mirror of
https://git.yoctoproject.org/poky
synced 2026-02-07 01:06:37 +01:00
80aa68fa75
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
8f782fd8e1
(From OE-Core rev: 17dbfd967019f9b50a9f6aa3f48cd3658fcccc70)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
54 lines
1.6 KiB
BlitzBasic
54 lines
1.6 KiB
BlitzBasic
require ruby.inc
|
|
|
|
SRC_URI += " \
|
|
file://ruby-CVE-2017-9224.patch \
|
|
file://ruby-CVE-2017-9226.patch \
|
|
file://ruby-CVE-2017-9227.patch \
|
|
file://ruby-CVE-2017-9228.patch \
|
|
file://ruby-CVE-2017-9229.patch \
|
|
file://ruby-CVE-2017-14064.patch \
|
|
"
|
|
|
|
SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
|
|
SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250"
|
|
|
|
# it's unknown to configure script, but then passed to extconf.rb
|
|
# maybe it's not really needed as we're hardcoding the result with
|
|
# 0001-socket-extconf-hardcode-wide-getaddr-info-test-outco.patch
|
|
UNKNOWN_CONFIGURE_WHITELIST += "--enable-wide-getaddrinfo"
|
|
|
|
PACKAGECONFIG ??= ""
|
|
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
|
|
|
|
PACKAGECONFIG[valgrind] = "--with-valgrind=yes, --with-valgrind=no, valgrind"
|
|
PACKAGECONFIG[gpm] = "--with-gmp=yes, --with-gmp=no, gmp"
|
|
PACKAGECONFIG[ipv6] = ",--enable-wide-getaddrinfo,"
|
|
|
|
EXTRA_AUTORECONF += "--exclude=aclocal"
|
|
|
|
EXTRA_OECONF = "\
|
|
--disable-versioned-paths \
|
|
--disable-rpath \
|
|
--disable-dtrace \
|
|
--enable-shared \
|
|
--enable-load-relative \
|
|
"
|
|
|
|
do_install() {
|
|
oe_runmake 'DESTDIR=${D}' install
|
|
}
|
|
|
|
PACKAGES =+ "${PN}-ri-docs ${PN}-rdoc"
|
|
|
|
SUMMARY_${PN}-ri-docs = "ri (Ruby Interactive) documentation for the Ruby standard library"
|
|
RDEPENDS_${PN}-ri-docs = "${PN}"
|
|
FILES_${PN}-ri-docs += "${datadir}/ri"
|
|
|
|
SUMMARY_${PN}-rdoc = "RDoc documentation generator from Ruby source"
|
|
RDEPENDS_${PN}-rdoc = "${PN}"
|
|
FILES_${PN}-rdoc += "${libdir}/ruby/*/rdoc ${bindir}/rdoc"
|
|
|
|
FILES_${PN} += "${datadir}/rubygems"
|
|
|
|
BBCLASSEXTEND = "native"
|