From 19da7dbf883667abd7562e01e37a958e66cfaf22 Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Fri, 11 Apr 2025 15:23:47 +0200
Subject: [PATCH] Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)

Resolves: RHEL-86104
---
 ruby.spec                                     | 10 ++++++-
 ...S-in-CGI-Cookie-parse-CVE-2025-27219.patch | 27 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 rubygem-cgi-0.3.5.1-Fix-DoS-in-CGI-Cookie-parse-CVE-2025-27219.patch

diff --git a/ruby.spec b/ruby.spec
index 05b8d99..c684a6d 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -22,7 +22,7 @@
 %endif
 
 
-%global release 164
+%global release 165
 %{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
@@ -333,6 +333,9 @@ Patch74: ruby-3.2.0-Detect-compaction-support-during-runtime.patch
 # https://github.com/ruby/irb/pull/338
 # https://github.com/ruby/irb/commit/99d3aa979dffece1fab06a7d5ebff4ae5da50aae
 Patch75: rubygem-irb-1.4.2-Fix-already-initialized-constant-messages-from-require-in-scripts.patch
+# Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
+# https://github.com/ruby/cgi/commit/2f8ec73bb3eb71c4cf13e735f2d696603de2f34b
+Patch76: rubygem-cgi-0.3.5.1-Fix-DoS-in-CGI-Cookie-parse-CVE-2025-27219.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -810,6 +813,7 @@ rm -rf ext/fiddle/libffi*
 %patch73 -p1
 %patch74 -p1
 %patch75 -p1
+%patch76 -p1
 
 # Instead of adjusting patch's directory, use the following form where
 # we first enter the correct directory, this allows more general application
@@ -1592,6 +1596,10 @@ make runruby TESTRUN_SCRIPT=" \
 
 
 %changelog
+* Fri Apr 11 2025 Jarek Prokop <jprokop@redhat.com> - 3.0.7-165
+- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
+  Resolves: RHEL-86104
+
 * Thu Mar 06 2025 Jarek Prokop <jprokop@redhat.com> - 3.0.7-164
 - Undefine GC compaction methods on ppc64le.
   Resolves: RHEL-83136
diff --git a/rubygem-cgi-0.3.5.1-Fix-DoS-in-CGI-Cookie-parse-CVE-2025-27219.patch b/rubygem-cgi-0.3.5.1-Fix-DoS-in-CGI-Cookie-parse-CVE-2025-27219.patch
new file mode 100644
index 0000000..733bc24
--- /dev/null
+++ b/rubygem-cgi-0.3.5.1-Fix-DoS-in-CGI-Cookie-parse-CVE-2025-27219.patch
@@ -0,0 +1,27 @@
+From fd8162a42ff3e4004b940030cfe34ce7a44a7e23 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 21 Feb 2025 16:01:17 +0900
+Subject: [PATCH] Use String#concat instead of String#+ for reducing cpu usage
+
+Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
+---
+ lib/cgi/cookie.rb | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 1a9c1a82c1..7b8e761a94 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -190,9 +190,10 @@ def self.parse(raw_cookie)
+         values ||= ""
+         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
+         if cookies.has_key?(name)
+-          values = cookies[name].value + values
++          cookies[name].concat(values)
++        else
++          cookies[name] = Cookie.new(name, *values)
+         end
+-        cookies[name] = Cookie.new(name, *values)
+       end
+ 
+       cookies