AlmaLinux changes

SOURCES/ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch

@@ -0,0 +1,116 @@
+From 346e147ba6480839b87046e9a9efab0bf6ed3660 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
+Date: Wed, 10 Aug 2016 17:35:48 +0200
+Subject: [PATCH] Rely on ldd to detect glibc.
+
+This is just workaround, since we know we are quite sure this will be successful
+on Red Hat platforms.
+
+This workaround rhbz#1361037
+---
+ test/fiddle/helper.rb | 92 ---------------------------------------------------
+ 1 file changed, 92 deletions(-)
+
+diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
+index 1da3d93..65148a1 100644
+--- a/test/fiddle/helper.rb
++++ b/test/fiddle/helper.rb
+@@ -6,95 +6,6 @@
+ 
+ libc_so = libm_so = nil
+ 
+-case RUBY_PLATFORM
+-when /cygwin/
+-  libc_so = "cygwin1.dll"
+-  libm_so = "cygwin1.dll"
+-when /linux/
+-  libdir = '/lib'
+-  case [0].pack('L!').size
+-  when 4
+-    # 32-bit ruby
+-    libdir = '/lib32' if File.directory? '/lib32'
+-  when 8
+-    # 64-bit ruby
+-    libdir = '/lib64' if File.directory? '/lib64'
+-  end
+-  libc_so = File.join(libdir, "libc.so.6")
+-  libm_so = File.join(libdir, "libm.so.6")
+-when /mingw/, /mswin/
+-  require "rbconfig"
+-  crtname = RbConfig::CONFIG["RUBY_SO_NAME"][/msvc\w+/] || 'ucrtbase'
+-  libc_so = libm_so = "#{crtname}.dll"
+-when /darwin/
+-  libc_so = "/usr/lib/libc.dylib"
+-  libm_so = "/usr/lib/libm.dylib"
+-when /kfreebsd/
+-  libc_so = "/lib/libc.so.0.1"
+-  libm_so = "/lib/libm.so.1"
+-when /gnu/	#GNU/Hurd
+-  libc_so = "/lib/libc.so.0.3"
+-  libm_so = "/lib/libm.so.6"
+-when /mirbsd/
+-  libc_so = "/usr/lib/libc.so.41.10"
+-  libm_so = "/usr/lib/libm.so.7.0"
+-when /freebsd/
+-  libc_so = "/lib/libc.so.7"
+-  libm_so = "/lib/libm.so.5"
+-when /bsd|dragonfly/
+-  libc_so = "/usr/lib/libc.so"
+-  libm_so = "/usr/lib/libm.so"
+-when /solaris/
+-  libdir = '/lib'
+-  case [0].pack('L!').size
+-  when 4
+-    # 32-bit ruby
+-    libdir = '/lib' if File.directory? '/lib'
+-  when 8
+-    # 64-bit ruby
+-    libdir = '/lib/64' if File.directory? '/lib/64'
+-  end
+-  libc_so = File.join(libdir, "libc.so")
+-  libm_so = File.join(libdir, "libm.so")
+-when /aix/
+-  pwd=Dir.pwd
+-  libc_so = libm_so = "#{pwd}/libaixdltest.so"
+-  unless File.exist? libc_so
+-    cobjs=%w!strcpy.o!
+-    mobjs=%w!floats.o sin.o!
+-    funcs=%w!sin sinf strcpy strncpy!
+-    expfile='dltest.exp'
+-    require 'tmpdir'
+-    Dir.mktmpdir do |dir|
+-      begin
+-        Dir.chdir dir
+-        %x!/usr/bin/ar x /usr/lib/libc.a #{cobjs.join(' ')}!
+-        %x!/usr/bin/ar x /usr/lib/libm.a #{mobjs.join(' ')}!
+-        %x!echo "#{funcs.join("\n")}\n" > #{expfile}!
+-        require 'rbconfig'
+-        if RbConfig::CONFIG["GCC"] = 'yes'
+-          lflag='-Wl,'
+-        else
+-          lflag=''
+-        end
+-        flags="#{lflag}-bE:#{expfile} #{lflag}-bnoentry -lm"
+-        %x!#{RbConfig::CONFIG["LDSHARED"]} -o #{libc_so} #{(cobjs+mobjs).join(' ')} #{flags}!
+-      ensure
+-        Dir.chdir pwd
+-      end
+-    end
+-  end
+-else
+-  libc_so = ARGV[0] if ARGV[0] && ARGV[0][0] == ?/
+-  libm_so = ARGV[1] if ARGV[1] && ARGV[1][0] == ?/
+-  if( !(libc_so && libm_so) )
+-    $stderr.puts("libc and libm not found: #{$0} <libc> <libm>")
+-  end
+-end
+-
+-libc_so = nil if !libc_so || (libc_so[0] == ?/ && !File.file?(libc_so))
+-libm_so = nil if !libm_so || (libm_so[0] == ?/ && !File.file?(libm_so))
+-
+ if !libc_so || !libm_so
+   ruby = EnvUtil.rubybin
+   ldd = `ldd #{ruby}`
+-- 
+2.9.2
+

SOURCES/ruby-2.5.9-skip-test_execopts_gid.patch

@@ -0,0 +1,12 @@
+diff -uprN a/test/ruby/test_process.rb b/test/ruby/test_process.rb
+--- a/test/ruby/test_process.rb	2021-07-07 13:21:03.853876760 +0300
++++ b/test/ruby/test_process.rb	2021-07-07 13:24:29.883818358 +0300
+@@ -1852,7 +1852,7 @@ class TestProcess < Test::Unit::TestCase
+   end
+ 
+   def test_execopts_gid
+-    skip "Process.groups not implemented on Windows platform" if windows?
++    skip "For ARM64 platform"
+     feature6975 = '[ruby-core:47414]'
+ 
+     [30000, *Process.groups.map {|g| g = Etc.getgrgid(g); [g.name, g.gid]}].each do |group, gid|

SOURCES/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch

@@ -1,69 +0,0 @@
-From 9d98bfe7f1abdeda5aedf9404588104980ee7a86 Mon Sep 17 00:00:00 2001
-From: aycabta <aycabta@gmail.com>
-Date: Mon, 15 Jan 2018 22:32:56 +0900
-Subject: [PATCH] Check nil text token
-
-Sometimes :on_ignored_nl token has nil text. This commit checks and
-bypasses the token.
----
- lib/rdoc/parser/ripper_state_lex.rb |  4 +++-
- test/test_rdoc_parser_ruby.rb       | 30 +++++++++++++++++++++++++++++
- 2 files changed, 33 insertions(+), 1 deletion(-)
-
-diff --git a/lib/rdoc/parser/ripper_state_lex.rb b/lib/rdoc/parser/ripper_state_lex.rb
-index 2a285b97a4..c56cef46ee 100644
---- a/lib/rdoc/parser/ripper_state_lex.rb
-+++ b/lib/rdoc/parser/ripper_state_lex.rb
-@@ -330,8 +330,10 @@ class RDoc::RipperStateLex
-       @heredoc_queue << retrieve_heredoc_info(tk)
-       @inner_lex.lex_state = EXPR_END unless RIPPER_HAS_LEX_STATE
-     when :on_nl, :on_ignored_nl, :on_comment, :on_heredoc_end then
--      unless @heredoc_queue.empty?
-+      if !@heredoc_queue.empty?
-         get_heredoc_tk(*@heredoc_queue.shift)
-+      elsif tk[:text].nil? # :on_ignored_nl sometimes gives nil
-+        tk[:text] = ''
-       end
-     when :on_words_beg then
-       tk = get_words_tk(tk)
-diff --git a/test/rdoc/test_rdoc_parser_ruby.rb b/test/rdoc/test_rdoc_parser_ruby.rb
-index 833ed2cc74..c9d57021ce 100644
---- a/test/rdoc/test_rdoc_parser_ruby.rb
-+++ b/test/rdoc/test_rdoc_parser_ruby.rb
-@@ -306,6 +306,36 @@ def sum(n)
-     assert_equal @top_level, sum.file
-   end
-
-+  def test_parse_on_ignored_nl_with_nil_text
-+    util_parser <<ruby
-+class Foo
-+  def meth
-+    variable # comment
-+      .chain
-+  end
-+end
-+ruby
-+
-+    expected = <<EXPECTED
-+<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">meth</span>
-+  <span class="ruby-identifier">variable</span> <span class="ruby-comment"># comment</span>
-+    .<span class="ruby-identifier">chain</span>
-+<span class="ruby-keyword">end</span>
-+EXPECTED
-+    expected = expected.rstrip
-+
-+    @parser.scan
-+
-+    foo = @store.find_class_named 'Foo'
-+    meth = foo.method_list.first
-+
-+    assert_equal 'meth',     meth.name
-+    assert_equal @top_level, meth.file
-+
-+    markup_code = meth.markup_code.sub(/^.*\n/, '')
-+    assert_equal expected, markup_code
-+  end
-+
-   def test_parse_alias
-     klass = RDoc::NormalClass.new 'Foo'
-     klass.parent = @top_level

SOURCES/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch

@@ -1,73 +0,0 @@
-From 8e2ed0b9d965a526b29f9dc3bff8e9fe33dae98d Mon Sep 17 00:00:00 2001
-From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date: Tue, 12 Apr 2022 11:49:45 +0000
-Subject: [PATCH] Fix CVE-2022-28739 Buffer overrun in str2float.
-
-CVE-2022-28739: Buffer overrun in String-to-Float conversion
-Backported from upstream Ruby 2.6.10,
-Git commit:
-https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306
-
-==== Original commit message
-
-Fix dtoa buffer overrun
-
-git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
----
- test/ruby/test_float.rb | 18 ++++++++++++++++++
- util.c                  |  3 ++-
- 2 files changed, 20 insertions(+), 1 deletion(-)
-
-diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
-index 7fabfd3..78c63c2 100644
---- a/test/ruby/test_float.rb
-+++ b/test/ruby/test_float.rb
-@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
-       assert_raise(ArgumentError, n += z + "A") {Float(n)}
-       assert_raise(ArgumentError, n += z + ".0") {Float(n)}
-     end
-+
-+    x = nil
-+    2000.times do
-+      x = Float("0x"+"0"*30)
-+      break unless x == 0.0
-+    end
-+    assert_equal(0.0, x, ->{"%a" % x})
-+    x = nil
-+    2000.times do
-+      begin
-+        x = Float("0x1."+"0"*270)
-+      rescue ArgumentError => e
-+        raise unless /"0x1\.0{270}"/ =~ e.message
-+      else
-+        break
-+      end
-+    end
-+    assert_nil(x, ->{"%a" % x})
-   end
- 
-   def test_divmod
-diff --git a/util.c b/util.c
-index 2222744..f1d910f 100644
---- a/util.c
-+++ b/util.c
-@@ -2046,6 +2046,7 @@ break2:
- 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
- 	    if (*s == '0') {
- 		while (*++s == '0');
-+		if (!*s) goto ret;
- 		s1 = strchr(hexdigit, *s);
- 	    }
- 	    if (s1 != NULL) {
-@@ -2068,7 +2069,7 @@ break2:
- 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
- 		    adj += aadj * ((s1 - hexdigit) & 15);
- 		    if ((aadj /= 16) == 0.0) {
--			while (strchr(hexdigit, *++s));
-+			while (*++s && strchr(hexdigit, *s));
- 			break;
- 		    }
- 		}
--- 
-2.41.0
-

SOURCES/ruby-2.6.8-net-ftp-pasv-can-connect-to-arbitrary-host.patch

@@ -1,247 +0,0 @@
-commit be5a83e84a34091f2a4e3c6dfb911b20e78e690c
-Author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date:   Wed Jul 7 10:34:08 2021 +0000
-
-    Ignore IP addresses in PASV responses by default, and add new option use_pasv_ip
-    
-    This fixes CVE-2021-31810.
-    Reported by Alexandr Savca.
-    
-    Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
-    
-    
-    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67949 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-
-diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
-index e68d825dcf..c5d669d898 100644
---- a/lib/net/ftp.rb
-+++ b/lib/net/ftp.rb
-@@ -97,6 +97,10 @@ class FTP < Protocol
-     # When +true+, the connection is in passive mode.  Default: +true+.
-     attr_accessor :passive
- 
-+    # When +true+, use the IP address in PASV responses.  Otherwise, it uses
-+    # the same IP address for the control connection.  Default: +false+.
-+    attr_accessor :use_pasv_ip
-+
-     # When +true+, all traffic to and from the server is written
-     # to +$stdout+.  Default: +false+.
-     attr_accessor :debug_mode
-@@ -205,6 +209,9 @@ def FTP.open(host, *args)
-     #                          handshake.
-     #                          See Net::FTP#ssl_handshake_timeout for
-     #                          details.  Default: +nil+.
-+    # use_pasv_ip::  When +true+, use the IP address in PASV responses.
-+    #                Otherwise, it uses the same IP address for the control
-+    #                connection.  Default: +false+.
-     # debug_mode::  When +true+, all traffic to and from the server is
-     #               written to +$stdout+.  Default: +false+.
-     #
-@@ -265,6 +272,7 @@ def initialize(host = nil, user_or_options = {}, passwd = nil, acct = nil)
-       @open_timeout = options[:open_timeout]
-       @ssl_handshake_timeout = options[:ssl_handshake_timeout]
-       @read_timeout = options[:read_timeout] || 60
-+      @use_pasv_ip = options[:use_pasv_ip] || false
-       if host
-         connect(host, options[:port] || FTP_PORT)
-         if options[:username]
-@@ -1330,7 +1338,12 @@ def parse227(resp) # :nodoc:
-         raise FTPReplyError, resp
-       end
-       if m = /\((?<host>\d+(,\d+){3}),(?<port>\d+,\d+)\)/.match(resp)
--        return parse_pasv_ipv4_host(m["host"]), parse_pasv_port(m["port"])
-+        if @use_pasv_ip
-+          host = parse_pasv_ipv4_host(m["host"])
-+        else
-+          host = @bare_sock.remote_address.ip_address
-+        end
-+        return host, parse_pasv_port(m["port"])
-       else
-         raise FTPProtoError, resp
-       end
-diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb
-index a5219644bb..b3fe7774ed 100644
---- a/test/net/ftp/test_ftp.rb
-+++ b/test/net/ftp/test_ftp.rb
-@@ -61,7 +61,7 @@ def test_connect_fail
-   end
- 
-   def test_parse227
--    ftp = Net::FTP.new
-+    ftp = Net::FTP.new(nil, use_pasv_ip: true)
-     host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)")
-     assert_equal("192.168.0.1", host)
-     assert_equal(3106, port)
-@@ -80,6 +80,14 @@ def test_parse227
-     assert_raise(Net::FTPProtoError) do
-       ftp.send(:parse227, "227 ) foo bar (")
-     end
-+
-+    ftp = Net::FTP.new
-+    sock = OpenStruct.new
-+    sock.remote_address = OpenStruct.new
-+    sock.remote_address.ip_address = "10.0.0.1"
-+    ftp.instance_variable_set(:@bare_sock, sock)
-+    host, port = ftp.send(:parse227, "227 Entering Passive Mode (192,168,0,1,12,34)")
-+    assert_equal("10.0.0.1", host)
-   end
- 
-   def test_parse228
-@@ -2360,10 +2368,155 @@ def test_puttextfile_command_injection
-     end
-   end
- 
-+  def test_ignore_pasv_ip
-+    commands = []
-+    binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
-+    server = create_ftp_server(nil, "127.0.0.1") { |sock|
-+      sock.print("220 (test_ftp).\r\n")
-+      commands.push(sock.gets)
-+      sock.print("331 Please specify the password.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("230 Login successful.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("200 Switching to Binary mode.\r\n")
-+      line = sock.gets
-+      commands.push(line)
-+      data_server = TCPServer.new("127.0.0.1", 0)
-+      port = data_server.local_address.ip_port
-+      sock.printf("227 Entering Passive Mode (999,0,0,1,%s).\r\n",
-+                  port.divmod(256).join(","))
-+      commands.push(sock.gets)
-+      sock.print("150 Opening BINARY mode data connection for foo (#{binary_data.size} bytes)\r\n")
-+      conn = data_server.accept
-+      binary_data.scan(/.{1,1024}/nm) do |s|
-+        conn.print(s)
-+      end
-+      conn.shutdown(Socket::SHUT_WR)
-+      conn.read
-+      conn.close
-+      data_server.close
-+      sock.print("226 Transfer complete.\r\n")
-+    }
-+    begin
-+      begin
-+        ftp = Net::FTP.new
-+        ftp.passive = true
-+        ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
-+        ftp.connect("127.0.0.1", server.port)
-+        ftp.login
-+        assert_match(/\AUSER /, commands.shift)
-+        assert_match(/\APASS /, commands.shift)
-+        assert_equal("TYPE I\r\n", commands.shift)
-+        buf = ftp.getbinaryfile("foo", nil)
-+        assert_equal(binary_data, buf)
-+        assert_equal(Encoding::ASCII_8BIT, buf.encoding)
-+        assert_equal("PASV\r\n", commands.shift)
-+        assert_equal("RETR foo\r\n", commands.shift)
-+        assert_equal(nil, commands.shift)
-+      ensure
-+        ftp.close if ftp
-+      end
-+    ensure
-+      server.close
-+    end
-+  end
-+
-+  def test_use_pasv_ip
-+    commands = []
-+    binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
-+    server = create_ftp_server(nil, "127.0.0.1") { |sock|
-+      sock.print("220 (test_ftp).\r\n")
-+      commands.push(sock.gets)
-+      sock.print("331 Please specify the password.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("230 Login successful.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("200 Switching to Binary mode.\r\n")
-+      line = sock.gets
-+      commands.push(line)
-+      data_server = TCPServer.new("127.0.0.1", 0)
-+      port = data_server.local_address.ip_port
-+      sock.printf("227 Entering Passive Mode (127,0,0,1,%s).\r\n",
-+                  port.divmod(256).join(","))
-+      commands.push(sock.gets)
-+      sock.print("150 Opening BINARY mode data connection for foo (#{binary_data.size} bytes)\r\n")
-+      conn = data_server.accept
-+      binary_data.scan(/.{1,1024}/nm) do |s|
-+        conn.print(s)
-+      end
-+      conn.shutdown(Socket::SHUT_WR)
-+      conn.read
-+      conn.close
-+      data_server.close
-+      sock.print("226 Transfer complete.\r\n")
-+    }
-+    begin
-+      begin
-+        ftp = Net::FTP.new
-+        ftp.passive = true
-+        ftp.use_pasv_ip = true
-+        ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
-+        ftp.connect("127.0.0.1", server.port)
-+        ftp.login
-+        assert_match(/\AUSER /, commands.shift)
-+        assert_match(/\APASS /, commands.shift)
-+        assert_equal("TYPE I\r\n", commands.shift)
-+        buf = ftp.getbinaryfile("foo", nil)
-+        assert_equal(binary_data, buf)
-+        assert_equal(Encoding::ASCII_8BIT, buf.encoding)
-+        assert_equal("PASV\r\n", commands.shift)
-+        assert_equal("RETR foo\r\n", commands.shift)
-+        assert_equal(nil, commands.shift)
-+      ensure
-+        ftp.close if ftp
-+      end
-+    ensure
-+      server.close
-+    end
-+  end
-+
-+  def test_use_pasv_invalid_ip
-+    commands = []
-+    binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3
-+    server = create_ftp_server(nil, "127.0.0.1") { |sock|
-+      sock.print("220 (test_ftp).\r\n")
-+      commands.push(sock.gets)
-+      sock.print("331 Please specify the password.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("230 Login successful.\r\n")
-+      commands.push(sock.gets)
-+      sock.print("200 Switching to Binary mode.\r\n")
-+      line = sock.gets
-+      commands.push(line)
-+      sock.print("227 Entering Passive Mode (999,0,0,1,48,57).\r\n")
-+      commands.push(sock.gets)
-+    }
-+    begin
-+      begin
-+        ftp = Net::FTP.new
-+        ftp.passive = true
-+        ftp.use_pasv_ip = true
-+        ftp.read_timeout *= 5 if defined?(RubyVM::MJIT) && RubyVM::MJIT.enabled? # for --jit-wait
-+        ftp.connect("127.0.0.1", server.port)
-+        ftp.login
-+        assert_match(/\AUSER /, commands.shift)
-+        assert_match(/\APASS /, commands.shift)
-+        assert_equal("TYPE I\r\n", commands.shift)
-+        assert_raise(SocketError) do
-+          ftp.getbinaryfile("foo", nil)
-+        end
-+      ensure
-+        ftp.close if ftp
-+      end
-+    ensure
-+      server.close
-+    end
-+  end
-+
-   private
- 
--  def create_ftp_server(sleep_time = nil)
--    server = TCPServer.new(SERVER_ADDR, 0)
-+  def create_ftp_server(sleep_time = nil, addr = SERVER_ADDR)
-+    server = TCPServer.new(addr, 0)
-     @thread = Thread.start do
-       if sleep_time
-         sleep(sleep_time)

SOURCES/ruby-2.6.8-net-imap-startls-stripping-vulnerability.patch

@@ -1,101 +0,0 @@
-commit 95ba9053e20ad8d113af37b3f1f4cbfff1f6a8f1
-Author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date:   Wed Jul 7 10:38:10 2021 +0000
-
-    Fix StartTLS stripping vulnerability
-    
-    Reported by Alexandr Savca in https://hackerone.com/reports/1178562
-    
-    Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
-    
-    
-    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-
-diff --git a/lib/net/imap.rb b/lib/net/imap.rb
-index 1c7e89ba14..91df89b79e 100644
---- a/lib/net/imap.rb
-+++ b/lib/net/imap.rb
-@@ -1213,12 +1213,14 @@ def get_tagged_response(tag, cmd)
-       end
-       resp = @tagged_responses.delete(tag)
-       case resp.name
-+      when /\A(?:OK)\z/ni
-+        return resp
-       when /\A(?:NO)\z/ni
-         raise NoResponseError, resp
-       when /\A(?:BAD)\z/ni
-         raise BadResponseError, resp
-       else
--        return resp
-+        raise UnknownResponseError, resp
-       end
-     end
- 
-@@ -3714,6 +3716,10 @@ class BadResponseError < ResponseError
-     class ByeResponseError < ResponseError
-     end
- 
-+    # Error raised upon an unknown response from the server.
-+    class UnknownResponseError < ResponseError
-+    end
-+
-     RESPONSE_ERRORS = Hash.new(ResponseError)
-     RESPONSE_ERRORS["NO"] = NoResponseError
-     RESPONSE_ERRORS["BAD"] = BadResponseError
-diff --git a/test/net/imap/test_imap.rb b/test/net/imap/test_imap.rb
-index 936f4e0f42..81928cb8fe 100644
---- a/test/net/imap/test_imap.rb
-+++ b/test/net/imap/test_imap.rb
-@@ -127,6 +127,24 @@ def test_starttls
-         imap.disconnect
-       end
-     end
-+
-+    def test_starttls_stripping
-+      starttls_stripping_test do |port|
-+        imap = Net::IMAP.new("localhost", :port => port)
-+        assert_raise(Net::IMAP::UnknownResponseError) do
-+          imap.starttls(:ca_file => CA_FILE)
-+        end
-+        imap
-+      end
-+    end
-+  end
-+
-+  def start_server
-+    th = Thread.new do
-+      yield
-+    end
-+    @threads << th
-+    sleep 0.1 until th.stop?
-   end
- 
-   def test_unexpected_eof
-@@ -760,6 +760,27 @@ def starttls_test
-     end
-   end
- 
-+  def starttls_stripping_test
-+    server = create_tcp_server
-+    port = server.addr[1]
-+    start_server do
-+      sock = server.accept
-+      begin
-+        sock.print("* OK test server\r\n")
-+        sock.gets
-+        sock.print("RUBY0001 BUG unhandled command\r\n")
-+      ensure
-+        sock.close
-+        server.close
-+      end
-+    end
-+    begin
-+      imap = yield(port)
-+    ensure
-+      imap.disconnect if imap && !imap.disconnected?
-+    end
-+  end
-+
-   def create_tcp_server
-     return TCPServer.new(server_addr, 0)
-   end

SOURCES/ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch

@@ -1,88 +0,0 @@
-commit fe3c49c9baeeab58304ede915b7edd18ecf360fc
-Author: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date:   Sat Jul 3 17:10:28 2021 +0000
-
-    merge revision(s) b1c73f23,c9ab8fe2: [Backport #17877]
-    
-            [ruby/rdoc] Use File.open to fix the OS Command Injection vulnerability in CVE-2021-31799
-    
-            https://github.com/ruby/rdoc/commit/a7f5d6ab88
-    
-            The test for command injection on Unix platforms should be omitted on Windows
-    
-    
-    git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-
-diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
-index ca2c1abefd..46aace7839 100644
---- a/lib/rdoc/rdoc.rb
-+++ b/lib/rdoc/rdoc.rb
-@@ -436,7 +436,7 @@ def remove_unparseable files
-     files.reject do |file|
-       file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
-         (file =~ /tags$/i and
--         open(file, 'rb') { |io|
-+         File.open(file, 'rb') { |io|
-            io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
-          })
-     end
---- a/lib/rdoc/encoding.rb	2022-02-16 16:51:28.080178281 +0100
-+++ b/lib/rdoc/encoding.rb	2022-02-16 16:51:37.108160840 +0100
-@@ -18,7 +18,7 @@
-   # unknown character in the target encoding will be replaced with '?'
- 
-   def self.read_file filename, encoding, force_transcode = false
--    content = open filename, "rb" do |f| f.read end
-+    content = File.open filename, "rb" do |f| f.read end
-     content.gsub!("\r\n", "\n") if RUBY_PLATFORM =~ /mswin|mingw/
- 
-     utf8 = content.sub!(/\A\xef\xbb\xbf/, '')
---- a/lib/rdoc/parser.rb	2021-04-05 13:46:35.000000000 +0200
-+++ b/lib/rdoc/parser.rb	2022-02-16 15:37:17.904822389 +0100
-@@ -74,7 +74,12 @@
-   def self.binary?(file)
-     return false if file =~ /\.(rdoc|txt)$/
- 
--    s = File.read(file, 1024) or return false
-+    begin
-+      open_file = File.open(file)
-+      s = open_file.read(1024) or return false
-+    ensure
-+      open_file.close if open_file
-+    end
- 
-     return true if s[0, 2] == Marshal.dump('')[0, 2] or s.index("\x00")
- 
-@@ -92,7 +97,8 @@
-   # http://www.garykessler.net/library/file_sigs.html
- 
-   def self.zip? file
--    zip_signature = File.read file, 4
-+    zip_signature = ''
-+    File.open(file) { |f| zip_signature = f.read(4) }
- 
-     zip_signature == "PK\x03\x04" or
-       zip_signature == "PK\x05\x06" or
-diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
-index 3bce54b243..123b1a4f87 100644
---- a/test/rdoc/test_rdoc_rdoc.rb
-+++ b/test/rdoc/test_rdoc_rdoc.rb
-@@ -366,6 +366,18 @@ def test_remove_unparseable_tags_vim
-     end
-   end
- 
-+  def test_remove_unparseable_CVE_2021_31799
-+    skip 'for Un*x platforms' if Gem.win_platform?
-+    temp_dir do
-+      file_list = ['| touch evil.txt && echo tags']
-+      file_list.each do |f|
-+        FileUtils.touch f
-+      end
-+      assert_equal file_list, @rdoc.remove_unparseable(file_list)
-+      assert_equal file_list, Dir.children('.')
-+    end
-+  end
-+
-   def test_setup_output_dir
-     Dir.mktmpdir {|d|
-       path = File.join d, 'testdir'

SOURCES/ruby-2.6.9-cgi-0.1.1-cookie-parse-not-decode-names.patch

@@ -1,42 +0,0 @@
-From e2c0652dff671dc6e16a80887e781edc0abc8454 Mon Sep 17 00:00:00 2001
-From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
-Date: Wed, 24 Nov 2021 11:41:55 +0000
-Subject: [PATCH 2/2] When parsing cookies, only decode the values
-
-git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
----
- lib/cgi/cookie.rb           | 1 -
- test/cgi/test_cgi_cookie.rb | 5 +++++
- 2 files changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
-index a2155edb77..009566bb92 100644
---- a/lib/cgi/cookie.rb
-+++ b/lib/cgi/cookie.rb
-@@ -165,7 +165,6 @@ def self.parse(raw_cookie)
-       raw_cookie.split(/;\s?/).each do |pairs|
-         name, values = pairs.split('=',2)
-         next unless name and values
--        name = CGI.unescape(name)
-         values ||= ""
-         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
-         if cookies.has_key?(name)
-diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
-index 115a57e4a1..985cc0d7a1 100644
---- a/test/cgi/test_cgi_cookie.rb
-+++ b/test/cgi/test_cgi_cookie.rb
-@@ -101,6 +101,11 @@ def test_cgi_cookie_parse
-     end
-   end
- 
-+  def test_cgi_cookie_parse_not_decode_name
-+    cookie_str = "%66oo=baz;foo=bar"
-+    cookies = CGI::Cookie.parse(cookie_str)
-+    assert_equal({"%66oo" => ["baz"], "foo" => ["bar"]}, cookies)
-+  end
- 
-   def test_cgi_cookie_arrayinterface
-     cookie = CGI::Cookie.new('name1', 'a', 'b', 'c')
--- 
-2.36.1
-

SOURCES/ruby-2.6.9-date-2.0.1-parse-length-limit.patch

@@ -1,918 +0,0 @@
-From d5753ec513fa5a4bdcf59fa298642fd0d3a3c364 Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh <mame@ruby-lang.org>
-Date: Fri, 12 Nov 2021 12:11:13 +0900
-Subject: [PATCH 1/2] Add length limit option for methods that parses date
- strings
-
-This patch fixes CVE-2021-41817 and created from the commit
-<https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3>.
-We didn't merge the files included in the original commit below, as those are
-for rebasing date gem version.
-
-* ext/date/date.gemspec
-* ext/date/lib/date.rb
-
-== Original commit message ==
-
-`Date.parse` now raises an ArgumentError when a given date string is
-longer than 128. You can configure the limit by giving `limit` keyword
-arguments like `Date.parse(str, limit: 1000)`. If you pass `limit: nil`,
-the limit is disabled.
-
-Not only `Date.parse` but also the following methods are changed.
-
-* Date._parse
-* Date.parse
-* DateTime.parse
-* Date._iso8601
-* Date.iso8601
-* DateTime.iso8601
-* Date._rfc3339
-* Date.rfc3339
-* DateTime.rfc3339
-* Date._xmlschema
-* Date.xmlschema
-* DateTime.xmlschema
-* Date._rfc2822
-* Date.rfc2822
-* DateTime.rfc2822
-* Date._rfc822
-* Date.rfc822
-* DateTime.rfc822
-* Date._jisx0301
-* Date.jisx0301
-* DateTime.jisx0301
----
- ext/date/date_core.c         | 384 +++++++++++++++++++++++++++--------
- test/date/test_date_parse.rb |  29 +++
- 2 files changed, 325 insertions(+), 88 deletions(-)
-
-diff --git a/ext/date/date_core.c b/ext/date/date_core.c
-index c250633426..177ea0f6c5 100644
---- a/ext/date/date_core.c
-+++ b/ext/date/date_core.c
-@@ -4290,12 +4290,37 @@ date_s_strptime(int argc, VALUE *argv, VALUE klass)
- 
- VALUE date__parse(VALUE str, VALUE comp);
- 
-+static size_t
-+get_limit(VALUE opt)
-+{
-+    if (!NIL_P(opt)) {
-+        VALUE limit = rb_hash_aref(opt, ID2SYM(rb_intern("limit")));
-+        if (NIL_P(limit)) return SIZE_MAX;
-+        return NUM2SIZET(limit);
-+    }
-+    return 128;
-+}
-+
-+static void
-+check_limit(VALUE str, VALUE opt)
-+{
-+    StringValue(str);
-+    size_t slen = RSTRING_LEN(str);
-+    size_t limit = get_limit(opt);
-+    if (slen > limit) {
-+	rb_raise(rb_eArgError,
-+		 "string length (%"PRI_SIZE_PREFIX"u) exceeds the limit %"PRI_SIZE_PREFIX"u", slen, limit);
-+    }
-+}
-+
- static VALUE
- date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE vstr, vcomp, hash;
-+    VALUE vstr, vcomp, hash, opt;
- 
--    rb_scan_args(argc, argv, "11", &vstr, &vcomp);
-+    rb_scan_args(argc, argv, "11:", &vstr, &vcomp, &opt);
-+    if (!NIL_P(opt)) argc--;
-+    check_limit(vstr, opt);
-     StringValue(vstr);
-     if (!rb_enc_str_asciicompat_p(vstr))
- 	rb_raise(rb_eArgError,
-@@ -4320,7 +4345,7 @@ date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
- 
- /*
-  * call-seq:
-- *    Date._parse(string[, comp=true])  ->  hash
-+ *    Date._parse(string[, comp=true], limit: 128)  ->  hash
-  *
-  * Parses the given representation of date and time, and returns a
-  * hash of parsed elements.  This method does not function as a
-@@ -4331,6 +4356,10 @@ date_s__parse_internal(int argc, VALUE *argv, VALUE klass)
-  * it full.
-  *
-  *    Date._parse('2001-02-03')	#=> {:year=>2001, :mon=>2, :mday=>3}
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s__parse(int argc, VALUE *argv, VALUE klass)
-@@ -4340,7 +4369,7 @@ date_s__parse(int argc, VALUE *argv, VALUE klass)
- 
- /*
-  * call-seq:
-- *    Date.parse(string='-4712-01-01'[, comp=true[, start=Date::ITALY]])  ->  date
-+ *    Date.parse(string='-4712-01-01'[, comp=true[, start=Date::ITALY]], limit: 128)  ->  date
-  *
-  * Parses the given representation of date and time, and creates a
-  * date object.  This method does not function as a validator.
-@@ -4352,13 +4381,18 @@ date_s__parse(int argc, VALUE *argv, VALUE klass)
-  *    Date.parse('2001-02-03')		#=> #<Date: 2001-02-03 ...>
-  *    Date.parse('20010203')		#=> #<Date: 2001-02-03 ...>
-  *    Date.parse('3rd Feb 2001')	#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_parse(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, comp, sg;
-+    VALUE str, comp, sg, opt;
- 
--    rb_scan_args(argc, argv, "03", &str, &comp, &sg);
-+    rb_scan_args(argc, argv, "03:", &str, &comp, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -4370,11 +4404,12 @@ date_s_parse(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE argv2[2], hash;
--
--	argv2[0] = str;
--	argv2[1] = comp;
--	hash = date_s__parse(2, argv2, klass);
-+        int argc2 = 2;
-+	VALUE argv2[3];
-+        argv2[0] = str;
-+        argv2[1] = comp;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__parse(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
-@@ -4388,19 +4423,28 @@ VALUE date__jisx0301(VALUE);
- 
- /*
-  * call-seq:
-- *    Date._iso8601(string)  ->  hash
-+ *    Date._iso8601(string, limit: 128)  ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__iso8601(VALUE klass, VALUE str)
-+date_s__iso8601(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__iso8601(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.iso8601(string='-4712-01-01'[, start=Date::ITALY])  ->  date
-+ *    Date.iso8601(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some typical ISO 8601 formats.
-@@ -4408,13 +4452,18 @@ date_s__iso8601(VALUE klass, VALUE str)
-  *    Date.iso8601('2001-02-03')	#=> #<Date: 2001-02-03 ...>
-  *    Date.iso8601('20010203')		#=> #<Date: 2001-02-03 ...>
-  *    Date.iso8601('2001-W05-6')	#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_iso8601(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -4424,38 +4473,56 @@ date_s_iso8601(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__iso8601(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__iso8601(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    Date._rfc3339(string)  ->  hash
-+ *    Date._rfc3339(string, limit: 128)  ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__rfc3339(VALUE klass, VALUE str)
-+date_s__rfc3339(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__rfc3339(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  date
-+ *    Date.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some typical RFC 3339 formats.
-  *
-  *    Date.rfc3339('2001-02-03T04:05:06+07:00')	#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_rfc3339(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -4465,38 +4532,56 @@ date_s_rfc3339(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__rfc3339(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__rfc3339(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    Date._xmlschema(string)  ->  hash
-+ *    Date._xmlschema(string, limit: 128)  ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__xmlschema(VALUE klass, VALUE str)
-+date_s__xmlschema(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__xmlschema(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.xmlschema(string='-4712-01-01'[, start=Date::ITALY])  ->  date
-+ *    Date.xmlschema(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some typical XML Schema formats.
-  *
-  *    Date.xmlschema('2001-02-03')	#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_xmlschema(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -4506,41 +4591,58 @@ date_s_xmlschema(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__xmlschema(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__xmlschema(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    Date._rfc2822(string)  ->  hash
-- *    Date._rfc822(string)   ->  hash
-+ *    Date._rfc2822(string, limit: 128)  ->  hash
-+ *    Date._rfc822(string, limit: 128)   ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__rfc2822(VALUE klass, VALUE str)
-+date_s__rfc2822(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__rfc2822(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])  ->  date
-- *    Date.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])   ->  date
-+ *    Date.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)  ->  date
-+ *    Date.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)   ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some typical RFC 2822 formats.
-  *
-  *    Date.rfc2822('Sat, 3 Feb 2001 00:00:00 +0000')
-  *						#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_rfc2822(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
- 
-     switch (argc) {
-       case 0:
-@@ -4550,39 +4652,56 @@ date_s_rfc2822(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__rfc2822(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__rfc2822(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    Date._httpdate(string)  ->  hash
-+ *    Date._httpdate(string, limit: 128)  ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__httpdate(VALUE klass, VALUE str)
-+date_s__httpdate(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__httpdate(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.httpdate(string='Mon, 01 Jan -4712 00:00:00 GMT'[, start=Date::ITALY])  ->  date
-+ *    Date.httpdate(string='Mon, 01 Jan -4712 00:00:00 GMT'[, start=Date::ITALY], limit: 128)  ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some RFC 2616 format.
-  *
-  *    Date.httpdate('Sat, 03 Feb 2001 00:00:00 GMT')
-  *						#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_httpdate(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
- 
-     switch (argc) {
-       case 0:
-@@ -4592,38 +4711,56 @@ date_s_httpdate(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__httpdate(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__httpdate(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    Date._jisx0301(string)  ->  hash
-+ *    Date._jisx0301(string, limit: 128)  ->  hash
-  *
-  * Returns a hash of parsed elements.
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
--date_s__jisx0301(VALUE klass, VALUE str)
-+date_s__jisx0301(int argc, VALUE *argv, VALUE klass)
- {
-+    VALUE str, opt;
-+
-+    rb_scan_args(argc, argv, "1:", &str, &opt);
-+    check_limit(str, opt);
-+
-     return date__jisx0301(str);
- }
- 
- /*
-  * call-seq:
-- *    Date.jisx0301(string='-4712-01-01'[, start=Date::ITALY])  ->  date
-+ *    Date.jisx0301(string='-4712-01-01'[, start=Date::ITALY], limit: 128)  ->  date
-  *
-  * Creates a new Date object by parsing from a string according to
-  * some typical JIS X 0301 formats.
-  *
-  *    Date.jisx0301('H13.02.03')		#=> #<Date: 2001-02-03 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- date_s_jisx0301(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -4633,7 +4770,11 @@ date_s_jisx0301(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__jisx0301(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        if (!NIL_P(opt)) argv2[argc2++] = opt;
-+	VALUE hash = date_s__jisx0301(argc2, argv2, klass);
- 	return d_new_by_frags(klass, hash, sg);
-     }
- }
-@@ -7925,7 +8066,7 @@ datetime_s_strptime(int argc, VALUE *argv, VALUE klass)
- 
- /*
-  * call-seq:
-- *    DateTime.parse(string='-4712-01-01T00:00:00+00:00'[, comp=true[, start=Date::ITALY]])  ->  datetime
-+ *    DateTime.parse(string='-4712-01-01T00:00:00+00:00'[, comp=true[, start=Date::ITALY]], limit: 128)  ->  datetime
-  *
-  * Parses the given representation of date and time, and creates a
-  * DateTime object.  This method does not function as a validator.
-@@ -7939,13 +8080,18 @@ datetime_s_strptime(int argc, VALUE *argv, VALUE klass)
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-  *    DateTime.parse('3rd Feb 2001 04:05:06 PM')
-  *				#=> #<DateTime: 2001-02-03T16:05:06+00:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_parse(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, comp, sg;
-+    VALUE str, comp, sg, opt;
- 
--    rb_scan_args(argc, argv, "03", &str, &comp, &sg);
-+    rb_scan_args(argc, argv, "03:", &str, &comp, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -7957,18 +8103,20 @@ datetime_s_parse(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE argv2[2], hash;
--
--	argv2[0] = str;
--	argv2[1] = comp;
--	hash = date_s__parse(2, argv2, klass);
-+        int argc2 = 2;
-+        VALUE argv2[3];
-+        argv2[0] = str;
-+        argv2[1] = comp;
-+        argv2[2] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__parse(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    DateTime.iso8601(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
-+ *    DateTime.iso8601(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
-  *
-  * Creates a new DateTime object by parsing from a string according to
-  * some typical ISO 8601 formats.
-@@ -7979,13 +8127,18 @@ datetime_s_parse(int argc, VALUE *argv, VALUE klass)
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-  *    DateTime.iso8601('2001-W05-6T04:05:06+07:00')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_iso8601(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -7995,27 +8148,37 @@ datetime_s_iso8601(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__iso8601(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2--;
-+	VALUE hash = date_s__iso8601(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    DateTime.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
-+ *    DateTime.rfc3339(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
-  *
-  * Creates a new DateTime object by parsing from a string according to
-  * some typical RFC 3339 formats.
-  *
-  *    DateTime.rfc3339('2001-02-03T04:05:06+07:00')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_rfc3339(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -8025,27 +8188,37 @@ datetime_s_rfc3339(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__rfc3339(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__rfc3339(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    DateTime.xmlschema(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
-+ *    DateTime.xmlschema(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
-  *
-  * Creates a new DateTime object by parsing from a string according to
-  * some typical XML Schema formats.
-  *
-  *    DateTime.xmlschema('2001-02-03T04:05:06+07:00')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_xmlschema(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -8055,28 +8228,38 @@ datetime_s_xmlschema(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__xmlschema(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__xmlschema(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    DateTime.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])  ->  datetime
-- *    DateTime.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY])   ->  datetime
-+ *    DateTime.rfc2822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)  ->  datetime
-+ *    DateTime.rfc822(string='Mon, 1 Jan -4712 00:00:00 +0000'[, start=Date::ITALY], limit: 128)   ->  datetime
-  *
-  * Creates a new DateTime object by parsing from a string according to
-  * some typical RFC 2822 formats.
-  *
-  *     DateTime.rfc2822('Sat, 3 Feb 2001 04:05:06 +0700')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -8086,7 +8269,12 @@ datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__rfc2822(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__rfc2822(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
-@@ -8100,13 +8288,18 @@ datetime_s_rfc2822(int argc, VALUE *argv, VALUE klass)
-  *
-  *    DateTime.httpdate('Sat, 03 Feb 2001 04:05:06 GMT')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+00:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_httpdate(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -8116,27 +8309,37 @@ datetime_s_httpdate(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__httpdate(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__httpdate(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
- 
- /*
-  * call-seq:
-- *    DateTime.jisx0301(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY])  ->  datetime
-+ *    DateTime.jisx0301(string='-4712-01-01T00:00:00+00:00'[, start=Date::ITALY], limit: 128)  ->  datetime
-  *
-  * Creates a new DateTime object by parsing from a string according to
-  * some typical JIS X 0301 formats.
-  *
-  *    DateTime.jisx0301('H13.02.03T04:05:06+07:00')
-  *				#=> #<DateTime: 2001-02-03T04:05:06+07:00 ...>
-+ *
-+ * Raise an ArgumentError when the string length is longer than _limit_.
-+ * You can stop this check by passing `limit: nil`, but note that
-+ * it may take a long time to parse.
-  */
- static VALUE
- datetime_s_jisx0301(int argc, VALUE *argv, VALUE klass)
- {
--    VALUE str, sg;
-+    VALUE str, sg, opt;
- 
--    rb_scan_args(argc, argv, "02", &str, &sg);
-+    rb_scan_args(argc, argv, "02:", &str, &sg, &opt);
-+    if (!NIL_P(opt)) argc--;
- 
-     switch (argc) {
-       case 0:
-@@ -8146,7 +8349,12 @@ datetime_s_jisx0301(int argc, VALUE *argv, VALUE klass)
-     }
- 
-     {
--	VALUE hash = date_s__jisx0301(klass, str);
-+        int argc2 = 1;
-+        VALUE argv2[2];
-+        argv2[0] = str;
-+        argv2[1] = opt;
-+        if (!NIL_P(opt)) argc2++;
-+	VALUE hash = date_s__jisx0301(argc2, argv2, klass);
- 	return dt_new_by_frags(klass, hash, sg);
-     }
- }
-@@ -9297,19 +9505,19 @@ Init_date_core(void)
-     rb_define_singleton_method(cDate, "strptime", date_s_strptime, -1);
-     rb_define_singleton_method(cDate, "_parse", date_s__parse, -1);
-     rb_define_singleton_method(cDate, "parse", date_s_parse, -1);
--    rb_define_singleton_method(cDate, "_iso8601", date_s__iso8601, 1);
-+    rb_define_singleton_method(cDate, "_iso8601", date_s__iso8601, -1);
-     rb_define_singleton_method(cDate, "iso8601", date_s_iso8601, -1);
--    rb_define_singleton_method(cDate, "_rfc3339", date_s__rfc3339, 1);
-+    rb_define_singleton_method(cDate, "_rfc3339", date_s__rfc3339, -1);
-     rb_define_singleton_method(cDate, "rfc3339", date_s_rfc3339, -1);
--    rb_define_singleton_method(cDate, "_xmlschema", date_s__xmlschema, 1);
-+    rb_define_singleton_method(cDate, "_xmlschema", date_s__xmlschema, -1);
-     rb_define_singleton_method(cDate, "xmlschema", date_s_xmlschema, -1);
--    rb_define_singleton_method(cDate, "_rfc2822", date_s__rfc2822, 1);
--    rb_define_singleton_method(cDate, "_rfc822", date_s__rfc2822, 1);
-+    rb_define_singleton_method(cDate, "_rfc2822", date_s__rfc2822, -1);
-+    rb_define_singleton_method(cDate, "_rfc822", date_s__rfc2822, -1);
-     rb_define_singleton_method(cDate, "rfc2822", date_s_rfc2822, -1);
-     rb_define_singleton_method(cDate, "rfc822", date_s_rfc2822, -1);
--    rb_define_singleton_method(cDate, "_httpdate", date_s__httpdate, 1);
-+    rb_define_singleton_method(cDate, "_httpdate", date_s__httpdate, -1);
-     rb_define_singleton_method(cDate, "httpdate", date_s_httpdate, -1);
--    rb_define_singleton_method(cDate, "_jisx0301", date_s__jisx0301, 1);
-+    rb_define_singleton_method(cDate, "_jisx0301", date_s__jisx0301, -1);
-     rb_define_singleton_method(cDate, "jisx0301", date_s_jisx0301, -1);
- 
- #ifndef NDEBUG
-diff --git a/test/date/test_date_parse.rb b/test/date/test_date_parse.rb
-index ac0eb85ca7..f9b160ee8c 100644
---- a/test/date/test_date_parse.rb
-+++ b/test/date/test_date_parse.rb
-@@ -1,6 +1,7 @@
- # frozen_string_literal: true
- require 'test/unit'
- require 'date'
-+require 'timeout'
- 
- class TestDateParse < Test::Unit::TestCase
- 
-@@ -1122,4 +1123,32 @@ def test_given_string
-     assert_equal(s0, s)
-   end
- 
-+  def test_length_limit
-+    assert_raise(ArgumentError) { Date._parse("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._iso8601("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._rfc3339("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._xmlschema("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._rfc2822("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._rfc822("1" * 1000) }
-+    assert_raise(ArgumentError) { Date._jisx0301("1" * 1000) }
-+
-+    assert_raise(ArgumentError) { Date.parse("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.iso8601("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.rfc3339("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.xmlschema("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.rfc2822("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.rfc822("1" * 1000) }
-+    assert_raise(ArgumentError) { Date.jisx0301("1" * 1000) }
-+
-+    assert_raise(ArgumentError) { DateTime.parse("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.iso8601("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.rfc3339("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.xmlschema("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.rfc2822("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.rfc822("1" * 1000) }
-+    assert_raise(ArgumentError) { DateTime.jisx0301("1" * 1000) }
-+
-+    assert_raise(ArgumentError) { Date._parse("Jan " + "9" * 1000000) }
-+    assert_raise(Timeout::Error) { Timeout.timeout(1) { Date._parse("Jan " + "9" * 1000000, limit: nil) } }
-+  end
- end
--- 
-2.36.1
-

SOURCES/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch

@@ -1,328 +0,0 @@
-From 8fc4b4792919c627183f4ddb6dc256aae49eb738 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Tue, 22 Nov 2022 13:48:18 +0900
-Subject: [PATCH] Fix CVE-2021-33621 HTTP response splitting in CGI.
-
-Backported from upstream Ruby, commit:
-https://github.com/ruby/ruby/commit/7cf697179dab52b0d024543304f4d3ab5fa5e847
-
-Test "CGICookieTest#test_cgi_cookie_new_with_domain" was adjusted to
-deal with Ruby 2.5 not allowing String with double splat operator.
-
-==== Original commit message
-Merge CGI-0.1.0.2
----
- lib/cgi/cookie.rb           | 51 ++++++++++++++++-------
- lib/cgi/core.rb             | 45 ++++++++++++--------
- test/cgi/test_cgi_cookie.rb | 82 +++++++++++++++++++++++++++++++++++++
- test/cgi/test_cgi_header.rb |  8 ++++
- 4 files changed, 154 insertions(+), 32 deletions(-)
-
-diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
-index 009566b..f26f015 100644
---- a/lib/cgi/cookie.rb
-+++ b/lib/cgi/cookie.rb
-@@ -40,6 +40,10 @@ class CGI
-   class Cookie < Array
-     @@accept_charset="UTF-8" unless defined?(@@accept_charset)
- 
-+    TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
-+    PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
-+    DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
-+
-     # Create a new CGI::Cookie object.
-     #
-     # :call-seq:
-@@ -72,9 +76,8 @@ class CGI
-       @domain = nil
-       @expires = nil
-       if name.kind_of?(String)
--        @name = name
--        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
--        @path = ($1 or "")
-+        self.name = name
-+        self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
-         @secure = false
-         @httponly = false
-         return super(value)
-@@ -85,16 +88,11 @@ class CGI
-         raise ArgumentError, "`name' required"
-       end
- 
--      @name = options["name"]
-+      self.name = options["name"]
-       value = Array(options["value"])
-       # simple support for IE
--      if options["path"]
--        @path = options["path"]
--      else
--        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
--        @path = ($1 or "")
--      end
--      @domain = options["domain"]
-+      self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
-+      self.domain = options["domain"]
-       @expires = options["expires"]
-       @secure = options["secure"] == true
-       @httponly = options["httponly"] == true
-@@ -102,12 +100,35 @@ class CGI
-       super(value)
-     end
- 
--    # Name of this cookie, as a +String+
--    attr_accessor :name
-+    attr_reader :name
-+    # Set name of this cookie
-+    def name=(str)
-+      if str and !TOKEN_RE.match?(str)
-+        raise ArgumentError, "invalid name: #{str.dump}"
-+      end
-+      @name = str
-+    end
-+
-     # Path for which this cookie applies, as a +String+
--    attr_accessor :path
-+    attr_reader :path
-+    # Set path for which this cookie applies
-+    def path=(str)
-+      if str and !PATH_VALUE_RE.match?(str)
-+        raise ArgumentError, "invalid path: #{str.dump}"
-+      end
-+      @path = str
-+    end
-+
-     # Domain for which this cookie applies, as a +String+
--    attr_accessor :domain
-+    attr_reader :domain
-+    # Set domain for which this cookie applies
-+    def domain=(str)
-+      if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
-+        raise ArgumentError, "invalid domain: #{str.dump}"
-+      end
-+      @domain = str
-+    end
-+
-     # Time at which this cookie expires, as a +Time+
-     attr_accessor :expires
-     # True if this cookie is secure; false otherwise
-diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb
-index 9bd7798..7d8b223 100644
---- a/lib/cgi/core.rb
-+++ b/lib/cgi/core.rb
-@@ -188,17 +188,28 @@ class CGI
-   # Using #header with the HTML5 tag maker will create a <header> element.
-   alias :header :http_header
- 
-+  def _no_crlf_check(str)
-+    if str
-+      str = str.to_s
-+      raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
-+      str
-+    else
-+      nil
-+    end
-+  end
-+  private :_no_crlf_check
-+
-   def _header_for_string(content_type) #:nodoc:
-     buf = ''.dup
-     if nph?()
--      buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
-+      buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
-       buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
--      buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
-+      buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
-       buf << "Connection: close#{EOL}"
-     end
--    buf << "Content-Type: #{content_type}#{EOL}"
-+    buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
-     if @output_cookies
--      @output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
-+      @output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
-     end
-     return buf
-   end # _header_for_string
-@@ -213,9 +224,9 @@ class CGI
-     ## NPH
-     options.delete('nph') if defined?(MOD_RUBY)
-     if options.delete('nph') || nph?()
--      protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
-+      protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
-       status = options.delete('status')
--      status = HTTP_STATUS[status] || status || '200 OK'
-+      status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
-       buf << "#{protocol} #{status}#{EOL}"
-       buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
-       options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
-@@ -223,38 +234,38 @@ class CGI
-     end
-     ## common headers
-     status = options.delete('status')
--    buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
-+    buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
-     server = options.delete('server')
--    buf << "Server: #{server}#{EOL}" if server
-+    buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
-     connection = options.delete('connection')
--    buf << "Connection: #{connection}#{EOL}" if connection
-+    buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
-     type = options.delete('type')
--    buf << "Content-Type: #{type}#{EOL}" #if type
-+    buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
-     length = options.delete('length')
--    buf << "Content-Length: #{length}#{EOL}" if length
-+    buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
-     language = options.delete('language')
--    buf << "Content-Language: #{language}#{EOL}" if language
-+    buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
-     expires = options.delete('expires')
-     buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
-     ## cookie
-     if cookie = options.delete('cookie')
-       case cookie
-       when String, Cookie
--        buf << "Set-Cookie: #{cookie}#{EOL}"
-+        buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
-       when Array
-         arr = cookie
--        arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
-+        arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
-       when Hash
-         hash = cookie
--        hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
-+        hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
-       end
-     end
-     if @output_cookies
--      @output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
-+      @output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
-     end
-     ## other headers
-     options.each do |key, value|
--      buf << "#{key}: #{value}#{EOL}"
-+      buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
-     end
-     return buf
-   end # _header_for_hash
-diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
-index 985cc0d..7afff5e 100644
---- a/test/cgi/test_cgi_cookie.rb
-+++ b/test/cgi/test_cgi_cookie.rb
-@@ -60,6 +60,24 @@ class CGICookieTest < Test::Unit::TestCase
-   end
- 
- 
-+  def test_cgi_cookie_new_with_domain
-+    h = {'name'=>'name1', 'value'=>'value1'}
-+    cookie = CGI::Cookie.new({'domain' => 'a.example.com'}.merge(h))
-+    assert_equal('a.example.com', cookie.domain)
-+
-+    cookie = CGI::Cookie.new({'domain'=>'1.example.com'}.merge(h))
-+    assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
-+
-+    assert_raise(ArgumentError) {
-+      CGI::Cookie.new({'domain'=>'-a.example.com'}.merge(h))
-+    }
-+
-+    assert_raise(ArgumentError) {
-+      CGI::Cookie.new({'domain'=>'a-.example.com'}.merge(h))
-+    }
-+  end
-+
-+
-   def test_cgi_cookie_scriptname
-     cookie = CGI::Cookie.new('name1', 'value1')
-     assert_equal('', cookie.path)
-@@ -118,6 +136,70 @@ class CGICookieTest < Test::Unit::TestCase
-   end
- 
- 
-+  def test_cgi_cookie_domain_injection_into_name
-+    name = "a=b; domain=example.com;"
-+    path = "/"
-+    domain = "example.jp"
-+    assert_raise(ArgumentError) do
-+      CGI::Cookie.new('name' => name,
-+                      'value' => "value",
-+                      'domain' => domain,
-+                      'path' => path)
-+    end
-+  end
-+
-+
-+  def test_cgi_cookie_newline_injection_into_name
-+    name = "a=b;\r\nLocation: http://example.com#"
-+    path = "/"
-+    domain = "example.jp"
-+    assert_raise(ArgumentError) do
-+      CGI::Cookie.new('name' => name,
-+                      'value' => "value",
-+                      'domain' => domain,
-+                      'path' => path)
-+    end
-+  end
-+
-+
-+  def test_cgi_cookie_multibyte_injection_into_name
-+    name = "a=b;\u3042"
-+    path = "/"
-+    domain = "example.jp"
-+    assert_raise(ArgumentError) do
-+      CGI::Cookie.new('name' => name,
-+                      'value' => "value",
-+                      'domain' => domain,
-+                      'path' => path)
-+    end
-+  end
-+
-+
-+  def test_cgi_cookie_injection_into_path
-+    name = "name"
-+    path = "/; samesite=none"
-+    domain = "example.jp"
-+    assert_raise(ArgumentError) do
-+      CGI::Cookie.new('name' => name,
-+                      'value' => "value",
-+                      'domain' => domain,
-+                      'path' => path)
-+    end
-+  end
-+
-+
-+  def test_cgi_cookie_injection_into_domain
-+    name = "name"
-+    path = "/"
-+    domain = "example.jp; samesite=none"
-+    assert_raise(ArgumentError) do
-+      CGI::Cookie.new('name' => name,
-+                      'value' => "value",
-+                      'domain' => domain,
-+                      'path' => path)
-+    end
-+  end
-+
- 
-   instance_methods.each do |method|
-     private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
-diff --git a/test/cgi/test_cgi_header.rb b/test/cgi/test_cgi_header.rb
-index bab2d03..ec2f4de 100644
---- a/test/cgi/test_cgi_header.rb
-+++ b/test/cgi/test_cgi_header.rb
-@@ -176,6 +176,14 @@ class CGIHeaderTest < Test::Unit::TestCase
-   end
- 
- 
-+  def test_cgi_http_header_crlf_injection
-+    cgi = CGI.new
-+    assert_raise(RuntimeError) { cgi.http_header("text/xhtml\r\nBOO") }
-+    assert_raise(RuntimeError) { cgi.http_header("type" => "text/xhtml\r\nBOO") }
-+    assert_raise(RuntimeError) { cgi.http_header("status" => "200 OK\r\nBOO") }
-+    assert_raise(RuntimeError) { cgi.http_header("location" => "text/xhtml\r\nBOO") }
-+  end
-+
- 
-   instance_methods.each do |method|
-     private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
--- 
-2.41.0
-

SOURCES/ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch

@@ -1,52 +0,0 @@
-From 61fb466ea0b492c990fcd2d681c08f2001d7a659 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Tue, 28 Mar 2023 17:33:19 +0900
-Subject: [PATCH] Fix CVE-2023-28755 ReDos vulnerability in URI.
-
-This patch was backported from Ruby 2.7.8
-
-Backported from upstream Ruby, commit:
-https://github.com/ruby/ruby/commit/6855779d580358a6a0b4c9ee06f20e7cae72955a
-
-===== Original commit message
-
-Merge URI-0.10.0.2
----
- lib/uri/rfc3986_parser.rb | 4 ++--
- test/uri/test_parser.rb   | 7 +++++++
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
-index 8712800..ad32368 100644
---- a/lib/uri/rfc3986_parser.rb
-+++ b/lib/uri/rfc3986_parser.rb
-@@ -3,8 +3,8 @@ module URI
-   class RFC3986_Parser # :nodoc:
-     # URI defined in RFC3986
-     # this regexp is modified not to host is not empty string
--    RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
--    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
-+    RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
-+    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
-     attr_reader :regexp
- 
-     def initialize
-diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
-index 757ac86..2f70559 100644
---- a/test/uri/test_parser.rb
-+++ b/test/uri/test_parser.rb
-@@ -45,4 +45,11 @@ class URI::TestParser < Test::Unit::TestCase
-       URI.parse(1)
-     end
-   end
-+
-+  def test_split
-+    assert_equal(["http", nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("http://example.com"))
-+    assert_equal(["http", nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("http://[0::0]"))
-+    assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com"))
-+    assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]"))
-+  end
- end
--- 
-2.41.0
-

SOURCES/ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch

@@ -1,41 +0,0 @@
-From 71c37c29defeab2c98ad4291807efe12427a209f Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Tue, 29 Nov 2022 16:22:15 +0900
-Subject: [PATCH] Fix CVE-2023-28756 ReDoS vulnerability in Time.
-
-Backported from: Ruby 2.7.8
-Backported from the following commits:
-https://github.com/ruby/ruby/commit/2cb830602f52e7e76c6781115e7938b21f881c4f
-https://github.com/ruby/ruby/commit/e3f18f7d2e034f20053d7bf2fc7a50f8b7e1a27a
-
-Do not include the test case, as assert_linear_time was introduced in Ruby 2.7.
-
-==== Original commit message(s)
-
-Fix quadratic backtracking on invalid time
-
-Make RFC2822 regexp linear
-
-https://hackerone.com/reports/1485501
----
- lib/time.rb | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/time.rb b/lib/time.rb
-index eb46a03..cb6f1e4 100644
---- a/lib/time.rb
-+++ b/lib/time.rb
-@@ -474,8 +474,8 @@ class Time
-           (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
-           (\d{2,})\s+
-           (\d{2})\s*
--          :\s*(\d{2})\s*
--          (?::\s*(\d{2}))?\s+
-+          :\s*(\d{2})
-+          (?:\s*:\s*(\d\d))?\s+
-           ([+-]\d{4}|
-            UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
-         # Since RFC 2822 permit comments, the regexp has no right anchor.
--- 
-2.41.0
-

SOURCES/ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch

@@ -1,25 +0,0 @@
-From a267a40be7844224c5f000530bd3e8e906f1acea Mon Sep 17 00:00:00 2001
-From: Jeremy Evans <code@jeremyevans.net>
-Date: Wed, 10 Mar 2021 13:48:00 -0800
-Subject: [PATCH] Do not use a libdir for glibc, it breaks Linux PPC64 (#70)
-
-Fixes [Bug #12666]
----
- test/fiddle/helper.rb | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
-index f38f903..a6e2019 100644
---- a/test/fiddle/helper.rb
-+++ b/test/fiddle/helper.rb
-@@ -20,8 +20,8 @@
-     # 64-bit ruby
-     libdir = '/lib64' if File.directory? '/lib64'
-   end
--  libc_so = File.join(libdir, "libc.so.6")
--  libm_so = File.join(libdir, "libm.so.6")
-+  libc_so = "libc.so.6"
-+  libm_so = "libm.so.6"
- when /mingw/, /mswin/
-   require "rbconfig"
-   crtname = RbConfig::CONFIG["RUBY_SO_NAME"][/msvc\w+/] || 'ucrtbase'

SOURCES/ruby-3.0.7-Fix-CVE-2023-36617-Upstreams-incomplete-fix-for-CVE-2023-28755.patch

@@ -1,44 +0,0 @@
-From 5d08bbb0415c2ecc10037837b81e6a27d40ee7be Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Thu, 29 Jun 2023 22:25:17 +0900
-Subject: [PATCH] CVE-2023-36617 for Ruby 3.0 (#7997)
-
-* Merge URI-0.10.3
-
----
-
-Backport note, bundler is not distributed the same as RubyGems in Ruby
-2.5, therefore we do not use backport for Bundler.
----
- lib/uri/rfc2396_parser.rb |  4 ++--
- lib/uri/rfc3986_parser.rb |  2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
-index b9e7b2b26e..c7c3ecd96d 100644
---- a/lib/uri/rfc2396_parser.rb
-+++ b/lib/uri/rfc2396_parser.rb
-@@ -502,8 +502,8 @@ def initialize_regexp(pattern)
-       ret = {}
- 
-       # for URI::split
--      ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
--      ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
-+      ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
-+      ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
- 
-       # for URI::extract
-       ret[:URI_REF]     = Regexp.new(pattern[:URI_REF])
-diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
-index ad32368cfa..1accd03376 100644
---- a/lib/uri/rfc3986_parser.rb
-+++ b/lib/uri/rfc3986_parser.rb
-@@ -106,7 +106,7 @@ def default_regexp # :nodoc:
-         QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
-         FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
-         OPAQUE: /\A(?:[^\/].*)?\z/,
--        PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
-+        PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
-       }
-     end
- 

SOURCES/ruby-3.0.7-Fix-CVE-2024-27280-Buffer-overread-in-StringIO.patch

@@ -1,81 +0,0 @@
-From 740289bf02c9bea54f75b702f62862c62c62672b Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Thu, 21 Mar 2024 15:55:48 +0900
-Subject: [PATCH] Merge StringIO 3.0.1.1
-
----
- ext/stringio/stringio.c        |  2 +-
- test/stringio/test_stringio.rb | 27 ++++++++++++++++++++++-----
- 2 files changed, 23 insertions(+), 6 deletions(-)
-
-diff --git a/ext/stringio/stringio.c b/ext/stringio/stringio.c
-index f537054b5d..946ae06da4 100644
---- a/ext/stringio/stringio.c
-+++ b/ext/stringio/stringio.c
-@@ -833,7 +833,7 @@ strio_unget_bytes(struct StringIO *ptr, const char *cp, long cl)
-     len = RSTRING_LEN(str);
-     rest = pos - len;
-     if (cl > pos) {
--	long ex = (rest < 0 ? cl-pos : cl+rest);
-+	long ex = cl - (rest < 0 ? pos : len);
- 	rb_str_modify_expand(str, ex);
- 	rb_str_set_len(str, len + ex);
- 	s = RSTRING_PTR(str);
-diff --git a/test/stringio/test_stringio.rb b/test/stringio/test_stringio.rb
-index f5169f641a..c055b901e3 100644
---- a/test/stringio/test_stringio.rb
-+++ b/test/stringio/test_stringio.rb
-@@ -693,6 +693,15 @@ def test_ungetc_padding
-     assert_equal("b""\0""a", s.string)
-   end
- 
-+  def test_ungetc_fill
-+    count = 100
-+    s = StringIO.new
-+    s.print 'a' * count
-+    s.ungetc('b' * (count * 5))
-+    assert_equal((count * 5), s.string.size)
-+    assert_match(/\Ab+\z/, s.string)
-+  end
-+
-   def test_ungetbyte_pos
-     b = '\\b00010001 \\B00010001 \\b1 \\B1 \\b000100011'
-     s = StringIO.new( b )
-@@ -718,6 +727,15 @@ def test_ungetbyte_padding
-     assert_equal("b""\0""a", s.string)
-   end
- 
-+  def test_ungetbyte_fill
-+    count = 100
-+    s = StringIO.new
-+    s.print 'a' * count
-+    s.ungetbyte('b' * (count * 5))
-+    assert_equal((count * 5), s.string.size)
-+    assert_match(/\Ab+\z/, s.string)
-+  end
-+
-   def test_frozen
-     s = StringIO.new
-     s.freeze
-@@ -760,18 +778,17 @@ def test_new_block_warning
-   end
- 
-   def test_overflow
--    skip if RbConfig::SIZEOF["void*"] > RbConfig::SIZEOF["long"]
-+    return if RbConfig::SIZEOF["void*"] > RbConfig::SIZEOF["long"]
-     limit = (1 << (RbConfig::SIZEOF["void*"]*8-1)) - 0x10
-     assert_separately(%w[-rstringio], "#{<<-"begin;"}\n#{<<-"end;"}")
-     begin;
-       limit = #{limit}
-       ary = []
--      while true
-+      begin
-         x = "a"*0x100000
-         break if [x].pack("p").unpack("i!")[0] < 0
-         ary << x
--        skip if ary.size > 100
--      end
-+      end while ary.size <= 100
-       s = StringIO.new(x)
-       s.gets("xxx", limit)
-       assert_equal(0x100000, s.pos)

SOURCES/ruby-3.0.7-Fix-CVE-2024-27281-RCE-vulnerability-with-rdoc_options.patch

@@ -1,203 +0,0 @@
-From 7957a25edf844c966de45848fa7e9e2513955660 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Thu, 21 Mar 2024 15:47:40 +0900
-Subject: [PATCH 1/2] Merge RDoc-6.3.4.1
-
----
- lib/rdoc/rdoc.rb               |  3 ++-
- lib/rdoc/store.rb              | 45 ++++++++++++++++++++--------------
- test/rdoc/test_rdoc_options.rb |  6 ++---
- 3 files changed, 31 insertions(+), 23 deletions(-)
-
-diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
-index a2711fbbd1..c5690fc3b4 100644
---- a/lib/rdoc/rdoc.rb
-+++ b/lib/rdoc/rdoc.rb
-@@ -162,8 +162,9 @@ def load_options
-     RDoc.load_yaml
- 
-     begin
--      options = YAML.load_file '.rdoc_options'
-+      options = YAML.safe_load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
-     rescue Psych::SyntaxError
-+      raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
-     end
- 
-     raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
-diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb
-index 999aa76f92..07d03e90f7 100644
---- a/lib/rdoc/store.rb
-+++ b/lib/rdoc/store.rb
-@@ -539,9 +539,7 @@ def load_all
-   def load_cache
-     #orig_enc = @encoding
- 
--    open cache_path, 'rb' do |io|
--      @cache = Marshal.load io.read
--    end
-+    @cache = marshal_load(cache_path)
- 
-     load_enc = @cache[:encoding]
- 
-@@ -596,9 +594,7 @@ def load_class klass_name
-   def load_class_data klass_name
-     file = class_file klass_name
- 
--    open file, 'rb' do |io|
--      Marshal.load io.read
--    end
-+    marshal_load(file)
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, klass_name)
-     error.set_backtrace e.backtrace
-@@ -611,14 +607,10 @@ def load_class_data klass_name
-   def load_method klass_name, method_name
-     file = method_file klass_name, method_name
- 
--    open file, 'rb' do |io|
--      obj = Marshal.load io.read
--      obj.store = self
--      obj.parent =
--        find_class_or_module(klass_name) || load_class(klass_name) unless
--          obj.parent
--      obj
--    end
-+    obj = marshal_load(file)
-+    obj.store = self
-+    obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
-+    obj
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, klass_name + method_name)
-     error.set_backtrace e.backtrace
-@@ -631,11 +623,9 @@ def load_method klass_name, method_name
-   def load_page page_name
-     file = page_file page_name
- 
--    open file, 'rb' do |io|
--      obj = Marshal.load io.read
--      obj.store = self
--      obj
--    end
-+    obj = marshal_load(file)
-+    obj.store = self
-+    obj
-   rescue Errno::ENOENT => e
-     error = MissingFileError.new(self, file, page_name)
-     error.set_backtrace e.backtrace
-@@ -965,4 +955,21 @@ def unique_modules
-     @unique_modules
-   end
- 
-+  private
-+  def marshal_load(file)
-+    File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
-+  end
-+
-+  MarshalFilter = proc do |obj|
-+    case obj
-+    when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
-+    else
-+      unless obj.class.name.start_with?("RDoc::")
-+        raise TypeError, "not permitted class: #{obj.class.name}"
-+      end
-+    end
-+    obj
-+  end
-+  private_constant :MarshalFilter
-+
- end
-diff --git a/test/rdoc/test_rdoc_options.rb b/test/rdoc/test_rdoc_options.rb
-index 400ed9a549..247c7c87ce 100644
---- a/test/rdoc/test_rdoc_options.rb
-+++ b/test/rdoc/test_rdoc_options.rb
-@@ -145,7 +145,7 @@ def test_init_with_encoding
- 
-     @options.encoding = Encoding::IBM437
- 
--    options = YAML.load YAML.dump @options
-+    options = YAML.safe_load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
- 
-     assert_equal Encoding::IBM437, options.encoding
-   end
-@@ -161,7 +161,7 @@ def test_init_with_trim_paths
- - /etc
-     YAML
- 
--    options = YAML.load yaml
-+    options = YAML.safe_load(yaml, permitted_classes: [RDoc::Options, Symbol])
- 
-     assert_empty options.rdoc_include
-     assert_empty options.static_path
-@@ -729,7 +729,7 @@ def test_write_options
- 
-       assert File.exist? '.rdoc_options'
- 
--      assert_equal @options, YAML.load(File.read('.rdoc_options'))
-+      assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
-     end
-   end
- 
-
-From 153a4d16058783c923d0df5b1cbe2610ef96e3a8 Mon Sep 17 00:00:00 2001
-From: Jarek Prokop <jprokop@redhat.com>
-Date: Tue, 28 May 2024 16:56:26 +0200
-Subject: [PATCH 2/2] Port the rebase to work with Ruby 2.5.9.
-
-Ruby 2.5's Psych does not have safe_load_file method.
-However, from Ruby 3.3's sources, the method is just File.read
-simple wrapper with a safe_load call. Therefore it was copied over to
-the lib/rdoc/rdoc.rb file.
----
- lib/rdoc/rdoc.rb               | 9 ++++++-
- test/rdoc/test_rdoc_options.rb | 6 +++---
- 2 files changed, 11 insertions(+), 4 deletions(-)
-
-diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
-index c5690fc3b4..435cd2eaf0 100644
---- a/lib/rdoc/rdoc.rb
-+++ b/lib/rdoc/rdoc.rb
-@@ -162,7 +162,12 @@ def load_options
-     RDoc.load_yaml
- 
-     begin
--      options = YAML.safe_load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
-+      # Opening file inspired from Ruby 3.3.0 sources,
-+      # file 'ext/psych/lib/psych.rb', line 658.
-+      # https://github.com/ruby/ruby/blob/v3_3_0/ext/psych/lib/psych.rb#L658
-+      options = File.open('.rdoc_options', 'r:bom|utf-8') do |file|
-+        YAML.safe_load file, [RDoc::Options, Symbol], [], false, '.rdoc_options'
-+      end
-     rescue Psych::SyntaxError
-       raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
-     end
-diff --git a/test/rdoc/test_rdoc_options.rb b/test/rdoc/test_rdoc_options.rb
-index 247c7c87ce..60fe035dce 100644
---- a/test/rdoc/test_rdoc_options.rb
-+++ b/test/rdoc/test_rdoc_options.rb
-@@ -145,7 +145,7 @@ def test_init_with_encoding
- 
-     @options.encoding = Encoding::IBM437
- 
--    options = YAML.safe_load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
-+    options = YAML.safe_load(YAML.dump(@options), [RDoc::Options, Symbol])
- 
-     assert_equal Encoding::IBM437, options.encoding
-   end
-@@ -161,7 +161,7 @@ def test_init_with_trim_paths
- - /etc
-     YAML
- 
--    options = YAML.safe_load(yaml, permitted_classes: [RDoc::Options, Symbol])
-+    options = YAML.safe_load(yaml, [RDoc::Options, Symbol])
- 
-     assert_empty options.rdoc_include
-     assert_empty options.static_path
-@@ -729,7 +729,7 @@ def test_write_options
- 
-       assert File.exist? '.rdoc_options'
- 
--      assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
-+      assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), [RDoc::Options, Symbol])
-     end
-   end
- 

SOURCES/ruby-3.0.7-Fix-CVE-2024-27282-Memory-address-read-with-Regex.patch

@@ -1,48 +0,0 @@
-From 9eda3000e3efd5bdd4ed60d07e2f43633e39d361 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Tue, 23 Apr 2024 19:22:22 +0900
-Subject: [PATCH] merge revision(s) 33e5b47c16f1fd3382186e6ffe73cfc6e00946f7:
-
-	Fix handling of reg->dmin in Regex matching
-
-	---
-	 regexec.c | 10 ++++++++++
-	 1 file changed, 10 insertions(+)
----
- regexec.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/regexec.c b/regexec.c
-index 4582c35c3f..36ac1d4bc5 100644
---- a/regexec.c
-+++ b/regexec.c
-@@ -3900,12 +3900,17 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
- 		     UChar* range, UChar** low, UChar** high, UChar** low_prev)
- {
-   UChar *p, *pprev = (UChar* )NULL;
-+  size_t input_len = end - str;
- 
- #ifdef ONIG_DEBUG_SEARCH
-   fprintf(stderr, "forward_search_range: str: %"PRIuPTR" (%p), end: %"PRIuPTR" (%p), s: %"PRIuPTR" (%p), range: %"PRIuPTR" (%p)\n",
- 	  (uintptr_t )str, str, (uintptr_t )end, end, (uintptr_t )s, s, (uintptr_t )range, range);
- #endif
- 
-+  if (reg->dmin > input_len) {
-+    return 0;
-+  }
-+
-   p = s;
-   if (reg->dmin > 0) {
-     if (ONIGENC_IS_SINGLEBYTE(reg->enc)) {
-@@ -4042,6 +4047,11 @@ backward_search_range(regex_t* reg, const UChar* str, const UChar* end,
- 		      UChar** low, UChar** high)
- {
-   UChar *p;
-+  size_t input_len = end - str;
-+
-+  if (reg->dmin > input_len) {
-+    return 0;
-+  }
- 
-   range += reg->dmin;
-   p = s;

SOURCES/ruby-3.1.3-Fix-for-tzdata-2022g.patch

@@ -1,70 +0,0 @@
-From a1124dc162810f86cb0bff58cde24064cfc561bc Mon Sep 17 00:00:00 2001
-From: nagachika <nagachika@ruby-lang.org>
-Date: Fri, 9 Dec 2022 21:11:47 +0900
-Subject: [PATCH] merge revision(s) 58cc3c9f387dcf8f820b43e043b540fa06248da3:
- [Backport #19187]
-
-	[Bug #19187] Fix for tzdata-2022g
-
-	---
-	 test/ruby/test_time_tz.rb | 21 +++++++++++++++------
-	 1 file changed, 15 insertions(+), 6 deletions(-)
----
- test/ruby/test_time_tz.rb | 21 +++++++++++++++------
- 1 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
-index b6785f336028d..939f218ed4d10 100644
---- a/test/ruby/test_time_tz.rb
-+++ b/test/ruby/test_time_tz.rb
-@@ -6,9 +6,9 @@ class TestTimeTZ < Test::Unit::TestCase
-   has_lisbon_tz = true
-   force_tz_test = ENV["RUBY_FORCE_TIME_TZ_TEST"] == "yes"
-   case RUBY_PLATFORM
--  when /linux/
-+  when /darwin|linux/
-     force_tz_test = true
--  when /darwin|freebsd/
-+  when /freebsd|openbsd/
-     has_lisbon_tz = false
-     force_tz_test = true
-   end
-@@ -94,6 +94,9 @@ def group_by(e, &block)
-   CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
-     Time.local(1994, 12, 31, 0, 0, 0).year == 1995
-   }
-+  CORRECT_SINGAPORE_1982 = with_tz("Asia/Singapore") {
-+    "2022g" if Time.local(1981, 12, 31, 23, 59, 59).utc_offset == 8*3600
-+  }
- 
-   def time_to_s(t)
-     t.to_s
-@@ -139,9 +142,12 @@ def test_america_managua
- 
-   def test_asia_singapore
-     with_tz(tz="Asia/Singapore") {
--      assert_time_constructor(tz, "1981-12-31 23:59:59 +0730", :local, [1981,12,31,23,59,59])
--      assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,0,0])
--      assert_time_constructor(tz, "1982-01-01 00:59:59 +0800", :local, [1982,1,1,0,29,59])
-+      assert_time_constructor(tz, "1981-12-31 23:29:59 +0730", :local, [1981,12,31,23,29,59])
-+      if CORRECT_SINGAPORE_1982
-+        assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1981,12,31,23,30,00])
-+        assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1982,1,1,0,0,0])
-+        assert_time_constructor(tz, "1982-01-01 00:29:59 +0800", :local, [1982,1,1,0,29,59])
-+      end
-       assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,30,0])
-     }
-   end
-@@ -364,8 +370,11 @@ def self.gen_zdump_test(data)
- America/Managua  Wed Jan  1 04:59:59 1997 UTC = Tue Dec 31 23:59:59 1996 EST isdst=0 gmtoff=-18000
- America/Managua  Wed Jan  1 05:00:00 1997 UTC = Tue Dec 31 23:00:00 1996 CST isdst=0 gmtoff=-21600
- Asia/Singapore  Sun Aug  8 16:30:00 1965 UTC = Mon Aug  9 00:00:00 1965 SGT isdst=0 gmtoff=27000
--Asia/Singapore  Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000
-+Asia/Singapore  Thu Dec 31 15:59:59 1981 UTC = Thu Dec 31 23:29:59 1981 SGT isdst=0 gmtoff=27000
- Asia/Singapore  Thu Dec 31 16:30:00 1981 UTC = Fri Jan  1 00:30:00 1982 SGT isdst=0 gmtoff=28800
-+End
-+  gen_zdump_test <<'End' if CORRECT_SINGAPORE_1982
-+Asia/Singapore  Thu Dec 31 16:00:00 1981 UTC = Fri Jan  1 00:00:00 1982 SGT isdst=0 gmtoff=28800
- End
-   gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End'
- Asia/Tokyo  Sat May  5 14:59:59 1951 UTC = Sat May  5 23:59:59 1951 JST isdst=0 gmtoff=32400

SOURCES/ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch

@@ -1,27 +0,0 @@
-From dae843f6b7502f921a7e66f39e3714a39d860181 Mon Sep 17 00:00:00 2001
-From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
-Date: Wed, 19 Oct 2022 19:40:00 +0900
-Subject: [PATCH] Bypass git submodule add/update with git config
- protocol.file.allow=always option.
-
-Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
----
- test/rubygems/test_gem_source_git.rb | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/test/rubygems/test_gem_source_git.rb b/test/rubygems/test_gem_source_git.rb
-index 5702da05974b6..c3b324771fa4d 100644
---- a/test/rubygems/test_gem_source_git.rb
-+++ b/test/rubygems/test_gem_source_git.rb
-@@ -64,6 +64,11 @@ def test_checkout_local_cached
-   end
- 
-   def test_checkout_submodules
-+    # We need to allow to checkout submodules with file:// protocol
-+    # CVE-2022-39253
-+    # https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
-+    system(@git, *%W"config --global protocol.file.allow always")
-+
-     source = Gem::Source::Git.new @name, @repository, 'master', true
- 
-     git_gem 'b'

SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch

@@ -1,236 +0,0 @@
-From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001
-From: Sorah Fukumori <her@sorah.jp>
-Date: Mon, 1 Jan 2024 20:45:54 +0900
-Subject: [PATCH] [ruby/net-http] Renew test certificates
-
-The private key is replaced with a public known test key published at
-[RFC 9500].
-
-Also lifetime has been extended to 10 years from 4 years.
-
-[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html
-
-https://github.com/ruby/net-http/commit/4ab6c4a500
----
- test/net/fixtures/cacert.pem | 44 ++++++++--------
- test/net/fixtures/server.crt | 99 +++++++-----------------------------
- test/net/fixtures/server.key | 55 ++++++++++----------
- 4 files changed, 68 insertions(+), 130 deletions(-)
-
-diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem
-index f623bd62ed375..24c83f1c65225 100644
---- a/test/net/fixtures/cacert.pem
-+++ b/test/net/fixtures/cacert.pem
-@@ -1,24 +1,24 @@
- -----BEGIN CERTIFICATE-----
--MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
--VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx
--FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
--JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy
--MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM
--B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv
--cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
--ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
--CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV
--SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI
--3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d
--BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L
--2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R
--WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9
--I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw
--DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA
--of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q
--aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS
--2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee
--uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s
--K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+
--mA==
-+MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL
-+BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN
-+YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1
-+YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y
-+ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK
-+UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV
-+BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq
-+hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB
-+AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI
-++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f
-+qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0
-+yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe
-+NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1
-+JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud
-+DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9
-+R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl
-+8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo
-+orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48
-+jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD
-+r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui
-+AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob
-+2uJX6eMWTVxYK5D4M9lm
- -----END CERTIFICATE-----
-diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
-index 5ca78a6d146a0..5d2923795dabc 100644
---- a/test/net/fixtures/server.crt
-+++ b/test/net/fixtures/server.crt
-@@ -1,82 +1,21 @@
--Certificate:
--    Data:
--        Version: 3 (0x2)
--        Serial Number: 2 (0x2)
--    Signature Algorithm: sha256WithRSAEncryption
--        Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
--        Validity
--            Not Before: Jan  2 03:27:13 2019 GMT
--            Not After : Jan  1 03:27:13 2024 GMT
--        Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
--        Subject Public Key Info:
--            Public Key Algorithm: rsaEncryption
--                Public-Key: (2048 bit)
--                Modulus:
--                    00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07:
--                    9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48:
--                    e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57:
--                    7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67:
--                    cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1:
--                    0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7:
--                    bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc:
--                    74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1:
--                    8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9:
--                    40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19:
--                    47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04:
--                    79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3:
--                    02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4:
--                    de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d:
--                    86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc:
--                    e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d:
--                    74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10:
--                    4f:41
--                Exponent: 65537 (0x10001)
--        X509v3 extensions:
--            X509v3 Basic Constraints: 
--                CA:FALSE
--            Netscape Comment: 
--                OpenSSL Generated Certificate
--            X509v3 Subject Key Identifier: 
--                ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36
--            X509v3 Authority Key Identifier: 
--                keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
--
--    Signature Algorithm: sha256WithRSAEncryption
--         1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c:
--         ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35:
--         2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51:
--         fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a:
--         56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a:
--         04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15:
--         89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64:
--         93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62:
--         d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab:
--         1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d:
--         1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2:
--         5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff:
--         63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf:
--         da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69:
--         fd:be:bd:6e
- -----BEGIN CERTIFICATE-----
--MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
--EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
--DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
--hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX
--DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
--FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ
--BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
--AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ
--zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj
--VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ
--wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r
--sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d
--dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
--AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o
--wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N
--+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ
--y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW
--EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL
--Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1
--oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j
--28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u
-+MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD
-+VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi
-+eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ
-+ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy
-+MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD
-+VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD
-+DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ
-+Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ
-+tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA
-+aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a
-+a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj
-+702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G
-+9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp
-+M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN
-+oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY
-+PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G
-+VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0
-+kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu
-+uBrdP4Q=
- -----END CERTIFICATE-----
-diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
-index 7f2380e71e637..6a83d5bcf4a52 100644
---- a/test/net/fixtures/server.key
-+++ b/test/net/fixtures/server.key
-@@ -1,28 +1,27 @@
-------BEGIN PRIVATE KEY-----
--MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN
--XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU
--Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC
--6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE
--cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ
--n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u
--/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ
--DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho
--LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX
--QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej
--hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ
--1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt
--liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd
--U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc
--pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC
--A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1
--ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs
--oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD
--gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ
--xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn
--kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ
--uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ
--y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ
--g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8
--wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7
--2whRF0FEjKA8ehrNhAq+VFfFNw==
-------END PRIVATE KEY-----
-+-----BEGIN RSA PRIVATE KEY-----
-+MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso
-+tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE
-+89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU
-+l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s
-+B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59
-+3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+
-+dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI
-+FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J
-+aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2
-+BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx
-+IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/
-+fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u
-+pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT
-+Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl
-+u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD
-+fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X
-+Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE
-+k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo
-+qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS
-+CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ
-+XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw
-+AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r
-+UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0
-+2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5
-+7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3
-+-----END RSA PRIVATE KEY-----

SOURCES/ruby-3.5.0-fix-164-Integer-overflow-related-to-reg-dmax-in-sear.patch

@@ -1,221 +0,0 @@
-From 377b776f01863c516224baa1f77c0bbb51861c5b Mon Sep 17 00:00:00 2001
-From: "K.Kosako" <kosako@sofnec.co.jp>
-Date: Tue, 29 Apr 2025 22:19:51 +0200
-Subject: [PATCH] fix #164: Integer overflow related to reg->dmax in
- search_in_range()
-
-https://github.com/kkos/oniguruma/issues/164#issuecomment-558134827
-
-Origin: https://github.com/kkos/oniguruma/commit/0463e21432515631a9bc925ce5eb95b097c73719
-Origin: https://github.com/kkos/oniguruma/commit/db64ef3189f54917a5008a02bdb000adc514a90a
-Origin: https://github.com/kkos/oniguruma/commit/bfc36d3d8139b8be4d3df630d625c58687b0c7d4
-Origin: https://github.com/kkos/oniguruma/commit/778a43dd56925ed58bbe26e3a7bb8202d72c3f3f
-Origin: https://github.com/kkos/oniguruma/commit/b6cb7580a7e0c56fc325fe9370b9d34044910aed
-
-Reviewed-by: Sylvain Beucler <beuc@debian.org>
----
- regexec.c | 93 ++++++++++++++++++++++++++++++++++---------------------
- 1 file changed, 58 insertions(+), 35 deletions(-)
-
-diff --git a/regexec.c b/regexec.c
-index d200a3cc28..a988e35cd7 100644
---- a/regexec.c
-+++ b/regexec.c
-@@ -3912,14 +3912,14 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
-   }
- 
-   p = s;
--  if (reg->dmin > 0) {
-+  if (reg->dmin != 0) {
-+    if (end - p <= reg->dmin)
-+      return 0; /* fail */
-     if (ONIGENC_IS_SINGLEBYTE(reg->enc)) {
-       p += reg->dmin;
-     }
-     else {
-       UChar *q = p + reg->dmin;
--
--      if (q >= end) return 0; /* fail */
-       while (p < q) p += enclen(reg->enc, p, end);
-     }
-   }
-@@ -3956,7 +3956,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
-   }
- 
-   if (p && p < range) {
--    if (p - reg->dmin < s) {
-+    if (p - s < reg->dmin) {
-     retry_gate:
-       pprev = p;
-       p += enclen(reg->enc, p, end);
-@@ -4000,6 +4000,7 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
- 	  *low_prev = onigenc_get_prev_char_head(reg->enc,
- 						 (pprev ? pprev : str), p, end);
-       }
-+      *high = p;
-     }
-     else {
-       if (reg->dmax != ONIG_INFINITE_DISTANCE) {
-@@ -4024,9 +4025,12 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s,
- 	  }
- 	}
-       }
-+      /* no needs to adjust *high, *high is used as range check only */
-+      if (p - str < reg->dmin)
-+        *high = (UChar* )str;
-+      else
-+        *high = p - reg->dmin;
-     }
--    /* no needs to adjust *high, *high is used as range check only */
--    *high = p - reg->dmin;
- 
- #ifdef ONIG_DEBUG_SEARCH
-     fprintf(stderr,
-@@ -4053,7 +4057,6 @@ backward_search_range(regex_t* reg, const UChar* str, const UChar* end,
-     return 0;
-   }
- 
--  range += reg->dmin;
-   p = s;
- 
-  retry:
-@@ -4131,10 +4135,22 @@ backward_search_range(regex_t* reg, const UChar* str, const UChar* end,
-       }
-     }
- 
--    /* no needs to adjust *high, *high is used as range check only */
-     if (reg->dmax != ONIG_INFINITE_DISTANCE) {
--      *low  = p - reg->dmax;
--      *high = p - reg->dmin;
-+      if (p - str < reg->dmax)
-+        *low = (UChar* )str;
-+      else
-+        *low = p - reg->dmax;
-+
-+      if (reg->dmin != 0) {
-+        if (p - str < reg->dmin)
-+          *high = (UChar* )str;
-+        else
-+          *high = p - reg->dmin;
-+      }
-+      else {
-+        *high = p;
-+      }
-+
-       *high = onigenc_get_right_adjust_char_head(reg->enc, adjrange, *high, end);
-     }
- 
-@@ -4277,12 +4292,12 @@ onig_search_gpos(regex_t* reg, const UChar* str, const UChar* end,
- 	goto mismatch_no_msa;
- 
-       if (range > start) {
--	if ((OnigDistance )(min_semi_end - start) > reg->anchor_dmax) {
-+        if (min_semi_end - start > reg->anchor_dmax) {
- 	  start = min_semi_end - reg->anchor_dmax;
- 	  if (start < end)
- 	    start = onigenc_get_right_adjust_char_head(reg->enc, str, start, end);
- 	}
--	if ((OnigDistance )(max_semi_end - (range - 1)) < reg->anchor_dmin) {
-+        if (max_semi_end - (range - 1) < reg->anchor_dmin) {
- 	  range = max_semi_end - reg->anchor_dmin + 1;
- 	}
- 
-@@ -4291,12 +3306,16 @@ onig_search_gpos(regex_t* reg, const UChar* str, const UChar* end,
- 	   Backward search is used. */
-       }
-       else {
--	if ((OnigDistance )(min_semi_end - range) > reg->anchor_dmax) {
-+        if (min_semi_end - range > reg->anchor_dmax) {
- 	  range = min_semi_end - reg->anchor_dmax;
- 	}
--	if ((OnigDistance )(max_semi_end - start) < reg->anchor_dmin) {
--	  start = max_semi_end - reg->anchor_dmin;
--	  start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start, end);
-+	if (max_semi_end - start < reg->anchor_dmin) {
-+          if (max_semi_end - str < reg->anchor_dmin)
-+            goto mismatch_no_msa;
-+          else {
-+            start = max_semi_end - reg->anchor_dmin;
-+            start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, start, end);
-+          }
- 	}
- 	if (range > start) goto mismatch_no_msa;
-       }
-@@ -4375,15 +4394,19 @@ onig_search_gpos(regex_t* reg, const UChar* str, const UChar* end,
-     if (reg->optimize != ONIG_OPTIMIZE_NONE) {
-       UChar *sch_range, *low, *high, *low_prev;
- 
--      sch_range = (UChar* )range;
-       if (reg->dmax != 0) {
- 	if (reg->dmax == ONIG_INFINITE_DISTANCE)
- 	  sch_range = (UChar* )end;
- 	else {
--	  sch_range += reg->dmax;
--	  if (sch_range > end) sch_range = (UChar* )end;
-+          if ((end - range) < reg->dmax)
-+            sch_range = (UChar* )end;
-+          else {
-+            sch_range = (UChar* )range + reg->dmax;
-+          }
- 	}
-       }
-+      else
-+        sch_range = (UChar* )range;
- 
-       if ((end - start) < reg->threshold_len)
- 	goto mismatch;
-@@ -4440,18 +4463,28 @@ onig_search_gpos(regex_t* reg, const UChar* str, const UChar* end,
-   else {  /* backward search */
-     if (reg->optimize != ONIG_OPTIMIZE_NONE) {
-       UChar *low, *high, *adjrange, *sch_start;
-+      const UChar *min_range;
- 
-       if (range < end)
- 	adjrange = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc, str, range, end);
-       else
- 	adjrange = (UChar* )end;
- 
-+      if (end - range > reg->dmin)
-+        min_range = range + reg->dmin;
-+      else
-+        min_range = end;
-+
-       if (reg->dmax != ONIG_INFINITE_DISTANCE &&
- 	  (end - range) >= reg->threshold_len) {
- 	do {
--	  sch_start = s + reg->dmax;
--	  if (sch_start > end) sch_start = (UChar* )end;
--	  if (backward_search_range(reg, str, end, sch_start, range, adjrange,
-+          if (end - s > reg->dmax)
-+            sch_start = s + reg->dmax;
-+          else {
-+            sch_start = (UChar* )end;
-+          }
-+
-+	  if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
- 				    &low, &high) <= 0)
- 	    goto mismatch;
- 
-@@ -4469,19 +4502,9 @@ onig_search_gpos(regex_t* reg, const UChar* str, const UChar* end,
-       else { /* check only. */
- 	if ((end - range) < reg->threshold_len) goto mismatch;
- 
--	sch_start = s;
--	if (reg->dmax != 0) {
--	  if (reg->dmax == ONIG_INFINITE_DISTANCE)
--	    sch_start = (UChar* )end;
--	  else {
--	    sch_start += reg->dmax;
--	    if (sch_start > end) sch_start = (UChar* )end;
--	    else
--	      sch_start = ONIGENC_LEFT_ADJUST_CHAR_HEAD(reg->enc,
--						    start, sch_start, end);
--	  }
--	}
--	if (backward_search_range(reg, str, end, sch_start, range, adjrange,
-+	sch_start = onigenc_get_prev_char_head(reg->enc, str, end, end);
-+
-+	if (backward_search_range(reg, str, end, sch_start, min_range, adjrange,
- 				  &low, &high) <= 0) goto mismatch;
-       }
-     }

SOURCES/rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch

@@ -1,41 +0,0 @@
-From 5e09d632f3b56d85b2659ab47d5571ae9e270e10 Mon Sep 17 00:00:00 2001
-From: Xenor Chang <tubaxenor@gmail.com>
-Date: Mon, 28 Nov 2022 12:34:06 +0800
-Subject: [PATCH] Loosen the domain regex to accept '.' (#29)
-
-* Loosen the domain regex to accept '.'
-
-Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
----
- lib/cgi/cookie.rb           | 2 +-
- test/cgi/test_cgi_cookie.rb | 3 +++
- 2 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
-index 1a9c1a8..9498e2f 100644
---- a/lib/cgi/cookie.rb
-+++ b/lib/cgi/cookie.rb
-@@ -42,7 +42,7 @@ class Cookie < Array
-
-     TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
-     PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
--    DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
-+    DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
-
-     # Create a new CGI::Cookie object.
-     #
-diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
-index 6d31932..eadae45 100644
---- a/test/cgi/test_cgi_cookie.rb
-+++ b/test/cgi/test_cgi_cookie.rb
-@@ -65,6 +65,9 @@ class CGICookieTest < Test::Unit::TestCase
-     cookie = CGI::Cookie.new({'domain' => 'a.example.com'}.merge(h))
-     assert_equal('a.example.com', cookie.domain)
-
-+    cookie = CGI::Cookie.new(h.merge('domain'=>'.example.com'))
-+    assert_equal('.example.com', cookie.domain)
-+
-     cookie = CGI::Cookie.new({'domain'=>'1.example.com'}.merge(h))
-     assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
-

SOURCES/rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch

@@ -1,31 +0,0 @@
-From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001
-From: Sutou Kouhei <kou@clear-code.com>
-Date: Thu, 24 Oct 2024 14:45:31 +0900
-Subject: [PATCH] parser: fix a bug that &#0x...; is accepted as a character
- reference
-
----
- lib/rexml/parsers/baseparser.rb        | 10 +++++++---
- test/parse/test_character_reference.rb |  6 ++++++
- 2 files changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/lib/rexml/parsers/baseparser.rb b/lib/rexml/parsers/baseparser.rb
-index 7bd8adf..b4547ba 100644
---- a/lib/rexml/parsers/baseparser.rb
-+++ b/lib/rexml/parsers/baseparser.rb
-@@ -492,8 +492,12 @@ def unnormalize( string, entities=nil, filter=nil )
-         return rv if matches.size == 0
--        rv.gsub!( /&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/ ) {
-+        rv.gsub!( /&#((?:\d+)|(?:x[a-fA-F0-9]+));/ ) {
-           m=$1
--          m = "0#{m}" if m[0] == ?x
--          [Integer(m)].pack('U*')
-+          if m.start_with?("x")
-+            code_point = Integer(m[1..-1], 16)
-+          else
-+            code_point = Integer(m, 10)
-+          end
-+          [code_point].pack('U*')
-         }
-         matches.collect!{|x|x[0]}.compact!
-         if matches.size > 0

SOURCES/rubygem-strscan-1.0.2-Accept-String-as-a-pattern.patch

@@ -1,264 +0,0 @@
-From e56ac27d19cc3acdf6c1cb13b14224c43df5f5f6 Mon Sep 17 00:00:00 2001
-From: Kouhei Sutou <kou@clear-code.com>
-Date: Thu, 4 Apr 2019 17:52:50 +0900
-Subject: [PATCH] Accept String as a pattern
-
-It's only for head only match case such as StringScanner#scan.
-
-If we use a String as a pattern, we can improve match performance.
-Here is a result of the including benchmark. It shows String as a
-pattern is 1.25x faster than Regexp as a pattern.
-
-    % rake benchmark
-    /tmp/local/bin/ruby -S benchmark-driver benchmark/scan.yaml
-    Warming up --------------------------------------
-                  regexp    12.094M i/s -     12.242M times in 1.012250s (82.69ns/i, 277clocks/i)
-                  string    14.653M i/s -     14.889M times in 1.016124s (68.25ns/i, 252clocks/i)
-    Calculating -------------------------------------
-                  regexp    14.713M i/s -     36.281M times in 2.465970s (67.97ns/i, 254clocks/i)
-                  string    18.422M i/s -     43.959M times in 2.386255s (54.28ns/i, 201clocks/i)
-
-    Comparison:
-                  string:  18421631.8 i/s
-                  regexp:  14712660.7 i/s - 1.25x  slower
-
-====
-Backport https://github.com/ruby/strscan/pull/4 for strscan.
-
-REXML fixes for CVE-2024-35716 depend on this feature.
----
- ext/strscan/strscan.c              | 92 +++++++++++++++++++-----------
- test/strscan/test_stringscanner.rb | 45 ++++++++++++++-
- 2 files changed, 100 insertions(+), 37 deletions(-)
-
-diff --git a/ext/strscan/strscan.c b/ext/strscan/strscan.c
-index d6168a0d4f..43319b672e 100644
---- a/ext/strscan/strscan.c
-+++ b/ext/strscan/strscan.c
-@@ -447,15 +447,18 @@ strscan_set_pos(VALUE self, VALUE v)
- }
- 
- static VALUE
--strscan_do_scan(VALUE self, VALUE regex, int succptr, int getstr, int headonly)
-+strscan_do_scan(VALUE self, VALUE pattern, int succptr, int getstr, int headonly)
- {
--    regex_t *rb_reg_prepare_re(VALUE re, VALUE str);
-     struct strscanner *p;
--    regex_t *re;
--    long ret;
--    int tmpreg;
- 
--    Check_Type(regex, T_REGEXP);
-+    if (headonly) {
-+        if (!RB_TYPE_P(pattern, T_REGEXP)) {
-+            StringValue(pattern);
-+        }
-+    }
-+    else {
-+        Check_Type(pattern, T_REGEXP);
-+    }
-     GET_SCANNER(self, p);
- 
-     CLEAR_MATCH_STATUS(p);
-@@ -463,37 +466,55 @@ strscan_do_scan(VALUE self, VALUE regex, int succptr, int getstr, int headonly)
-         return Qnil;
-     }
- 
--    p->regex = regex;
--    re = rb_reg_prepare_re(regex, p->str);
--    tmpreg = re != RREGEXP_PTR(regex);
--    if (!tmpreg) RREGEXP(regex)->usecnt++;
-+    if (RB_TYPE_P(pattern, T_REGEXP)) {
-+        regex_t *rb_reg_prepare_re(VALUE re, VALUE str);
-+        regex_t *re;
-+        long ret;
-+        int tmpreg;
-+
-+        p->regex = pattern;
-+        re = rb_reg_prepare_re(pattern, p->str);
-+        tmpreg = re != RREGEXP_PTR(pattern);
-+        if (!tmpreg) RREGEXP(pattern)->usecnt++;
-+
-+        if (headonly) {
-+            ret = onig_match(re, (UChar* )CURPTR(p),
-+                             (UChar* )(CURPTR(p) + S_RESTLEN(p)),
-+                             (UChar* )CURPTR(p), &(p->regs), ONIG_OPTION_NONE);
-+        }
-+        else {
-+            ret = onig_search(re,
-+                              (UChar* )CURPTR(p), (UChar* )(CURPTR(p) + S_RESTLEN(p)),
-+                              (UChar* )CURPTR(p), (UChar* )(CURPTR(p) + S_RESTLEN(p)),
-+                              &(p->regs), ONIG_OPTION_NONE);
-+        }
-+        if (!tmpreg) RREGEXP(pattern)->usecnt--;
-+        if (tmpreg) {
-+            if (RREGEXP(pattern)->usecnt) {
-+                onig_free(re);
-+            }
-+            else {
-+                onig_free(RREGEXP_PTR(pattern));
-+                RREGEXP_PTR(pattern) = re;
-+            }
-+        }
- 
--    if (headonly) {
--        ret = onig_match(re, (UChar* )CURPTR(p),
--                         (UChar* )(CURPTR(p) + S_RESTLEN(p)),
--                         (UChar* )CURPTR(p), &(p->regs), ONIG_OPTION_NONE);
-+        if (ret == -2) rb_raise(ScanError, "regexp buffer overflow");
-+        if (ret < 0) {
-+            /* not matched */
-+            return Qnil;
-+        }
-     }
-     else {
--        ret = onig_search(re,
--                          (UChar* )CURPTR(p), (UChar* )(CURPTR(p) + S_RESTLEN(p)),
--                          (UChar* )CURPTR(p), (UChar* )(CURPTR(p) + S_RESTLEN(p)),
--                          &(p->regs), ONIG_OPTION_NONE);
--    }
--    if (!tmpreg) RREGEXP(regex)->usecnt--;
--    if (tmpreg) {
--        if (RREGEXP(regex)->usecnt) {
--            onig_free(re);
-+        rb_enc_check(p->str, pattern);
-+        if (S_RESTLEN(p) < RSTRING_LEN(pattern)) {
-+            return Qnil;
-         }
--        else {
--            onig_free(RREGEXP_PTR(regex));
--            RREGEXP_PTR(regex) = re;
-+        if (memcmp(CURPTR(p), RSTRING_PTR(pattern), RSTRING_LEN(pattern)) != 0) {
-+            return Qnil;
-         }
--    }
--
--    if (ret == -2) rb_raise(ScanError, "regexp buffer overflow");
--    if (ret < 0) {
--        /* not matched */
--        return Qnil;
-+        onig_region_clear(&(p->regs));
-+        onig_region_set(&(p->regs), 0, 0, RSTRING_LEN(pattern));
-     }
- 
-     MATCHED(p);
-@@ -520,7 +541,8 @@ strscan_do_scan(VALUE self, VALUE regex, int succptr, int getstr, int headonly)
-  *   p s.scan(/\w+/)   # -> "test"
-  *   p s.scan(/\w+/)   # -> nil
-  *   p s.scan(/\s+/)   # -> " "
-- *   p s.scan(/\w+/)   # -> "string"
-+ *   p s.scan("str")   # -> "str"
-+ *   p s.scan(/\w+/)   # -> "ing"
-  *   p s.scan(/./)     # -> nil
-  *
-  */
-@@ -539,6 +561,7 @@ strscan_scan(VALUE self, VALUE re)
-  *   s = StringScanner.new('test string')
-  *   p s.match?(/\w+/)   # -> 4
-  *   p s.match?(/\w+/)   # -> 4
-+ *   p s.match?("test")  # -> 4
-  *   p s.match?(/\s+/)   # -> nil
-  */
- static VALUE
-@@ -560,7 +583,8 @@ strscan_match_p(VALUE self, VALUE re)
-  *   p s.skip(/\w+/)   # -> 4
-  *   p s.skip(/\w+/)   # -> nil
-  *   p s.skip(/\s+/)   # -> 1
-- *   p s.skip(/\w+/)   # -> 6
-+ *   p s.skip("st")    # -> 2
-+ *   p s.skip(/\w+/)   # -> 4
-  *   p s.skip(/./)     # -> nil
-  *
-  */
-diff --git a/test/strscan/test_stringscanner.rb b/test/strscan/test_stringscanner.rb
-index 3423f9cfed..63b1ce1f9b 100644
---- a/test/strscan/test_stringscanner.rb
-+++ b/test/strscan/test_stringscanner.rb
-@@ -282,6 +282,22 @@ def test_scan
-     assert_equal "", s.scan(//)
-   end
- 
-+  def test_scan_string
-+    s = StringScanner.new('stra strb strc')
-+    assert_equal 'str', s.scan('str')
-+    assert_equal 'str', s[0]
-+    assert_equal 3, s.pos
-+    assert_equal false, s.tainted?
-+    assert_equal 'a ', s.scan('a ')
-+
-+    str = 'stra strb strc'.dup
-+    str.taint
-+    s = StringScanner.new(str, false)
-+    matched = s.scan('str')
-+    assert_equal 'str', matched
-+    assert_equal true, matched.tainted?
-+  end
-+
-   def test_skip
-     s = StringScanner.new('stra strb strc', true)
-     assert_equal 4, s.skip(/\w+/)
-@@ -367,8 +383,10 @@ def test_matched
-     assert_equal false, s.matched.tainted?
-     s.scan(/\s+/)
-     assert_equal ' ', s.matched
-+    s.scan('st')
-+    assert_equal 'st', s.matched
-     s.scan(/\w+/)
--    assert_equal 'strb', s.matched
-+    assert_equal 'rb', s.matched
-     s.scan(/\s+/)
-     assert_equal ' ', s.matched
-     s.scan(/\w+/)
-@@ -483,7 +501,7 @@ def test_pre_match
-     s.skip(/\s/)
-     assert_equal 'a', s.pre_match
-     assert_equal false, s.pre_match.tainted?
--    s.scan(/\w/)
-+    s.scan('b')
-     assert_equal 'a ', s.pre_match
-     s.scan_until(/c/)
-     assert_equal 'a b ', s.pre_match
-@@ -513,7 +531,7 @@ def test_post_match
-     assert_equal ' b c d e', s.post_match
-     s.skip(/\s/)
-     assert_equal 'b c d e', s.post_match
--    s.scan(/\w/)
-+    s.scan('b')
-     assert_equal ' c d e', s.post_match
-     s.scan_until(/c/)
-     assert_equal ' d e', s.post_match
-@@ -589,6 +607,20 @@ def test_encoding
-     assert_equal(Encoding::EUC_JP, ss.scan(/./e).encoding)
-   end
- 
-+  def test_encoding_string
-+    str = "\xA1\xA2".dup.force_encoding("euc-jp")
-+    ss = StringScanner.new(str)
-+    assert_equal(str.dup, ss.scan(str.dup))
-+  end
-+
-+  def test_invalid_encoding_string
-+    str = "\xA1\xA2".dup.force_encoding("euc-jp")
-+    ss = StringScanner.new(str)
-+    assert_raise(Encoding::CompatibilityError) do
-+      ss.scan(str.encode("UTF-8"))
-+    end
-+  end
-+
-   def test_generic_regexp
-     ss = StringScanner.new("\xA1\xA2".dup.force_encoding("euc-jp"))
-     t = ss.scan(/./)
-@@ -643,6 +675,13 @@ def test_exist_p
-     assert_equal(nil, s.exist?(/e/))
-   end
- 
-+  def test_exist_p_string
-+    s = StringScanner.new("test string")
-+    assert_raise(TypeError) do
-+      s.exist?(" ")
-+    end
-+  end
-+
-   def test_skip_until
-     s = StringScanner.new("Foo Bar Baz")
-     assert_equal(3, s.skip_until(/Foo/))

SPECS/ruby.spec

@@ -21,7 +21,7 @@
 %endif
 
 
-%global release 114
+%global release 107
 
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
@@ -75,7 +75,7 @@
 Summary: An interpreter of object-oriented scripting language
 Name: ruby
 Version: %{ruby_version}
-Release: %{release_string}
+Release: %{release_string}.alma
 Group: Development/Languages
 # Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
 # MIT and CCO: ccan/*
@@ -103,8 +103,8 @@ Source14: test_systemtap.rb
 
 # The load directive is supported since RPM 4.12, i.e. F21+. The build process
 # fails on older Fedoras.
-%{load:%{SOURCE4}}
-%{load:%{SOURCE5}}
+%{?load:%{SOURCE4}}
+%{?load:%{SOURCE5}}
 
 # Fix ruby_version abuse.
 # https://bugs.ruby-lang.org/issues/11002
@@ -130,9 +130,10 @@ Patch6: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
 # Use miniruby to regenerate prelude.c.
 # https://bugs.ruby-lang.org/issues/10554
 Patch7: ruby-2.2.3-Generate-preludes-using-miniruby.patch
-# Fix a fiddle import test on an optimized glibc on Power 9.
-# https://bugs.ruby-lang.org/issues/12666#note-13
-Patch9: ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch
+# Workaround "an invalid stdio handle" error on PPC, due to recently introduced
+# hardening features of glibc (rhbz#1361037).
+# https://bugs.ruby-lang.org/issues/12666
+Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
 # Add Gem.operating_system_defaults to allow packagers to override defaults.
 # https://github.com/rubygems/rubygems/pull/2116
 Patch10: ruby-2.5.0-Add-Gem.operating_system_defaults.patch
@@ -175,107 +176,11 @@ Patch27: ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch
 Patch28: ruby-2.5.9-revert-stop-the-error-due-to-openssl-1-1-1h.patch
 # Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
 # contains leading zero
-# https://bugzilla.redhat.com/show_bug.cgi?id=1950308
+# https://bugzilla.redhat.com/show_bug.cgi?id=1955010
 Patch29: ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch
-# Fix CVE-2021-31799 rdoc: Command injection vulnerability in RDoc.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1980839
-Patch30: ruby-2.6.8-rdoc-6.1.2.1-command-injection-vulnerability.patch
-# Fix CVE-2021-32066 StartTLS stripping vulnerability in Net::IMAP.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1980830
-Patch31: ruby-2.6.8-net-imap-startls-stripping-vulnerability.patch
-# Fix CVE-2021-31810 FTP PASV command response can cause Net::FTP to connect
-# to arbitrary host.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1980825
-Patch32: ruby-2.6.8-net-ftp-pasv-can-connect-to-arbitrary-host.patch
-# CVE-2021-41817: Fix by adding a length limit option for methods that parses
-# date strings.
-# https://bugzilla.redhat.com/show_bug.cgi?id=2025104
-# https://github.com/ruby/date/commit/4f9b8e946ba98f0a1774f8e677baa4a45637ebb3
-Patch33: ruby-2.6.9-date-2.0.1-parse-length-limit.patch
-# CVE-2021-41819: CGI::Cookie.parse that no longer decodes cookie names to
-# prevent spoofing security prefixes in cookie names.
-# https://bugzilla.redhat.com/show_bug.cgi?id=2026757
-# https://github.com/ruby/ruby/commit/02c341c9bc5879eae568ed2ba02cf227ed948199
-# https://github.com/ruby/cgi/commit/84dedc6fbb2a210ec070c35bc607b89003701fa2
-Patch34: ruby-2.6.9-cgi-0.1.1-cookie-parse-not-decode-names.patch
-# Fix rdoc nil token parsing
-# https://github.com/ruby/rdoc/commit/a1631aa98a67112d96ac101c72909fdeec6f84f9
-Patch35: ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch
-# Fix Time Zone Database 2022g.
-# https://bugs.ruby-lang.org/issues/19187
-# https://github.com/ruby/ruby/commit/a1124dc162810f86cb0bff58cde24064cfc561bc
-Patch36: ruby-3.1.3-Fix-for-tzdata-2022g.patch
-# Bypass git submodule test failure on Git >= 2.38.1.
-# https://github.com/ruby/ruby/pull/6587
-Patch37: ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch
-# CVE-2021-33621: HTTP response splitting in CGI.
-# Backported from:
-# https://github.com/ruby/ruby/commit/7cf697179dab52b0d024543304f4d3ab5fa5e847
-Patch38: ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch
-# Let cookies use leading dot in the domain after fixing CVE-2021-33621
-# to retain compatibility.
-# https://github.com/ruby/cgi/commit/5e09d632f3b56d85b2659ab47d5571ae9e270e10
-Patch39: rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch
-# CVE-2022-28739: Buffer overrun in String-to-Float conversion.
-# Backported from:
-# https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306
-Patch40: ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch
-# CVE-2023-28755 ReDoS vulnerability in URI.
-# Backported from:
-# https://github.com/ruby/ruby/commit/6855779d580358a6a0b4c9ee06f20e7cae72955a
-Patch41: ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
-# CVE-2023-28756 ReDoS vulnerability in Time.
-# Tests not included as assert_linear_time was introduced in Ruby 2.7.
-# Backported from:
-# https://github.com/ruby/ruby/commit/2cb830602f52e7e76c6781115e7938b21f881c4f
-# https://github.com/ruby/ruby/commit/e3f18f7d2e034f20053d7bf2fc7a50f8b7e1a27a
-Patch42: ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
-# Fix net-http test errors due to expired certificate
-# https://github.com/ruby/ruby/commit/d3933fc753187a055a4904af82f5f3794c88c416
-# https://bugs.ruby-lang.org/issues/20106
-Patch43: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch
-# CVE-2023-36617 ReDoS vulnerability - upstream's incomplete fix
-# for CVE-2023-28755.
-# Tests not included as assert_linear_time was introduced in Ruby 2.7.
-# https://github.com/ruby/ruby/commit/616926b55e306a0704254a7ddfd6e9834d06c7f2
-Patch44: ruby-3.0.7-Fix-CVE-2023-36617-Upstreams-incomplete-fix-for-CVE-2023-28755.patch
-# CVE-2024-27280 Buffer overread vulnerability in StringIO.
-# Backported from:
-# https://github.com/ruby/ruby/commit/bd9424c71c15896a997d5a092bf5e1ed453defa6
-Patch45: ruby-3.0.7-Fix-CVE-2024-27280-Buffer-overread-in-StringIO.patch
-# CVE-2024-27281 RCE vulnerability with .rdoc_options in RDoc.
-# Backported from:
-# https://github.com/ruby/ruby/commit/7957a25edf844c966de45848fa7e9e2513955660
-Patch46: ruby-3.0.7-Fix-CVE-2024-27281-RCE-vulnerability-with-rdoc_options.patch
-# CVE-2024-27282 Arbitrary memory address read vulnerability with Regex search.
-# Backported from:
-# https://github.com/ruby/ruby/commit/6c6dca749d3f732b7be04bae20095a040c50fdb8
-Patch47: ruby-3.0.7-Fix-CVE-2024-27282-Memory-address-read-with-Regex.patch
-# Fix for REXML CVE-2024-35176 depends on being able to pass a string to the
-# scan method in addition to a regex.
-# https://github.com/ruby/strscan/pull/4
-Patch48: rubygem-strscan-1.0.2-Accept-String-as-a-pattern.patch
-# CVE-2024-35176 REXML: DoS parsing an XML with many `<`s in an attribute value.
-# The actual fix for the CVE is https://github.com/ruby/rexml/pull/126 ,
-# but that PR is depending on the content of a few previous PRs and commits.
-# https://github.com/ruby/rexml/commit/694239f0855668c986feba6f1b395ecd94a1f0bc
-# https://github.com/ruby/rexml/commit/810d2285235d5501a0a124f300832e6e9515da3c
-# https://github.com/ruby/rexml/commit/77128555476cb0db798e2912fb3a07d6411dc320
-# https://github.com/ruby/rexml/commit/370666e314816b57ecd5878e757224c3b6bc93f5
-# https://github.com/ruby/rexml/commit/0496940d5998ccbc50d16fb734993ab50fc60c2d
-# https://github.com/ruby/rexml/commit/4325835f92f3f142ebd91a3fdba4e1f1ab7f1cfb
-# https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420
-Patch49: rubygem-rexml-3.2.9-Fix-CVE-2024-35176-DoS-in-REXML.patch
-# Tests not included, this Ruby release does not include the specific
-# test file to patch.
-# https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
-Patch50: rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch
-# CVE-2019-19012 oniguruma: integer overflow in search_in_range function in
-# regexec.c leads to out-of-bounds read.
-# https://github.com/kkos/oniguruma/issues/164#issuecomment-558134827
-# https://issues.redhat.com/browse/RHEL-87505
-Patch51: ruby-3.5.0-fix-164-Integer-overflow-related-to-reg-dmax-in-sear.patch
 
+# AlmaLinux
+Patch100: ruby-2.5.9-skip-test_execopts_gid.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -675,28 +580,9 @@ sed -i 's/"evaluation\/incorrect_words.yaml"\.freeze, //' \
 %patch27 -p1
 %patch28 -p1 -R
 %patch29 -p1
-%patch30 -p1
-%patch31 -p1
-%patch32 -p1
-%patch33 -p1
-%patch34 -p1
-%patch35 -p1
-%patch36 -p1
-%patch37 -p1
-%patch38 -p1
-%patch39 -p1
-%patch40 -p1
-%patch41 -p1
-%patch42 -p1
-%patch43 -p1
-%patch44 -p1
-%patch45 -p1
-%patch46 -p1
-%patch47 -p1
-%patch48 -p1
-%patch49 -p1
-%patch50 -p1
-%patch51 -p1
+%ifarch aarch64
+%patch100 -p1
+%endif
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -922,18 +808,6 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/test_segv_\(setproctitle\|test\|loaded_featur
 # https://bugs.ruby-lang.org/issues/14175
 sed -i '/def test_mdns_each_address$/,/^  end$/ s/^/#/' test/resolv/test_mdns.rb
 
-# Provide workaround for s390x zlib errors in tests on RHEL 8.
-# The library works, but there seems to be chip acceleration used
-# resulting in failing asserts against hardcoded values that were
-# created for a different algorithm than is the default on that platform.
-# Fix taken from:
-# https://github.com/ruby/zlib/commit/280a1b5905d752af25e9f09e6511388cb4260eb2
-%ifarch s390x
-  # Force chip acceleration off.
-  # https://www.ibm.com/docs/en/linux-on-systems?topic=o-applications-2
-  export DFLTCC=0
-%endif
-
 # For now, disable test incompatible with OpenSSL 1.1.1:
 # https://github.com/rubygems/rubygems/issues/2388
 DISABLE_TESTS="$DISABLE_TESTS -n !/test_do_not_allow_invalid_client_cert_auth_connection/"
@@ -1261,73 +1135,16 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
 
 %changelog
-* Mon May 05 2025 Vít Ondruch <vondruch@redhat.com> - 2.5.9-114
-- Fix integer overflow in search_in_range function in regexec.c (CVE-2019-19012).
-  Resolves: RHEL-87505
-
-* Tue Nov 26 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-113
-- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
-  Resolves: RHEL-68515
-
-* Tue May 21 2024 Jarek Prokop <jprokop@redhat.com> - 2.5.9-112
-- Fix ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755.
-  (CVE-2023-36617)
-  Resolves: RHEL-5614
-- Fix Buffer overread vulnerability in StringIO.
-  (CVE-2024-27280)
-  Resolves: RHEL-34125
-- Fix RCE vulnerability with .rdoc_options in RDoc.
-  (CVE-2024-27281)
-  Resolves: RHEL-34117
-- Fix Arbitrary memory address read vulnerability with Regex search.
-  (CVE-2024-27282)
-  Resolves: RHEL-33867
-- Fix REXML DoS parsing an XML with many `<`s in an attribute value.
-  (CVE-2024-35176)
-  Resolves: RHEL-37877
-
-* Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111
-- Fix HTTP response splitting in CGI.
-  Resolves: CVE-2021-33621
-- Fix Buffer overrun in String-to-Float conversion.
-  Resolves: CVE-2022-28739
-- Fix ReDoS vulnerability in URI.
-  Resolves: CVE-2023-28755
-- Fix ReDoS vulnerability in Time.
-  Resolves: CVE-2023-28756
-
-* Thu May 25 2023 Todd Zullinger <tmz@pobox.com> - 2.5.9-111
-- Fix rdoc parsing of nil text tokens.
-  Resolves: rhbz#2210326
-
-* Fri Jul 08 2022 Jun Aruga <jaruga@redhat.com> - 2.5.9-110
-- Fix FTBFS due to an incompatible load directive.
-- Fix a fiddle import test on an optimized glibc on Power 9.
-- Fix by adding length limit option for methods that parses date strings.
-  Resolves: CVE-2021-41817
-- CGI::Cookie.parse no longer decodes cookie names to prevent spoofing security
-  prefixes in cookie names.
-  Resolves: CVE-2021-41819
-
-* Wed Feb 16 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-109
-- Properly fix command injection vulnerability in Rdoc.
-  Related: CVE-2021-31799
-
-* Wed Feb 09 2022 Jarek Prokop <jprokop@redhat.com> - 2.5.9-108
-- Fix command injection vulnerability in RDoc.
-  Resolves: CVE-2021-31799
-- Fix StartTLS stripping vulnerability in Net::IMAP
-  Resolves: CVE-2021-32066
-- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
-  Resolves: CVE-2021-31810
+* Wed Jul 07 2021 Sergey Fokin <sfokin@cloudlinux.com> - 2.5.9-107.alma
+- skip test_execopts_gid for ARM64
 
 * Mon Apr 19 2021 Pavel Valena <pvalena@redhat.com> - 2.5.9-107
 - Update to Ruby 2.5.9.
   * Remove Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch; subsumed
-  Resolves: rhbz#1757844
+  Resolves: rhbz#1952626
 - Resolv::DNS: timeouts if multiple IPv6 name servers are given and address
   contains leading zero
-  Resolves: rhbz#1950308
+  Resolves: rhbz#1955010
 
 * Mon Jun 22 2020 Pavel Valena <pvalena@redhat.com> - 2.5.5-106
 - Remove file with non-commercial license from did_you_mean gem.