projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c556ba0)
ruby: update to 2.6.2
authorLuiz Angelo Daros de Luca <luizluca@gmail.com>
Mon, 18 Mar 2019 18:43:38 +0000 (15:43 -0300)
committerLuiz Angelo Daros de Luca <luizluca@gmail.com>
Mon, 18 Mar 2019 18:45:40 +0000 (15:45 -0300)
Bug fixes and a security update of the bundled RubyGems:

CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
lang/ruby/Makefile patch | blob | history

diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile
index 969b68190e903bf60335ca5ee7bbd397793f1147..f34c4ff293a7298fb7e314067a26c86c53971fee 100644 (file)
--- a/lang/ruby/Makefile
+++ b/lang/ruby/Makefile
@@ -11,7 +11,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ruby
-PKG_VERSION:=2.6.1
+PKG_VERSION:=2.6.2
 PKG_RELEASE:=1
 
 # First two numbes
@@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/
-PKG_HASH:=47b629808e9fd44ce1f760cdf3ed14875fc9b19d4f334e82e2cf25cb2898f2f2
+PKG_HASH:=91fcde77eea8e6206d775a48ac58450afe4883af1a42e5b358320beb33a445fa
 PKG_MAINTAINER:=Luiz Angelo Daros de Luca <luizluca@gmail.com>
 PKG_LICENSE:=BSD-2-Clause
 PKG_LICENSE_FILES:=COPYING
Mirror of packages feed