* [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
@ 2022-05-22 19:47 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-05-22 19:47 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2022-28738: Double free in Regexp compilation
- CVE-2022-28739: Buffer overrun in String-to-Float conversion
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 5 +++--
package/ruby/ruby.mk | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index 90e7627a97..da6221ec50 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,6 @@
-# https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
-sha512 a2bb6b5e62d5fa06dd9c30cf84ddcb2c27cb87fbaaffd2309a44391a6b110e1dde6b7b0d8c659b56387ee3c9b4264003f3532d5a374123a7c187ebba9293f320 ruby-3.1.0.tar.xz
+# https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
+sha512 4a74e9efc6ea4b3eff4fec7534eb1fff4794d021531defc2e9937e53c6668db8ecdc0fff2bc23d5e6602d0df344a2caa85b31c5414309541e3d5313ec82b6e21 ruby-3.1.2.tar.xz
+
# License files, Locally calculated
sha256 794c384f94396ab07e3e6f53a9f8be093facb7eb4193266024302b93b29e12dc LEGAL
sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 4f3b94f83b..cbdfa4b826 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
################################################################################
RUBY_VERSION_MAJOR = 3.1
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).0
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
RUBY_VERSION_EXT = 3.1.0
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
@ 2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:40 ` Thomas Petazzoni via buildroot
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
1 sibling, 1 reply; 4+ messages in thread
From: Waldemar Brodkorb @ 2022-05-23 12:39 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
Hi Peter,
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
There is an issue with libressl:
ossl_pkey.c: In function ‘ossl_pkey_export_traditional’:
ossl_pkey.c:681:62: error: invalid use of incomplete typedef
‘EVP_PKEY’ {aka ‘struct evp_pkey_st’}
681 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &aname,
pkey->ameth);
Any idea?
best regards
Waldemar
Peter Korsgaard wrote,
> Fixes the following security issues:
>
> - CVE-2022-28738: Double free in Regexp compilation
> - CVE-2022-28739: Buffer overrun in String-to-Float conversion
>
> For more details, see the announcement:
> https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/ruby/ruby.hash | 5 +++--
> package/ruby/ruby.mk | 2 +-
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
> index 90e7627a97..da6221ec50 100644
> --- a/package/ruby/ruby.hash
> +++ b/package/ruby/ruby.hash
> @@ -1,5 +1,6 @@
> -# https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
> -sha512 a2bb6b5e62d5fa06dd9c30cf84ddcb2c27cb87fbaaffd2309a44391a6b110e1dde6b7b0d8c659b56387ee3c9b4264003f3532d5a374123a7c187ebba9293f320 ruby-3.1.0.tar.xz
> +# https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
> +sha512 4a74e9efc6ea4b3eff4fec7534eb1fff4794d021531defc2e9937e53c6668db8ecdc0fff2bc23d5e6602d0df344a2caa85b31c5414309541e3d5313ec82b6e21 ruby-3.1.2.tar.xz
> +
> # License files, Locally calculated
> sha256 794c384f94396ab07e3e6f53a9f8be093facb7eb4193266024302b93b29e12dc LEGAL
> sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
> diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
> index 4f3b94f83b..cbdfa4b826 100644
> --- a/package/ruby/ruby.mk
> +++ b/package/ruby/ruby.mk
> @@ -5,7 +5,7 @@
> ################################################################################
>
> RUBY_VERSION_MAJOR = 3.1
> -RUBY_VERSION = $(RUBY_VERSION_MAJOR).0
> +RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
> RUBY_VERSION_EXT = 3.1.0
> RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
> RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
> --
> 2.30.2
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-23 12:39 ` Waldemar Brodkorb
@ 2022-05-30 20:40 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:40 UTC (permalink / raw)
To: Waldemar Brodkorb; +Cc: buildroot
On Mon, 23 May 2022 14:39:11 +0200
Waldemar Brodkorb <wbx@openadk.org> wrote:
> Hi Peter,
>
> Tested-By: Waldemar Brodkorb <wbx@openadk.org>
>
>
> There is an issue with libressl:
> ossl_pkey.c: In function ‘ossl_pkey_export_traditional’:
> ossl_pkey.c:681:62: error: invalid use of incomplete typedef
> ‘EVP_PKEY’ {aka ‘struct evp_pkey_st’}
> 681 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &aname,
> pkey->ameth);
>
> Any idea?
Indeed, but this issue is already reproducible before the ruby security
bump, so it needs to be fixed separately.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
@ 2022-05-30 20:54 ` Thomas Petazzoni via buildroot
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:54 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
On Sun, 22 May 2022 21:47:32 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> - CVE-2022-28738: Double free in Regexp compilation
> - CVE-2022-28739: Buffer overrun in String-to-Float conversion
>
> For more details, see the announcement:
> https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/ruby/ruby.hash | 5 +++--
> package/ruby/ruby.mk | 2 +-
> 2 files changed, 4 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-30 20:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:40 ` Thomas Petazzoni via buildroot
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.