Ruby CVE-2024-41946: upgrade ruby version to 3.3.3 (#10089)

2024-08-13 15:33:03 -07:00 · 2024-08-13 15:33:03 -07:00 · 1c06c17b69
--- a/SPECS/ruby/ruby.signatures.json
+++ b/SPECS/ruby/ruby.signatures.json
@ -7,6 +7,6 @@
    "rubygems.con": "eb804c6b50eeafdb2172285265bc487a80acaa9846233cd5f1d20a25f1dac2ea",
    "rubygems.prov": "b79c1f5873dd20d251e100b276a5e584c1fb677f3e1b92534fc09130fabe8ee5",
    "rubygems.req": "e85681d8fa45d214055f3b26a8c1829b3a4bd67b26a5ef3c1f6426e7eff83ad0",
-    "ruby-3.3.0.tar.gz": "96518814d9832bece92a85415a819d4893b307db5921ae1f0f751a9a89a56b7d"
+    "ruby-3.3.3.tar.gz": "83c05b2177ee9c335b631b29b8c077b4770166d02fa527f3a9f6a40d13f3cce2"
  }
 }
--- a/SPECS/ruby/ruby.spec
+++ b/SPECS/ruby/ruby.spec
@ -4,7 +4,7 @@
 %global gem_dir %{_datadir}/ruby/gems

 # Default package version defined separately, because the %%version macro gets overwritten by 'Version' tags of the subpackages.
-%global ruby_version            3.3.0
+%global ruby_version            3.3.3
 %define ruby_version_majmin     %(echo %{ruby_version} | cut -d. -f1-2)

 %global rubygems_version        3.5.3
@ -88,7 +88,7 @@ Name:           ruby
 # provides should be versioned according to the ruby version.
 # More info: https://stdgems.org/
 Version:        %{ruby_version}
-Release:        4%{?dist}
+Release:        1%{?dist}
 License:        (Ruby OR BSD) AND Public Domain AND MIT AND CC0 AND zlib AND UCD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@ -407,6 +407,9 @@ sudo -u test make test TESTS="-v"
 %{_rpmconfigdir}/rubygems.con

 %changelog
+* Wed Aug 07 2024 Alejandro Martinez Torres <alejandroma@microsoft.com> - 3.3.3-1
+- Upgrade ruby to 3.3.3 to resolve CVE-2024-41946
+
 * Wed May 22 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 3.3.0-4
 - Bump release to build with new rubygem-rexml to fix CVE-2024-35176

--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -25754,8 +25754,8 @@
        "type": "other",
        "other": {
          "name": "ruby",
-          "version": "3.3.0",
-          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.0.tar.gz"
+          "version": "3.3.3",
+          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.3.tar.gz"
        }
      }
    },