From 83c86fa446933ea905801de132ec6c36a99fd422 Mon Sep 17 00:00:00 2001 From: Remco van 't Veer Date: Wed, 29 Jun 2022 20:00:37 +0200 Subject: gnu: ruby: Replace with 2.7.6 [security fixes]. Includes fixes for: CVE-2022-28739, CVE-2021-41816, and CVE-2021-41817. * gnu/packages/ruby.scm (ruby-2.7-fixed): New variable. (ruby-2.7)[replacement]: Graft. Signed-off-by: Marius Bakke --- gnu/packages/ruby.scm | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'gnu') diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index e38d5da0a9..a37a8dda24 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -155,6 +155,7 @@ a focus on simplicity and productivity.") (package (inherit ruby-2.6) (version "2.7.4") + (replacement ruby-2.7-fixed) ; security fixes (source (origin (inherit (package-source ruby-2.6)) @@ -189,6 +190,20 @@ a focus on simplicity and productivity.") (native-inputs (list autoconf)))) +(define ruby-2.7-fixed + (package + (inherit ruby-2.7) + (version "2.7.6") + (source + (origin + (inherit (package-source ruby-2.7)) + (uri (string-append "https://cache.ruby-lang.org/pub/ruby/" + (version-major+minor version) + "/ruby-" version ".tar.gz")) + (sha256 + (base32 + "042xrdk7hsv4072bayz3f8ffqh61i8zlhvck10nfshllq063n877")))))) + (define-public ruby-3.0 (package (inherit ruby-2.7) -- cgit v1.2.3