.rb +=================================================================== +--- ruby-2.4.0.orig/test/json/json_encoding_test.rb ++++ ruby-2.4.0/test/json/json_encoding_test.rb +@@ -79,6 +79,8 @@ class JSONEncodingTest < Test::Unit::Tes + json = '["\ud840\udc01"]' + assert_equal json, generate(utf8, :ascii_only => true) + assert_equal utf8, parse(json) ++ assert_raise(JSON::ParserError) { parse('"\u"') } ++ assert_raise(JSON::ParserError) { parse('"\ud800"') } + end + + def test_chars diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch deleted file mode 100644 index fc783e8a15..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9226.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit f015fbdd95f76438cd86366467bb2b39870dd7c6 -Author: K.Kosako -Date: Fri May 19 15:44:47 2017 +0900 - - fix #55 : Byte value expressed in octal must be smaller than 256 - -Upstream-Status: Backport - -CVE: CVE-2017-9226 -Signed-off-by: Thiruvadi Rajaraman - -Index: ruby-2.2.5/regparse.c -=================================================================== ---- ruby-2.2.5.orig/regparse.c 2017-09-12 16:33:21.977835068 +0530 -+++ ruby-2.2.5/regparse.c 2017-09-12 16:34:40.987117744 +0530 -@@ -3222,7 +3222,7 @@ - PUNFETCH; - prev = p; - num = scan_unsigned_octal_number(&p, end, 3, enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } -@@ -3676,7 +3676,7 @@ - if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { - prev = p; - num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); -- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; -+ if (num < 0 || num >= 256) return ONIGERR_TOO_BIG_NUMBER; - if (p == prev) { /* can't read nothing. */ - num = 0; /* but, it's not error */ - } diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch deleted file mode 100644 index f6eaefb7fd..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9227.patch +++ /dev/null @@ -1,24 +0,0 @@ -commit 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 -Author: K.Kosako -Date: Tue May 23 16:15:35 2017 +0900 - - fix #58 : access to invalid address by reg->dmin value - -Upstream-Status: backport - -CVE: CVE-2017-9227 -Signed-off-by: Thiruvadi Rajaraman - -Index: ruby-2.2.5/regexec.c -=================================================================== ---- ruby-2.2.5.orig/regexec.c 2014-09-15 21:48:41.000000000 +0530 -+++ ruby-2.2.5/regexec.c 2017-08-30 12:18:04.054828426 +0530 -@@ -3678,6 +3678,8 @@ - } - else { - UChar *q = p + reg->dmin; -+ -+ if (q >= end) return 0; /* fail */ - while (p < q) p += enclen(reg->enc, p, end); - } - } diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch deleted file mode 100644 index dc911bb20b..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9228.patch +++ /dev/null @@ -1,26 +0,0 @@ -commit 3b63d12038c8d8fc278e81c942fa9bec7c704c8b -Author: K.Kosako -Date: Wed May 24 13:43:25 2017 +0900 - - fix #60 : invalid state(CCS_VALUE) in parse_char_class() - -Upstream-Status: Backport - -CVE: CVE-2017-9228 -Signed-off-by: Thiruvadi Rajaraman - -Index: ruby-2.2.5/regparse.c -=================================================================== ---- ruby-2.2.5.orig/regparse.c 2014-09-16 08:14:10.000000000 +0530 -+++ ruby-2.2.5/regparse.c 2017-08-30 11:58:25.774275722 +0530 -@@ -4458,7 +4458,9 @@ - } - } - -- *state = CCS_VALUE; -+ if (*state != CCS_START) -+ *state = CCS_VALUE; -+ - *type = CCV_CLASS; - return 0; - } diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch deleted file mode 100644 index 75bdfada57..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2017-9229.patch +++ /dev/null @@ -1,36 +0,0 @@ -commit b690371bbf97794b4a1d3f295d4fb9a8b05d402d -Author: K.Kosako -Date: Wed May 24 10:27:04 2017 +0900 - - fix #59 : access to invalid address by reg->dmax value - -Upstream-Status: Backport - -CVE: CVE-2017-9229 -Signed-off-by: Thiruvadi Rajaraman - -Index: ruby-2.2.5/regexec.c -=================================================================== ---- ruby-2.2.5.orig/regexec.c 2017-09-13 12:17:08.429254209 +0530 -+++ ruby-2.2.5/regexec.c 2017-09-13 12:24:03.365312311 +0530 -@@ -3763,6 +3763,12 @@ - } - else { - if (reg->dmax != ONIG_INFINITE_DISTANCE) { -+ if (p - str < reg->dmax) { -+ *low = (UChar* )str; -+ if (low_prev) -+ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end); -+ } -+ else { - *low = p - reg->dmax; - if (*low > s) { - *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, -@@ -3776,6 +3782,7 @@ - *low_prev = onigenc_get_prev_char_head(reg->enc, - (pprev ? pprev : str), *low, end); - } -+ } - } - } - /* no needs to adjust *high, *high is used as range check only */ diff --git a/meta/recipes-devtools/ruby/ruby/prevent-gc.patch b/meta/recipes-devtools/ruby/ruby/prevent-gc.patch deleted file mode 100644 index 2eaa955fba..0000000000 --- a/meta/recipes-devtools/ruby/ruby/prevent-gc.patch +++ /dev/null @@ -1,32 +0,0 @@ -Fix marshaling with gcc7. Based on upstream revision 57410: -https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57410 -https://github.com/ruby/ruby/commit/7c1b30a602ab109d8d5388d7dfb3c5b180ba24e1 -https://bugs.ruby-lang.org/issues/13150 - -with the upstream patches intent ported to Ruby 2.2.5 - -Upstream-Status: Backport - -Signed-off-by: Joshua Lock - -Index: ruby-2.2.5/marshal.c -=================================================================== ---- ruby-2.2.5.orig/marshal.c -+++ ruby-2.2.5/marshal.c -@@ -17,7 +17,6 @@ - #include "ruby/io.h" - #include "ruby/st.h" - #include "ruby/util.h" -- - #include - #ifdef HAVE_FLOAT_H - #include -@@ -985,7 +984,7 @@ marshal_dump(int argc, VALUE *argv) - VALUE obj, port, a1, a2; - int limit = -1; - struct dump_arg *arg; -- VALUE wrapper; /* used to avoid memory leak in case of exception */ -+ volatile VALUE wrapper; /* used to avoid memory leak in case of exception */ - - port = Qnil; - rb_scan_args(argc, argv, "12", &obj, &a1, &a2); diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch new file mode 100644 index 0000000000..848139b7e3 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch @@ -0,0 +1,41 @@ +From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Tue, 23 May 2017 10:28:58 +0900 +Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access + +--- + regexec.c | 5 ----- + 1 file changed, 5 deletions(-) + +--- end of original header + +CVE: CVE-2017-9224 + +Context modified so that patch applies for version 2.4.1. + +Upstream-Status: Pending +Signed-off-by: Joe Slater + + +diff --git a/regexec.c b/regexec.c +index 35fef11..d4e577d 100644 +--- a/regexec.c ++++ b/regexec.c +@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, + NEXT; + + CASE(OP_EXACT1) MOP_IN(OP_EXACT1); +-#if 0 + DATA_ENSURE(1); + if (*p != *s) goto fail; + p++; s++; +-#endif +- if (*p != *s++) goto fail; +- DATA_ENSURE(0); +- p++; + MOP_OUT; + break; + +-- +1.7.9.5 + diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch new file mode 100644 index 0000000000..0f2a4307cc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch @@ -0,0 +1,41 @@ +From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Thu, 18 May 2017 17:05:27 +0900 +Subject: [PATCH] fix #55 : check too big code point value for single byte + value in next_state_val() + +--- + regparse.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- end of original header + +CVE: CVE-2017-9226 + +Add check for octal number bigger than 255. + +Upstream-Status: Pending +Signed-off-by: Joe Slater + + +--- ruby-2.4.1.orig/regparse.c ++++ ruby-2.4.1/regparse.c +@@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src, + if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { + prev = p; + num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); +- if (num < 0) return ONIGERR_TOO_BIG_NUMBER; ++ if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER; + if (p == prev) { /* can't read nothing. */ + num = 0; /* but, it's not error */ + } +@@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod + switch (*state) { + case CCS_VALUE: + if (*type == CCV_SB) { ++ if (*vs > 0xff) ++ return ONIGERR_INVALID_CODE_POINT_VALUE; ++ + BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs)); + if (IS_NOT_NULL(asc_cc)) + BITSET_SET_BIT(asc_cc->bs, (int )(*vs)); diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch new file mode 100644 index 0000000000..85e7ccb369 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch @@ -0,0 +1,32 @@ +From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Tue, 23 May 2017 16:15:35 +0900 +Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value + +--- + regexec.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- end of original header + +CVE: CVE-2017-9227 + +Upstream-Status: Inappropriate [not author] +Signed-off-by: Joe Slater + +diff --git a/regexec.c b/regexec.c +index d4e577d..2fa0f3d 100644 +--- a/regexec.c ++++ b/regexec.c +@@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, + } + else { + UChar *q = p + reg->dmin; ++ ++ if (q >= end) return 0; /* fail */ + while (p < q) p += enclen(reg->enc, p, end); + } + } +-- +1.7.9.5 + diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch new file mode 100644 index 0000000000..d8bfba486c --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch @@ -0,0 +1,34 @@ +From 3b63d12038c8d8fc278e81c942fa9bec7c704c8b Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Wed, 24 May 2017 13:43:25 +0900 +Subject: [PATCH] fix #60 : invalid state(CCS_VALUE) in parse_char_class() + +--- + regparse.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- end of original header + +CVE: CVE-2017-9228 + +Upstream-Status: Inappropriate [not author] +Signed-off-by: Joe Slater + +diff --git a/regparse.c b/regparse.c +index 69875fa..1988747 100644 +--- a/regparse.c ++++ b/regparse.c +@@ -4081,7 +4081,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type, + } + } + +- *state = CCS_VALUE; ++ if (*state != CCS_START) ++ *state = CCS_VALUE; ++ + *type = CCV_CLASS; + return 0; + } +-- +1.7.9.5 + diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch new file mode 100644 index 0000000000..6e765bf6dc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch @@ -0,0 +1,59 @@ +From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001 +From: "K.Kosako" +Date: Wed, 24 May 2017 10:27:04 +0900 +Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value + +--- + regexec.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +--- end of original header + +CVE: CVE-2017-9229 + +Upstream-Status: Inappropriate [not author] +Signed-off-by: Joe Slater + +diff --git a/regexec.c b/regexec.c +index 49bcc50..c0626ef 100644 +--- a/regexec.c ++++ b/regexec.c +@@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const + } + else { + if (reg->dmax != ONIG_INFINITE_DISTANCE) { +- *low = p - reg->dmax; +- if (*low > s) { +- *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, +- *low, end, (const UChar** )low_prev); +- if (low_prev && IS_NULL(*low_prev)) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : s), *low, end); ++ if (p - str < reg->dmax) { ++ *low = (UChar* )str; ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end); + } + else { +- if (low_prev) +- *low_prev = onigenc_get_prev_char_head(reg->enc, +- (pprev ? pprev : str), *low, end); ++ *low = p - reg->dmax; ++ if (*low > s) { ++ *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, ++ *low, end, (const UChar** )low_prev); ++ if (low_prev && IS_NULL(*low_prev)) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : s), *low, end); ++ } ++ else { ++ if (low_prev) ++ *low_prev = onigenc_get_prev_char_head(reg->enc, ++ (pprev ? pprev : str), *low, end); ++ } + } + } + } +-- +1.7.9.5 + diff --git a/meta/recipes-devtools/ruby/ruby_2.2.5.bb b/meta/recipes-devtools/ruby/ruby_2.2.5.bb deleted file mode 100644 index ab1a52e0f6..0000000000 --- a/meta/recipes-devtools/ruby/ruby_2.2.5.bb +++ /dev/null @@ -1,57 +0,0 @@ -require ruby.inc - -SRC_URI[md5sum] = "bd8e349d4fb2c75d90817649674f94be" -SRC_URI[sha256sum] = "30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03ca335e3" - -SRC_URI += "file://prevent-gc.patch \ - file://CVE-2016-7798.patch \ - file://CVE-2017-9227.patch \ - file://CVE-2017-9228.patch \ - file://CVE-2017-9226.patch \ - file://CVE-2017-9229.patch \ - file://CVE-2017-14033.patch \ - file://CVE-2017-14064.patch \ -" - -# it's unknown to configure script, but then passed to extconf.rb -# maybe it's not really needed as we're hardcoding the result with -# 0001-socket-extconf-hardcode-wide-getaddr-info-test-outco.patch -UNKNOWN_CONFIGURE_WHITELIST += "--enable-wide-getaddrinfo" - -PACKAGECONFIG ??= "" -PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" - -PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" -PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp" -PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo," - -EXTRA_OECONF = "\ - --disable-versioned-paths \ - --disable-rpath \ - --disable-dtrace \ - --enable-shared \ - --enable-load-relative \ -" - -do_install() { - oe_runmake 'DESTDIR=${D}' install -} - -PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc" - -SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library" -RDEPENDS_${PN}-ri-docs = "${PN}" -FILES_${PN}-ri-docs += "${datadir}/ri" - -SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source" -RDEPENDS_${PN}-rdoc = "${PN}" -FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc" - -FILES_${PN} += "${datadir}/rubygems" - -FILES_${PN}-dbg += "${libdir}/ruby/*/.debug \ - ${libdir}/ruby/*/*/.debug \ - ${libdir}/ruby/*/*/*/.debug \ - ${libdir}/ruby/*/*/*/*/.debug" - -BBCLASSEXTEND = "native" diff --git a/meta/recipes-devtools/ruby/ruby_2.4.0.bb b/meta/recipes-devtools/ruby/ruby_2.4.0.bb new file mode 100644 index 0000000000..e4a56b9f89 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby_2.4.0.bb @@ -0,0 +1,58 @@ +require ruby.inc + +SRC_URI += " \ + file://ruby-CVE-2017-9224.patch \ + file://ruby-CVE-2017-9226.patch \ + file://ruby-CVE-2017-9227.patch \ + file://ruby-CVE-2017-9228.patch \ + file://ruby-CVE-2017-9229.patch \ + file://CVE-2017-14064.patch \ + " + +SRC_URI[md5sum] = "7e9485dcdb86ff52662728de2003e625" +SRC_URI[sha256sum] = "152fd0bd15a90b4a18213448f485d4b53e9f7662e1508190aa5b702446b29e3d" + +# it's unknown to configure script, but then passed to extconf.rb +# maybe it's not really needed as we're hardcoding the result with +# 0001-socket-extconf-hardcode-wide-getaddr-info-test-outco.patch +UNKNOWN_CONFIGURE_WHITELIST += "--enable-wide-getaddrinfo" + +PACKAGECONFIG ??= "" +PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)}" + +PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind" +PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp" +PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo," + +EXTRA_AUTORECONF += "--exclude=aclocal" + +EXTRA_OECONF = "\ + --disable-versioned-paths \ + --disable-rpath \ + --disable-dtrace \ + --enable-shared \ + --enable-load-relative \ +" + +do_install() { + oe_runmake 'DESTDIR=${D}' install +} + +PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc" + +SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library" +RDEPENDS_${PN}-ri-docs = "${PN}" +FILES_${PN}-ri-docs += "${datadir}/ri" + +SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source" +RDEPENDS_${PN}-rdoc = "${PN}" +FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc" + +FILES_${PN} += "${datadir}/rubygems" + +FILES_${PN}-dbg += "${libdir}/ruby/*/.debug \ + ${libdir}/ruby/*/*/.debug \ + ${libdir}/ruby/*/*/*/.debug \ + ${libdir}/ruby/*/*/*/*/.debug" + +BBCLASSEXTEND = "native" -- cgit 1.2.3-korg