mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 18:32:13 +02:00
ruby: upgrade to 2.4.2
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* 09fabeb03e/CHANGES.md (2017-03-23-204)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
(From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Leonardo Sandoval
committed by
Richard Purdie
Richard Purdie
parent
ce99882619
commit
d9a5006a73
@@ -1,87 +0,0 @@
|
||||
From 8f782fd8e181d9cfe9387ded43a5ca9692266b85 Mon Sep 17 00:00:00 2001
|
||||
From: Florian Frank <flori@ping.de>
|
||||
Date: Thu, 2 Mar 2017 12:12:33 +0100
|
||||
Subject: [PATCH] Fix arbitrary heap exposure problem
|
||||
|
||||
Upstream-Status: Backport
|
||||
CVE: CVE-2017-14064
|
||||
|
||||
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
|
||||
---
|
||||
ext/json/generator/generator.c | 12 ++++++------
|
||||
ext/json/generator/generator.h | 1 -
|
||||
2 files changed, 6 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c
|
||||
index ef85bb7..c88818c 100644
|
||||
--- a/ext/json/generator/generator.c
|
||||
+++ b/ext/json/generator/generator.c
|
||||
@@ -308,7 +308,7 @@ static char *fstrndup(const char *ptr, unsigned long len) {
|
||||
char *result;
|
||||
if (len <= 0) return NULL;
|
||||
result = ALLOC_N(char, len);
|
||||
- memccpy(result, ptr, 0, len);
|
||||
+ memcpy(result, ptr, len);
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -1062,7 +1062,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent)
|
||||
}
|
||||
} else {
|
||||
if (state->indent) ruby_xfree(state->indent);
|
||||
- state->indent = strdup(RSTRING_PTR(indent));
|
||||
+ state->indent = fstrndup(RSTRING_PTR(indent), len);
|
||||
state->indent_len = len;
|
||||
}
|
||||
return Qnil;
|
||||
@@ -1100,7 +1100,7 @@ static VALUE cState_space_set(VALUE self, VALUE space)
|
||||
}
|
||||
} else {
|
||||
if (state->space) ruby_xfree(state->space);
|
||||
- state->space = strdup(RSTRING_PTR(space));
|
||||
+ state->space = fstrndup(RSTRING_PTR(space), len);
|
||||
state->space_len = len;
|
||||
}
|
||||
return Qnil;
|
||||
@@ -1136,7 +1136,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before)
|
||||
}
|
||||
} else {
|
||||
if (state->space_before) ruby_xfree(state->space_before);
|
||||
- state->space_before = strdup(RSTRING_PTR(space_before));
|
||||
+ state->space_before = fstrndup(RSTRING_PTR(space_before), len);
|
||||
state->space_before_len = len;
|
||||
}
|
||||
return Qnil;
|
||||
@@ -1173,7 +1173,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl)
|
||||
}
|
||||
} else {
|
||||
if (state->object_nl) ruby_xfree(state->object_nl);
|
||||
- state->object_nl = strdup(RSTRING_PTR(object_nl));
|
||||
+ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len);
|
||||
state->object_nl_len = len;
|
||||
}
|
||||
return Qnil;
|
||||
@@ -1208,7 +1208,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl)
|
||||
}
|
||||
} else {
|
||||
if (state->array_nl) ruby_xfree(state->array_nl);
|
||||
- state->array_nl = strdup(RSTRING_PTR(array_nl));
|
||||
+ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len);
|
||||
state->array_nl_len = len;
|
||||
}
|
||||
return Qnil;
|
||||
diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h
|
||||
index 900b4d5..c367a62 100644
|
||||
--- a/ext/json/generator/generator.h
|
||||
+++ b/ext/json/generator/generator.h
|
||||
@@ -1,7 +1,6 @@
|
||||
#ifndef _GENERATOR_H_
|
||||
#define _GENERATOR_H_
|
||||
|
||||
-#include <string.h>
|
||||
#include <math.h>
|
||||
#include <ctype.h>
|
||||
|
||||
--
|
||||
2.10.2
|
||||
|
||||
@@ -6,11 +6,10 @@ SRC_URI += " \
|
||||
file://ruby-CVE-2017-9227.patch \
|
||||
file://ruby-CVE-2017-9228.patch \
|
||||
file://ruby-CVE-2017-9229.patch \
|
||||
file://ruby-CVE-2017-14064.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
|
||||
SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250"
|
||||
SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c"
|
||||
SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c"
|
||||
|
||||
# it's unknown to configure script, but then passed to extconf.rb
|
||||
# maybe it's not really needed as we're hardcoding the result with
|
||||
Reference in New Issue
Block a user