gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 28756}]

Fixes: CVE-2023-28755 (ReDoS vulnerability in URI), and CVE-2023-28756 (ReDoS vulnerability in Time). * gnu/packages/ruby.scm (ruby-2.7-fixed): Update to 2.7.8. (ruby-2.7)[replacement]: Graft. Signed-off-by: Andreas Enge <andreas@enge.fr>
author: Remco van 't Veer <remco@remworks.net> 2023-05-19 13:09:17 +0200
committer: Andreas Enge <andreas@enge.fr> 2023-05-23 16:37:04 +0200
commit: cb193c0dd1deb89f9d7db4d065e3dc66d1168c1c (patch)
tree: a19dfb078719fecd13af2f7b7832a2fed5b5a7cd /gnu
parent: 8927b20ba105bec8dbf43d00313ab90d6a418ab5 (diff)
download: guix-cb193c0dd1deb89f9d7db4d065e3dc66d1168c1c.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index dbd4127343..eb84367d15 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -163,6 +163,7 @@ a focus on simplicity and productivity.")
   (package
     (inherit ruby-2.6)
     (version "2.7.6")
+    (replacement ruby-2.7-fixed) ; security fixes
     (source
      (origin
        (inherit (package-source ruby-2.6))
@@ -200,7 +201,7 @@ a focus on simplicity and productivity.")
 (define ruby-2.7-fixed
   (package
     (inherit ruby-2.7)
-    (version "2.7.7")
+    (version "2.7.8")
     (source
      (origin
        (inherit (package-source ruby-2.7))
@@ -209,7 +210,7 @@ a focus on simplicity and productivity.")
                            "/ruby-" version ".tar.gz"))
        (sha256
         (base32
-         "143vih5jzmrd2r5h94pa3qzml0ldii0qzs6g09jg6zqxd7djf0g1"))))))
+         "182vni66djmiqagwzfsd0za7x9k3zag43b88c590aalgphybdnn2"))))))
 
 (define-public ruby-3.0
   (package
author	Remco van 't Veer <remco@remworks.net>	2023-05-19 13:09:17 +0200
committer	Andreas Enge <andreas@enge.fr>	2023-05-23 16:37:04 +0200
commit	cb193c0dd1deb89f9d7db4d065e3dc66d1168c1c (patch)
tree	a19dfb078719fecd13af2f7b7832a2fed5b5a7cd /gnu
parent	8927b20ba105bec8dbf43d00313ab90d6a418ab5 (diff)
download	guix-cb193c0dd1deb89f9d7db4d065e3dc66d1168c1c.tar.gz