From 1c06c17b69ec902571d6998bcae90af23832434d Mon Sep 17 00:00:00 2001
From: alejandro-microsoft
 <128648451+alejandro-microsoft@users.noreply.github.com>
Date: Tue, 13 Aug 2024 15:33:03 -0700
Subject: [PATCH] Ruby CVE-2024-41946: upgrade ruby version to 3.3.3 (#10089)

---
 SPECS/ruby/ruby.signatures.json | 2 +-
 SPECS/ruby/ruby.spec            | 7 +++++--
 cgmanifest.json                 | 4 ++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/SPECS/ruby/ruby.signatures.json b/SPECS/ruby/ruby.signatures.json
index 17beb5d103..9eb2f74004 100644
--- a/SPECS/ruby/ruby.signatures.json
+++ b/SPECS/ruby/ruby.signatures.json
@@ -7,6 +7,6 @@
     "rubygems.con": "eb804c6b50eeafdb2172285265bc487a80acaa9846233cd5f1d20a25f1dac2ea",
     "rubygems.prov": "b79c1f5873dd20d251e100b276a5e584c1fb677f3e1b92534fc09130fabe8ee5",
     "rubygems.req": "e85681d8fa45d214055f3b26a8c1829b3a4bd67b26a5ef3c1f6426e7eff83ad0",
-    "ruby-3.3.0.tar.gz": "96518814d9832bece92a85415a819d4893b307db5921ae1f0f751a9a89a56b7d"
+    "ruby-3.3.3.tar.gz": "83c05b2177ee9c335b631b29b8c077b4770166d02fa527f3a9f6a40d13f3cce2"
   }
 }
diff --git a/SPECS/ruby/ruby.spec b/SPECS/ruby/ruby.spec
index 995aca5fe3..e7231cd0fa 100644
--- a/SPECS/ruby/ruby.spec
+++ b/SPECS/ruby/ruby.spec
@@ -4,7 +4,7 @@
 %global gem_dir %{_datadir}/ruby/gems
 
 # Default package version defined separately, because the %%version macro gets overwritten by 'Version' tags of the subpackages.
-%global ruby_version            3.3.0
+%global ruby_version            3.3.3
 %define ruby_version_majmin     %(echo %{ruby_version} | cut -d. -f1-2)
 
 %global rubygems_version        3.5.3
@@ -88,7 +88,7 @@ Name:           ruby
 # provides should be versioned according to the ruby version.
 # More info: https://stdgems.org/
 Version:        %{ruby_version}
-Release:        4%{?dist}
+Release:        1%{?dist}
 License:        (Ruby OR BSD) AND Public Domain AND MIT AND CC0 AND zlib AND UCD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -407,6 +407,9 @@ sudo -u test make test TESTS="-v"
 %{_rpmconfigdir}/rubygems.con
 
 %changelog
+* Wed Aug 07 2024 Alejandro Martinez Torres <alejandroma@microsoft.com> - 3.3.3-1
+- Upgrade ruby to 3.3.3 to resolve CVE-2024-41946
+
 * Wed May 22 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 3.3.0-4
 - Bump release to build with new rubygem-rexml to fix CVE-2024-35176
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 92b6a6e8c2..822ea1d7a5 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -25754,8 +25754,8 @@
         "type": "other",
         "other": {
           "name": "ruby",
-          "version": "3.3.0",
-          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.0.tar.gz"
+          "version": "3.3.3",
+          "downloadUrl": "https://cache.ruby-lang.org/pub/ruby/3.3/ruby-3.3.3.tar.gz"
         }
       }
     },