From unknown Sun Jun 22 11:33:37 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#62557 <62557@debbugs.gnu.org> To: bug#62557 <62557@debbugs.gnu.org> Subject: Status: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}] Reply-To: bug#62557 <62557@debbugs.gnu.org> Date: Sun, 22 Jun 2025 18:33:37 +0000 retitle 62557 [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023= -{28755, 28756}] reassign 62557 guix-patches submitter 62557 Remco van 't Veer severity 62557 normal tag 62557 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 31 01:24:44 2023 Received: (at submit) by debbugs.gnu.org; 31 Mar 2023 05:24:44 +0000 Received: from localhost ([127.0.0.1]:60097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pi7Fj-0000oH-Gt for submit@debbugs.gnu.org; Fri, 31 Mar 2023 01:24:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:58890) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pi7Fh-0000o9-Oc for submit@debbugs.gnu.org; Fri, 31 Mar 2023 01:24:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pi7Fh-0006El-8p for guix-patches@gnu.org; Fri, 31 Mar 2023 01:24:41 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pi7Fe-0000Wu-Mp for guix-patches@gnu.org; Fri, 31 Mar 2023 01:24:40 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id BB33B5C00A4; Fri, 31 Mar 2023 01:24:35 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Fri, 31 Mar 2023 01:24:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :sender:subject:subject:to:to; s=fm1; t=1680240275; x= 1680326675; bh=XtriR5Rjr3+8+Z22dP3PrxhA4uc1Yk9YLosZD8JOWy4=; b=P M26YKRSXkJnMEN5NyZNHUqctyv32y+SV6oUEANLWoRNb6ijia/iKIH8Gx7TLK/Rs +pCPZNLt/EAJ8JyL3QZzV1AqqtqEPac7rbmJIqj1cetc/HIN6t7YeC+8DcyBF2PW oih6EcIinhC17T5kHMYvNvkUXKORtTVlLRa3xaYXUAv6odLFqB0sU/Ui8dh25B2y M04gU2/Jn7x6r8oa0o1I5PO5CUtihW+YTh2O7yv+zKyFNb2N58o3MktjIj7al3W6 +cBt9ToTgyse3i1o242xwDvcTdZqlgllXEVZNPlnMSfxSYLf3gKVrRlAF6qIsTho UEkFSiaknyucjX7geDKHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1680240275; x=1680326675; bh=X triR5Rjr3+8+Z22dP3PrxhA4uc1Yk9YLosZD8JOWy4=; b=KrLQEMqAA5sbFEhmv JEFwBCle+7YF9NYzTISi/8XLdQ+hy7KfbwalFF54VrbYjHXhpg707SuBpxhW7Ruk qoYa3K3DOSY0Kl1rRl4Dp9wOjUqd2lgYoRgSP/0+kMEgK5L4tPZ099kdBEqy5y3W S2OvQQnVQVDuZlglWYDwk0NNsysSGu503mfetg621u83VlPyMwALX7XYYBqfLVhC +/7k23JGqIThVL7ojrIFCnre+TqNN5xLI16MkGoDVH5xug9e/xprP6h7YR1VnIm0 jQ3zAW/AiZ1UoLNyQdl0xDD8sF0WO3uHtdqULFUgaJlHMIjJooGbmy45C/BO+gSq sp9cg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrvdeitddgleegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvfevufffkffogggtgfesthekre dtredtjeenucfhrhhomheptfgvmhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtgho sehrvghmfihorhhkshdrnhgvtheqnecuggftrfgrthhtvghrnhephffgiefgtdduuedtke ehudejgeejtdekjeefjefggeeghfeuffdtieevgeegledvnecuvehluhhsthgvrhfuihii vgeptdenucfrrghrrghmpehmrghilhhfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtoh hm X-ME-Proxy: Feedback-ID: i7e59465b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 31 Mar 2023 01:24:35 -0400 (EDT) From: Remco van 't Veer To: guix-patches@gnu.org Subject: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}] Date: Fri, 31 Mar 2023 07:24:23 +0200 Message-Id: <20230331052423.24658-1-remco@remworks.net> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=66.111.4.28; envelope-from=rwv@fastmail.com; helo=out4-smtp.messagingengine.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.1 (-) X-Debbugs-Envelope-To: submit Cc: Remco van 't Veer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.1 (--) Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and CVE-2023-28756 (ReDoS vulnerability in Time). * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8. --- gnu/packages/ruby.scm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 3bf0f0f534..df01005846 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -29,7 +29,7 @@ ;;; Copyright © 2020 Tomás Ortín Fernández ;;; Copyright © 2021 Giovanni Biscuolo ;;; Copyright © 2022 Philip McGrath -;;; Copyright © 2022 Remco van 't Veer +;;; Copyright © 2022, 2023 Remco van 't Veer ;;; Copyright © 2022 Taiju HIGASHI ;;; Copyright © 2023 Yovan Naumovski ;;; @@ -201,7 +201,7 @@ (define-public ruby-2.7 (define ruby-2.7-fixed (package (inherit ruby-2.7) - (version "2.7.7") + (version "2.7.8") (source (origin (inherit (package-source ruby-2.7)) @@ -210,7 +210,7 @@ (define ruby-2.7-fixed "/ruby-" version ".tar.gz")) (sha256 (base32 - "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1")))))) + "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2")))))) (define-public ruby-3.0 (package -- 2.39.2 From debbugs-submit-bounces@debbugs.gnu.org Fri May 19 07:09:46 2023 Received: (at 62557) by debbugs.gnu.org; 19 May 2023 11:09:46 +0000 Received: from localhost ([127.0.0.1]:55529 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzxzV-0002sP-VJ for submit@debbugs.gnu.org; Fri, 19 May 2023 07:09:46 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49179) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pzxzU-0002s7-Jo for 62557@debbugs.gnu.org; Fri, 19 May 2023 07:09:45 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 888415C01F0; Fri, 19 May 2023 07:09:39 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Fri, 19 May 2023 07:09:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h= cc:cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1684494579; x= 1684580979; bh=HhzaINTkYIxGh4fX/0srOO7pmA8XU0qeLzpExTsbAZM=; b=l Vf4aFFUkKjD0oKsV9Xea6g55EVL5CJBtIXFqzY01E49ZOXRqhT1cEq0fOUVXHrb8 6mn8dFcT7cSERZif0/DOG6ZOJjHZT3UiPl8CVE7oYUIewrKK9m/GZKWNssbPjiBQ A72xULDj6+8nKI0JKNeh11Hpi8dlNV+K9DVsA6DRLpvp0YQ8BF4xqmJNHW6g35Fz YaLYL6uyCGXY4RR7l/4ka/8f4RcKhTOTYfW2uEXPpjXlOj0uitFYKaqKUfP6yv/F pmk7dWVtW+Wpzmj6tursYDE2z1Fi8pZ1vcWfx2V2ZCHSDzn+GY5JUArYizrllsBJ g9YIFDXt3Ib1zI7rAZHRQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1684494579; x= 1684580979; bh=HhzaINTkYIxGh4fX/0srOO7pmA8XU0qeLzpExTsbAZM=; b=a FFCi4Uy+dvpjoumzmA0wlthuT7qjM/KbrWXpGUsVMA7CaLSxOVugMz7BMtjd9OyD n/cgcakmDb/tLE6O1gsTtc6Gi0S+4jgOyroK0eiKtGdu7wykZIcQbfb5JbLTYGRP Haw1I9DO0n0xn2pJeUPUzthZJjsGOs1Vi6joGPYBaPgRe05VxTHP7jKBOMl+sKCG 6IfLTJda9uexMlAGt5eHI2YXuy0a2bYWR/nDXCEc1sCmK+Ua7zry+WO3cWi5iR5w 1ERlP4slQPafVzNZ+iyJ2SzZ9zmBh4Ahws3y0ZDgVYWZiMJCJMwXJrwkRI447poN mqlNcqo9SqSkD9cWTR3jA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeeihedgfeejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvvefufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfgvmhgt ohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvtheqne cuggftrfgrthhtvghrnhepteegudelgfffvedtfeehjefhgeeijeeiudeugfevhfduuedt teevudehgfffffdvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilh hfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtohhm X-ME-Proxy: Feedback-ID: i7e59465b:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 19 May 2023 07:09:38 -0400 (EDT) From: Remco van 't Veer To: 62557@debbugs.gnu.org Subject: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}] Date: Fri, 19 May 2023 13:09:17 +0200 Message-Id: <39064d434f98649262c1cd29c5f712a538c56a04.1684494551.git.remco@remworks.net> X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-Debbugs-Cc: Christopher Baines Content-Transfer-Encoding: 8bit X-Spam-Score: -0.4 (/) X-Debbugs-Envelope-To: 62557 Cc: guix-devel@gnu.org, Andreas Enge , Christopher Baines , Remco van 't Veer X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.4 (-) Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and CVE-2023-28756 (ReDoS vulnerability in Time). * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8. (ruby-2.7)[replacement]: Graft. --- gnu/packages/ruby.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index dbd4127343..eb84367d15 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -163,6 +163,7 @@ (define-public ruby-2.7 (package (inherit ruby-2.6) (version "2.7.6") + (replacement ruby-2.7-fixed) ; security fixes (source (origin (inherit (package-source ruby-2.6)) @@ -200,7 +201,7 @@ (define-public ruby-2.7 (define ruby-2.7-fixed (package (inherit ruby-2.7) - (version "2.7.7") + (version "2.7.8") (source (origin (inherit (package-source ruby-2.7)) @@ -209,7 +210,7 @@ (define ruby-2.7-fixed "/ruby-" version ".tar.gz")) (sha256 (base32 - "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1")))))) + "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2")))))) (define-public ruby-3.0 (package base-commit: 14c03807ba4bc81d42cf869f5b827f7da54ff843 -- 2.40.1 From debbugs-submit-bounces@debbugs.gnu.org Tue May 23 11:09:02 2023 Received: (at 62557-done) by debbugs.gnu.org; 23 May 2023 15:09:02 +0000 Received: from localhost ([127.0.0.1]:40152 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q1TdF-0006np-Ks for submit@debbugs.gnu.org; Tue, 23 May 2023 11:09:01 -0400 Received: from hera.aquilenet.fr ([185.233.100.1]:57284) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1q1TdD-0006nc-Ey for 62557-done@debbugs.gnu.org; Tue, 23 May 2023 11:09:00 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 40E69264; Tue, 23 May 2023 17:08:53 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t64cIv7B1Nee; Tue, 23 May 2023 17:08:52 +0200 (CEST) Received: from jurong (unknown [IPv6:2001:861:c4:f2f0::c64]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 9F68511C; Tue, 23 May 2023 17:08:52 +0200 (CEST) Date: Tue, 23 May 2023 17:08:51 +0200 From: Andreas Enge To: Remco van 't Veer Subject: Re: [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755,28756}] Message-ID: References: <39064d434f98649262c1cd29c5f712a538c56a04.1684494551.git.remco@remworks.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <39064d434f98649262c1cd29c5f712a538c56a04.1684494551.git.remco@remworks.net> X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 62557-done Cc: Christopher Baines , 62557-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Fri, May 19, 2023 at 01:09:17PM +0200 schrieb Remco van 't Veer: > Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and > CVE-2023-28756 (ReDoS vulnerability in Time). > * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8. > (ruby-2.7)[replacement]: Graft. Sorry for the delay, I needed to read up on grafts first. Everything looks good, a dependent package builds, so I have pushed this and am closing the bug. Thanks! Andreas From unknown Sun Jun 22 11:33:37 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 21 Jun 2023 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator