]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4ff5111) | patch
ruby: correct fix for CVE-2024-43398
authorRob Woolley <rob.woolley@windriver.com>
Thu, 24 Jul 2025 20:12:08 +0000 (13:12 -0700)
committerSteve Sakoman <steve@sakoman.com>
Thu, 24 Jul 2025 21:31:01 +0000 (14:31 -0700)
commit6bf00fde2d4043c6b558733a33041ce5694342d3
treecf4451380427430327456275b1b0348fe82881cdtree | snapshot
parent4ff5111d2a758bacb803de981177799a8ac7fd0bcommit | diff
ruby: correct fix for CVE-2024-43398

The previous fix for CVE-2024-43398 did not include patches
to provide context for the changes it made.

This caused an exception at run-time when ruby parsed
rexml/parsers/baseparser.rb. This was first observed when using
ruby-native to build the sdformat recipe.

With these additional backports, the sdformat build proceeds
successfully. The REXML library was also tested manually on-target
with a script that used REXML::Document.new file to parse an
XML file.

Signed-off-by: Rob Woolley <rob.woolley@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/ruby/ruby/CVE-2024-43398-0001.patch [new file with mode: 0644] blob
meta/recipes-devtools/ruby/ruby/CVE-2024-43398-0002.patch [new file with mode: 0644] blob
meta/recipes-devtools/ruby/ruby/CVE-2024-43398-0003.patch [moved from meta/recipes-devtools/ruby/ruby/CVE-2024-43398.patch with 87% similarity] diff | blob | blame | history
meta/recipes-devtools/ruby/ruby_3.1.3.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib