aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2018-05-03 09:00:59 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-05-15 11:00:31 +0100
commit43721cc12ce782603ecdc0aa3a514bc6c8d4f97f (patch)
treed8fb2d86a2e4568032820f702225d234bf6c79e4
parentb52c5967c24c37c0da48984a45521206e17e4291 (diff)
downloadopenembedded-core-contrib-jansa/morty-backports.zip
openembedded-core-contrib-jansa/morty-backports.tar.gz
openembedded-core-contrib-jansa/morty-backports.tar.bz2
ruby: Update to 2.4.4jansa/morty-backports
The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for Morty context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.4.4.bb (renamed from meta/recipes-devtools/ruby/ruby_2.4.3.bb)4
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.3.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
index 910da2e..c6faea0 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
@@ -8,8 +8,8 @@ SRC_URI += " \
file://ruby-CVE-2017-9229.patch \
"
-SRC_URI[md5sum] = "a00e0d49b454f4c0e528e7852d642925"
-SRC_URI[sha256sum] = "fd0375582c92045aa7d31854e724471fb469e11a4b08ff334d39052ccaaa3a98"
+SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88"
+SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a"
# it's unknown to configure script, but then passed to extconf.rb
# maybe it's not really needed as we're hardcoding the result with