[oe-commits] [openembedded-core] 09/09: ruby: Update to 2.4.4

git at git.openembedded.org git at git.openembedded.org
Tue May 15 10:01:43 UTC 2018 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch morty
in repository openembedded-core.

commit 43721cc12ce782603ecdc0aa3a514bc6c8d4f97f
Author: Armin Kuster <akuster808 at gmail.com>
AuthorDate: Thu May 3 09:00:59 2018 -0700

    ruby: Update to 2.4.4
    
    The dot releases are maint only.
    
    2.4.4 included:
    CVE-2017-17742: HTTP response splitting in WEBrick
    CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
    CVE-2018-8777: DoS by large request in WEBrick
    CVE-2018-8778: Buffer under-read in String#unpack
    CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
    CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
    
    (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542)
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    [Fixup for Morty context]
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 meta/recipes-devtools/ruby/{ruby_2.4.3.bb => ruby_2.4.4.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/ruby/ruby_2.4.3.bb b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
similarity index 91%
rename from meta/recipes-devtools/ruby/ruby_2.4.3.bb
rename to meta/recipes-devtools/ruby/ruby_2.4.4.bb
index 910da2e..c6faea0 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.4.bb
@@ -8,8 +8,8 @@ SRC_URI += " \
            file://ruby-CVE-2017-9229.patch \
            "
 
-SRC_URI[md5sum] = "a00e0d49b454f4c0e528e7852d642925"
-SRC_URI[sha256sum] = "fd0375582c92045aa7d31854e724471fb469e11a4b08ff334d39052ccaaa3a98"
+SRC_URI[md5sum] = "d50e00ccc1c9cf450f837b92d3ed3e88"
+SRC_URI[sha256sum] = "254f1c1a79e4cc814d1e7320bc5bdd995dc57e08727d30a767664619a9c8ae5a"
 
 # it's unknown to configure script, but then passed to extconf.rb
 # maybe it's not really needed as we're hardcoding the result with

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list