[oe-commits] [openembedded-core] 07/07: ruby: Update to 2.4.4
git at git.openembedded.org
git at git.openembedded.org
Mon May 7 14:58:28 UTC 2018
This is an automated email from the git hooks/post-receive script.
rpurdie pushed a commit to branch rocko
in repository openembedded-core.
commit 7003a36ef3f686af97798ff6f4bc7b3473f937de
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Thu May 3 09:00:59 2018 -0700
ruby: Update to 2.4.4
The dot releases are maint only.
2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
meta/recipes-devtools/ruby/{ruby_2.4.2.bb => ruby_2.4.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.2.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
similarity index 91%
rename from meta/recipes-devtools/ruby/ruby_2.4.2.bb
rename to meta/recipes-devtools/ruby/ruby_2.4.4.bb
index 239d775..61fcedb 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
@@ -8,8 +8,8 @@ SRC_URI += " \
file://ruby-CVE-2017-9229.patch \
"
-SRC_URI[md5sum] = "fe106eed9738c4e03813ab904f8d891c"
-SRC_URI[sha256sum] = "93b9e75e00b262bc4def6b26b7ae8717efc252c47154abb7392e54357e6c8c9c"
+SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88"
+SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a"
# it's unknown to configure script, but then passed to extconf.rb
# maybe it's not really needed as we're hardcoding the result with
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Openembedded-commits
mailing list