* [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
@ 2022-05-22 19:47 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2022-05-22 19:47 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2022-28738: Double free in Regexp compilation
- CVE-2022-28739: Buffer overrun in String-to-Float conversion
For more details, see the announcement:
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/ruby/ruby.hash | 5 +++--
package/ruby/ruby.mk | 2 +-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index 90e7627a97..da6221ec50 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,5 +1,6 @@
-# https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
-sha512 a2bb6b5e62d5fa06dd9c30cf84ddcb2c27cb87fbaaffd2309a44391a6b110e1dde6b7b0d8c659b56387ee3c9b4264003f3532d5a374123a7c187ebba9293f320 ruby-3.1.0.tar.xz
+# https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
+sha512 4a74e9efc6ea4b3eff4fec7534eb1fff4794d021531defc2e9937e53c6668db8ecdc0fff2bc23d5e6602d0df344a2caa85b31c5414309541e3d5313ec82b6e21 ruby-3.1.2.tar.xz
+
# License files, Locally calculated
sha256 794c384f94396ab07e3e6f53a9f8be093facb7eb4193266024302b93b29e12dc LEGAL
sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 4f3b94f83b..cbdfa4b826 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
################################################################################
RUBY_VERSION_MAJOR = 3.1
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).0
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
RUBY_VERSION_EXT = 3.1.0
RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
@ 2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:40 ` Thomas Petazzoni via buildroot
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
1 sibling, 1 reply; 4+ messages in thread
From: Waldemar Brodkorb @ 2022-05-23 12:39 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
Hi Peter,
Tested-By: Waldemar Brodkorb <wbx@openadk.org>
There is an issue with libressl:
ossl_pkey.c: In function ‘ossl_pkey_export_traditional’:
ossl_pkey.c:681:62: error: invalid use of incomplete typedef
‘EVP_PKEY’ {aka ‘struct evp_pkey_st’}
681 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &aname,
pkey->ameth);
Any idea?
best regards
Waldemar
Peter Korsgaard wrote,
> Fixes the following security issues:
>
> - CVE-2022-28738: Double free in Regexp compilation
> - CVE-2022-28739: Buffer overrun in String-to-Float conversion
>
> For more details, see the announcement:
> https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/ruby/ruby.hash | 5 +++--
> package/ruby/ruby.mk | 2 +-
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
> index 90e7627a97..da6221ec50 100644
> --- a/package/ruby/ruby.hash
> +++ b/package/ruby/ruby.hash
> @@ -1,5 +1,6 @@
> -# https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
> -sha512 a2bb6b5e62d5fa06dd9c30cf84ddcb2c27cb87fbaaffd2309a44391a6b110e1dde6b7b0d8c659b56387ee3c9b4264003f3532d5a374123a7c187ebba9293f320 ruby-3.1.0.tar.xz
> +# https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
> +sha512 4a74e9efc6ea4b3eff4fec7534eb1fff4794d021531defc2e9937e53c6668db8ecdc0fff2bc23d5e6602d0df344a2caa85b31c5414309541e3d5313ec82b6e21 ruby-3.1.2.tar.xz
> +
> # License files, Locally calculated
> sha256 794c384f94396ab07e3e6f53a9f8be093facb7eb4193266024302b93b29e12dc LEGAL
> sha256 967586d538a28955ec2541910cf63c5ac345fcdea94bfb1f1705a1f6eb36bcbb COPYING
> diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
> index 4f3b94f83b..cbdfa4b826 100644
> --- a/package/ruby/ruby.mk
> +++ b/package/ruby/ruby.mk
> @@ -5,7 +5,7 @@
> ################################################################################
>
> RUBY_VERSION_MAJOR = 3.1
> -RUBY_VERSION = $(RUBY_VERSION_MAJOR).0
> +RUBY_VERSION = $(RUBY_VERSION_MAJOR).2
> RUBY_VERSION_EXT = 3.1.0
> RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
> RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
> --
> 2.30.2
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-23 12:39 ` Waldemar Brodkorb
@ 2022-05-30 20:40 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:40 UTC (permalink / raw)
To: Waldemar Brodkorb; +Cc: buildroot
On Mon, 23 May 2022 14:39:11 +0200
Waldemar Brodkorb <wbx@openadk.org> wrote:
> Hi Peter,
>
> Tested-By: Waldemar Brodkorb <wbx@openadk.org>
>
>
> There is an issue with libressl:
> ossl_pkey.c: In function ‘ossl_pkey_export_traditional’:
> ossl_pkey.c:681:62: error: invalid use of incomplete typedef
> ‘EVP_PKEY’ {aka ‘struct evp_pkey_st’}
> 681 | EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &aname,
> pkey->ameth);
>
> Any idea?
Indeed, but this issue is already reproducible before the ruby security
bump, so it needs to be fixed separately.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
@ 2022-05-30 20:54 ` Thomas Petazzoni via buildroot
1 sibling, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2022-05-30 20:54 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
On Sun, 22 May 2022 21:47:32 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> - CVE-2022-28738: Double free in Regexp compilation
> - CVE-2022-28739: Buffer overrun in String-to-Float conversion
>
> For more details, see the announcement:
> https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-1-2-released/
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
> package/ruby/ruby.hash | 5 +++--
> package/ruby/ruby.mk | 2 +-
> 2 files changed, 4 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-30 20:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-05-22 19:47 [Buildroot] [PATCH] package/ruby: security bump to version 3.1.2 Peter Korsgaard
2022-05-23 12:39 ` Waldemar Brodkorb
2022-05-30 20:40 ` Thomas Petazzoni via buildroot
2022-05-30 20:54 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox