{"id":2225896,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2225896/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260421185941.2721885-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260421185941.2721885-1-bernd@kuhls.net>","date":"2026-04-21T18:59:41","name":"[1/1] package/ruby: security bump version to 4.0.3","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"a525c31fce094977a974d98ba0ecb25b005cc8c6","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.1/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":{"id":89618,"url":"http://patchwork.ozlabs.org/api/1.1/users/89618/?format=json","username":"juju","first_name":"Julien","last_name":"Olivain","email":"juju@cotds.org"},"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260421185941.2721885-1-bernd@kuhls.net/mbox/","series":[{"id":500874,"url":"http://patchwork.ozlabs.org/api/1.1/series/500874/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=500874","date":"2026-04-21T18:59:41","name":"[1/1] package/ruby: security bump version to 4.0.3","version":1,"mbox":"http://patchwork.ozlabs.org/series/500874/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225896/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225896/checks/","tags":{},"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=sJHq4n5G;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0WrC4wfZz1yHB\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Wed, 22 Apr 2026 04:59:55 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 2A42441FEC;\n\tTue, 21 Apr 2026 18:59:52 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 3Y03vy3YlWd8; Tue, 21 Apr 2026 18:59:50 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id E4E4841FDD;\n\tTue, 21 Apr 2026 18:59:49 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id 4127C183\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:59:48 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 222DC60878\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:59:45 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id vkzs6Rp8-CIM for <buildroot@buildroot.org>;\n Tue, 21 Apr 2026 18:59:44 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 18A2760879\n for <buildroot@buildroot.org>; Tue, 21 Apr 2026 18:59:44 +0000 (UTC)","from fli4l.lan.fli4l (p5b3a0177.dip0.t-ipconnect.de [91.58.1.119])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 3C319A4C0602;\n Tue, 21 Apr 2026 20:59:42 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:46154)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1wFGJx-000000003B1-3gKc;\n Tue, 21 Apr 2026 18:59:41 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org E4E4841FDD","OpenDKIM Filter v2.11.0 smtp3.osuosl.org 18A2760879"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776797990;\n\tbh=pQixD7SIr+bExjIaSLzOb98prRxGMh7+DHExTjOLnyw=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=sJHq4n5GUGeD0oAEs1eryn0xbVfH9qd1oYw0FvnfC/5C7niKA9aqiXTNumpFylfBR\n\t Yj4+k1SDn2uN9RckrnnArRfbs1vHFOJqrSDSIdfSOWlheSO166LZE13WW4uACAqXth\n\t PwMrRIG8SyA5mONCMT2isxvS3B5jtt/T8SFapjR/oG1ZVJFpbrGF64jK4m2ML9vCli\n\t 4AlNkA0iB9tBex0228fofvKM0Kb9DA4WWqiFiUzbtMgZqMJJKWZPZmaHcOvoS2jp1u\n\t buPV5jS7d9J7I11rbb2E/BB2gRKaYcL51PjACK3IrI2+jqC0VJplAmInrkwTwC5r4o\n\t f46iXlqoSZOVA==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org 18A2760879","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Tue, 21 Apr 2026 20:59:41 +0200","Message-ID":"<20260421185941.2721885-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"/","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1776797982;\n bh=2kExGDZ1SoT5PgvIGafK1zfYRXaYJTvN4KrD1Zm90yM=;\n h=From:To:Cc:Subject:Date:From;\n b=p5htoxwBwKdMDCzIbCq22JNPmB8P06q5LQUCalaIuBgnscWBrAq1C/MSo0VmT9sG/\n PihPaFO3tK+0Bg5Kff/DG9q+MPcdQy3rf2njW7g8snCRkvqz1ONvUXn6faz2E6UyGH\n UeKVAgYUy/3FmULIl/RrZGtoMGFgM+0GvS80xes24ReNEgONowEYT3uVcpr9CE3lcE\n HouDiFtDVwgkV7WG9Dj44Rw7NEdZ5rLq3UJ2ztSh9d3Sr/PtvpViFSkvxOqpNqqTUS\n NLNYYC3oAUz5zlXF2lerGt5O0ZsFdgeLBxA5s8rdo8ahFfe3CYIQEsHAFoDOu4kVcI\n TmQvGVm9wKKWA==","X-Mailman-Original-Authentication-Results":["smtp3.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp3.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=p5htoxwB"],"Subject":"[Buildroot] [PATCH 1/1] package/ruby: security bump version to 4.0.3","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/\n\nAdded sha512 tarball hash provided by upstream.\n\nFixes CVE-2026-41316:\nhttps://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n package/ruby/ruby.hash | 5 +++--\n package/ruby/ruby.mk   | 2 +-\n 2 files changed, 4 insertions(+), 3 deletions(-)","diff":"diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash\nindex 9908fe8d4f..7512d1153b 100644\n--- a/package/ruby/ruby.hash\n+++ b/package/ruby/ruby.hash\n@@ -1,5 +1,6 @@\n-# https://www.ruby-lang.org/en/news/2026/03/16/ruby-4-0-2-released/\n-sha256  4618db85bb9ec04d8152d0099db488694a3d3c4f52106625e4ad547f1318db87  ruby-4.0.2.tar.xz\n+# https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/\n+sha256  22cf6005d25bbe496b5ebe9224d63a1aaabfbfe02591bb5d612517c5a7836f29  ruby-4.0.3.tar.xz\n+sha512  5816fb264ce76df59f4bfe0cadceb45025fada2e61f2c14024d6b03f63d304820cddf94afcf82a4951fd12f3b0d9148683f856f3f2245d56042fc8407b6cbff5  ruby-4.0.3.tar.xz\n \n # License files, Locally calculated\n sha256  a74812486cffbdc55141a5d9f165d782cbb202660d827622ec966237d4717b99  LEGAL\ndiff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk\nindex 6bd8ad43c5..7e6f6d8146 100644\n--- a/package/ruby/ruby.mk\n+++ b/package/ruby/ruby.mk\n@@ -5,7 +5,7 @@\n ################################################################################\n \n RUBY_VERSION_MAJOR = 4.0\n-RUBY_VERSION = $(RUBY_VERSION_MAJOR).2\n+RUBY_VERSION = $(RUBY_VERSION_MAJOR).3\n RUBY_VERSION_EXT = 4.0.0\n RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)\n RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz\n","prefixes":["1/1"]}