From patchwork Thu May 26 09:25:16 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ranjitsinh Rathod X-Patchwork-Id: 8519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37FA7C433F5 for ; Thu, 26 May 2022 09:26:02 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web12.17618.1653557160073222526 for ; Thu, 26 May 2022 02:26:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=SU4JJ5a0; spf=pass (domain: gmail.com, ip: 209.85.214.176, mailfrom: ranjitsinhrathod1991@gmail.com) Received: by mail-pl1-f176.google.com with SMTP id m1so992305plx.3 for ; Thu, 26 May 2022 02:26:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id; bh=wr/q6KzJwQslbYm6ijvoFxNkd3kVGtOkec3YKe7mRqg=; b=SU4JJ5a03XMUmiMQqFVmk466nk9i4WMExT2jDTqPtTXnr0qTg+kxTZKOZhGYXD7wb4 UN0uO8XJI9sINCxsQFq1adgM+dVAyR0VFojr2p7R99hHYJEe97DQ2Deg9MSBTpNXrnUF AZSIxQ3r1MH8kOHJ92k7/3rfGLlKZvsTV90AFzi7ZbgNzq1Ymu+nxpKS2Cfgw6RSyhCP fHFutj5uIUnvQqcn5scTWojC1K7RZf7bk8AHfhmkOs9BhlrTntNGbEmOcmUtlpv+VpBr 3B1De5F/3q16c1ISIrYmhya8t86/HkpZwAZOnXRZuDS1BEMHUfhkMls7RgIcwo2fujQy Z1Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=wr/q6KzJwQslbYm6ijvoFxNkd3kVGtOkec3YKe7mRqg=; b=KopEvSDm18XOhyCzlOQKrEX/D18cEtRbxLGcZyMuTIh4Lnf605Qons2YfriB06MPTq 3InURVaIZdGGNcKLrel5wEl+8rPIpkyJiZzzeI5eNniN6EW1c6M0P1W3m1PsD3VpTwad Wu43K4C44INR8lZgq9e1AslhioQnWAE+Oyinh9lCHo7zDQ/0tM+MP5cY96rBFiIIsIoB yJScJubyDesNTP2z387bHiPGTQGz4hEL3sMpJP9t/XootUX3mpJRzdGXgmr8T8yVY7sD WeRjsg2PFYrkPUvzQVI9IeQUbz2WPQkMYng9HCYV5SMfMyqaWvhul1i+G6Stc4+eTXCy JpxA== X-Gm-Message-State: AOAM532eIiTd9UpXQzMnhMCEuOBKbontIwMh2AaBr5qLV++AfX1bATvH jri20iEZbbyev13bVI/Z0E6Annggp6Q= X-Google-Smtp-Source: ABdhPJytHBzQeQ5Ukkj42e25UilUmQcX+z36saPukoI6eCob8l8fCk6mZ3vvqeumJXYbHnHrjLRADQ== X-Received: by 2002:a17:902:e54e:b0:162:4b8b:f2be with SMTP id n14-20020a170902e54e00b001624b8bf2bemr11323367plf.5.1653557159166; Thu, 26 May 2022 02:25:59 -0700 (PDT) Received: from localhost.localdomain ([103.238.105.13]) by smtp.gmail.com with ESMTPSA id j2-20020aa79282000000b005187f4ebd12sm948556pfa.123.2022.05.26.02.25.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 May 2022 02:25:58 -0700 (PDT) From: Ranjitsinh Rathod To: openembedded-core@lists.openembedded.org Cc: Ranjitsinh Rathod Subject: [OE-Core][dunfell][PATCH 1/2] ruby: Upgrade ruby to 2.7.6 for security fix Date: Thu, 26 May 2022 14:55:16 +0530 Message-Id: <20220526092517.22032-1-ranjitsinhrathod1991@gmail.com> X-Mailer: git-send-email 2.17.1 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 May 2022 09:26:02 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/166178 From: Ranjitsinh Rathod Upgrade ruby to 2.7.6 Link: https://www.ruby-lang.org/en/news/2022/04/12/ruby-2-7-6-released/ This includes CVE-2022-28739 security fix Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod --- meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-devtools/ruby/{ruby_2.7.5.bb => ruby_2.7.6.bb} (95%) diff --git a/meta/recipes-devtools/ruby/ruby_2.7.5.bb b/meta/recipes-devtools/ruby/ruby_2.7.6.bb similarity index 95% rename from meta/recipes-devtools/ruby/ruby_2.7.5.bb rename to meta/recipes-devtools/ruby/ruby_2.7.6.bb index 44a2527ee7..658a17659a 100644 --- a/meta/recipes-devtools/ruby/ruby_2.7.5.bb +++ b/meta/recipes-devtools/ruby/ruby_2.7.6.bb @@ -9,8 +9,8 @@ SRC_URI += " \ file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \ " -SRC_URI[md5sum] = "ede247b56fb862f1f67f9471189b04d4" -SRC_URI[sha256sum] = "2755b900a21235b443bb16dadd9032f784d4a88f143d852bc5d154f22b8781f1" +SRC_URI[md5sum] = "f972fb0cce662966bec10d5c5f32d042" +SRC_URI[sha256sum] = "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10" PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" From patchwork Thu May 26 09:25:17 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ranjitsinh Rathod X-Patchwork-Id: 8520 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F0EFC433EF for ; Thu, 26 May 2022 09:26:12 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.17734.1653557168331993903 for ; Thu, 26 May 2022 02:26:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20210112 header.b=I8/PDMjo; spf=pass (domain: gmail.com, ip: 209.85.210.175, mailfrom: ranjitsinhrathod1991@gmail.com) Received: by mail-pf1-f175.google.com with SMTP id f21so1247049pfa.3 for ; Thu, 26 May 2022 02:26:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=wuX1Ole1NQ8VrJf12p6IBcXnVVLzwpDI8gm7MWLP8dk=; b=I8/PDMjoky6HNkJdaCmQlOk84yaIl0euN1v6vh148DSsMl1hN15rbgxEzE0ChBP7CI LNOgEB07brBVuHM7fRr+vlEyb7WHAA6WynoWEI6sI/vRnrPjwcluJ69XtaTG03XhIxls OPfuJxuGbThyOuXQ5+b/zbSSXB7ml8ZBLWsjEIFfcwJzNRighhqfOHi+GlmlhzwFzm9A +de40Rd2j0czd19FW0OrteAymrp/GvOQNBToDlQ9lo7rM30WbVSEtfUv+YUvgyEdbWoS DTbPXRHnMfwUDBQYDig43mLh6OrsjHsxbYGm6coWywA3VeMlX4K1cYGai3IpY5I15A9/ SWKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=wuX1Ole1NQ8VrJf12p6IBcXnVVLzwpDI8gm7MWLP8dk=; b=mHzibx5mStrtQFBM04SNsHunVm398dpnuY/TXcgz4oJQLeGlOjANM78XxKrog1L28U hcD2f5wtPOJWS5jCNlRLyggitX2F3pjf0pnM00E1miTT4LHDoCoGYiaAzEUddvWbeQW7 DBU8jKpc24SXwG03VHOq9aZ32hx1+HnBBvOsRI/7DF0MsxRXT+QwncIGMk9lahrRohXx d9wXyG2scIk5A0iKSJGUIf9VeGES0qfC6Ot8cM2ThGYTWCdLw0TaVUTUnSOS5LcE/GW6 wkyKUiaYsRxaI6rACYKJAW/MtGa0wAG2DcAyDu1Bm9YzxJi6uazRandg/QPDx7iI2q55 ngiA== X-Gm-Message-State: AOAM530ZyBpU0dCb3eoAy7VCl4wQlZBXXUydG4o0B76oaEn5bgzNArn2 325oGb3kqB0vwVFXoQXQZ0kEwppHi74= X-Google-Smtp-Source: ABdhPJyHarG2oHg0UNzpBf+08iR+JUYk3So9dtiUZFnIidHpHtGWXPhvSf42wdv36WB5Z2+LLfxPBA== X-Received: by 2002:aa7:88cc:0:b0:518:931b:7d0e with SMTP id k12-20020aa788cc000000b00518931b7d0emr22838325pff.21.1653557167508; Thu, 26 May 2022 02:26:07 -0700 (PDT) Received: from localhost.localdomain ([103.238.105.13]) by smtp.gmail.com with ESMTPSA id j2-20020aa79282000000b005187f4ebd12sm948556pfa.123.2022.05.26.02.26.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 May 2022 02:26:06 -0700 (PDT) From: Ranjitsinh Rathod To: openembedded-core@lists.openembedded.org Cc: Ranjitsinh Rathod Subject: [OE-Core][dunfell][PATCH 2/2] ruby: Whitelist CVE-2021-28966 as this affects Windows OS only Date: Thu, 26 May 2022 14:55:17 +0530 Message-Id: <20220526092517.22032-2-ranjitsinhrathod1991@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220526092517.22032-1-ranjitsinhrathod1991@gmail.com> References: <20220526092517.22032-1-ranjitsinhrathod1991@gmail.com> List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 May 2022 09:26:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/166179 From: Ranjitsinh Rathod As per below debian link, CVE-2021-28966 affects Windows only Link: https://security-tracker.debian.org/tracker/CVE-2021-28966 Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod --- meta/recipes-devtools/ruby/ruby_2.7.6.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/ruby/ruby_2.7.6.bb b/meta/recipes-devtools/ruby/ruby_2.7.6.bb index 658a17659a..3af321a83e 100644 --- a/meta/recipes-devtools/ruby/ruby_2.7.6.bb +++ b/meta/recipes-devtools/ruby/ruby_2.7.6.bb @@ -12,6 +12,10 @@ SRC_URI += " \ SRC_URI[md5sum] = "f972fb0cce662966bec10d5c5f32d042" SRC_URI[sha256sum] = "e7203b0cc09442ed2c08936d483f8ac140ec1c72e37bb5c401646b7866cb5d10" +# CVE-2021-28966 is Windows specific and not affects Linux OS +# https://security-tracker.debian.org/tracker/CVE-2021-28966 +CVE_CHECK_WHITELIST += "CVE-2021-28966" + PACKAGECONFIG ??= "" PACKAGECONFIG += "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"