summaryrefslogtreecommitdiff
path: root/system/ruby/APKBUILD
AgeCommit message (Collapse)AuthorFilesLines
2019-10-03system/ruby: [CVE] bump to 2.5.7A. Wilcox1-3/+10
2019-09-09system/ruby: libedit compatibility patch [read:]A. Wilcox1-2/+4
Ruby pretends editline (libedit) is readline. This is normally fine. However, editline's readline emulation does not account for changes to rl_instream or rl_outstream. If a Ruby application using the Readline extension changes .input or .output, this will cause a use-after-free: ==32694== Invalid read of size 4 ==32694== at 0x4070A38: fwrite (fwrite.c:32) ==32694== by 0x406F707: fputs (fputs.c:7) ==32694== by 0x660EAC7: el_wgets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6607BDB: el_gets (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x6620EDB: readline (in /usr/lib/libedit.so.0.0.60) ==32694== by 0x65DE3D3: readline_get (readline.c:346) ==32694== by 0x4DFA49B: rb_protect (eval.c:996) ==32694== by 0x65DE4FF: readline_readline (readline.c:507) ==32694== by 0x4F7AD4B: call_cfunc_m1 (vm_insnhelper.c:1723) ==32694== Address 0x67503dc is 140 bytes inside a block of size 1,264 free'd ==32694== at 0x490AFC0: free (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406D44F: fclose (fclose.c:35) ==32694== by 0x65DE013: clear_rl_outstream (readline.c:365) ==32694== by 0x65DE0DF: readline_s_set_output (readline.c:599) ==32694== Block was alloc'd at ==32694== at 0x49092C0: malloc (in /usr/lib/valgrind/vgpreload_memcheck-ppc64be-linux.so) ==32694== by 0x406BEC7: fdopen (__fdopen.c:21) ==32694== by 0x65DE103: readline_s_set_output (readline.c:603) Since rl_instream and rl_outstream are read on each rl_initialize, and editline's rl_initialize is smart enough to not leak memory if it is called multiple times during program execution, we use this as a way to force re-reading of rl_instream and rl_outstream. I hate this patch; I really do. Better fixes are highly welcome.
2019-07-21system/*: initial bashism removalMax Rees1-2/+2
2019-07-01system/ruby: fix depends on some split gems, don't split etcA. Wilcox1-12/+3
2019-06-20system/ruby: bump to 2.5.5A. Wilcox1-7/+5
2019-03-08system/ruby: [CVE] secbump, moderniseA. Wilcox1-11/+14
2019-03-08system/*: Change remaining url='*'s to https:// wherever possibleLuis Ressel1-1/+1
2019-01-26system/ruby: fix -dev dependsA. Wilcox1-2/+2
2018-10-19system/ruby: secfix bump to 2.5.3A. Wilcox1-3/+6
2018-06-27system/ruby: fix stack size calculation (crash on ppc64)A. Wilcox1-3/+5
2018-06-24system/ruby: pull in for asciidoctorA. Wilcox1-0/+315