mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-07 09:16:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0d02bf75dbe65e90732da4a51bd2afd01acd66df
poky/meta/recipes-devtools/ruby/ruby_2.4.1.bb
Ovidiu Panait 80aa68fa75 ruby: CVE-2017-14064 
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064

Upstream patch:
8f782fd8e1

(From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70)

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-09-18 11:07:30 +01:00

54 lines
1.6 KiB
BlitzBasic
Raw Blame History

require ruby.inc
SRC_URI += " \
file://ruby-CVE-2017-9224.patch \
file://ruby-CVE-2017-9226.patch \
file://ruby-CVE-2017-9227.patch \
file://ruby-CVE-2017-9228.patch \
file://ruby-CVE-2017-9229.patch \
file://ruby-CVE-2017-14064.patch \
"
SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250"
# it's unknown to configure script, but then passed to extconf.rb
# maybe it's not really needed as we're hardcoding the result with
# 0001-socket-extconf-hardcode-wide-getaddr-info-test-outco.patch
UNKNOWN_CONFIGURE_WHITELIST += "--enable-wide-getaddrinfo"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind"
PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp"
PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo,"
EXTRA_AUTORECONF += "--exclude=aclocal"
EXTRA_OECONF = "\
--disable-versioned-paths \
--disable-rpath \
--disable-dtrace \
--enable-shared \
--enable-load-relative \
"
do_install() {
oe_runmake 'DESTDIR=${D}' install
}
PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc"
SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library"
RDEPENDS_${PN}-ri-docs = "${PN}"
FILES_${PN}-ri-docs += "${datadir}/ri"
SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source"
RDEPENDS_${PN}-rdoc = "${PN}"
FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc"
FILES_${PN} += "${datadir}/rubygems"
BBCLASSEXTEND = "native"
Reference in New Issue View Git Blame Copy Permalink