From 4d789c20d238e6e34d3d486db37d8b34ad5f0f60 Mon Sep 17 00:00:00 2001
From: Renbo <rb01097748@alibaba-inc.com>
Date: Thu, 14 Dec 2023 11:09:28 +0800
Subject: [PATCH 1/3] update to ruby-2.5.9-111

Signed-off-by: Renbo <rb01097748@alibaba-inc.com>
---
 ...-the-fact-that-lchmod-can-EOPNOTSUPP.patch |  91 -----
 ...0-Moved-not-implemented-method-tests.patch | 128 -------
 ..._bug_reporter_add-witout-raising-err.patch |  34 --
 ....6.0-rdoc-6.0.2-check-nil-text-token.patch |  69 ++++
 ...22-28739-Buffer-overrun-in-str2float.patch |  73 ++++
 ...33621-HTTP-response-splitting-in-CGI.patch | 328 ++++++++++++++++++
 ...023-28755-ReDos-vulnerability-in-URI.patch |  52 +++
 ...23-28756-ReDoS-vulnerability-in-Time.patch |  41 +++
 ruby-3.1.3-Fix-for-tzdata-2022g.patch         |  70 ++++
 ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch |  27 ++
 ruby.spec                                     |  79 +++--
 ...oosen-the-domain-regex-to-accept-dot.patch |  41 +++
 12 files changed, 756 insertions(+), 277 deletions(-)
 delete mode 100644 1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
 delete mode 100644 1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
 delete mode 100644 1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
 create mode 100644 ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch
 create mode 100644 ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch
 create mode 100644 ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch
 create mode 100644 ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
 create mode 100644 ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
 create mode 100644 ruby-3.1.3-Fix-for-tzdata-2022g.patch
 create mode 100644 ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch
 create mode 100644 rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch

diff --git a/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch b/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
deleted file mode 100644
index 42f47a9..0000000
--- a/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 29d9f866f686e81818fb9cf402c4fb479decb282 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=E5=8D=9C=E9=83=A8=E6=98=8C=E5=B9=B3?=
- <shyouhei@ruby-lang.org>
-Date: Thu, 23 Jan 2020 15:33:42 +0900
-Subject: [PATCH 1/2] brace the fact that lchmod(2) can EOPNOTSUPP
-
-Musl libc has this function as a tiny wrapper of fchmodat(3posix).  On
-the other hand Linux kernel does not support changing modes of a symlink.
-The operation always fails with EOPNOTSUPP.  This fchmodat behaviour is
-defined in POSIX.  We have to take care of such exceptions.
----
- lib/fileutils.rb               |  3 ++-
- test/pathname/test_pathname.rb |  2 +-
- test/ruby/test_notimp.rb       | 19 ++++++++++++-------
- 3 files changed, 15 insertions(+), 9 deletions(-)
-
-diff --git a/lib/fileutils.rb b/lib/fileutils.rb
-index f56d7f9cb9..1a02d5435e 100644
---- a/lib/fileutils.rb
-+++ b/lib/fileutils.rb
-@@ -1242,6 +1242,7 @@ def chmod(mode)
-       else
-         File.chmod mode, path()
-       end
-+    rescue Errno::EOPNOTSUPP
-     end
- 
-     def chown(uid, gid)
-@@ -1317,7 +1318,7 @@ def copy_metadata(path)
-       if st.symlink?
-         begin
-           File.lchmod mode, path
--        rescue NotImplementedError
-+        rescue NotImplementedError, Errno::EOPNOTSUPP
-         end
-       else
-         File.chmod mode, path
-diff --git a/test/pathname/test_pathname.rb b/test/pathname/test_pathname.rb
-index 8a72b8026d..e381d3fa58 100644
---- a/test/pathname/test_pathname.rb
-+++ b/test/pathname/test_pathname.rb
-@@ -823,7 +823,7 @@ def test_lchmod
-       old = path.lstat.mode
-       begin
-         path.lchmod(0444)
--      rescue NotImplementedError
-+      rescue NotImplementedError, Errno::EOPNOTSUPP
-         next
-       end
-       assert_equal(0444, path.lstat.mode & 0777)
-diff --git a/test/ruby/test_notimp.rb b/test/ruby/test_notimp.rb
-index ddebb657bf..daa5a82d7b 100644
---- a/test/ruby/test_notimp.rb
-+++ b/test/ruby/test_notimp.rb
-@@ -13,11 +13,11 @@ def test_respond_to_fork
- 
-   def test_respond_to_lchmod
-     assert_include(File.methods, :lchmod)
--    if /linux/ =~ RUBY_PLATFORM
--      assert_equal(false, File.respond_to?(:lchmod))
--    end
--    if /freebsd/ =~ RUBY_PLATFORM
-+    case RUBY_PLATFORM
-+    when /freebsd/, /linux-musl/
-       assert_equal(true, File.respond_to?(:lchmod))
-+    when /linux/
-+      assert_equal(false, File.respond_to?(:lchmod))
-     end
-   end
- 
-@@ -57,9 +57,14 @@ def test_call_lchmod
-         File.open(f, "w") {}
-         File.symlink f, g
-         newmode = 0444
--        File.lchmod newmode, "#{d}/g"
--        snew = File.lstat(g)
--        assert_equal(newmode, snew.mode & 0777)
-+        begin
-+          File.lchmod newmode, "#{d}/g"
-+        rescue Errno::EOPNOTSUPP
-+          skip $!
-+        else
-+          snew = File.lstat(g)
-+          assert_equal(newmode, snew.mode & 0777)
-+        end
-       }
-     end
-   end
--- 
-2.26.2
-
diff --git a/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch b/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
deleted file mode 100644
index 72d09bc..0000000
--- a/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From 5400fc3c67446e2f7f35ea317c596e71f0cb1ca4 Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Fri, 28 Feb 2020 21:15:37 +0900
-Subject: [PATCH 2/2] Moved not-implemented method tests [Bug #16662]
-
-Test not-implemented method with the dedicated methods, instead of
-platform dependent features.
----
- test/-ext-/test_notimplement.rb |  7 +++
- test/ruby/test_notimp.rb        | 90 ---------------------------------
- 2 files changed, 7 insertions(+), 90 deletions(-)
- delete mode 100644 test/ruby/test_notimp.rb
-
-diff --git a/test/-ext-/test_notimplement.rb b/test/-ext-/test_notimplement.rb
-index 0eba7bdaf8..be8c3623cc 100644
---- a/test/-ext-/test_notimplement.rb
-+++ b/test/-ext-/test_notimplement.rb
-@@ -10,6 +10,11 @@ def test_funcall_notimplement
-   end
- 
-   def test_respond_to
-+    assert_include(Bug.methods(false), :notimplement)
-     assert_not_respond_to(Bug, :notimplement)
-   end
-+
-+  def test_method_inspect_notimplement
-+    assert_match(/not-implemented/, Bug.method(:notimplement).inspect)
-+  end
- end
-diff --git a/test/ruby/test_notimp.rb b/test/ruby/test_notimp.rb
-deleted file mode 100644
-index daa5a82d7b..0000000000
---- a/test/ruby/test_notimp.rb
-+++ /dev/null
-@@ -1,90 +0,0 @@
--# frozen_string_literal: false
--require 'test/unit'
--require 'timeout'
--require 'tmpdir'
--
--class TestNotImplement < Test::Unit::TestCase
--  def test_respond_to_fork
--    assert_include(Process.methods, :fork)
--    if /linux/ =~ RUBY_PLATFORM
--      assert_equal(true, Process.respond_to?(:fork))
--    end
--  end
--
--  def test_respond_to_lchmod
--    assert_include(File.methods, :lchmod)
--    case RUBY_PLATFORM
--    when /freebsd/, /linux-musl/
--      assert_equal(true, File.respond_to?(:lchmod))
--    when /linux/
--      assert_equal(false, File.respond_to?(:lchmod))
--    end
--  end
--
--  def test_call_fork
--    GC.start
--    pid = nil
--    ps =
--      case RUBY_PLATFORM
--      when /linux/ # assume Linux Distribution uses procps
--        proc {`ps -eLf #{pid}`}
--      when /freebsd/
--        proc {`ps -lH #{pid}`}
--      when /darwin/
--        proc {`ps -lM #{pid}`}
--      else
--        proc {`ps -l #{pid}`}
--      end
--    assert_nothing_raised(Timeout::Error, ps) do
--      Timeout.timeout(EnvUtil.apply_timeout_scale(5)) {
--        pid = fork {}
--        Process.wait pid
--        pid = nil
--      }
--    end
--  ensure
--    if pid
--      Process.kill(:KILL, pid)
--      Process.wait pid
--    end
--  end if Process.respond_to?(:fork)
--
--  def test_call_lchmod
--    if File.respond_to?(:lchmod)
--      Dir.mktmpdir {|d|
--        f = "#{d}/f"
--        g = "#{d}/g"
--        File.open(f, "w") {}
--        File.symlink f, g
--        newmode = 0444
--        begin
--          File.lchmod newmode, "#{d}/g"
--        rescue Errno::EOPNOTSUPP
--          skip $!
--        else
--          snew = File.lstat(g)
--          assert_equal(newmode, snew.mode & 0777)
--        end
--      }
--    end
--  end
--
--  def test_method_inspect_fork
--    m = Process.method(:fork)
--    if Process.respond_to?(:fork)
--      assert_not_match(/not-implemented/, m.inspect)
--    else
--      assert_match(/not-implemented/, m.inspect)
--    end
--  end
--
--  def test_method_inspect_lchmod
--    m = File.method(:lchmod)
--    if File.respond_to?(:lchmod)
--      assert_not_match(/not-implemented/, m.inspect)
--    else
--      assert_match(/not-implemented/, m.inspect)
--    end
--  end
--
--end
--- 
-2.26.2
-
diff --git a/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch b/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
deleted file mode 100644
index b7ea046..0000000
--- a/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 9b42fce32bff25e0569581f76f532b9d57865aef Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Mon, 27 Jul 2020 14:56:05 +0200
-Subject: [PATCH] Timeout the test_bug_reporter_add witout raising error.
-
-While timeouting the threads might be still good idea, it does not seems
-the timeout impacts the TestBugReporter#test_bug_reporter_add result,
-because the output of the child process has been already collected
-earlier.
-
-It seems that when the system is under heavy load, the thread might not
-be sheduled to finish its processing. Even finishing the child process
-might take tens of seconds and therefore the test case finish might take
-a while.
----
- test/-ext-/bug_reporter/test_bug_reporter.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/-ext-/bug_reporter/test_bug_reporter.rb b/test/-ext-/bug_reporter/test_bug_reporter.rb
-index 628fcd0340..2c677cc8a7 100644
---- a/test/-ext-/bug_reporter/test_bug_reporter.rb
-+++ b/test/-ext-/bug_reporter/test_bug_reporter.rb
-@@ -17,7 +17,7 @@ def test_bug_reporter_add
-     args = ["--disable-gems", "-r-test-/bug_reporter",
-             "-C", tmpdir]
-     stdin = "register_sample_bug_reporter(12345); Process.kill :SEGV, $$"
--    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT")
-+    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT", timeout_error: nil)
-   ensure
-     FileUtils.rm_rf(tmpdir) if tmpdir
-   end
--- 
-2.27.0
-
diff --git a/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch b/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch
new file mode 100644
index 0000000..325a6bf
--- /dev/null
+++ b/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch
@@ -0,0 +1,69 @@
+From 9d98bfe7f1abdeda5aedf9404588104980ee7a86 Mon Sep 17 00:00:00 2001
+From: aycabta <aycabta@gmail.com>
+Date: Mon, 15 Jan 2018 22:32:56 +0900
+Subject: [PATCH] Check nil text token
+
+Sometimes :on_ignored_nl token has nil text. This commit checks and
+bypasses the token.
+---
+ lib/rdoc/parser/ripper_state_lex.rb |  4 +++-
+ test/test_rdoc_parser_ruby.rb       | 30 +++++++++++++++++++++++++++++
+ 2 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/lib/rdoc/parser/ripper_state_lex.rb b/lib/rdoc/parser/ripper_state_lex.rb
+index 2a285b97a4..c56cef46ee 100644
+--- a/lib/rdoc/parser/ripper_state_lex.rb
++++ b/lib/rdoc/parser/ripper_state_lex.rb
+@@ -330,8 +330,10 @@ class RDoc::RipperStateLex
+       @heredoc_queue << retrieve_heredoc_info(tk)
+       @inner_lex.lex_state = EXPR_END unless RIPPER_HAS_LEX_STATE
+     when :on_nl, :on_ignored_nl, :on_comment, :on_heredoc_end then
+-      unless @heredoc_queue.empty?
++      if !@heredoc_queue.empty?
+         get_heredoc_tk(*@heredoc_queue.shift)
++      elsif tk[:text].nil? # :on_ignored_nl sometimes gives nil
++        tk[:text] = ''
+       end
+     when :on_words_beg then
+       tk = get_words_tk(tk)
+diff --git a/test/rdoc/test_rdoc_parser_ruby.rb b/test/rdoc/test_rdoc_parser_ruby.rb
+index 833ed2cc74..c9d57021ce 100644
+--- a/test/rdoc/test_rdoc_parser_ruby.rb
++++ b/test/rdoc/test_rdoc_parser_ruby.rb
+@@ -306,6 +306,36 @@ def sum(n)
+     assert_equal @top_level, sum.file
+   end
+
++  def test_parse_on_ignored_nl_with_nil_text
++    util_parser <<ruby
++class Foo
++  def meth
++    variable # comment
++      .chain
++  end
++end
++ruby
++
++    expected = <<EXPECTED
++<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">meth</span>
++  <span class="ruby-identifier">variable</span> <span class="ruby-comment"># comment</span>
++    .<span class="ruby-identifier">chain</span>
++<span class="ruby-keyword">end</span>
++EXPECTED
++    expected = expected.rstrip
++
++    @parser.scan
++
++    foo = @store.find_class_named 'Foo'
++    meth = foo.method_list.first
++
++    assert_equal 'meth',     meth.name
++    assert_equal @top_level, meth.file
++
++    markup_code = meth.markup_code.sub(/^.*\n/, '')
++    assert_equal expected, markup_code
++  end
++
+   def test_parse_alias
+     klass = RDoc::NormalClass.new 'Foo'
+     klass.parent = @top_level
diff --git a/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch b/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch
new file mode 100644
index 0000000..5c7aec5
--- /dev/null
+++ b/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch
@@ -0,0 +1,73 @@
+From 8e2ed0b9d965a526b29f9dc3bff8e9fe33dae98d Mon Sep 17 00:00:00 2001
+From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Tue, 12 Apr 2022 11:49:45 +0000
+Subject: [PATCH] Fix CVE-2022-28739 Buffer overrun in str2float.
+
+CVE-2022-28739: Buffer overrun in String-to-Float conversion
+Backported from upstream Ruby 2.6.10,
+Git commit:
+https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306
+
+==== Original commit message
+
+Fix dtoa buffer overrun
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ test/ruby/test_float.rb | 18 ++++++++++++++++++
+ util.c                  |  3 ++-
+ 2 files changed, 20 insertions(+), 1 deletion(-)
+
+diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb
+index 7fabfd3..78c63c2 100644
+--- a/test/ruby/test_float.rb
++++ b/test/ruby/test_float.rb
+@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase
+       assert_raise(ArgumentError, n += z + "A") {Float(n)}
+       assert_raise(ArgumentError, n += z + ".0") {Float(n)}
+     end
++
++    x = nil
++    2000.times do
++      x = Float("0x"+"0"*30)
++      break unless x == 0.0
++    end
++    assert_equal(0.0, x, ->{"%a" % x})
++    x = nil
++    2000.times do
++      begin
++        x = Float("0x1."+"0"*270)
++      rescue ArgumentError => e
++        raise unless /"0x1\.0{270}"/ =~ e.message
++      else
++        break
++      end
++    end
++    assert_nil(x, ->{"%a" % x})
+   end
+ 
+   def test_divmod
+diff --git a/util.c b/util.c
+index 2222744..f1d910f 100644
+--- a/util.c
++++ b/util.c
+@@ -2046,6 +2046,7 @@ break2:
+ 	    if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
+ 	    if (*s == '0') {
+ 		while (*++s == '0');
++		if (!*s) goto ret;
+ 		s1 = strchr(hexdigit, *s);
+ 	    }
+ 	    if (s1 != NULL) {
+@@ -2068,7 +2069,7 @@ break2:
+ 		for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
+ 		    adj += aadj * ((s1 - hexdigit) & 15);
+ 		    if ((aadj /= 16) == 0.0) {
+-			while (strchr(hexdigit, *++s));
++			while (*++s && strchr(hexdigit, *s));
+ 			break;
+ 		    }
+ 		}
+-- 
+2.41.0
+
diff --git a/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch b/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch
new file mode 100644
index 0000000..b30dc6a
--- /dev/null
+++ b/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch
@@ -0,0 +1,328 @@
+From 8fc4b4792919c627183f4ddb6dc256aae49eb738 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Tue, 22 Nov 2022 13:48:18 +0900
+Subject: [PATCH] Fix CVE-2021-33621 HTTP response splitting in CGI.
+
+Backported from upstream Ruby, commit:
+https://github.com/ruby/ruby/commit/7cf697179dab52b0d024543304f4d3ab5fa5e847
+
+Test "CGICookieTest#test_cgi_cookie_new_with_domain" was adjusted to
+deal with Ruby 2.5 not allowing String with double splat operator.
+
+==== Original commit message
+Merge CGI-0.1.0.2
+---
+ lib/cgi/cookie.rb           | 51 ++++++++++++++++-------
+ lib/cgi/core.rb             | 45 ++++++++++++--------
+ test/cgi/test_cgi_cookie.rb | 82 +++++++++++++++++++++++++++++++++++++
+ test/cgi/test_cgi_header.rb |  8 ++++
+ 4 files changed, 154 insertions(+), 32 deletions(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 009566b..f26f015 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -40,6 +40,10 @@ class CGI
+   class Cookie < Array
+     @@accept_charset="UTF-8" unless defined?(@@accept_charset)
+ 
++    TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
++    PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
++    DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
++
+     # Create a new CGI::Cookie object.
+     #
+     # :call-seq:
+@@ -72,9 +76,8 @@ class CGI
+       @domain = nil
+       @expires = nil
+       if name.kind_of?(String)
+-        @name = name
+-        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
+-        @path = ($1 or "")
++        self.name = name
++        self.path = (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
+         @secure = false
+         @httponly = false
+         return super(value)
+@@ -85,16 +88,11 @@ class CGI
+         raise ArgumentError, "`name' required"
+       end
+ 
+-      @name = options["name"]
++      self.name = options["name"]
+       value = Array(options["value"])
+       # simple support for IE
+-      if options["path"]
+-        @path = options["path"]
+-      else
+-        %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
+-        @path = ($1 or "")
+-      end
+-      @domain = options["domain"]
++      self.path = options["path"] || (%r|\A(.*/)| =~ ENV["SCRIPT_NAME"] ? $1 : "")
++      self.domain = options["domain"]
+       @expires = options["expires"]
+       @secure = options["secure"] == true
+       @httponly = options["httponly"] == true
+@@ -102,12 +100,35 @@ class CGI
+       super(value)
+     end
+ 
+-    # Name of this cookie, as a +String+
+-    attr_accessor :name
++    attr_reader :name
++    # Set name of this cookie
++    def name=(str)
++      if str and !TOKEN_RE.match?(str)
++        raise ArgumentError, "invalid name: #{str.dump}"
++      end
++      @name = str
++    end
++
+     # Path for which this cookie applies, as a +String+
+-    attr_accessor :path
++    attr_reader :path
++    # Set path for which this cookie applies
++    def path=(str)
++      if str and !PATH_VALUE_RE.match?(str)
++        raise ArgumentError, "invalid path: #{str.dump}"
++      end
++      @path = str
++    end
++
+     # Domain for which this cookie applies, as a +String+
+-    attr_accessor :domain
++    attr_reader :domain
++    # Set domain for which this cookie applies
++    def domain=(str)
++      if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
++        raise ArgumentError, "invalid domain: #{str.dump}"
++      end
++      @domain = str
++    end
++
+     # Time at which this cookie expires, as a +Time+
+     attr_accessor :expires
+     # True if this cookie is secure; false otherwise
+diff --git a/lib/cgi/core.rb b/lib/cgi/core.rb
+index 9bd7798..7d8b223 100644
+--- a/lib/cgi/core.rb
++++ b/lib/cgi/core.rb
+@@ -188,17 +188,28 @@ class CGI
+   # Using #header with the HTML5 tag maker will create a <header> element.
+   alias :header :http_header
+ 
++  def _no_crlf_check(str)
++    if str
++      str = str.to_s
++      raise "A HTTP status or header field must not include CR and LF" if str =~ /[\r\n]/
++      str
++    else
++      nil
++    end
++  end
++  private :_no_crlf_check
++
+   def _header_for_string(content_type) #:nodoc:
+     buf = ''.dup
+     if nph?()
+-      buf << "#{$CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'} 200 OK#{EOL}"
++      buf << "#{_no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'} 200 OK#{EOL}"
+       buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
+-      buf << "Server: #{$CGI_ENV['SERVER_SOFTWARE']}#{EOL}"
++      buf << "Server: #{_no_crlf_check($CGI_ENV['SERVER_SOFTWARE'])}#{EOL}"
+       buf << "Connection: close#{EOL}"
+     end
+-    buf << "Content-Type: #{content_type}#{EOL}"
++    buf << "Content-Type: #{_no_crlf_check(content_type)}#{EOL}"
+     if @output_cookies
+-      @output_cookies.each {|cookie| buf << "Set-Cookie: #{cookie}#{EOL}" }
++      @output_cookies.each {|cookie| buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}" }
+     end
+     return buf
+   end # _header_for_string
+@@ -213,9 +224,9 @@ class CGI
+     ## NPH
+     options.delete('nph') if defined?(MOD_RUBY)
+     if options.delete('nph') || nph?()
+-      protocol = $CGI_ENV['SERVER_PROTOCOL'] || 'HTTP/1.0'
++      protocol = _no_crlf_check($CGI_ENV['SERVER_PROTOCOL']) || 'HTTP/1.0'
+       status = options.delete('status')
+-      status = HTTP_STATUS[status] || status || '200 OK'
++      status = HTTP_STATUS[status] || _no_crlf_check(status) || '200 OK'
+       buf << "#{protocol} #{status}#{EOL}"
+       buf << "Date: #{CGI.rfc1123_date(Time.now)}#{EOL}"
+       options['server'] ||= $CGI_ENV['SERVER_SOFTWARE'] || ''
+@@ -223,38 +234,38 @@ class CGI
+     end
+     ## common headers
+     status = options.delete('status')
+-    buf << "Status: #{HTTP_STATUS[status] || status}#{EOL}" if status
++    buf << "Status: #{HTTP_STATUS[status] || _no_crlf_check(status)}#{EOL}" if status
+     server = options.delete('server')
+-    buf << "Server: #{server}#{EOL}" if server
++    buf << "Server: #{_no_crlf_check(server)}#{EOL}" if server
+     connection = options.delete('connection')
+-    buf << "Connection: #{connection}#{EOL}" if connection
++    buf << "Connection: #{_no_crlf_check(connection)}#{EOL}" if connection
+     type = options.delete('type')
+-    buf << "Content-Type: #{type}#{EOL}" #if type
++    buf << "Content-Type: #{_no_crlf_check(type)}#{EOL}" #if type
+     length = options.delete('length')
+-    buf << "Content-Length: #{length}#{EOL}" if length
++    buf << "Content-Length: #{_no_crlf_check(length)}#{EOL}" if length
+     language = options.delete('language')
+-    buf << "Content-Language: #{language}#{EOL}" if language
++    buf << "Content-Language: #{_no_crlf_check(language)}#{EOL}" if language
+     expires = options.delete('expires')
+     buf << "Expires: #{CGI.rfc1123_date(expires)}#{EOL}" if expires
+     ## cookie
+     if cookie = options.delete('cookie')
+       case cookie
+       when String, Cookie
+-        buf << "Set-Cookie: #{cookie}#{EOL}"
++        buf << "Set-Cookie: #{_no_crlf_check(cookie)}#{EOL}"
+       when Array
+         arr = cookie
+-        arr.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
++        arr.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
+       when Hash
+         hash = cookie
+-        hash.each_value {|c| buf << "Set-Cookie: #{c}#{EOL}" }
++        hash.each_value {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
+       end
+     end
+     if @output_cookies
+-      @output_cookies.each {|c| buf << "Set-Cookie: #{c}#{EOL}" }
++      @output_cookies.each {|c| buf << "Set-Cookie: #{_no_crlf_check(c)}#{EOL}" }
+     end
+     ## other headers
+     options.each do |key, value|
+-      buf << "#{key}: #{value}#{EOL}"
++      buf << "#{_no_crlf_check(key)}: #{_no_crlf_check(value)}#{EOL}"
+     end
+     return buf
+   end # _header_for_hash
+diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
+index 985cc0d..7afff5e 100644
+--- a/test/cgi/test_cgi_cookie.rb
++++ b/test/cgi/test_cgi_cookie.rb
+@@ -60,6 +60,24 @@ class CGICookieTest < Test::Unit::TestCase
+   end
+ 
+ 
++  def test_cgi_cookie_new_with_domain
++    h = {'name'=>'name1', 'value'=>'value1'}
++    cookie = CGI::Cookie.new({'domain' => 'a.example.com'}.merge(h))
++    assert_equal('a.example.com', cookie.domain)
++
++    cookie = CGI::Cookie.new({'domain'=>'1.example.com'}.merge(h))
++    assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
++
++    assert_raise(ArgumentError) {
++      CGI::Cookie.new({'domain'=>'-a.example.com'}.merge(h))
++    }
++
++    assert_raise(ArgumentError) {
++      CGI::Cookie.new({'domain'=>'a-.example.com'}.merge(h))
++    }
++  end
++
++
+   def test_cgi_cookie_scriptname
+     cookie = CGI::Cookie.new('name1', 'value1')
+     assert_equal('', cookie.path)
+@@ -118,6 +136,70 @@ class CGICookieTest < Test::Unit::TestCase
+   end
+ 
+ 
++  def test_cgi_cookie_domain_injection_into_name
++    name = "a=b; domain=example.com;"
++    path = "/"
++    domain = "example.jp"
++    assert_raise(ArgumentError) do
++      CGI::Cookie.new('name' => name,
++                      'value' => "value",
++                      'domain' => domain,
++                      'path' => path)
++    end
++  end
++
++
++  def test_cgi_cookie_newline_injection_into_name
++    name = "a=b;\r\nLocation: http://example.com#"
++    path = "/"
++    domain = "example.jp"
++    assert_raise(ArgumentError) do
++      CGI::Cookie.new('name' => name,
++                      'value' => "value",
++                      'domain' => domain,
++                      'path' => path)
++    end
++  end
++
++
++  def test_cgi_cookie_multibyte_injection_into_name
++    name = "a=b;\u3042"
++    path = "/"
++    domain = "example.jp"
++    assert_raise(ArgumentError) do
++      CGI::Cookie.new('name' => name,
++                      'value' => "value",
++                      'domain' => domain,
++                      'path' => path)
++    end
++  end
++
++
++  def test_cgi_cookie_injection_into_path
++    name = "name"
++    path = "/; samesite=none"
++    domain = "example.jp"
++    assert_raise(ArgumentError) do
++      CGI::Cookie.new('name' => name,
++                      'value' => "value",
++                      'domain' => domain,
++                      'path' => path)
++    end
++  end
++
++
++  def test_cgi_cookie_injection_into_domain
++    name = "name"
++    path = "/"
++    domain = "example.jp; samesite=none"
++    assert_raise(ArgumentError) do
++      CGI::Cookie.new('name' => name,
++                      'value' => "value",
++                      'domain' => domain,
++                      'path' => path)
++    end
++  end
++
+ 
+   instance_methods.each do |method|
+     private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
+diff --git a/test/cgi/test_cgi_header.rb b/test/cgi/test_cgi_header.rb
+index bab2d03..ec2f4de 100644
+--- a/test/cgi/test_cgi_header.rb
++++ b/test/cgi/test_cgi_header.rb
+@@ -176,6 +176,14 @@ class CGIHeaderTest < Test::Unit::TestCase
+   end
+ 
+ 
++  def test_cgi_http_header_crlf_injection
++    cgi = CGI.new
++    assert_raise(RuntimeError) { cgi.http_header("text/xhtml\r\nBOO") }
++    assert_raise(RuntimeError) { cgi.http_header("type" => "text/xhtml\r\nBOO") }
++    assert_raise(RuntimeError) { cgi.http_header("status" => "200 OK\r\nBOO") }
++    assert_raise(RuntimeError) { cgi.http_header("location" => "text/xhtml\r\nBOO") }
++  end
++
+ 
+   instance_methods.each do |method|
+     private method if method =~ /^test_(.*)/ && $1 != ENV['TEST']
+-- 
+2.41.0
+
diff --git a/ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch b/ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
new file mode 100644
index 0000000..6837ab3
--- /dev/null
+++ b/ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
@@ -0,0 +1,52 @@
+From 61fb466ea0b492c990fcd2d681c08f2001d7a659 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Tue, 28 Mar 2023 17:33:19 +0900
+Subject: [PATCH] Fix CVE-2023-28755 ReDos vulnerability in URI.
+
+This patch was backported from Ruby 2.7.8
+
+Backported from upstream Ruby, commit:
+https://github.com/ruby/ruby/commit/6855779d580358a6a0b4c9ee06f20e7cae72955a
+
+===== Original commit message
+
+Merge URI-0.10.0.2
+---
+ lib/uri/rfc3986_parser.rb | 4 ++--
+ test/uri/test_parser.rb   | 7 +++++++
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
+index 8712800..ad32368 100644
+--- a/lib/uri/rfc3986_parser.rb
++++ b/lib/uri/rfc3986_parser.rb
+@@ -3,8 +3,8 @@ module URI
+   class RFC3986_Parser # :nodoc:
+     # URI defined in RFC3986
+     # this regexp is modified not to host is not empty string
+-    RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
+-    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*)@)?(?<host>(?<IP-literal>\[(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h+\.[!$&-.0-;=A-Z_a-z~]+)\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])+))?(?::(?<port>\d*))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*))*)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])+)(?:\/\g<segment>)*)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])+)(?:\/\g<segment>)*)|(?<path-empty>))(?:\?(?<query>[^#]*))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*))?)\z/
++    RFC3986_URI = /\A(?<URI>(?<scheme>[A-Za-z][+\-.0-9A-Za-z]*+):(?<hier-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:)?\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-rootless>\g<segment-nz>(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
++    RFC3986_relative_ref = /\A(?<relative-ref>(?<relative-part>\/\/(?<authority>(?:(?<userinfo>(?:%\h\h|[!$&-.0-;=A-Z_a-z~])*+)@)?(?<host>(?<IP-literal>\[(?:(?<IPv6address>(?:\h{1,4}:){6}(?<ls32>\h{1,4}:\h{1,4}|(?<IPv4address>(?<dec-octet>[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]|\d)\.\g<dec-octet>\.\g<dec-octet>\.\g<dec-octet>))|::(?:\h{1,4}:){5}\g<ls32>|\h{1,4}?::(?:\h{1,4}:){4}\g<ls32>|(?:(?:\h{1,4}:){,1}\h{1,4})?::(?:\h{1,4}:){3}\g<ls32>|(?:(?:\h{1,4}:){,2}\h{1,4})?::(?:\h{1,4}:){2}\g<ls32>|(?:(?:\h{1,4}:){,3}\h{1,4})?::\h{1,4}:\g<ls32>|(?:(?:\h{1,4}:){,4}\h{1,4})?::\g<ls32>|(?:(?:\h{1,4}:){,5}\h{1,4})?::\h{1,4}|(?:(?:\h{1,4}:){,6}\h{1,4})?::)|(?<IPvFuture>v\h++\.[!$&-.0-;=A-Z_a-z~]++))\])|\g<IPv4address>|(?<reg-name>(?:%\h\h|[!$&-.0-9;=A-Z_a-z~])++))?(?::(?<port>\d*+))?)(?<path-abempty>(?:\/(?<segment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])*+))*+)|(?<path-absolute>\/(?:(?<segment-nz>(?:%\h\h|[!$&-.0-;=@-Z_a-z~])++)(?:\/\g<segment>)*+)?)|(?<path-noscheme>(?<segment-nz-nc>(?:%\h\h|[!$&-.0-9;=@-Z_a-z~])++)(?:\/\g<segment>)*+)|(?<path-empty>))(?:\?(?<query>[^#]*+))?(?:\#(?<fragment>(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*+))?)\z/
+     attr_reader :regexp
+ 
+     def initialize
+diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
+index 757ac86..2f70559 100644
+--- a/test/uri/test_parser.rb
++++ b/test/uri/test_parser.rb
+@@ -45,4 +45,11 @@ class URI::TestParser < Test::Unit::TestCase
+       URI.parse(1)
+     end
+   end
++
++  def test_split
++    assert_equal(["http", nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("http://example.com"))
++    assert_equal(["http", nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("http://[0::0]"))
++    assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com"))
++    assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]"))
++  end
+ end
+-- 
+2.41.0
+
diff --git a/ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch b/ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
new file mode 100644
index 0000000..455d823
--- /dev/null
+++ b/ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
@@ -0,0 +1,41 @@
+From 71c37c29defeab2c98ad4291807efe12427a209f Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Tue, 29 Nov 2022 16:22:15 +0900
+Subject: [PATCH] Fix CVE-2023-28756 ReDoS vulnerability in Time.
+
+Backported from: Ruby 2.7.8
+Backported from the following commits:
+https://github.com/ruby/ruby/commit/2cb830602f52e7e76c6781115e7938b21f881c4f
+https://github.com/ruby/ruby/commit/e3f18f7d2e034f20053d7bf2fc7a50f8b7e1a27a
+
+Do not include the test case, as assert_linear_time was introduced in Ruby 2.7.
+
+==== Original commit message(s)
+
+Fix quadratic backtracking on invalid time
+
+Make RFC2822 regexp linear
+
+https://hackerone.com/reports/1485501
+---
+ lib/time.rb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/time.rb b/lib/time.rb
+index eb46a03..cb6f1e4 100644
+--- a/lib/time.rb
++++ b/lib/time.rb
+@@ -474,8 +474,8 @@ class Time
+           (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
+           (\d{2,})\s+
+           (\d{2})\s*
+-          :\s*(\d{2})\s*
+-          (?::\s*(\d{2}))?\s+
++          :\s*(\d{2})
++          (?:\s*:\s*(\d\d))?\s+
+           ([+-]\d{4}|
+            UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
+         # Since RFC 2822 permit comments, the regexp has no right anchor.
+-- 
+2.41.0
+
diff --git a/ruby-3.1.3-Fix-for-tzdata-2022g.patch b/ruby-3.1.3-Fix-for-tzdata-2022g.patch
new file mode 100644
index 0000000..12f3b6f
--- /dev/null
+++ b/ruby-3.1.3-Fix-for-tzdata-2022g.patch
@@ -0,0 +1,70 @@
+From a1124dc162810f86cb0bff58cde24064cfc561bc Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@ruby-lang.org>
+Date: Fri, 9 Dec 2022 21:11:47 +0900
+Subject: [PATCH] merge revision(s) 58cc3c9f387dcf8f820b43e043b540fa06248da3:
+ [Backport #19187]
+
+	[Bug #19187] Fix for tzdata-2022g
+
+	---
+	 test/ruby/test_time_tz.rb | 21 +++++++++++++++------
+	 1 file changed, 15 insertions(+), 6 deletions(-)
+---
+ test/ruby/test_time_tz.rb | 21 +++++++++++++++------
+ 1 files changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
+index b6785f336028d..939f218ed4d10 100644
+--- a/test/ruby/test_time_tz.rb
++++ b/test/ruby/test_time_tz.rb
+@@ -6,9 +6,9 @@ class TestTimeTZ < Test::Unit::TestCase
+   has_lisbon_tz = true
+   force_tz_test = ENV["RUBY_FORCE_TIME_TZ_TEST"] == "yes"
+   case RUBY_PLATFORM
+-  when /linux/
++  when /darwin|linux/
+     force_tz_test = true
+-  when /darwin|freebsd/
++  when /freebsd|openbsd/
+     has_lisbon_tz = false
+     force_tz_test = true
+   end
+@@ -94,6 +94,9 @@ def group_by(e, &block)
+   CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
+     Time.local(1994, 12, 31, 0, 0, 0).year == 1995
+   }
++  CORRECT_SINGAPORE_1982 = with_tz("Asia/Singapore") {
++    "2022g" if Time.local(1981, 12, 31, 23, 59, 59).utc_offset == 8*3600
++  }
+ 
+   def time_to_s(t)
+     t.to_s
+@@ -139,9 +142,12 @@ def test_america_managua
+ 
+   def test_asia_singapore
+     with_tz(tz="Asia/Singapore") {
+-      assert_time_constructor(tz, "1981-12-31 23:59:59 +0730", :local, [1981,12,31,23,59,59])
+-      assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,0,0])
+-      assert_time_constructor(tz, "1982-01-01 00:59:59 +0800", :local, [1982,1,1,0,29,59])
++      assert_time_constructor(tz, "1981-12-31 23:29:59 +0730", :local, [1981,12,31,23,29,59])
++      if CORRECT_SINGAPORE_1982
++        assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1981,12,31,23,30,00])
++        assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1982,1,1,0,0,0])
++        assert_time_constructor(tz, "1982-01-01 00:29:59 +0800", :local, [1982,1,1,0,29,59])
++      end
+       assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,30,0])
+     }
+   end
+@@ -364,8 +370,11 @@ def self.gen_zdump_test(data)
+ America/Managua  Wed Jan  1 04:59:59 1997 UTC = Tue Dec 31 23:59:59 1996 EST isdst=0 gmtoff=-18000
+ America/Managua  Wed Jan  1 05:00:00 1997 UTC = Tue Dec 31 23:00:00 1996 CST isdst=0 gmtoff=-21600
+ Asia/Singapore  Sun Aug  8 16:30:00 1965 UTC = Mon Aug  9 00:00:00 1965 SGT isdst=0 gmtoff=27000
+-Asia/Singapore  Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000
++Asia/Singapore  Thu Dec 31 15:59:59 1981 UTC = Thu Dec 31 23:29:59 1981 SGT isdst=0 gmtoff=27000
+ Asia/Singapore  Thu Dec 31 16:30:00 1981 UTC = Fri Jan  1 00:30:00 1982 SGT isdst=0 gmtoff=28800
++End
++  gen_zdump_test <<'End' if CORRECT_SINGAPORE_1982
++Asia/Singapore  Thu Dec 31 16:00:00 1981 UTC = Fri Jan  1 00:00:00 1982 SGT isdst=0 gmtoff=28800
+ End
+   gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End'
+ Asia/Tokyo  Sat May  5 14:59:59 1951 UTC = Sat May  5 23:59:59 1951 JST isdst=0 gmtoff=32400
diff --git a/ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch b/ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch
new file mode 100644
index 0000000..c2bc4ea
--- /dev/null
+++ b/ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch
@@ -0,0 +1,27 @@
+From dae843f6b7502f921a7e66f39e3714a39d860181 Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Wed, 19 Oct 2022 19:40:00 +0900
+Subject: [PATCH] Bypass git submodule add/update with git config
+ protocol.file.allow=always option.
+
+Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
+---
+ test/rubygems/test_gem_source_git.rb | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/test/rubygems/test_gem_source_git.rb b/test/rubygems/test_gem_source_git.rb
+index 5702da05974b6..c3b324771fa4d 100644
+--- a/test/rubygems/test_gem_source_git.rb
++++ b/test/rubygems/test_gem_source_git.rb
+@@ -64,6 +64,11 @@ def test_checkout_local_cached
+   end
+ 
+   def test_checkout_submodules
++    # We need to allow to checkout submodules with file:// protocol
++    # CVE-2022-39253
++    # https://lore.kernel.org/lkml/xmqq4jw1uku5.fsf@gitster.g/
++    system(@git, *%W"config --global protocol.file.allow always")
++
+     source = Gem::Source::Git.new @name, @repository, 'master', true
+ 
+     git_gem 'b'
diff --git a/ruby.spec b/ruby.spec
index b3d069f..ddb604c 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.1
 %global major_version 2
 %global minor_version 5
 %global teeny_version 9
@@ -22,9 +21,9 @@
 %endif
 
 
-%global release 110
+%global release 111
 
-%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{anolis_release}%{?dist}}
+%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
 # RubyGems should be share by all Ruby implementations.
@@ -199,19 +198,39 @@ Patch33: ruby-2.6.9-date-2.0.1-parse-length-limit.patch
 # https://github.com/ruby/ruby/commit/02c341c9bc5879eae568ed2ba02cf227ed948199
 # https://github.com/ruby/cgi/commit/84dedc6fbb2a210ec070c35bc607b89003701fa2
 Patch34: ruby-2.6.9-cgi-0.1.1-cookie-parse-not-decode-names.patch
+# Fix rdoc nil token parsing
+# https://github.com/ruby/rdoc/commit/a1631aa98a67112d96ac101c72909fdeec6f84f9
+Patch35: ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch
+# Fix Time Zone Database 2022g.
+# https://bugs.ruby-lang.org/issues/19187
+# https://github.com/ruby/ruby/commit/a1124dc162810f86cb0bff58cde24064cfc561bc
+Patch36: ruby-3.1.3-Fix-for-tzdata-2022g.patch
+# Bypass git submodule test failure on Git >= 2.38.1.
+# https://github.com/ruby/ruby/pull/6587
+Patch37: ruby-3.2.0-git-2.38.1-fix-rubygems-test.patch
+# CVE-2021-33621: HTTP response splitting in CGI.
+# Backported from:
+# https://github.com/ruby/ruby/commit/7cf697179dab52b0d024543304f4d3ab5fa5e847
+Patch38: ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch
+# Let cookies use leading dot in the domain after fixing CVE-2021-33621
+# to retain compatibility.
+# https://github.com/ruby/cgi/commit/5e09d632f3b56d85b2659ab47d5571ae9e270e10
+Patch39: rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch
+# CVE-2022-28739: Buffer overrun in String-to-Float conversion.
+# Backported from:
+# https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306
+Patch40: ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch
+# CVE-2023-28755 ReDoS vulnerability in URI.
+# Backported from:
+# https://github.com/ruby/ruby/commit/6855779d580358a6a0b4c9ee06f20e7cae72955a
+Patch41: ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
+# CVE-2023-28756 ReDoS vulnerability in Time.
+# Tests not included as assert_linear_time was introduced in Ruby 2.7.
+# Backported from:
+# https://github.com/ruby/ruby/commit/2cb830602f52e7e76c6781115e7938b21f881c4f
+# https://github.com/ruby/ruby/commit/e3f18f7d2e034f20053d7bf2fc7a50f8b7e1a27a
+Patch42: ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
 
-# Begin: Anolis OS customized
-# Fix lchmod test failures.
-# refer url: https://src.fedoraproject.org/rpms/ruby/c/79683d7d629de74dbcefe8cce68d51ec1eb1da01?branch=rawhide
-# https://github.com/ruby/ruby/commit/a19228f878d955eaf2cce086bcf53f46fdf894b9
-Patch1000: 1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
-# https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
-Patch1001: 1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
-# Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
-# https://bugs.ruby-lang.org/issues/16492
-# refer url: https://src.fedoraproject.org/rpms/ruby/c/4979be53acdcfd0d6021c4f209403c2e88fae58e?branch=rawhide
-Patch1002: 1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
-# End: Anolis OS customized
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -616,9 +635,14 @@ sed -i 's/"evaluation\/incorrect_words.yaml"\.freeze, //' \
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
-%patch1000 -p1
-%patch1001 -p1
-%patch1002 -p1
+%patch35 -p1
+%patch36 -p1
+%patch37 -p1
+%patch38 -p1
+%patch39 -p1
+%patch40 -p1
+%patch41 -p1
+%patch42 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1171,12 +1195,19 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
 
 %changelog
-* Tue Aug 02 2022 Weitao Zhou <zhouwt@linux.alibaba.com> - 2.5.9-110.0.1
-- Fix FTBFS due to glibc 2.31.9000 implementing lchmod(2), compatible with glibc2.28 also
-  * Patch: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
-  * Patch: ruby-2.8.0-Moved-not-implemented-method-tests.patch
-- Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
-  * Patch: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
+* Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111
+- Fix HTTP response splitting in CGI.
+  Resolves: CVE-2021-33621
+- Fix Buffer overrun in String-to-Float conversion.
+  Resolves: CVE-2022-28739
+- Fix ReDoS vulnerability in URI.
+  Resolves: CVE-2023-28755
+- Fix ReDoS vulnerability in Time.
+  Resolves: CVE-2023-28756
+
+* Thu May 25 2023 Todd Zullinger <tmz@pobox.com> - 2.5.9-111
+- Fix rdoc parsing of nil text tokens.
+  Resolves: rhbz#2210326
 
 * Fri Jul 08 2022 Jun Aruga <jaruga@redhat.com> - 2.5.9-110
 - Fix FTBFS due to an incompatible load directive.
diff --git a/rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch b/rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch
new file mode 100644
index 0000000..27da373
--- /dev/null
+++ b/rubygem-cgi-0.3.6-Loosen-the-domain-regex-to-accept-dot.patch
@@ -0,0 +1,41 @@
+From 5e09d632f3b56d85b2659ab47d5571ae9e270e10 Mon Sep 17 00:00:00 2001
+From: Xenor Chang <tubaxenor@gmail.com>
+Date: Mon, 28 Nov 2022 12:34:06 +0800
+Subject: [PATCH] Loosen the domain regex to accept '.' (#29)
+
+* Loosen the domain regex to accept '.'
+
+Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+---
+ lib/cgi/cookie.rb           | 2 +-
+ test/cgi/test_cgi_cookie.rb | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
+index 1a9c1a8..9498e2f 100644
+--- a/lib/cgi/cookie.rb
++++ b/lib/cgi/cookie.rb
+@@ -42,7 +42,7 @@ class Cookie < Array
+
+     TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
+     PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
+-    DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
++    DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
+
+     # Create a new CGI::Cookie object.
+     #
+diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
+index 6d31932..eadae45 100644
+--- a/test/cgi/test_cgi_cookie.rb
++++ b/test/cgi/test_cgi_cookie.rb
+@@ -65,6 +65,9 @@ class CGICookieTest < Test::Unit::TestCase
+     cookie = CGI::Cookie.new({'domain' => 'a.example.com'}.merge(h))
+     assert_equal('a.example.com', cookie.domain)
+
++    cookie = CGI::Cookie.new(h.merge('domain'=>'.example.com'))
++    assert_equal('.example.com', cookie.domain)
++
+     cookie = CGI::Cookie.new({'domain'=>'1.example.com'}.merge(h))
+     assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
+
-- 
Gitee


From 6ffbe48e72aaa609914d62010e01f20dc9a2fd3f Mon Sep 17 00:00:00 2001
From: ZhouWeitao <zhouwt@linux.alibaba.com>
Date: Thu, 13 Jan 2022 14:11:40 +0800
Subject: [PATCH 2/3] Fix FTBFS due to glibc 2.31.9000 implementing lchmod(2),
 compatible with glibc2.28 also

  - Patch: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
  - Patch: ruby-2.8.0-Moved-not-implemented-method-tests.patch

refer url:
https://src.fedoraproject.org/rpms/ruby/c/79683d7d629de74dbcefe8cce68d51ec1eb1da01?branch=rawhide

Signed-off-by: ZhouWeitao <zhouwt@linux.alibaba.com>
---
 ...-the-fact-that-lchmod-can-EOPNOTSUPP.patch |  91 +++++++++++++
 ...0-Moved-not-implemented-method-tests.patch | 128 ++++++++++++++++++
 ruby.spec                                     |  19 ++-
 3 files changed, 237 insertions(+), 1 deletion(-)
 create mode 100644 1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
 create mode 100644 1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch

diff --git a/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch b/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
new file mode 100644
index 0000000..42f47a9
--- /dev/null
+++ b/1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
@@ -0,0 +1,91 @@
+From 29d9f866f686e81818fb9cf402c4fb479decb282 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=E5=8D=9C=E9=83=A8=E6=98=8C=E5=B9=B3?=
+ <shyouhei@ruby-lang.org>
+Date: Thu, 23 Jan 2020 15:33:42 +0900
+Subject: [PATCH 1/2] brace the fact that lchmod(2) can EOPNOTSUPP
+
+Musl libc has this function as a tiny wrapper of fchmodat(3posix).  On
+the other hand Linux kernel does not support changing modes of a symlink.
+The operation always fails with EOPNOTSUPP.  This fchmodat behaviour is
+defined in POSIX.  We have to take care of such exceptions.
+---
+ lib/fileutils.rb               |  3 ++-
+ test/pathname/test_pathname.rb |  2 +-
+ test/ruby/test_notimp.rb       | 19 ++++++++++++-------
+ 3 files changed, 15 insertions(+), 9 deletions(-)
+
+diff --git a/lib/fileutils.rb b/lib/fileutils.rb
+index f56d7f9cb9..1a02d5435e 100644
+--- a/lib/fileutils.rb
++++ b/lib/fileutils.rb
+@@ -1242,6 +1242,7 @@ def chmod(mode)
+       else
+         File.chmod mode, path()
+       end
++    rescue Errno::EOPNOTSUPP
+     end
+ 
+     def chown(uid, gid)
+@@ -1317,7 +1318,7 @@ def copy_metadata(path)
+       if st.symlink?
+         begin
+           File.lchmod mode, path
+-        rescue NotImplementedError
++        rescue NotImplementedError, Errno::EOPNOTSUPP
+         end
+       else
+         File.chmod mode, path
+diff --git a/test/pathname/test_pathname.rb b/test/pathname/test_pathname.rb
+index 8a72b8026d..e381d3fa58 100644
+--- a/test/pathname/test_pathname.rb
++++ b/test/pathname/test_pathname.rb
+@@ -823,7 +823,7 @@ def test_lchmod
+       old = path.lstat.mode
+       begin
+         path.lchmod(0444)
+-      rescue NotImplementedError
++      rescue NotImplementedError, Errno::EOPNOTSUPP
+         next
+       end
+       assert_equal(0444, path.lstat.mode & 0777)
+diff --git a/test/ruby/test_notimp.rb b/test/ruby/test_notimp.rb
+index ddebb657bf..daa5a82d7b 100644
+--- a/test/ruby/test_notimp.rb
++++ b/test/ruby/test_notimp.rb
+@@ -13,11 +13,11 @@ def test_respond_to_fork
+ 
+   def test_respond_to_lchmod
+     assert_include(File.methods, :lchmod)
+-    if /linux/ =~ RUBY_PLATFORM
+-      assert_equal(false, File.respond_to?(:lchmod))
+-    end
+-    if /freebsd/ =~ RUBY_PLATFORM
++    case RUBY_PLATFORM
++    when /freebsd/, /linux-musl/
+       assert_equal(true, File.respond_to?(:lchmod))
++    when /linux/
++      assert_equal(false, File.respond_to?(:lchmod))
+     end
+   end
+ 
+@@ -57,9 +57,14 @@ def test_call_lchmod
+         File.open(f, "w") {}
+         File.symlink f, g
+         newmode = 0444
+-        File.lchmod newmode, "#{d}/g"
+-        snew = File.lstat(g)
+-        assert_equal(newmode, snew.mode & 0777)
++        begin
++          File.lchmod newmode, "#{d}/g"
++        rescue Errno::EOPNOTSUPP
++          skip $!
++        else
++          snew = File.lstat(g)
++          assert_equal(newmode, snew.mode & 0777)
++        end
+       }
+     end
+   end
+-- 
+2.26.2
+
diff --git a/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch b/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
new file mode 100644
index 0000000..72d09bc
--- /dev/null
+++ b/1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
@@ -0,0 +1,128 @@
+From 5400fc3c67446e2f7f35ea317c596e71f0cb1ca4 Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Fri, 28 Feb 2020 21:15:37 +0900
+Subject: [PATCH 2/2] Moved not-implemented method tests [Bug #16662]
+
+Test not-implemented method with the dedicated methods, instead of
+platform dependent features.
+---
+ test/-ext-/test_notimplement.rb |  7 +++
+ test/ruby/test_notimp.rb        | 90 ---------------------------------
+ 2 files changed, 7 insertions(+), 90 deletions(-)
+ delete mode 100644 test/ruby/test_notimp.rb
+
+diff --git a/test/-ext-/test_notimplement.rb b/test/-ext-/test_notimplement.rb
+index 0eba7bdaf8..be8c3623cc 100644
+--- a/test/-ext-/test_notimplement.rb
++++ b/test/-ext-/test_notimplement.rb
+@@ -10,6 +10,11 @@ def test_funcall_notimplement
+   end
+ 
+   def test_respond_to
++    assert_include(Bug.methods(false), :notimplement)
+     assert_not_respond_to(Bug, :notimplement)
+   end
++
++  def test_method_inspect_notimplement
++    assert_match(/not-implemented/, Bug.method(:notimplement).inspect)
++  end
+ end
+diff --git a/test/ruby/test_notimp.rb b/test/ruby/test_notimp.rb
+deleted file mode 100644
+index daa5a82d7b..0000000000
+--- a/test/ruby/test_notimp.rb
++++ /dev/null
+@@ -1,90 +0,0 @@
+-# frozen_string_literal: false
+-require 'test/unit'
+-require 'timeout'
+-require 'tmpdir'
+-
+-class TestNotImplement < Test::Unit::TestCase
+-  def test_respond_to_fork
+-    assert_include(Process.methods, :fork)
+-    if /linux/ =~ RUBY_PLATFORM
+-      assert_equal(true, Process.respond_to?(:fork))
+-    end
+-  end
+-
+-  def test_respond_to_lchmod
+-    assert_include(File.methods, :lchmod)
+-    case RUBY_PLATFORM
+-    when /freebsd/, /linux-musl/
+-      assert_equal(true, File.respond_to?(:lchmod))
+-    when /linux/
+-      assert_equal(false, File.respond_to?(:lchmod))
+-    end
+-  end
+-
+-  def test_call_fork
+-    GC.start
+-    pid = nil
+-    ps =
+-      case RUBY_PLATFORM
+-      when /linux/ # assume Linux Distribution uses procps
+-        proc {`ps -eLf #{pid}`}
+-      when /freebsd/
+-        proc {`ps -lH #{pid}`}
+-      when /darwin/
+-        proc {`ps -lM #{pid}`}
+-      else
+-        proc {`ps -l #{pid}`}
+-      end
+-    assert_nothing_raised(Timeout::Error, ps) do
+-      Timeout.timeout(EnvUtil.apply_timeout_scale(5)) {
+-        pid = fork {}
+-        Process.wait pid
+-        pid = nil
+-      }
+-    end
+-  ensure
+-    if pid
+-      Process.kill(:KILL, pid)
+-      Process.wait pid
+-    end
+-  end if Process.respond_to?(:fork)
+-
+-  def test_call_lchmod
+-    if File.respond_to?(:lchmod)
+-      Dir.mktmpdir {|d|
+-        f = "#{d}/f"
+-        g = "#{d}/g"
+-        File.open(f, "w") {}
+-        File.symlink f, g
+-        newmode = 0444
+-        begin
+-          File.lchmod newmode, "#{d}/g"
+-        rescue Errno::EOPNOTSUPP
+-          skip $!
+-        else
+-          snew = File.lstat(g)
+-          assert_equal(newmode, snew.mode & 0777)
+-        end
+-      }
+-    end
+-  end
+-
+-  def test_method_inspect_fork
+-    m = Process.method(:fork)
+-    if Process.respond_to?(:fork)
+-      assert_not_match(/not-implemented/, m.inspect)
+-    else
+-      assert_match(/not-implemented/, m.inspect)
+-    end
+-  end
+-
+-  def test_method_inspect_lchmod
+-    m = File.method(:lchmod)
+-    if File.respond_to?(:lchmod)
+-      assert_not_match(/not-implemented/, m.inspect)
+-    else
+-      assert_match(/not-implemented/, m.inspect)
+-    end
+-  end
+-
+-end
+-- 
+2.26.2
+
diff --git a/ruby.spec b/ruby.spec
index ddb604c..ca2ceb3 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -1,3 +1,4 @@
+%define anolis_release .0.1
 %global major_version 2
 %global minor_version 5
 %global teeny_version 9
@@ -23,7 +24,7 @@
 
 %global release 111
 
-%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
+%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{anolis_release}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
 # RubyGems should be share by all Ruby implementations.
@@ -232,6 +233,15 @@ Patch41: ruby-2.7.8-Fix-CVE-2023-28755-ReDos-vulnerability-in-URI.patch
 Patch42: ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
 
 
+# Begin: Anolis OS customized
+# Fix lchmod test failures.
+# refer url: https://src.fedoraproject.org/rpms/ruby/c/79683d7d629de74dbcefe8cce68d51ec1eb1da01?branch=rawhide
+# https://github.com/ruby/ruby/commit/a19228f878d955eaf2cce086bcf53f46fdf894b9
+Patch1000: 1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
+# https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
+Patch1001: 1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
+# End: Anolis OS customized
+
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
 Recommends: ruby(rubygems) >= %{rubygems_version}
@@ -643,6 +653,8 @@ sed -i 's/"evaluation\/incorrect_words.yaml"\.freeze, //' \
 %patch40 -p1
 %patch41 -p1
 %patch42 -p1
+%patch1000 -p1
+%patch1001 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1195,6 +1207,11 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
 
 %changelog
+* Thu Dec 14 2023 Weitao Zhou <zhouwt@linux.alibaba.com> - 2.5.9-111.0.1
+- Fix FTBFS due to glibc 2.31.9000 implementing lchmod(2), compatible with glibc2.28 also
+  * Patch: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
+  * Patch: ruby-2.8.0-Moved-not-implemented-method-tests.patch
+
 * Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111
 - Fix HTTP response splitting in CGI.
   Resolves: CVE-2021-33621
-- 
Gitee


From 5a0469902c7b247ca7b9bc7ca15d6c7970371b4b Mon Sep 17 00:00:00 2001
From: ZhouWeitao <zhouwt@linux.alibaba.com>
Date: Thu, 13 Jan 2022 14:58:38 +0800
Subject: [PATCH 3/3] Avoid possible timeout errors in
 TestBugReporter#test_bug_reporter_add.

 - Patch: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch

refer url:
https://src.fedoraproject.org/rpms/ruby/c/4979be53acdcfd0d6021c4f209403c2e88fae58e?branch=rawhide

Signed-off-by: ZhouWeitao <zhouwt@linux.alibaba.com>
---
 ..._bug_reporter_add-witout-raising-err.patch | 34 +++++++++++++++++++
 ruby.spec                                     |  7 ++++
 2 files changed, 41 insertions(+)
 create mode 100644 1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch

diff --git a/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch b/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
new file mode 100644
index 0000000..b7ea046
--- /dev/null
+++ b/1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
@@ -0,0 +1,34 @@
+From 9b42fce32bff25e0569581f76f532b9d57865aef Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
+Date: Mon, 27 Jul 2020 14:56:05 +0200
+Subject: [PATCH] Timeout the test_bug_reporter_add witout raising error.
+
+While timeouting the threads might be still good idea, it does not seems
+the timeout impacts the TestBugReporter#test_bug_reporter_add result,
+because the output of the child process has been already collected
+earlier.
+
+It seems that when the system is under heavy load, the thread might not
+be sheduled to finish its processing. Even finishing the child process
+might take tens of seconds and therefore the test case finish might take
+a while.
+---
+ test/-ext-/bug_reporter/test_bug_reporter.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/-ext-/bug_reporter/test_bug_reporter.rb b/test/-ext-/bug_reporter/test_bug_reporter.rb
+index 628fcd0340..2c677cc8a7 100644
+--- a/test/-ext-/bug_reporter/test_bug_reporter.rb
++++ b/test/-ext-/bug_reporter/test_bug_reporter.rb
+@@ -17,7 +17,7 @@ def test_bug_reporter_add
+     args = ["--disable-gems", "-r-test-/bug_reporter",
+             "-C", tmpdir]
+     stdin = "register_sample_bug_reporter(12345); Process.kill :SEGV, $$"
+-    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT")
++    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT", timeout_error: nil)
+   ensure
+     FileUtils.rm_rf(tmpdir) if tmpdir
+   end
+-- 
+2.27.0
+
diff --git a/ruby.spec b/ruby.spec
index ca2ceb3..6bee53a 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -240,6 +240,10 @@ Patch42: ruby-2.7.8-Fix-CVE-2023-28756-ReDoS-vulnerability-in-Time.patch
 Patch1000: 1000-ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
 # https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
 Patch1001: 1001-ruby-2.8.0-Moved-not-implemented-method-tests.patch
+# Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
+# https://bugs.ruby-lang.org/issues/16492
+# refer url: https://src.fedoraproject.org/rpms/ruby/c/4979be53acdcfd0d6021c4f209403c2e88fae58e?branch=rawhide
+Patch1002: 1002-ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
 # End: Anolis OS customized
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
@@ -655,6 +659,7 @@ sed -i 's/"evaluation\/incorrect_words.yaml"\.freeze, //' \
 %patch42 -p1
 %patch1000 -p1
 %patch1001 -p1
+%patch1002 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1211,6 +1216,8 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
 - Fix FTBFS due to glibc 2.31.9000 implementing lchmod(2), compatible with glibc2.28 also
   * Patch: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
   * Patch: ruby-2.8.0-Moved-not-implemented-method-tests.patch
+- Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
+  * Patch: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
 
 * Mon Jun 12 2023 Jarek Prokop <jprokop@redhat.com> - 2.5.9-111
 - Fix HTTP response splitting in CGI.
-- 
Gitee