From unknown Sat Jun 21 10:29:16 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#56302 <56302@debbugs.gnu.org>
To: bug#56302 <56302@debbugs.gnu.org>
Subject: Status: [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
Reply-To: bug#56302 <56302@debbugs.gnu.org>
Date: Sat, 21 Jun 2025 17:29:16 +0000

retitle 56302 [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
reassign 56302 guix-patches
submitter 56302 Remco van 't Veer <remco@remworks.net>
severity 56302 normal
tag 56302 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 11:55:52 2022
Received: (at submit) by debbugs.gnu.org; 29 Jun 2022 15:55:52 +0000
Received: from localhost ([127.0.0.1]:59943 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6a2e-0007IL-3Z
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 11:55:52 -0400
Received: from lists.gnu.org ([209.51.188.17]:58184)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rwv@fastmail.com>) id 1o6a2c-0007IE-Ha
 for submit@debbugs.gnu.org; Wed, 29 Jun 2022 11:55:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:37632)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rwv@fastmail.com>) id 1o6a2Y-00070D-Q4
 for guix-patches@gnu.org; Wed, 29 Jun 2022 11:55:45 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:53537)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rwv@fastmail.com>) id 1o6a2U-0004UV-5M
 for guix-patches@gnu.org; Wed, 29 Jun 2022 11:55:42 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id D7FB9320097F;
 Wed, 29 Jun 2022 11:55:36 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Wed, 29 Jun 2022 11:55:37 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to; s=fm1; t=1656518136; x=1656604536; bh=U1LIRUy+q3
 1kwM1W0w4yKPHhNByXcCy2hw9IDTlJAVM=; b=r++AmGprq1NJkXGz/H263e0kIG
 GxkcPMfGwV1JGNwaOU+IXRXlQV3xiFjLbRm3WUt9oQ8CPo8oqPAx9c+/Ff15ePtM
 Lj4bxeV99GyGBq50MTUzF76Kn4HducISu98/IYvIKrP7p0ewkAx2dS52JX7wBzgs
 7dFB+OlA3ii0PhyLpgM0zGAv8H3Pi9EjLAReifeaZEFlG3TIkLrWSQe06P/7xcv1
 0Tw/WcV0X0YhJD2FD1Fz3zUKGGPOjnix+Qncsy6LUHkY8CSpvPT3yGX+KXdrcrBV
 +aGJKfZfd/NWfpaJAWjSkwN5bcJOKeetokeqapJehS0ypILq7yBmQ7Y48+bw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1656518136; x=1656604536; bh=U1LIRUy+q31kw
 M1W0w4yKPHhNByXcCy2hw9IDTlJAVM=; b=co2CjSatfbs8EKeLjNqeUxqhHOvxR
 g/tZ1hfb+ttk6ddccmyM/5yIyMmwuW6AvOuTHeTlzL0cLprIgY2B4BmKCCSDN08z
 qE0NLGZ0Ti4CvDKrnsmHMDUVD15ouZl/AqCDERIsDbiR9fhcG1XCxKZI3JP6/YJ7
 fgtgOd6Wfd0WVf2mOpfvhB5z00bQNuIbUZX26glF6rs5LDIoSZhQQ5yo4C+zqa/E
 sTvE9D1BxGw78ZjMqNX3vH4VSEPh+sg1ZLO04SLPJtcVoJb671F99XM115giH2XK
 FcXHF3McHKaqaVwPEpUfk1qOOkTaFH95BnqBJiZpjEthbXCNK6Xxl06Sw==
X-ME-Sender: <xms:-HW8YnDmnOPrGyqVxFimHzQrWp51Pl2eVKrYPPWWUY02F_gY6DpIXg>
 <xme:-HW8YtjZDLjls4hoOqVuvrKM97alUHdtWbCkXaJjTL4ni_wAIlQwmlkNH5PbJ5BCL
 Te36UbnnPV5TPUOzg>
X-ME-Received: <xmr:-HW8YikpsQOD1TVEVUBCCglOI8GwzKgK9DEftyr4Bpit0cJi2vGGF_vyr8J58Oq1L96v73FN4xa6WvX4lobaD6kG_RhK7A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegledgleegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffogggtgfesthekre
 dtredtjeenucfhrhhomheptfgvmhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtgho
 sehrvghmfihorhhkshdrnhgvtheqnecuggftrfgrthhtvghrnhephffgiefgtdduuedtke
 ehudejgeejtdekjeefjefggeeghfeuffdtieevgeegledvnecuvehluhhsthgvrhfuihii
 vgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtoh
 hm
X-ME-Proxy: <xmx:-HW8YpzIGII9GJvnp5ordeAudWxISmejZDmqK7QzBMPTEN2qumT7sA>
 <xmx:-HW8YsRW3Rxv7X1io2FvSeps0jE7sCyWKIgcopDYffstNWGbr93q1Q>
 <xmx:-HW8YsalyJtbOHojxHsxMj9tVMTk0X96LwxuNcxBRBwVeUqhA8dHTA>
 <xmx:-HW8Yl7ioBRTDSDqy01bNA3wAgd0A9R4Gc_LpWtFtHMtEgLHEqg2Pg>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 29 Jun 2022 11:55:35 -0400 (EDT)
From: Remco van 't Veer <remco@remworks.net>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
Date: Wed, 29 Jun 2022 17:55:33 +0200
Message-Id: <20220629155533.5224-1-remco@remworks.net>
X-Mailer: git-send-email 2.36.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=64.147.123.20; envelope-from=rwv@fastmail.com;
 helo=wout4-smtp.messagingengine.com
X-Spam_score_int: -21
X-Spam_score: -2.2
X-Spam_bar: --
X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249,
 FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.4 (/)
X-Debbugs-Envelope-To: submit
Cc: Remco van 't Veer <remco@remworks.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.2 (--)

Includes fixes for: CVE-2022-28739, CVE-2021-41816, and CVE-2021-41817.

* gnu/packages/ruby.scm (ruby-2.7): Update to 2.7.6.
---
 gnu/packages/ruby.scm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 5b65196c6c..9e1aff410f 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -28,6 +28,7 @@
 ;;; Copyright © 2021 EuAndreh <eu@euandre.org>
 ;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin@mailbox.org>
 ;;; Copyright © 2021 Giovanni Biscuolo <g@xelera.eu>
+;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -151,7 +152,7 @@ (define-public ruby-2.6
 (define-public ruby-2.7
   (package
     (inherit ruby-2.6)
-    (version "2.7.4")
+    (version "2.7.6")
     (source
      (origin
        (inherit (package-source ruby-2.6))
@@ -160,7 +161,7 @@ (define-public ruby-2.7
                            "/ruby-" version ".tar.gz"))
        (sha256
         (base32
-         "0nxwkxh7snmjqf787qsp4i33mxd1rbf9yzyfiky5k230i680jhrh"))))
+         "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"))))
     (arguments
      `(#:test-target "test"
        #:configure-flags '("--enable-shared") ; dynamic linking

base-commit: 4bc6888f5e475e06019790c76fd20caf4cc137f4
-- 
2.36.1





From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 11:58:13 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 15:58:14 +0000
Received: from localhost ([127.0.0.1]:59964 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6a4z-0007Nc-Pj
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 11:58:13 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:36827)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@remworks.net>) id 1o6a4y-0007NP-7R
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 11:58:12 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id 8FD69320092C
 for <56302@debbugs.gnu.org>; Wed, 29 Jun 2022 11:58:06 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Wed, 29 Jun 2022 11:58:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:content-type:date:date:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to; s=fm1; t=1656518286; x=1656604686; bh=CRu1+e8WQD
 UnykNzn0K+Idgm3IlAtefUE9afT0Z4eiU=; b=Om4KyvhxlIZ0H4cyvRTr6Q1N09
 Cbn9oCxjixG+LN/uL7o2neyr60HY7/TEcDP3M6Y+98+LDrBpgSLZW2pAv3mDukoN
 30jKQfUBTX4YO7hhAzU7Z76g4WedDqMMwcmCWwz0NqLAX56vWegXgzye5DnIHWIT
 9lr0XsHl/Ebreu6n8GiYv+5DiyV22tCga5X0niPI++oWzIHM7JCxnE+LAHXud6Kl
 iHjePcJOyATMHROtKBb8S84nSHMimyKyWJ1b/LjB1B6X8rKw7Vl+CAuU2p3V6F/y
 ItN9EG8U3a080l88w6/fKpw09VrnLJILipdtS7G0JpQ5o5jXAti2c58O4anQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:date:feedback-id
 :feedback-id:from:from:in-reply-to:in-reply-to:message-id
 :mime-version:references:reply-to:sender:subject:subject:to:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; t=1656518286; x=1656604686; bh=CRu1+e8WQDUnykNzn0K+Idgm3IlA
 tefUE9afT0Z4eiU=; b=kXXp2sAXpMSsYt9imMPqZ+RrXRUSyEPt3pRweWIL2ZIQ
 49jU7ZPpDtuGMbzym3MB1AaItn8YBAm2JebVR9EF4fHlfZX6fjKVEEnunLCOkvCQ
 94ZnRgp4JGAzPpxmSIq2tVkBYqYXfXCkuMnW2MaD4mLcTBoLTBqGK6EhvJa1DQuY
 oSQr8X2SLVomxtNeD9K0yBNUZnmE95tqWSx6A97XNe0z52vxFRco1fUXIErzFSw7
 qFIzpnrfKXJL/8WsWcHlbHre1gaUWpab/V03rSgzBbwp0NjN5ad6NS8fmbuPt8cG
 UcmsJEre+6EsUTbLa9N4z21P7mPgvNw4XkqJjk6xoA==
X-ME-Sender: <xms:jXa8Yk3Ne9WpjLGHG06YYZU-BgYYluY7Pc1cQ4hw1Aj0f4Ko6IphoQ>
 <xme:jXa8YvGzG3EBBY2CsqI6FJ0Hn6cr19dbKPAzWYcDjBJmvzbhbJyB7nWndHUCQ0cLd
 gvLtu-FFdKBBXmcnw>
X-ME-Received: <xmr:jXa8Ys57AuT_ady9I8Ej1X6rUOl1fcOiRwwXTHrm2M4HRF6uCHde1N6Z8QFwr1KrJKUyS7H84UUx0WA9iGVmfo3pjMxylXxYTx7AYAwXBqI>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegledgleegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpehffgfhvffujgffkfggtgesthdtre
 dttdertdenucfhrhhomheptfgvmhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtgho
 sehrvghmfihorhhkshdrnhgvtheqnecuggftrfgrthhtvghrnhepueelvdetveetheefud
 evhfejudevgfekheeltdfggedvueegfffhkeeijeektdegnecuvehluhhsthgvrhfuihii
 vgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhgvmhgtohesrhgvmhifohhrkhhsrd
 hnvght
X-ME-Proxy: <xmx:jXa8Yt02FVtVgfM9JexN-x9RMhMmO5M2-qFD6ip4M2yebF78xcz1QA>
 <xmx:jXa8YnGuUk2DMTjdL6ZFAskeunFTqbIHlxzybswIO8rhxAvFO17u2A>
 <xmx:jXa8Ym9oAISmmMqYji0YC36FyaMLkT4K26bb3rZvKxB9VMncut0z4g>
 <xmx:jna8YuwT7un2pOflklW2vsR-d_TH7_qKSzUszYLh3NpY_xwWqR_eGQ>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <56302@debbugs.gnu.org>; Wed, 29 Jun 2022 11:58:05 -0400 (EDT)
References: <20220629155533.5224-1-remco@remworks.net>
 <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
User-agent: mu4e 1.6.11; emacs 28.1
From: Remco van 't Veer <remco@remworks.net>
To: 56302@debbugs.gnu.org
Subject: Re: bug#56302: Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6
 [security fixes].)
In-reply-to: <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
Date: Wed, 29 Jun 2022 17:58:04 +0200
Message-ID: <87a69vh377.fsf@remworks.net>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56302
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Please note:

  $ guix refresh --list-dependent ruby@2.7
  Building the following 2346 packages would ensure 6612 dependent packages are rebuilt: ...

So this goes into core-updates.




From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 12:04:24 2022
Received: (at submit) by debbugs.gnu.org; 29 Jun 2022 16:04:24 +0000
Received: from localhost ([127.0.0.1]:59986 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6aAy-0007ZA-36
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 12:04:24 -0400
Received: from lists.gnu.org ([209.51.188.17]:41404)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1o6aAn-0007Ys-SE
 for submit@debbugs.gnu.org; Wed, 29 Jun 2022 12:04:17 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:40952)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1o6aAn-0007Bg-KY
 for guix-patches@gnu.org; Wed, 29 Jun 2022 12:04:13 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:37498)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <me@tobias.gr>) id 1o6aAi-0007AJ-4f
 for guix-patches@gnu.org; Wed, 29 Jun 2022 12:04:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=sfU3TIfmkO4rM
 D+XBG1+Ed3JOgSW+KK6ipoieYKvN2k=;
 h=references:in-reply-to:subject:to:
 from:date; d=tobias.gr; b=k0JZh+d7z5mn3n0s4rWUkhfHugdLkrhFfQOnnRyN7dyd
 dnFJuxzH5jSUnK+6mAqHR/1XWy/QqMc0ivFC1l2jdCsZUJAXIxpJUcybbz4fcw5ZpptP/f
 r8XTXCjFimv85Fo2RJgZNmC25F+RR87xnJdBxr1zDA2NOcChhJcrKAh5Y+4jiRMzOZecnC
 AmHuy8CI1GZDQqtmAYjLGw8xFxrenJUhtkQ0UIIhgD1FE58/SKUMUuW+gcYrPEURK72j0V
 1vmsOnEtLU7iBAbBjTU/cdRM99ZKGNsxYo5oFC7ufEbd9xiDxqKM4lPSaQkdwZ25kayHI+
 R/GR38zDnhSHZUXFSQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id f2257f2a
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); 
 Wed, 29 Jun 2022 16:04:02 +0000 (UTC)
Date: Wed, 29 Jun 2022 16:04:03 +0000
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: guix-patches@gnu.org, Remco van 't Veer <remco@remworks.net>,
 56302@debbugs.gnu.org
Subject: =?US-ASCII?Q?Re=3A_=5Bbug=2356302=5D_Acknowledgement_=28=5BPATCH=5D_gn?=
 =?US-ASCII?Q?u=3A_ruby=3A_Update_to_2=2E7=2E6_=5Bsecurity_fixes=5D=2E=29?=
In-Reply-To: <87a69vh377.fsf@remworks.net>
References: <20220629155533.5224-1-remco@remworks.net>
 <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
 <87a69vh377.fsf@remworks.net>
Message-ID: <5DF7A747-FFC0-4ABA-9F81-F5DCBCCA1FE0@tobias.gr>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Autocrypt: addr=me@tobias.gr; keydata=
 mQINBFVks2ABEACjGBPhWf/qx0L9OhEIrAFTimo5dHa1FLy0AHaHvxmwYSIdJmERYGiNle1rcOvw
 cFRtu8KJUsrs27Vgoso3qHJpghVitUUf0v3ZuXQT9kfuQLz1Y8pyMzHwVFMLiJVj4Z3y7CJk+xyZ
 cpSAMbyPINbFVEhsK+z+8ojVGuaiucZkib6b67ySG6Pp1bon8xVvosj71ZRjfXh1t4X8laWO7fQq
 itT9lmc6DxbE/4vIhR+Vb2MblaA+DyHoNHGGao89h4CO99lfzWzsux41DnEG9d317sJRQTig6Wja
 EKHXZRA9FbfogD4SDa2uQYCpTJpsVjAyZyu2fuJ+t0zJJ+Ai9qDY87P6hOyd+/n8Eh2Y4TbxJiDo
 XUT72XY/RfPH1qrMIP3EI/NNL4LQeGG1n+625k3OVWcRVXG2vRrB6qurLmGkLEmjXWCFD9cCRGfH
 LeajLm9sM+t/nZPZ3btetcmK9tM2EwivyLUNhrTk73UUnI4CSAzdO2cISqo9zSMtFgj2alqd2fOR
 s7CKfEn+5PquruDbp/Ej7dOOrjgWSCXLDDYXRrtaKrLz/dhqq5ftFYi9tUTTQecFotM08fPtu+Kw
 JMP2ySHCkUqp0GvrUCeSRPAJZsmJrd535y+LlRhnqb0mbG4dgMa8A6xhkFYugnqldy/q7kX1EmRI
 686N7bA6fh1MCQARAQABtCRUb2JpYXMgR2VlcmluY2t4LVJpY2UgPG1lQHRvYmlhcy5ncj6JAlIE
 EwEKADwCHgECF4ACGQECGwMWIQT1vFU0w28Ah7OdNu8cncT+udt8SwUCXpe0rAYLCQgHCgQFFQoJ
 CAsFFgMCAQAACgkQHJ3E/rnbfEu5IhAAk+0BW/twLmx1xMmeXn+I7Ne6SG3++0TRBduEaGWV3n59
 lX6XPZUQdAPpS4uy0H+c90Owkw+aWUEwfyOWphrxZRtR2cCOP/3Pxj3Vgtz5RkY4u27lMj15jqa/
 p7l2l256ZKJOegr9TvOWtkhMp5lxeVHT6f/44Kv/r/8mMCgSnLXYrEWPE462xI+mIJOanHLJb6No
 f2xLRCvXoLLp7Yejjv1dwOO71R9PMRhtNy46pZM1ylQ++UTkeSocJw4aNtiu0DHOkX9AlNBkutIx
 x07RpO+MqJKlzzLeQiC/fE5+dR2itRONopwXAqN3MuT7MonQo5XifBn+VK8i9xZWTXZDkWItWtCC
 8oIj4zwxwFWiTmMwwSbI3Wdd/11Zw3CLc4Gd0M6NVgvAnuErQXSgr4lrWhZcncvi4L6EJTc9AUSa
 8UWPF+S9t+CHTukpJmcYnsccMkOBhT7OZlmWBsylrYK/JTRWqgWSHWdSKmOuLK+MGDneOZEHkEcf
 jeXRWvmG7MSU5tE/p7NDLIg9vkvhQV9b0q4OtY65uNWbRe2QRJaYMDcYUAeSZzivRa8VaoVen6tb
 FvH44zpCxubn23ABl9YIzwvJC++r+H2qLdLpy0cfITiZadZ74Ae0aosNw7XARS6OY+A03BfXyPiI
 2oW0jf/PdH9sh2mQrQxIQJ5cZz6Z3X0=
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr;
 helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

Right, but '[security fixes]' means we (also) need to graft on master=2E

Would you want to give that a try?

Thanks for the patch!

T G-R

Sent on the go=2E  Excuse or enjoy my brevity=2E




From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 12:04:43 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 16:04:43 +0000
Received: from localhost ([127.0.0.1]:59990 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6aBH-0007Zn-D3
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 12:04:43 -0400
Received: from michel.telenet-ops.be ([195.130.137.88]:35944)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1o6aBF-0007Zd-2h
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 12:04:41 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by michel.telenet-ops.be with bizsmtp
 id p44e2701S4UW6Th0644eqF; Wed, 29 Jun 2022 18:04:39 +0200
Message-ID: <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be>
Subject: Re: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6
 [security fixes].)
From: Maxime Devos <maximedevos@telenet.be>
To: Remco van 't Veer <remco@remworks.net>, 56302@debbugs.gnu.org
Date: Wed, 29 Jun 2022 18:04:37 +0200
In-Reply-To: <87a69vh377.fsf@remworks.net>
References: <20220629155533.5224-1-remco@remworks.net>
 <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
 <87a69vh377.fsf@remworks.net>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-6HmEV255wKLQPBHvzDW/"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1656518679; bh=U9wg9gCUpPS+Whku6+gwOTcWD2qQjmTP2yh+kffUD1c=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=GlksDeH+VhmKB1dASmEh8jjWtETJCJeNP+8hlQc+tDu3jl0TEblmv5D8F57VEG4cw
 0mTmTOtrlF1xwEIc1X1HwQ4MiCbrWUwYml26ryqKRuPQP7HsAZXOQk9I6OjFrslSwc
 kFBdouBtu8g5mqOlWtNHDxAQYw77XtBRqyGTFqtGeMB6bhJgZIE/bSrYqH+yBEJSPA
 FUhVupXNPdfRSaHBaANfE9NxEoAsT4kHFtTX0WP35LkXwIO/AGYy6f7gqcR7t5i01f
 U55MQ7Dv5SBJOx5O4R6WepPKqPyJRNoFJFeXiQkTms9xdOZeMDqW9Xq+ND5OHzO4o1
 RNSnQhiAbZZdg==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 56302
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-6HmEV255wKLQPBHvzDW/
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Remco van 't Veer schreef op wo 29-06-2022 om 17:58 [+0200]:
> Please note:
>=20
> =C2=A0=C2=A0$ guix refresh --list-dependent ruby@2.7
> =C2=A0=C2=A0Building the following 2346 packages would ensure 6612 depend=
ent packages are rebuilt: ...
>=20
> So this goes into core-updates.

core-updates probably won't be merged for a long time, so a graft might
be needed in the meantime.

Basically, what you need to do is:

  * keep the old ruby@2.7.4 package definition
  * add a ruby@2.7.6 package (as (define-public ruby-2.7-fixed [...]))
  * in ruby@2.7.4, add a field
    (replacement ruby-2.7-fixed) ; security fixes

and verify that some Ruby-using dependents still seem to work.

That way, we can use a fixed ruby@2.7.6 on master.

(This assumes that ruby is graftable -- this assumes that ruby is
ABI-compatible, otherwise the grafted dependents won't work.)

Greetings,
Maxime

--=-6HmEV255wKLQPBHvzDW/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYrx4FRccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7pF2AP4nd5vGekUHj0J+E6sxWleN8HmL
nP8XZqpbziZAQiPaXAEA5iwoMwPacYHxwL0+kvnBY7CAgIWHRI5D/80mS/Tphwo=
=5aCT
-----END PGP SIGNATURE-----

--=-6HmEV255wKLQPBHvzDW/--





From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 12:13:51 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 16:13:51 +0000
Received: from localhost ([127.0.0.1]:60014 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6aK7-0007pR-9b
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 12:13:51 -0400
Received: from wout5-smtp.messagingengine.com ([64.147.123.21]:40997)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@remworks.net>) id 1o6aK3-0007pA-Er
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 12:13:49 -0400
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
 by mailout.west.internal (Postfix) with ESMTP id A97063200959;
 Wed, 29 Jun 2022 12:13:40 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Wed, 29 Jun 2022 12:13:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to; s=fm1; t=1656519220; x=1656605620; bh=LhLAdJ/Xhj
 UGGSwvPcnpTBZFcBuNU+zYCJiX2ZkCdUc=; b=kJHrCyFklQV+58Gu0sPouAZI8P
 tpQoQ4sRbybgJaKCTBmAXYhAQU7fMvCvx9zN1RBgpa/uR5RisbZffmdY8gTg7fbM
 PXG89mfYtpPKs61AEAajZsjhPwERjT6gOe3iGcOKLEo+Tw7aYTr9dLcKZbIAsr/i
 7uowrpNeaRpBIEHO8dqmU2KrruS1uJmDQ2KpMDRdU8Fu0DI1wl1y0pte5vASwmYc
 6v4902bjPhA5XFINdeU3dOWJeGo02dYgCZ2aKAIvD9afmxzN+HdO0tvo20/bBQzd
 aBhPB/OrMPKNjfOmXyF1naHtwUu7bN9cfDA6AT+cX95nRl3xfrLsAWMRm2rA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
 :feedback-id:from:from:in-reply-to:in-reply-to:message-id
 :mime-version:references:reply-to:sender:subject:subject:to:to
 :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; t=1656519220; x=1656605620; bh=LhLAdJ/XhjUGGSwvPcnpTBZFcBuN
 U+zYCJiX2ZkCdUc=; b=tuSrEJTdDButfuZhSW7+gkgJ2uuE9I49EMhVtaEleL4l
 QF7H6+RqgBT6jnSzfFjjgppmU/klj2LlZE6JkdR8waaKM4Q8P7nuMBEaqsI1GbqO
 z/UxNzRuR2YplqT8XTW/7eX3qG+E4LXMu+NmUkekJpjs77KNhqubnvSyaA17LPtn
 tFcYfPyE0ngJenPRlYv9wURxtwjgsGfHx0oAhFSvRlpRCbeBEMW9uggIfHZ4mZft
 xuh4NrAfGAgUmAlSjOok0HnU0VVovLeoi3Ry3HwgHPcQj2Bb9lwt4uLt2jPUvACa
 14+JD4RhMBQsoEYJ/mhgMgTejvBDaDjKYvedFy3Chg==
X-ME-Sender: <xms:NHq8YhMCnG2WIU8omSIgQEWZaN4X7R9v6c04Wv_QczNLGQNEXAd0yA>
 <xme:NHq8Yj8QxIDWHIVxcxrrVK7m0z29qCHJUhJ9qouzM4Ic1nl47q3V9jri8q9Q-1bUL
 S1VUU15lMVoX8CzGA>
X-ME-Received: <xmr:NHq8YgTdh41XwnFLZh9NRCSNnvctSXHYwF0lPhCO4s3Lbz8MPiCgJdsDiHmJ2myzTp_CeXpr_1tiq5n0I2WgwVeFT76C0FXVGECfeb2Ie2Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegledgleekucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfhgfhffvvefujgffkfggtgesthdtredttdertdenucfhrhhomheptfgvmhgt
 ohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvtheqne
 cuggftrfgrthhtvghrnhepkeduveegfedufeelhedvuedvhfeufedtteevkeehhfeigfev
 lefhgeeukedtfeevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh
 hfrhhomheprhgvmhgtohesrhgvmhifohhrkhhsrdhnvght
X-ME-Proxy: <xmx:NHq8Ytse_s8hI2oipZShznZJlRItJhR9uo1CpDKKADHyXWEMqk3DvA>
 <xmx:NHq8YpepE3funQbEvhbzdYa1ngVZz3c4dtqOHEj-jQKpQBTlnEZVJg>
 <xmx:NHq8Yp171ycnXRPzexhQRg9hvFDJJ1nOiMdOqkzRd6lbA_TrsmraDg>
 <xmx:NHq8YpkWqjbMpWXx_5WW0kOCl-CWU1k4a5Eih3hlmIW_nIag_WJxBg>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 29 Jun 2022 12:13:39 -0400 (EDT)
References: <20220629155533.5224-1-remco@remworks.net>
 <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
 <87a69vh377.fsf@remworks.net>
 <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be>
User-agent: mu4e 1.6.11; emacs 28.1
From: Remco van 't Veer <remco@remworks.net>
To: Maxime Devos <maximedevos@telenet.be>
Subject: Re: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6
 [security fixes].)
In-reply-to: <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be>
Date: Wed, 29 Jun 2022 18:13:38 +0200
Message-ID: <875ykjh2h9.fsf@remworks.net>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 56302
Cc: 56302@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

2022/06/29 18:04, Maxime Devos:

> core-updates probably won't be merged for a long time, so a graft might
> be needed in the meantime.

So, keep this bug and make a new patch / bug for the graft?

> Basically, what you need to do is:
>
>   * keep the old ruby@2.7.4 package definition
>   * add a ruby@2.7.6 package (as (define-public ruby-2.7-fixed [...]))
>   * in ruby@2.7.4, add a field
>     (replacement ruby-2.7-fixed) ; security fixes
>
> and verify that some Ruby-using dependents still seem to work.
>
> That way, we can use a fixed ruby@2.7.6 on master.
>
> (This assumes that ruby is graftable -- this assumes that ruby is
> ABI-compatible, otherwise the grafted dependents won't work.)

Thanks for the explanation! I'll give it a try.

Cheers,
Remco




From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 14:01:13 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 18:01:13 +0000
Received: from localhost ([127.0.0.1]:60158 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6bzw-0005eN-My
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 14:01:13 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:38899)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rwv@fastmail.com>) id 1o6bzr-0005TR-MO
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 14:01:07 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 6E67E5C0533;
 Wed, 29 Jun 2022 14:00:58 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163])
 by compute4.internal (MEProxy); Wed, 29 Jun 2022 14:00:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to; s=fm1; t=1656525658; x=1656612058; bh=EqjwWOoH8e
 seZjPgFpBBIhpuGa30DvrFyu0B5Wppjvg=; b=Mn+GDOYlJ9RiQKoUxM6lp32cvi
 q0QZHnYQKA9IEwwY+t6RTtPEY+VlsAHjNH+RsR2naKElJbylzHU8OpxdhRcmmtf6
 sv/WNvCXB3kH6kShB6LtGKSFrxsclZQMZf94t14SNYkbSIxKaRlUttShw5PBnwbe
 +YlNL6qGSvFzs47uazx9ZNBdK/o/q/GEUa+/bDDgqVmWx3Dfuuyq2fj15MK4rOzi
 4xCS/q+443ivLa7foV2brPV9iGowOQxWdzK6rAnOBA7/oVLP19L8lK+LAn4rMjFu
 wJiyI5eUOURQrmDorjyORqckw75+7P7ffi42YkAz6OZ3Ea6w6sIwEemfU5cQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm2; t=1656525658; x=1656612058; bh=EqjwWOoH8eseZ
 jPgFpBBIhpuGa30DvrFyu0B5Wppjvg=; b=RDRGk+f2ydzzErbBkDPB6KlOGZN7q
 +BR8un89l9iRs+EwkRVfHp6TrFzCzAFbvOfXZEJPsg47/XS1QheiNbETaUArCZxe
 z8Q5LT/eL4Lip78SRK33K+qPHX8bAaDp7NOzPiwsUhiGsDC0MCUSJSGx1YN368AM
 59FpzV+9c8ytJn60dPnR46IYKkk2NLNl58TOIqN1hCkXbu9UKxwf20R8JfDTj81W
 QqPYCkrc2Jeo8ZmhIuYUuvJcFi5RoCHzF6ck/R4uHT2zHU3xUkwqvv6J0O/YF9h5
 r6GZY7++TnkYT1Kd2ESbUSldceaCIxthvnfSc6SqPiThSvubhgmdZDtZQ==
X-ME-Sender: <xms:WZO8YgBBx-V8Nz0SsZUS2nlFPaOAFJ5J2pBxvPgMFi9z6j5EWQflDQ>
 <xme:WZO8YijJMg6vxcF60ZR531YUBS_2mxrCOR5xY6aa9Zc96sX8odpKnUBzyu1h_3KFJ
 5IfjLj51wea-Vy6uA>
X-ME-Received: <xmr:WZO8YjnumcRjkOCsM4GioySorNCsZh_Dn7s5xWoeuCYgSRdgEsJlSYn3ql5f5UXsKojmWoS9Le55OuDNFY_C_WSSayZH9A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudegledguddulecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpefhvfevufffkffogggtgfesthekredtredtjeenucfhrhhomheptfgvmhgt
 ohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvtheqne
 cuggftrfgrthhtvghrnhepfeffheduteegtdfhfeeugfevleffgfeiffekfeevfeffgeev
 jeekffekgfduledtnecuffhomhgrihhnpehruhgshidqlhgrnhhgrdhorhhgnecuvehluh
 hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhifvhesfhgrshht
 mhgrihhlrdgtohhm
X-ME-Proxy: <xmx:WZO8YmwQAVGuvCHCACnz2BkoAKSLepBtNzVJe03LLe-w9UqWg6oB9w>
 <xmx:WZO8YlTKCHpKu6iRFNVwS6J_a4CL1NA49qeWVnEwn7bEs0jZLk0E_g>
 <xmx:WZO8YhY63LlCqpalVIwFoMbNDdhNOKRQxx-EKAjjC_bOnf-N1uHVFQ>
 <xmx:WpO8YgdOu1eOJlqGUls6e9FEbBE_AMLuRFWvkhTXtN297D4CHKm3iw>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 29 Jun 2022 14:00:56 -0400 (EDT)
From: Remco van 't Veer <remco@remworks.net>
To: 56302@debbugs.gnu.org
Subject: [PATCH v2] gnu: ruby: Update to 2.7.6 [security fixes].
Date: Wed, 29 Jun 2022 20:00:37 +0200
Message-Id: <20220629180037.27919-1-remco@remworks.net>
X-Mailer: git-send-email 2.36.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: 56302
Cc: Tobias Geerinckx-Rice <me@tobias.gr>, Maxime Devos <maximedevos@telenet.be>,
 Remco van 't Veer <remco@remworks.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

Includes fixes for: CVE-2022-28739, CVE-2021-41816, and CVE-2021-41817.

* gnu/packages/ruby.scm (ruby-2.7-fixed): New variable.
(ruby-2.7)[replacement]: Graft.
---
 gnu/packages/ruby.scm | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 68e5d8dfd6..0b6626bdf7 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -28,6 +28,7 @@
 ;;; Copyright © 2021 EuAndreh <eu@euandre.org>
 ;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin@mailbox.org>
 ;;; Copyright © 2021 Giovanni Biscuolo <g@xelera.eu>
+;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,6 +153,7 @@ (define-public ruby-2.7
   (package
     (inherit ruby-2.6)
     (version "2.7.4")
+    (replacement ruby-2.7-fixed) ; security fixes
     (source
      (origin
        (inherit (package-source ruby-2.6))
@@ -186,6 +188,20 @@ (define-public ruby-2.7
     (native-inputs
      (list autoconf))))
 
+(define ruby-2.7-fixed
+  (package
+    (inherit ruby-2.7)
+    (version "2.7.6")
+    (source
+     (origin
+       (inherit (package-source ruby-2.7))
+       (uri (string-append "https://cache.ruby-lang.org/pub/ruby/"
+                           (version-major+minor version)
+                           "/ruby-" version ".tar.gz"))
+       (sha256
+        (base32
+         "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"))))))
+
 (define-public ruby-3.0
   (package
     (inherit ruby-2.7)
-- 
2.36.1





From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 14:19:05 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 18:19:05 +0000
Received: from localhost ([127.0.0.1]:60181 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6cHH-0007BO-8x
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 14:19:05 -0400
Received: from michel.telenet-ops.be ([195.130.137.88]:38346)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1o6cHB-0007Av-JQ
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 14:19:02 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by michel.telenet-ops.be with bizsmtp
 id p6Jv2700M4UW6Th066JvQR; Wed, 29 Jun 2022 20:18:56 +0200
Message-ID: <c2c8209c614d12b7cec0c076ba81284b5e36774b.camel@telenet.be>
Subject: Re: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6
 [security fixes].)
From: Maxime Devos <maximedevos@telenet.be>
To: Remco van 't Veer <remco@remworks.net>
Date: Wed, 29 Jun 2022 20:18:50 +0200
In-Reply-To: <875ykjh2h9.fsf@remworks.net>
References: <20220629155533.5224-1-remco@remworks.net>
 <handler.56302.B.165651815228055.ack@debbugs.gnu.org>
 <87a69vh377.fsf@remworks.net>
 <975d34406b3e636414efdeb2ff1d7dbd4e95d944.camel@telenet.be>
 <875ykjh2h9.fsf@remworks.net>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-UgtCxAUtPCUFDzNDvLCG"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1656526736; bh=qGcaKMpsNPQbHX5KeGWcYawGj1ROVB9xTBDQ7L+JW3A=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=IzEd4TlGjgSnismJ4er8Yyo59EU1nMmQIZGNAuNKb/lp2fL8PN5cHD8B5jqNmicG6
 /uAUYny+EJ4mGymTK07m3CPZFouAnssjKuF5ZobAKVsJEWyfSZzA47qheaiM4tXNEG
 dkbeVvK+EvXWHdRL1SU4qLubFyRiunMZNa3mBYtJOIwCW1oriOEzmLlaB25XBLBMM/
 K0Z68JYDzqdC8KebcUa1JsnD0SfkHdOti4WEsH9VzzH9UttyotX5FkitEzQQxTgP8M
 XHSE7hBM3H7UrHDhAkMEuml/uJhMp/PecyQjCN9UOD1SRsibFjQy4CXoNeVL21SLw4
 Dhs12jD+pVt9w==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 56302
Cc: 56302@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-UgtCxAUtPCUFDzNDvLCG
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Remco van 't Veer schreef op wo 29-06-2022 om 18:13 [+0200]:
> 2022/06/29 18:04, Maxime Devos:
>=20
> > core-updates probably won't be merged for a long time, so a graft might
> > be needed in the meantime.
>=20
> So, keep this bug and make a new patch / bug for the graft?

I'd keep the 56302 to keep things orderly.  FWIW, while they can be
reviewed and applied independently, the various Ruby update patches are
all about the same thing (updating Ruby), so they could have been done
together I think (separate patches, but a single series and single
debbugs number).

TBC: to keep things orderly, let's not make a new issue with a patch
series, it's more a thing I would recommend for the future.

Greetings,
Maxime

--=-UgtCxAUtPCUFDzNDvLCG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYryXihccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7o+YAQDGBZ9A4Q5/3ImgYs8H64sOOnEb
mFwrfcnXqngsKho5aAD/WVkr9bUua/89o0tcGbW1SkHPExSz8LPAinPNmoBWvws=
=He4u
-----END PGP SIGNATURE-----

--=-UgtCxAUtPCUFDzNDvLCG--





From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 14:29:55 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 18:29:55 +0000
Received: from localhost ([127.0.0.1]:60199 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6cRm-0007Th-T3
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 14:29:55 -0400
Received: from laurent.telenet-ops.be ([195.130.137.89]:51314)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1o6cRk-0007TX-Nf
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 14:29:53 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by laurent.telenet-ops.be with bizsmtp
 id p6Vq270094UW6Th016Vqz0; Wed, 29 Jun 2022 20:29:51 +0200
Message-ID: <3edebb176b620a66a47b013a332c9683322e1a8d.camel@telenet.be>
Subject: Re: [bug#56302] [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
From: Maxime Devos <maximedevos@telenet.be>
To: Remco van 't Veer <remco@remworks.net>, 56302@debbugs.gnu.org
Date: Wed, 29 Jun 2022 20:29:44 +0200
In-Reply-To: <20220629155533.5224-1-remco@remworks.net>
References: <20220629155533.5224-1-remco@remworks.net>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-o9cjW94OvRYlLbJEajtg"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1656527391; bh=XSNuOVB7smdigNMKiy1uY65fJH6Px7QbnODki+FquYI=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=nrVXnAOSY4948PS5I5LjE1jeEfz8oNE2KmP/XX21CVeVC5+6xIRmC34duiPg9Eb9L
 rhWa2FxCkY5c7lOK9RVdDa0IPDn+jlhN9zSq2onpj6n1t0eddtxmakqDqiXDQyf8o7
 C4Y0n8GMTZDeh3KsWwvo08pVpc5OXO+6xKvepPJ4K5r/K7gdDSk6QWpa3Z4gkecme2
 sz6KN+8GN7+brDkQNkPJVinSUsnXWE7Eus1wTrHBNck7BRPjspHXzTHZsHnAS5n5IH
 XlTidLR29Hy9PW6cM9nPzqwBlxbM4qpf4DxKbBj3s77RsMdmeuuq61IerUT4OnJGu4
 Id8eZCHIBJbLw==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 56302
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-o9cjW94OvRYlLbJEajtg
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 "042xrdk7hsv4072bayz3f8=
ffqh61i8zlhvck10nfshllq063n877"))))

This matches with a local

$ guix download https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.6.tar.gz=
=E2=80=99

and with all the hashes from <https://www.ruby-lang.org/en/news/2022/04/12/=
ruby-2-7-6-released/>.

I'll try diffing (*) it with the old tarball for =E2=80=98suspiciousness=E2=
=80=99
(e.g.: obvious malware, new bundling, ???).

Greetings,
Maxime

(*) diffoscope can be useful, albeit a bit slow at time.

--=-o9cjW94OvRYlLbJEajtg
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYryaGBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7pJdAPkBEb6u180e28+wRZgfp9hTuiAt
i+CYetjqnvQU8xO1xAD/e0yv/ccix6gGCRgH6cEz9SJJyR3T8U+Ylg07NrVDAQM=
=rgOc
-----END PGP SIGNATURE-----

--=-o9cjW94OvRYlLbJEajtg--





From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 29 14:58:02 2022
Received: (at 56302) by debbugs.gnu.org; 29 Jun 2022 18:58:02 +0000
Received: from localhost ([127.0.0.1]:60232 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1o6cst-0008Im-WA
	for submit@debbugs.gnu.org; Wed, 29 Jun 2022 14:58:02 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:48660)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@telenet.be>) id 1o6csq-0008Ia-VK
 for 56302@debbugs.gnu.org; Wed, 29 Jun 2022 14:57:54 -0400
Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be
 ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a])
 by albert.telenet-ops.be with bizsmtp
 id p6xq2700D4UW6Th066xqBT; Wed, 29 Jun 2022 20:57:50 +0200
Message-ID: <e7cff471ceddf9b590998305321c6daebfab6f82.camel@telenet.be>
Subject: Re: [bug#56302] [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
From: Maxime Devos <maximedevos@telenet.be>
To: Remco van 't Veer <remco@remworks.net>, 56302@debbugs.gnu.org
Date: Wed, 29 Jun 2022 20:57:46 +0200
In-Reply-To: <3edebb176b620a66a47b013a332c9683322e1a8d.camel@telenet.be>
References: <20220629155533.5224-1-remco@remworks.net>
 <3edebb176b620a66a47b013a332c9683322e1a8d.camel@telenet.be>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-x1yhrmrcWK3V8MDW6DPc"
User-Agent: Evolution 3.38.3-1 
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1656529070; bh=YkJgOrdulX81vZ0ZzqYErlMCRwGPz/I/+fqkQ5x2VAE=;
 h=Subject:From:To:Date:In-Reply-To:References;
 b=lVBURYih4bKf3VqbJdFSeOCEOjYRKAgXavph/lGI6ovlxj4GHfCfV02bo3mbj8xM2
 y87Mh73Nn/xY8Tl5cKgp1PkChQ6e3NWaF0IrBv4XN96BxB/HlTvckOs2yGw4fcKoAu
 F6ggGjQupOcFekZRS7Q8urWB/PMQ7lR3dOV74VlHq2ttHHf7CAiuNAXuSwiC6X6A82
 09yy2xeQBG5ivu3tCSApFFs4biJMLJcV92HCDYYbsdw38FO1outEkklMlCA10LMNBL
 8jQSc8IG8y6WLueWU/CI/mmm+IeP3GnubOy4zGsQSEwUzMP+y2He2DR8v3UxYIx2ZR
 +FTg8Ru/WbKbA==
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 56302
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


--=-x1yhrmrcWK3V8MDW6DPc
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Maxime Devos schreef op wo 29-06-2022 om 20:29 [+0200]:
> Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"))))
>=20
> This matches with a local
>=20
> $ guix download
> https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.6.tar.gz=E2=80=99
>=20
> and with all the hashes from
> <https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/>.
>=20
> I'll try diffing (*) it with the old tarball for =E2=80=98suspiciousness=
=E2=80=99
> (e.g.: obvious malware, new bundling, ???).

When scrolling through the diff, nothing looked =E2=80=98suspect=E2=80=99 a=
t first
glance.  However, I did notice something else: some parts are not=20
under the Ruby License, but under 2-clause BSD:

=E2=94=82 =E2=94=9C=E2=94=80=E2=94=80 +++ ruby-2.7.4/gems/xmlrpc-0.3.0/LICE=
NSE.txt
=E2=94=82 =E2=94=82=E2=94=84 Files 26% similar despite different names
=E2=94=82 =E2=94=82 @@ -1,13 +1,10 @@
=E2=94=82 =E2=94=82 -test-unit is copyrighted free software by Kouhei Sutou
=E2=94=82 =E2=94=82 -<kou@cozmixng.org>, Ryan Davis <ryand-ruby@zenspider.c=
om>
=E2=94=82 =E2=94=82 -and Nathaniel Talbott <nathaniel@talbott.ws>.
=E2=94=82 =E2=94=82 -
=E2=94=82 =E2=94=82 -You can redistribute it and/or modify it under either =
the terms of
the GPL
=E2=94=82 =E2=94=82 -version 2 (see the file GPL), or the conditions below:
=E2=94=82 =E2=94=82 +Ruby is copyrighted free software by Yukihiro Matsumot=
o
<matz@netlab.jp>.
=E2=94=82 =E2=94=82 +You can redistribute it and/or modify it under either =
the terms of
the
=E2=94=82 =E2=94=82 +2-clause BSDL (see the file BSDL), or the conditions b=
elow:

so it maybe be good to add =E2=80=982-clause BSDL=E2=80=99 to the license f=
ield as well
(though given that it's an old issue, bringing the new version of ruby
in Guix has priority).

Also, looks like it bundles some autoconf scripts (config.guess), which
is not in line with
<https://lists.gnu.org/archive/html/guix-devel/2022-04/msg00065.html>,
but also not priority given the security fix.

Greetings,
Maxime

--=-x1yhrmrcWK3V8MDW6DPc
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYrygqhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7j9OAQDduKt3FLpWZ75WJJgk4UI/8a9m
P6F02FvopBGaZmEh+wEA+Co9x/lVo9VQZzM2QFtZZ/W81PR8RBY66M1kn5qdvAU=
=qXke
-----END PGP SIGNATURE-----

--=-x1yhrmrcWK3V8MDW6DPc--





From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 10:49:01 2022
Received: (at 56302-done) by debbugs.gnu.org; 29 Aug 2022 14:49:02 +0000
Received: from localhost ([127.0.0.1]:33377 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oSg4T-0002dA-LF
	for submit@debbugs.gnu.org; Mon, 29 Aug 2022 10:49:01 -0400
Received: from eggs.gnu.org ([209.51.188.92]:34374)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <marius@gnu.org>) id 1oSg4S-0002cy-7w
 for 56302-done@debbugs.gnu.org; Mon, 29 Aug 2022 10:49:00 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57384)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oSg4M-00043M-TO; Mon, 29 Aug 2022 10:48:54 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=MO8zC1u6D/7rHLlfZ5GoUkpTAfJkxunLT6T7N9EAcGo=; b=bwaEUWy6fZJDU8R4MeLy
 +E1q7sCyiXzmHWAvh53iypu5YxwuHFOKLafp7lJQyvSkMl/FTi+HcgNYE8zS/FpPJUewy089PKSYD
 /B7z2sFi1BL13n+6FyZA9GhIIUrPTzLFQL+HukIYhGU+HQjeDZIdJ2iO3kMzZt0/cqUe4Zp4JSUBY
 vzYqD/8DWiiamN33+xe6n6tPGXCqhSm0FShUxEuxHVNpeITosJg1eJRY+bXpWg+ZuhLheq23W/7jO
 kZ8hnYDY9rr0yF7puys6huRgOrS1a39XtTjE20ubej3g4vNtaggMts+tbhOXcoAFRXnYsdD3a+Yic
 xMXuMQFy7l0J7A==;
Received: from [84.214.173.6] (port=52010 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oSg4L-0002Zx-PR; Mon, 29 Aug 2022 10:48:54 -0400
From: Marius Bakke <marius@gnu.org>
To: Remco van 't Veer <remco@remworks.net>, 56302-done@debbugs.gnu.org
Subject: Re: [bug#56302] [PATCH v2] gnu: ruby: Update to 2.7.6 [security
 fixes].
In-Reply-To: <20220629180037.27919-1-remco@remworks.net>
References: <20220629155533.5224-1-remco@remworks.net>
 <20220629180037.27919-1-remco@remworks.net>
Date: Mon, 29 Aug 2022 16:48:50 +0200
Message-ID: <87ler7ds19.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56302-done
Cc: Tobias Geerinckx-Rice <me@tobias.gr>, Maxime Devos <maximedevos@telenet.be>,
 Remco van 't Veer <remco@remworks.net>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain

Remco van 't Veer <remco@remworks.net> skriver:

> Includes fixes for: CVE-2022-28739, CVE-2021-41816, and CVE-2021-41817.
>
> * gnu/packages/ruby.scm (ruby-2.7-fixed): New variable.
> (ruby-2.7)[replacement]: Graft.

Applied, thanks!

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYwzR0w8cbWFyaXVzQGdu
dS5vcmcACgkQ6HGLpZEUEHcUqwD/f7w31C08DINoEmGZ+EMTtNOA+AmeMT45l7/g
yjsYiQUA/iZTPfqCyPh/a6j8nNzDiqp61wCNUPPc8e+7BpKWxswL
=0PPU
-----END PGP SIGNATURE-----
--=-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 10:51:57 2022
Received: (at 56302) by debbugs.gnu.org; 29 Aug 2022 14:51:57 +0000
Received: from localhost ([127.0.0.1]:33391 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1oSg7J-0002iz-GE
	for submit@debbugs.gnu.org; Mon, 29 Aug 2022 10:51:57 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45386)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <marius@gnu.org>) id 1oSg7G-0002ik-VA
 for 56302@debbugs.gnu.org; Mon, 29 Aug 2022 10:51:56 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:35648)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oSg7B-0004e6-MH; Mon, 29 Aug 2022 10:51:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=PWiLN43XGhaWc3baXrffvW6Q/zPxkMgbXAfGUMiCOFE=; b=LyiiWpdM2v4is4XyRrb4
 fCRW9j8l2D2mJuHljzlyq8A/RntdCqUW5F0O9U4zXB78im8+athq6jecHOGJ3b/f2fHMX3xw/N3TC
 kz5iX80O11BrEmuRlG1rsFVhn3Wza9UoDRxDWjird4lrGFzzThsW2kzavfuccQnHeUNxGWIqbku+G
 4+mqdnA9O3WiP72QbvWAHX7RfKbg1N9E7I4RRIJXRYktgRf9KV7gtX3QSVCdNjEFO44c956rb/3Rx
 fXiZAZxY3j8VyrM9a2cmEUJf17i94lRHvIxcdBNyQwDWQ0p2zrCL1x6tajKs5+V6V74vCpWN9PpHF
 aCzQkR7txgAu8Q==;
Received: from [84.214.173.6] (port=39810 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>)
 id 1oSg7B-0002zj-9a; Mon, 29 Aug 2022 10:51:49 -0400
From: Marius Bakke <marius@gnu.org>
To: Maxime Devos <maximedevos@telenet.be>, Remco van 't Veer
 <remco@remworks.net>, 56302@debbugs.gnu.org
Subject: Re: [bug#56302] [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].
In-Reply-To: <e7cff471ceddf9b590998305321c6daebfab6f82.camel@telenet.be>
References: <20220629155533.5224-1-remco@remworks.net>
 <3edebb176b620a66a47b013a332c9683322e1a8d.camel@telenet.be>
 <e7cff471ceddf9b590998305321c6daebfab6f82.camel@telenet.be>
Date: Mon, 29 Aug 2022 16:51:47 +0200
Message-ID: <87fshfdrwc.fsf@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 56302
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Maxime Devos <maximedevos@telenet.be> skriver:

> Maxime Devos schreef op wo 29-06-2022 om 20:29 [+0200]:
>> Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
>> > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
>> "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877"))))
>>=20
>> This matches with a local
>>=20
>> $ guix download
>> https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.6.tar.gz=E2=80=99
>>=20
>> and with all the hashes from
>> <https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/>.
>>=20
>> I'll try diffing (*) it with the old tarball for =E2=80=98suspiciousness=
=E2=80=99
>> (e.g.: obvious malware, new bundling, ???).
>
> When scrolling through the diff, nothing looked =E2=80=98suspect=E2=80=99=
 at first
> glance.  However, I did notice something else: some parts are not=20
> under the Ruby License, but under 2-clause BSD:
>
> =E2=94=82 =E2=94=9C=E2=94=80=E2=94=80 +++ ruby-2.7.4/gems/xmlrpc-0.3.0/LI=
CENSE.txt
> =E2=94=82 =E2=94=82=E2=94=84 Files 26% similar despite different names
> =E2=94=82 =E2=94=82 @@ -1,13 +1,10 @@
> =E2=94=82 =E2=94=82 -test-unit is copyrighted free software by Kouhei Sut=
ou
> =E2=94=82 =E2=94=82 -<kou@cozmixng.org>, Ryan Davis <ryand-ruby@zenspider=
.com>
> =E2=94=82 =E2=94=82 -and Nathaniel Talbott <nathaniel@talbott.ws>.
> =E2=94=82 =E2=94=82 -
> =E2=94=82 =E2=94=82 -You can redistribute it and/or modify it under eithe=
r the terms of
> the GPL
> =E2=94=82 =E2=94=82 -version 2 (see the file GPL), or the conditions belo=
w:
> =E2=94=82 =E2=94=82 +Ruby is copyrighted free software by Yukihiro Matsum=
oto
> <matz@netlab.jp>.
> =E2=94=82 =E2=94=82 +You can redistribute it and/or modify it under eithe=
r the terms of
> the
> =E2=94=82 =E2=94=82 +2-clause BSDL (see the file BSDL), or the conditions=
 below:
>
> so it maybe be good to add =E2=80=982-clause BSDL=E2=80=99 to the license=
 field as well
> (though given that it's an old issue, bringing the new version of ruby
> in Guix has priority).

It would be good to do a proper license audit of the bundled gems in
Ruby.  I see the previous version was not the Ruby license either, but
GPL, and it's not listed among the licenses.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIUEARYKAC0WIQRNTknu3zbaMQ2ddzTocYulkRQQdwUCYwzSgw8cbWFyaXVzQGdu
dS5vcmcACgkQ6HGLpZEUEHf3ygEAyt0NjB3RfsVng+6/u8Cc0UxZ/dU9/drBASEg
2pXDlBIBAJkhMYemLaOGvGnzoi93+C7cLaHt4lYNudv+7PhdveQA
=/cQq
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Sat Jun 21 10:29:16 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 27 Sep 2022 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator