From 90068771dd6fbd0f90a133b9c1c95c71d7cf035f Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Thu, 3 May 2018 09:00:59 -0700 Subject: [PATCH] ruby: Update to 2.4.4 The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir 2.4.3 includes: CVE-2017-17405: Command injection vulnerability in Net::FTP (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/recipes-devtools/ruby/{ruby_2.4.2.bb => ruby_2.4.4.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/ruby/{ruby_2.4.2.bb => ruby_2.4.4.bb} (91%) diff --git a/meta/recipes-devtools/ruby/ruby_2.4.2.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb similarity index 91% rename from meta/recipes-devtools/ruby/ruby_2.4.2.bb rename to meta/recipes-devtools/ruby/ruby_2.4.4.bb index 239d775f14..61fcedbf82 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.2.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb @@ -8,8 +8,8 @@ SRC_URI += " \ file://ruby-CVE-2017-9229.patch \ " -SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c" -SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c" +SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88" +SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a" # it's unknown to configure script, but then passed to extconf.rb # maybe it's not really needed as we're hardcoding the result with