mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-02-10 02:33:02 +01:00

Author	SHA1	Message	Date
Richard Purdie	d91c2b204e	ruby: Make docs generation deterministic The presence or lack of nroff on the host was changing the doc type. Set it explicitly to be deterministic and reproducible. (From OE-Core rev: dd857d2519fd4f38c67a6fa0087f72798166467a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c) Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-09-16 06:09:56 -07:00
Ashish Sharma	6d58d0c4a2	ruby: backport fix for CVE-2024-27282 Upstream-Status: Backport [`989a235580`] (From OE-Core rev: 94a0350058e51c4b05bf5d4e02d048c2e6256725) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-07-24 07:51:58 -07:00
Yogita Urade	52f1435174	ruby: fix CVE-2024-27280 A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-27280 (From OE-Core rev: 729310d17310dff955c51811ff3339fdbc017b95) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-06-26 05:04:39 -07:00
Yogita Urade	70c869275a	ruby: fix CVE-2024-27281 ruby: RCE vulnerability with .rdoc_options in RDoc References: https://github.com/ruby/ruby/pull/10316 https://security-tracker.debian.org/tracker/CVE-2024-27281 (From OE-Core rev: d01b73c51ceead4911a9a9306dbe728f1db2e029) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2024-04-21 06:33:34 -07:00
Meenali Gupta	a54b91946c	ruby: fix CVE-2023-36617 Backport two patches [1] [2] to fix CVE-2023-36617 (From OE-Core rev: 7a40082e4e080eaf5f88bd24f7169b7731028529) Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-09-30 09:43:59 -10:00
Mingli Yu	6cff3875fe	ruby: Fix CVE-2023-28755 Backport patch [1] to fix CVE-2023-28755. [1] `8ce4ab1464` (From OE-Core rev: 605634cf1adef2d9cf6dc6fdf17aa4032385497f) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-05-03 04:17:12 -10:00
Hitendra Prajapati	be5ebd6b3f	ruby: CVE-2023-28756 ReDoS vulnerability in Time Upstream-Status: Backport from `957bb7cb81` (From OE-Core rev: 0f8eb0505e19ccd27e1b91f27285a9fc87f2aa93) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2023-04-26 04:03:21 -10:00
Alexander Kanavin	1aa3cb0169	ruby: update 3.1.2 -> 3.1.3 (From OE-Core rev: 3e43f3925bce640999a25ceb855a77d8cd0afd26) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 402254a5f841520b132508c21465111d33b6eb1a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2023-01-06 17:33:23 +00:00

8 Commits