* [Buildroot] [PATCH] package/ruby: security bump to version 3.0.2
@ 2021-08-08 18:20 Peter Korsgaard
2021-08-08 19:35 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2021-08-08 18:20 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
- CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
- CVE-2021-31799: A command injection vulnerability in RDoc
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 4 ++--
package/ruby/ruby.mk | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index b79596e57a..e3510cc97e 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,5 @@
-# https://www.ruby-lang.org/en/news/2021/04/05/ruby-3-0-1-released/
-sha512 97d2e883656060846b304368d9d836e2f3ef39859c36171c9398a0573818e4ed75bfd7460f901a9553f7f53518c505327a66e74f83704a881469f5ac61fe13d7 ruby-3.0.1.tar.xz
+# https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
+sha512 0f702e2d8ca1342a9d4284dbdd234a3588e057b92566353aa7c21835cf09a3932864b2acf459a976960a1704e9befa562155d36b98b7cda8bd99526e10a374c4 ruby-3.0.2.tar.xz
# License files, Locally calculated
sha256 274f8d7983052448e7fd691c81043465c92ee6fb7bd8ab3f20a7997862f2778e LEGAL
sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index a71ca3a8a2..7e0266c6df 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,8 +5,8 @@
################################################################################
RUBY_VERSION_MAJOR = 3.0
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).1
-RUBY_VERSION_EXT = 3.0.1
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
+RUBY_VERSION_EXT = 3.0.2
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
RUBY_DEPENDENCIES = host-pkgconf host-ruby
--
2.20.1
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.0.2
2021-08-08 18:20 [Buildroot] [PATCH] package/ruby: security bump to version 3.0.2 Peter Korsgaard
@ 2021-08-08 19:35 ` Peter Korsgaard
2021-08-09 18:08 ` Peter Korsgaard
0 siblings, 1 reply; 3+ messages in thread
From: Peter Korsgaard @ 2021-08-08 19:35 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
> - CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
> - CVE-2021-31799: A command injection vulnerability in RDoc
> For more details, see the announcement:
> https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.0.2
2021-08-08 19:35 ` Peter Korsgaard
@ 2021-08-09 18:08 ` Peter Korsgaard
0 siblings, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2021-08-09 18:08 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>> Fixes the following security issues:
>> - CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
>> - CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
>> - CVE-2021-31799: A command injection vulnerability in RDoc
>> For more details, see the announcement:
>> https://www.ruby-lang.org/en/news/2021/07/07/ruby-3-0-2-released/
>> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> Committed, thanks.
Committed to 2021.05.x, thanks.
For 2021.02.x I have instead bumped to 2.7.4, which contains the same
fixes.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@busybox.net
http://lists.busybox.net/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-08-09 18:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-08 18:20 [Buildroot] [PATCH] package/ruby: security bump to version 3.0.2 Peter Korsgaard
2021-08-08 19:35 ` Peter Korsgaard
2021-08-09 18:08 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.