Message ID | 20220629155555.5478-1-remco@remworks.net |
---|---|
State | Accepted |
Headers | show |
Series | [bug#56303] gnu: ruby: Update to 3.0.4 [security fixes]. | expand |
Context | Check | Description |
---|---|---|
cbaines/comparison | success | View comparision |
cbaines/git branch | success | View Git branch |
cbaines/applying patch | success | View Laminar job |
cbaines/issue | success | View issue |
Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]: > (define-public ruby-3.0 > (package > (inherit ruby-2.7) > - (version "3.0.2") > + (version "3.0.4") > (source > (origin > (method url-fetch) > @@ -198,7 +199,7 @@ (define-public ruby-3.0 > "/ruby-" version ".tar.xz")) > (sha256 > (base32 > - "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp")))))) > + "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf")))))) Hash matches what I get locally (without fallbacks). The download matches the hashes at <https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>. Next step: compare diff ...
Maxime Devos schreef op do 30-06-2022 om 12:07 [+0200]: > Remco van 't Veer schreef op wo 29-06-2022 om 17:55 [+0200]: > > (define-public ruby-3.0 > > (package > > (inherit ruby-2.7) > > - (version "3.0.2") > > + (version "3.0.4") > > (source > > (origin > > (method url-fetch) > > @@ -198,7 +199,7 @@ (define-public ruby-3.0 > > "/ruby-" version ".tar.xz")) > > (sha256 > > (base32 > > - > "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp")))))) > > + > "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf")))))) > > Hash matches what I get locally (without fallbacks). > The download matches the hashes at > <https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/>. > > Next step: compare diff ... Aside from some old bundling & generated file issues (for which I've made another (non-blocking) bug report), diff didn't seem ‘suspicious’ while scrolling through it, though it would be rather easy to hide something there. So assuming it builds, I don't expect problems with this update. (Also, it doesn't have any dependents.) Greetings, Maxime.
Remco van 't Veer <remco@remworks.net> skriver: > Includes fixes for: CVE-2022-28738, CVE-2022-28739, CVE-2021-41819, > CVE-2021-41816, and CVE-2021-41817. > > * gnu/packages/ruby.scm (ruby-3.0): Update to 3.0.4. Applied, thanks!
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 68e5d8dfd6..41774b4907 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -28,6 +28,7 @@ ;;; Copyright © 2021 EuAndreh <eu@euandre.org> ;;; Copyright © 2020 Tomás Ortín Fernández <tomasortin@mailbox.org> ;;; Copyright © 2021 Giovanni Biscuolo <g@xelera.eu> +;;; Copyright © 2022 Remco van 't Veer <remco@remworks.net> ;;; ;;; This file is part of GNU Guix. ;;; @@ -189,7 +190,7 @@ (define-public ruby-2.7 (define-public ruby-3.0 (package (inherit ruby-2.7) - (version "3.0.2") + (version "3.0.4") (source (origin (method url-fetch) @@ -198,7 +199,7 @@ (define-public ruby-3.0 "/ruby-" version ".tar.xz")) (sha256 (base32 - "0h2w2ms4gx2s96v3lzdr3add94bd2qqkhdjzaycmaqhg21rpf3jp")))))) + "1w7jpq3flnm007z5kj8kixgm8l4smb80w8ak4993a12j0irzq8lf")))))) (define-public ruby-3.1 (package