From 09b00c08f56a2d45967281126112d1ceb12d6758 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Thu, 29 Mar 2018 11:37:25 -0300 Subject: [PATCH] ruby: bump to 2.4.4 This release includes some bug fixes and some security fixes. * CVE-2017-17742: HTTP response splitting in WEBrick * CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir * CVE-2018-8777: DoS by large request in WEBrick * CVE-2018-8778: Buffer under-read in String#unpack * CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket * CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir * Multiple vulnerabilities in RubyGems There are also some bug fixes Signed-off-by: Luiz Angelo Daros de Luca --- lang/ruby/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile index 6b53d4267d..5e6384a7a2 100644 --- a/lang/ruby/Makefile +++ b/lang/ruby/Makefile @@ -1,6 +1,6 @@ # # Copyright (C) 2006-2016 OpenWrt.org -# Copyright (C) 2017 Luiz Angelo Daros de Luca +# Copyright (C) 2017-2018 Luiz Angelo Daros de Luca # # This is free software, licensed under the GNU General Public License v2. # See /LICENSE for more information. @@ -11,7 +11,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ruby -PKG_VERSION:=2.4.3 +PKG_VERSION:=2.4.4 PKG_RELEASE:=1 # First two numbes @@ -19,7 +19,7 @@ PKG_ABI_VERSION:=$(subst $(space),.,$(wordlist 1, 2, $(subst .,$(space),$(PKG_VE PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://cache.ruby-lang.org/pub/ruby/$(PKG_ABI_VERSION)/ -PKG_HASH:=23677d40bf3b7621ba64593c978df40b1e026d8653c74a0599f0ead78ed92b51 +PKG_HASH:=1d0034071d675193ca769f64c91827e5f54cb3a7962316a41d5217c7bc6949f0 PKG_MAINTAINER:=Luiz Angelo Daros de Luca PKG_LICENSE:=BSD-2-Clause PKG_LICENSE_FILES:=COPYING -- 2.30.2