Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] package/ruby: security bump to 4.0.5
@ 2026-07-02  6:48 Waldemar Brodkorb
  2026-07-02 16:53 ` Peter Korsgaard
  2026-07-10 13:52 ` Thomas Perale via buildroot
  0 siblings, 2 replies; 3+ messages in thread
From: Waldemar Brodkorb @ 2026-07-02  6:48 UTC (permalink / raw)
  To: buildroot

See changes here:
https://github.com/ruby/ruby/releases/tag/v4.0.5
https://github.com/ruby/ruby/releases/tag/v4.0.4

Security fix for:
CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler

See here for details:
https://www.ruby-lang.org/en/news/2026/05/20/getaddrinfo-cve-2026-46727/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
 package/ruby/ruby.hash | 6 +++---
 package/ruby/ruby.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
index 7512d1153b..453c028d22 100644
--- a/package/ruby/ruby.hash
+++ b/package/ruby/ruby.hash
@@ -1,6 +1,6 @@
-# https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
-sha256  22cf6005d25bbe496b5ebe9224d63a1aaabfbfe02591bb5d612517c5a7836f29  ruby-4.0.3.tar.xz
-sha512  5816fb264ce76df59f4bfe0cadceb45025fada2e61f2c14024d6b03f63d304820cddf94afcf82a4951fd12f3b0d9148683f856f3f2245d56042fc8407b6cbff5  ruby-4.0.3.tar.xz
+# https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released/
+sha256  5dc5521ea54c726e6cc10b1b5a0f4004b27b482e61c04c99aed79315e30895e5  ruby-4.0.5.tar.xz
+sha512  379d78a6d1af0455df60da46551f43438ad3ee81f83787554fc34cb1c8febb1bd363e3dc1a057b34a69f96526efc308d3dccc4b87d368897c2d1ccf179096463  ruby-4.0.5.tar.xz
 
 # License files, Locally calculated
 sha256  a74812486cffbdc55141a5d9f165d782cbb202660d827622ec966237d4717b99  LEGAL
diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
index 7e6f6d8146..eae9db2156 100644
--- a/package/ruby/ruby.mk
+++ b/package/ruby/ruby.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 RUBY_VERSION_MAJOR = 4.0
-RUBY_VERSION = $(RUBY_VERSION_MAJOR).3
+RUBY_VERSION = $(RUBY_VERSION_MAJOR).5
 RUBY_VERSION_EXT = 4.0.0
 RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
 RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
-- 
2.47.3

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [Buildroot] [PATCH] package/ruby: security bump to 4.0.5
  2026-07-02  6:48 [Buildroot] [PATCH] package/ruby: security bump to 4.0.5 Waldemar Brodkorb
@ 2026-07-02 16:53 ` Peter Korsgaard
  2026-07-10 13:52 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2026-07-02 16:53 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: buildroot

>>>>> "Waldemar" == Waldemar Brodkorb <wbx@openadk.org> writes:

 > See changes here:
 > https://github.com/ruby/ruby/releases/tag/v4.0.5
 > https://github.com/ruby/ruby/releases/tag/v4.0.4

 > Security fix for:
 > CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler

 > See here for details:
 > https://www.ruby-lang.org/en/news/2026/05/20/getaddrinfo-cve-2026-46727/

 > Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Buildroot] [PATCH] package/ruby: security bump to 4.0.5
  2026-07-02  6:48 [Buildroot] [PATCH] package/ruby: security bump to 4.0.5 Waldemar Brodkorb
  2026-07-02 16:53 ` Peter Korsgaard
@ 2026-07-10 13:52 ` Thomas Perale via buildroot
  1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-07-10 13:52 UTC (permalink / raw)
  To: Waldemar Brodkorb; +Cc: Thomas Perale, buildroot

In reply of:
> See changes here:
> https://github.com/ruby/ruby/releases/tag/v4.0.5
> https://github.com/ruby/ruby/releases/tag/v4.0.4
> 
> Security fix for:
> CVE-2026-46727: Use-after-free in pthread-based getaddrinfo timeout handler
> 
> See here for details:
> https://www.ruby-lang.org/en/news/2026/05/20/getaddrinfo-cve-2026-46727/
> 
> Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>

Applied to 2026.05.x. Thanks

> ---
>  package/ruby/ruby.hash | 6 +++---
>  package/ruby/ruby.mk   | 2 +-
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash
> index 7512d1153b..453c028d22 100644
> --- a/package/ruby/ruby.hash
> +++ b/package/ruby/ruby.hash
> @@ -1,6 +1,6 @@
> -# https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
> -sha256  22cf6005d25bbe496b5ebe9224d63a1aaabfbfe02591bb5d612517c5a7836f29  ruby-4.0.3.tar.xz
> -sha512  5816fb264ce76df59f4bfe0cadceb45025fada2e61f2c14024d6b03f63d304820cddf94afcf82a4951fd12f3b0d9148683f856f3f2245d56042fc8407b6cbff5  ruby-4.0.3.tar.xz
> +# https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released/
> +sha256  5dc5521ea54c726e6cc10b1b5a0f4004b27b482e61c04c99aed79315e30895e5  ruby-4.0.5.tar.xz
> +sha512  379d78a6d1af0455df60da46551f43438ad3ee81f83787554fc34cb1c8febb1bd363e3dc1a057b34a69f96526efc308d3dccc4b87d368897c2d1ccf179096463  ruby-4.0.5.tar.xz
>  
>  # License files, Locally calculated
>  sha256  a74812486cffbdc55141a5d9f165d782cbb202660d827622ec966237d4717b99  LEGAL
> diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk
> index 7e6f6d8146..eae9db2156 100644
> --- a/package/ruby/ruby.mk
> +++ b/package/ruby/ruby.mk
> @@ -5,7 +5,7 @@
>  ################################################################################
>  
>  RUBY_VERSION_MAJOR = 4.0
> -RUBY_VERSION = $(RUBY_VERSION_MAJOR).3
> +RUBY_VERSION = $(RUBY_VERSION_MAJOR).5
>  RUBY_VERSION_EXT = 4.0.0
>  RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)
>  RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz
> -- 
> 2.47.3
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-07-10 13:52 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  6:48 [Buildroot] [PATCH] package/ruby: security bump to 4.0.5 Waldemar Brodkorb
2026-07-02 16:53 ` Peter Korsgaard
2026-07-10 13:52 ` Thomas Perale via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox