Upgrade to Ruby 4.0.1.

Resolves: rhbz#2428861

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,3 +1,6 @@
 /*/
 /ruby-*.tar.xz
+/rexml-*.gem
 /*.rpm
+
+!/plans/

macros.rubygems

@@ -2,14 +2,55 @@
 %gem_dir %{_datadir}/gems
 %gem_archdir %{_libdir}/gems
 
+# %gem_prerelease - Provides prerelease string if available.
+#
+# Usage: %gem_prerelease [custom_gem_name]
+#
+# If avilable, prints prerelease string, which is a %prerelease macro by
+# default. When [custom_gem_name] is provided, the custom_gem_name is used to
+# derive %custom_gem_name_prerelease macro, which can be predefined.
+#
+# Please note that for the prerelease macros are the dashes in
+# [custom_gem_name] replaced by underscores.
+#
+%gem_prerelease() %{?1:%{expand:%%{?%{gsub %{1} - _}_prerelease}}}%{!?1:%{?prerelease}}
+
+# %gem_version - Provides version string (including prerelease if available).
+#
+# Usage: %gem_version [custom_gem_name]
+#
+# Prints version (including prerelease string), that is %version macro by
+# default. When [custom_gem_name] is provided, the custom_gem_name is used to
+# derive %custom_gem_name_version macro which needs to be predefined.
+#
+# Please note that for the version macros are the dashes in [custom_gem_name]
+# replaced by underscores.
+#
+%gem_version() %{?1:%{expand:%{%{gsub %{1} - _}_version}}}%{!?1:%{version}}%{gem_prerelease %{?1}}
+
+# %gem_name_version - Provides gem_name-version string.
+#
+# Usage: %gem_name_version [custom_gem_name]
+#
+# Prints gem_name-version string, by default joining %gem_name, %version and
+# %prerelease macros. When [custom_gem_name] is provided, the
+# custom_gem_name is joined with version as provided by %gem_version macro.
+#
+%gem_name_version() %{?1}%{!?1:%{gem_name}}-%{gem_version %{?1}}
+
 # Common gem locations and files.
-%gem_instdir %{gem_dir}/gems/%{gem_name}-%{version}%{?prerelease}
-%gem_extdir_mri %{gem_archdir}/%{name}/%{gem_name}-%{version}%{?prerelease}
-%gem_libdir %{gem_instdir}/lib
-%gem_cache %{gem_dir}/cache/%{gem_name}-%{version}%{?prerelease}.gem
-%gem_spec %{gem_dir}/specifications/%{gem_name}-%{version}%{?prerelease}.gemspec
-%gem_docdir %{gem_dir}/doc/%{gem_name}-%{version}%{?prerelease}
-%gem_plugin %{gem_dir}/plugins/%{gem_name}_plugin.rb
+#
+# These macros leverages %gem_name_version macro and accepts custom gem_name.
+#
+# -d                 Use default gem install location.
+#
+%gem_instdir() %{gem_dir}/gems/%{gem_name_version %{?1}}
+%gem_extdir_mri() %{gem_archdir}/%{name}/%{gem_name_version %{?1}}
+%gem_libdir() %{gem_instdir %{?1}}/lib
+%gem_cache() %{gem_dir}/cache/%{gem_name_version %{?1}}.gem
+%gem_spec(d) %{gem_dir}/specifications%{?-d:/default}/%{gem_name_version %{?1}}.gemspec
+%gem_docdir() %{gem_dir}/doc/%{gem_name_version %{?1}}
+%gem_plugin() %{gem_dir}/plugins/%{?1}%{!?1:%{gem_name}}_plugin.rb
 
 
 # %gem_install - Install gem into appropriate directory.

operating_system.rb

@@ -87,41 +87,51 @@ module Gem
     # Remove methods we are going to override. This avoids "method redefined;"
     # warnings otherwise issued by Ruby.
 
-    remove_method :operating_system_defaults if method_defined? :operating_system_defaults
     remove_method :default_dir if method_defined? :default_dir
+    remove_method :default_specifications_dir if method_defined? :default_specifications_dir
     remove_method :default_path if method_defined? :default_path
+    remove_method :default_bindir if method_defined? :default_bindir
     remove_method :default_ext_dir_for if method_defined? :default_ext_dir_for
 
-    ##
-    # Regular user installs into user directory, root manages /usr/local.
-
-    def operating_system_defaults
-      unless opt_build_root?
-        options = if Process.uid == 0
-          "--install-dir=#{Gem.default_dirs[:local][:gem_dir]} --bindir #{Gem.default_dirs[:local][:bin_dir]}"
-        else
-          "--user-install --bindir #{File.join [Dir.home, 'bin']}"
-        end
-
-        {"gem" => options}
-      else
-        {}
-      end
-    end
-
     ##
     # RubyGems default overrides.
 
     def default_dir
-      Gem.default_dirs[:system][:gem_dir]
+      if opt_build_root?
+        Gem.default_dirs[:system][:gem_dir]
+      elsif Process.uid == 0
+        Gem.default_dirs[:local][:gem_dir]
+      else
+        Gem.user_dir
+      end
     end
 
+    ##
+    # Path to specification files of default gems.
+
+    def default_specifications_dir
+      @default_specifications_dir ||= File.join(Gem.default_dirs[:system][:gem_dir], "specifications", "default")
+    end
+
+    ##
+    # Default gem load path
+
     def default_path
       path = default_dirs.collect {|location, paths| paths[:gem_dir]}
       path.unshift Gem.user_dir if File.exist? Gem.user_home
       path
     end
 
+    def default_bindir
+      if opt_build_root?
+        Gem.default_dirs[:system][:bin_dir]
+      elsif Process.uid == 0
+        Gem.default_dirs[:local][:bin_dir]
+      else
+        File.join [Dir.home, 'bin']
+      end
+    end
+
     def default_ext_dir_for base_dir
       dir = if rpmbuild?
         build_dir = base_dir.chomp Gem.default_dirs[:system][:gem_dir]

plans/all.fmf

@@ -0,0 +1,6 @@
+summary: Test plan with all Fedora tests
+discover:
+   how: fmf
+   url: https://src.fedoraproject.org/tests/ruby.git
+execute:
+   how: tmt

rdoc-pr1531-fix-mutilple-document-installation.patch

@@ -0,0 +1,28 @@
+From 994ee4c17fb8c217ab0335df55620c6bdb5d5cbe Mon Sep 17 00:00:00 2001
+From: tompng <tomoyapenguin@gmail.com>
+Date: Fri, 26 Dec 2025 04:57:12 +0900
+Subject: [PATCH] Fix comment_location for merged ClassModule
+
+---
+ lib/rdoc/code_object/class_module.rb       | 7 ++++++-
+ test/rdoc/code_object/class_module_test.rb | 6 ++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/lib/rdoc/code_object/class_module.rb b/lib/rdoc/code_object/class_module.rb
+index b6bed352a2..d7ee36f950 100644
+--- a/lib/rdoc/code_object/class_module.rb
++++ b/lib/rdoc/code_object/class_module.rb
+@@ -477,7 +477,12 @@ def merge(class_module)
+       document = document.merge other_document
+ 
+       @comment = RDoc::Comment.from_document(document)
+-      @comment_location = document
++
++      @comment_location = if document.parts.first.is_a?(RDoc::Markup::Document)
++                            document.parts.map { |doc| [doc, doc.file] }
++                          else
++                            [[document, document.file]]
++                          end
+     end
+ 
+     cm = class_module

rpm_test_helper.rb

@@ -0,0 +1,166 @@
+require 'tmpdir'
+require 'tempfile'
+require 'fileutils'
+# Available in Ruby upstream sources under tool/lib/envutil.rb
+# Required for finding and setting up the built ruby binary.
+require 'envutil'
+
+module RPMTestHelper
+  def setup
+    @tmpdir = Dir.mktmpdir
+    @tempfiles = []
+  end
+
+  def teardown
+    @tempfiles.each do |file|
+      file.close
+      file.unlink
+    end
+
+    FileUtils.rmtree(@tmpdir)
+  end
+
+  GENERATOR_SCRIPT = ENV['GENERATOR_SCRIPT'].clone.freeze
+  if GENERATOR_SCRIPT.nil? || GENERATOR_SCRIPT == ''
+    raise "GENERATOR_SCRIPT is not specified." \
+      "Specify the ENV variable with absolute path to the generator."
+  end
+
+  Dependency = Struct.new('Dependency', :name, :requirements) do
+    def to_rpm_str
+      "rubygem(#{self.name})"
+    end
+  end
+
+  def make_gemspec(gem_info)
+    file = Tempfile.new('req_gemspec', @tmpdir)
+    # Fake gemspec with enough to pass most checks
+    # Rubygems uses to validate the format.
+    gemspec_contents = <<~EOF
+      # -*- encoding: utf-8 -*-
+      # stub: #{gem_info.name} #{gem_info.version} ruby lib
+
+      Gem::Specification.new do |s|
+        s.name = "#{gem_info.name}".freeze
+        s.version = "#{gem_info.version}"
+
+        s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
+        s.require_paths = ["lib".freeze]
+        s.authors = ["John Doe".freeze]
+        s.bindir = "bin".freeze
+        s.date = "2023-12-15"
+        s.description = "Fake gemspec helper for testing Rubygem Generators".freeze
+        s.email = ["example@example.com".freeze]
+        s.files = ["LICENSE.txt".freeze, "lib/#{gem_info.name}.rb".freeze, "#{gem_info.name}.gemspec".freeze]
+        s.homepage = "https://pkgs.fedoraproject.org/rpms/ruby".freeze
+        s.licenses = ["MIT".freeze]
+        s.required_ruby_version = Gem::Requirement.new(">= 2.5.0".freeze)
+        s.rubygems_version = "3.3.5".freeze
+        s.summary = "Fake gemspec for testing Rubygem Generators".freeze
+
+        if s.respond_to? :specification_version then
+          s.specification_version = 4
+        end
+
+        if s.respond_to? :add_runtime_dependency then
+          #{gem_info.gemspec_runtime_dep_str}
+        else
+          #{gem_info.gemspec_dep_str}
+        end
+      end
+    EOF
+
+    file.write gemspec_contents
+    file.rewind
+    @tempfiles << file
+    file
+  end
+
+  # Caller is expected to close subprocess stdin via #close_write
+  # in order to let subprocess proceed if the process is reading
+  # from STDIN in a loop.
+  def rb_subprocess(*args)
+    args = [GENERATOR_SCRIPT] if args.empty?
+    ruby = EnvUtil.rubybin
+    f = IO.popen([ruby] + args, 'r+') #, external_encoding: external_encoding)
+    yield(f)
+  ensure
+    f.close unless !f || f.closed?
+  end
+
+  def run_generator_single_file(gem_info)
+    lines = []
+    gemspec_f = make_gemspec(gem_info)
+
+    rb_subprocess do |io|
+      io.write gemspec_f.path
+      io.close_write
+      lines = io.readlines
+    end
+
+    lines
+  end
+
+  def helper_rubygems_dependency
+    "ruby(rubygems)"
+  end
+
+  class GemInfo
+    attr_accessor :name, :version, :dependencies
+
+    def initialize(name: 'foo', version: '1.2.3', dependencies: [])
+      @name = name
+      @version = version
+      @dependencies = dependencies
+    end
+
+    def dependencies=(other)
+      raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Expected array of `Dependency' elements" \
+        unless other.is_a?(Array) && other.all? { |elem| elem.respond_to?(:name) && elem.respond_to?(:requirements) }
+
+      @dependencies = other
+    end
+
+    def to_rpm_str
+      "rubygem(#{self.name})"
+    end
+
+    def gemspec_dep_str
+      return '' if self.dependencies.nil? || self.dependencies.empty?
+      @dependencies.inject("") do |memo, dep|
+        memo += if dep.requirements && !dep.requirements.empty?
+                  %Q|s.add_dependency(%q<#{dep.name}>.freeze, #{handle_dep_requirements(dep.requirements)})|
+                else
+                  %Q|s.add_dependency(%q<#{dep.name}>.freeze)|
+                end
+
+        memo += "\n"
+      end
+    end
+
+    def gemspec_runtime_dep_str
+      return '' if self.dependencies.nil? || self.dependencies.empty?
+
+      @dependencies.inject("") do |memo, dep|
+        memo += if dep.requirements && !dep.requirements.empty?
+                  %Q|s.add_runtime_dependency(%q<#{dep.name}>.freeze, #{handle_dep_requirements(dep.requirements)})|
+                else
+                  %Q|s.add_runtime_dependency(%q<#{dep.name}>.freeze)|
+                end
+
+        memo += "\n"
+      end
+    end
+
+    private
+
+    def handle_dep_requirements(reqs)
+      raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Reqs must be an array." \
+        unless reqs.is_a? Array
+      raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Reqs must not be empty for this method." \
+        if reqs.empty?
+
+      '[ "' + reqs.join('", "') + '" ]'
+    end
+  end
+end

ruby-1.9.3-mkmf-verbose.patch

@@ -1,25 +0,0 @@
-From 28cc0749d6729aa2444661ee7b411e183fe220b0 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Mon, 19 Nov 2012 15:14:51 +0100
-Subject: [PATCH] Verbose mkmf.
-
----
- lib/mkmf.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/mkmf.rb b/lib/mkmf.rb
-index 682eb46..e6b1445 100644
---- a/lib/mkmf.rb
-+++ b/lib/mkmf.rb
-@@ -1930,7 +1930,7 @@ def configuration(srcdir)
- SHELL = /bin/sh
- 
- # V=0 quiet, V=1 verbose.  other values don't work.
--V = 0
-+V = 1
- Q1 = $(V:1=)
- Q = $(Q1:0=@)
- ECHO1 = $(V:1=@ #{CONFIG['NULLCMD']})
--- 
-1.8.3.1
-

ruby-2.1.0-Enable-configuration-of-archlibdir.patch

@@ -1,4 +1,4 @@
-From 07c666ba5c3360dd6f43605a8ac7c85c99c1721f Mon Sep 17 00:00:00 2001
+From e1293f665128b0d9c5bfa0b5beeab4afebf07e6a Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Tue, 1 Oct 2013 12:22:40 +0200
 Subject: [PATCH] Allow to configure libruby.so placement.
@@ -8,10 +8,10 @@ Subject: [PATCH] Allow to configure libruby.so placement.
  1 file changed, 5 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index d261ea57b5..3c13076b82 100644
+index a64358fada..b3bdfad1eb 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3240,6 +3240,11 @@ AS_IF([test ${multiarch+set}], [
+@@ -3556,6 +3556,11 @@ AS_IF([test ${multiarch+set}], [
  ])
  
  archlibdir='${libdir}/${arch}'
@@ -23,6 +23,3 @@ index d261ea57b5..3c13076b82 100644
  sitearchlibdir='${libdir}/${sitearch}'
  archincludedir='${includedir}/${arch}'
  sitearchincludedir='${includedir}/${sitearch}'
--- 
-2.22.0
-

ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch

@@ -1,4 +1,4 @@
-From e24d97c938c481450ed80ec83e5399595946c1ae Mon Sep 17 00:00:00 2001
+From 6062f4976c5b51f8b952b9f6745175be7b1c5ff9 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Fri, 8 Feb 2013 22:48:41 +0100
 Subject: [PATCH] Prevent duplicated paths when empty version string is
@@ -11,10 +11,10 @@ Subject: [PATCH] Prevent duplicated paths when empty version string is
  3 files changed, 15 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index c42436c23d..d261ea57b5 100644
+index 2bc5153141..a64358fada 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3881,7 +3881,8 @@ AS_CASE(["$ruby_version_dir_name"],
+@@ -4472,7 +4472,8 @@ AS_CASE(["$ruby_version_dir_name"],
  ruby_version_dir=/'${ruby_version_dir_name}'
  
  if test -z "${ruby_version_dir_name}"; then
@@ -25,7 +25,7 @@ index c42436c23d..d261ea57b5 100644
  
  rubylibdir='${rubylibprefix}'${ruby_version_dir}
 diff --git a/loadpath.c b/loadpath.c
-index 9160031..0d4d953 100644
+index b8969e6998..bbfd4daa78 100644
 --- a/loadpath.c
 +++ b/loadpath.c
 @@ -65,21 +65,33 @@ const char ruby_initial_load_paths[] =
@@ -63,7 +63,7 @@ index 9160031..0d4d953 100644
  
      RUBY_LIB "\0"
 diff --git a/tool/mkconfig.rb b/tool/mkconfig.rb
-index 07076d4..35e6c3c 100755
+index db74115730..2b01796abf 100755
 --- a/tool/mkconfig.rb
 +++ b/tool/mkconfig.rb
 @@ -114,7 +114,7 @@
@@ -75,6 +75,3 @@ index 07076d4..35e6c3c 100755
      when /^ARCH_FLAG$/
        val = "arch_flag || #{val}" if universal
      when /^UNIVERSAL_ARCHNAMES$/
--- 
-1.9.0
-

ruby-2.1.0-always-use-i386.patch

@@ -1,4 +1,4 @@
-From 2089cab72b38d6d5e7ba2b596e41014209acad30 Mon Sep 17 00:00:00 2001
+From 9e70f6e4b8771965a30ecfb6d1c6015df350ca55 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Mon, 19 Nov 2012 14:37:28 +0100
 Subject: [PATCH] Always use i386.
@@ -8,10 +8,10 @@ Subject: [PATCH] Always use i386.
  1 file changed, 2 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 3c13076b82..93af30321d 100644
+index b3bdfad1eb..411322a27f 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3945,6 +3945,8 @@ AC_SUBST(vendorarchdir)dnl
+@@ -4536,6 +4536,8 @@ AC_SUBST(vendorarchdir)dnl
  AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
  AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl
  
@@ -20,6 +20,3 @@ index 3c13076b82..93af30321d 100644
  AS_IF([test "${universal_binary-no}" = yes ], [
      arch="universal-${target_os}"
      AS_IF([test "${rb_cv_architecture_available}" = yes], [
--- 
-1.8.3.1
-

ruby-2.1.0-custom-rubygems-location.patch

@@ -1,4 +1,4 @@
-From 94da59aafacc6a9efe829529eb51385588d6f149 Mon Sep 17 00:00:00 2001
+From c7952996ac9738a14bea0a1a971fea13460a6c94 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Fri, 11 Nov 2011 13:14:45 +0100
 Subject: [PATCH] Allow to install RubyGems into custom location, outside of
@@ -12,10 +12,10 @@ Subject: [PATCH] Allow to install RubyGems into custom location, outside of
  4 files changed, 22 insertions(+)
 
 diff --git a/configure.ac b/configure.ac
-index 93af30321d..bc13397e0e 100644
+index 411322a27f..b5f842a512 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3917,6 +3917,10 @@ AC_ARG_WITH(vendorarchdir,
+@@ -4508,6 +4508,10 @@ AC_ARG_WITH(vendorarchdir,
              [vendorarchdir=$withval],
              [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
  
@@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
      RUBY_EXEC_PREFIX=''
-@@ -3941,6 +3945,7 @@ AC_SUBST(sitearchdir)dnl
+@@ -4532,6 +4536,7 @@ AC_SUBST(sitearchdir)dnl
  AC_SUBST(vendordir)dnl
  AC_SUBST(vendorlibdir)dnl
  AC_SUBST(vendorarchdir)dnl
@@ -35,7 +35,7 @@ index 93af30321d..bc13397e0e 100644
  AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
  AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl
 diff --git a/loadpath.c b/loadpath.c
-index 623dc9d..74c5d9e 100644
+index bbfd4daa78..69677a9297 100644
 --- a/loadpath.c
 +++ b/loadpath.c
 @@ -94,6 +94,10 @@ const char ruby_initial_load_paths[] =
@@ -50,7 +50,7 @@ index 623dc9d..74c5d9e 100644
  #ifdef RUBY_THINARCH
      RUBY_ARCH_LIB_FOR(RUBY_THINARCH) "\0"
 diff --git a/template/verconf.h.tmpl b/template/verconf.h.tmpl
-index 79c003e..34f2382 100644
+index 9ba2bd6de5..4ec4ce9353 100644
 --- a/template/verconf.h.tmpl
 +++ b/template/verconf.h.tmpl
 @@ -36,6 +36,9 @@
@@ -64,10 +64,10 @@ index 79c003e..34f2382 100644
  % R = {}
  % R["ruby_version"] = '"RUBY_LIB_VERSION"'
 diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
-index e9110a17ca..76a1f0a315 100755
+index a9e6365b27..7117e65e82 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -349,6 +349,7 @@ def CONFIG.[](name, mandatory = false)
+@@ -393,6 +393,7 @@ def CONFIG.[](name, mandatory = false)
    vendorlibdir = CONFIG["vendorlibdir"]
    vendorarchlibdir = CONFIG["vendorarchdir"]
  end
@@ -75,7 +75,7 @@ index e9110a17ca..76a1f0a315 100755
  mandir = CONFIG["mandir", true]
  docdir = CONFIG["docdir", true]
  enable_shared = CONFIG["ENABLE_SHARED"] == 'yes'
-@@ -581,7 +582,16 @@ def stub
+@@ -1082,7 +1083,16 @@ def (bins = []).add(name)
  install?(:local, :comm, :lib) do
    prepare "library scripts", rubylibdir
    noinst = %w[*.txt *.rdoc *.gemspec]
@@ -92,6 +92,3 @@ index e9110a17ca..76a1f0a315 100755
  end
  
  install?(:local, :comm, :hdr, :'comm-hdr') do
--- 
-1.8.3.1
-

ruby-2.3.0-ruby_version-Add-ruby_version_dir_name-support-for-RDoc.patch

@@ -0,0 +1,22 @@
+From f833e213596b0bcfad8264a555eb5093303fb5f2 Mon Sep 17 00:00:00 2001
+From: Jarek Prokop <jprokop@redhat.com>
+Date: Thu, 25 Sep 2025 12:26:39 +0200
+Subject: [PATCH] Add ruby_version_dir_name support for RDoc.
+
+---
+ lib/rdoc/ri/paths.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/rdoc/ri/paths.rb b/lib/rdoc/ri/paths.rb
+index 8e89b04e..731f9e36 100644
+--- a/lib/rdoc/ri/paths.rb
++++ b/lib/rdoc/ri/paths.rb
+@@ -10,7 +10,7 @@ module RDoc::RI::Paths
+   #:stopdoc:
+   require 'rbconfig'
+ 
+-  version = RbConfig::CONFIG['ruby_version']
++  version = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
+ 
+   BASE    = File.join RbConfig::CONFIG['ridir'], version
+ 

ruby-2.3.0-ruby_version.patch

@@ -1,4 +1,4 @@
-From 4fc1be3af3f58621bb751c9e63c208b15c0e8d16 Mon Sep 17 00:00:00 2001
+From 5406ea4b4b13db747e5c1f8341bb257b4da04435 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Tue, 31 Mar 2015 16:21:04 +0200
 Subject: [PATCH 1/4] Use ruby_version_dir_name for versioned directories.
@@ -12,15 +12,15 @@ ruby_version_dir_name now specifies custom version string for versioned
 directories, e.g. instead of default X.Y.Z, you can specify whatever
 string.
 ---
- configure.ac        | 64 ++++++++++++++++++++++++---------------------
+ configure.ac        | 66 ++++++++++++++++++++++++---------------------
  template/ruby.pc.in |  1 +
- 2 files changed, 35 insertions(+), 30 deletions(-)
+ 2 files changed, 36 insertions(+), 31 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index 80b137e380..63cd3b4f8b 100644
+index 2bbce78fd0..9d8662369c 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3832,9 +3832,6 @@ AS_CASE(["$target_os"],
+@@ -4422,9 +4422,6 @@ AS_CASE(["$target_os"],
      rubyw_install_name='$(RUBYW_INSTALL_NAME)'
      ])
  
@@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644
  rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
  AC_ARG_WITH(rubyarchprefix,
  	    AS_HELP_STRING([--with-rubyarchprefix=DIR],
-@@ -3857,56 +3854,62 @@ AC_ARG_WITH(ridir,
+@@ -4447,57 +4444,63 @@ AC_ARG_WITH(ridir,
  AC_SUBST(ridir)
  AC_SUBST(RI_BASE_NAME)
  
@@ -46,6 +46,7 @@ index 80b137e380..63cd3b4f8b 100644
 -AS_IF([test ${RUBY_LIB_VERSION_STYLE+set}], [
 -    {
 -    echo "#define RUBY_LIB_VERSION_STYLE $RUBY_LIB_VERSION_STYLE"
+-    echo '@%:@include "confdefs.h"'
 -    echo '#define STRINGIZE(x) x'
 -    test -f revision.h -o -f "${srcdir}/revision.h" || echo '#define RUBY_REVISION 0'
 -    echo '#include "version.h"'
@@ -61,6 +62,7 @@ index 80b137e380..63cd3b4f8b 100644
 +RUBY_LIB_VERSION_STYLE='3	/* full */'
 +{
 +echo "#define RUBY_LIB_VERSION_STYLE $RUBY_LIB_VERSION_STYLE"
++echo '@%:@include "confdefs.h"'
 +echo '#define STRINGIZE(x) x'
 +test -f revision.h -o -f "${srcdir}/revision.h" || echo '#define RUBY_REVISION 0'
 +echo '#include "version.h"'
@@ -120,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644
  
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
-@@ -3923,6 +3926,7 @@ AC_SUBST(sitearchincludedir)dnl
+@@ -4514,6 +4517,7 @@ AC_SUBST(sitearchincludedir)dnl
  AC_SUBST(arch)dnl
  AC_SUBST(sitearch)dnl
  AC_SUBST(ruby_version)dnl
@@ -129,49 +131,32 @@ index 80b137e380..63cd3b4f8b 100644
  AC_SUBST(rubyarchdir)dnl
  AC_SUBST(sitedir)dnl
 diff --git a/template/ruby.pc.in b/template/ruby.pc.in
-index 8a2c066..c81b211 100644
+index 6901ec2320..9b7b787208 100644
 --- a/template/ruby.pc.in
 +++ b/template/ruby.pc.in
-@@ -9,6 +9,7 @@ MAJOR=@MAJOR@
+@@ -2,6 +2,7 @@ MAJOR=@MAJOR@
  MINOR=@MINOR@
  TEENY=@TEENY@
  ruby_version=@ruby_version@
 +ruby_version_dir_name=@ruby_version_dir_name@
  RUBY_API_VERSION=@RUBY_API_VERSION@
  RUBY_PROGRAM_VERSION=@RUBY_PROGRAM_VERSION@
- RUBY_BASE_NAME=@RUBY_BASE_NAME@
--- 
-2.1.0
+ arch=@arch@
 
-
-From 518850aba6eee76de7715aae8d37330e34b01983 Mon Sep 17 00:00:00 2001
+From baff562149499973123d2187620201be641c6538 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Tue, 31 Mar 2015 16:37:26 +0200
 Subject: [PATCH 2/4] Add ruby_version_dir_name support for RDoc.
 
 ---
- lib/rdoc/ri/paths.rb | 2 +-
- tool/rbinstall.rb    | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
+ tool/rbinstall.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/lib/rdoc/ri/paths.rb b/lib/rdoc/ri/paths.rb
-index 970cb91..5bf8230 100644
---- a/lib/rdoc/ri/paths.rb
-+++ b/lib/rdoc/ri/paths.rb
-@@ -10,7 +10,7 @@ module RDoc::RI::Paths
-   #:stopdoc:
-   require 'rbconfig'
- 
--  version = RbConfig::CONFIG['ruby_version']
-+  version = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
- 
-   BASE    = File.join RbConfig::CONFIG['ridir'], version
- 
 diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
-index d4c110e..d39c9a6 100755
+index 874c3ef1d9..a9e6365b27 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -439,7 +439,7 @@ def CONFIG.[](name, mandatory = false)
+@@ -1053,7 +1053,7 @@ def (bins = []).add(name)
  
  install?(:doc, :rdoc) do
    if $rdocdir
@@ -180,87 +165,74 @@ index d4c110e..d39c9a6 100755
      prepare "rdoc", ridatadir
      install_recursive($rdocdir, ridatadir, :no_install => rdoc_noinst, :mode => $data_mode)
    end
--- 
-2.23.0
 
-
-From 9f0ec0233f618cbb862629816b22491c3df79578 Mon Sep 17 00:00:00 2001
+From 7cf872a9a34f38d71cd2ca04ac114b4ea85cc56c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Tue, 31 Mar 2015 16:37:44 +0200
 Subject: [PATCH 3/4] Add ruby_version_dir_name support for RubyGems.
 
 ---
- lib/rubygems/defaults.rb  | 9 +++++----
+ lib/rubygems/defaults.rb  | 7 ++++---
  test/rubygems/test_gem.rb | 5 +++--
- 2 files changed, 8 insertions(+), 6 deletions(-)
+ 2 files changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb
-index d4ff4a262c..3f9a5bf590 100644
+index 90f09fc191..f6b8a03b95 100644
 --- a/lib/rubygems/defaults.rb
 +++ b/lib/rubygems/defaults.rb
-@@ -38,13 +38,13 @@ def self.default_dir
-              [
-                File.dirname(RbConfig::CONFIG['sitedir']),
-                'Gems',
--               RbConfig::CONFIG['ruby_version'],
-+               RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
-              ]
-            else
-              [
-                RbConfig::CONFIG['rubylibprefix'],
-                'gems',
--               RbConfig::CONFIG['ruby_version'],
-+               RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
-              ]
-            end
+@@ -35,7 +35,7 @@ def self.default_spec_cache_dir
+   # specified in the environment
  
-@@ -117,7 +117,8 @@ def self.user_dir
+   def self.default_dir
+-    @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version"])
++    @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"])
+   end
+ 
+   ##
+@@ -104,7 +104,8 @@ def self.user_dir
      gem_dir = File.join(Gem.user_home, ".gem")
      gem_dir = File.join(Gem.data_home, "gem") unless File.exist?(gem_dir)
      parts = [gem_dir, ruby_engine]
--    parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty?
-+    ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
+-    parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty?
++    ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
 +    parts << ruby_version_dir_name unless ruby_version_dir_name.empty?
      File.join parts
    end
  
-@@ -252,7 +253,7 @@ def self.vendor_dir # :nodoc:
-     return nil unless RbConfig::CONFIG.key? 'vendordir'
+@@ -265,7 +266,7 @@ def self.vendor_dir # :nodoc:
+     return nil unless RbConfig::CONFIG.key? "vendordir"
  
-     File.join RbConfig::CONFIG['vendordir'], 'gems',
--              RbConfig::CONFIG['ruby_version']
-+              RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
+     File.join RbConfig::CONFIG["vendordir"], "gems",
+-              RbConfig::CONFIG["ruby_version"]
++              RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
    end
  
    ##
 diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
-index b25068405d..e9fef4a311 100644
+index 74c8953904..1f3bd91d51 100644
 --- a/test/rubygems/test_gem.rb
 +++ b/test/rubygems/test_gem.rb
-@@ -1440,7 +1440,8 @@ def test_self_use_paths
+@@ -1339,7 +1339,8 @@ def test_self_use_paths
  
    def test_self_user_dir
-     parts = [@userhome, '.gem', Gem.ruby_engine]
--    parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty?
-+    ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
+     parts = [@userhome, ".gem", Gem.ruby_engine]
+-    parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty?
++    ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
 +    parts << ruby_version_dir_name unless ruby_version_dir_name.empty?
  
      FileUtils.mkdir_p File.join(parts)
  
-@@ -1516,7 +1517,7 @@ def test_self_vendor_dir
-     vendordir(File.join(@tempdir, 'vendor')) do
+@@ -1415,7 +1416,7 @@ def test_self_vendor_dir
+     vendordir(File.join(@tempdir, "vendor")) do
        expected =
-         File.join RbConfig::CONFIG['vendordir'], 'gems',
--                  RbConfig::CONFIG['ruby_version']
-+                  RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
+         File.join RbConfig::CONFIG["vendordir"], "gems",
+-                  RbConfig::CONFIG["ruby_version"]
++                  RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
  
        assert_equal expected, Gem.vendor_dir
      end
--- 
-2.1.0
 
-
-From 88c38a030c22dbf9422ece847bdfbf87d6659313 Mon Sep 17 00:00:00 2001
+From 17cb98b7b78f8bfc511feffbe061747f676055b1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Wed, 1 Apr 2015 14:55:37 +0200
 Subject: [PATCH 4/4] Let headers directories follow the configured version
@@ -271,10 +243,10 @@ Subject: [PATCH 4/4] Let headers directories follow the configured version
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index a00f2b6776..999e2d6d5d 100644
+index 9d8662369c..2bc5153141 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -107,7 +107,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
+@@ -151,7 +151,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
  RUBYW_BASE_NAME=`echo rubyw | sed "$program_transform_name"`
  AC_SUBST(RUBY_BASE_NAME)
  AC_SUBST(RUBYW_BASE_NAME)
@@ -283,6 +255,3 @@ index a00f2b6776..999e2d6d5d 100644
  
  dnl checks for alternative programs
  AC_CANONICAL_BUILD
--- 
-2.1.0
-

ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch

@@ -1,30 +0,0 @@
-From 346e147ba6480839b87046e9a9efab0bf6ed3660 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Wed, 10 Aug 2016 17:35:48 +0200
-Subject: [PATCH] Rely on ldd to detect glibc.
-
-This is just workaround, since we know we are quite sure this will be successful
-on Red Hat platforms.
-
-This workaround rhbz#1361037
----
- test/fiddle/helper.rb | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
-index 1da3d93..65148a1 100644
---- a/test/fiddle/helper.rb
-+++ b/test/fiddle/helper.rb
-@@ -139,6 +139,9 @@
-   libc_so = libm_so = "/usr/lib/libSystem.B.dylib"
- end
- 
-+# Just ignore the heuristic, because it is not reliable on all platforms.
-+libc_so = libm_so = nil
-+
- if !libc_so || !libm_so
-   ruby = EnvUtil.rubybin
-   # When the ruby binary is 32-bit and the host is 64-bit,
--- 
-2.9.2
-

ruby-2.7.0-Initialize-ABRT-hook.patch

@@ -1,4 +1,4 @@
-From eca084e4079c77c061045df9c21b219175b05228 Mon Sep 17 00:00:00 2001
+From 03b44a86b574dc0b63fd57c5f9b52b56ad3ced37 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
 Date: Mon, 6 Jan 2020 13:56:04 +0100
 Subject: [PATCH] Initialize ABRT hook.
@@ -15,15 +15,16 @@ To keep the things simple for now, load the ABRT hook via C.
 [4]: https://github.com/ruby/ruby/pull/2735
 [5]: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org/message/LH6L6YJOYQT4Y5ZNOO4SLIPTUWZ5V45Q/
 ---
- abrt.c    | 12 ++++++++++++
- common.mk |  3 ++-
- ruby.c    |  4 ++++
- 3 files changed, 18 insertions(+), 1 deletion(-)
+ abrt.c                                | 12 ++++++++++++
+ common.mk                             |  1 +
+ ruby.c                                |  4 ++++
+ spec/ruby/core/kernel/require_spec.rb |  2 ++
+ 4 files changed, 19 insertions(+)
  create mode 100644 abrt.c
 
 diff --git a/abrt.c b/abrt.c
 new file mode 100644
-index 0000000000..74b0bd5c0f
+index 0000000000..e99cb432e6
 --- /dev/null
 +++ b/abrt.c
 @@ -0,0 +1,12 @@
@@ -40,24 +41,22 @@ index 0000000000..74b0bd5c0f
 +  );
 +}
 diff --git a/common.mk b/common.mk
-index b2e5b2b6d0..f39f81da5c 100644
+index 08fee9119a..dae7d9dc00 100644
 --- a/common.mk
 +++ b/common.mk
-@@ -81,7 +81,8 @@ ENC_MK        = enc.mk
- MAKE_ENC      = -f $(ENC_MK) V="$(V)" UNICODE_HDR_DIR="$(UNICODE_HDR_DIR)" \
- 		RUBY="$(MINIRUBY)" MINIRUBY="$(MINIRUBY)" $(mflags)
+@@ -116,6 +116,7 @@ PRISM_FILES = prism/api_node.$(OBJEXT) \
+ 		prism_init.$(OBJEXT)
  
--COMMONOBJS    = array.$(OBJEXT) \
-+COMMONOBJS    = abrt.$(OBJEXT) \
-+                array.$(OBJEXT) \
+ COMMONOBJS    = \
++		abrt.$(OBJEXT) \
+ 		array.$(OBJEXT) \
  		ast.$(OBJEXT) \
  		bignum.$(OBJEXT) \
- 		class.$(OBJEXT) \
 diff --git a/ruby.c b/ruby.c
-index 60c57d6259..1eec16f2c8 100644
+index b00fc1502d..32b88f7496 100644
 --- a/ruby.c
 +++ b/ruby.c
-@@ -1489,10 +1489,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
+@@ -1773,10 +1773,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
  
  void Init_builtin_features(void);
  
@@ -69,9 +68,19 @@ index 60c57d6259..1eec16f2c8 100644
  {
      Init_builtin_features();
 +    Init_abrt();
-     rb_const_remove(rb_cObject, rb_intern_const("TMP_RUBY_PREFIX"));
  }
  
--- 
-2.24.1
-
+ void rb_call_builtin_inits(void);
+diff --git a/spec/ruby/core/kernel/require_spec.rb b/spec/ruby/core/kernel/require_spec.rb
+index 60d17242fe..a8f93b0db4 100644
+--- a/spec/ruby/core/kernel/require_spec.rb
++++ b/spec/ruby/core/kernel/require_spec.rb
+@@ -26,6 +26,8 @@
+     out = ruby_exe("puts $LOADED_FEATURES", options: '--disable-gems --disable-did-you-mean')
+     features = out.lines.map { |line| File.basename(line.chomp, '.*') }
+ 
++    # Ignore ABRT
++    features -= %w[abrt]
+     # Ignore CRuby internals
+     features -= %w[encdb transdb windows_1252 windows_31j]
+     features.reject! { |feature| feature.end_with?('-fake') }

ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch

@@ -1,34 +0,0 @@
-From 9b42fce32bff25e0569581f76f532b9d57865aef Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Mon, 27 Jul 2020 14:56:05 +0200
-Subject: [PATCH] Timeout the test_bug_reporter_add witout raising error.
-
-While timeouting the threads might be still good idea, it does not seems
-the timeout impacts the TestBugReporter#test_bug_reporter_add result,
-because the output of the child process has been already collected
-earlier.
-
-It seems that when the system is under heavy load, the thread might not
-be sheduled to finish its processing. Even finishing the child process
-might take tens of seconds and therefore the test case finish might take
-a while.
----
- test/-ext-/bug_reporter/test_bug_reporter.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/-ext-/bug_reporter/test_bug_reporter.rb b/test/-ext-/bug_reporter/test_bug_reporter.rb
-index 628fcd0340..2c677cc8a7 100644
---- a/test/-ext-/bug_reporter/test_bug_reporter.rb
-+++ b/test/-ext-/bug_reporter/test_bug_reporter.rb
-@@ -21,7 +21,7 @@ def test_bug_reporter_add
-     args = ["--disable-gems", "-r-test-/bug_reporter",
-             "-C", tmpdir]
-     stdin = "register_sample_bug_reporter(12345); Process.kill :SEGV, $$"
--    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT")
-+    assert_in_out_err(args, stdin, [], expected_stderr, encoding: "ASCII-8BIT", timeout_error: nil)
-   ensure
-     FileUtils.rm_rf(tmpdir) if tmpdir
-   end
--- 
-2.27.0
-

ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch

@@ -1,84 +0,0 @@
-From 202ff1372a40a8adf9aac74bfe8a39141b0c57e5 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 27 Sep 2021 00:38:38 +0900
-Subject: [PATCH] ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3
-
-Ruby/OpenSSL 2.1.x and 2.2.x will not support OpenSSL 3.0 API. Let's
-make extconf.rb explicitly check the version number to be within the
-acceptable range, since it will not compile anyway.
-
-Reference: https://bugs.ruby-lang.org/issues/18192
----
- ext/openssl/extconf.rb | 43 ++++++++++++++++++++++++------------------
- 1 file changed, 25 insertions(+), 18 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 264130bb..7e817ae2 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -33,9 +33,6 @@
-   have_library("ws2_32")
- end
- 
--Logging::message "=== Checking for required stuff... ===\n"
--result = pkg_config("openssl") && have_header("openssl/ssl.h")
--
- if $mingw
-   append_cflags '-D_FORTIFY_SOURCE=2'
-   append_ldflags '-fstack-protector'
-@@ -92,19 +89,33 @@ def find_openssl_library
-   return false
- end
- 
--unless result
--  unless find_openssl_library
--    Logging::message "=== Checking for required stuff failed. ===\n"
--    Logging::message "Makefile wasn't created. Fix the errors above.\n"
--    raise "OpenSSL library could not be found. You might want to use " \
--      "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
--      "is installed."
--  end
-+Logging::message "=== Checking for required stuff... ===\n"
-+pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
-+
-+if !pkg_config_found && !find_openssl_library
-+  Logging::message "=== Checking for required stuff failed. ===\n"
-+  Logging::message "Makefile wasn't created. Fix the errors above.\n"
-+  raise "OpenSSL library could not be found. You might want to use " \
-+    "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
-+    "is installed."
- end
- 
--unless checking_for("OpenSSL version is 1.0.1 or later") {
--    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
--  raise "OpenSSL >= 1.0.1 or LibreSSL is required"
-+version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
-+  is_libressl = true
-+  checking_for("LibreSSL version >= 2.5.0") {
-+    try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
-+else
-+  checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
-+    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
-+    !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
-+end
-+unless version_ok
-+  raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
-+end
-+
-+# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
-+if is_libressl && ($mswin || $mingw)
-+  $defs.push("-DNOCRYPT")
- end
- 
- Logging::message "=== Checking for OpenSSL features... ===\n"
-@@ -116,10 +127,6 @@ def find_openssl_library
-   have_func("ENGINE_load_#{name}()", "openssl/engine.h")
- }
- 
--if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
--  $defs.push("-DNOCRYPT")
--end
--
- # added in 1.0.2
- have_func("EC_curve_nist2nid")
- have_func("X509_REVOKED_dup")

ruby-3.1.0-Allow-setting-algorithm-specific-options-in-sign-and-verify.patch

@@ -1,358 +0,0 @@
-From f2cf3afc6fa1e13e960f732c0bc658ad408ee219 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 12 Jun 2020 14:12:59 +0900
-Subject: [PATCH 1/3] pkey: fix potential memory leak in PKey#sign
-
-Fix potential leak of EVP_MD_CTX object in an error path. This path is
-normally unreachable, since the size of a signature generated by any
-supported algorithms would not be larger than LONG_MAX.
----
- ext/openssl/ossl_pkey.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index df8b425a0f..7488190e0e 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -777,8 +777,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSign");
-     }
--    if (siglen > LONG_MAX)
-+    if (siglen > LONG_MAX) {
-+        EVP_MD_CTX_free(ctx);
-         rb_raise(ePKeyError, "signature would be too large");
-+    }
-     sig = ossl_str_new(NULL, (long)siglen, &state);
-     if (state) {
-         EVP_MD_CTX_free(ctx);
-@@ -799,8 +801,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSignFinal");
-     }
--    if (siglen > LONG_MAX)
-+    if (siglen > LONG_MAX) {
-+        EVP_MD_CTX_free(ctx);
-         rb_raise(ePKeyError, "signature would be too large");
-+    }
-     sig = ossl_str_new(NULL, (long)siglen, &state);
-     if (state) {
-         EVP_MD_CTX_free(ctx);
--- 
-2.32.0
-
-
-From 8b30ce20eb9e03180c28288e29a96308e594f860 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 2 Apr 2021 23:58:48 +0900
-Subject: [PATCH 2/3] pkey: prepare pkey_ctx_apply_options() for usage by other
- operations
-
-The routine to apply Hash to EVP_PKEY_CTX_ctrl_str() is currently used
-by key generation, but it is useful for other operations too. Let's
-change it to a slightly more generic name.
----
- ext/openssl/ossl_pkey.c | 22 ++++++++++++++--------
- 1 file changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index 7488190e0e..fed4a2b81f 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -198,7 +198,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
- }
- 
- static VALUE
--pkey_gen_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
-+pkey_ctx_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
- {
-     VALUE key = rb_ary_entry(i, 0), value = rb_ary_entry(i, 1);
-     EVP_PKEY_CTX *ctx = (EVP_PKEY_CTX *)ctx_v;
-@@ -214,15 +214,25 @@ pkey_gen_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
- }
- 
- static VALUE
--pkey_gen_apply_options0(VALUE args_v)
-+pkey_ctx_apply_options0(VALUE args_v)
- {
-     VALUE *args = (VALUE *)args_v;
- 
-     rb_block_call(args[1], rb_intern("each"), 0, NULL,
--                  pkey_gen_apply_options_i, args[0]);
-+                  pkey_ctx_apply_options_i, args[0]);
-     return Qnil;
- }
- 
-+static void
-+pkey_ctx_apply_options(EVP_PKEY_CTX *ctx, VALUE options, int *state)
-+{
-+    VALUE args[2];
-+    args[0] = (VALUE)ctx;
-+    args[1] = options;
-+
-+    rb_protect(pkey_ctx_apply_options0, (VALUE)args, state);
-+}
-+
- struct pkey_blocking_generate_arg {
-     EVP_PKEY_CTX *ctx;
-     EVP_PKEY *pkey;
-@@ -330,11 +340,7 @@ pkey_generate(int argc, VALUE *argv, VALUE self, int genparam)
-     }
- 
-     if (!NIL_P(options)) {
--        VALUE args[2];
--
--        args[0] = (VALUE)ctx;
--        args[1] = options;
--        rb_protect(pkey_gen_apply_options0, (VALUE)args, &state);
-+        pkey_ctx_apply_options(ctx, options, &state);
-         if (state) {
-             EVP_PKEY_CTX_free(ctx);
-             rb_jump_tag(state);
--- 
-2.32.0
-
-
-From 4c7b0f91da666961d11908b94520db4e09ce4e67 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sat, 18 Jul 2020 20:40:39 +0900
-Subject: [PATCH 3/3] pkey: allow setting algorithm-specific options in #sign
- and #verify
-
-Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
-OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
-specifying control strings for EVP_PKEY_CTX_ctrl_str().
----
- ext/openssl/ossl_pkey.c       | 113 ++++++++++++++++++++++------------
- test/openssl/test_pkey_rsa.rb |  34 +++++-----
- 2 files changed, 89 insertions(+), 58 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index fed4a2b81f..22e9f19982 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -739,33 +739,51 @@ ossl_pkey_public_to_pem(VALUE self)
- }
- 
- /*
-- *  call-seq:
-- *      pkey.sign(digest, data) -> String
-+ * call-seq:
-+ *    pkey.sign(digest, data [, options]) -> string
-  *
-- * To sign the String _data_, _digest_, an instance of OpenSSL::Digest, must
-- * be provided. The return value is again a String containing the signature.
-- * A PKeyError is raised should errors occur.
-- * Any previous state of the Digest instance is irrelevant to the signature
-- * outcome, the digest instance is reset to its initial state during the
-- * operation.
-+ * Hashes and signs the +data+ using a message digest algorithm +digest+ and
-+ * a private key +pkey+.
-  *
-- * == Example
-- *   data = 'Sign me!'
-- *   digest = OpenSSL::Digest.new('SHA256')
-- *   pkey = OpenSSL::PKey::RSA.new(2048)
-- *   signature = pkey.sign(digest, data)
-+ * See #verify for the verification operation.
-+ *
-+ * See also the man page EVP_DigestSign(3).
-+ *
-+ * +digest+::
-+ *   A String that represents the message digest algorithm name, or +nil+
-+ *   if the PKey type requires no digest algorithm.
-+ *   For backwards compatibility, this can be an instance of OpenSSL::Digest.
-+ *   Its state will not affect the signature.
-+ * +data+::
-+ *   A String. The data to be hashed and signed.
-+ * +options+::
-+ *   A Hash that contains algorithm specific control operations to \OpenSSL.
-+ *   See OpenSSL's man page EVP_PKEY_CTX_ctrl_str(3) for details.
-+ *   +options+ parameter was added in version 2.3.
-+ *
-+ * Example:
-+ *   data = "Sign me!"
-+ *   pkey = OpenSSL::PKey.generate_key("RSA", rsa_keygen_bits: 2048)
-+ *   signopts = { rsa_padding_mode: "pss" }
-+ *   signature = pkey.sign("SHA256", data, signopts)
-+ *
-+ *   # Creates a copy of the RSA key pkey, but without the private components
-+ *   pub_key = pkey.public_key
-+ *   puts pub_key.verify("SHA256", signature, data, signopts) # => true
-  */
- static VALUE
--ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-+ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
- {
-     EVP_PKEY *pkey;
-+    VALUE digest, data, options, sig;
-     const EVP_MD *md = NULL;
-     EVP_MD_CTX *ctx;
-+    EVP_PKEY_CTX *pctx;
-     size_t siglen;
-     int state;
--    VALUE sig;
- 
-     pkey = GetPrivPKeyPtr(self);
-+    rb_scan_args(argc, argv, "21", &digest, &data, &options);
-     if (!NIL_P(digest))
-         md = ossl_evp_get_digestbyname(digest);
-     StringValue(data);
-@@ -773,10 +791,17 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-     ctx = EVP_MD_CTX_new();
-     if (!ctx)
-         ossl_raise(ePKeyError, "EVP_MD_CTX_new");
--    if (EVP_DigestSignInit(ctx, NULL, md, /* engine */NULL, pkey) < 1) {
-+    if (EVP_DigestSignInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) {
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSignInit");
-     }
-+    if (!NIL_P(options)) {
-+        pkey_ctx_apply_options(pctx, options, &state);
-+        if (state) {
-+            EVP_MD_CTX_free(ctx);
-+            rb_jump_tag(state);
-+        }
-+    }
- #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
-     if (EVP_DigestSign(ctx, NULL, &siglen, (unsigned char *)RSTRING_PTR(data),
-                        RSTRING_LEN(data)) < 1) {
-@@ -828,35 +853,40 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
- }
- 
- /*
-- *  call-seq:
-- *      pkey.verify(digest, signature, data) -> String
-+ * call-seq:
-+ *    pkey.verify(digest, signature, data [, options]) -> true or false
-  *
-- * To verify the String _signature_, _digest_, an instance of
-- * OpenSSL::Digest, must be provided to re-compute the message digest of the
-- * original _data_, also a String. The return value is +true+ if the
-- * signature is valid, +false+ otherwise. A PKeyError is raised should errors
-- * occur.
-- * Any previous state of the Digest instance is irrelevant to the validation
-- * outcome, the digest instance is reset to its initial state during the
-- * operation.
-+ * Verifies the +signature+ for the +data+ using a message digest algorithm
-+ * +digest+ and a public key +pkey+.
-  *
-- * == Example
-- *   data = 'Sign me!'
-- *   digest = OpenSSL::Digest.new('SHA256')
-- *   pkey = OpenSSL::PKey::RSA.new(2048)
-- *   signature = pkey.sign(digest, data)
-- *   pub_key = pkey.public_key
-- *   puts pub_key.verify(digest, signature, data) # => true
-+ * Returns +true+ if the signature is successfully verified, +false+ otherwise.
-+ * The caller must check the return value.
-+ *
-+ * See #sign for the signing operation and an example.
-+ *
-+ * See also the man page EVP_DigestVerify(3).
-+ *
-+ * +digest+::
-+ *   See #sign.
-+ * +signature+::
-+ *   A String containing the signature to be verified.
-+ * +data+::
-+ *   See #sign.
-+ * +options+::
-+ *   See #sign. +options+ parameter was added in version 2.3.
-  */
- static VALUE
--ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
-+ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
- {
-     EVP_PKEY *pkey;
-+    VALUE digest, sig, data, options;
-     const EVP_MD *md = NULL;
-     EVP_MD_CTX *ctx;
--    int ret;
-+    EVP_PKEY_CTX *pctx;
-+    int state, ret;
- 
-     GetPKey(self, pkey);
-+    rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options);
-     ossl_pkey_check_public_key(pkey);
-     if (!NIL_P(digest))
-         md = ossl_evp_get_digestbyname(digest);
-@@ -866,10 +896,17 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
-     ctx = EVP_MD_CTX_new();
-     if (!ctx)
-         ossl_raise(ePKeyError, "EVP_MD_CTX_new");
--    if (EVP_DigestVerifyInit(ctx, NULL, md, /* engine */NULL, pkey) < 1) {
-+    if (EVP_DigestVerifyInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) {
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestVerifyInit");
-     }
-+    if (!NIL_P(options)) {
-+        pkey_ctx_apply_options(pctx, options, &state);
-+        if (state) {
-+            EVP_MD_CTX_free(ctx);
-+            rb_jump_tag(state);
-+        }
-+    }
- #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
-     ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig),
-                            RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data),
-@@ -1042,8 +1079,8 @@ Init_ossl_pkey(void)
-     rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0);
-     rb_define_method(cPKey, "public_to_pem", ossl_pkey_public_to_pem, 0);
- 
--    rb_define_method(cPKey, "sign", ossl_pkey_sign, 2);
--    rb_define_method(cPKey, "verify", ossl_pkey_verify, 3);
-+    rb_define_method(cPKey, "sign", ossl_pkey_sign, -1);
-+    rb_define_method(cPKey, "verify", ossl_pkey_verify, -1);
-     rb_define_method(cPKey, "derive", ossl_pkey_derive, -1);
- 
-     id_private_q = rb_intern("private?");
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index 88164c3b52..d1e68dbc9f 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -117,27 +117,21 @@ def test_sign_verify
-     assert_equal false, rsa1024.verify("SHA256", signature1, data)
-   end
- 
--  def test_digest_state_irrelevant_sign
-+  def test_sign_verify_options
-     key = Fixtures.pkey("rsa1024")
--    digest1 = OpenSSL::Digest.new('SHA1')
--    digest2 = OpenSSL::Digest.new('SHA1')
--    data = 'Sign me!'
--    digest1 << 'Change state of digest1'
--    sig1 = key.sign(digest1, data)
--    sig2 = key.sign(digest2, data)
--    assert_equal(sig1, sig2)
--  end
--
--  def test_digest_state_irrelevant_verify
--    key = Fixtures.pkey("rsa1024")
--    digest1 = OpenSSL::Digest.new('SHA1')
--    digest2 = OpenSSL::Digest.new('SHA1')
--    data = 'Sign me!'
--    sig = key.sign(digest1, data)
--    digest1.reset
--    digest1 << 'Change state of digest1'
--    assert(key.verify(digest1, sig, data))
--    assert(key.verify(digest2, sig, data))
-+    data = "Sign me!"
-+    pssopts = {
-+      "rsa_padding_mode" => "pss",
-+      "rsa_pss_saltlen" => 20,
-+      "rsa_mgf1_md" => "SHA1"
-+    }
-+    sig_pss = key.sign("SHA256", data, pssopts)
-+    assert_equal 128, sig_pss.bytesize
-+    assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
-+    assert_equal true, key.verify_pss("SHA256", sig_pss, data,
-+                                      salt_length: 20, mgf1_hash: "SHA1")
-+    # Defaults to PKCS #1 v1.5 padding => verification failure
-+    assert_equal false, key.verify("SHA256", sig_pss, data)
-   end
- 
-   def test_verify_empty_rsa
--- 
-2.32.0
-

ruby-3.1.0-Get-rid-of-type-punning-pointer-casts.patch

@@ -1,186 +0,0 @@
-From 104b009e26c050584e4d186c8cc4e1496a14061b Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 5 Aug 2021 20:09:25 +0900
-Subject: [PATCH] Get rid of type-punning pointer casts [Bug #18062]
-
----
- vm_eval.c       |  4 +++-
- vm_insnhelper.c |  7 +++++--
- vm_method.c     | 41 ++++++++++++++++++++++++++---------------
- 3 files changed, 34 insertions(+), 18 deletions(-)
-
-diff --git a/vm_eval.c b/vm_eval.c
-index 6d4b5c3c0b28..7ce9f157e671 100644
---- a/vm_eval.c
-+++ b/vm_eval.c
-@@ -350,9 +350,11 @@ cc_new(VALUE klass, ID mid, int argc, const rb_callable_method_entry_t *cme)
-     {
-         struct rb_class_cc_entries *ccs;
-         struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-+        VALUE ccs_data;
- 
--        if (rb_id_table_lookup(cc_tbl, mid, (VALUE*)&ccs)) {
-+        if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-             // ok
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-         }
-         else {
-             ccs = vm_ccs_create(klass, cme);
-diff --git a/vm_insnhelper.c b/vm_insnhelper.c
-index 14928b2afe8e..e186376b24d7 100644
---- a/vm_insnhelper.c
-+++ b/vm_insnhelper.c
-@@ -1637,9 +1637,11 @@ vm_search_cc(const VALUE klass, const struct rb_callinfo * const ci)
-     const ID mid = vm_ci_mid(ci);
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     struct rb_class_cc_entries *ccs = NULL;
-+    VALUE ccs_data;
- 
-     if (cc_tbl) {
--        if (rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+        if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-             const int ccs_len = ccs->len;
-             VM_ASSERT(vm_ccs_verify(ccs, mid, klass));
- 
-@@ -1706,8 +1708,9 @@ vm_search_cc(const VALUE klass, const struct rb_callinfo * const ci)
-     if (ccs == NULL) {
-         VM_ASSERT(cc_tbl != NULL);
- 
--        if (LIKELY(rb_id_table_lookup(cc_tbl, mid, (VALUE*)&ccs))) {
-+        if (LIKELY(rb_id_table_lookup(cc_tbl, mid, &ccs_data))) {
-             // rb_callable_method_entry() prepares ccs.
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-         }
-         else {
-             // TODO: required?
-diff --git a/vm_method.c b/vm_method.c
-index 016dba1dbb18..1fd0bd57f7ca 100644
---- a/vm_method.c
-+++ b/vm_method.c
-@@ -42,11 +42,11 @@ vm_ccs_dump(VALUE klass, ID target_mid)
- {
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     if (cc_tbl) {
--        const struct rb_class_cc_entries *ccs;
-+        VALUE ccs;
-         if (target_mid) {
--            if (rb_id_table_lookup(cc_tbl, target_mid, (VALUE *)&ccs)) {
-+            if (rb_id_table_lookup(cc_tbl, target_mid, &ccs)) {
-                 fprintf(stderr, "  [CCTB] %p\n", (void *)cc_tbl);
--                vm_ccs_dump_i(target_mid, (VALUE)ccs, NULL);
-+                vm_ccs_dump_i(target_mid, ccs, NULL);
-             }
-         }
-         else {
-@@ -72,11 +72,11 @@ vm_mtbl_dump(VALUE klass, ID target_mid)
-     fprintf(stderr, "# vm_mtbl\n");
-     while (klass) {
-         rp_m("  -> ", klass);
--        rb_method_entry_t *me;
-+        VALUE me;
- 
-         if (RCLASS_M_TBL(klass)) {
-             if (target_mid != 0) {
--                if (rb_id_table_lookup(RCLASS_M_TBL(klass), target_mid, (VALUE *)&me)) {
-+                if (rb_id_table_lookup(RCLASS_M_TBL(klass), target_mid, &me)) {
-                     rp_m("  [MTBL] ", me);
-                 }
-             }
-@@ -90,7 +90,7 @@ vm_mtbl_dump(VALUE klass, ID target_mid)
-         }
-         if (RCLASS_CALLABLE_M_TBL(klass)) {
-             if (target_mid != 0) {
--                if (rb_id_table_lookup(RCLASS_CALLABLE_M_TBL(klass), target_mid, (VALUE *)&me)) {
-+                if (rb_id_table_lookup(RCLASS_CALLABLE_M_TBL(klass), target_mid, &me)) {
-                     rp_m("  [CM**] ", me);
-                 }
-             }
-@@ -144,10 +144,11 @@ clear_method_cache_by_id_in_class(VALUE klass, ID mid)
-         // check only current class
- 
-         struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
--        struct rb_class_cc_entries *ccs;
-+        VALUE ccs_data;
- 
-         // invalidate CCs
--        if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+        if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+            struct rb_class_cc_entries *ccs = (struct rb_class_cc_entries *)ccs_data;
-             rb_vm_ccs_free(ccs);
-             rb_id_table_delete(cc_tbl, mid);
-             RB_DEBUG_COUNTER_INC(cc_invalidate_leaf_ccs);
-@@ -205,9 +206,10 @@ clear_method_cache_by_id_in_class(VALUE klass, ID mid)
-         }
-         else {
-             rb_vm_t *vm = GET_VM();
--            if (rb_id_table_lookup(vm->negative_cme_table, mid, (VALUE *)&cme)) {
-+            VALUE cme_data = (VALUE) cme;
-+            if (rb_id_table_lookup(vm->negative_cme_table, mid, &cme_data)) {
-                 rb_id_table_delete(vm->negative_cme_table, mid);
--                vm_me_invalidate_cache((rb_callable_method_entry_t *)cme);
-+                vm_me_invalidate_cache((rb_callable_method_entry_t *)cme_data);
- 
-                 RB_DEBUG_COUNTER_INC(cc_invalidate_negative);
-             }
-@@ -1023,6 +1025,7 @@ prepare_callable_method_entry(VALUE defined_class, ID id, const rb_method_entry_
- {
-     struct rb_id_table *mtbl;
-     const rb_callable_method_entry_t *cme;
-+    VALUE cme_data;
- 
-     if (me) {
-         if (me->defined_class == 0) {
-@@ -1032,7 +1035,8 @@ prepare_callable_method_entry(VALUE defined_class, ID id, const rb_method_entry_
- 
-             mtbl = RCLASS_CALLABLE_M_TBL(defined_class);
- 
--            if (mtbl && rb_id_table_lookup(mtbl, id, (VALUE *)&cme)) {
-+            if (mtbl && rb_id_table_lookup(mtbl, id, &cme_data)) {
-+                cme = (rb_callable_method_entry_t *)cme_data;
-                 RB_DEBUG_COUNTER_INC(mc_cme_complement_hit);
-                 VM_ASSERT(callable_method_entry_p(cme));
-                 VM_ASSERT(!METHOD_ENTRY_INVALIDATED(cme));
-@@ -1076,9 +1080,10 @@ cached_callable_method_entry(VALUE klass, ID mid)
-     ASSERT_vm_locking();
- 
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
--    struct rb_class_cc_entries *ccs;
-+    VALUE ccs_data;
- 
--    if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+    if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+        struct rb_class_cc_entries *ccs = (struct rb_class_cc_entries *)ccs_data;
-         VM_ASSERT(vm_ccs_p(ccs));
- 
-         if (LIKELY(!METHOD_ENTRY_INVALIDATED(ccs->cme))) {
-@@ -1104,12 +1109,14 @@ cache_callable_method_entry(VALUE klass, ID mid, const rb_callable_method_entry_
- 
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     struct rb_class_cc_entries *ccs;
-+    VALUE ccs_data;
- 
-     if (!cc_tbl) {
-         cc_tbl = RCLASS_CC_TBL(klass) = rb_id_table_create(2);
-     }
- 
--    if (rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+    if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+        ccs = (struct rb_class_cc_entries *)ccs_data;
-         VM_ASSERT(ccs->cme == cme);
-     }
-     else {
-@@ -1123,8 +1130,12 @@ negative_cme(ID mid)
- {
-     rb_vm_t *vm = GET_VM();
-     const rb_callable_method_entry_t *cme;
-+    VALUE cme_data;
- 
--    if (!rb_id_table_lookup(vm->negative_cme_table, mid, (VALUE *)&cme)) {
-+    if (rb_id_table_lookup(vm->negative_cme_table, mid, &cme_data)) {
-+        cme = (rb_callable_method_entry_t *)cme_data;
-+    }
-+    else {
-         cme = (rb_callable_method_entry_t *)rb_method_entry_alloc(mid, Qnil, Qnil, NULL);
-         rb_id_table_insert(vm->negative_cme_table, mid, (VALUE)cme);
-     }

ruby-3.1.0-Ignore-DW_FORM_ref_addr.patch

@@ -1,58 +0,0 @@
-From 72317b333b85eed483ad00bcd4f40944019a7c13 Mon Sep 17 00:00:00 2001
-From: "xtkoba+ruby@gmail.com" <xtkoba+ruby@gmail.com>
-Date: Fri, 13 Aug 2021 13:45:53 +0000
-Subject: [PATCH] Ignore `DW_FORM_ref_addr` [Bug #17052]
-
-Ignore `DW_FORM_ref_addr` form and other forms that are not supposed
-to be used currently.
----
- addr2line.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index fed1a8da84e5..92c6da5e3bea 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -1593,14 +1593,31 @@ di_read_cu(DebugInfoReader *reader)
- }
- 
- static void
--read_abstract_origin(DebugInfoReader *reader, uint64_t abstract_origin, line_info_t *line)
-+read_abstract_origin(DebugInfoReader *reader, uint64_t form, uint64_t abstract_origin, line_info_t *line)
- {
-     char *p = reader->p;
-     char *q = reader->q;
-     int level = reader->level;
-     DIE die;
- 
--    reader->p = reader->current_cu + abstract_origin;
-+    switch (form) {
-+      case DW_FORM_ref1:
-+      case DW_FORM_ref2:
-+      case DW_FORM_ref4:
-+      case DW_FORM_ref8:
-+      case DW_FORM_ref_udata:
-+        reader->p = reader->current_cu + abstract_origin;
-+        break;
-+      case DW_FORM_ref_addr:
-+        goto finish; /* not supported yet */
-+      case DW_FORM_ref_sig8:
-+        goto finish; /* not supported yet */
-+      case DW_FORM_ref_sup4:
-+      case DW_FORM_ref_sup8:
-+        goto finish; /* not supported yet */
-+      default:
-+        goto finish;
-+    }
-     if (!di_read_die(reader, &die)) goto finish;
- 
-     /* enumerate abbrev */
-@@ -1665,7 +1682,7 @@ debug_info_read(DebugInfoReader *reader, int num_traces, void **traces,
-                 /* 1 or 3 */
-                 break; /* goto skip_die; */
-               case DW_AT_abstract_origin:
--                read_abstract_origin(reader, v.as.uint64, &line);
-+                read_abstract_origin(reader, v.form, v.as.uint64, &line);
-                 break; /* goto skip_die; */
-             }
-         }

ruby-3.1.0-Miscellaneous-changes-for-OpenSSL-3.0-support.patch

@@ -1,142 +0,0 @@
-From 8f948ed68a4ed6c05ff66d822711e3b70ae4bb3f Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 27 Sep 2021 13:32:03 +0900
-Subject: [PATCH 1/3] ext/openssl/ossl.h: add helper macros for
- OpenSSL/LibreSSL versions
-
-Add following convenient macros:
-
- - OSSL_IS_LIBRESSL
- - OSSL_OPENSSL_PREREQ(maj, min, pat)
- - OSSL_LIBRESSL_PREREQ(maj, min, pat)
----
- ext/openssl/ossl.h | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
-index c20f506bda..a0cef29d74 100644
---- a/ext/openssl/ossl.h
-+++ b/ext/openssl/ossl.h
-@@ -43,6 +43,18 @@
- #include <openssl/evp.h>
- #include <openssl/dh.h>
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-+# define OSSL_IS_LIBRESSL 0
-+# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
-+      (OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
-+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
-+#else
-+# define OSSL_IS_LIBRESSL 1
-+# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
-+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
-+      (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
-+#endif
-+
- /*
-  * Common Module
-  */
--- 
-2.32.0
-
-
-From bbf235091e49807ece8f3a3df95bbfcc9d3ab43d Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sat, 22 Feb 2020 05:37:01 +0900
-Subject: [PATCH 2/3] ts: use TS_VERIFY_CTX_set_certs instead of
- TS_VERIFY_CTS_set_certs
-
-OpenSSL 3.0 fixed the typo in the function name and replaced the
-current 'CTS' version with a macro.
----
- ext/openssl/extconf.rb        | 5 ++++-
- ext/openssl/openssl_missing.h | 5 +++++
- ext/openssl/ossl_ts.c         | 2 +-
- 3 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 17d93443fc..09cae05b72 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -166,7 +166,7 @@ def find_openssl_library
- have_func("TS_STATUS_INFO_get0_status")
- have_func("TS_STATUS_INFO_get0_text")
- have_func("TS_STATUS_INFO_get0_failure_info")
--have_func("TS_VERIFY_CTS_set_certs")
-+have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
- have_func("TS_VERIFY_CTX_set_store")
- have_func("TS_VERIFY_CTX_add_flags")
- have_func("TS_RESP_CTX_set_time_cb")
-@@ -175,6 +175,9 @@ def find_openssl_library
- 
- # added in 1.1.1
- have_func("EVP_PKEY_check")
-+ 
-+# added in 3.0.0
-+have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
- 
- Logging::message "=== Checking done. ===\n"
- 
-diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
-index e575415f49..fe486bcfcf 100644
---- a/ext/openssl/openssl_missing.h
-+++ b/ext/openssl/openssl_missing.h
-@@ -242,4 +242,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
-     } while (0)
- #endif
- 
-+/* added in 3.0.0 */
-+#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
-+#  define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
-+#endif
-+
- #endif /* _OSSL_OPENSSL_MISSING_H_ */
-diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
-index 692c0d620f..f1da7c1947 100644
---- a/ext/openssl/ossl_ts.c
-+++ b/ext/openssl/ossl_ts.c
-@@ -820,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
-         X509_up_ref(cert);
-     }
- 
--    TS_VERIFY_CTS_set_certs(ctx, x509inter);
-+    TS_VERIFY_CTX_set_certs(ctx, x509inter);
-     TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
-     TS_VERIFY_CTX_set_store(ctx, x509st);
- 
--- 
-2.32.0
-
-
-From 5fba3bc1df93ab6abc3ea53be3393480f36ea259 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 19 Mar 2021 19:18:25 +0900
-Subject: [PATCH 3/3] ssl: use SSL_get_rbio() to check if SSL is started or not
-
-Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally
-calls SSL_get_rbio() and it's enough for our purpose.
-
-In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue
-if BIO has not been set up yet, and we would have to clean it up.
----
- ext/openssl/ossl_ssl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index 4b7efa39f5..ec430bfb0c 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -1535,8 +1535,8 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
- static inline int
- ssl_started(SSL *ssl)
- {
--    /* the FD is set in ossl_ssl_setup(), called by #connect or #accept */
--    return SSL_get_fd(ssl) >= 0;
-+    /* BIO is created through ossl_ssl_setup(), called by #connect or #accept */
-+    return SSL_get_rbio(ssl) != NULL;
- }
- 
- static void
--- 
-2.32.0
-

ruby-3.1.0-Properly-exclude-test-cases.patch

@@ -1,93 +0,0 @@
-From 96684439e96aa92e10376b5be45f006772028295 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Thu, 21 Oct 2021 13:02:38 +0200
-Subject: [PATCH] Properly exclude test cases.
-
-Lets consider the following scenario:
-
-~~~
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):001:0> p suite
-OpenSSL::TestEC
-=> OpenSSL::TestEC
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):002:0> p all_test_methods
-["test_ECPrivateKey", "test_ECPrivateKey_encrypted", "test_PUBKEY", "test_check_key", "test_derive_key", "test_dh_compute_key", "test_dsa_sign_asn1_FIPS186_3", "test_ec_group", "test_ec_key", "test_ec_point", "test_ec_point_add", "test_ec_point_mul", "test_generate", "test_marshal", "test_sign_verify", "test_sign_verify_raw"]
-=>
-["test_ECPrivateKey",
- "test_ECPrivateKey_encrypted",
- "test_PUBKEY",
- "test_check_key",
- "test_derive_key",
- "test_dh_compute_key",
- "test_dsa_sign_asn1_FIPS186_3",
- "test_ec_group",
- "test_ec_key",
- "test_ec_point",
- "test_ec_point_add",
- "test_ec_point_mul",
- "test_generate",
- "test_marshal",
- "test_sign_verify",
- "test_sign_verify_raw"]
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):003:0> p filter
-/\A(?=.*)(?!.*(?-mix:(?-mix:memory_leak)|(?-mix:OpenSSL::TestEC.test_check_key)))/
-=> /\A(?=.*)(?!.*(?-mix:(?-mix:memory_leak)|(?-mix:OpenSSL::TestEC.test_check_key)))/
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):004:0> method = "test_check_key"
-=> "test_check_key"
-~~~
-
-The intention here is to exclude the `test_check_key` test case.
-Unfortunately this does not work as expected, because the negative filter
-is never checked:
-
-~~~
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):005:0> filter === method
-=> true
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):006:0> filter === "#{suite}##{method}"
-=> false
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):007:0> filter === method || filter === "#{suite}##{method}"
-=> true
-~~~
-
-Therefore always filter against the fully qualified method name
-`#{suite}##{method}`, which should provide the expected result.
-
-However, if plain string filter is used, keep checking also only the
-method name.
-
-This resolves [Bug #16936].
----
- tool/lib/minitest/unit.rb | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/tool/lib/minitest/unit.rb b/tool/lib/minitest/unit.rb
-index c58a609bfa..d5af6cb906 100644
---- a/tool/lib/minitest/unit.rb
-+++ b/tool/lib/minitest/unit.rb
-@@ -956,9 +956,15 @@ def _run_suite suite, type
- 
-       all_test_methods = suite.send "#{type}_methods"
- 
--      filtered_test_methods = all_test_methods.find_all { |m|
--        filter === m || filter === "#{suite}##{m}"
--      }
-+      filtered_test_methods = if Regexp === filter
-+        all_test_methods.find_all { |m|
-+          filter === "#{suite}##{m}"
-+        }
-+      else
-+        all_test_methods.find_all {|m|
-+          filter === m || filter === "#{suite}##{m}"
-+        }
-+      end
- 
-       leakchecker = LeakChecker.new
- 
--- 
-2.32.0
-

ruby-3.1.0-SSL_read-EOF-handling.patch

@@ -1,16 +0,0 @@
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index 3b425ca..40e748c 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -1870,6 +1870,11 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
- 	return str;
- 
-     GetSSL(self, ssl);
-+
-+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
-+    SSL_set_options(ssl, SSL_OP_IGNORE_UNEXPECTED_EOF);
-+#endif
-+
-     io = rb_attr_get(self, id_i_io);
-     GetOpenFile(io, fptr);
-     if (ssl_started(ssl)) {

ruby-3.1.0-Support-GCCs-DWARF-5.patch

@@ -1,229 +0,0 @@
-From 3b91792d3d644d6d6b0059cb315c9fe5d3626bab Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh <mame@ruby-lang.org>
-Date: Sat, 6 Mar 2021 00:03:57 +0900
-Subject: [PATCH] Support GCC's DWARF 5 [Bug #17585]
-
-Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>
----
- addr2line.c | 119 ++++++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 97 insertions(+), 22 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index 0029cffbca..855efb40d4 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -159,11 +159,12 @@ typedef struct obj_info {
-     struct dwarf_section debug_info;
-     struct dwarf_section debug_line;
-     struct dwarf_section debug_ranges;
-+    struct dwarf_section debug_rnglists;
-     struct dwarf_section debug_str;
-     struct obj_info *next;
- } obj_info_t;
- 
--#define DWARF_SECTION_COUNT 5
-+#define DWARF_SECTION_COUNT 6
- 
- static struct dwarf_section *
- obj_dwarf_section_at(obj_info_t *obj, int n)
-@@ -173,6 +174,7 @@ obj_dwarf_section_at(obj_info_t *obj, int n)
-         &obj->debug_info,
-         &obj->debug_line,
-         &obj->debug_ranges,
-+        &obj->debug_rnglists,
-         &obj->debug_str
-     };
-     if (n < 0 || DWARF_SECTION_COUNT <= n) {
-@@ -411,7 +413,7 @@ parse_debug_line_cu(int num_traces, void **traces, char **debug_line,
- 	    FILL_LINE();
- 	    break;
- 	case DW_LNS_advance_pc:
--	    a = uleb128((char **)&p);
-+	    a = uleb128((char **)&p) * header.minimum_instruction_length;
- 	    addr += a;
- 	    break;
- 	case DW_LNS_advance_line: {
-@@ -451,7 +453,7 @@ parse_debug_line_cu(int num_traces, void **traces, char **debug_line,
- 	    /* isa = (unsigned int)*/(void)uleb128((char **)&p);
- 	    break;
- 	case 0:
--	    a = *(unsigned char *)p++;
-+	    a = uleb128((char **)&p);
- 	    op = *p++;
- 	    switch (op) {
- 	    case DW_LNE_end_sequence:
-@@ -808,6 +810,18 @@ enum
-     DW_FORM_addrx4 = 0x2c
- };
- 
-+/* Range list entry encodings */
-+enum {
-+    DW_RLE_end_of_list = 0x00,
-+    DW_RLE_base_addressx = 0x01,
-+    DW_RLE_startx_endx = 0x02,
-+    DW_RLE_startx_length = 0x03,
-+    DW_RLE_offset_pair = 0x04,
-+    DW_RLE_base_address = 0x05,
-+    DW_RLE_start_end = 0x06,
-+    DW_RLE_start_length = 0x07
-+};
-+
- enum {
-     VAL_none = 0,
-     VAL_cstr = 1,
-@@ -961,6 +975,23 @@ debug_info_reader_init(DebugInfoReader *reader, obj_info_t *obj)
-     reader->current_low_pc = 0;
- }
- 
-+static void
-+di_skip_die_attributes(char **p)
-+{
-+    for (;;) {
-+        uint64_t at = uleb128(p);
-+        uint64_t form = uleb128(p);
-+        if (!at && !form) break;
-+        switch (form) {
-+          default:
-+            break;
-+          case DW_FORM_implicit_const:
-+            sleb128(p);
-+            break;
-+        }
-+    }
-+}
-+
- static void
- di_read_debug_abbrev_cu(DebugInfoReader *reader)
- {
-@@ -975,12 +1006,7 @@ di_read_debug_abbrev_cu(DebugInfoReader *reader)
-         prev = abbrev_number;
-         uleb128(&p); /* tag */
-         p++; /* has_children */
--        /* skip content */
--        for (;;) {
--            uint64_t at = uleb128(&p);
--            uint64_t form = uleb128(&p);
--            if (!at && !form) break;
--        }
-+        di_skip_die_attributes(&p);
-     }
- }
- 
-@@ -1244,12 +1270,7 @@ di_find_abbrev(DebugInfoReader *reader, uint64_t abbrev_number)
-     /* skip 255th record */
-     uleb128(&p); /* tag */
-     p++; /* has_children */
--    /* skip content */
--    for (;;) {
--        uint64_t at = uleb128(&p);
--        uint64_t form = uleb128(&p);
--        if (!at && !form) break;
--    }
-+    di_skip_die_attributes(&p);
-     for (uint64_t n = uleb128(&p); abbrev_number != n; n = uleb128(&p)) {
-         if (n == 0) {
-             fprintf(stderr,"%d: Abbrev Number %"PRId64" not found\n",__LINE__, abbrev_number);
-@@ -1257,12 +1278,7 @@ di_find_abbrev(DebugInfoReader *reader, uint64_t abbrev_number)
-         }
-         uleb128(&p); /* tag */
-         p++; /* has_children */
--        /* skip content */
--        for (;;) {
--            uint64_t at = uleb128(&p);
--            uint64_t form = uleb128(&p);
--            if (!at && !form) break;
--        }
-+        di_skip_die_attributes(&p);
-     }
-     return p;
- }
-@@ -1390,6 +1406,21 @@ ranges_set(ranges_t *ptr, DebugInfoValue *v)
-     }
- }
- 
-+static uint64_t
-+read_dw_form_addr(DebugInfoReader *reader, char **ptr)
-+{
-+    char *p = *ptr;
-+    *ptr = p + reader->format;
-+    if (reader->format == 4) {
-+        return read_uint32(&p);
-+    } else if (reader->format == 8) {
-+        return read_uint64(&p);
-+    } else {
-+        fprintf(stderr,"unknown address_size:%d", reader->address_size);
-+        abort();
-+    }
-+}
-+
- static uintptr_t
- ranges_include(DebugInfoReader *reader, ranges_t *ptr, uint64_t addr)
- {
-@@ -1403,8 +1434,50 @@ ranges_include(DebugInfoReader *reader, ranges_t *ptr, uint64_t addr)
-     }
-     else if (ptr->ranges_set) {
-         /* TODO: support base address selection entry */
--        char *p = reader->obj->debug_ranges.ptr + ptr->ranges;
-+        char *p;
-         uint64_t base = ptr->low_pc_set ? ptr->low_pc : reader->current_low_pc;
-+        if (reader->obj->debug_rnglists.ptr) {
-+            p = reader->obj->debug_rnglists.ptr + ptr->ranges;
-+            for (;;) {
-+                uint8_t rle = read_uint8(&p);
-+                uintptr_t base_address = 0;
-+                uintptr_t from, to;
-+                if (rle == DW_RLE_end_of_list) break;
-+                switch (rle) {
-+                  case DW_RLE_base_addressx:
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_startx_endx:
-+                    uleb128(&p);
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_startx_length:
-+                    uleb128(&p);
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_offset_pair:
-+                    from = base_address + uleb128(&p);
-+                    to = base_address + uleb128(&p);
-+                    if (base + from <= addr && addr < base + to) {
-+                        return from;
-+                    }
-+                    break;
-+                  case DW_RLE_base_address:
-+                    base_address = read_dw_form_addr(reader, &p);
-+                    break;
-+                  case DW_RLE_start_end:
-+                    read_dw_form_addr(reader, &p);
-+                    read_dw_form_addr(reader, &p);
-+                    break;
-+                  case DW_RLE_start_length:
-+                    read_dw_form_addr(reader, &p);
-+                    uleb128(&p);
-+                    break;
-+                }
-+            }
-+            return false;
-+        }
-+        p = reader->obj->debug_ranges.ptr + ptr->ranges;
-         for (;;) {
-             uintptr_t from = read_uintptr(&p);
-             uintptr_t to = read_uintptr(&p);
-@@ -1750,6 +1823,7 @@ fill_lines(int num_traces, void **traces, int check_debuglink,
-                     ".debug_info",
-                     ".debug_line",
-                     ".debug_ranges",
-+                    ".debug_rnglists",
-                     ".debug_str"
-                 };
- 
-@@ -2006,6 +2080,7 @@ found_mach_header:
-                     "__debug_info",
-                     "__debug_line",
-                     "__debug_ranges",
-+                    "__debug_rnglists",
-                     "__debug_str"
-                 };
-                 struct LP(segment_command) *scmd = (struct LP(segment_command) *)lcmd;

ruby-3.1.0-Use-EVP-API-in-more-places.patch

@@ -1,831 +0,0 @@
-From cf070378020088cd7e69b1cb08be68152ab8a078 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sun, 17 May 2020 18:25:38 +0900
-Subject: [PATCH 1/3] pkey: implement #to_text using EVP API
-
-Use EVP_PKEY_print_private() instead of the low-level API *_print()
-functions, such as RSA_print().
-
-EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.
-
-Note that it falls back to EVP_PKEY_print_public() and
-EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
-type for which _private() fails if the private component is not set in
-the pkey object.
-
-Since the new API works in the same way for all key types, we now
-implement #to_text in the base class OpenSSL::PKey::PKey rather than in
-each subclass.
----
- ext/openssl/ossl_pkey.c     | 38 +++++++++++++++++++++++++++++++++++++
- ext/openssl/ossl_pkey_dh.c  | 29 ----------------------------
- ext/openssl/ossl_pkey_dsa.c | 29 ----------------------------
- ext/openssl/ossl_pkey_ec.c  | 27 --------------------------
- ext/openssl/ossl_pkey_rsa.c | 31 ------------------------------
- test/openssl/test_pkey.rb   |  5 +++++
- 6 files changed, 43 insertions(+), 116 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index f9282b9417..21cd4b2cda 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -539,6 +539,43 @@ ossl_pkey_inspect(VALUE self)
-                       OBJ_nid2sn(nid));
- }
- 
-+/*
-+ * call-seq:
-+ *    pkey.to_text -> string
-+ *
-+ * Dumps key parameters, public key, and private key components contained in
-+ * the key into a human-readable text.
-+ *
-+ * This is intended for debugging purpose.
-+ *
-+ * See also the man page EVP_PKEY_print_private(3).
-+ */
-+static VALUE
-+ossl_pkey_to_text(VALUE self)
-+{
-+    EVP_PKEY *pkey;
-+    BIO *bio;
-+
-+    GetPKey(self, pkey);
-+    if (!(bio = BIO_new(BIO_s_mem())))
-+        ossl_raise(ePKeyError, "BIO_new");
-+
-+    if (EVP_PKEY_print_private(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+    OSSL_BIO_reset(bio);
-+    if (EVP_PKEY_print_public(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+    OSSL_BIO_reset(bio);
-+    if (EVP_PKEY_print_params(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+
-+    BIO_free(bio);
-+    ossl_raise(ePKeyError, "EVP_PKEY_print_params");
-+
-+  out:
-+    return ossl_membio2str(bio);
-+}
-+
- VALUE
- ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der)
- {
-@@ -1039,6 +1076,7 @@ Init_ossl_pkey(void)
-     rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
-     rb_define_method(cPKey, "oid", ossl_pkey_oid, 0);
-     rb_define_method(cPKey, "inspect", ossl_pkey_inspect, 0);
-+    rb_define_method(cPKey, "to_text", ossl_pkey_to_text, 0);
-     rb_define_method(cPKey, "private_to_der", ossl_pkey_private_to_der, -1);
-     rb_define_method(cPKey, "private_to_pem", ossl_pkey_private_to_pem, -1);
-     rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0);
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index 6b477b077c..acd3bf474e 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -266,34 +266,6 @@ ossl_dh_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *     dh.to_text -> aString
-- *
-- * Prints all parameters of key to buffer
-- * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
-- * Don't use :-)) (I's up to you)
-- */
--static VALUE
--ossl_dh_to_text(VALUE self)
--{
--    DH *dh;
--    BIO *out;
--    VALUE str;
--
--    GetDH(self, dh);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eDHError, NULL);
--    }
--    if (!DHparams_print(out, dh)) {
--	BIO_free(out);
--	ossl_raise(eDHError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *     dh.public_key -> aDH
-@@ -426,7 +398,6 @@ Init_ossl_dh(void)
-     rb_define_method(cDH, "initialize_copy", ossl_dh_initialize_copy, 1);
-     rb_define_method(cDH, "public?", ossl_dh_is_public, 0);
-     rb_define_method(cDH, "private?", ossl_dh_is_private, 0);
--    rb_define_method(cDH, "to_text", ossl_dh_to_text, 0);
-     rb_define_method(cDH, "export", ossl_dh_export, 0);
-     rb_define_alias(cDH, "to_pem", "export");
-     rb_define_alias(cDH, "to_s", "export");
-diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
-index 1c5a8a737e..f017cceb4a 100644
---- a/ext/openssl/ossl_pkey_dsa.c
-+++ b/ext/openssl/ossl_pkey_dsa.c
-@@ -264,34 +264,6 @@ ossl_dsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *    dsa.to_text -> aString
-- *
-- * Prints all parameters of key to buffer
-- * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
-- * Don't use :-)) (I's up to you)
-- */
--static VALUE
--ossl_dsa_to_text(VALUE self)
--{
--    DSA *dsa;
--    BIO *out;
--    VALUE str;
--
--    GetDSA(self, dsa);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eDSAError, NULL);
--    }
--    if (!DSA_print(out, dsa, 0)) { /* offset = 0 */
--	BIO_free(out);
--	ossl_raise(eDSAError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *    dsa.public_key -> aDSA
-@@ -469,7 +441,6 @@ Init_ossl_dsa(void)
- 
-     rb_define_method(cDSA, "public?", ossl_dsa_is_public, 0);
-     rb_define_method(cDSA, "private?", ossl_dsa_is_private, 0);
--    rb_define_method(cDSA, "to_text", ossl_dsa_to_text, 0);
-     rb_define_method(cDSA, "export", ossl_dsa_export, -1);
-     rb_define_alias(cDSA, "to_pem", "export");
-     rb_define_alias(cDSA, "to_s", "export");
-diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
-index c2534251c3..ecb8305184 100644
---- a/ext/openssl/ossl_pkey_ec.c
-+++ b/ext/openssl/ossl_pkey_ec.c
-@@ -417,32 +417,6 @@ ossl_ec_key_to_der(VALUE self)
-     else
-         return ossl_pkey_export_spki(self, 1);
- }
--
--/*
-- *  call-seq:
-- *     key.to_text   => String
-- *
-- *  See the OpenSSL documentation for EC_KEY_print()
-- */
--static VALUE ossl_ec_key_to_text(VALUE self)
--{
--    EC_KEY *ec;
--    BIO *out;
--    VALUE str;
--
--    GetEC(self, ec);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eECError, "BIO_new(BIO_s_mem())");
--    }
--    if (!EC_KEY_print(out, ec, 0)) {
--	BIO_free(out);
--	ossl_raise(eECError, "EC_KEY_print");
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *     key.generate_key!   => self
-@@ -1633,7 +1607,6 @@ void Init_ossl_ec(void)
-     rb_define_method(cEC, "export", ossl_ec_key_export, -1);
-     rb_define_alias(cEC, "to_pem", "export");
-     rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0);
--    rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0);
- 
- 
-     rb_define_alloc_func(cEC_GROUP, ossl_ec_group_alloc);
-diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
-index 43f82cb29e..7a7e66dbda 100644
---- a/ext/openssl/ossl_pkey_rsa.c
-+++ b/ext/openssl/ossl_pkey_rsa.c
-@@ -587,36 +587,6 @@ ossl_rsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- * call-seq:
-- *   rsa.to_text => String
-- *
-- * THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
-- *
-- * Dumps all parameters of a keypair to a String
-- *
-- * Don't use :-)) (It's up to you)
-- */
--static VALUE
--ossl_rsa_to_text(VALUE self)
--{
--    RSA *rsa;
--    BIO *out;
--    VALUE str;
--
--    GetRSA(self, rsa);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eRSAError, NULL);
--    }
--    if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
--	BIO_free(out);
--	ossl_raise(eRSAError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  * call-seq:
-  *    rsa.public_key -> RSA
-@@ -738,7 +708,6 @@ Init_ossl_rsa(void)
- 
-     rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0);
-     rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0);
--    rb_define_method(cRSA, "to_text", ossl_rsa_to_text, 0);
-     rb_define_method(cRSA, "export", ossl_rsa_export, -1);
-     rb_define_alias(cRSA, "to_pem", "export");
-     rb_define_alias(cRSA, "to_s", "export");
-diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
-index 5307fe5b08..3630458b3c 100644
---- a/test/openssl/test_pkey.rb
-+++ b/test/openssl/test_pkey.rb
-@@ -151,4 +151,9 @@ def test_x25519
-     assert_equal bob_pem, bob.public_to_pem
-     assert_equal [shared_secret].pack("H*"), alice.derive(bob)
-   end
-+
-+  def test_to_text
-+    rsa = Fixtures.pkey("rsa1024")
-+    assert_include rsa.to_text, "publicExponent"
-+  end
- end
--- 
-2.32.0
-
-
-From 0c45b22e485bfa62f4d704b08e3704e6444118c4 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 15 Apr 2021 19:11:32 +0900
-Subject: [PATCH 2/3] pkey: implement {DH,DSA,RSA}#public_key in Ruby
-
-The low-level API that is used to implement #public_key is deprecated
-in OpenSSL 3.0. It is actually very simple to implement in another way,
-using existing methods only, in much shorter code. Let's do it.
-
-While we are at it, the documentation is updated to recommend against
-using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
-method, there is no real use case for #public_key in newly written Ruby
-programs.
----
- ext/openssl/lib/openssl/pkey.rb | 55 ++++++++++++++++++++++++++++
- ext/openssl/ossl_pkey_dh.c      | 63 +++++++--------------------------
- ext/openssl/ossl_pkey_dsa.c     | 42 ----------------------
- ext/openssl/ossl_pkey_rsa.c     | 58 +-----------------------------
- test/openssl/test_pkey_rsa.rb   | 37 ++++++++++---------
- 5 files changed, 87 insertions(+), 168 deletions(-)
-
-diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb
-index 53ee52f98b..569559e1ce 100644
---- a/ext/openssl/lib/openssl/pkey.rb
-+++ b/ext/openssl/lib/openssl/pkey.rb
-@@ -10,6 +10,30 @@ module OpenSSL::PKey
-   class DH
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    dh.public_key -> dhnew
-+    #
-+    # Returns a new DH instance that carries just the \DH parameters.
-+    #
-+    # Contrary to the method name, the returned DH object contains only
-+    # parameters and not the public key.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of re-generating the key pair while keeping the
-+    # parameters, check OpenSSL::PKey.generate_key.
-+    #
-+    # Example:
-+    #   # OpenSSL::PKey::DH.generate by default generates a random key pair
-+    #   dh1 = OpenSSL::PKey::DH.generate(2048)
-+    #   p dh1.priv_key #=> #<OpenSSL::BN 1288347...>
-+    #   dhcopy = dh1.public_key
-+    #   p dhcopy.priv_key #=> nil
-+    def public_key
-+      DH.new(to_der)
-+    end
-+
-     # :call-seq:
-     #    dh.compute_key(pub_bn) -> string
-     #
-@@ -89,6 +113,22 @@ def new(*args, &blk) # :nodoc:
-   class DSA
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    dsa.public_key -> dsanew
-+    #
-+    # Returns a new DSA instance that carries just the \DSA parameters and the
-+    # public key.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of serializing the public key, to PEM or DER encoding of
-+    # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
-+    # PKey#public_to_der.
-+    def public_key
-+      OpenSSL::PKey.read(public_to_der)
-+    end
-+
-     class << self
-       # :call-seq:
-       #    DSA.generate(size) -> dsa
-@@ -159,6 +199,21 @@ def to_bn(conversion_form = group.point_conversion_form)
-   class RSA
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    rsa.public_key -> rsanew
-+    #
-+    # Returns a new RSA instance that carries just the public key components.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of serializing the public key, to PEM or DER encoding of
-+    # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
-+    # PKey#public_to_der.
-+    def public_key
-+      OpenSSL::PKey.read(public_to_der)
-+    end
-+
-     class << self
-       # :call-seq:
-       #    RSA.generate(size, exponent = 65537) -> RSA
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index acd3bf474e..a512b209d3 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -266,48 +266,6 @@ ossl_dh_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *     dh.public_key -> aDH
-- *
-- * Returns a new DH instance that carries just the public information, i.e.
-- * the prime _p_ and the generator _g_, but no public/private key yet. Such
-- * a pair may be generated using DH#generate_key!. The "public key" needed
-- * for a key exchange with DH#compute_key is considered as per-session
-- * information and may be retrieved with DH#pub_key once a key pair has
-- * been generated.
-- * If the current instance already contains private information (and thus a
-- * valid public/private key pair), this information will no longer be present
-- * in the new instance generated by DH#public_key. This feature is helpful for
-- * publishing the Diffie-Hellman parameters without leaking any of the private
-- * per-session information.
-- *
-- * === Example
-- *  dh = OpenSSL::PKey::DH.new(2048) # has public and private key set
-- *  public_key = dh.public_key # contains only prime and generator
-- *  parameters = public_key.to_der # it's safe to publish this
-- */
--static VALUE
--ossl_dh_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey;
--    DH *orig_dh, *dh;
--    VALUE obj;
--
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey);
--
--    GetDH(self, orig_dh);
--    dh = DHparams_dup(orig_dh);
--    if (!dh)
--        ossl_raise(eDHError, "DHparams_dup");
--    if (!EVP_PKEY_assign_DH(pkey, dh)) {
--        DH_free(dh);
--        ossl_raise(eDHError, "EVP_PKEY_assign_DH");
--    }
--    return obj;
--}
--
- /*
-  *  call-seq:
-  *     dh.params_ok? -> true | false
-@@ -384,14 +342,20 @@ Init_ossl_dh(void)
-      *   The per-session private key, an OpenSSL::BN.
-      *
-      * === Example of a key exchange
--     *  dh1 = OpenSSL::PKey::DH.new(2048)
--     *  der = dh1.public_key.to_der #you may send this publicly to the participating party
--     *  dh2 = OpenSSL::PKey::DH.new(der)
--     *  dh2.generate_key! #generate the per-session key pair
--     *  symm_key1 = dh1.compute_key(dh2.pub_key)
--     *  symm_key2 = dh2.compute_key(dh1.pub_key)
-+     *   # you may send the parameters (der) and own public key (pub1) publicly
-+     *   # to the participating party
-+     *   dh1 = OpenSSL::PKey::DH.new(2048)
-+     *   der = dh1.to_der
-+     *   pub1 = dh1.pub_key
-+     *
-+     *   # the other party generates its per-session key pair
-+     *   dhparams = OpenSSL::PKey::DH.new(der)
-+     *   dh2 = OpenSSL::PKey.generate_key(dhparams)
-+     *   pub2 = dh2.pub_key
-      *
--     *  puts symm_key1 == symm_key2 # => true
-+     *   symm_key1 = dh1.compute_key(pub2)
-+     *   symm_key2 = dh2.compute_key(pub1)
-+     *   puts symm_key1 == symm_key2 # => true
-      */
-     cDH = rb_define_class_under(mPKey, "DH", cPKey);
-     rb_define_method(cDH, "initialize", ossl_dh_initialize, -1);
-@@ -402,7 +366,6 @@ Init_ossl_dh(void)
-     rb_define_alias(cDH, "to_pem", "export");
-     rb_define_alias(cDH, "to_s", "export");
-     rb_define_method(cDH, "to_der", ossl_dh_to_der, 0);
--    rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0);
-     rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0);
- 
-     DEF_OSSL_PKEY_BN(cDH, dh, p);
-diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
-index f017cceb4a..ab9ac781e8 100644
---- a/ext/openssl/ossl_pkey_dsa.c
-+++ b/ext/openssl/ossl_pkey_dsa.c
-@@ -264,47 +264,6 @@ ossl_dsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *    dsa.public_key -> aDSA
-- *
-- * Returns a new DSA instance that carries just the public key information.
-- * If the current instance has also private key information, this will no
-- * longer be present in the new instance. This feature is helpful for
-- * publishing the public key information without leaking any of the private
-- * information.
-- *
-- * === Example
-- *  dsa = OpenSSL::PKey::DSA.new(2048) # has public and private information
-- *  pub_key = dsa.public_key # has only the public part available
-- *  pub_key_der = pub_key.to_der # it's safe to publish this
-- *
-- *
-- */
--static VALUE
--ossl_dsa_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey, *pkey_new;
--    DSA *dsa;
--    VALUE obj;
--
--    GetPKeyDSA(self, pkey);
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey_new);
--
--#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
--	(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
--    dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey));
--#undef DSAPublicKey_dup
--    if (!dsa)
--        ossl_raise(eDSAError, "DSAPublicKey_dup");
--    if (!EVP_PKEY_assign_DSA(pkey_new, dsa)) {
--        DSA_free(dsa);
--        ossl_raise(eDSAError, "EVP_PKEY_assign_DSA");
--    }
--    return obj;
--}
--
- /*
-  *  call-seq:
-  *    dsa.syssign(string) -> aString
-@@ -445,7 +404,6 @@ Init_ossl_dsa(void)
-     rb_define_alias(cDSA, "to_pem", "export");
-     rb_define_alias(cDSA, "to_s", "export");
-     rb_define_method(cDSA, "to_der", ossl_dsa_to_der, 0);
--    rb_define_method(cDSA, "public_key", ossl_dsa_to_public_key, 0);
-     rb_define_method(cDSA, "syssign", ossl_dsa_sign, 1);
-     rb_define_method(cDSA, "sysverify", ossl_dsa_verify, 2);
- 
-diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
-index 7a7e66dbda..1c5476cdcd 100644
---- a/ext/openssl/ossl_pkey_rsa.c
-+++ b/ext/openssl/ossl_pkey_rsa.c
-@@ -390,7 +390,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
-  *   data = "Sign me!"
-  *   pkey = OpenSSL::PKey::RSA.new(2048)
-  *   signature = pkey.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
-- *   pub_key = pkey.public_key
-+ *   pub_key = OpenSSL::PKey.read(pkey.public_to_der)
-  *   puts pub_key.verify_pss("SHA256", signature, data,
-  *                           salt_length: :auto, mgf1_hash: "SHA256") # => true
-  */
-@@ -587,61 +587,6 @@ ossl_rsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- * call-seq:
-- *    rsa.public_key -> RSA
-- *
-- * Makes new RSA instance containing the public key from the private key.
-- */
--static VALUE
--ossl_rsa_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey, *pkey_new;
--    RSA *rsa;
--    VALUE obj;
--
--    GetPKeyRSA(self, pkey);
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey_new);
--
--    rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
--    if (!rsa)
--        ossl_raise(eRSAError, "RSAPublicKey_dup");
--    if (!EVP_PKEY_assign_RSA(pkey_new, rsa)) {
--        RSA_free(rsa);
--        ossl_raise(eRSAError, "EVP_PKEY_assign_RSA");
--    }
--    return obj;
--}
--
--/*
-- * TODO: Test me
--
--static VALUE
--ossl_rsa_blinding_on(VALUE self)
--{
--    RSA *rsa;
--
--    GetRSA(self, rsa);
--
--    if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) {
--	ossl_raise(eRSAError, NULL);
--    }
--    return self;
--}
--
--static VALUE
--ossl_rsa_blinding_off(VALUE self)
--{
--    RSA *rsa;
--
--    GetRSA(self, rsa);
--    RSA_blinding_off(rsa);
--
--    return self;
--}
-- */
--
- /*
-  * Document-method: OpenSSL::PKey::RSA#set_key
-  * call-seq:
-@@ -712,7 +657,6 @@ Init_ossl_rsa(void)
-     rb_define_alias(cRSA, "to_pem", "export");
-     rb_define_alias(cRSA, "to_s", "export");
-     rb_define_method(cRSA, "to_der", ossl_rsa_to_der, 0);
--    rb_define_method(cRSA, "public_key", ossl_rsa_to_public_key, 0);
-     rb_define_method(cRSA, "public_encrypt", ossl_rsa_public_encrypt, -1);
-     rb_define_method(cRSA, "public_decrypt", ossl_rsa_public_decrypt, -1);
-     rb_define_method(cRSA, "private_encrypt", ossl_rsa_private_encrypt, -1);
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index d1e68dbc9f..5f8d04e754 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -69,29 +69,28 @@ def test_private
-   end
- 
-   def test_new
--    key = OpenSSL::PKey::RSA.new 512
--    pem  = key.public_key.to_pem
--    OpenSSL::PKey::RSA.new pem
--    assert_equal([], OpenSSL.errors)
--  end
-+    key = OpenSSL::PKey::RSA.new(512)
-+    assert_equal 512, key.n.num_bits
-+    assert_equal 65537, key.e
-+    assert_not_nil key.d
- 
--  def test_new_exponent_default
--    assert_equal(65537, OpenSSL::PKey::RSA.new(512).e)
-+    # Specify public exponent
-+    key2 = OpenSSL::PKey::RSA.new(512, 3)
-+    assert_equal 512, key2.n.num_bits
-+    assert_equal 3, key2.e
-+    assert_not_nil key2.d
-   end
- 
--  def test_new_with_exponent
--    1.upto(30) do |idx|
--      e = (2 ** idx) + 1
--      key = OpenSSL::PKey::RSA.new(512, e)
--      assert_equal(e, key.e)
--    end
--  end
-+  def test_s_generate
-+    key1 = OpenSSL::PKey::RSA.generate(512)
-+    assert_equal 512, key1.n.num_bits
-+    assert_equal 65537, key1.e
- 
--  def test_generate
--    key = OpenSSL::PKey::RSA.generate(512, 17)
--    assert_equal 512, key.n.num_bits
--    assert_equal 17, key.e
--    assert_not_nil key.d
-+    # Specify public exponent
-+    key2 = OpenSSL::PKey::RSA.generate(512, 3)
-+    assert_equal 512, key2.n.num_bits
-+    assert_equal 3, key2.e
-+    assert_not_nil key2.d
-   end
- 
-   def test_new_break
--- 
-2.32.0
-
-
-From 2150af0e55b2a25c24f62006e27e0aec3dc81b57 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 10 Jul 2020 14:34:51 +0900
-Subject: [PATCH 3/3] pkey/dh, pkey/ec: use EVP_PKEY_check() family
-
-Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
-use EVP_PKEY_public_check() instead of EC_KEY_check_key().
-
-EVP_PKEY_*check() is part of the EVP API and is meant to replace those
-low-level functions. They were added by OpenSSL 1.1.1. It is currently
-not provided by LibreSSL.
----
- ext/openssl/extconf.rb       |  3 +++
- ext/openssl/ossl_pkey_dh.c   | 27 +++++++++++++++++++++++----
- ext/openssl/ossl_pkey_ec.c   | 23 +++++++++++++++++++----
- test/openssl/test_pkey_dh.rb | 16 ++++++++++++++++
- 4 files changed, 61 insertions(+), 8 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index b3c6647faf..17d93443fc 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -173,6 +173,9 @@ def find_openssl_library
- have_func("EVP_PBE_scrypt")
- have_func("SSL_CTX_set_post_handshake_auth")
- 
-+# added in 1.1.1
-+have_func("EVP_PKEY_check")
-+
- Logging::message "=== Checking done. ===\n"
- 
- create_header
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index a512b209d3..ca782bbe59 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -273,19 +273,38 @@ ossl_dh_get_params(VALUE self)
-  * Validates the Diffie-Hellman parameters associated with this instance.
-  * It checks whether a safe prime and a suitable generator are used. If this
-  * is not the case, +false+ is returned.
-+ *
-+ * See also the man page EVP_PKEY_param_check(3).
-  */
- static VALUE
- ossl_dh_check_params(VALUE self)
- {
-+    int ret;
-+#ifdef HAVE_EVP_PKEY_CHECK
-+    EVP_PKEY *pkey;
-+    EVP_PKEY_CTX *pctx;
-+
-+    GetPKey(self, pkey);
-+    pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
-+    if (!pctx)
-+        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
-+    ret = EVP_PKEY_param_check(pctx);
-+    EVP_PKEY_CTX_free(pctx);
-+#else
-     DH *dh;
-     int codes;
- 
-     GetDH(self, dh);
--    if (!DH_check(dh, &codes)) {
--	return Qfalse;
--    }
-+    ret = DH_check(dh, &codes) == 1 && codes == 0;
-+#endif
- 
--    return codes == 0 ? Qtrue : Qfalse;
-+    if (ret == 1)
-+        return Qtrue;
-+    else {
-+        /* DH_check_ex() will put error entry on failure */
-+        ossl_clear_error();
-+        return Qfalse;
-+    }
- }
- 
- /*
-diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
-index ecb8305184..829529d4b9 100644
---- a/ext/openssl/ossl_pkey_ec.c
-+++ b/ext/openssl/ossl_pkey_ec.c
-@@ -443,20 +443,35 @@ static VALUE ossl_ec_key_generate_key(VALUE self)
- }
- 
- /*
-- *  call-seq:
-- *     key.check_key   => true
-+ * call-seq:
-+ *    key.check_key   => true
-  *
-- *  Raises an exception if the key is invalid.
-+ * Raises an exception if the key is invalid.
-  *
-- *  See the OpenSSL documentation for EC_KEY_check_key()
-+ * See also the man page EVP_PKEY_public_check(3).
-  */
- static VALUE ossl_ec_key_check_key(VALUE self)
- {
-+#ifdef HAVE_EVP_PKEY_CHECK
-+    EVP_PKEY *pkey;
-+    EVP_PKEY_CTX *pctx;
-+    int ret;
-+
-+    GetPKey(self, pkey);
-+    pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
-+    if (!pctx)
-+        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
-+    ret = EVP_PKEY_public_check(pctx);
-+    EVP_PKEY_CTX_free(pctx);
-+    if (ret != 1)
-+        ossl_raise(eECError, "EVP_PKEY_public_check");
-+#else
-     EC_KEY *ec;
- 
-     GetEC(self, ec);
-     if (EC_KEY_check_key(ec) != 1)
- 	ossl_raise(eECError, "EC_KEY_check_key");
-+#endif
- 
-     return Qtrue;
- }
-diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
-index 279ce1984c..f80af8f841 100644
---- a/test/openssl/test_pkey_dh.rb
-+++ b/test/openssl/test_pkey_dh.rb
-@@ -86,6 +86,22 @@ def test_key_exchange
-     assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key))
-   end
- 
-+  def test_params_ok?
-+    dh0 = Fixtures.pkey("dh1024")
-+
-+    dh1 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([
-+      OpenSSL::ASN1::Integer(dh0.p),
-+      OpenSSL::ASN1::Integer(dh0.g)
-+    ]))
-+    assert_equal(true, dh1.params_ok?)
-+
-+    dh2 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([
-+      OpenSSL::ASN1::Integer(dh0.p + 1),
-+      OpenSSL::ASN1::Integer(dh0.g)
-+    ]))
-+    assert_equal(false, dh2.params_ok?)
-+  end
-+
-   def test_dup
-     dh = Fixtures.pkey("dh1024")
-     dh2 = dh.dup
--- 
-2.32.0
-

ruby-3.1.0-addr2line-DW_FORM_ref_addr.patch

@@ -1,29 +0,0 @@
-From a9977ba2f9863e3fb1b2346589ebbca67d80536c Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Sat, 14 Aug 2021 10:08:19 +0900
-Subject: [PATCH] Constified addr2line.c
-
----
- addr2line.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index 8ee4416650d3..fed1a8da84e5 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -1138,12 +1138,12 @@ debug_info_reader_read_value(DebugInfoReader *reader, uint64_t form, DebugInfoVa
-         set_uint_value(v, read_uleb128(reader));
-         break;
-       case DW_FORM_ref_addr:
--        if (reader->address_size == 4) {
-+        if (reader->format == 4) {
-             set_uint_value(v, read_uint32(&reader->p));
--        } else if (reader->address_size == 8) {
-+        } else if (reader->format == 8) {
-             set_uint_value(v, read_uint64(&reader->p));
-         } else {
--            fprintf(stderr,"unknown address_size:%d", reader->address_size);
-+            fprintf(stderr,"unknown format:%d", reader->format);
-             abort();
-         }
-         break;

ruby-3.1.0-autoconf-2.70-add-ac-prog-cc.patch

@@ -1,27 +0,0 @@
-From 912a8dcfc5369d840dcd6bf0f88ee0bac7d902d6 Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 30 Sep 2021 18:24:37 +0900
-Subject: [PATCH] Needs `AC_PROG_CC`
-
-Although `AC_PROG_CC_C99` has been obsolete, `AC_PROG_CC` is not
-and the latter is necessary not to make C++ compiler mandatory.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index b24a8f59b0..c7059ee1ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -203,7 +203,7 @@ rb_test_CXXFLAGS=${CXXFLAGS+yes}
- # BSD's ports and MacPorts prefix GNU binutils with 'g'
- 
- dnl Seems necessarily in order to add -std=gnu99 option for gcc 4.9.
--m4_version_prereq([2.70], [], [AC_PROG_CC_C99])
-+m4_version_prereq([2.70], [AC_PROG_CC], [AC_PROG_CC_C99])
- 
- AC_PROG_CXX
- AC_PROG_CPP
--- 
-2.31.1
-

ruby-3.1.0-test-openssl-test_digest-do-not-test-constants-for-l.patch

@@ -1,29 +0,0 @@
-From b4b5eab2a5fd0e9ac62c01102dd26d0a433c5683 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 18 May 2020 02:17:28 +0900
-Subject: [PATCH] test/openssl/test_digest: do not test constants for legacy
- algorithms
-
-Remove availability test for MD4 and RIPEMD160 as they are considered
-legacy and may be missing depending on the compile-time options of
-OpenSSL. OpenSSL 3.0 by default disables them.
----
- test/openssl/test_digest.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb
-index 8d7046e831..84c128c12f 100644
---- a/test/openssl/test_digest.rb
-+++ b/test/openssl/test_digest.rb
-@@ -54,7 +54,7 @@ def test_reset
-   end
- 
-   def test_digest_constants
--    %w{MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
-+    %w{MD5 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
-       assert_not_nil(OpenSSL::Digest.new(name))
-       klass = OpenSSL::Digest.const_get(name.tr('-', '_'))
-       assert_not_nil(klass.new)
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_pkcs12-fix-test-failures-with-Open.patch

@@ -1,439 +0,0 @@
-From 9596788bdd2d061bef042485af14262e9fc4020c Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 13 Aug 2020 23:20:55 +0900
-Subject: [PATCH] test/openssl/test_pkcs12: fix test failures with OpenSSL 3.0
-
-OpenSSL's PKCS12_create() by default uses pbewithSHAAnd40BitRC2-CBC for
-encryption of the certificates. However, in OpenSSL 3.0, the algorithm
-is part of the legacy provider and is not enabled by default.
-
-Specify another algorithm that is still in the default provider for
-these test cases.
----
- test/openssl/test_pkcs12.rb | 297 ++++++++++++++++++------------------
- 1 file changed, 149 insertions(+), 148 deletions(-)
-
-diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb
-index fdbe753b17..ec676743bc 100644
---- a/test/openssl/test_pkcs12.rb
-+++ b/test/openssl/test_pkcs12.rb
-@@ -5,6 +5,9 @@
- 
- module OpenSSL
-   class TestPKCS12 < OpenSSL::TestCase
-+    DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES"
-+    DEFAULT_PBE_CERTS = "PBE-SHA1-3DES"
-+
-     def setup
-       super
-       ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
-@@ -14,47 +17,41 @@ def setup
-         ["subjectKeyIdentifier","hash",false],
-         ["authorityKeyIdentifier","keyid:always",false],
-       ]
--      @cacert = issue_cert(ca, Fixtures.pkey("rsa2048"), 1, ca_exts, nil, nil)
-+      ca_key = Fixtures.pkey("rsa-1")
-+      @cacert = issue_cert(ca, ca_key, 1, ca_exts, nil, nil)
- 
-       inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA")
--      inter_ca_key = OpenSSL::PKey.read <<-_EOS_
-------BEGIN RSA PRIVATE KEY-----
--MIICXAIBAAKBgQDp7hIG0SFMG/VWv1dBUWziAPrNmkMXJgTCAoB7jffzRtyyN04K
--oq/89HAszTMStZoMigQURfokzKsjpUp8OYCAEsBtt9d5zPndWMz/gHN73GrXk3LT
--ZsxEn7Xv5Da+Y9F/Hx2QZUHarV5cdZixq2NbzWGwrToogOQMh2pxN3Z/0wIDAQAB
--AoGBAJysUyx3olpsGzv3OMRJeahASbmsSKTXVLZvoIefxOINosBFpCIhZccAG6UV
--5c/xCvS89xBw8aD15uUfziw3AuT8QPEtHCgfSjeT7aWzBfYswEgOW4XPuWr7EeI9
--iNHGD6z+hCN/IQr7FiEBgTp6A+i/hffcSdR83fHWKyb4M7TRAkEA+y4BNd668HmC
--G5MPRx25n6LixuBxrNp1umfjEI6UZgEFVpYOg4agNuimN6NqM253kcTR94QNTUs5
--Kj3EhG1YWwJBAO5rUjiOyCNVX2WUQrOMYK/c1lU7fvrkdygXkvIGkhsPoNRzLPeA
--HGJszKtrKD8bNihWpWNIyqKRHfKVD7yXT+kCQGCAhVCIGTRoypcDghwljHqLnysf
--ci0h5ZdPcIqc7ODfxYhFsJ/Rql5ONgYsT5Ig/+lOQAkjf+TRYM4c2xKx2/8CQBvG
--jv6dy70qDgIUgqzONtlmHeYyFzn9cdBO5sShdVYHvRHjFSMEXsosqK9zvW2UqvuK
--FJx7d3f29gkzynCLJDkCQGQZlEZJC4vWmWJGRKJ24P6MyQn3VsPfErSKOg4lvyM3
--Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es=
-------END RSA PRIVATE KEY-----
--      _EOS_
--      @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, Fixtures.pkey("rsa2048"))
-+      inter_ca_key = Fixtures.pkey("rsa-2")
-+      @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, ca_key)
- 
-       exts = [
-         ["keyUsage","digitalSignature",true],
-         ["subjectKeyIdentifier","hash",false],
-       ]
-       ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate")
--      @mykey = Fixtures.pkey("rsa1024")
-+      @mykey = Fixtures.pkey("rsa-3")
-       @mycert = issue_cert(ee, @mykey, 3, exts, @inter_cacert, inter_ca_key)
-     end
- 
--    def test_create
-+    def test_create_single_key_single_cert
-       pkcs12 = OpenSSL::PKCS12.create(
-         "omg",
-         "hello",
-         @mykey,
--        @mycert
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
--      assert_equal @mycert.to_der, pkcs12.certificate.to_der
-+      assert_equal @mycert, pkcs12.certificate
-       assert_equal @mykey.to_der, pkcs12.key.to_der
-       assert_nil pkcs12.ca_certs
-+
-+      der = pkcs12.to_der
-+      decoded = OpenSSL::PKCS12.new(der, "omg")
-+      assert_equal @mykey.to_der, decoded.key.to_der
-+      assert_equal @mycert, decoded.certificate
-+      assert_equal [], Array(decoded.ca_certs)
-     end
- 
-     def test_create_no_pass
-@@ -62,14 +59,17 @@ def test_create_no_pass
-         nil,
-         "hello",
-         @mykey,
--        @mycert
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
--      assert_equal @mycert.to_der, pkcs12.certificate.to_der
-+      assert_equal @mycert, pkcs12.certificate
-       assert_equal @mykey.to_der, pkcs12.key.to_der
-       assert_nil pkcs12.ca_certs
- 
-       decoded = OpenSSL::PKCS12.new(pkcs12.to_der)
--      assert_cert @mycert, decoded.certificate
-+      assert_equal @mycert, decoded.certificate
-     end
- 
-     def test_create_with_chain
-@@ -80,7 +80,9 @@ def test_create_with_chain
-         "hello",
-         @mykey,
-         @mycert,
--        chain
-+        chain,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
-       assert_equal chain, pkcs12.ca_certs
-     end
-@@ -95,14 +97,16 @@ def test_create_with_chain_decode
-         "hello",
-         @mykey,
-         @mycert,
--        chain
-+        chain,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
- 
-       decoded = OpenSSL::PKCS12.new(pkcs12.to_der, passwd)
-       assert_equal chain.size, decoded.ca_certs.size
--      assert_include_cert @cacert, decoded.ca_certs
--      assert_include_cert @inter_cacert, decoded.ca_certs
--      assert_cert @mycert, decoded.certificate
-+      assert_include decoded.ca_certs, @cacert
-+      assert_include decoded.ca_certs, @inter_cacert
-+      assert_equal @mycert, decoded.certificate
-       assert_equal @mykey.to_der, decoded.key.to_der
-     end
- 
-@@ -126,8 +130,8 @@ def test_create_with_itr
-         @mykey,
-         @mycert,
-         [],
--        nil,
--        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-         2048
-       )
- 
-@@ -138,8 +142,8 @@ def test_create_with_itr
-           @mykey,
-           @mycert,
-           [],
--          nil,
--          nil,
-+          DEFAULT_PBE_PKEYS,
-+          DEFAULT_PBE_CERTS,
-           "omg"
-         )
-       end
-@@ -152,7 +156,8 @@ def test_create_with_mac_itr
-         @mykey,
-         @mycert,
-         [],
--        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-         nil,
-         nil,
-         2048
-@@ -165,148 +170,144 @@ def test_create_with_mac_itr
-           @mykey,
-           @mycert,
-           [],
--          nil,
--          nil,
-+          DEFAULT_PBE_PKEYS,
-+          DEFAULT_PBE_CERTS,
-           nil,
-           "omg"
-         )
-       end
-     end
- 
--    def test_new_with_one_key_and_one_cert
--      # generated with:
--      #   openssl version #=> OpenSSL 1.0.2h  3 May 2016
--      #   openssl pkcs12 -in <@mycert> -inkey <RSA1024> -export -out <out>
--      str = <<~EOF.unpack("m").first
--MIIGQQIBAzCCBgcGCSqGSIb3DQEHAaCCBfgEggX0MIIF8DCCAu8GCSqGSIb3DQEH
--BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIeZPM
--Rh6KiXgCAggAgIICqL6O+LCZmBzdIg6mozPF3FpY0hVbWHvTNMiDHieW3CrAanhN
--YCH2/wHqH8WpFpEWwF0qEEXAWjHsIlYB4Cfqo6b7XpuZe5eVESsjNTOTMF1JCUJj
--A6iNefXmCFLync1JK5LUodRDhTlKLU1WPK20X9X4vuEwHn8wt5RUb8P0E+Xh6rpS
--XC4LkZKT45zF3cJa/n5+dW65ohVGNVnF9D1bCNEKHMOllK1V9omutQ9slW88hpga
--LGiFsJoFOb/ESGb78KO+bd6zbX1MdKdBV+WD6t1uF/cgU65y+2A4nXs1urda+MJ7
--7iVqiB7Vnc9cANTbAkTSGNyoUDVM/NZde782/8IvddLAzUZ2EftoRDke6PvuBOVL
--ljBhNWmdamrtBqzuzVZCRdWq44KZkF2Xoc9asepwIkdVmntzQF7f1Z+Ta5yg6HFp
--xnr7CuM+MlHEShXkMgYtHnwAq10fDMSXIvjhi/AA5XUAusDO3D+hbtcRDcJ4uUes
--dm5dhQE2qJ02Ysn4aH3o1F3RYNOzrxejHJwl0D2TCE8Ww2X342xib57+z9u03ufj
--jswhiMKxy67f1LhUMq3XrT3uV6kCVXk/KUOUPcXPlPVNA5JmZeFhMp6GrtB5xJJ9
--wwBZD8UL5A2U2Mxi2OZsdUBv8eo3jnjZ284aFpt+mCjIHrLW5O0jwY8OCwSlYUoY
--IY00wlabX0s82kBcIQNZbC1RSV2267ro/7A0MClc8YQ/zWN0FKY6apgtUkHJI1cL
--1dc77mhnjETjwW94iLMDFy4zQfVu7IfCBqOBzygRNnqqUG66UhTs1xFnWM0mWXl/
--Zh9+AMpbRLIPaKCktIjl5juzzm+KEgkhD+707XRCFIGUYGP5bSHzGaz8PK9hj0u1
--E2SpZHUvYOcawmxtA7pmpSxl5uQjMIIC+QYJKoZIhvcNAQcBoIIC6gSCAuYwggLi
--MIIC3gYLKoZIhvcNAQwKAQKgggKmMIICojAcBgoqhkiG9w0BDAEDMA4ECKB338m8
--qSzHAgIIAASCAoACFhJeqA3xx+s1qIH6udNQYY5hAL6oz7SXoGwFhDiceSyJjmAD
--Dby9XWM0bPl1Gj5nqdsuI/lAM++fJeoETk+rxw8q6Ofk2zUaRRE39qgpwBwSk44o
--0SAFJ6bzHpc5CFh6sZmDaUX5Lm9GtjnGFmmsPTSJT5an5JuJ9WczGBEd0nSBQhJq
--xHbTGZiN8i3SXcIH531Sub+CBIFWy5lyCKgDYh/kgJFGQAaWUOjLI+7dCEESonXn
--F3Jh2uPbnDF9MGJyAFoNgWFhgSpi1cf6AUi87GY4Oyur88ddJ1o0D0Kz2uw8/bpG
--s3O4PYnIW5naZ8mozzbnYByEFk7PoTwM7VhoFBfYNtBoAI8+hBnPY/Y71YUojEXf
--SeX6QbtkIANfzS1XuFNKElShC3DPQIHpKzaatEsfxHfP+8VOav6zcn4mioao7NHA
--x7Dp6R1enFGoQOq4UNjBT8YjnkG5vW8zQHW2dAHLTJBq6x2Fzm/4Pjo/8vM1FiGl
--BQdW5vfDeJ/l6NgQm3xR9ka2E2HaDqIcj1zWbN8jy/bHPFJYuF/HH8MBV/ngMIXE
--vFEW/ToYv8eif0+EpUtzBsCKD4a7qYYYh87RmEVoQU96q6m+UbhpD2WztYfAPkfo
--OSL9j2QHhVczhL7OAgqNeM95pOsjA9YMe7exTeqK31LYnTX8oH8WJD1xGbRSJYgu
--SY6PQbumcJkc/TFPn0GeVUpiDdf83SeG50lo/i7UKQi2l1hi5Y51fQhnBnyMr68D
--llSZEvSWqfDxBJkBpeg6PIYvkTpEwKRJpVQoM3uYvdqVSSnW6rydqIb+snfOrlhd
--f+xCtq9xr+kHeTSqLIDRRAnMfgFRhY3IBlj6MSUwIwYJKoZIhvcNAQkVMRYEFBdb
--8XGWehZ6oPj56Pf/uId46M9AMDEwITAJBgUrDgMCGgUABBRvSCB04/f8f13pp2PF
--vyl2WuMdEwQIMWFFphPkIUICAggA
--      EOF
--      p12 = OpenSSL::PKCS12.new(str, "abc123")
--
--      assert_equal @mykey.to_der, p12.key.to_der
--      assert_equal @mycert.subject.to_der, p12.certificate.subject.to_der
--      assert_equal [], Array(p12.ca_certs)
--    end
--
-     def test_new_with_no_keys
-       # generated with:
--      #   openssl pkcs12 -in <@mycert> -nokeys -export -out <out>
-+      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export
-       str = <<~EOF.unpack("m").first
--MIIDHAIBAzCCAuIGCSqGSIb3DQEHAaCCAtMEggLPMIICyzCCAscGCSqGSIb3DQEH
--BqCCArgwggK0AgEAMIICrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIX4+W
--irqwH40CAggAgIICgOaCyo+5+6IOVoGCCL80c50bkkzAwqdXxvkKExJSdcJz2uMU
--0gRrKnZEjL5wrUsN8RwZu8DvgQTEhNEkKsUgM7AWainmN/EnwohIdHZAHpm6WD67
--I9kLGp0/DHrqZrV9P2dLfhXLUSQE8PI0tqZPZ8UEABhizkViw4eISTkrOUN7pGbN
--Qtx/oqgitXDuX2polbxYYDwt9vfHZhykHoKgew26SeJyZfeMs/WZ6olEI4cQUAFr
--mvYGuC1AxEGTo9ERmU8Pm16j9Hr9PFk50WYe+rnk9oX3wJogQ7XUWS5kYf7XRycd
--NDkNiwV/ts94bbuaGZp1YA6I48FXpIc8b5fX7t9tY0umGaWy0bARe1L7o0Y89EPe
--lMg25rOM7j3uPtFG8whbSfdETSy57UxzzTcJ6UwexeaK6wb2jqEmj5AOoPLWeaX0
--LyOAszR3v7OPAcjIDYZGdrbb3MZ2f2vo2pdQfu9698BrWhXuM7Odh73RLhJVreNI
--aezNOAtPyBlvGiBQBGTzRIYHSLL5Y5aVj2vWLAa7hjm5qTL5C5mFdDIo6TkEMr6I
--OsexNQofEGs19kr8nARXDlcbEimk2VsPj4efQC2CEXZNzURsKca82pa62MJ8WosB
--DTFd8X06zZZ4nED50vLopZvyW4fyW60lELwOyThAdG8UchoAaz2baqP0K4de44yM
--Y5/yPFDu4+GoimipJfbiYviRwbzkBxYW8+958ILh0RtagLbvIGxbpaym9PqGjOzx
--ShNXjLK2aAFZsEizQ8kd09quJHU/ogq2cUXdqqhmOqPnUWrJVi/VCoRB3Pv1/lE4
--mrUgr2YZ11rYvBw6g5XvNvFcSc53OKyV7SLn0dwwMTAhMAkGBSsOAwIaBQAEFEWP
--1WRQykaoD4uJCpTx/wv0SLLBBAiDKI26LJK7xgICCAA=
-+MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3
-+DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw
-+DgQIjv5c3OHvnBgCAggAgIIFiMJa8Z/w7errRvCQPXh9dGQz3eJaFq3S2gXD
-+rh6oiwsgIRJZvYAWgU6ll9NV7N5SgvS2DDNVuc3tsP8TPWjp+bIxzS9qmGUV
-+kYWuURWLMKhpF12ZRDab8jcIwBgKoSGiDJk8xHjx6L613/XcRM6ln3VeQK+C
-+hlW5kXniNAUAgTft25Fn61Xa8xnhmsz/fk1ycGnyGjKCnr7Mgy7KV0C1vs23
-+18n8+b1ktDWLZPYgpmXuMFVh0o+HJTV3O86mkIhJonMcnOMgKZ+i8KeXaocN
-+JQlAPBG4+HOip7FbQT/h6reXv8/J+hgjLfqAb5aV3m03rUX9mXx66nR1tQU0
-+Jq+XPfDh5+V4akIczLlMyyo/xZjI1/qupcMjr+giOGnGd8BA3cuXW+ueLQiA
-+PpTp+DQLVHRfz9XTZbyqOReNEtEXvO9gOlKSEY5lp65ItXVEs2Oqyf9PfU9y
-+DUltN6fCMilwPyyrsIBKXCu2ZLM5h65KVCXAYEX9lNqj9zrQ7vTqvCNN8RhS
-+ScYouTX2Eqa4Z+gTZWLHa8RCQFoyP6hd+97/Tg2Gv2UTH0myQxIVcnpdi1wy
-+cqb+er7tyKbcO96uSlUjpj/JvjlodtjJcX+oinEqGb/caj4UepbBwiG3vv70
-+63bS3jTsOLNjDRsR9if3LxIhLa6DW8zOJiGC+EvMD1o4dzHcGVpQ/pZWCHZC
-++YiNJpQOBApiZluE+UZ0m3XrtHFQYk7xblTrh+FJF91wBsok0rZXLAKd8m4p
-+OJsc7quCq3cuHRRTzJQ4nSe01uqbwGDAYwLvi6VWy3svU5qa05eDRmgzEFTG
-+e84Gp/1LQCtpQFr4txkjFchO2whWS80KoQKqmLPyGm1D9Lv53Q4ZsKMgNihs
-+rEepuaOZMKHl4yMAYFoOXZCAYzfbhN6b2phcFAHjMUHUw9e3F0QuDk9D0tsr
-+riYTrkocqlOKfK4QTomx27O0ON2J6f1rtEojGgfl9RNykN7iKGzjS3914QjW
-+W6gGiZejxHsDPEAa4gUp0WiSUSXtD5WJgoyAzLydR2dKWsQ4WlaUXi01CuGy
-++xvncSn2nO3bbot8VD5H6XU1CjREVtnIfbeRYO/uofyLUP3olK5RqN6ne6Xo
-+eXnJ/bjYphA8NGuuuvuW1SCITmINkZDLC9cGlER9+K65RR/DR3TigkexXMeN
-+aJ70ivZYAl0OuhZt3TGIlAzS64TIoyORe3z7Ta1Pp9PZQarYJpF9BBIZIFor
-+757PHHuQKRuugiRkp8B7v4eq1BQ+VeAxCKpyZ7XrgEtbY/AWDiaKcGPKPjc3
-+AqQraVeQm7kMBT163wFmZArCphzkDOI3bz2oEO8YArMgLq2Vto9jAZlqKyWr
-+pi2bSJxuoP1aoD58CHcWMrf8/j1LVdQhKgHQXSik2ID0H2Wc/XnglhzlVFuJ
-+JsNIW/EGJlZh/5WDez9U0bXqnBlu3uasPEOezdoKlcCmQlmTO5+uLHYLEtNA
-+EH9MtnGZebi9XS5meTuS6z5LILt8O9IHZxmT3JRPHYj287FEzotlLdcJ4Ee5
-+enW41UHjLrfv4OaITO1hVuoLRGdzjESx/fHMWmxroZ1nVClxECOdT42zvIYJ
-+J3xBZ0gppzQ5fjoYiKjJpxTflRxUuxshk3ih6VUoKtqj/W18tBQ3g5SOlkgT
-+yCW8r74yZlfYmNrPyDMUQYpLUPWj2n71GF0KyPfTU5yOatRgvheh262w5BG3
-+omFY7mb3tCv8/U2jdMIoukRKacpZiagofz3SxojOJq52cHnCri+gTHBMX0cO
-+j58ygfntHWRzst0pV7Ze2X3fdCAJ4DokH6bNJNthcgmolFJ/y3V1tJjgsdtQ
-+7Pjn/vE6xUV0HXE2x4yoVYNirbAMIvkN/X+atxrN0dA4AchN+zGp8TAxMCEw
-+CQYFKw4DAhoFAAQUQ+6XXkyhf6uYgtbibILN2IjKnOAECLiqoY45MPCrAgII
-+AA==
-       EOF
-       p12 = OpenSSL::PKCS12.new(str, "abc123")
- 
-       assert_equal nil, p12.key
-       assert_equal nil, p12.certificate
-       assert_equal 1, p12.ca_certs.size
--      assert_equal @mycert.subject.to_der, p12.ca_certs[0].subject.to_der
-+      assert_equal @mycert.subject, p12.ca_certs[0].subject
-     end
- 
-     def test_new_with_no_certs
-       # generated with:
--      #   openssl pkcs12 -inkey <RSA1024> -nocerts -export -out <out>
-+      #   openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export
-       str = <<~EOF.unpack("m").first
--MIIDJwIBAzCCAu0GCSqGSIb3DQEHAaCCAt4EggLaMIIC1jCCAtIGCSqGSIb3DQEH
--AaCCAsMEggK/MIICuzCCArcGCyqGSIb3DQEMCgECoIICpjCCAqIwHAYKKoZIhvcN
--AQwBAzAOBAg6AaYnJs84SwICCAAEggKAQzZH+fWSpcQYD1J7PsGSune85A++fLCQ
--V7tacp2iv95GJkxwYmfTP176pJdgs00mceB9UJ/u9EX5nD0djdjjQjwo6sgKjY0q
--cpVhZw8CMxw7kBD2dhtui0zT8z5hy03LePxsjEKsGiSbeVeeGbSfw/I6AAYbv+Uh
--O/YPBGumeHj/D2WKnfsHJLQ9GAV3H6dv5VKYNxjciK7f/JEyZCuUQGIN64QFHDhJ
--7fzLqd/ul3FZzJZO6a+dwvcgux09SKVXDRSeFmRCEX4b486iWhJJVspCo9P2KNne
--ORrpybr3ZSwxyoICmjyo8gj0OSnEfdx9790Ej1takPqSA1wIdSdBLekbZqB0RBQg
--DEuPOsXNo3QFi8ji1vu0WBRJZZSNC2hr5NL6lNR+DKxG8yzDll2j4W4BBIp22mAE
--7QRX7kVxu17QJXQhOUac4Dd1qXmzebP8t6xkAxD9L7BWEN5OdiXWwSWGjVjMBneX
--nYObi/3UT/aVc5WHMHK2BhCI1bwH51E6yZh06d5m0TQpYGUTWDJdWGBSrp3A+8jN
--N2PMQkWBFrXP3smHoTEN4oZC4FWiPsIEyAkQsfKRhcV9lGKl2Xgq54ROTFLnwKoj
--Z3zJScnq9qmNzvVZSMmDLkjLyDq0pxRxGKBvgouKkWY7VFFIwwBIJM39iDJ5NbBY
--i1AQFTRsRSsZrNVPasCXrIq7bhMoJZb/YZOGBLNyJVqKUoYXhtwsajzSq54VlWft
--JxsPayEd4Vi6O9EU1ahnj6qFEZiKFzsicgK2J1Rb8cYagrp0XWjHW0SBn5GVUWCg
--GUokSFG/0JTdeYTo/sQuG4qNgJkOolRjpeI48Fciq5VUWLvVdKioXzAxMCEwCQYF
--Kw4DAhoFAAQUYAuwVtGD1TdgbFK4Yal2XBgwUR4ECEawsN3rNaa6AgIIAA==
-+MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3
-+DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK
-+KoZIhvcNAQwBAzAOBAjX5nN8jyRKwQICCAAEgglIBIRLHfiY1mNHpl3FdX6+
-+72L+ZOVXnlZ1MY9HSeg0RMkCJcm0mJ2UD7INUOGXvwpK9fr6WJUZM1IqTihQ
-+1dM0crRC2m23aP7KtAlXh2DYD3otseDtwoN/NE19RsiJzeIiy5TSW1d47weU
-++D4Ig/9FYVFPTDgMzdCxXujhvO/MTbZIjqtcS+IOyF+91KkXrHkfkGjZC7KS
-+WRmYw9BBuIPQEewdTI35sAJcxT8rK7JIiL/9mewbSE+Z28Wq1WXwmjL3oZm9
-+lw6+f515b197GYEGomr6LQqJJamSYpwQbTGHonku6Tf3ylB4NLFqOnRCKE4K
-+zRSSYIqJBlKHmQ4pDm5awoupHYxMZLZKZvXNYyYN3kV8r1iiNVlY7KBR4CsX
-+rqUkXehRmcPnuqEMW8aOpuYe/HWf8PYI93oiDZjcEZMwW2IZFFrgBbqUeNCM
-+CQTkjAYxi5FyoaoTnHrj/aRtdLOg1xIJe4KKcmOXAVMmVM9QEPNfUwiXJrE7
-+n42gl4NyzcZpxqwWBT++9TnQGZ/lEpwR6dzkZwICNQLdQ+elsdT7mumywP+1
-+WaFqg9kpurimaiBu515vJNp9Iqv1Nmke6R8Lk6WVRKPg4Akw0fkuy6HS+LyN
-+ofdCfVUkPGN6zkjAxGZP9ZBwvXUbLRC5W3N5qZuAy5WcsS75z+oVeX9ePV63
-+cue23sClu8JSJcw3HFgPaAE4sfkQ4MoihPY5kezgT7F7Lw/j86S0ebrDNp4N
-+Y685ec81NRHJ80CAM55f3kGCOEhoifD4VZrvr1TdHZY9Gm3b1RYaJCit2huF
-+nlOfzeimdcv/tkjb6UsbpXx3JKkF2NFFip0yEBERRCdWRYMUpBRcl3ad6XHy
-+w0pVTgIjTxGlbbtOCi3siqMOK0GNt6UgjoEFc1xqjsgLwU0Ta2quRu7RFPGM
-+GoEwoC6VH23p9Hr4uTFOL0uHfkKWKunNN+7YPi6LT6IKmTQwrp+fTO61N6Xh
-+KlqTpwESKsIJB2iMnc8wBkjXJtmG/e2n5oTqfhICIrxYmEb7zKDyK3eqeTj3
-+FhQh2t7cUIiqcT52AckUqniPmlE6hf82yBjhaQUPfi/ExTBtTDSmFfRPUzq+
-+Rlla4OHllPRzUXJExyansgCxZbPqlw46AtygSWRGcWoYAKUKwwoYjerqIV5g
-+JoZICV9BOU9TXco1dHXZQTs/nnTwoRmYiL/Ly5XpvUAnQOhYeCPjBeFnPSBR
-+R/hRNqrDH2MOV57v5KQIH2+mvy26tRG+tVGHmLMaOJeQkjLdxx+az8RfXIrH
-+7hpAsoBb+g9jUDY1mUVavPk1T45GMpQH8u3kkzRvChfOst6533GyIZhE7FhN
-+KanC6ACabVFDUs6P9pK9RPQMp1qJfpA0XJFx5TCbVbPkvnkZd8K5Tl/tzNM1
-+n32eRao4MKr9KDwoDL93S1yJgYTlYjy1XW/ewdedtX+B4koAoz/wSXDYO+GQ
-+Zu6ZSpKSEHTRPhchsJ4oICvpriVaJkn0/Z7H3YjNMB9U5RR9+GiIg1wY1Oa1
-+S3WfuwrrI6eqfbQwj6PDNu3IKy6srEgvJwaofQALNBPSYWbauM2brc8qsD+t
-+n8jC/aD1aMcy00+9t3H/RVCjEOb3yKfUpAldIkEA2NTTnZpoDQDXeNYU2F/W
-+yhmFjJy8A0O4QOk2xnZK9kcxSRs0v8vI8HivvgWENoVPscsDC4742SSIe6SL
-+f/T08reIX11f0K70rMtLhtFMQdHdYOTNl6JzhkHPLr/f9MEZsBEQx52depnF
-+ARb3gXGbCt7BAi0OeCEBSbLr2yWuW4r55N0wRZSOBtgqgjsiHP7CDQSkbL6p
-+FPlQS1do9gBSHiNYvsmN1LN5bG+mhcVb0UjZub4mL0EqGadjDfDdRJmWqlX0
-+r5dyMcOWQVy4O2cPqYFlcP9lk8buc5otcyVI2isrAFdlvBK29oK6jc52Aq5Q
-+0b2ESDlgX8WRgiOPPxK8dySKEeuIwngCtJyNTecP9Ug06TDsu0znZGCXJ+3P
-+8JOpykgA8EQdOZOYHbo76ZfB2SkklI5KeRA5IBjGs9G3TZ4PHLy2DIwsbWzS
-+H1g01o1x264nx1cJ+eEgUN/KIiGFIib42RS8Af4D5e+Vj54Rt3axq+ag3kI+
-+53p8uotyu+SpvvXUP7Kv4xpQ/L6k41VM0rfrd9+DrlDVvSfxP2uh6I1TKF7A
-+CT5n8zguMbng4PGjxvyPBM5k62t6hN5fuw6Af0aZFexh+IjB/5wFQ6onSz23
-+fBzMW4St7RgSs8fDg3lrM+5rwXiey1jxY1ddaxOoUsWRMvvdd7rZxRZQoN5v
-+AcI5iMkK/vvpQgC/sfzhtXtrJ2XOPZ+GVgi7VcuDLKSkdFMcPbGzO8SdxUnS
-+SLV5XTKqKND+Lrfx7DAoKi5wbDFHu5496/MHK5qP4tBe6sJ5bZc+KDJIH46e
-+wTV1oWtB5tV4q46hOb5WRcn/Wjz3HSKaGZgx5QbK1MfKTzD5CTUn+ArMockX
-+2wJhPnFK85U4rgv8iBuh9bRjyw+YaKf7Z3loXRiE1eRG6RzuPF0ZecFiDumk
-+AC/VUXynJhzePBLqzrQj0exanACdullN+pSfHiRWBxR2VFUkjoFP5X45GK3z
-+OstSH6FOkMVU4afqEmjsIwozDFIyin5EyWTtdhJe3szdJSGY23Tut+9hUatx
-+9FDFLESOd8z3tyQSNiLk/Hib+e/lbjxqbXBG/p/oyvP3N999PLUPtpKqtYkV
-+H0+18sNh9CVfojiJl44fzxe8yCnuefBjut2PxEN0EFRBPv9P2wWlmOxkPKUq
-+NrCJP0rDj5aONLrNZPrR8bZNdIShkZ/rKkoTuA0WMZ+xUlDRxAupdMkWAlrz
-+8IcwNcdDjPnkGObpN5Ctm3vK7UGSBmPeNqkXOYf3QTJ9gStJEd0F6+DzTN5C
-+KGt1IyuGwZqL2Yk51FDIIkr9ykEnBMaA39LS7GFHEDNGlW+fKC7AzA0zfoOr
-+fXZlHMBuqHtXqk3zrsHRqGGoocigg4ctrhD1UREYKj+eIj1TBiRdf7c6+COf
-+NIOmej8pX3FmZ4ui+dDA8r2ctgsWHrb4A6iiH+v1DRA61GtoaA/tNRggewXW
-+VXCZCGWyyTuyHGOqq5ozrv5MlzZLWD/KV/uDsAWmy20RAed1C4AzcXlpX25O
-+M4SNl47g5VRNJRtMqokc8j6TjZrzMDEwITAJBgUrDgMCGgUABBRrkIRuS5qg
-+BC8fv38mue8LZVcbHQQIUNrWKEnskCoCAggA
-       EOF
-       p12 = OpenSSL::PKCS12.new(str, "abc123")
- 
--      assert_equal @mykey.to_der, p12.key.to_der
-+      assert_equal Fixtures.pkey("rsa-1").to_der, p12.key.to_der
-       assert_equal nil, p12.certificate
-       assert_equal [], Array(p12.ca_certs)
-     end
- 
-     def test_dup
--      p12 = OpenSSL::PKCS12.create("pass", "name", @mykey, @mycert)
-+      p12 = OpenSSL::PKCS12.create(
-+        "pass",
-+        "name",
-+        @mykey,
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-+      )
-       assert_equal p12.to_der, p12.dup.to_der
-     end
--
--    private
--    def assert_cert expected, actual
--      [
--        :subject,
--        :issuer,
--        :serial,
--        :not_before,
--        :not_after,
--      ].each do |attribute|
--        assert_equal expected.send(attribute), actual.send(attribute)
--      end
--      assert_equal expected.to_der, actual.to_der
--    end
--
--    def assert_include_cert cert, ary
--      der = cert.to_der
--      ary.each do |candidate|
--        if candidate.to_der == der
--          return true
--        end
--      end
--      false
--    end
-   end
- end
- 
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_pkey-use-EC-keys-for-PKey.generate.patch

@@ -1,67 +0,0 @@
-From 10d2216b2f35a31777a099d9f765b0b6ea34a63e Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 18 May 2020 02:35:35 +0900
-Subject: [PATCH] test/openssl/test_pkey: use EC keys for
- PKey.generate_parameters tests
-
-OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits,
-but generating 2048 bits parameters takes very long time. Let's use EC
-in these test cases instead.
----
- test/openssl/test_pkey.rb | 27 +++++++++++----------------
- 1 file changed, 11 insertions(+), 16 deletions(-)
-
-diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
-index 3630458b3c..88a6e04581 100644
---- a/test/openssl/test_pkey.rb
-+++ b/test/openssl/test_pkey.rb
-@@ -27,20 +27,16 @@ def test_generic_oid_inspect
-   end
- 
-   def test_s_generate_parameters
--    # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified
--    # with OpenSSL 1.1.0.
--    pkey = OpenSSL::PKey.generate_parameters("DSA", {
--      "dsa_paramgen_bits" => 512,
--      "dsa_paramgen_q_bits" => 256,
-+    pkey = OpenSSL::PKey.generate_parameters("EC", {
-+      "ec_paramgen_curve" => "secp384r1",
-     })
--    assert_instance_of OpenSSL::PKey::DSA, pkey
--    assert_equal 512, pkey.p.num_bits
--    assert_equal 256, pkey.q.num_bits
--    assert_equal nil, pkey.priv_key
-+    assert_instance_of OpenSSL::PKey::EC, pkey
-+    assert_equal "secp384r1", pkey.group.curve_name
-+    assert_equal nil, pkey.private_key
- 
-     # Invalid options are checked
-     assert_raise(OpenSSL::PKey::PKeyError) {
--      OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option")
-+      OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
-     }
- 
-     # Parameter generation callback is called
-@@ -59,14 +55,13 @@ def test_s_generate_key
-       # DSA key pair cannot be generated without parameters
-       OpenSSL::PKey.generate_key("DSA")
-     }
--    pkey_params = OpenSSL::PKey.generate_parameters("DSA", {
--      "dsa_paramgen_bits" => 512,
--      "dsa_paramgen_q_bits" => 256,
-+    pkey_params = OpenSSL::PKey.generate_parameters("EC", {
-+      "ec_paramgen_curve" => "secp384r1",
-     })
-     pkey = OpenSSL::PKey.generate_key(pkey_params)
--    assert_instance_of OpenSSL::PKey::DSA, pkey
--    assert_equal 512, pkey.p.num_bits
--    assert_not_equal nil, pkey.priv_key
-+    assert_instance_of OpenSSL::PKey::EC, pkey
-+    assert_equal "secp384r1", pkey.group.curve_name
-+    assert_not_equal nil, pkey.private_key
-   end
- 
-   def test_hmac_sign_verify
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_ssl-relax-regex-to-match-OpenSSL-s.patch

@@ -1,31 +0,0 @@
-From 05fd14aea7eff2a6911a6f529f1237276482c6e7 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 10 Jul 2020 13:56:38 +0900
-Subject: [PATCH] test/openssl/test_ssl: relax regex to match OpenSSL's error
- message
-
-OpenSSL 3.0 slightly changed the error message for a certificate
-verification failure when an untrusted self-signed certificate is found
-in the chain.
----
- test/openssl/test_ssl.rb | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
-index 6095d545b5..9e9b8b9b69 100644
---- a/test/openssl/test_ssl.rb
-+++ b/test/openssl/test_ssl.rb
-@@ -964,7 +964,9 @@ def test_connect_certificate_verify_failed_exception_message
-     start_server(ignore_listener_error: true) { |port|
-       ctx = OpenSSL::SSL::SSLContext.new
-       ctx.set_params
--      assert_raise_with_message(OpenSSL::SSL::SSLError, /self signed/) {
-+      # OpenSSL <= 1.1.0: "self signed certificate in certificate chain"
-+      # OpenSSL >= 3.0.0: "self-signed certificate in certificate chain"
-+      assert_raise_with_message(OpenSSL::SSL::SSLError, /self.signed/) {
-         server_connect(port, ctx)
-       }
-     }
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-utils-remove-dup_public-helper-method.patch

@@ -1,265 +0,0 @@
-From 2c6797bc97d7c92284dc3c0ed27f97ace4e5cfb9 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 31 May 2021 11:44:05 +0900
-Subject: [PATCH] test/openssl/utils: remove dup_public helper method
-
-It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
-work with OpenSSL 3.0. The same can easily be achieved using
-PKey#public_to_der regardless of the key kind.
----
- test/openssl/test_pkey_dh.rb  |  8 +++++---
- test/openssl/test_pkey_dsa.rb | 15 +++++++++++----
- test/openssl/test_pkey_ec.rb  | 15 +++++++++++----
- test/openssl/test_pkey_rsa.rb | 31 +++++++++++++++++--------------
- test/openssl/utils.rb         | 26 --------------------------
- 5 files changed, 44 insertions(+), 51 deletions(-)
-
-diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
-index f80af8f841..757704caf6 100644
---- a/test/openssl/test_pkey_dh.rb
-+++ b/test/openssl/test_pkey_dh.rb
-@@ -40,12 +40,14 @@ def test_derive_key
- 
-   def test_DHparams
-     dh1024 = Fixtures.pkey("dh1024")
-+    dh1024params = dh1024.public_key
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Integer(dh1024.p),
-       OpenSSL::ASN1::Integer(dh1024.g)
-     ])
-     key = OpenSSL::PKey::DH.new(asn1.to_der)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
- 
-     pem = <<~EOF
-     -----BEGIN DH PARAMETERS-----
-@@ -55,9 +57,9 @@ def test_DHparams
-     -----END DH PARAMETERS-----
-     EOF
-     key = OpenSSL::PKey::DH.new(pem)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
-     key = OpenSSL::PKey.read(pem)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
- 
-     assert_equal asn1.to_der, dh1024.to_der
-     assert_equal pem, dh1024.export
-diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
-index 147e50176b..0994607f21 100644
---- a/test/openssl/test_pkey_dsa.rb
-+++ b/test/openssl/test_pkey_dsa.rb
-@@ -138,6 +138,8 @@ def test_DSAPrivateKey_encrypted
- 
-   def test_PUBKEY
-     dsa512 = Fixtures.pkey("dsa512")
-+    dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("DSA"),
-@@ -153,7 +155,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::DSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_dsa dup_public(dsa512), key
-+    assert_same_dsa dsa512pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -166,10 +168,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::DSA.new(pem)
--    assert_same_dsa dup_public(dsa512), key
-+    assert_same_dsa dsa512pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(dsa512).to_der
--    assert_equal pem, dup_public(dsa512).export
-+    assert_equal asn1.to_der, dsa512.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, dsa512.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_read_DSAPublicKey_pem
-diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
-index 4b6df0290f..d62f1b5eb8 100644
---- a/test/openssl/test_pkey_ec.rb
-+++ b/test/openssl/test_pkey_ec.rb
-@@ -210,6 +210,8 @@ def test_ECPrivateKey_encrypted
- 
-   def test_PUBKEY
-     p256 = Fixtures.pkey("p256")
-+    p256pub = OpenSSL::PKey::EC.new(p256.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
-@@ -221,7 +223,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::EC.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_ec dup_public(p256), key
-+    assert_same_ec p256pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -230,10 +232,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::EC.new(pem)
--    assert_same_ec dup_public(p256), key
-+    assert_same_ec p256pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(p256).to_der
--    assert_equal pem, dup_public(p256).export
-+    assert_equal asn1.to_der, p256.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, p256.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_ec_group
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index 5e127f5407..4548bdb2cf 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -201,7 +201,7 @@ def test_sign_verify_pss
- 
-   def test_encrypt_decrypt
-     rsapriv = Fixtures.pkey("rsa-1")
--    rsapub = dup_public(rsapriv)
-+    rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
- 
-     # Defaults to PKCS #1 v1.5
-     raw = "data"
-@@ -216,7 +216,7 @@ def test_encrypt_decrypt
- 
-   def test_encrypt_decrypt_legacy
-     rsapriv = Fixtures.pkey("rsa-1")
--    rsapub = dup_public(rsapriv)
-+    rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
- 
-     # Defaults to PKCS #1 v1.5
-     raw = "data"
-@@ -346,13 +346,15 @@ def test_RSAPrivateKey_encrypted
- 
-   def test_RSAPublicKey
-     rsa1024 = Fixtures.pkey("rsa1024")
-+    rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Integer(rsa1024.n),
-       OpenSSL::ASN1::Integer(rsa1024.e)
-     ])
-     key = OpenSSL::PKey::RSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
- 
-     pem = <<~EOF
-     -----BEGIN RSA PUBLIC KEY-----
-@@ -362,11 +364,13 @@ def test_RSAPublicKey
-     -----END RSA PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::RSA.new(pem)
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
-   end
- 
-   def test_PUBKEY
-     rsa1024 = Fixtures.pkey("rsa1024")
-+    rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("rsaEncryption"),
-@@ -381,7 +385,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::RSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -392,10 +396,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::RSA.new(pem)
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(rsa1024).to_der
--    assert_equal pem, dup_public(rsa1024).export
-+    assert_equal asn1.to_der, rsa1024.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, rsa1024.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_pem_passwd
-@@ -482,12 +491,6 @@ def test_private_encoding_encrypted
-     assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef")
-   end
- 
--  def test_public_encoding
--    rsa1024 = Fixtures.pkey("rsa1024")
--    assert_equal dup_public(rsa1024).to_der, rsa1024.public_to_der
--    assert_equal dup_public(rsa1024).to_pem, rsa1024.public_to_pem
--  end
--
-   def test_dup
-     key = Fixtures.pkey("rsa1024")
-     key2 = key.dup
-diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
-index c1d737b2ab..f664bd3074 100644
---- a/test/openssl/utils.rb
-+++ b/test/openssl/utils.rb
-@@ -313,32 +313,6 @@ def check_component(base, test, keys)
-       assert_equal base.send(comp), test.send(comp)
-     }
-   end
--
--  def dup_public(key)
--    case key
--    when OpenSSL::PKey::RSA
--      rsa = OpenSSL::PKey::RSA.new
--      rsa.set_key(key.n, key.e, nil)
--      rsa
--    when OpenSSL::PKey::DSA
--      dsa = OpenSSL::PKey::DSA.new
--      dsa.set_pqg(key.p, key.q, key.g)
--      dsa.set_key(key.pub_key, nil)
--      dsa
--    when OpenSSL::PKey::DH
--      dh = OpenSSL::PKey::DH.new
--      dh.set_pqg(key.p, nil, key.g)
--      dh
--    else
--      if defined?(OpenSSL::PKey::EC) && OpenSSL::PKey::EC === key
--        ec = OpenSSL::PKey::EC.new(key.group)
--        ec.public_key = key.public_key
--        ec
--      else
--        raise "unknown key type"
--      end
--    end
--  end
- end
- 
- module OpenSSL::Certs
--- 
-2.32.0
-

ruby-3.3.0-Disable-syntax-suggest-test-case.patch

@@ -0,0 +1,23 @@
+From 9b7cb6a40d73bb86ee0de34360068e90e80f4e7e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
+Date: Thu, 7 Sep 2023 13:13:02 +0200
+Subject: [PATCH] Disable syntax-suggest test case.
+
+This requires internet connection.
+---
+ common.mk | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/common.mk b/common.mk
+index dae7d9dc00..111e859d1b 100644
+--- a/common.mk
++++ b/common.mk
+@@ -1619,8 +1619,6 @@ no-test-bundled-gems-spec:
+ 
+ test-syntax-suggest:
+ 
+-check: $(DOT_WAIT) $(PREPARE_SYNTAX_SUGGEST) test-syntax-suggest
+-
+ test-bundler-precheck: $(TEST_RUNNABLE)-test-bundler-precheck
+ no-test-bundler-precheck:
+ yes-test-bundler-precheck: main $(arch)-fake.rb

ruby-4.0.1-Support-customizable-rustc_flags-for-rustc-builds.patch

@@ -0,0 +1,117 @@
+From 1cfb11bc8d01e4fc1ff47807721e29b250f0f19f Mon Sep 17 00:00:00 2001
+From: Jarek Prokop <jprokop@redhat.com>
+Date: Mon, 22 Dec 2025 10:13:34 +0100
+Subject: [PATCH] Support customizable rustc_flags for rustc builds.
+
+Add `rustc_flags` option for configure that appends to RUSTC_FLAGS
+flags used when compiling with rustc for customizable build flags.
+It appends to existing defaults in RUSTC_FLAGS.
+
+Co-authored-by: Alan Wu <XrXr@users.noreply.github.com>
+---
+ common.mk            | 10 ++--------
+ configure.ac         |  8 ++++++++
+ defs/jit.mk          |  2 ++
+ template/Makefile.in |  1 +
+ 4 files changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/common.mk b/common.mk
+index 08fee9119a..9ac5ae919f 100644
+--- a/common.mk
++++ b/common.mk
+@@ -270,21 +270,15 @@ MAKE_LINK = $(MINIRUBY) -rfileutils -e "include FileUtils::Verbose" \
+ # For release builds
+ YJIT_RUSTC_ARGS = --crate-name=yjit \
+ 	$(JIT_RUST_FLAGS) \
++	$(RUSTC_FLAGS) \
+ 	--edition=2021 \
+-	-g \
+-	-C lto=thin \
+-	-C opt-level=3 \
+-	-C overflow-checks=on \
+ 	'--out-dir=$(CARGO_TARGET_DIR)/release/' \
+ 	'$(top_srcdir)/yjit/src/lib.rs'
+ 
+ ZJIT_RUSTC_ARGS = --crate-name=zjit \
+ 	$(JIT_RUST_FLAGS) \
++	$(RUSTC_FLAGS) \
+ 	--edition=2024 \
+-	-g \
+-	-C lto=thin \
+-	-C opt-level=3 \
+-	-C overflow-checks=on \
+ 	'--out-dir=$(CARGO_TARGET_DIR)/release/' \
+ 	'$(top_srcdir)/zjit/src/lib.rs'
+ 
+diff --git a/configure.ac b/configure.ac
+index 2bbce78fd0..a3aa6dc383 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -69,6 +69,7 @@ dnl 93(bright yellow) is copied from .github/workflows/mingw.yml
+ AC_ARG_VAR([cflags], [additional CFLAGS (ignored when CFLAGS is given)])dnl
+ AC_ARG_VAR([cppflags], [additional CPPFLAGS (ignored when CPPFLAGS is given)])dnl
+ AC_ARG_VAR([cxxflags], [additional CXXFLAGS (ignored when CXXFLAGS is given)])dnl
++AC_ARG_VAR([rustc_flags], [additional RUSTC_FLAGS])dnl
+ 
+ [begin]_group "environment section" && {
+ HAVE_BASERUBY=yes
+@@ -4054,6 +4055,11 @@ AS_CASE(["${ZJIT_SUPPORT}"],
+     AC_DEFINE(USE_ZJIT, 0)
+ ])
+ 
++RUSTC_FLAGS='-g -C lto=thin -C opt-level=3 -C overflow-checks=on'
++AS_IF([test -n "${rustc_flags}"], [
++    RUSTC_FLAGS="${RUSTC_FLAGS} ${rustc_flags}"
++])
++
+ JIT_RUST_FLAGS='--crate-type=staticlib --cfg feature=\"stats_allocator\"'
+ RLIB_DIR=
+ AS_CASE(["$JIT_CARGO_SUPPORT:$YJIT_SUPPORT:$ZJIT_SUPPORT"],
+@@ -4111,6 +4117,7 @@ AS_IF([test -n "$RUST_LIB"], [
+ dnl These variables end up in ::RbConfig::CONFIG
+ AC_SUBST(RUSTC)dnl Rust compiler command
+ AC_SUBST(JIT_RUST_FLAGS)dnl the common rustc flags for JIT crates such as zjit
++AC_SUBST(RUSTC_FLAGS)dnl user-configurable rustc compiler flags
+ AC_SUBST(CARGO)dnl Cargo command for Rust builds
+ AC_SUBST(CARGO_BUILD_ARGS)dnl for selecting Rust build profiles
+ AC_SUBST(YJIT_SUPPORT)dnl what flavor of YJIT the Ruby build includes
+@@ -4855,6 +4862,7 @@ config_summary "strip command"       "$STRIP"
+ config_summary "install doc"         "$DOCTARGETS"
+ config_summary "YJIT support"        "$YJIT_SUPPORT"
+ config_summary "ZJIT support"        "$ZJIT_SUPPORT"
++config_summary "RUSTC_FLAGS"         "$RUSTC_FLAGS"
+ config_summary "man page type"       "$MANTYPE"
+ config_summary "search path"         "$search_path"
+ config_summary "static-linked-ext"   ${EXTSTATIC:+"yes"}
+diff --git a/defs/jit.mk b/defs/jit.mk
+index 42b56c4cd9..27b14e7a07 100644
+--- a/defs/jit.mk
++++ b/defs/jit.mk
+@@ -40,6 +40,7 @@ else ifneq ($(strip $(RLIB_DIR)),) # combo build
+ $(RUST_LIB): $(srcdir)/ruby.rs
+ 	$(ECHO) 'building $(@F)'
+ 	$(gnumake_recursive)$(Q) $(RUSTC) --edition=2024 \
++	    $(RUSTC_FLAGS) \
+ 	    '-L$(@D)' \
+ 	    --extern=yjit \
+ 	    --extern=zjit \
+@@ -58,6 +59,7 @@ $(JIT_RLIB):
+ 	$(gnumake_recursive)$(Q) $(RUSTC) --crate-name=jit \
+ 	    --edition=2024 \
+ 	    $(JIT_RUST_FLAGS) \
++	    $(RUSTC_FLAGS) \
+ 	    '--out-dir=$(@D)' \
+ 	    '$(top_srcdir)/jit/src/lib.rs'
+ endif # ifneq ($(JIT_CARGO_SUPPORT),no)
+diff --git a/template/Makefile.in b/template/Makefile.in
+index 443c394cb4..0b7b50e3aa 100644
+--- a/template/Makefile.in
++++ b/template/Makefile.in
+@@ -115,6 +115,7 @@ CARGO_TARGET_DIR=@abs_top_builddir@/target
+ CARGO_BUILD_ARGS=@CARGO_BUILD_ARGS@
+ ZJIT_TEST_FEATURES=@ZJIT_TEST_FEATURES@
+ JIT_RUST_FLAGS=@JIT_RUST_FLAGS@
++RUSTC_FLAGS=@RUSTC_FLAGS@
+ RLIB_DIR=@RLIB_DIR@
+ RUST_LIB=@RUST_LIB@
+ RUST_LIBOBJ = $(RUST_LIB:.a=.@OBJEXT@)

ruby.rpmlintrc

@@ -13,44 +13,47 @@ addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan
 # The template files do not have to have executable bits.
 addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
 
+# Samples don't really need executable bits.
+addFilter(r'^rubygem-bigdecimal\.x86_64: E: non-executable-script /usr/share/gems/gems/bigdecimal-[\d\.]+/sample/\w+.rb 644 /usr/local/bin/ruby$')
+
 # The bundled gem files permissions are overridden as 644 by `make install`.
 # https://bugs.ruby-lang.org/issues/17840
-# power_assert
-# https://github.com/ruby/power_assert/issues/35
-addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/setup 644 ')
-# rake
-# https://github.com/ruby/rake/issues/385
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/bundle 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rake 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rdoc 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rubocop 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/setup 644 ')
-# rbs
-# https://github.com/ruby/rbs/issues/673
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/annotate-with-rdoc 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/query-rdoc 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/rbs-prof 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/setup 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/sort 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/steep 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
-# test-unit
-addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
+# https://github.com/rubygems/rubygems/issues/5255
+addFilter(r'^.*: E: non-executable-script /usr/share/gems/gems/(abbrev|getoptlong|nkf|observer|resolv|resolv-replace|rinda|syslog)-[\d\.]+/bin/\w+ 644 ')
 
-# The function `chroot` without using `chdir` is detected by rpmlint with the
-# following message. However it looks a false positive as the `chroot` in the
-# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
-#
-# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
-# This executable appears to call chroot without using chdir to change the
-# current directory. This is likely an error and permits an attacker to break
-# out of the chroot by using fchdir. While that's not always a security issue,
-# this has to be checked.
-addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
+# Ruby provides API to set the cipher list.
+addFilter(r'^ruby-libs\.\w+: W: crypto-policy-non-compliance-openssl /usr/lib(64)?/ruby/openssl.so SSL_CTX_set_cipher_list$')
 
-# Nothing referred and no dependency information should be no problem.
-# https://bugs.ruby-lang.org/issues/16558#note-2
-addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
+# `gethostbyname` is part of deprecated Ruby API. There is also request to drop the API altogether:
+# https://bugs.ruby-lang.org/issues/13097
+# https://bugs.ruby-lang.org/issues/17944
+addFilter(r'^ruby-libs\.\w+: W: binary-or-shlib-calls-gethostbyname /usr/lib(64)?/ruby/socket.so$')
+
+# Rake ships some examples.
+addFilter(r'^rubygem-rake.noarch: W: devel-file-in-non-devel-package /usr/share/gems/gems/rake-[\d\.]+/doc/example/\w+.c$')
+
+# Some executables don't have their manual pages. Is it worth of use help2man?
+addFilter(r'^.+: W: no-manual-page-for-binary (bundler|gem|racc|rbs|rdbg|rdoc|ruby-mri|syntax_suggest|typeprof)$')
+
+# Default gems does not come with any documentation.
+addFilter(r'^rubygem-(bigdecimal|io-console|json|psych)\.\w+: W: no-documentation$')
+
+# rubygems-devel ships only RPM macros and generators. Their placement is given
+# by RPM and can't be modified.
+addFilter(r'rubygems-devel.noarch: W: only-non-binary-in-usr-lib$')
+
+# Ignore some spelling false positives.
+# Ignore spelling of technical terms
+addFilter(r'^ruby-default-gems.noarch: E: spelling-error \(\'gemspec\'')
+addFilter(r'^ruby-libs.x86_64: E: spelling-error \(\'libruby\'')
+addFilter(r'^rubygem-test-unit.noarch: E: spelling-error \(\'xUnit\'')
+addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'libyaml\'')
+addFilter(r'^rubygem-io-console.x86_64: E: spelling-error \(\'readline\'')
+# `pyaml` is part of URL
+addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'pyyaml\'')
+# `de-` is actually prefix
+addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'de\'')
+
+# It does not seemt to be worth of changing rubygems to archful package due to
+# single directory, unless it causes some real troubles.
+addFilter(r'^rubygems.noarch: E: noarch-with-lib64$')

rubygems-3.2.30-Provide-distinguished-name-which-will-be-correctly-p.patch

@@ -1,44 +0,0 @@
-From bb0f57aeb4de36a3b2b8b8cb01d25b32af0357d3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Wed, 27 Oct 2021 16:28:24 +0200
-Subject: [PATCH] Provide distinguished name which will be correctly parsed.
-
-It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
-submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
-does not contain the first slash:
-
-~~~
-$ ruby -v
-ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
-
-$ gem list | grep openssl
-openssl (default: 2.2.0)
-
-$ irb -r openssl
-irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
-=> "CN = nobody/DC=example"
-irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
-=> "CN = nobody, DC = example"
-~~~
-
-[1]: https://github.com/ruby/openssl/commit/19c67cd10c57f3ab7b13966c36431ebc3fdd653b
----
- lib/rubygems/security.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
-index c80639af6d..12de141f36 100644
---- a/lib/rubygems/security.rb
-+++ b/lib/rubygems/security.rb
-@@ -510,7 +510,7 @@ def self.email_to_name(email_address)
- 
-     dcs = dcs.split '.'
- 
--    name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
-+    name = "/CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
- 
-     OpenSSL::X509::Name.parse name
-   end
--- 
-2.32.0
-

rubygems.con

@@ -19,7 +19,7 @@ module RubyGemsReq
   end
 
   # Report conflicting gem dependencies including their version.
-  def self.gem_depenencies(specification)
+  def self.gem_dependencies(specification)
     specification.runtime_dependencies.each do |dependency|
       conflict_strings = Helpers::requirement_versions_to_rpm(dependency.requirement).map do |requirement|
         requirement_string = "rubygem(#{dependency.name}) #{requirement}"
@@ -39,7 +39,7 @@ module RubyGemsReq
       begin
         specification = Gem::Specification.load filename
 
-        gem_depenencies(specification)
+        gem_dependencies(specification)
       rescue => e
         # Ignore all errors.
       end

rubygems.req

@@ -58,7 +58,7 @@ module RubyGemsReq
   end
 
   # Report all gem dependencies including their version.
-  def self.gem_depenencies(specification)
+  def self.gem_dependencies(specification)
     specification.runtime_dependencies.each do |dependency|
       dependency_name = "rubygem(#{dependency.name})"
       requirements = Helpers::requirement_versions_to_rpm(dependency.requirement)
@@ -75,7 +75,7 @@ module RubyGemsReq
         specification = Gem::Specification.load filename
 
         rubygems_dependency(specification)
-        gem_depenencies(specification)
+        gem_dependencies(specification)
       rescue => e
         # Ignore all errors.
       end

sources

@@ -1 +1 @@
-SHA512 (ruby-3.0.3.tar.xz) = bb9ea426278d5a7ac46595296f03b82d43df8b7db41045cdf85611e05e26c703c53f700494cd7cf5d4c27fa953bdc5c144317d7720812db0a6e3b6f4bc4d2e00
+SHA512 (ruby-4.0.1.tar.xz) = b67d9d1f97ba30200d103f8454e39dc2d0450819d51d91eb5451d44b0bafc56d2fa48bb1be6c5081babe5828f679984bad02b9bcee7441f6bd34c0a95b8f200b

test_openssl_fips.rb

@@ -0,0 +1,34 @@
+require 'openssl'
+
+# Run openssl tests in OpenSSL FIPS. See the link below for how to test.
+# https://github.com/ruby/openssl/blob/master/.github/workflows/test.yml
+# - step name: test on fips module
+
+# Listing the testing files by an array explicitly rather than the `Dir.glob`
+# to prevent the test files from not loading unintentionally.
+TEST_FILES = %w[
+  test/openssl/test_fips.rb
+  test/openssl/test_pkey.rb
+].freeze
+
+if ARGV.empty?
+  puts 'ERROR: Argument base_dir required.'
+  puts "Usage: #{__FILE__} base_dir [options]"
+  exit false
+end
+BASE_DIR = ARGV[0]
+abs_test_files = TEST_FILES.map { |file| File.join(BASE_DIR, file) }
+
+# Set Fedora/RHEL downstream OpenSSL downstream environment variable to enable
+# FIPS module in non-FIPS OS environment. It is available in Fedora 38 or later
+# versions.
+# https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0009-Add-Kernel-FIPS-mode-flag-support.patch
+ENV['OPENSSL_FORCE_FIPS_MODE'] = '1'
+# A flag to tell the tests the current environment is FIPS enabled.
+# https://github.com/ruby/openssl/blob/master/test/openssl/test_fips.rb
+ENV['TEST_RUBY_OPENSSL_FIPS_ENABLED'] = 'true'
+
+abs_test_files.each do |file|
+  puts "INFO: Loading #{file}."
+  require file
+end

test_rubygems_con.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+require 'test/unit'
+require 'rpm_test_helper'
+
+class TestRubyGemsCon < Test::Unit::TestCase
+  include RPMTestHelper
+
+  def test_filter_out_regular_requirements
+    gem_i = GemInfo.new
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(0, lines.size)
+
+    deps = [ Dependency.new('bar') ]
+    gem_i.dependencies = deps
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(0, lines.size)
+
+    deps = [
+      Dependency.new('bar'),
+      Dependency.new('baq'),
+      Dependency.new('quz')
+    ]
+
+    gem_i.dependencies = deps
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(0, lines.size)
+
+    deps = [
+      Dependency.new('bar', ['>= 4.1']),
+      Dependency.new('baz', ['~> 3.2']),
+      Dependency.new('quz', ['>= 5.6'])
+    ]
+
+    gem_i.dependencies = deps
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(0, lines.size)
+  end
+
+  def test_single_gem_single_version_conflict
+    con = Dependency.new('bar', ['!= 0.4.4'])
+
+    gem_i = GemInfo.new(dependencies: [ con ])
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{con.to_rpm_str} = 0.4.4\n", lines.first)
+  end
+
+  def test_multiple_gems_with_single_conflict
+    cons = [
+      Dependency.new('bar', ['!= 1.1']),
+      Dependency.new('baq', ['!= 1.2.2']),
+      Dependency.new('quz', ['!= 1.3'])
+    ]
+
+    gem_i = GemInfo.new(dependencies: cons)
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(3, lines.size)
+
+    assert_equal("#{cons[0].to_rpm_str} = 1.1\n"  , lines[0])
+    assert_equal("#{cons[1].to_rpm_str} = 1.2.2\n", lines[1])
+    assert_equal("#{cons[2].to_rpm_str} = 1.3\n"  , lines[2])
+  end
+
+  def test_multiple_conflicts_on_single_gem
+    con = Dependency.new('bar', ['!= 2.3', '!= 2.4'])
+
+    gem_i = GemInfo.new(dependencies: [con])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    rpm_name = con.to_rpm_str
+    left_rpm_constraint = "(#{rpm_name} = 2.3 with "
+    right_rpm_constraint = "#{rpm_name} = 2.4)\n"
+    assert_equal((left_rpm_constraint + right_rpm_constraint), lines[0])
+
+    con = Dependency.new('bar', ['!= 2.3', '!= 2.4', '!= 4.5'])
+
+    gem_i = GemInfo.new(dependencies: [ con ])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+
+    rpm_name = con.to_rpm_str
+    left_rpm_constraint = "(#{rpm_name} = 2.3 with "
+    middle_rpm_constraint = "#{rpm_name} = 2.4 with "
+    right_rpm_constraint = "#{rpm_name} = 4.5)\n"
+
+    assert_equal((left_rpm_constraint + middle_rpm_constraint + right_rpm_constraint), lines[0])
+  end
+
+  def test_generates_conflicts_while_ignoring_regular_requirements
+    deps = [
+      Dependency.new('bar', ['>= 2.3', '!= 2.4.2']),
+      Dependency.new('quz', ['~> 3.0', '!= 3.2'])
+    ]
+
+    gem_i = GemInfo.new(dependencies: deps)
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+
+    rpm_name = deps[0].to_rpm_str
+    rpm_constraint = "#{rpm_name} = 2.4.2\n"
+    assert_equal(rpm_constraint, lines[0])
+
+    rpm_name = deps[1].to_rpm_str
+    rpm_constraint = "#{rpm_name} = 3.2\n"
+    assert_equal(rpm_constraint, lines[1])
+  end
+end

test_rubygems_prov.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+require 'test/unit'
+require 'rpm_test_helper'
+
+class TestRubyGemsProv < Test::Unit::TestCase
+  include RPMTestHelper
+
+  def test_provides_the_gem_version
+    gem_i = GemInfo.new(version: '1.2')
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first)
+
+    gem_i = GemInfo.new(name: 'somegem_foo', version: '4.5.6')
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first)
+
+    deps = [
+      Dependency.new('bar'),
+      Dependency.new('baq', [">= 1.2"]),
+      Dependency.new('quz', ["!= 3.2"])
+    ]
+    gem_i = GemInfo.new(dependencies: deps)
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first)
+  end
+
+  def test_translates_prelease_version_provides_from_rubygems_to_rpm
+    gem_i = GemInfo.new(version: '1.2.3.dev')
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{gem_i.to_rpm_str} = 1.2.3~dev\n", lines.first)
+
+    gem_i = GemInfo.new(name: 'foo2', version: '1.2.3.dev.2')
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{gem_i.to_rpm_str} = 1.2.3~dev.2\n", lines.first)
+  end
+end

test_rubygems_req.rb

@@ -0,0 +1,205 @@
+# frozen_string_literal: true
+
+require 'test/unit'
+require 'rpm_test_helper'
+
+class TestRubyGemsReq < Test::Unit::TestCase
+  include RPMTestHelper
+
+  def test_depends_on_rubygems
+    gem_i = GemInfo.new
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(1, lines.size)
+    assert_equal("#{helper_rubygems_dependency}\n", lines.first)
+  end
+
+  def test_requires_rubygems_and_dependency
+    dep = Dependency.new('bar')
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{helper_rubygems_dependency}\n", lines.first)
+    assert_equal("#{dep.to_rpm_str}\n", lines[1])
+  end
+
+  def test_requires_multiple_dependencies_with_constraint
+    constraints = [
+      '>= 3.0',
+      '>= 3.0.0',
+      '>= 3',
+      '= 1.0.2',
+      '= 3.0',
+      '< 3.2',
+      '<= 3.4'
+    ]
+
+    dependencies = []
+    constraints.each_with_index do |constraint, idx|
+      dependencies << Dependency.new("bar#{idx}", [constraint])
+    end
+
+    gem_i = GemInfo.new(dependencies: dependencies)
+
+    lines = run_generator_single_file(gem_i)
+    # + 1 for the rubygems dependency
+    assert_equal(constraints.size + 1, lines.size)
+    dependencies.each_with_index do |dep, idx|
+      rpm_dep_name = dep.to_rpm_str
+      # Start indexing lines at 1, to jump over rubygems dependency
+      assert_equal("#{rpm_dep_name} #{constraints[idx]}\n", lines[idx + 1])
+    end
+  end
+
+  def test_expands_pessimistic_constraint_for_rpm
+    dep = Dependency.new('bar', ['~> 1.2'])
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+
+    rpm_dep_name = dep.to_rpm_str
+    left_constraint = "#{rpm_dep_name} >= 1.2"
+    right_constraint = "#{rpm_dep_name} < 2"
+    expected_constraint = "(#{left_constraint} with #{right_constraint})\n"
+    assert_equal(expected_constraint, lines[1])
+  end
+
+  def test_multiple_pessimistically_constrained_dependencies
+    dependencies = []
+    dep_map = [
+      {
+        constraint:     '~> 1.2.3',
+        expanded_left:  '>= 1.2.3',
+        expanded_rigth: '< 1.3',
+        gem_name: 'bar1'
+      },
+      {
+        constraint:     '~> 1.2',
+        expanded_left:  '>= 1.2',
+        expanded_rigth: '< 2',
+        gem_name: 'bar2'
+      },
+      {
+        constraint:     '~> 3',
+        expanded_left:  '>= 3',
+        expanded_rigth: '< 4',
+        gem_name: 'bar3'
+      }
+    ].each do |deps|
+      dependencies << Dependency.new(deps[:gem_name], [deps[:constraint]])
+    end
+
+    gem_i = GemInfo.new(dependencies: dependencies)
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(dep_map.size + 1, lines.size)
+
+    dep_map.each_with_index do |hash, idx|
+      rpm_dep_name = dependencies[idx].to_rpm_str
+      left_constraint = rpm_dep_name + ' ' + hash[:expanded_left]
+      right_constraint = rpm_dep_name + ' ' + hash[:expanded_rigth]
+      expected_constraint = "(#{left_constraint} with #{right_constraint})\n"
+      assert_equal(expected_constraint, lines[idx + 1])
+    end
+  end
+
+  def test_multiple_constraints_on_one_dependency_composes_constraints_for_RPM
+    # The quoting here depends on how the constraint is expanded in the helpers.
+    # right now the form is `["#{constraint}"]`, therefore we have to not specify
+    # left and right quotes.
+    constraints = ['>= 0.2.3', '<= 0.2.5']
+    dep = Dependency.new('baz', constraints)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    rpm_dep_name = dep.to_rpm_str
+    assert_equal("(#{rpm_dep_name} >= 0.2.3 with #{rpm_dep_name} <= 0.2.5)\n", lines[1])
+
+    # Not sure who would compose a dependency like this, but it's possible
+    # to do with the current generator
+    constraints = ['> 0.4.5', '< 0.6.4', '>= 2.3', '<= 2.5.3']
+    dep = Dependency.new('qux', constraints)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    rpm_dep = dep.to_rpm_str
+    expected_str = "(#{rpm_dep} > 0.4.5 with #{rpm_dep} < 0.6.4 with " \
+                   "#{rpm_dep} >= 2.3 with #{rpm_dep} <= 2.5.3)\n"
+
+    assert_equal(2, lines.size)
+    assert_equal(expected_str, lines[1])
+  end
+
+  # https://bugzilla.redhat.com/show_bug.cgi?id=1561487
+  def test_depends_on_gem_with_version_conflict
+    dep = Dependency.new('baz', ['!= 0.4'])
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{dep.to_rpm_str}\n", lines[1])
+  end
+
+  def test_filters_conflict_from_regular_version_constraints
+    constraint = ['> 1.2.4', '!= 1.2.7']
+    dep = Dependency.new('baq', constraint)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{dep.to_rpm_str} > 1.2.4\n", lines[1])
+  end
+
+  def test_filtering_conflicts_is_not_depending_on_contraint_ordering
+    constraints = ['!= 1.2.7', '> 1.2.4']
+    dep = Dependency.new('baq', constraints)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{dep.to_rpm_str} > 1.2.4\n", lines[1])
+  end
+
+  def test_filters_multiple_conflicts_from_dependency
+    omit "Case not yet supported."
+    constraints = ['!= 1.2.4', '!= 1.2.5', '!= 2.3', '!= 4.8']
+    dep = Dependency.new('baf', constraints)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{dep.to_rpm_str}\n", lines[1])
+  end
+
+  def test_filters_multiple_conflicts_from_dependency_but_keeps_regular_constraint
+    constraints = ['!= 1.2.4', '!= 1.2.5', '!= 2.3', '<= 4.8']
+    dep = Dependency.new('bam', constraints)
+
+    gem_i = GemInfo.new(dependencies: [dep])
+
+    lines = run_generator_single_file(gem_i)
+
+    assert_equal(2, lines.size)
+    assert_equal("#{dep.to_rpm_str} <= 4.8\n", lines[1])
+  end
+end