diff --git a/.gitignore b/.gitignore
index 242457c..978802b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/ruby-2.6.3.tar.xz
+SOURCES/ruby-2.6.7.tar.xz
diff --git a/.ruby.metadata b/.ruby.metadata
index a2b9708..25bfc62 100644
--- a/.ruby.metadata
+++ b/.ruby.metadata
@@ -1 +1 @@
-ee231856cee812cfc67440d643f7451857a760c9 SOURCES/ruby-2.6.3.tar.xz
+1fd1448125a00cd7b9994637b5e561506de6a6d3 SOURCES/ruby-2.6.7.tar.xz
diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
index 0770723..14da77e 100644
--- a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
+++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
@@ -39,7 +39,7 @@ diff --git a/configure.ac b/configure.ac
 index 028ef7ca3e..cdeff87871 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3855,6 +3855,13 @@ AC_SUBST(rubyarchhdrdir)dnl
+@@ -3872,6 +3872,13 @@ AC_SUBST(rubyarchhdrdir)dnl
  AC_SUBST(sitearchhdrdir)dnl
  AC_SUBST(vendorarchhdrdir)dnl
  
diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch
index 116bb66..d5ecc34 100644
--- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch
+++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch
@@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
 index 11fc237552..b77e88fc37 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3085,6 +3085,11 @@ AS_IF([test ${multiarch+set}], [
+@@ -3102,6 +3102,11 @@ AS_IF([test ${multiarch+set}], [
  ])
  
  archlibdir='${libdir}/${arch}'
diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
index bfb197f..f7f364f 100644
--- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
+++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
@@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac
 index 999e2d6d5d..11fc237552 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3710,7 +3710,8 @@ AS_CASE(["$ruby_version_dir_name"],
+@@ -3727,7 +3727,8 @@ AS_CASE(["$ruby_version_dir_name"],
  ruby_version_dir=/'${ruby_version_dir_name}'
  
  if test -z "${ruby_version_dir_name}"; then
diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch
index d63752a..cde4302 100644
--- a/SOURCES/ruby-2.1.0-always-use-i386.patch
+++ b/SOURCES/ruby-2.1.0-always-use-i386.patch
@@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
 index b77e88fc37..6bba453e3c 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3774,6 +3774,8 @@ AC_SUBST(vendorarchdir)dnl
+@@ -3791,6 +3791,8 @@ AC_SUBST(vendorarchdir)dnl
  AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
  AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl
  
diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch
index c4893da..d9b6915 100644
--- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch
+++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch
@@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
 index 6bba453e3c..028ef7ca3e 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3746,6 +3746,10 @@ AC_ARG_WITH(vendorarchdir,
+@@ -3763,6 +3763,10 @@ AC_ARG_WITH(vendorarchdir,
              [vendorarchdir=$withval],
              [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
  
@@ -26,7 +26,7 @@ index 6bba453e3c..028ef7ca3e 100644
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
      RUBY_EXEC_PREFIX=''
-@@ -3770,6 +3774,7 @@ AC_SUBST(sitearchdir)dnl
+@@ -3787,6 +3787,7 @@ AC_SUBST(sitearchdir)dnl
  AC_SUBST(vendordir)dnl
  AC_SUBST(vendorlibdir)dnl
  AC_SUBST(vendorarchdir)dnl
@@ -64,18 +64,18 @@ index 79c003e..34f2382 100644
  % R = {}
  % R["ruby_version"] = '"RUBY_LIB_VERSION"'
 diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
-index b47b6e1..0b99408 100755
+index d8987af..1efbd33 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -334,6 +334,7 @@ def CONFIG.[](name, mandatory = false)
- sitearchlibdir = CONFIG["sitearchdir"]
- vendorlibdir = CONFIG["vendorlibdir"]
- vendorarchlibdir = CONFIG["vendorarchdir"]
+@@ -338,6 +338,7 @@ if CONFIG["vendordir"]
+   vendorlibdir = CONFIG["vendorlibdir"]
+   vendorarchlibdir = CONFIG["vendorarchdir"]
+ end
 +rubygemsdir = CONFIG["rubygemsdir"]
  mandir = CONFIG["mandir", true]
  docdir = CONFIG["docdir", true]
  enable_shared = CONFIG["ENABLE_SHARED"] == 'yes'
-@@ -560,7 +561,16 @@ def stub
+@@ -564,7 +565,16 @@ end
  install?(:local, :comm, :lib) do
    prepare "library scripts", rubylibdir
    noinst = %w[*.txt *.rdoc *.gemspec]
diff --git a/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch b/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch
index 7118a32..e8107d7 100644
--- a/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch
+++ b/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch
@@ -11,7 +11,7 @@ diff --git a/common.mk b/common.mk
 index 168dc52..20c218a 100644
 --- a/common.mk
 +++ b/common.mk
-@@ -1052,9 +1052,9 @@ $(MINIPRELUDE_C): $(COMPILE_PRELUDE)
+@@ -1053,9 +1053,9 @@ $(MINIPRELUDE_C): $(COMPILE_PRELUDE)
  		$(srcdir)/template/prelude.c.tmpl
  
  $(PRELUDE_C): $(COMPILE_PRELUDE) \
diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch
index a74fb74..e46915c 100644
--- a/SOURCES/ruby-2.3.0-ruby_version.patch
+++ b/SOURCES/ruby-2.3.0-ruby_version.patch
@@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac
 index 8ea969412f..a00f2b6776 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3661,9 +3661,6 @@ AS_CASE(["$target_os"],
+@@ -3678,9 +3678,6 @@ AS_CASE(["$target_os"],
      rubyw_install_name='$(RUBYW_INSTALL_NAME)'
      ])
  
@@ -30,7 +30,7 @@ index 8ea969412f..a00f2b6776 100644
  rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
  AC_ARG_WITH(rubyarchprefix,
  	    AS_HELP_STRING([--with-rubyarchprefix=DIR],
-@@ -3686,56 +3683,62 @@ AC_ARG_WITH(ridir,
+@@ -3703,56 +3703,62 @@ AC_ARG_WITH(ridir,
  AC_SUBST(ridir)
  AC_SUBST(RI_BASE_NAME)
  
@@ -120,7 +120,7 @@ index 8ea969412f..a00f2b6776 100644
  
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
-@@ -3752,6 +3755,7 @@ AC_SUBST(sitearchincludedir)dnl
+@@ -3769,6 +3769,7 @@ AC_SUBST(sitearchincludedir)dnl
  AC_SUBST(arch)dnl
  AC_SUBST(sitearch)dnl
  AC_SUBST(ruby_version)dnl
@@ -171,7 +171,7 @@ diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
 index d4c110e..d39c9a6 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -424,7 +424,7 @@ def CONFIG.[](name, mandatory = false)
+@@ -428,7 +428,7 @@ def CONFIG.[](name, mandatory = false)
  
  install?(:doc, :rdoc) do
    if $rdocdir
diff --git a/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch b/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
deleted file mode 100644
index 6bb8466..0000000
--- a/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
+++ /dev/null
@@ -1,486 +0,0 @@
-From b0bcb19cb4f95d260c5993df0aaa3667522fb99d Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 16 Aug 2018 20:54:47 +0900
-Subject: [PATCH 1/2] test/openssl/test_pair: fix deadlock in
- test_connect_accept_nonblock
-
-Call IO.select with a timeout value and limit the number of retries to
-prevent stacking forever.
-
-Reference: https://github.com/ruby/openssl/issues/214
----
- test/openssl/test_pair.rb | 51 +++++++++++++++++----------------------
- 1 file changed, 22 insertions(+), 29 deletions(-)
-
-diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
-index ea5f0dcf..eac3655e 100644
---- a/test/openssl/test_pair.rb
-+++ b/test/openssl/test_pair.rb
-@@ -442,7 +442,7 @@ def test_connect_accept_nonblock_no_exception
-   end
- 
-   def test_connect_accept_nonblock
--    ctx = OpenSSL::SSL::SSLContext.new()
-+    ctx = OpenSSL::SSL::SSLContext.new
-     ctx.cert = @svr_cert
-     ctx.key = @svr_key
-     ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
-@@ -451,45 +451,38 @@ def test_connect_accept_nonblock
- 
-     th = Thread.new {
-       s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx)
--      s2.sync_close = true
--      begin
-+      5.times {
-+        begin
-+          break s2.accept_nonblock
-+        rescue IO::WaitReadable
-+          IO.select([s2], nil, nil, 1)
-+        rescue IO::WaitWritable
-+          IO.select(nil, [s2], nil, 1)
-+        end
-         sleep 0.2
--        s2.accept_nonblock
-+      }
-+    }
-+
-+    s1 = OpenSSL::SSL::SSLSocket.new(sock1)
-+    5.times {
-+      begin
-+        break s1.connect_nonblock
-       rescue IO::WaitReadable
--        IO.select([s2])
--        retry
-+        IO.select([s1], nil, nil, 1)
-       rescue IO::WaitWritable
--        IO.select(nil, [s2])
--        retry
-+        IO.select(nil, [s1], nil, 1)
-       end
--      s2
--    }
--
--    sleep 0.1
--    ctx = OpenSSL::SSL::SSLContext.new()
--    s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx)
--    begin
-       sleep 0.2
--      s1.connect_nonblock
--    rescue IO::WaitReadable
--      IO.select([s1])
--      retry
--    rescue IO::WaitWritable
--      IO.select(nil, [s1])
--      retry
--    end
--    s1.sync_close = true
-+    }
- 
-     s2 = th.value
- 
-     s1.print "a\ndef"
-     assert_equal("a\n", s2.gets)
-   ensure
--    th.join if th
--    s1.close if s1 && !s1.closed?
--    s2.close if s2 && !s2.closed?
--    sock1.close if sock1 && !sock1.closed?
--    sock2.close if sock2 && !sock2.closed?
-+    sock1&.close
-+    sock2&.close
-+    th&.join
-   end
- end
- 
-
-From 5ba99ad7ae1267ed964f53906530579299f3fcc6 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 16 Aug 2018 20:04:13 +0900
-Subject: [PATCH 2/2] test: use larger keys for SSL tests
-
-Some systems enforce a system-wide policy to restrict key sizes used in
-SSL/TLS. Use larger ones if possible so that the test suite runs
-successfully.
-
-New PEM files test/openssl/fixtures/pkey/{dh-1,rsa-1,rsa-2,rsa-3}.pem are added
-to the tree, and SSL tests now use them instead of the fixed-size keys.
-
-Reference: https://github.com/ruby/openssl/issues/215
----
- test/openssl/fixtures/pkey/dh-1.pem  | 13 +++++++
- test/openssl/fixtures/pkey/rsa-1.pem | 51 ++++++++++++++++++++++++++++
- test/openssl/fixtures/pkey/rsa-2.pem | 51 ++++++++++++++++++++++++++++
- test/openssl/fixtures/pkey/rsa-3.pem | 51 ++++++++++++++++++++++++++++
- test/openssl/test_pair.rb            |  8 ++---
- test/openssl/test_pkey_dh.rb         |  8 ++---
- test/openssl/test_ssl.rb             | 11 +++---
- test/openssl/utils.rb                | 14 ++++----
- 8 files changed, 186 insertions(+), 21 deletions(-)
- create mode 100644 test/openssl/fixtures/pkey/dh-1.pem
- create mode 100644 test/openssl/fixtures/pkey/rsa-1.pem
- create mode 100644 test/openssl/fixtures/pkey/rsa-2.pem
- create mode 100644 test/openssl/fixtures/pkey/rsa-3.pem
-
-diff --git a/test/openssl/fixtures/pkey/dh-1.pem b/test/openssl/fixtures/pkey/dh-1.pem
-new file mode 100644
-index 00000000..3340a6a1
---- /dev/null
-+++ b/test/openssl/fixtures/pkey/dh-1.pem
-@@ -0,0 +1,13 @@
-+-----BEGIN DH PARAMETERS-----
-+MIICCAKCAgEAvRzXYxY6L2DjeYmm1eowtMDu1it3j+VwFr6s6PRWzc1apMtztr9G
-+xZ2mYndUAJLgNLO3n2fUDCYVMB6ZkcekW8Siocof3xWiMA6wqZ6uw0dsE3q7ZX+6
-+TLjgSjaXeGvjutvuEwVrFeaUi83bMgfXN8ToxIQVprIF35sYFt6fpbFATKfW7qqi
-+P1pQkjmCskU4tztaWvlLh0qg85wuQGnpJaQT3gS30378i0IGbA0EBvJcSpTHYbLa
-+nsdI9bfN/ZVgeolVMNMU9/n8R8vRhNPcHuciFwaqS656q+HavCIyxw/LfjSwwFvR
-+TngCn0wytRErkzFIXnRKckh8/BpI4S+0+l1NkOwG4WJ55KJ/9OOdZW5o/QCp2bDi
-+E0JN1EP/gkSom/prq8JR/yEqtsy99uc5nUxPmzv0IgdcFHZEfiQU7iRggEbx7qfQ
-+Ve55XksmmJInmpCy1bSabAEgIKp8Ckt5KLYZ0RgTXUhcEpsxEo6cuAwoSJT5o4Rp
-+yG3xow2ozPcqZkvb+d2CHj1sc54w9BVFAjVANEKmRil/9WKz14bu3wxEhOPqC54n
-+QojjLcoXSoT66ZUOQnYxTSiLtzoKGPy8cAVPbkBrXz2u2sj5gcvr1JjoGjdHm9/3
-+qnqC8fsTz8UndKNIQC337o4K0833bQMzRGl1/qjbAPit2B7E3b6xTZMCAQI=
-+-----END DH PARAMETERS-----
-diff --git a/test/openssl/fixtures/pkey/rsa-1.pem b/test/openssl/fixtures/pkey/rsa-1.pem
-new file mode 100644
-index 00000000..bd5a624f
---- /dev/null
-+++ b/test/openssl/fixtures/pkey/rsa-1.pem
-@@ -0,0 +1,51 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIJJwIBAAKCAgEArIEJUYZrXhMfUXXdl2gLcXrRB4ciWNEeXt5UVLG0nPhygZwJ
-+xis8tOrjXOJEpUXUsfgF35pQiJLD4T9/Vp3zLFtMOOQjOR3AxjIelbH9KPyGFEr9
-+TcPtsJ24zhcG7RbwOGXR4iIcDaTx+bCLSAd7BjG3XHQtyeepGGRZkGyGUvXjPorH
-+XP+dQjQnMd09wv0GMZSqQ06PedUUKQ4PJRfMCP+mwjFP+rB3NZuThF0CsNmpoixg
-+GdoQ591Yrf5rf2Bs848JrYdqJlKlBL6rTFf2glHiC+mE5YRny7RZtv/qIkyUNotV
-+ce1cE0GFrRmCpw9bqulDDcgKjFkhihTg4Voq0UYdJ6Alg7Ur4JerKTfyCaRGF27V
-+fh/g2A2/6Vu8xKYYwTAwLn+Tvkx9OTVZ1t15wM7Ma8hHowNoO0g/lWkeltgHLMji
-+rmeuIYQ20BQmdx2RRgWKl57D0wO/N0HIR+Bm4vcBoNPgMlk9g5WHA6idHR8TLxOr
-+dMMmTiWfefB0/FzGXBv7DuuzHN3+urdCvG1QIMFQ06kHXhr4rC28KbWIxg+PJGM8
-+oGNEGtGWAOvi4Ov+BVsIdbD5Sfyb4nY3L9qqPl6TxRxMWTKsYCYx11jC8civCzOu
-+yL1z+wgIICJ6iGzrfYf6C2BiNV3BC1YCtp2XsG+AooIxCwjL2CP/54MuRnUCAwEA
-+AQKCAgAP4+8M0HoRd2d6JIZeDRqIwIyCygLy9Yh7qrVP+/KsRwKdR9dqps73x29c
-+Pgeexdj67+Lynw9uFT7v/95mBzTAUESsNO+9sizw1OsWVQgB/4kGU4YT5Ml/bHf6
-+nApqSqOkPlTgJM46v4f+vTGHWBEQGAJRBO62250q/wt1D1osSDQ/rZ8BxRYiZBV8
-+NWocDRzF8nDgtFrpGSS7R21DuHZ2Gb6twscgS6MfkA49sieuTM6gfr/3gavu/+fM
-+V1Rlrmc65GE61++CSjijQEEdTjkJ9isBd+hjEBhTnnBpOBfEQxOgFqOvU/MYXv/G
-+W0Q6yWJjUwt3OIcoOImrY5L3j0vERneA1Alweqsbws3fXXMjA+jhLxlJqjPvSAKc
-+POi7xu7QCJjSSLAzHSDPdmGmfzlrbdWS1h0mrC5YZYOyToLajfnmAlXNNrytnePg
-+JV9/1136ZFrJyEi1JVN3kyrC+1iVd1E+lWK0U1UQ6/25tJvKFc1I+xToaUbK10UN
-+ycXib7p2Zsc/+ZMlPRgCxWmpIHmKhnwbO7vtRunnnc6wzhvlQQNHWlIvkyQukV50
-+6k/bzWw0M6A98B4oCICIcxcpS3njDlHyL7NlkCD+/OfZp6X3RZF/m4grmA2doebz
-+glsaNMyGHFrpHkHq19Y63Y4jtBdW/XuBv06Cnr4r3BXdjEzzwQKCAQEA5bj737Nk
-+ZLA0UgzVVvY67MTserTOECIt4i37nULjRQwsSFiz0AWFOBwUCBJ5N2qDEelbf0Fa
-+t4VzrphryEgzLz/95ZXi+oxw1liqCHi8iHeU2wSclDtx2jKv2q7bFvFSaH4CKC4N
-+zBJNfP92kdXuAjXkbK/jWwr64fLNh/2KFWUAmrYmtGfnOjjyL+yZhPxBatztE58q
-+/T61pkvP9NiLfrr7Xq8fnzrwqGERhXKueyoK6ig9ZJPZ2VTykMUUvNYJJ7OYQZru
-+EYA3zkuEZifqmjgF57Bgg7dkkIh285TzH3CNf3MCMTmjlWVyHjlyeSPYgISB9Mys
-+VKKQth+SvYcChQKCAQEAwDyCcolA7+bQBfECs6GXi7RYy2YSlx562S5vhjSlY9Ko
-+WiwVJWviF7uSBdZRnGUKoPv4K4LV34o2lJpSSTi5Xgp7FH986VdGePe3p4hcXSIZ
-+NtsKImLVLnEjrmkZExfQl7p0MkcU/LheCf/eEZVp0Z84O54WCs6GRm9wHYIUyrag
-+9FREqqxTRVNhQQ2EDVGq1slREdwB+aygE76axK/qosk0RaoLzGZiMn4Sb8bpJxXO
-+mee+ftq5bayVltfR0DhC8eHkcPPFeQMll1g+ML7HbINwHTr01ONm3cFUO4zOLBOO
-+ws/+vtNfiv6S/lO1RQSRoiApbENBLdSc3V8Cy70PMQKCAQBOcZN4uP5gL5c+KWm0
-+T1KhxUDnSdRPyAwY/xC7i7qlullovvlv4GK0XUot03kXBkUJmcEHvF5o6qYtCZlM
-+g/MOgHCHtF4Upl5lo1M0n13pz8PB4lpBd+cR1lscdrcTp4Y3bkf4RnmppNpXA7kO
-+ZZnnoVWGE620ShSPkWTDuj0rvxisu+SNmClqRUXWPZnSwnzoK9a86443efF3fs3d
-+UxCXTuxFUdGfgvXo2XStOBMCtcGSYflM3fv27b4C13mUXhY0O2yTgn8m9LyZsknc
-+xGalENpbWmwqrjYl8KOF2+gFZV68FZ67Bm6otkJ4ta80VJw6joT9/eIe6IA34KIw
-+G+ktAoIBAFRuPxzvC4ZSaasyX21l25mQbC9pdWDKEkqxCmp3VOyy6R4xnlgBOhwS
-+VeAacV2vQyvRfv4dSLIVkkNSRDHEqCWVlNk75TDXFCytIAyE54xAHbLqIVlY7yim
-+qHVB07F/FC6PxdkPPziAAU2DA5XVedSHibslg6jbbD4jU6qiJ1+hNrAZEs+jQC+C
-+n4Ri20y+Qbp0URb2+icemnARlwgr+3HjzQGL3gK4NQjYNmDBjEWOXl9aWWB90FNL
-+KahGwfAhxcVW4W56opCzwR7nsujV4eDXGba83itidRuQfd5pyWOyc1E86TYGwD/b
-+79OkEElv6Ea8uXTDVS075GmWATRapQECggEAd9ZAbyT+KouTfi2e6yLOosxSZfns
-+eF06QAJi5n9GOtdfK5fqdmHJqJI7wbubCnd0oxPeL71lRjrOAMXufaQRdZtfXSMn
-+B1TljteNrh1en5xF451rCPR/Y6tNKBvIKnhy1waO27/vA+ovXrm17iR9rRuGZ29i
-+IurlKA6z/96UdrSdpqITTCyTjSOBYg34f49ueGjlpL4+8HJq2wor4Cb1Sbv8ErqA
-+bsQ/Jz+KIGUiuFCfNa6d6McPRXIrGgzpprXgfimkV3nj49QyrnuCF/Pc4psGgIaN
-+l3EiGXzRt/55K7DQVadtbcjo9zREac8QnDD6dS/gOfJ82L7frQfMpNWgQA==
-+-----END RSA PRIVATE KEY-----
-diff --git a/test/openssl/fixtures/pkey/rsa-2.pem b/test/openssl/fixtures/pkey/rsa-2.pem
-new file mode 100644
-index 00000000..e4fd4f43
---- /dev/null
-+++ b/test/openssl/fixtures/pkey/rsa-2.pem
-@@ -0,0 +1,51 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIJKAIBAAKCAgEA1HUbx825tG7+/ulC5DpDogzXqM2/KmeCwGXZY4XjiWa+Zj7b
-+ECkZwQh7zxFUsPixGqQKJSyFwCogdaPzYTRNtqKKaw/IWS0um1PTn4C4/9atbIsf
-+HVKu/fWg4VrZL+ixFIZxa8Z6pvTB2omMcx+uEzbXPsO01i1pHf7MaWBxUDGFyC9P
-+lASJBfFZAf2Ar1H99OTS4SP+gxM9Kk5tcc22r8uFiqqbhJmQNSDApdHvT1zSZxAc
-+T1BFEZqfmR0B0UegPyJc/9hW0dYpB9JjR29UaZRSta3LUMpqltoOF5bzaKVgMuBm
-+Qy79xJ71LjGp8bKhgRaWXyPsDzAC0MQlOW6En0v8LK8fntivJEvw9PNOMcZ8oMTn
-+no0NeVt32HiQJW8LIVo7dOLVFtguSBMWUVe8mdKbuIIULD6JlSYke9Ob6andUhzO
-+U79m/aRWs2yjD6o5QAktjFBARdPgcpTdWfppc8xpJUkQgRmVhINoIMT9W6Wl898E
-+P4aPx6mRV/k05ellN3zRgd9tx5dyNuj3RBaNmR47cAVvGYRQgtH9bQYs6jtf0oer
-+A5yIYEKspNRlZZJKKrQdLflQFOEwjQJyZnTk7Mp0y21wOuEGgZBexew55/hUJDC2
-+mQ8CqjV4ki/Mm3z6Cw3jXIMNBJkH7oveBGSX0S9bF8A/73oOCU3W/LkORxECAwEA
-+AQKCAgBLK7RMmYmfQbaPUtEMF2FesNSNMV72DfHBSUgFYpYDQ4sSeiLgMOqf1fSY
-+azVf+F4RYwED7iDUwRMDDKNMPUlR2WjIQKlOhCH9a0dxJAZQ3xA1W3QC2AJ6cLIf
-+ihlWTip5bKgszekPsYH1ZL2A7jCVM84ssuoE7cRHjKOelTUCfsMq9TJe2MvyglZP
-+0fX6EjSctWm3pxiiH+iAU4d9wJ9my8fQLFUiMYNIiPIguYrGtbzsIlMh7PDDLcZS
-+UmUWOxWDwRDOpSjyzadu0Q23dLiVMpmhFoDdcQENptFdn1c4K2tCFQuZscKwEt4F
-+HiVXEzD5j5hcyUT4irA0VXImQ+hAH3oSDmn7wyHvyOg0bDZpUZXEHXb83Vvo54/d
-+Fb4AOUva1dwhjci8CTEMxCENMy/CLilRv46AeHbOX8KMPM7BnRSJPptvTTh/qB9C
-+HI5hxfkO+EOYnu0kUlxhJfrqG86H4IS+zA8HWiSEGxQteMjUQfgJoBzJ94YChpzo
-+ePpKSpjxxl1PNNWKxWM3yUvlKmI2lNl6YNC8JpF2wVg4VvYkG7iVjleeRg21ay89
-+NCVMF98n3MI5jdzfDKACnuYxg7sw+gjMy8PSoFvQ5pvHuBBOpa8tho6vk7bLJixT
-+QY5uXMNQaO6OwpkBssKpnuXhIJzDhO48nSjJ5nUEuadPH1nGwQKCAQEA7twrUIMi
-+Vqze/X6VyfEBnX+n3ZyQHLGqUv/ww1ZOOHmSW5ceC4GxHa8EPDjoh9NEjYffwGq9
-+bfQh9Gntjk5gFipT/SfPrIhbPt59HthUqVvOGgSErCmn0vhsa0+ROpVi4K2WHS7O
-+7SEwnoCWd6p1omon2olVY0ODlMH4neCx/ZuKV8SRMREubABlL8/MLp37AkgKarTY
-+tewd0lpaZMvsjOhr1zVCGUUBxy87Fc7OKAcoQY8//0r8VMH7Jlga7F2PKVPzqRKf
-+tjeW5jMAuRxTqtEdIeclJZwvUMxvb23BbBE+mtvKpXv69TB3DK8T1YIkhW2CidZW
-+lad4MESC+QFNbQKCAQEA47PtULM/0ZFdE+PDDHOa2kJ2arm94sVIqF2168ZLXR69
-+NkvCWfjkUPDeejINCx7XQgk0d/+5BCvrJpcM7lE4XfnYVNtPpct1el6eTfaOcPU8
-+wAMsnq5n9Mxt02U+XRPtEqGk+lt0KLPDDSG88Z7jPmfftigLyPH6i/ZJyRUETlGk
-+rGnWSx/LFUxQU5aBa2jUCjKOKa+OOk2jGg50A5Cmk26v9sA/ksOHisMjfdIpZc9P
-+r4R0IteDDD5awlkWTF++5u1GpgU2yav4uan0wzY8OWYFzVyceA6+wffEcoplLm82
-+CPd/qJOB5HHkjoM+CJgfumFxlNtdowKvKNUxpoQNtQKCAQEAh3ugofFPp+Q0M4r6
-+gWnPZbuDxsLIR05K8vszYEjy4zup1YO4ygQNJ24fM91/n5Mo/jJEqwqgWd6w58ax
-+tRclj00BCMXtGMrbHqTqSXWhR9LH66AGdPTHuXWpYZDnKliTlic/z1u+iWhbAHyl
-+XEj2omIeKunc4gnod5cyYrKRouz3omLfi/pX33C19FGkWgjH2HpuViowBbhhDfCr
-+9yJoEWC/0njl/hlTMdzLYcpEyxWMMuuC/FZXG+hPgWdWFh3XVzTEL3Fd3+hWEkp5
-+rYWwu2ITaSiHvHaDrAvZZVXW8WoynXnvzr+tECgmTq57zI4eEwSTl4VY5VfxZ0dl
-+FsIzXQKCAQBC07GYd6MJPGJWzgeWhe8yk0Lxu6WRAll6oFYd5kqD/9uELePSSAup
-+/actsbbGRrziMpVlinWgVctjvf0bjFbArezhqqPLgtTtnwtS0kOnvzGfIM9dms4D
-+uGObISGWa5yuVSZ4G5MRxwA9wGMVfo4u6Iltin868FmZ7iRlkXd8DNYJi95KmgAe
-+NhF1FrzQ6ykf/QpgDZfuYI63vPorea6JonieMHn39s622OJ3sNBZguheGL+E4j8h
-+vsMgOskijQ8X8xdC7lDQC1qqEsk06ZvvNJQLW1zIl3tArhjHjPp5EEaJhym+Ldx3
-+UT3E3Zu9JfhZ2PNevqrShp0lnLw/pI3pAoIBAAUMz5Lj6V9ftsl1pTa8WDFeBJW0
-+Wa5AT1BZg/ip2uq2NLPnA5JWcD+v682fRSvIj1pU0DRi6VsXlzhs+1q3+sgqiXGz
-+u2ArFylh8TvC1gXUctXKZz/M3Rqr6aSNoejUGLmvHre+ja/k6Zwmu6ePtB7dL50d
-+6+xMTYquS4gLbrbSLcEu3iBAAnvRLreXK4KguPxaBdICB7v7epdpAKe3Z7hp/sst
-+eJj1+6KRdlcmt8fh5MPkBBXa6I/9XGmX5UEo7q4wAxeM9nuFWY3watz/EO9LiO6P
-+LmqUSWL65m4cX0VZPvhYEsHppKi1eoWGlHqS4Af5+aIXi2alu2iljQFeA+Q=
-+-----END RSA PRIVATE KEY-----
-diff --git a/test/openssl/fixtures/pkey/rsa-3.pem b/test/openssl/fixtures/pkey/rsa-3.pem
-new file mode 100644
-index 00000000..6c9c9ced
---- /dev/null
-+++ b/test/openssl/fixtures/pkey/rsa-3.pem
-@@ -0,0 +1,51 @@
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIJKAIBAAKCAgEAzn+YCcOh7BIRzrb7TEuhQLD545+/Fx/zCYO3l+y/8ogUxMTg
-+LG5HrcXlX3JP796ie90/GHIf8/lwczVhP1jk/keYjkwoTYDt477R7KRcJPyGqHRr
-+qLp7AnZxtz3JLNboTgO3bAYzlvtsSKU/R3oehBbGHzEWCP2UEYj/Kky0zpcjkhZU
-+jiErr9ARPq8+dOGqBf+CE2NLKYC1bu8hZe9AddvvN2SvfMN6uhJtEGZO1k8tScwf
-+AyvPJ1Po/6z08pzMAgfBUCE95waAVeYJWIOlnNB4eEievzlXdPB9vEt8OOwtWfQX
-+V8xyMsoKeAW05s413E0eTYx1aulFXdWwG2mWEBRtNzKF1iBudlg1a3x1zThWi1pY
-+jW5vROvoWZMCbl9bYQ/LxOCVqDoUl86+NPEGeuESMzm5NvOQA2e0Ty5wphnt9M19
-+Wcc8neBhb6iCGqYzxWNvUYXZWUv1+/MrPHKyJuv7MSivwtctfp8SacUGxkd6T+u6
-+V6ntHf3qtN/5pAmni6nzUTgjC65MS0LEhi/RTzwafkIfifeJH7/LqFtjrursuwua
-++p9lkACck/J5TpzaAfLroFQuepP8qgeq1cpD5Iii56IJ+FPSnkvesHuRUmZIkhtR
-+VVsVqMaNPv/Uzc02bOaRXWP4auUY91mDKx/FDmORa9YCDQxMkKke05SWQ90CAwEA
-+AQKCAgA0+B/c6VTgxGXS+7cMhB3yBTOkgva2jNh/6Uyv6Of345ZIPyQt4X/7gFbt
-+G9qLcjWFxmQH9kZiA+snclrmr/vVijIE1l5EOz1KfUlGBYcpaal1DqALIQKqyA01
-+buDq4pmmYWesiw6yvP2yyMipohav1VOu7p1zYvCXaufhRtneYICcWaQI7VNSfvHd
-+fYBs5PIDJd6M8Jx4Ie7obOjJSAzl7qu3LtmhDFev4Ugeu8+fQ6IfWv/dhWBW+zw6
-+UXhnv3bJUonw7wX8+/rxjdd54BMcXZF5cU9fR+s6MPJf2ZEc3OBpQaa3O9dTVeZH
-+kVctGVpRj2qlg9EewoWro0PQVE5Mjah+mdFhPAHWoGl1xht6xJmg0uHYxMCzbUSz
-+7NSS3knR0qieFvsp5ESY72i7DnQsbhbn6mTuYdVtm9bphxifAWCP3jFdft/bjtSF
-+4yuPI7Qga+3m0B8QhtbWhEzPVon6NyiY7qfa6qllp0opEbw2hE22uGFFNJo2mpPa
-+pe9VwARtD0IyfeklE7KrBEwV8NjTaAipZTZODw0w/dt4K3dOiePDl3pPWjmERpVg
-+Lkw7XSCMtu5X87I1BbfOYbQhOXksPY+W9Asf6ETBeIZ8bD6Iypuk2ssool1lukqv
-+yq1Y8gbR9B2x91ftYwXgzqBSvd8PFNsaXWLD3nrai2G1vb81lQKCAQEA6W02eZcN
-+7wJfkqNokcuqhc5OKXH14gVIRV+KocG6f3vg88wrCg5J2GqNhBFuwVrafJjRenm6
-+C8zWdneeyrl6cztgbaySw7kXnqFdTBiuOT8bhiG5NTPjDQ109EucaTbZU9KUXk6k
-+ChPlr4G6IPrONpvi/9BvDDZLZkwR6uIg1kFWBy9kZaxFUEIug02hrbkTpPtnEUrO
-+r3nG0QL/D0vf+bm4YHIVRMH2O2ZTTWexMw9XlfCe1+WjbJ+PS35QRCRDcRdWHXDb
-+HnIFIAajtH5LtaJLgWUYq3B25WkQYtbHmFkm94sp/G4trb8JIJGzVO8cj9t6KeAT
-+LG+tk8OqplqsYwKCAQEA4ne81KXx8VNwsKVFqwmiDIoi1q3beNa2hoXdzAMrnYdj
-+iLxbfCVgrKPav9hdfXPBncHaNlGsd2G5W1a1UsOr128lTdfBsgm1RVPhVMKvo3fl
-+yUnWajtAR1q3tVEUhuFlbJ/RHEtxJaGrzudYCPWQiYhydpDgSckbxD8PuElEgFBX
-+O91vnWZEjMsxrABWiZNBxmtBUEv+fjUU/9USYzO4sN79UeD1+ZuBxPFwscsRcjLr
-+bPgZWOwiywH6UmQ+DJTzeu0wJ6jgPoy/pgEujsbPDz1wNos6NhA/RQv31QeX33/B
-+7/F5XKNmbJ2AFb/B+xTaTQPg0pjT5Exm+HrNU5OivwKCAQEAsLLVi9FG4OiBBHXi
-+UItFuChljoYPxVqOTMV4Id6OmLZjoOmqouASElsGaTTxDDkEL1FXMUk4Bnq21dLT
-+R06EXPpTknISX0qbkJ9CCrqcGAWnhi+9DYMLmvPW1p7t9c9pUESVv5X0IxTQx7yB
-+8zkoJLp4aYGUrj/jb7qhzZYDmWy3/JRpgXWYupp+rzJy8xiowDj22mYwczDRyaJl
-+BWVAVL+7zHZPl07kYC6jXHLj9mzktkIBXBkfTriyNkmV5R82VkN+Eqc9l5xkOMwN
-+3DHGieYjFf47YHuv5RVVLBy91puWHckgrU+SEHYOKLNidybSDivsHArdOMQJN1Pk
-+uCznVQKCAQAYY7DQbfa6eLQAMixomSb8lrvdxueGAgmyPyR93jGKS5Rqm2521ket
-+EBB07MZUxmyposDvbKhYSwv9TD9G5I/TKcMouP3BQM5m4vu3dygXQMhcfzk6Q5tO
-+k/SI8Gx3gjq8EhIhK/bJiLnKFJwkit3AEhPRtRSSnbgB0JDO1gUslHpwlg55MxRa
-+3V9CGN84/cTtq4tjLGwCB5F1Y+sRB/byBXHeqY2UDi1Rmnb6jtYYKGe2WpnQO84b
-+cuEUknskO75lFLpE6ykLU3koVaQ/+CVAjOtS1He2btWBiCJurNysU0P9pVHeqjJT
-+rDqpHPe1JK/F74783zyir5+/Tuph/9pdAoIBAANPdFRQkJVH8K6iuhxQk6vFqiYB
-+MUxpIVeLonD0p9TgMdezVNESht/AIutc0+5wabM45XuDWFRTuonvcE8lckv2Ux3a
-+AvSsamjuesxw2YmkEtzZouVqDU0+oxppQJiwBG3MiaHX9F5IfnK6YmQ6xPwZ6MXi
-+9feq1jR4KOc1ZrHtRMNgjnBWEFWroGe3FHgV7O133hpMSshRFmwcbE0nAaDr82U9
-+sl8dclDjEKBxaqjAeNajOr+BU0w0AAwWXL7dt/ctG2QClcj9wqbEfsXnOR10h4AI
-+rqkcvQrOLbTwcrOD/6R1rQfQXtEHKf1maThxosootAQZXdf6jxU3oonx3tU=
-+-----END RSA PRIVATE KEY-----
-diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb
-index eac3655e..8d6ca1e9 100644
---- a/test/openssl/test_pair.rb
-+++ b/test/openssl/test_pair.rb
-@@ -10,7 +10,7 @@ def setup
-     ee_exts = [
-       ["keyUsage", "keyEncipherment,digitalSignature", true],
-     ]
--    @svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa1024")
-+    @svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa-1")
-     @svr_cert = issue_cert(svr_dn, @svr_key, 1, ee_exts, nil, nil)
-   end
- 
-@@ -23,7 +23,7 @@ def ssl_pair
-       sctx = OpenSSL::SSL::SSLContext.new
-       sctx.cert = @svr_cert
-       sctx.key = @svr_key
--      sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
-+      sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
-       sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
-       ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx)
-       ns = ssls.accept
-@@ -397,7 +397,7 @@ def test_connect_accept_nonblock_no_exception
-     ctx2 = OpenSSL::SSL::SSLContext.new
-     ctx2.cert = @svr_cert
-     ctx2.key = @svr_key
--    ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
-+    ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
- 
-     sock1, sock2 = tcp_pair
- 
-@@ -445,7 +445,7 @@ def test_connect_accept_nonblock
-     ctx = OpenSSL::SSL::SSLContext.new
-     ctx.cert = @svr_cert
-     ctx.key = @svr_key
--    ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") }
-+    ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") }
- 
-     sock1, sock2 = tcp_pair
- 
-diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
-index fb713813..79bf9bb7 100644
---- a/test/openssl/test_pkey_dh.rb
-+++ b/test/openssl/test_pkey_dh.rb
-@@ -19,7 +19,7 @@ def test_new_break
-   end
- 
-   def test_DHparams
--    dh1024 = Fixtures.pkey_dh("dh1024")
-+    dh1024 = Fixtures.pkey("dh1024")
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Integer(dh1024.p),
-       OpenSSL::ASN1::Integer(dh1024.g)
-@@ -42,7 +42,7 @@ def test_DHparams
-   end
- 
-   def test_public_key
--    dh = Fixtures.pkey_dh("dh1024")
-+    dh = Fixtures.pkey("dh1024")
-     public_key = dh.public_key
-     assert_no_key(public_key) #implies public_key.public? is false!
-     assert_equal(dh.to_der, public_key.to_der)
-@@ -50,14 +50,14 @@ def test_public_key
-   end
- 
-   def test_generate_key
--    dh = Fixtures.pkey_dh("dh1024").public_key # creates a copy
-+    dh = Fixtures.pkey("dh1024").public_key # creates a copy
-     assert_no_key(dh)
-     dh.generate_key!
-     assert_key(dh)
-   end
- 
-   def test_key_exchange
--    dh = Fixtures.pkey_dh("dh1024")
-+    dh = Fixtures.pkey("dh1024")
-     dh2 = dh.public_key
-     dh.generate_key!
-     dh2.generate_key!
-diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
-index 408c7d82..2633f7c4 100644
---- a/test/openssl/test_ssl.rb
-+++ b/test/openssl/test_ssl.rb
-@@ -712,7 +712,7 @@ def socketpair
- 
-   def test_tlsext_hostname
-     fooctx = OpenSSL::SSL::SSLContext.new
--    fooctx.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") }
-+    fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
-     fooctx.cert = @cli_cert
-     fooctx.key = @cli_key
- 
-@@ -764,7 +764,7 @@ def test_servername_cb_raises_an_exception_on_unknown_objects
-     ctx2 = OpenSSL::SSL::SSLContext.new
-     ctx2.cert = @svr_cert
-     ctx2.key = @svr_key
--    ctx2.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") }
-+    ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
-     ctx2.servername_cb = lambda { |args| Object.new }
- 
-     sock1, sock2 = socketpair
-@@ -1144,7 +1144,7 @@ def test_alpn_protocol_selection_cancel
-     ctx1 = OpenSSL::SSL::SSLContext.new
-     ctx1.cert = @svr_cert
-     ctx1.key = @svr_key
--    ctx1.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") }
-+    ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
-     ctx1.alpn_select_cb = -> (protocols) { nil }
-     ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
- 
-@@ -1386,20 +1386,21 @@ def test_fallback_scsv
-   def test_dh_callback
-     pend "TLS 1.2 is not supported" unless tls12_supported?
- 
-+    dh = Fixtures.pkey("dh-1")
-     called = false
-     ctx_proc = -> ctx {
-       ctx.ssl_version = :TLSv1_2
-       ctx.ciphers = "DH:!NULL"
-       ctx.tmp_dh_callback = ->(*args) {
-         called = true
--        Fixtures.pkey_dh("dh1024")
-+        dh
-       }
-     }
-     start_server(ctx_proc: ctx_proc) do |port|
-       server_connect(port) { |ssl|
-         assert called, "dh callback should be called"
-         if ssl.respond_to?(:tmp_key)
--          assert_equal Fixtures.pkey_dh("dh1024").to_der, ssl.tmp_key.to_der
-+          assert_equal dh.to_der, ssl.tmp_key.to_der
-         end
-       }
-     end
-diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
-index b7ddd891..fe626ade 100644
---- a/test/openssl/utils.rb
-+++ b/test/openssl/utils.rb
-@@ -42,10 +42,8 @@ module Fixtures
- 
-     def pkey(name)
-       OpenSSL::PKey.read(read_file("pkey", name))
--    end
--
--    def pkey_dh(name)
--      # DH parameters can be read by OpenSSL::PKey.read atm
-+    rescue OpenSSL::PKey::PKeyError
-+      # TODO: DH parameters can be read by OpenSSL::PKey.read atm
-       OpenSSL::PKey::DH.new(read_file("pkey", name))
-     end
- 
-@@ -157,9 +155,9 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase
- 
-   def setup
-     super
--    @ca_key  = Fixtures.pkey("rsa2048")
--    @svr_key = Fixtures.pkey("rsa1024")
--    @cli_key = Fixtures.pkey("rsa2048")
-+    @ca_key  = Fixtures.pkey("rsa-1")
-+    @svr_key = Fixtures.pkey("rsa-2")
-+    @cli_key = Fixtures.pkey("rsa-3")
-     @ca  = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
-     @svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
-     @cli = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost")
-@@ -200,7 +198,7 @@ def start_server(verify_mode: OpenSSL::SSL::VERIFY_NONE, start_immediately: true
-       ctx.cert_store = store
-       ctx.cert = @svr_cert
-       ctx.key = @svr_key
--      ctx.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") }
-+      ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") }
-       ctx.verify_mode = verify_mode
-       ctx_proc.call(ctx) if ctx_proc
- 
diff --git a/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch b/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch
new file mode 100644
index 0000000..99b0430
--- /dev/null
+++ b/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch
@@ -0,0 +1,26 @@
+From 2becb920e431110c4afc4fa069b051c5940c2096 Mon Sep 17 00:00:00 2001
+From: Jeremy Evans <code@jeremyevans.net>
+Date: Fri, 29 May 2020 14:13:30 -0700
+Subject: [PATCH] Convert ip addresses to canonical form in
+ Resolv::DNS::Requester::UnconnectedUDP#sender
+
+Otherwise, if the IP address given is not in canonical form, it
+won't match, and Resolv will ignore it.
+
+Fixes [Bug #16439]
+---
+ lib/resolv.rb | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/resolv.rb b/lib/resolv.rb
+index e7b45e785a85..d78531e174fd 100644
+--- a/lib/resolv.rb
++++ b/lib/resolv.rb
+@@ -762,6 +762,7 @@ def recv_reply(readable_socks)
+         end
+ 
+         def sender(msg, data, host, port=Port)
++          host = Addrinfo.ip(host).ip_address
+           lazy_initialize
+           sock = @socks_hash[host.index(':') ? "::" : "0.0.0.0"]
+           return nil if !sock
diff --git a/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch
new file mode 100644
index 0000000..948f79d
--- /dev/null
+++ b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch
@@ -0,0 +1,157 @@
+From 65cfebb041c454c246aaf32a177b0243915a9998 Mon Sep 17 00:00:00 2001
+From: fatkodima <fatkodima123@gmail.com>
+Date: Fri, 1 Nov 2019 23:06:10 +0200
+Subject: [PATCH] Don't use insecure temporary directory as home directory
+
+---
+ lib/bundler.rb                | 29 +++++++++++---------------
+ spec/bundler/bundler_spec.rb  | 38 +++++++++--------------------------
+ spec/bundler/settings_spec.rb |  2 +-
+ 3 files changed, 22 insertions(+), 47 deletions(-)
+
+diff --git a/lib/bundler.rb b/lib/bundler.rb
+index 2ada6fe7891..b184f7e69c6 100644
+--- a/lib/bundler.rb
++++ b/lib/bundler.rb
+@@ -170,8 +170,7 @@ def user_home
+         end
+ 
+         if warning
+-          Kernel.send(:require, "etc")
+-          user_home = tmp_home_path(Etc.getlogin, warning)
++          user_home = tmp_home_path(warning)
+           Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
+           user_home
+         else
+@@ -180,21 +180,6 @@ def user_home
+       end
+     end
+ 
+-    def tmp_home_path(login, warning)
+-      login ||= "unknown"
+-      Kernel.send(:require, "tmpdir")
+-      path = Pathname.new(Dir.tmpdir).join("bundler", "home")
+-      SharedHelpers.filesystem_access(path) do |tmp_home_path|
+-        unless tmp_home_path.exist?
+-          tmp_home_path.mkpath
+-          tmp_home_path.chmod(0o777)
+-        end
+-        tmp_home_path.join(login).tap(&:mkpath)
+-      end
+-    rescue RuntimeError => e
+-      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
+-    end
+-
+     def user_bundle_path(dir = "home")
+       env_var, fallback = case dir
+                           when "home"
+@@ -555,6 +555,17 @@ def configure_gem_home
+       Bundler.rubygems.clear_paths
+     end
+ 
++    def tmp_home_path(warning)
++      Kernel.send(:require, "tmpdir")
++      SharedHelpers.filesystem_access(Dir.tmpdir) do
++        path = Bundler.tmp
++        at_exit { Bundler.rm_rf(path) }
++        path
++      end
++    rescue RuntimeError => e
++      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
++    end
++
+     # @param env [Hash]
+     def with_env(env)
+       backup = ENV.to_hash
+diff --git a/spec/bundler/bundler/bundler_spec.rb b/spec/bundler/bundler/bundler_spec.rb
+index 74cf7ae05d3..247838600bf 100644
+--- a/spec/bundler/bundler/bundler_spec.rb
++++ b/spec/bundler/bundler/bundler_spec.rb
+@@ -232,16 +232,13 @@
+           path = "/home/oggy"
+           allow(Bundler.rubygems).to receive(:user_home).and_return(path)
+           allow(File).to receive(:directory?).with(path).and_return false
+-          allow(Etc).to receive(:getlogin).and_return("USER")
+-          allow(Dir).to receive(:tmpdir).and_return("/TMP")
+-          allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
+-          expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
++          allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
+           message = <<EOF
+ `/home/oggy` is not a directory.
+-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
++Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
+ EOF
+           expect(Bundler.ui).to receive(:warn).with(message)
+-          expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
++          expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
+         end
+       end
+ 
+@@ -254,16 +251,13 @@
+           allow(File).to receive(:directory?).with(path).and_return true
+           allow(File).to receive(:writable?).with(path).and_return false
+           allow(File).to receive(:directory?).with(dotbundle).and_return false
+-          allow(Etc).to receive(:getlogin).and_return("USER")
+-          allow(Dir).to receive(:tmpdir).and_return("/TMP")
+-          allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
+-          expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
++          allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
+           message = <<EOF
+ `/home/oggy` is not writable.
+-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
++Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
+ EOF
+           expect(Bundler.ui).to receive(:warn).with(message)
+-          expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
++          expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
+         end
+ 
+         context ".bundle exists and have correct permissions" do
+@@ -282,31 +276,17 @@
+     context "home directory is not set" do
+       it "should issue warning and return a temporary user home" do
+         allow(Bundler.rubygems).to receive(:user_home).and_return(nil)
+-        allow(Etc).to receive(:getlogin).and_return("USER")
+-        allow(Dir).to receive(:tmpdir).and_return("/TMP")
+-        allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true)
+-        expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER")
++        allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom"))
+         message = <<EOF
+ Your home directory is not set.
+-Bundler will use `/TMP/bundler/home/USER' as your home directory temporarily.
++Bundler will use `/tmp/trulyrandom' as your home directory temporarily.
+ EOF
+         expect(Bundler.ui).to receive(:warn).with(message)
+-        expect(Bundler.user_home).to eq(Pathname("/TMP/bundler/home/USER"))
++        expect(Bundler.user_home).to eq(Pathname("/tmp/trulyrandom"))
+       end
+     end
+   end
+ 
+-  describe "#tmp_home_path" do
+-    it "should create temporary user home" do
+-      allow(Dir).to receive(:tmpdir).and_return("/TMP")
+-      allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(false)
+-      expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home")
+-      expect(FileUtils).to receive(:mkpath).once.ordered.with("/TMP/bundler/home/USER")
+-      expect(File).to receive(:chmod).with(0o777, "/TMP/bundler/home")
+-      expect(Bundler.tmp_home_path("USER", "")).to eq(Pathname("/TMP/bundler/home/USER"))
+-    end
+-  end
+-
+   describe "#requires_sudo?" do
+     let!(:tmpdir) { Dir.mktmpdir }
+     let(:bundle_path) { Pathname("#{tmpdir}/bundle") }
+diff --git a/spec/bundler/bundler/settings_spec.rb b/spec/bundler/bundler/settings_spec.rb
+index 7e1dadded76..2a285fdcf37 100644
+--- a/spec/bundler/bundler/settings_spec.rb
++++ b/spec/bundler/bundler/settings_spec.rb
+@@ -67,7 +67,7 @@
+       context "when $TMPDIR is not writable" do
+         it "does not raise" do
+           expect(Bundler.rubygems).to receive(:user_home).twice.and_return(nil)
+-          expect(FileUtils).to receive(:mkpath).twice.with(File.join(Dir.tmpdir, "bundler", "home")).and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler")
++          expect(Bundler).to receive(:tmp).twice.and_raise(Errno::EROFS, "Read-only file system @ dir_s_mkdir - /tmp/bundler")
+ 
+           expect(subject.send(:global_config_file)).to be_nil
+         end
diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec
index e09834e..8807b02 100644
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@@ -1,6 +1,6 @@
 %global major_version 2
 %global minor_version 6
-%global teeny_version 3
+%global teeny_version 7
 %global major_minor_version %{major_version}.%{minor_version}
 
 %global ruby_version %{major_minor_version}.%{teeny_version}
@@ -21,7 +21,7 @@
 %endif
 
 
-%global release 106
+%global release 107
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
@@ -29,14 +29,11 @@
 %global rubygems_dir %{_datadir}/rubygems
 
 # Bundled libraries versions
-%global rubygems_version 3.0.3
+%global rubygems_version 3.0.3.1
 %global rubygems_molinillo_version 0.5.7
 
 %global bundler_version 1.17.2
-# FileUtils had not used to have separate versioning from Ruby :/ Lets use
-# date of bundling for now. The gemified version of FileUtils has already proper
-# version (if it's going to be bundled).
-%global bundler_fileutils_version 0.20170425
+%global bundler_fileutils_version 1.1.0
 %global bundler_molinillo_version 0.6.6
 %global bundler_net_http_persistent_version 2.9.4
 %global bundler_thor_version 0.20.0
@@ -51,8 +48,8 @@
 %global openssl_version 2.1.2
 %global power_assert_version 1.1.3
 %global psych_version 3.1.0
-%global rake_version 12.3.2
-%global rdoc_version 6.1.0
+%global rake_version 12.3.3
+%global rdoc_version 6.1.2
 %global test_unit_version 3.2.9
 %global xmlrpc_version 0.3.0
 
@@ -150,9 +147,6 @@ Patch12: rubygems-3.0.3-Avoid-rdoc-hook-when-its-failed-to-load-rdoc-library.pat
 # Add support for .include directive used by OpenSSL config files.
 # https://github.com/ruby/openssl/pull/216
 Patch22: ruby-2.6.0-config-support-include-directive.patch
-# Use larger keys to prevent test failures.
-# https://github.com/ruby/openssl/pull/217
-Patch23: ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
 
 # IO.select on all platforms to wait for input with recvfrom_nonblock
 # and accept_nonblock
@@ -165,6 +159,14 @@ Patch24: ruby-2.7.0-preview1-IO.select-on-all-platforms-to-wait-for-input-with-r
 # https://bugzilla.redhat.com/show_bug.cgi?id=1721569
 # https://github.com/ruby/fiddle/pull/20
 Patch25: ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch
+# Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
+# contains leading zero
+# https://bugzilla.redhat.com/show_bug.cgi?id=1944227
+Patch26: ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch
+# rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code
+# https://bugzilla.redhat.com/show_bug.cgi?id=1651826
+# https://github.com/rubygems/bundler/pull/7416
+Patch27: rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -557,9 +559,10 @@ rm -rf ext/fiddle/libffi*
 %patch11 -p1
 %patch12 -p1
 %patch22 -p1
-%patch23 -p1
 %patch24 -p1
 %patch25 -p1
+%patch26 -p1
+%patch27 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -616,16 +619,22 @@ make install DESTDIR=%{buildroot}
 sed -i 's/Version: \${ruby_version}/Version: %{ruby_version}/' %{buildroot}%{_libdir}/pkgconfig/%{name}.pc
 
 # Kill bundled certificates, as they should be part of ca-certificates.
+# bundler
 for cert in \
   rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem \
   rubygems.org/AddTrustExternalCARoot.pem \
   index.rubygems.org/GlobalSignRootCA.pem
 do
-  rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert
-  rm -r $(dirname %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert)
   rm %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert
   rm -r $(dirname %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert)
 done
+
+for cert in \
+    rubygems.org/GlobalSignRootCA.pem
+do
+  rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert
+  rm -r $(dirname %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert)
+done
 # Ensure there is not forgotten any certificate.
 test ! "$(ls -A  %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ 2>/dev/null)"
 test "$(ls -A  %{buildroot}%{ruby_libdir}/bundler/ssl_certs/ 2>/dev/null)" \
@@ -777,7 +786,7 @@ rm -f %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.gitignore
 %check
 %if 0%{?with_hardening_test}
 # Check Ruby hardening.
-checksec -f libruby.so.%{ruby_version} | \
+checksec --file=libruby.so.%{ruby_version} | \
   grep "Full RELRO.*Canary found.*NX enabled.*DSO.*No RPATH.*No RUNPATH.*Yes.*\d*.*\d*.*libruby.so.%{ruby_version}"
 %endif
 
@@ -850,6 +859,14 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/test_segv_\(setproctitle\|test\|loaded_featur
 # which fails on Koji.
 # https://bugs.ruby-lang.org/issues/14175
 sed -i '/def test_mdns_each_address$/,/^  end$/ s/^/#/' test/resolv/test_mdns.rb
+# Disable Timeouting test_queue_with_trap
+# https://github.com/ruby/ruby/pull/3101/
+sed -i '/^  def test_queue_with_trap$/,/^  end$/ s/^/#/g' \
+  test/ruby/test_thread_queue.rb
+# Disable "File.utime allows Time instances in the far future to set
+# mtime and atime".
+# https://bugs.ruby-lang.org/issues/16410
+MSPECOPTS="$MSPECOPTS -P 'File.utime allows Time instances in the far future to set mtime and atime'"
 
 # RHEL8 is using stronger crypto policies then Fedora ATM and upstream does
 # not support them yet. Disable the RHEL8 configuration for the moment.
@@ -1072,7 +1089,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/default/mutex_m-0.1.0.gemspec
 %{gem_dir}/specifications/default/ostruct-0.1.0.gemspec
 %{gem_dir}/specifications/default/prime-0.1.0.gemspec
-%{gem_dir}/specifications/default/rexml-3.1.9.gemspec
+%{gem_dir}/specifications/default/rexml-3.1.9.1.gemspec
 %{gem_dir}/specifications/default/rss-0.2.7.gemspec
 %{gem_dir}/specifications/default/scanf-1.0.0.gemspec
 %{gem_dir}/specifications/default/sdbm-1.0.0.gemspec
@@ -1082,7 +1099,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/default/sync-0.5.0.gemspec
 %{gem_dir}/specifications/default/thwait-0.1.0.gemspec
 %{gem_dir}/specifications/default/tracer-0.1.0.gemspec
-%{gem_dir}/specifications/default/webrick-1.4.2.gemspec
+%{gem_dir}/specifications/default/webrick-1.4.4.gemspec
 %{gem_dir}/specifications/default/zlib-1.0.0.gemspec
 
 %files -n rubygems-devel
@@ -1200,6 +1217,16 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{_mandir}/man5/gemfile.5*
 
 %changelog
+* Wed Apr 14 2021 Jarek Prokop <jprokop@redhat.com> - 2.6.7-107
+- Upgrade to Ruby 2.6.7.
+  Resolves: rhbz#1952627
+- Resolv::DNS: timeouts if multiple IPv6 name servers are given an address
+  containing leading zero
+  Resolves: rhbz#1954968
+- Fix: Rubygem-bundler: Don't use insecure tmp directory as home
+  allows for execution of malicious code.
+  Resolves: rhbz#1954969
+
 * Thu Jul 04 2019 Jun Aruga <jaruga@redhat.com> - 2.6.3-106
 - Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
   Resolves: rhbz#1727832