1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00
Commit Graph

89 Commits

Author SHA1 Message Date
Divya Chellam 6639c7b295 ruby: fix CVE-2024-41123
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS
vulnerabilities when it parses an XML that has many specific characters
such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later
include the patches to fix these vulnerabilities.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41123

Upstream-patches:
https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70
https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b
https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c
https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960
https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6

(From OE-Core rev: 6b2a2e689a69deef6098f6c266542234e46fb24b)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
Divya Chellam 7c4bd642e4 ruby: fix CVE-2024-39908
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908

Upstream-patches:
https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420
https://github.com/ruby/rexml/commit/d146162e9a61574499d10428bc0065754cd26601
https://github.com/ruby/rexml/commit/b5bf109a599ea733663150e99c09eb44046b41dd
https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e
https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e
https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f
https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6
https://github.com/ruby/rexml/commit/c33ea498102be65082940e8b7d6d31cb2c6e6ee2
https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347
https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f
https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2
https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc

(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
Divya Chellam f58483837c ruby: fix CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a
denial of service vulnerability when it parses an XML that has many
`<`s in an attribute value. Those who need to parse untrusted XMLs
may be impacted to this vulnerability. The REXML gem 3.2.7 or later
include the patch to fix this vulnerability. As a workaround, don't
parse untrusted XMLs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-35176

Upstream-patch:
https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb

(From OE-Core rev: a89fcaf0c3ac2afd95e836bc1356832296135696)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
Rob Woolley 8fa7ff501e ruby: correct fix for CVE-2024-43398
The previous fix for CVE-2024-43398 did not include patches
to provide context for the changes it made.

This caused an exception at run-time when ruby parsed
rexml/parsers/baseparser.rb. This was first observed when using
ruby-native to build the sdformat recipe.

With these additional backports, the sdformat build proceeds
successfully. The REXML library was also tested manually on-target
with a script that used REXML::Document.new file to parse an
XML file.

(From OE-Core rev: 6bf00fde2d4043c6b558733a33041ce5694342d3)

Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-30 07:47:48 -07:00
Divya Chellam 32d2b233c6 ruby: fix CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods
(URI.join, URI#merge, URI#+) have an inadvertent leakage of
authentication credentials because userinfo is retained even
after changing the host.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-27221

Upstream-patches:
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495
https://github.com/ruby/uri/commit/2789182478f42ccbb62197f952eb730e4f02bfc5

(From OE-Core rev: c77ff1288719d90ef257dfe28cb33b3768fc124a)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-05-28 08:46:32 -07:00
Divya Chellam 6eba29d946 ruby: fix CVE-2024-43398
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS
vulnerability when it parses an XML that has many deep elements that have
same local name attributes. If you need to parse untrusted XMLs with tree
parser API like REXML::Document.new, you may be impacted to this vulnerability.
If you use other parser APIs such as stream parser API and SAX2 parser API,
this vulnerability is not affected. The REXML gem 3.3.6 or later include the
patch to fix the vulnerability.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-43398

Upstream-patch:
https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3

(From OE-Core rev: f23d1bfca0ea57150c397bc2e495191fb61423d0)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-04-18 08:30:51 -07:00
Ashish Sharma ef3aca9b21 ruby: Fix CVE-2025-27219
Upstream-Status: Backport [https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab]

(From OE-Core rev: 31d67739490ec2abf92328b3f0ceff22ce5d4974)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-19 07:13:17 -07:00
Hitendra Prajapati fd0eb2db0e ruby: Fix CVE-2025-27220
Upstream-Status: Backport from https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6

(From OE-Core rev: 44665939783cb2b32f5ade1772e0ceef47f9a853)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-03-13 08:50:03 -07:00
Divya Chellam 138ab1c7df ruby: fix CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS
vulnerability when it parses an XML that has many entity expansions
with SAX2 or pull parser API. The REXML gem 3.3.3 or later include
the patch to fix the vulnerability.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41946

Upstream-patch:
https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368

(From OE-Core rev: b0e74fd8922bba8e954a223ec46de5c33d2ff743)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-02-24 07:00:53 -08:00
Divya Chellam 61c55b9e30 ruby: fix CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS
vulnerability when it parses an XML that has many digits between &# and x...;
in a hex numeric character reference (&#x.... This does not happen with
Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby.
The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

CVE-2024-49761-0009.patch is the CVE fix and rest are dependent commits.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-49761

Upstream-patch:
https://github.com/ruby/rexml/commit/810d2285235d5501a0a124f300832e6e9515da3c
https://github.com/ruby/rexml/commit/83ca5c4b0f76cf7b307dd1be1dc934e1e8199863
https://github.com/ruby/rexml/commit/51217dbcc64ecc34aa70f126b103bedf07e153fc
https://github.com/ruby/rexml/commit/7e4049f6a68c99c4efec2df117057ee080680c9f
https://github.com/ruby/rexml/commit/fc6cad570b849692a28f26a963ceb58edc282bbc
https://github.com/ruby/rexml/commit/77128555476cb0db798e2912fb3a07d6411dc320
https://github.com/ruby/rexml/commit/370666e314816b57ecd5878e757224c3b6bc93f5
https://github.com/ruby/rexml/commit/a579730f25ec7443796495541ec57c071b91805d
https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f

(From OE-Core rev: 5b453400e9dd878b81b1447d14b3f518809de17e)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-01-18 06:21:02 -08:00
Richard Purdie d91c2b204e ruby: Make docs generation deterministic
The presence or lack of nroff on the host was changing the doc type. Set it
explicitly to be deterministic and reproducible.

(From OE-Core rev: dd857d2519fd4f38c67a6fa0087f72798166467a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-09-16 06:09:56 -07:00
Ashish Sharma 6d58d0c4a2 ruby: backport fix for CVE-2024-27282
Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
(From OE-Core rev: 94a0350058e51c4b05bf5d4e02d048c2e6256725)

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-07-24 07:51:58 -07:00
Yogita Urade 52f1435174 ruby: fix CVE-2024-27280
A buffer-overread issue was discovered in StringIO 3.0.1, as
distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through
3.1.4. The ungetbyte and ungetc methods on a StringIO can
read past the end of a string, and a subsequent call to
StringIO.gets may return the memory value. 3.0.3 is the main
fixed version; however, for Ruby 3.0 users, a fixed version
is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version
is stringio 3.0.1.2.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27280

(From OE-Core rev: 729310d17310dff955c51811ff3339fdbc017b95)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-06-26 05:04:39 -07:00
Yogita Urade 70c869275a ruby: fix CVE-2024-27281
ruby: RCE vulnerability with .rdoc_options in RDoc

References:
https://github.com/ruby/ruby/pull/10316
https://security-tracker.debian.org/tracker/CVE-2024-27281

(From OE-Core rev: d01b73c51ceead4911a9a9306dbe728f1db2e029)

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2024-04-21 06:33:34 -07:00
Meenali Gupta a54b91946c ruby: fix CVE-2023-36617
Backport two patches [1] [2] to fix CVE-2023-36617

(From OE-Core rev: 7a40082e4e080eaf5f88bd24f7169b7731028529)

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-09-30 09:43:59 -10:00
Mingli Yu 6cff3875fe ruby: Fix CVE-2023-28755
Backport patch [1] to fix CVE-2023-28755.

[1] https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300

(From OE-Core rev: 605634cf1adef2d9cf6dc6fdf17aa4032385497f)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-05-03 04:17:12 -10:00
Hitendra Prajapati be5ebd6b3f ruby: CVE-2023-28756 ReDoS vulnerability in Time
Upstream-Status: Backport from https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e

(From OE-Core rev: 0f8eb0505e19ccd27e1b91f27285a9fc87f2aa93)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-04-26 04:03:21 -10:00
Alexander Kanavin 1aa3cb0169 ruby: update 3.1.2 -> 3.1.3
(From OE-Core rev: 3e43f3925bce640999a25ceb855a77d8cd0afd26)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 402254a5f841520b132508c21465111d33b6eb1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:23 +00:00
Alexander Kanavin 754c0e4cc7 ruby: merge .inc into .bb
(From OE-Core rev: 22d6559bc30897a82f4519ac463f12f01fea18bc)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d88ff809b2e78ee49d5da42bb08ff5244e6101af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-01-06 17:33:23 +00:00
Alexandre Belloni 10ed98e50f ruby: drop capstone support
Upstream dropped capstone support and this also causing us
reproducibility issues.

(From OE-Core rev: fe8e54576e97ef7c4845889f3e8bb53f524c0611)

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d2496a904a7099ef0de818180820ad7b40843a08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-09-16 17:53:22 +01:00
Steve Sakoman b444cac69e ruby: add PACKAGECONFIG for capstone
Autobuilder workers were non-deterministically enabling capstone
depending on whether the worker had libcapstone installed.

Add PACKAGECONFIG for capstone with default off, since ruby does not
require capstone support.

(From OE-Core rev: 6db1eb67e7abb5c1c655ab5d2b4eeb73ae4af576)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-07-16 06:52:45 +01:00
zhengruoqin 4ec7cb8202 ruby: upgrade 3.1.1 -> 3.1.2
Ruby 3.1.2 has been released.

This release includes security fixes.

CVE-2022-28738: Double free in Regexp compilation
CVE-2022-28739: Buffer overrun in String-to-Float conversion

(From OE-Core rev: ca1c990df62f1b3d53b2114a387f192efe7e38e8)

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1306c732a39070e12306b0b7a393e2a482c8b326)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-04-28 17:07:18 +01:00
wangmy 535f6538b6 ruby: upgrade 3.1.0 -> 3.1.1
refresh the following patches for 3.1.1:
0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
0006-Make-gemspecs-reproducible.patch

(From OE-Core rev: 6ae009ae73fc81de441d57699fee61b6fcc48600)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-02-25 12:41:23 +00:00
Richard Purdie b0130fcf91 meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.

(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-02-20 16:45:25 +00:00
Konrad Weihmann 89004bc248 ruby: fix DEPENDS append
recent change create a blank scope of DEPENDS for class-target,
basically leaving out all general dependencies, leading to the effect
that ruby will be shipped without the runtime dependencies of zlib,
openssl and libffi, making the corresponding gems unusable at runtime.

As the class-target scope should be appended only the correct override
is append:class-target

(From OE-Core rev: 8f92444d388d2406be7d317578908975784d3f22)

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-02-16 09:46:29 +00:00
Alexander Kanavin 305c1d179e ruby: correctly set native/target dependencies
In particular libffi was missing from native, which
led to linking with host libffi instead.

(From OE-Core rev: 293c9f879252a814107579542e8fca9af9dde599)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-02-12 17:05:35 +00:00
Khem Raj d2a050f8e3 ruby: Fix build on riscv/musl
This fixes a build issue that started with 3.1 upgrade
Fixes
| ../ruby-3.1.0/vm_dump.c:916:38: error: use of undeclared identifier 'REG_S1'
|         dump_machine_register(mctx->__gregs[REG_S1], "s1");

(From OE-Core rev: 1b0a88b6c31f85d70045a61f843302992ae7f94e)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-02-03 09:05:14 +00:00
Alexander Kanavin 29a14ae59b ruby: do not parallel install
ruby's makefiles are rebuilding several items on every invocation,
even if nothing changed, all of which are factored into libruby.so
and cause it to be relinked as well. This does not seem to affect plain
make invocation, but does cause races in make install:

https://bugzilla.yoctoproject.org/show_bug.cgi?id=14695

Rather than figure out how to use make properly and convince upstream
of it, let's just do serial installs and file a bug:

https://bugs.ruby-lang.org/issues/18506

(From OE-Core rev: 1dc5cdf683133d210658eba9a619b737ec95cfe3)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-01-26 06:27:00 +00:00
Alexander Kanavin 0089f71043 ruby: update 3.0.3 -> 3.1.0
Turn on "link external modules statically" option
as otherwise ruby installer tries to do additional
building inside installed module directories in do_install
which fails horribly.

License-Update: additional MIT/BSD items

(From OE-Core rev: 4d4485442830bb52b152f0419f4ff9f1d581d46a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-01-12 21:09:02 +00:00
Alexander Kanavin 5002a548ad ruby: disable rdoc due to non-reproducibility
The issue is reported upstream:
https://bugs.ruby-lang.org/issues/18456

Otherwise I do not feel that further investigation of rdoc's parser to find
out the source of non-determinism is worth the time.

(From OE-Core rev: 208021f7212a8a790c350ccca720695c5bcbb1ca)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2022-01-11 10:53:44 +00:00
Alexander Kanavin 8e8a7add6c ruby: update 3.0.2 -> 3.0.3
Do not tweak a file that is no longer installed.

(From OE-Core rev: 1af0c4ef56d1892f284b6787ccc5a925d023e178)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-12-09 10:33:25 +00:00
Alexandre Belloni 805d4dd978 ruby: fix Upstream-Status
(From OE-Core rev: c71bb9247e6342b49698c19a0c9512c8a9b54bde)

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-10-23 23:11:35 +01:00
Alexander Kanavin 1c3c69d100 ruby: disable openssl extension
It is incompatible with openssl 3 in currently released versions, and given
very marginal use of ruby in oe, I do not think not having it matters.

(From OE-Core rev: 7a477de350eaf7095745db81fb03e7ab20188f5a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-10-14 11:48:46 +01:00
Thomas Perrot aeb712ebb0 ruby: fix the reproducibility issue
Apply some changes on the Ruby makefiles in order to fix the reproducibility:
- use a fixed timestamp,
- sort linked objects,
- doesn't use the current date,
- and use UTC date.

[YOCTO #14268]

(From OE-Core rev: 59b07ab51ff932a4632a31675445ba4192bae36b)

Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-10-01 14:51:45 +01:00
Tony Battersby fa91de383e ruby: Fix reproducibility issue with LDFLAGS
If we add DEBUG_PREFIX_MAP into LDFLAGS, ruby and ruby-dbg are no
longer reproducible.  Fix this.

(From OE-Core rev: c34d5e409b291e69d6ff28ee71acba7055ef3f08)

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-08-12 06:26:15 +01:00
Richard Purdie d1a599bc40 ruby: Fix DEBUG_PREFIX_MAP in LDFLAGS issue
(From OE-Core rev: 78da145c2f2fbd58e286e8ce983c2cc0b074e6a5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-08-12 06:26:15 +01:00
Richard Purdie bb6ddc3691 Convert to new override syntax
This is the result of automated script conversion:

scripts/contrib/convert-overrides.py <oe-core directory>

converting the metadata to use ":" as the override character instead of "_".

(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-08-02 15:44:10 +01:00
Alexander Kanavin 964de6168a ruby: upgrade 3.0.1 -> 3.0.2
(From OE-Core rev: e75e8258688abb680bfd80393bcb10ef2c46f468)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-07-16 21:23:44 +01:00
zhengruoqin 122293878e ruby: upgrade 3.0.0 -> 3.0.1
(From OE-Core rev: b6949a028fd31bd04ed0478fb34a58b971f31e1f)

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-04-18 11:37:25 +01:00
Khem Raj 52ebb82d53 ruby: Do not use ucontext implementation for coroutines on musl/riscv
The coroutine implementation in ruby has either arch specific
implementations or it falls back to slower ucontext API based
implementation assuming libc will provide the needed APIs, however musl
does not implement ucontext APIs like glibc, therefore fallback is to
use libucontext library on musl. However, libucontext is not ported to
riscv yet. which means on musl/riscv ruby is unbuildable, however a
third option is to use copy implementation for coroutines, which will be
not as good performance-wise, but it will do the job, therefore for now
use copy implementation for rv32/rv64 when using musl

(From OE-Core rev: 3b2b401dbbb8d3aa14a5fd864178f702af3c8115)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-18 23:40:01 +00:00
Alexander Kanavin e789354511 ruby: update 2.7.2 -> 3.0.0
Drop 0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch
as files removed upstream.

License-Update: formatting

Drop autoconf270.patch, as no longer needed with 3.0.0
(I verified against master-next which has the new autoconf).

(From OE-Core rev: 8fbf04053845aac24e0c0f1395051b60294e02a3)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-02-09 08:56:10 +00:00
Richard Purdie 4ef8f9920a ruby: Fix to work with autoconf 2.70
Drop a macro we don't need which was breaking with autoconf 2.70.

(From OE-Core rev: 995a0421ab39d62354e56f77eca10e2d176582d4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-29 21:21:53 +00:00
Ross Burton 46845d62ff ruby: remove tcl DEPENDS
The integrated Tcl/Tk module was removed in Ruby 2.4[1] back in 2016, so this
build dependency can be removed.

[1] https://github.com/ruby/ruby/commit/303dc3c591e324b6bbc691326d8bea76fe3b8fda

(From OE-Core rev: 9f4e181924a83d7b26b11de765c202a9bd036f64)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2021-01-08 10:10:15 +00:00
Alexander Kanavin 91db7ae0d1 ruby: fix reproducibility
(From OE-Core rev: 07c26e3292dbaf71873f71bec2a631f880b2e76d)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-12-09 12:20:33 +00:00
Chee Yang Lee 916c86b9cb ruby: update to 2.7.2
updates also fix CVE-2020-25613

(From OE-Core rev: fe588448adec9fb5de374fb8b9c2c548068328e6)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-10-31 08:54:12 +00:00
zhengruoqin 8f123a5301 ruby: upgrade 2.7.0 -> 2.7.1
(From OE-Core rev: 8d9b48bdf25363fb115a6311b031a7e5da8e0d4d)

Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-05-24 23:56:03 +01:00
Khem Raj cec802aa4d ruby: Link with libucontext on musl
coroutines in ruby 2.7+ needs ucontext APIs which are not available in
musl but an external library is available to provide them so use it

Use cached values for ac_cv_func_isnan and ac_cv_func_isinf this is not
detected correctly by configure on musl

on ARM drop using old arm32 implementation of coroutine which is slow and
inefficient

(From OE-Core rev: 406e7a085b0650bdba9f19633dadb7e6ff0149e5)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-04-24 14:10:07 +01:00
Khem Raj 9faf676068 ruby: Use arm32 for coroutines on 32bit-arm
in 2.7 [2] ruby enabled ucontext for coroutines on arm32 but it does not
work for musl since it uses glibc specific functions e.g.
getcontext/swapcontext/swapcontext also see [1]

This patch reverts back to using arm32 implementation for coroutines on
arm

[1] https://bugs.ruby-lang.org/issues/16455#change-83442
[2] https://github.com/ruby/ruby/commit/6c6bf9ffcbfeb8be9d9c342e7604b74ec819e88a#diff-7fccec8474e2184cd2518046bf39d54cL10

(From OE-Core rev: ea93afa4c1c40d74faf321baa78a29d0ad7d3223)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-03-11 11:44:28 +00:00
Kai Kang 7c29dbdf84 ruby: install required files for ptest
After update to 2.7.0, it fails to start ptest of ruby with errors:

| ./test/runner.rb:11:in `require_relative': cannot load such file --
    /usr/lib64/ruby/ptest/tool/test/runner (LoadError)

and

| test/rdoc/test_rdoc_attr.rb: cannot load such file -- rdoc/version
| test/did_you_mean/spell_checking/test_key_name_check.rb: cannot load
    such file -- /usr/lib64/ruby/ptest/lib/did_you_mean

Install the required files for the ptest.

(From OE-Core rev: be161be40c88fbac8ac17776daf3bf178a2e8f5e)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-28 23:11:28 +00:00
Wang Mingyu 717ba0a256 ruby: upgrade 2.6.5 -> 2.7.0
0003-configure.ac-check-finite-isinf-isnan-as-macros-firs.patch
Removed since it is included in 2.7.0.

refresh the following patch:
0002-Obey-LDFLAGS-for-the-link-of-libruby.patch

add the following patch to solve build error:
0001-Modify-shebang-of-libexec-y2racc-and-libexec-racc2y.patch
[error message]
ERROR: ruby-2.7.0-r0 do_package_qa: QA Issue:
/usr/lib/ruby/gems/2.7.0/gems/racc-1.4.16/bin/y2racc contained in
package ruby requires /usr/local/bin/ruby, but no providers found in
RDEPENDS_ruby? [file-rdeps]

format of file COPYING is updated.
LEGAL notice information is updated.

(From OE-Core rev: 3cdf5da514b424a6d78ba4e1412331b6cf2b3bff)

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-02-15 10:26:42 +00:00