GNU bug report logs -
#56303
[PATCH] gnu: ruby: Update to 3.0.4 [security fixes].
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 56303 in the body.
You can then email your comments to 56303 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#56303; Package
guix-patches.
(Wed, 29 Jun 2022 15:57:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Remco van 't Veer <remco <at> remworks.net>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 29 Jun 2022 15:57:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Includes fixes for: CVE-2022-28738, CVE-2022-28739, CVE-2021-41819,
CVE-2021-41816, and CVE-2021-41817.
* gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.4.
---
gnu/packages/ruby.scm | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 68e5d8dfd6..41774b4907 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -28,6 +28,7 @@
;;; Copyright © 2021 EuAndreh <eu <at> euandre.org>
;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin <at> mailbox.org>
;;; Copyright © 2021 Giovanni Biscuolo <g <at> xelera.eu>
+;;; Copyright © 2022 Remco van 't Veer <remco <at> remworks.net>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -189,7 +190,7 @@ (define-public ruby-2.7
(define-public ruby-3.0
(package
(inherit ruby-2.7)
- (version "3.0.2")
+ (version "3.0.4")
(source
(origin
(method url-fetch)
@@ -198,7 +199,7 @@ (define-public ruby-3.0
"/ruby-" version ".tar.xz"))
(sha256
(base32
- "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
+ "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
(define-public ruby-3.1
(package
--
2.36.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#56303; Package
guix-patches.
(Thu, 30 Jun 2022 10:08:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 56303 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> (define-public ruby-3.0
> (package
> (inherit ruby-2.7)
> - (version "3.0.2")
> + (version "3.0.4")
> (source
> (origin
> (method url-fetch)
> @@ -198,7 +199,7 @@ (define-public ruby-3.0
> "/ruby-" version ".tar.xz"))
> (sha256
> (base32
> - "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
> + "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
Hash matches what I get locally (without fallbacks).
The download matches the hashes at
<https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>.
Next step: compare diff ...
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#56303; Package
guix-patches.
(Thu, 30 Jun 2022 11:18:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 56303 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Maxime Devos schreef op do 30-06-2022 om 12:07 [+0200]:
> Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]:
> > (define-public ruby-3.0
> > (package
> > (inherit ruby-2.7)
> > - (version "3.0.2")
> > + (version "3.0.4")
> > (source
> > (origin
> > (method url-fetch)
> > @@ -198,7 +199,7 @@ (define-public ruby-3.0
> > "/ruby-" version ".tar.xz"))
> > (sha256
> > (base32
> > -
> "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp"))))))
> > +
> "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf"))))))
>
> Hash matches what I get locally (without fallbacks).
> The download matches the hashes at
> <https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>.
>
> Next step: compare diff ...
Aside from some old bundling & generated file issues (for which I've
made another (non-blocking) bug report), diff didn't seem ‘suspicious’
while scrolling through it, though it would be rather easy to hide
something there.
So assuming it builds, I don't expect problems with this update.
(Also, it doesn't have any dependents.)
Greetings,
Maxime.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Marius Bakke <marius <at> gnu.org>:
You have taken responsibility.
(Mon, 29 Aug 2022 14:50:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Remco van 't Veer <remco <at> remworks.net>:
bug acknowledged by developer.
(Mon, 29 Aug 2022 14:50:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 56303-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Remco van 't Veer <remco <at> remworks.net> skriver:
> Includes fixes for: CVE-2022-28738, CVE-2022-28739, CVE-2021-41819,
> CVE-2021-41816, and CVE-2021-41817.
>
> * gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.4.
Applied, thanks!
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 27 Sep 2022 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 264 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.