* [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes].
@ 2022-06-29 15:55 Remco van 't Veer
2022-06-30 10:07 ` Maxime Devos
2022-08-29 14:49 ` bug#56303: " Marius Bakke
0 siblings, 2 replies; 4+ messages in thread
From: Remco van 't Veer @ 2022-06-29 15:55 UTC (permalink / raw)
To: 56303; +Cc: Remco van 't Veer
Includes fixes for: CVE-2022-28738, CVE-2022-28739, CVE-2021-41819,
CVE-2021-41816, and CVE-2021-41817.
* gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.4.
---
gnu/packages/ruby.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 68e5d8dfd6..41774b4907 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -28,6 +28,7 @@
;;; Copyright © 2021 EuAndreh <eu@euandre.org>
;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin@mailbox.org>
;;; Copyright © 2021 Giovanni Biscuolo <g@xelera.eu>
+;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -189,7 +190,7 @@ (define-public ruby-2.7
(define-public ruby-3.0
(package
(inherit ruby-2.7)
- (version "3.0.2")
+ (version "3.0.4")
(source
(origin
(method url-fetch)
@@ -198,7 +199,7 @@ (define-public ruby-3.0
"/ruby-" version ".tar.xz"))
(sha256
(base32
- "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
+ "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
(define-public ruby-3.1
(package
--
2.36.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes].
2022-06-29 15:55 [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes] Remco van 't Veer
@ 2022-06-30 10:07 ` Maxime Devos
2022-06-30 11:17 ` Maxime Devos
2022-08-29 14:49 ` bug#56303: " Marius Bakke
1 sibling, 1 reply; 4+ messages in thread
From: Maxime Devos @ 2022-06-30 10:07 UTC (permalink / raw)
To: Remco van 't Veer, 56303
[-- Attachment #1: Type: text/plain, Size: 800 bytes --]
Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> (define-public ruby-3.0
> (package
> (inherit ruby-2.7)
> - (version "3.0.2")
> + (version "3.0.4")
> (source
> (origin
> (method url-fetch)
> @@ -198,7 +199,7 @@ (define-public ruby-3.0
> "/ruby-" version ".tar.xz"))
> (sha256
> (base32
> - "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
> + "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
Hash matches what I get locally (without fallbacks).
The download matches the hashes at
<https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>.
Next step: compare diff ...
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes].
2022-06-30 10:07 ` Maxime Devos
@ 2022-06-30 11:17 ` Maxime Devos
0 siblings, 0 replies; 4+ messages in thread
From: Maxime Devos @ 2022-06-30 11:17 UTC (permalink / raw)
To: Remco van 't Veer, 56303
[-- Attachment #1: Type: text/plain, Size: 1292 bytes --]
Maxime Devos schreef op do 30-06-2022 om 12:07 [+0200]:
> Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> > (define-public ruby-3.0
> > (package
> > (inherit ruby-2.7)
> > - (version "3.0.2")
> > + (version "3.0.4")
> > (source
> > (origin
> > (method url-fetch)
> > @@ -198,7 +199,7 @@ (define-public ruby-3.0
> > "/ruby-" version ".tar.xz"))
> > (sha256
> > (base32
> > -
> "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
> > +
> "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
>
> Hash matches what I get locally (without fallbacks).
> The download matches the hashes at
> <https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>.
>
> Next step: compare diff ...
Aside from some old bundling & generated file issues (for which I've
made another (non-blocking) bug report), diff didn't seem ‘suspicious’
while scrolling through it, though it would be rather easy to hide
something there.
So assuming it builds, I don't expect problems with this update.
(Also, it doesn't have any dependents.)
Greetings,
Maxime.
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#56303: [PATCH] gnu: ruby: Update to 3.0.4 [security fixes].
2022-06-29 15:55 [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes] Remco van 't Veer
2022-06-30 10:07 ` Maxime Devos
@ 2022-08-29 14:49 ` Marius Bakke
1 sibling, 0 replies; 4+ messages in thread
From: Marius Bakke @ 2022-08-29 14:49 UTC (permalink / raw)
To: Remco van 't Veer, 56303-done; +Cc: Remco van 't Veer
[-- Attachment #1: Type: text/plain, Size: 232 bytes --]
Remco van 't Veer <remco@remworks.net> skriver:
> Includes fixes for: CVE-2022-28738, CVE-2022-28739, CVE-2021-41819,
> CVE-2021-41816, and CVE-2021-41817.
>
> * gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.4.
Applied, thanks!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-08-29 14:52 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-29 15:55 [bug#56303] [PATCH] gnu: ruby: Update to 3.0.4 [security fixes] Remco van 't Veer
2022-06-30 10:07 ` Maxime Devos
2022-06-30 11:17 ` Maxime Devos
2022-08-29 14:49 ` bug#56303: " Marius Bakke
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).