* [OE-Core][dunfell][PATCH 1/2] ruby: Upgrade ruby to 2.7.6 for security fix
@ 2022-05-26 9:25 Ranjitsinh Rathod
2022-05-26 9:25 ` [OE-Core][dunfell][PATCH 2/2] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only Ranjitsinh Rathod
0 siblings, 1 reply; 2+ messages in thread
From: Ranjitsinh Rathod @ 2022-05-26 9:25 UTC (permalink / raw)
To: openembedded-core; +Cc: Ranjitsinh Rathod
From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Upgrade ruby to 2.7.6
Link: https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/
This includes CVE-2022-28739 security fix
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} (95%)
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.5.bb b/meta/recipes-devtools/ruby/ruby_2.7.6.bb
similarity index 95%
rename from meta/recipes-devtools/ruby/ruby_2.7.5.bb
rename to meta/recipes-devtools/ruby/ruby_2.7.6.bb
index 44a2527ee7..658a17659a 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.5.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.6.bb
@@ -9,8 +9,8 @@ SRC_URI += " \
file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
"
-SRC_URI[md5sum] = "ede247b56fb862f1f67f9471189b04d4"
-SRC_URI[sha256sum] = "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1"
+SRC_URI[md5sum] = "f972fb0cce662966bec10d5c5f32d042"
+SRC_URI[sha256sum] = "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10"
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [OE-Core][dunfell][PATCH 2/2] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only
2022-05-26 9:25 [OE-Core][dunfell][PATCH 1/2] ruby: Upgrade ruby to 2.7.6 for security fix Ranjitsinh Rathod
@ 2022-05-26 9:25 ` Ranjitsinh Rathod
0 siblings, 0 replies; 2+ messages in thread
From: Ranjitsinh Rathod @ 2022-05-26 9:25 UTC (permalink / raw)
To: openembedded-core; +Cc: Ranjitsinh Rathod
From: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
As per below debian link, CVE-2021-28966 affects Windows only
Link: https://security-tracker.debian.org/tracker/CVE-2021-28966
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
---
meta/recipes-devtools/ruby/ruby_2.7.6.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/ruby/ruby_2.7.6.bb b/meta/recipes-devtools/ruby/ruby_2.7.6.bb
index 658a17659a..3af321a83e 100644
--- a/meta/recipes-devtools/ruby/ruby_2.7.6.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.7.6.bb
@@ -12,6 +12,10 @@ SRC_URI += " \
SRC_URI[md5sum] = "f972fb0cce662966bec10d5c5f32d042"
SRC_URI[sha256sum] = "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10"
+# CVE-2021-28966 is Windows specific and not affects Linux OS
+# https://security-tracker.debian.org/tracker/CVE-2021-28966
+CVE_CHECK_WHITELIST += "CVE-2021-28966"
+
PACKAGECONFIG ??= ""
PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-26 9:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-26 9:25 [OE-Core][dunfell][PATCH 1/2] ruby: Upgrade ruby to 2.7.6 for security fix Ranjitsinh Rathod
2022-05-26 9:25 ` [OE-Core][dunfell][PATCH 2/2] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only Ranjitsinh Rathod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.