Git patch changing SSL_read EOF handling.

This patch was originally added due to Puma, but it seems it is not
needed anymore:

https://github.com/puma/puma/issues/2753

ruby-1.9.3-mkmf-verbose.patch

@@ -11,15 +11,15 @@ diff --git a/lib/mkmf.rb b/lib/mkmf.rb
 index 682eb46..e6b1445 100644
 --- a/lib/mkmf.rb
 +++ b/lib/mkmf.rb
-@@ -1930,7 +1930,7 @@ def configuration(srcdir)
+@@ -1974,7 +1974,7 @@ def configuration(srcdir)
  SHELL = /bin/sh
  
  # V=0 quiet, V=1 verbose.  other values don't work.
 -V = 0
 +V = 1
+ V0 = $(V:0=)
  Q1 = $(V:1=)
  Q = $(Q1:0=@)
- ECHO1 = $(V:1=@ #{CONFIG['NULLCMD']})
 -- 
 1.8.3.1
 

ruby-2.1.0-Enable-configuration-of-archlibdir.patch

@@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
 index d261ea57b5..3c13076b82 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3240,6 +3240,11 @@ AS_IF([test ${multiarch+set}], [
+@@ -3368,6 +3368,11 @@ AS_IF([test ${multiarch+set}], [
  ])
  
  archlibdir='${libdir}/${arch}'

ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch

@@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac
 index c42436c23d..d261ea57b5 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3881,7 +3881,8 @@ AS_CASE(["$ruby_version_dir_name"],
+@@ -4026,7 +4026,8 @@ AS_CASE(["$ruby_version_dir_name"],
  ruby_version_dir=/'${ruby_version_dir_name}'
  
  if test -z "${ruby_version_dir_name}"; then
@@ -66,7 +66,7 @@ diff --git a/tool/mkconfig.rb b/tool/mkconfig.rb
 index 07076d4..35e6c3c 100755
 --- a/tool/mkconfig.rb
 +++ b/tool/mkconfig.rb
-@@ -114,7 +114,7 @@
+@@ -115,7 +115,7 @@
      val = val.gsub(/\$(?:\$|\{?(\w+)\}?)/) {$1 ? "$(#{$1})" : $&}.dump
      case name
      when /^prefix$/

ruby-2.1.0-always-use-i386.patch

@@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
 index 3c13076b82..93af30321d 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3945,6 +3945,8 @@ AC_SUBST(vendorarchdir)dnl
+@@ -4090,6 +4090,8 @@ AC_SUBST(vendorarchdir)dnl
  AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
  AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl
  

ruby-2.1.0-custom-rubygems-location.patch

@@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
 index 93af30321d..bc13397e0e 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3917,6 +3917,10 @@ AC_ARG_WITH(vendorarchdir,
+@@ -4062,6 +4062,10 @@ AC_ARG_WITH(vendorarchdir,
              [vendorarchdir=$withval],
              [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
  
@@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
      RUBY_EXEC_PREFIX=''
-@@ -3941,6 +3945,7 @@ AC_SUBST(sitearchdir)dnl
+@@ -4086,6 +4090,7 @@ AC_SUBST(sitearchdir)dnl
  AC_SUBST(vendordir)dnl
  AC_SUBST(vendorlibdir)dnl
  AC_SUBST(vendorarchdir)dnl
@@ -67,7 +67,7 @@ diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
 index e9110a17ca..76a1f0a315 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -349,6 +349,7 @@ def CONFIG.[](name, mandatory = false)
+@@ -359,6 +359,7 @@ def CONFIG.[](name, mandatory = false)
    vendorlibdir = CONFIG["vendorlibdir"]
    vendorarchlibdir = CONFIG["vendorarchdir"]
  end
@@ -75,7 +75,7 @@ index e9110a17ca..76a1f0a315 100755
  mandir = CONFIG["mandir", true]
  docdir = CONFIG["docdir", true]
  enable_shared = CONFIG["ENABLE_SHARED"] == 'yes'
-@@ -581,7 +582,16 @@ def stub
+@@ -590,7 +591,16 @@ def stub
  install?(:local, :comm, :lib) do
    prepare "library scripts", rubylibdir
    noinst = %w[*.txt *.rdoc *.gemspec]

ruby-2.3.0-ruby_version.patch

@@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac
 index 80b137e380..63cd3b4f8b 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -3832,9 +3832,6 @@ AS_CASE(["$target_os"],
+@@ -3977,9 +3977,6 @@ AS_CASE(["$target_os"],
      rubyw_install_name='$(RUBYW_INSTALL_NAME)'
      ])
  
@@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644
  rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
  AC_ARG_WITH(rubyarchprefix,
  	    AS_HELP_STRING([--with-rubyarchprefix=DIR],
-@@ -3857,56 +3854,62 @@ AC_ARG_WITH(ridir,
+@@ -4002,56 +3999,62 @@ AC_ARG_WITH(ridir,
  AC_SUBST(ridir)
  AC_SUBST(RI_BASE_NAME)
  
@@ -120,7 +120,7 @@ index 80b137e380..63cd3b4f8b 100644
  
  AS_IF([test "${LOAD_RELATIVE+set}"], [
      AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
-@@ -3923,6 +3926,7 @@ AC_SUBST(sitearchincludedir)dnl
+@@ -4068,6 +4071,7 @@ AC_SUBST(sitearchincludedir)dnl
  AC_SUBST(arch)dnl
  AC_SUBST(sitearch)dnl
  AC_SUBST(ruby_version)dnl
@@ -132,14 +132,14 @@ diff --git a/template/ruby.pc.in b/template/ruby.pc.in
 index 8a2c066..c81b211 100644
 --- a/template/ruby.pc.in
 +++ b/template/ruby.pc.in
-@@ -9,6 +9,7 @@ MAJOR=@MAJOR@
+@@ -2,6 +2,7 @@ MAJOR=@MAJOR@
  MINOR=@MINOR@
  TEENY=@TEENY@
  ruby_version=@ruby_version@
 +ruby_version_dir_name=@ruby_version_dir_name@
  RUBY_API_VERSION=@RUBY_API_VERSION@
  RUBY_PROGRAM_VERSION=@RUBY_PROGRAM_VERSION@
- RUBY_BASE_NAME=@RUBY_BASE_NAME@
+ arch=@arch@
 -- 
 2.1.0
 
@@ -171,7 +171,7 @@ diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
 index d4c110e..d39c9a6 100755
 --- a/tool/rbinstall.rb
 +++ b/tool/rbinstall.rb
-@@ -439,7 +439,7 @@ def CONFIG.[](name, mandatory = false)
+@@ -448,7 +448,7 @@ def CONFIG.[](name, mandatory = false)
  
  install?(:doc, :rdoc) do
    if $rdocdir
@@ -190,31 +190,24 @@ Date: Tue, 31 Mar 2015 16:37:44 +0200
 Subject: [PATCH 3/4] Add ruby_version_dir_name support for RubyGems.
 
 ---
- lib/rubygems/defaults.rb  | 9 +++++----
+ lib/rubygems/defaults.rb  | 7 ++++---
  test/rubygems/test_gem.rb | 5 +++--
- 2 files changed, 8 insertions(+), 6 deletions(-)
+ 2 files changed, 7 insertions(+), 5 deletions(-)
 
 diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb
 index d4ff4a262c..3f9a5bf590 100644
 --- a/lib/rubygems/defaults.rb
 +++ b/lib/rubygems/defaults.rb
-@@ -38,13 +38,13 @@ def self.default_dir
-              [
-                File.dirname(RbConfig::CONFIG['sitedir']),
-                'Gems',
--               RbConfig::CONFIG['ruby_version'],
-+               RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
-              ]
-            else
-              [
-                RbConfig::CONFIG['rubylibprefix'],
-                'gems',
--               RbConfig::CONFIG['ruby_version'],
-+               RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
-              ]
-            end
+@@ -34,7 +34,7 @@ def self.default_spec_cache_dir
+   # specified in the environment
  
-@@ -117,7 +117,8 @@ def self.user_dir
+   def self.default_dir
+-    @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version'])
++    @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'])
+   end
+ 
+   ##
+@@ -103,7 +103,8 @@ def self.user_dir
      gem_dir = File.join(Gem.user_home, ".gem")
      gem_dir = File.join(Gem.data_home, "gem") unless File.exist?(gem_dir)
      parts = [gem_dir, ruby_engine]
@@ -224,7 +217,7 @@ index d4ff4a262c..3f9a5bf590 100644
      File.join parts
    end
  
-@@ -252,7 +253,7 @@ def self.vendor_dir # :nodoc:
+@@ -234,7 +235,7 @@ def self.vendor_dir # :nodoc:
      return nil unless RbConfig::CONFIG.key? 'vendordir'
  
      File.join RbConfig::CONFIG['vendordir'], 'gems',
@@ -237,7 +230,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
 index b25068405d..e9fef4a311 100644
 --- a/test/rubygems/test_gem.rb
 +++ b/test/rubygems/test_gem.rb
-@@ -1440,7 +1440,8 @@ def test_self_use_paths
+@@ -1410,7 +1410,8 @@ def test_self_use_paths
  
    def test_self_user_dir
      parts = [@userhome, '.gem', Gem.ruby_engine]
@@ -247,7 +240,7 @@ index b25068405d..e9fef4a311 100644
  
      FileUtils.mkdir_p File.join(parts)
  
-@@ -1516,7 +1517,7 @@ def test_self_vendor_dir
+@@ -1486,7 +1487,7 @@ def test_self_vendor_dir
      vendordir(File.join(@tempdir, 'vendor')) do
        expected =
          File.join RbConfig::CONFIG['vendordir'], 'gems',
@@ -274,7 +267,7 @@ diff --git a/configure.ac b/configure.ac
 index a00f2b6776..999e2d6d5d 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -107,7 +107,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
+@@ -108,7 +108,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
  RUBYW_BASE_NAME=`echo rubyw | sed "$program_transform_name"`
  AC_SUBST(RUBY_BASE_NAME)
  AC_SUBST(RUBYW_BASE_NAME)

ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch

@@ -1,30 +0,0 @@
-From 346e147ba6480839b87046e9a9efab0bf6ed3660 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Wed, 10 Aug 2016 17:35:48 +0200
-Subject: [PATCH] Rely on ldd to detect glibc.
-
-This is just workaround, since we know we are quite sure this will be successful
-on Red Hat platforms.
-
-This workaround rhbz#1361037
----
- test/fiddle/helper.rb | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
-index 1da3d93..65148a1 100644
---- a/test/fiddle/helper.rb
-+++ b/test/fiddle/helper.rb
-@@ -139,6 +139,9 @@
-   libc_so = libm_so = "/usr/lib/libSystem.B.dylib"
- end
- 
-+# Just ignore the heuristic, because it is not reliable on all platforms.
-+libc_so = libm_so = nil
-+
- if !libc_so || !libm_so
-   ruby = EnvUtil.rubybin
-   # When the ruby binary is 32-bit and the host is 64-bit,
--- 
-2.9.2
-

ruby-2.7.0-Initialize-ABRT-hook.patch

@@ -43,7 +43,7 @@ diff --git a/common.mk b/common.mk
 index b2e5b2b6d0..f39f81da5c 100644
 --- a/common.mk
 +++ b/common.mk
-@@ -81,7 +81,8 @@ ENC_MK        = enc.mk
+@@ -82,7 +82,8 @@ ENC_MK        = enc.mk
  MAKE_ENC      = -f $(ENC_MK) V="$(V)" UNICODE_HDR_DIR="$(UNICODE_HDR_DIR)" \
  		RUBY="$(MINIRUBY)" MINIRUBY="$(MINIRUBY)" $(mflags)
  
@@ -57,7 +57,7 @@ diff --git a/ruby.c b/ruby.c
 index 60c57d6259..1eec16f2c8 100644
 --- a/ruby.c
 +++ b/ruby.c
-@@ -1489,10 +1489,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
+@@ -1611,10 +1611,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
  
  void Init_builtin_features(void);
  

ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch

@@ -20,7 +20,7 @@ diff --git a/test/-ext-/bug_reporter/test_bug_reporter.rb b/test/-ext-/bug_repor
 index 628fcd0340..2c677cc8a7 100644
 --- a/test/-ext-/bug_reporter/test_bug_reporter.rb
 +++ b/test/-ext-/bug_reporter/test_bug_reporter.rb
-@@ -21,7 +21,7 @@ def test_bug_reporter_add
+@@ -22,7 +22,7 @@ def test_bug_reporter_add
      args = ["--disable-gems", "-r-test-/bug_reporter",
              "-C", tmpdir]
      stdin = "register_sample_bug_reporter(12345); Process.kill :SEGV, $$"

ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch

@@ -1,84 +0,0 @@
-From 202ff1372a40a8adf9aac74bfe8a39141b0c57e5 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 27 Sep 2021 00:38:38 +0900
-Subject: [PATCH] ext/openssl/extconf.rb: require OpenSSL version >= 1.0.1, < 3
-
-Ruby/OpenSSL 2.1.x and 2.2.x will not support OpenSSL 3.0 API. Let's
-make extconf.rb explicitly check the version number to be within the
-acceptable range, since it will not compile anyway.
-
-Reference: https://bugs.ruby-lang.org/issues/18192
----
- ext/openssl/extconf.rb | 43 ++++++++++++++++++++++++------------------
- 1 file changed, 25 insertions(+), 18 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 264130bb..7e817ae2 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -33,9 +33,6 @@
-   have_library("ws2_32")
- end
- 
--Logging::message "=== Checking for required stuff... ===\n"
--result = pkg_config("openssl") && have_header("openssl/ssl.h")
--
- if $mingw
-   append_cflags '-D_FORTIFY_SOURCE=2'
-   append_ldflags '-fstack-protector'
-@@ -92,19 +89,33 @@ def find_openssl_library
-   return false
- end
- 
--unless result
--  unless find_openssl_library
--    Logging::message "=== Checking for required stuff failed. ===\n"
--    Logging::message "Makefile wasn't created. Fix the errors above.\n"
--    raise "OpenSSL library could not be found. You might want to use " \
--      "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
--      "is installed."
--  end
-+Logging::message "=== Checking for required stuff... ===\n"
-+pkg_config_found = pkg_config("openssl") && have_header("openssl/ssl.h")
-+
-+if !pkg_config_found && !find_openssl_library
-+  Logging::message "=== Checking for required stuff failed. ===\n"
-+  Logging::message "Makefile wasn't created. Fix the errors above.\n"
-+  raise "OpenSSL library could not be found. You might want to use " \
-+    "--with-openssl-dir=<dir> option to specify the prefix where OpenSSL " \
-+    "is installed."
- end
- 
--unless checking_for("OpenSSL version is 1.0.1 or later") {
--    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") }
--  raise "OpenSSL >= 1.0.1 or LibreSSL is required"
-+version_ok = if have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
-+  is_libressl = true
-+  checking_for("LibreSSL version >= 2.5.0") {
-+    try_static_assert("LIBRESSL_VERSION_NUMBER >= 0x20500000L", "openssl/opensslv.h") }
-+else
-+  checking_for("OpenSSL version >= 1.0.1 and < 3.0.0") {
-+    try_static_assert("OPENSSL_VERSION_NUMBER >= 0x10001000L", "openssl/opensslv.h") &&
-+    !try_static_assert("OPENSSL_VERSION_MAJOR >= 3", "openssl/opensslv.h") }
-+end
-+unless version_ok
-+  raise "OpenSSL >= 1.0.1, < 3.0.0 or LibreSSL >= 2.5.0 is required"
-+end
-+
-+# Prevent wincrypt.h from being included, which defines conflicting macro with openssl/x509.h
-+if is_libressl && ($mswin || $mingw)
-+  $defs.push("-DNOCRYPT")
- end
- 
- Logging::message "=== Checking for OpenSSL features... ===\n"
-@@ -116,10 +127,6 @@ def find_openssl_library
-   have_func("ENGINE_load_#{name}()", "openssl/engine.h")
- }
- 
--if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
--  $defs.push("-DNOCRYPT")
--end
--
- # added in 1.0.2
- have_func("EC_curve_nist2nid")
- have_func("X509_REVOKED_dup")

ruby-3.1.0-Allow-setting-algorithm-specific-options-in-sign-and-verify.patch

@@ -1,358 +0,0 @@
-From f2cf3afc6fa1e13e960f732c0bc658ad408ee219 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 12 Jun 2020 14:12:59 +0900
-Subject: [PATCH 1/3] pkey: fix potential memory leak in PKey#sign
-
-Fix potential leak of EVP_MD_CTX object in an error path. This path is
-normally unreachable, since the size of a signature generated by any
-supported algorithms would not be larger than LONG_MAX.
----
- ext/openssl/ossl_pkey.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index df8b425a0f..7488190e0e 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -777,8 +777,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSign");
-     }
--    if (siglen > LONG_MAX)
-+    if (siglen > LONG_MAX) {
-+        EVP_MD_CTX_free(ctx);
-         rb_raise(ePKeyError, "signature would be too large");
-+    }
-     sig = ossl_str_new(NULL, (long)siglen, &state);
-     if (state) {
-         EVP_MD_CTX_free(ctx);
-@@ -799,8 +801,10 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSignFinal");
-     }
--    if (siglen > LONG_MAX)
-+    if (siglen > LONG_MAX) {
-+        EVP_MD_CTX_free(ctx);
-         rb_raise(ePKeyError, "signature would be too large");
-+    }
-     sig = ossl_str_new(NULL, (long)siglen, &state);
-     if (state) {
-         EVP_MD_CTX_free(ctx);
--- 
-2.32.0
-
-
-From 8b30ce20eb9e03180c28288e29a96308e594f860 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 2 Apr 2021 23:58:48 +0900
-Subject: [PATCH 2/3] pkey: prepare pkey_ctx_apply_options() for usage by other
- operations
-
-The routine to apply Hash to EVP_PKEY_CTX_ctrl_str() is currently used
-by key generation, but it is useful for other operations too. Let's
-change it to a slightly more generic name.
----
- ext/openssl/ossl_pkey.c | 22 ++++++++++++++--------
- 1 file changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index 7488190e0e..fed4a2b81f 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -198,7 +198,7 @@ ossl_pkey_new_from_data(int argc, VALUE *argv, VALUE self)
- }
- 
- static VALUE
--pkey_gen_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
-+pkey_ctx_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
- {
-     VALUE key = rb_ary_entry(i, 0), value = rb_ary_entry(i, 1);
-     EVP_PKEY_CTX *ctx = (EVP_PKEY_CTX *)ctx_v;
-@@ -214,15 +214,25 @@ pkey_gen_apply_options_i(RB_BLOCK_CALL_FUNC_ARGLIST(i, ctx_v))
- }
- 
- static VALUE
--pkey_gen_apply_options0(VALUE args_v)
-+pkey_ctx_apply_options0(VALUE args_v)
- {
-     VALUE *args = (VALUE *)args_v;
- 
-     rb_block_call(args[1], rb_intern("each"), 0, NULL,
--                  pkey_gen_apply_options_i, args[0]);
-+                  pkey_ctx_apply_options_i, args[0]);
-     return Qnil;
- }
- 
-+static void
-+pkey_ctx_apply_options(EVP_PKEY_CTX *ctx, VALUE options, int *state)
-+{
-+    VALUE args[2];
-+    args[0] = (VALUE)ctx;
-+    args[1] = options;
-+
-+    rb_protect(pkey_ctx_apply_options0, (VALUE)args, state);
-+}
-+
- struct pkey_blocking_generate_arg {
-     EVP_PKEY_CTX *ctx;
-     EVP_PKEY *pkey;
-@@ -330,11 +340,7 @@ pkey_generate(int argc, VALUE *argv, VALUE self, int genparam)
-     }
- 
-     if (!NIL_P(options)) {
--        VALUE args[2];
--
--        args[0] = (VALUE)ctx;
--        args[1] = options;
--        rb_protect(pkey_gen_apply_options0, (VALUE)args, &state);
-+        pkey_ctx_apply_options(ctx, options, &state);
-         if (state) {
-             EVP_PKEY_CTX_free(ctx);
-             rb_jump_tag(state);
--- 
-2.32.0
-
-
-From 4c7b0f91da666961d11908b94520db4e09ce4e67 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sat, 18 Jul 2020 20:40:39 +0900
-Subject: [PATCH 3/3] pkey: allow setting algorithm-specific options in #sign
- and #verify
-
-Similarly to OpenSSL::PKey.generate_key and .generate_parameters, let
-OpenSSL::PKey::PKey#sign and #verify take an optional parameter for
-specifying control strings for EVP_PKEY_CTX_ctrl_str().
----
- ext/openssl/ossl_pkey.c       | 113 ++++++++++++++++++++++------------
- test/openssl/test_pkey_rsa.rb |  34 +++++-----
- 2 files changed, 89 insertions(+), 58 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index fed4a2b81f..22e9f19982 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -739,33 +739,51 @@ ossl_pkey_public_to_pem(VALUE self)
- }
- 
- /*
-- *  call-seq:
-- *      pkey.sign(digest, data) -> String
-+ * call-seq:
-+ *    pkey.sign(digest, data [, options]) -> string
-  *
-- * To sign the String _data_, _digest_, an instance of OpenSSL::Digest, must
-- * be provided. The return value is again a String containing the signature.
-- * A PKeyError is raised should errors occur.
-- * Any previous state of the Digest instance is irrelevant to the signature
-- * outcome, the digest instance is reset to its initial state during the
-- * operation.
-+ * Hashes and signs the +data+ using a message digest algorithm +digest+ and
-+ * a private key +pkey+.
-  *
-- * == Example
-- *   data = 'Sign me!'
-- *   digest = OpenSSL::Digest.new('SHA256')
-- *   pkey = OpenSSL::PKey::RSA.new(2048)
-- *   signature = pkey.sign(digest, data)
-+ * See #verify for the verification operation.
-+ *
-+ * See also the man page EVP_DigestSign(3).
-+ *
-+ * +digest+::
-+ *   A String that represents the message digest algorithm name, or +nil+
-+ *   if the PKey type requires no digest algorithm.
-+ *   For backwards compatibility, this can be an instance of OpenSSL::Digest.
-+ *   Its state will not affect the signature.
-+ * +data+::
-+ *   A String. The data to be hashed and signed.
-+ * +options+::
-+ *   A Hash that contains algorithm specific control operations to \OpenSSL.
-+ *   See OpenSSL's man page EVP_PKEY_CTX_ctrl_str(3) for details.
-+ *   +options+ parameter was added in version 2.3.
-+ *
-+ * Example:
-+ *   data = "Sign me!"
-+ *   pkey = OpenSSL::PKey.generate_key("RSA", rsa_keygen_bits: 2048)
-+ *   signopts = { rsa_padding_mode: "pss" }
-+ *   signature = pkey.sign("SHA256", data, signopts)
-+ *
-+ *   # Creates a copy of the RSA key pkey, but without the private components
-+ *   pub_key = pkey.public_key
-+ *   puts pub_key.verify("SHA256", signature, data, signopts) # => true
-  */
- static VALUE
--ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-+ossl_pkey_sign(int argc, VALUE *argv, VALUE self)
- {
-     EVP_PKEY *pkey;
-+    VALUE digest, data, options, sig;
-     const EVP_MD *md = NULL;
-     EVP_MD_CTX *ctx;
-+    EVP_PKEY_CTX *pctx;
-     size_t siglen;
-     int state;
--    VALUE sig;
- 
-     pkey = GetPrivPKeyPtr(self);
-+    rb_scan_args(argc, argv, "21", &digest, &data, &options);
-     if (!NIL_P(digest))
-         md = ossl_evp_get_digestbyname(digest);
-     StringValue(data);
-@@ -773,10 +791,17 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
-     ctx = EVP_MD_CTX_new();
-     if (!ctx)
-         ossl_raise(ePKeyError, "EVP_MD_CTX_new");
--    if (EVP_DigestSignInit(ctx, NULL, md, /* engine */NULL, pkey) < 1) {
-+    if (EVP_DigestSignInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) {
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestSignInit");
-     }
-+    if (!NIL_P(options)) {
-+        pkey_ctx_apply_options(pctx, options, &state);
-+        if (state) {
-+            EVP_MD_CTX_free(ctx);
-+            rb_jump_tag(state);
-+        }
-+    }
- #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
-     if (EVP_DigestSign(ctx, NULL, &siglen, (unsigned char *)RSTRING_PTR(data),
-                        RSTRING_LEN(data)) < 1) {
-@@ -828,35 +853,40 @@ ossl_pkey_sign(VALUE self, VALUE digest, VALUE data)
- }
- 
- /*
-- *  call-seq:
-- *      pkey.verify(digest, signature, data) -> String
-+ * call-seq:
-+ *    pkey.verify(digest, signature, data [, options]) -> true or false
-  *
-- * To verify the String _signature_, _digest_, an instance of
-- * OpenSSL::Digest, must be provided to re-compute the message digest of the
-- * original _data_, also a String. The return value is +true+ if the
-- * signature is valid, +false+ otherwise. A PKeyError is raised should errors
-- * occur.
-- * Any previous state of the Digest instance is irrelevant to the validation
-- * outcome, the digest instance is reset to its initial state during the
-- * operation.
-+ * Verifies the +signature+ for the +data+ using a message digest algorithm
-+ * +digest+ and a public key +pkey+.
-  *
-- * == Example
-- *   data = 'Sign me!'
-- *   digest = OpenSSL::Digest.new('SHA256')
-- *   pkey = OpenSSL::PKey::RSA.new(2048)
-- *   signature = pkey.sign(digest, data)
-- *   pub_key = pkey.public_key
-- *   puts pub_key.verify(digest, signature, data) # => true
-+ * Returns +true+ if the signature is successfully verified, +false+ otherwise.
-+ * The caller must check the return value.
-+ *
-+ * See #sign for the signing operation and an example.
-+ *
-+ * See also the man page EVP_DigestVerify(3).
-+ *
-+ * +digest+::
-+ *   See #sign.
-+ * +signature+::
-+ *   A String containing the signature to be verified.
-+ * +data+::
-+ *   See #sign.
-+ * +options+::
-+ *   See #sign. +options+ parameter was added in version 2.3.
-  */
- static VALUE
--ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
-+ossl_pkey_verify(int argc, VALUE *argv, VALUE self)
- {
-     EVP_PKEY *pkey;
-+    VALUE digest, sig, data, options;
-     const EVP_MD *md = NULL;
-     EVP_MD_CTX *ctx;
--    int ret;
-+    EVP_PKEY_CTX *pctx;
-+    int state, ret;
- 
-     GetPKey(self, pkey);
-+    rb_scan_args(argc, argv, "31", &digest, &sig, &data, &options);
-     ossl_pkey_check_public_key(pkey);
-     if (!NIL_P(digest))
-         md = ossl_evp_get_digestbyname(digest);
-@@ -866,10 +896,17 @@ ossl_pkey_verify(VALUE self, VALUE digest, VALUE sig, VALUE data)
-     ctx = EVP_MD_CTX_new();
-     if (!ctx)
-         ossl_raise(ePKeyError, "EVP_MD_CTX_new");
--    if (EVP_DigestVerifyInit(ctx, NULL, md, /* engine */NULL, pkey) < 1) {
-+    if (EVP_DigestVerifyInit(ctx, &pctx, md, /* engine */NULL, pkey) < 1) {
-         EVP_MD_CTX_free(ctx);
-         ossl_raise(ePKeyError, "EVP_DigestVerifyInit");
-     }
-+    if (!NIL_P(options)) {
-+        pkey_ctx_apply_options(pctx, options, &state);
-+        if (state) {
-+            EVP_MD_CTX_free(ctx);
-+            rb_jump_tag(state);
-+        }
-+    }
- #if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
-     ret = EVP_DigestVerify(ctx, (unsigned char *)RSTRING_PTR(sig),
-                            RSTRING_LEN(sig), (unsigned char *)RSTRING_PTR(data),
-@@ -1042,8 +1079,8 @@ Init_ossl_pkey(void)
-     rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0);
-     rb_define_method(cPKey, "public_to_pem", ossl_pkey_public_to_pem, 0);
- 
--    rb_define_method(cPKey, "sign", ossl_pkey_sign, 2);
--    rb_define_method(cPKey, "verify", ossl_pkey_verify, 3);
-+    rb_define_method(cPKey, "sign", ossl_pkey_sign, -1);
-+    rb_define_method(cPKey, "verify", ossl_pkey_verify, -1);
-     rb_define_method(cPKey, "derive", ossl_pkey_derive, -1);
- 
-     id_private_q = rb_intern("private?");
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index 88164c3b52..d1e68dbc9f 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -117,27 +117,21 @@ def test_sign_verify
-     assert_equal false, rsa1024.verify("SHA256", signature1, data)
-   end
- 
--  def test_digest_state_irrelevant_sign
-+  def test_sign_verify_options
-     key = Fixtures.pkey("rsa1024")
--    digest1 = OpenSSL::Digest.new('SHA1')
--    digest2 = OpenSSL::Digest.new('SHA1')
--    data = 'Sign me!'
--    digest1 << 'Change state of digest1'
--    sig1 = key.sign(digest1, data)
--    sig2 = key.sign(digest2, data)
--    assert_equal(sig1, sig2)
--  end
--
--  def test_digest_state_irrelevant_verify
--    key = Fixtures.pkey("rsa1024")
--    digest1 = OpenSSL::Digest.new('SHA1')
--    digest2 = OpenSSL::Digest.new('SHA1')
--    data = 'Sign me!'
--    sig = key.sign(digest1, data)
--    digest1.reset
--    digest1 << 'Change state of digest1'
--    assert(key.verify(digest1, sig, data))
--    assert(key.verify(digest2, sig, data))
-+    data = "Sign me!"
-+    pssopts = {
-+      "rsa_padding_mode" => "pss",
-+      "rsa_pss_saltlen" => 20,
-+      "rsa_mgf1_md" => "SHA1"
-+    }
-+    sig_pss = key.sign("SHA256", data, pssopts)
-+    assert_equal 128, sig_pss.bytesize
-+    assert_equal true, key.verify("SHA256", sig_pss, data, pssopts)
-+    assert_equal true, key.verify_pss("SHA256", sig_pss, data,
-+                                      salt_length: 20, mgf1_hash: "SHA1")
-+    # Defaults to PKCS #1 v1.5 padding => verification failure
-+    assert_equal false, key.verify("SHA256", sig_pss, data)
-   end
- 
-   def test_verify_empty_rsa
--- 
-2.32.0
-

ruby-3.1.0-Get-rid-of-type-punning-pointer-casts.patch

@@ -1,186 +0,0 @@
-From 104b009e26c050584e4d186c8cc4e1496a14061b Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 5 Aug 2021 20:09:25 +0900
-Subject: [PATCH] Get rid of type-punning pointer casts [Bug #18062]
-
----
- vm_eval.c       |  4 +++-
- vm_insnhelper.c |  7 +++++--
- vm_method.c     | 41 ++++++++++++++++++++++++++---------------
- 3 files changed, 34 insertions(+), 18 deletions(-)
-
-diff --git a/vm_eval.c b/vm_eval.c
-index 6d4b5c3c0b28..7ce9f157e671 100644
---- a/vm_eval.c
-+++ b/vm_eval.c
-@@ -350,9 +350,11 @@ cc_new(VALUE klass, ID mid, int argc, const rb_callable_method_entry_t *cme)
-     {
-         struct rb_class_cc_entries *ccs;
-         struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-+        VALUE ccs_data;
- 
--        if (rb_id_table_lookup(cc_tbl, mid, (VALUE*)&ccs)) {
-+        if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-             // ok
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-         }
-         else {
-             ccs = vm_ccs_create(klass, cme);
-diff --git a/vm_insnhelper.c b/vm_insnhelper.c
-index 14928b2afe8e..e186376b24d7 100644
---- a/vm_insnhelper.c
-+++ b/vm_insnhelper.c
-@@ -1637,9 +1637,11 @@ vm_search_cc(const VALUE klass, const struct rb_callinfo * const ci)
-     const ID mid = vm_ci_mid(ci);
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     struct rb_class_cc_entries *ccs = NULL;
-+    VALUE ccs_data;
- 
-     if (cc_tbl) {
--        if (rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+        if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-             const int ccs_len = ccs->len;
-             VM_ASSERT(vm_ccs_verify(ccs, mid, klass));
- 
-@@ -1706,8 +1708,9 @@ vm_search_cc(const VALUE klass, const struct rb_callinfo * const ci)
-     if (ccs == NULL) {
-         VM_ASSERT(cc_tbl != NULL);
- 
--        if (LIKELY(rb_id_table_lookup(cc_tbl, mid, (VALUE*)&ccs))) {
-+        if (LIKELY(rb_id_table_lookup(cc_tbl, mid, &ccs_data))) {
-             // rb_callable_method_entry() prepares ccs.
-+            ccs = (struct rb_class_cc_entries *)ccs_data;
-         }
-         else {
-             // TODO: required?
-diff --git a/vm_method.c b/vm_method.c
-index 016dba1dbb18..1fd0bd57f7ca 100644
---- a/vm_method.c
-+++ b/vm_method.c
-@@ -42,11 +42,11 @@ vm_ccs_dump(VALUE klass, ID target_mid)
- {
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     if (cc_tbl) {
--        const struct rb_class_cc_entries *ccs;
-+        VALUE ccs;
-         if (target_mid) {
--            if (rb_id_table_lookup(cc_tbl, target_mid, (VALUE *)&ccs)) {
-+            if (rb_id_table_lookup(cc_tbl, target_mid, &ccs)) {
-                 fprintf(stderr, "  [CCTB] %p\n", (void *)cc_tbl);
--                vm_ccs_dump_i(target_mid, (VALUE)ccs, NULL);
-+                vm_ccs_dump_i(target_mid, ccs, NULL);
-             }
-         }
-         else {
-@@ -72,11 +72,11 @@ vm_mtbl_dump(VALUE klass, ID target_mid)
-     fprintf(stderr, "# vm_mtbl\n");
-     while (klass) {
-         rp_m("  -> ", klass);
--        rb_method_entry_t *me;
-+        VALUE me;
- 
-         if (RCLASS_M_TBL(klass)) {
-             if (target_mid != 0) {
--                if (rb_id_table_lookup(RCLASS_M_TBL(klass), target_mid, (VALUE *)&me)) {
-+                if (rb_id_table_lookup(RCLASS_M_TBL(klass), target_mid, &me)) {
-                     rp_m("  [MTBL] ", me);
-                 }
-             }
-@@ -90,7 +90,7 @@ vm_mtbl_dump(VALUE klass, ID target_mid)
-         }
-         if (RCLASS_CALLABLE_M_TBL(klass)) {
-             if (target_mid != 0) {
--                if (rb_id_table_lookup(RCLASS_CALLABLE_M_TBL(klass), target_mid, (VALUE *)&me)) {
-+                if (rb_id_table_lookup(RCLASS_CALLABLE_M_TBL(klass), target_mid, &me)) {
-                     rp_m("  [CM**] ", me);
-                 }
-             }
-@@ -144,10 +144,11 @@ clear_method_cache_by_id_in_class(VALUE klass, ID mid)
-         // check only current class
- 
-         struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
--        struct rb_class_cc_entries *ccs;
-+        VALUE ccs_data;
- 
-         // invalidate CCs
--        if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+        if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+            struct rb_class_cc_entries *ccs = (struct rb_class_cc_entries *)ccs_data;
-             rb_vm_ccs_free(ccs);
-             rb_id_table_delete(cc_tbl, mid);
-             RB_DEBUG_COUNTER_INC(cc_invalidate_leaf_ccs);
-@@ -205,9 +206,10 @@ clear_method_cache_by_id_in_class(VALUE klass, ID mid)
-         }
-         else {
-             rb_vm_t *vm = GET_VM();
--            if (rb_id_table_lookup(vm->negative_cme_table, mid, (VALUE *)&cme)) {
-+            VALUE cme_data = (VALUE) cme;
-+            if (rb_id_table_lookup(vm->negative_cme_table, mid, &cme_data)) {
-                 rb_id_table_delete(vm->negative_cme_table, mid);
--                vm_me_invalidate_cache((rb_callable_method_entry_t *)cme);
-+                vm_me_invalidate_cache((rb_callable_method_entry_t *)cme_data);
- 
-                 RB_DEBUG_COUNTER_INC(cc_invalidate_negative);
-             }
-@@ -1023,6 +1025,7 @@ prepare_callable_method_entry(VALUE defined_class, ID id, const rb_method_entry_
- {
-     struct rb_id_table *mtbl;
-     const rb_callable_method_entry_t *cme;
-+    VALUE cme_data;
- 
-     if (me) {
-         if (me->defined_class == 0) {
-@@ -1032,7 +1035,8 @@ prepare_callable_method_entry(VALUE defined_class, ID id, const rb_method_entry_
- 
-             mtbl = RCLASS_CALLABLE_M_TBL(defined_class);
- 
--            if (mtbl && rb_id_table_lookup(mtbl, id, (VALUE *)&cme)) {
-+            if (mtbl && rb_id_table_lookup(mtbl, id, &cme_data)) {
-+                cme = (rb_callable_method_entry_t *)cme_data;
-                 RB_DEBUG_COUNTER_INC(mc_cme_complement_hit);
-                 VM_ASSERT(callable_method_entry_p(cme));
-                 VM_ASSERT(!METHOD_ENTRY_INVALIDATED(cme));
-@@ -1076,9 +1080,10 @@ cached_callable_method_entry(VALUE klass, ID mid)
-     ASSERT_vm_locking();
- 
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
--    struct rb_class_cc_entries *ccs;
-+    VALUE ccs_data;
- 
--    if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+    if (cc_tbl && rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+        struct rb_class_cc_entries *ccs = (struct rb_class_cc_entries *)ccs_data;
-         VM_ASSERT(vm_ccs_p(ccs));
- 
-         if (LIKELY(!METHOD_ENTRY_INVALIDATED(ccs->cme))) {
-@@ -1104,12 +1109,14 @@ cache_callable_method_entry(VALUE klass, ID mid, const rb_callable_method_entry_
- 
-     struct rb_id_table *cc_tbl = RCLASS_CC_TBL(klass);
-     struct rb_class_cc_entries *ccs;
-+    VALUE ccs_data;
- 
-     if (!cc_tbl) {
-         cc_tbl = RCLASS_CC_TBL(klass) = rb_id_table_create(2);
-     }
- 
--    if (rb_id_table_lookup(cc_tbl, mid, (VALUE *)&ccs)) {
-+    if (rb_id_table_lookup(cc_tbl, mid, &ccs_data)) {
-+        ccs = (struct rb_class_cc_entries *)ccs_data;
-         VM_ASSERT(ccs->cme == cme);
-     }
-     else {
-@@ -1123,8 +1130,12 @@ negative_cme(ID mid)
- {
-     rb_vm_t *vm = GET_VM();
-     const rb_callable_method_entry_t *cme;
-+    VALUE cme_data;
- 
--    if (!rb_id_table_lookup(vm->negative_cme_table, mid, (VALUE *)&cme)) {
-+    if (rb_id_table_lookup(vm->negative_cme_table, mid, &cme_data)) {
-+        cme = (rb_callable_method_entry_t *)cme_data;
-+    }
-+    else {
-         cme = (rb_callable_method_entry_t *)rb_method_entry_alloc(mid, Qnil, Qnil, NULL);
-         rb_id_table_insert(vm->negative_cme_table, mid, (VALUE)cme);
-     }

ruby-3.1.0-Ignore-DW_FORM_ref_addr.patch

@@ -1,58 +0,0 @@
-From 72317b333b85eed483ad00bcd4f40944019a7c13 Mon Sep 17 00:00:00 2001
-From: "xtkoba+ruby@gmail.com" <xtkoba+ruby@gmail.com>
-Date: Fri, 13 Aug 2021 13:45:53 +0000
-Subject: [PATCH] Ignore `DW_FORM_ref_addr` [Bug #17052]
-
-Ignore `DW_FORM_ref_addr` form and other forms that are not supposed
-to be used currently.
----
- addr2line.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index fed1a8da84e5..92c6da5e3bea 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -1593,14 +1593,31 @@ di_read_cu(DebugInfoReader *reader)
- }
- 
- static void
--read_abstract_origin(DebugInfoReader *reader, uint64_t abstract_origin, line_info_t *line)
-+read_abstract_origin(DebugInfoReader *reader, uint64_t form, uint64_t abstract_origin, line_info_t *line)
- {
-     char *p = reader->p;
-     char *q = reader->q;
-     int level = reader->level;
-     DIE die;
- 
--    reader->p = reader->current_cu + abstract_origin;
-+    switch (form) {
-+      case DW_FORM_ref1:
-+      case DW_FORM_ref2:
-+      case DW_FORM_ref4:
-+      case DW_FORM_ref8:
-+      case DW_FORM_ref_udata:
-+        reader->p = reader->current_cu + abstract_origin;
-+        break;
-+      case DW_FORM_ref_addr:
-+        goto finish; /* not supported yet */
-+      case DW_FORM_ref_sig8:
-+        goto finish; /* not supported yet */
-+      case DW_FORM_ref_sup4:
-+      case DW_FORM_ref_sup8:
-+        goto finish; /* not supported yet */
-+      default:
-+        goto finish;
-+    }
-     if (!di_read_die(reader, &die)) goto finish;
- 
-     /* enumerate abbrev */
-@@ -1665,7 +1682,7 @@ debug_info_read(DebugInfoReader *reader, int num_traces, void **traces,
-                 /* 1 or 3 */
-                 break; /* goto skip_die; */
-               case DW_AT_abstract_origin:
--                read_abstract_origin(reader, v.as.uint64, &line);
-+                read_abstract_origin(reader, v.form, v.as.uint64, &line);
-                 break; /* goto skip_die; */
-             }
-         }

ruby-3.1.0-Miscellaneous-changes-for-OpenSSL-3.0-support.patch

@@ -1,142 +0,0 @@
-From 8f948ed68a4ed6c05ff66d822711e3b70ae4bb3f Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 27 Sep 2021 13:32:03 +0900
-Subject: [PATCH 1/3] ext/openssl/ossl.h: add helper macros for
- OpenSSL/LibreSSL versions
-
-Add following convenient macros:
-
- - OSSL_IS_LIBRESSL
- - OSSL_OPENSSL_PREREQ(maj, min, pat)
- - OSSL_LIBRESSL_PREREQ(maj, min, pat)
----
- ext/openssl/ossl.h | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
-index c20f506bda..a0cef29d74 100644
---- a/ext/openssl/ossl.h
-+++ b/ext/openssl/ossl.h
-@@ -43,6 +43,18 @@
- #include <openssl/evp.h>
- #include <openssl/dh.h>
- 
-+#ifndef LIBRESSL_VERSION_NUMBER
-+# define OSSL_IS_LIBRESSL 0
-+# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
-+      (OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
-+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
-+#else
-+# define OSSL_IS_LIBRESSL 1
-+# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
-+# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
-+      (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
-+#endif
-+
- /*
-  * Common Module
-  */
--- 
-2.32.0
-
-
-From bbf235091e49807ece8f3a3df95bbfcc9d3ab43d Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sat, 22 Feb 2020 05:37:01 +0900
-Subject: [PATCH 2/3] ts: use TS_VERIFY_CTX_set_certs instead of
- TS_VERIFY_CTS_set_certs
-
-OpenSSL 3.0 fixed the typo in the function name and replaced the
-current 'CTS' version with a macro.
----
- ext/openssl/extconf.rb        | 5 ++++-
- ext/openssl/openssl_missing.h | 5 +++++
- ext/openssl/ossl_ts.c         | 2 +-
- 3 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index 17d93443fc..09cae05b72 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -166,7 +166,7 @@ def find_openssl_library
- have_func("TS_STATUS_INFO_get0_status")
- have_func("TS_STATUS_INFO_get0_text")
- have_func("TS_STATUS_INFO_get0_failure_info")
--have_func("TS_VERIFY_CTS_set_certs")
-+have_func("TS_VERIFY_CTS_set_certs(NULL, NULL)", "openssl/ts.h")
- have_func("TS_VERIFY_CTX_set_store")
- have_func("TS_VERIFY_CTX_add_flags")
- have_func("TS_RESP_CTX_set_time_cb")
-@@ -175,6 +175,9 @@ def find_openssl_library
- 
- # added in 1.1.1
- have_func("EVP_PKEY_check")
-+ 
-+# added in 3.0.0
-+have_func("TS_VERIFY_CTX_set_certs(NULL, NULL)", "openssl/ts.h")
- 
- Logging::message "=== Checking done. ===\n"
- 
-diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h
-index e575415f49..fe486bcfcf 100644
---- a/ext/openssl/openssl_missing.h
-+++ b/ext/openssl/openssl_missing.h
-@@ -242,4 +242,9 @@ IMPL_PKEY_GETTER(EC_KEY, ec)
-     } while (0)
- #endif
- 
-+/* added in 3.0.0 */
-+#if !defined(HAVE_TS_VERIFY_CTX_SET_CERTS)
-+#  define TS_VERIFY_CTX_set_certs(ctx, crts) TS_VERIFY_CTS_set_certs(ctx, crts)
-+#endif
-+
- #endif /* _OSSL_OPENSSL_MISSING_H_ */
-diff --git a/ext/openssl/ossl_ts.c b/ext/openssl/ossl_ts.c
-index 692c0d620f..f1da7c1947 100644
---- a/ext/openssl/ossl_ts.c
-+++ b/ext/openssl/ossl_ts.c
-@@ -820,7 +820,7 @@ ossl_ts_resp_verify(int argc, VALUE *argv, VALUE self)
-         X509_up_ref(cert);
-     }
- 
--    TS_VERIFY_CTS_set_certs(ctx, x509inter);
-+    TS_VERIFY_CTX_set_certs(ctx, x509inter);
-     TS_VERIFY_CTX_add_flags(ctx, TS_VFY_SIGNATURE);
-     TS_VERIFY_CTX_set_store(ctx, x509st);
- 
--- 
-2.32.0
-
-
-From 5fba3bc1df93ab6abc3ea53be3393480f36ea259 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 19 Mar 2021 19:18:25 +0900
-Subject: [PATCH 3/3] ssl: use SSL_get_rbio() to check if SSL is started or not
-
-Use SSL_get_rbio() instead of SSL_get_fd(). SSL_get_fd() internally
-calls SSL_get_rbio() and it's enough for our purpose.
-
-In OpenSSL 3.0, SSL_get_fd() leaves an entry in the OpenSSL error queue
-if BIO has not been set up yet, and we would have to clean it up.
----
- ext/openssl/ossl_ssl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index 4b7efa39f5..ec430bfb0c 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -1535,8 +1535,8 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self)
- static inline int
- ssl_started(SSL *ssl)
- {
--    /* the FD is set in ossl_ssl_setup(), called by #connect or #accept */
--    return SSL_get_fd(ssl) >= 0;
-+    /* BIO is created through ossl_ssl_setup(), called by #connect or #accept */
-+    return SSL_get_rbio(ssl) != NULL;
- }
- 
- static void
--- 
-2.32.0
-

ruby-3.1.0-Properly-exclude-test-cases.patch

@@ -1,93 +0,0 @@
-From 96684439e96aa92e10376b5be45f006772028295 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Thu, 21 Oct 2021 13:02:38 +0200
-Subject: [PATCH] Properly exclude test cases.
-
-Lets consider the following scenario:
-
-~~~
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):001:0> p suite
-OpenSSL::TestEC
-=> OpenSSL::TestEC
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):002:0> p all_test_methods
-["test_ECPrivateKey", "test_ECPrivateKey_encrypted", "test_PUBKEY", "test_check_key", "test_derive_key", "test_dh_compute_key", "test_dsa_sign_asn1_FIPS186_3", "test_ec_group", "test_ec_key", "test_ec_point", "test_ec_point_add", "test_ec_point_mul", "test_generate", "test_marshal", "test_sign_verify", "test_sign_verify_raw"]
-=>
-["test_ECPrivateKey",
- "test_ECPrivateKey_encrypted",
- "test_PUBKEY",
- "test_check_key",
- "test_derive_key",
- "test_dh_compute_key",
- "test_dsa_sign_asn1_FIPS186_3",
- "test_ec_group",
- "test_ec_key",
- "test_ec_point",
- "test_ec_point_add",
- "test_ec_point_mul",
- "test_generate",
- "test_marshal",
- "test_sign_verify",
- "test_sign_verify_raw"]
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):003:0> p filter
-/\A(?=.*)(?!.*(?-mix:(?-mix:memory_leak)|(?-mix:OpenSSL::TestEC.test_check_key)))/
-=> /\A(?=.*)(?!.*(?-mix:(?-mix:memory_leak)|(?-mix:OpenSSL::TestEC.test_check_key)))/
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):004:0> method = "test_check_key"
-=> "test_check_key"
-~~~
-
-The intention here is to exclude the `test_check_key` test case.
-Unfortunately this does not work as expected, because the negative filter
-is never checked:
-
-~~~
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):005:0> filter === method
-=> true
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):006:0> filter === "#{suite}##{method}"
-=> false
-
-irb(#<Test::Unit::AutoRunner::Runner:0x0000560f68afc3c8>):007:0> filter === method || filter === "#{suite}##{method}"
-=> true
-~~~
-
-Therefore always filter against the fully qualified method name
-`#{suite}##{method}`, which should provide the expected result.
-
-However, if plain string filter is used, keep checking also only the
-method name.
-
-This resolves [Bug #16936].
----
- tool/lib/minitest/unit.rb | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/tool/lib/minitest/unit.rb b/tool/lib/minitest/unit.rb
-index c58a609bfa..d5af6cb906 100644
---- a/tool/lib/minitest/unit.rb
-+++ b/tool/lib/minitest/unit.rb
-@@ -956,9 +956,15 @@ def _run_suite suite, type
- 
-       all_test_methods = suite.send "#{type}_methods"
- 
--      filtered_test_methods = all_test_methods.find_all { |m|
--        filter === m || filter === "#{suite}##{m}"
--      }
-+      filtered_test_methods = if Regexp === filter
-+        all_test_methods.find_all { |m|
-+          filter === "#{suite}##{m}"
-+        }
-+      else
-+        all_test_methods.find_all {|m|
-+          filter === m || filter === "#{suite}##{m}"
-+        }
-+      end
- 
-       leakchecker = LeakChecker.new
- 
--- 
-2.32.0
-

ruby-3.1.0-SSL_read-EOF-handling.patch

@@ -1,16 +0,0 @@
-diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
-index 3b425ca..40e748c 100644
---- a/ext/openssl/ossl_ssl.c
-+++ b/ext/openssl/ossl_ssl.c
-@@ -1870,6 +1870,11 @@ ossl_ssl_read_internal(int argc, VALUE *argv, VALUE self, int nonblock)
- 	return str;
- 
-     GetSSL(self, ssl);
-+
-+#ifdef SSL_OP_IGNORE_UNEXPECTED_EOF
-+    SSL_set_options(ssl, SSL_OP_IGNORE_UNEXPECTED_EOF);
-+#endif
-+
-     io = rb_attr_get(self, id_i_io);
-     GetOpenFile(io, fptr);
-     if (ssl_started(ssl)) {

ruby-3.1.0-Support-GCCs-DWARF-5.patch

@@ -1,229 +0,0 @@
-From 3b91792d3d644d6d6b0059cb315c9fe5d3626bab Mon Sep 17 00:00:00 2001
-From: Yusuke Endoh <mame@ruby-lang.org>
-Date: Sat, 6 Mar 2021 00:03:57 +0900
-Subject: [PATCH] Support GCC's DWARF 5 [Bug #17585]
-
-Co-Authored-By: xtkoba (Tee KOBAYASHI) <xtkoba+ruby@gmail.com>
----
- addr2line.c | 119 ++++++++++++++++++++++++++++++++++++++++++----------
- 1 file changed, 97 insertions(+), 22 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index 0029cffbca..855efb40d4 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -159,11 +159,12 @@ typedef struct obj_info {
-     struct dwarf_section debug_info;
-     struct dwarf_section debug_line;
-     struct dwarf_section debug_ranges;
-+    struct dwarf_section debug_rnglists;
-     struct dwarf_section debug_str;
-     struct obj_info *next;
- } obj_info_t;
- 
--#define DWARF_SECTION_COUNT 5
-+#define DWARF_SECTION_COUNT 6
- 
- static struct dwarf_section *
- obj_dwarf_section_at(obj_info_t *obj, int n)
-@@ -173,6 +174,7 @@ obj_dwarf_section_at(obj_info_t *obj, int n)
-         &obj->debug_info,
-         &obj->debug_line,
-         &obj->debug_ranges,
-+        &obj->debug_rnglists,
-         &obj->debug_str
-     };
-     if (n < 0 || DWARF_SECTION_COUNT <= n) {
-@@ -411,7 +413,7 @@ parse_debug_line_cu(int num_traces, void **traces, char **debug_line,
- 	    FILL_LINE();
- 	    break;
- 	case DW_LNS_advance_pc:
--	    a = uleb128((char **)&p);
-+	    a = uleb128((char **)&p) * header.minimum_instruction_length;
- 	    addr += a;
- 	    break;
- 	case DW_LNS_advance_line: {
-@@ -451,7 +453,7 @@ parse_debug_line_cu(int num_traces, void **traces, char **debug_line,
- 	    /* isa = (unsigned int)*/(void)uleb128((char **)&p);
- 	    break;
- 	case 0:
--	    a = *(unsigned char *)p++;
-+	    a = uleb128((char **)&p);
- 	    op = *p++;
- 	    switch (op) {
- 	    case DW_LNE_end_sequence:
-@@ -808,6 +810,18 @@ enum
-     DW_FORM_addrx4 = 0x2c
- };
- 
-+/* Range list entry encodings */
-+enum {
-+    DW_RLE_end_of_list = 0x00,
-+    DW_RLE_base_addressx = 0x01,
-+    DW_RLE_startx_endx = 0x02,
-+    DW_RLE_startx_length = 0x03,
-+    DW_RLE_offset_pair = 0x04,
-+    DW_RLE_base_address = 0x05,
-+    DW_RLE_start_end = 0x06,
-+    DW_RLE_start_length = 0x07
-+};
-+
- enum {
-     VAL_none = 0,
-     VAL_cstr = 1,
-@@ -961,6 +975,23 @@ debug_info_reader_init(DebugInfoReader *reader, obj_info_t *obj)
-     reader->current_low_pc = 0;
- }
- 
-+static void
-+di_skip_die_attributes(char **p)
-+{
-+    for (;;) {
-+        uint64_t at = uleb128(p);
-+        uint64_t form = uleb128(p);
-+        if (!at && !form) break;
-+        switch (form) {
-+          default:
-+            break;
-+          case DW_FORM_implicit_const:
-+            sleb128(p);
-+            break;
-+        }
-+    }
-+}
-+
- static void
- di_read_debug_abbrev_cu(DebugInfoReader *reader)
- {
-@@ -975,12 +1006,7 @@ di_read_debug_abbrev_cu(DebugInfoReader *reader)
-         prev = abbrev_number;
-         uleb128(&p); /* tag */
-         p++; /* has_children */
--        /* skip content */
--        for (;;) {
--            uint64_t at = uleb128(&p);
--            uint64_t form = uleb128(&p);
--            if (!at && !form) break;
--        }
-+        di_skip_die_attributes(&p);
-     }
- }
- 
-@@ -1244,12 +1270,7 @@ di_find_abbrev(DebugInfoReader *reader, uint64_t abbrev_number)
-     /* skip 255th record */
-     uleb128(&p); /* tag */
-     p++; /* has_children */
--    /* skip content */
--    for (;;) {
--        uint64_t at = uleb128(&p);
--        uint64_t form = uleb128(&p);
--        if (!at && !form) break;
--    }
-+    di_skip_die_attributes(&p);
-     for (uint64_t n = uleb128(&p); abbrev_number != n; n = uleb128(&p)) {
-         if (n == 0) {
-             fprintf(stderr,"%d: Abbrev Number %"PRId64" not found\n",__LINE__, abbrev_number);
-@@ -1257,12 +1278,7 @@ di_find_abbrev(DebugInfoReader *reader, uint64_t abbrev_number)
-         }
-         uleb128(&p); /* tag */
-         p++; /* has_children */
--        /* skip content */
--        for (;;) {
--            uint64_t at = uleb128(&p);
--            uint64_t form = uleb128(&p);
--            if (!at && !form) break;
--        }
-+        di_skip_die_attributes(&p);
-     }
-     return p;
- }
-@@ -1390,6 +1406,21 @@ ranges_set(ranges_t *ptr, DebugInfoValue *v)
-     }
- }
- 
-+static uint64_t
-+read_dw_form_addr(DebugInfoReader *reader, char **ptr)
-+{
-+    char *p = *ptr;
-+    *ptr = p + reader->format;
-+    if (reader->format == 4) {
-+        return read_uint32(&p);
-+    } else if (reader->format == 8) {
-+        return read_uint64(&p);
-+    } else {
-+        fprintf(stderr,"unknown address_size:%d", reader->address_size);
-+        abort();
-+    }
-+}
-+
- static uintptr_t
- ranges_include(DebugInfoReader *reader, ranges_t *ptr, uint64_t addr)
- {
-@@ -1403,8 +1434,50 @@ ranges_include(DebugInfoReader *reader, ranges_t *ptr, uint64_t addr)
-     }
-     else if (ptr->ranges_set) {
-         /* TODO: support base address selection entry */
--        char *p = reader->obj->debug_ranges.ptr + ptr->ranges;
-+        char *p;
-         uint64_t base = ptr->low_pc_set ? ptr->low_pc : reader->current_low_pc;
-+        if (reader->obj->debug_rnglists.ptr) {
-+            p = reader->obj->debug_rnglists.ptr + ptr->ranges;
-+            for (;;) {
-+                uint8_t rle = read_uint8(&p);
-+                uintptr_t base_address = 0;
-+                uintptr_t from, to;
-+                if (rle == DW_RLE_end_of_list) break;
-+                switch (rle) {
-+                  case DW_RLE_base_addressx:
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_startx_endx:
-+                    uleb128(&p);
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_startx_length:
-+                    uleb128(&p);
-+                    uleb128(&p);
-+                    break;
-+                  case DW_RLE_offset_pair:
-+                    from = base_address + uleb128(&p);
-+                    to = base_address + uleb128(&p);
-+                    if (base + from <= addr && addr < base + to) {
-+                        return from;
-+                    }
-+                    break;
-+                  case DW_RLE_base_address:
-+                    base_address = read_dw_form_addr(reader, &p);
-+                    break;
-+                  case DW_RLE_start_end:
-+                    read_dw_form_addr(reader, &p);
-+                    read_dw_form_addr(reader, &p);
-+                    break;
-+                  case DW_RLE_start_length:
-+                    read_dw_form_addr(reader, &p);
-+                    uleb128(&p);
-+                    break;
-+                }
-+            }
-+            return false;
-+        }
-+        p = reader->obj->debug_ranges.ptr + ptr->ranges;
-         for (;;) {
-             uintptr_t from = read_uintptr(&p);
-             uintptr_t to = read_uintptr(&p);
-@@ -1750,6 +1823,7 @@ fill_lines(int num_traces, void **traces, int check_debuglink,
-                     ".debug_info",
-                     ".debug_line",
-                     ".debug_ranges",
-+                    ".debug_rnglists",
-                     ".debug_str"
-                 };
- 
-@@ -2006,6 +2080,7 @@ found_mach_header:
-                     "__debug_info",
-                     "__debug_line",
-                     "__debug_ranges",
-+                    "__debug_rnglists",
-                     "__debug_str"
-                 };
-                 struct LP(segment_command) *scmd = (struct LP(segment_command) *)lcmd;

ruby-3.1.0-Use-EVP-API-in-more-places.patch

@@ -1,831 +0,0 @@
-From cf070378020088cd7e69b1cb08be68152ab8a078 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Sun, 17 May 2020 18:25:38 +0900
-Subject: [PATCH 1/3] pkey: implement #to_text using EVP API
-
-Use EVP_PKEY_print_private() instead of the low-level API *_print()
-functions, such as RSA_print().
-
-EVP_PKEY_print_*() family was added in OpenSSL 1.0.0.
-
-Note that it falls back to EVP_PKEY_print_public() and
-EVP_PKEY_print_params() as necessary. This is required for EVP_PKEY_DH
-type for which _private() fails if the private component is not set in
-the pkey object.
-
-Since the new API works in the same way for all key types, we now
-implement #to_text in the base class OpenSSL::PKey::PKey rather than in
-each subclass.
----
- ext/openssl/ossl_pkey.c     | 38 +++++++++++++++++++++++++++++++++++++
- ext/openssl/ossl_pkey_dh.c  | 29 ----------------------------
- ext/openssl/ossl_pkey_dsa.c | 29 ----------------------------
- ext/openssl/ossl_pkey_ec.c  | 27 --------------------------
- ext/openssl/ossl_pkey_rsa.c | 31 ------------------------------
- test/openssl/test_pkey.rb   |  5 +++++
- 6 files changed, 43 insertions(+), 116 deletions(-)
-
-diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
-index f9282b9417..21cd4b2cda 100644
---- a/ext/openssl/ossl_pkey.c
-+++ b/ext/openssl/ossl_pkey.c
-@@ -539,6 +539,43 @@ ossl_pkey_inspect(VALUE self)
-                       OBJ_nid2sn(nid));
- }
- 
-+/*
-+ * call-seq:
-+ *    pkey.to_text -> string
-+ *
-+ * Dumps key parameters, public key, and private key components contained in
-+ * the key into a human-readable text.
-+ *
-+ * This is intended for debugging purpose.
-+ *
-+ * See also the man page EVP_PKEY_print_private(3).
-+ */
-+static VALUE
-+ossl_pkey_to_text(VALUE self)
-+{
-+    EVP_PKEY *pkey;
-+    BIO *bio;
-+
-+    GetPKey(self, pkey);
-+    if (!(bio = BIO_new(BIO_s_mem())))
-+        ossl_raise(ePKeyError, "BIO_new");
-+
-+    if (EVP_PKEY_print_private(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+    OSSL_BIO_reset(bio);
-+    if (EVP_PKEY_print_public(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+    OSSL_BIO_reset(bio);
-+    if (EVP_PKEY_print_params(bio, pkey, 0, NULL) == 1)
-+        goto out;
-+
-+    BIO_free(bio);
-+    ossl_raise(ePKeyError, "EVP_PKEY_print_params");
-+
-+  out:
-+    return ossl_membio2str(bio);
-+}
-+
- VALUE
- ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der)
- {
-@@ -1039,6 +1076,7 @@ Init_ossl_pkey(void)
-     rb_define_method(cPKey, "initialize", ossl_pkey_initialize, 0);
-     rb_define_method(cPKey, "oid", ossl_pkey_oid, 0);
-     rb_define_method(cPKey, "inspect", ossl_pkey_inspect, 0);
-+    rb_define_method(cPKey, "to_text", ossl_pkey_to_text, 0);
-     rb_define_method(cPKey, "private_to_der", ossl_pkey_private_to_der, -1);
-     rb_define_method(cPKey, "private_to_pem", ossl_pkey_private_to_pem, -1);
-     rb_define_method(cPKey, "public_to_der", ossl_pkey_public_to_der, 0);
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index 6b477b077c..acd3bf474e 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -266,34 +266,6 @@ ossl_dh_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *     dh.to_text -> aString
-- *
-- * Prints all parameters of key to buffer
-- * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
-- * Don't use :-)) (I's up to you)
-- */
--static VALUE
--ossl_dh_to_text(VALUE self)
--{
--    DH *dh;
--    BIO *out;
--    VALUE str;
--
--    GetDH(self, dh);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eDHError, NULL);
--    }
--    if (!DHparams_print(out, dh)) {
--	BIO_free(out);
--	ossl_raise(eDHError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *     dh.public_key -> aDH
-@@ -426,7 +398,6 @@ Init_ossl_dh(void)
-     rb_define_method(cDH, "initialize_copy", ossl_dh_initialize_copy, 1);
-     rb_define_method(cDH, "public?", ossl_dh_is_public, 0);
-     rb_define_method(cDH, "private?", ossl_dh_is_private, 0);
--    rb_define_method(cDH, "to_text", ossl_dh_to_text, 0);
-     rb_define_method(cDH, "export", ossl_dh_export, 0);
-     rb_define_alias(cDH, "to_pem", "export");
-     rb_define_alias(cDH, "to_s", "export");
-diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
-index 1c5a8a737e..f017cceb4a 100644
---- a/ext/openssl/ossl_pkey_dsa.c
-+++ b/ext/openssl/ossl_pkey_dsa.c
-@@ -264,34 +264,6 @@ ossl_dsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *    dsa.to_text -> aString
-- *
-- * Prints all parameters of key to buffer
-- * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
-- * Don't use :-)) (I's up to you)
-- */
--static VALUE
--ossl_dsa_to_text(VALUE self)
--{
--    DSA *dsa;
--    BIO *out;
--    VALUE str;
--
--    GetDSA(self, dsa);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eDSAError, NULL);
--    }
--    if (!DSA_print(out, dsa, 0)) { /* offset = 0 */
--	BIO_free(out);
--	ossl_raise(eDSAError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *    dsa.public_key -> aDSA
-@@ -469,7 +441,6 @@ Init_ossl_dsa(void)
- 
-     rb_define_method(cDSA, "public?", ossl_dsa_is_public, 0);
-     rb_define_method(cDSA, "private?", ossl_dsa_is_private, 0);
--    rb_define_method(cDSA, "to_text", ossl_dsa_to_text, 0);
-     rb_define_method(cDSA, "export", ossl_dsa_export, -1);
-     rb_define_alias(cDSA, "to_pem", "export");
-     rb_define_alias(cDSA, "to_s", "export");
-diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
-index c2534251c3..ecb8305184 100644
---- a/ext/openssl/ossl_pkey_ec.c
-+++ b/ext/openssl/ossl_pkey_ec.c
-@@ -417,32 +417,6 @@ ossl_ec_key_to_der(VALUE self)
-     else
-         return ossl_pkey_export_spki(self, 1);
- }
--
--/*
-- *  call-seq:
-- *     key.to_text   => String
-- *
-- *  See the OpenSSL documentation for EC_KEY_print()
-- */
--static VALUE ossl_ec_key_to_text(VALUE self)
--{
--    EC_KEY *ec;
--    BIO *out;
--    VALUE str;
--
--    GetEC(self, ec);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eECError, "BIO_new(BIO_s_mem())");
--    }
--    if (!EC_KEY_print(out, ec, 0)) {
--	BIO_free(out);
--	ossl_raise(eECError, "EC_KEY_print");
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  *  call-seq:
-  *     key.generate_key!   => self
-@@ -1633,7 +1607,6 @@ void Init_ossl_ec(void)
-     rb_define_method(cEC, "export", ossl_ec_key_export, -1);
-     rb_define_alias(cEC, "to_pem", "export");
-     rb_define_method(cEC, "to_der", ossl_ec_key_to_der, 0);
--    rb_define_method(cEC, "to_text", ossl_ec_key_to_text, 0);
- 
- 
-     rb_define_alloc_func(cEC_GROUP, ossl_ec_group_alloc);
-diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
-index 43f82cb29e..7a7e66dbda 100644
---- a/ext/openssl/ossl_pkey_rsa.c
-+++ b/ext/openssl/ossl_pkey_rsa.c
-@@ -587,36 +587,6 @@ ossl_rsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- * call-seq:
-- *   rsa.to_text => String
-- *
-- * THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!
-- *
-- * Dumps all parameters of a keypair to a String
-- *
-- * Don't use :-)) (It's up to you)
-- */
--static VALUE
--ossl_rsa_to_text(VALUE self)
--{
--    RSA *rsa;
--    BIO *out;
--    VALUE str;
--
--    GetRSA(self, rsa);
--    if (!(out = BIO_new(BIO_s_mem()))) {
--	ossl_raise(eRSAError, NULL);
--    }
--    if (!RSA_print(out, rsa, 0)) { /* offset = 0 */
--	BIO_free(out);
--	ossl_raise(eRSAError, NULL);
--    }
--    str = ossl_membio2str(out);
--
--    return str;
--}
--
- /*
-  * call-seq:
-  *    rsa.public_key -> RSA
-@@ -738,7 +708,6 @@ Init_ossl_rsa(void)
- 
-     rb_define_method(cRSA, "public?", ossl_rsa_is_public, 0);
-     rb_define_method(cRSA, "private?", ossl_rsa_is_private, 0);
--    rb_define_method(cRSA, "to_text", ossl_rsa_to_text, 0);
-     rb_define_method(cRSA, "export", ossl_rsa_export, -1);
-     rb_define_alias(cRSA, "to_pem", "export");
-     rb_define_alias(cRSA, "to_s", "export");
-diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
-index 5307fe5b08..3630458b3c 100644
---- a/test/openssl/test_pkey.rb
-+++ b/test/openssl/test_pkey.rb
-@@ -151,4 +151,9 @@ def test_x25519
-     assert_equal bob_pem, bob.public_to_pem
-     assert_equal [shared_secret].pack("H*"), alice.derive(bob)
-   end
-+
-+  def test_to_text
-+    rsa = Fixtures.pkey("rsa1024")
-+    assert_include rsa.to_text, "publicExponent"
-+  end
- end
--- 
-2.32.0
-
-
-From 0c45b22e485bfa62f4d704b08e3704e6444118c4 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 15 Apr 2021 19:11:32 +0900
-Subject: [PATCH 2/3] pkey: implement {DH,DSA,RSA}#public_key in Ruby
-
-The low-level API that is used to implement #public_key is deprecated
-in OpenSSL 3.0. It is actually very simple to implement in another way,
-using existing methods only, in much shorter code. Let's do it.
-
-While we are at it, the documentation is updated to recommend against
-using #public_key. Now that OpenSSL::PKey::PKey implements public_to_der
-method, there is no real use case for #public_key in newly written Ruby
-programs.
----
- ext/openssl/lib/openssl/pkey.rb | 55 ++++++++++++++++++++++++++++
- ext/openssl/ossl_pkey_dh.c      | 63 +++++++--------------------------
- ext/openssl/ossl_pkey_dsa.c     | 42 ----------------------
- ext/openssl/ossl_pkey_rsa.c     | 58 +-----------------------------
- test/openssl/test_pkey_rsa.rb   | 37 ++++++++++---------
- 5 files changed, 87 insertions(+), 168 deletions(-)
-
-diff --git a/ext/openssl/lib/openssl/pkey.rb b/ext/openssl/lib/openssl/pkey.rb
-index 53ee52f98b..569559e1ce 100644
---- a/ext/openssl/lib/openssl/pkey.rb
-+++ b/ext/openssl/lib/openssl/pkey.rb
-@@ -10,6 +10,30 @@ module OpenSSL::PKey
-   class DH
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    dh.public_key -> dhnew
-+    #
-+    # Returns a new DH instance that carries just the \DH parameters.
-+    #
-+    # Contrary to the method name, the returned DH object contains only
-+    # parameters and not the public key.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of re-generating the key pair while keeping the
-+    # parameters, check OpenSSL::PKey.generate_key.
-+    #
-+    # Example:
-+    #   # OpenSSL::PKey::DH.generate by default generates a random key pair
-+    #   dh1 = OpenSSL::PKey::DH.generate(2048)
-+    #   p dh1.priv_key #=> #<OpenSSL::BN 1288347...>
-+    #   dhcopy = dh1.public_key
-+    #   p dhcopy.priv_key #=> nil
-+    def public_key
-+      DH.new(to_der)
-+    end
-+
-     # :call-seq:
-     #    dh.compute_key(pub_bn) -> string
-     #
-@@ -89,6 +113,22 @@ def new(*args, &blk) # :nodoc:
-   class DSA
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    dsa.public_key -> dsanew
-+    #
-+    # Returns a new DSA instance that carries just the \DSA parameters and the
-+    # public key.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of serializing the public key, to PEM or DER encoding of
-+    # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
-+    # PKey#public_to_der.
-+    def public_key
-+      OpenSSL::PKey.read(public_to_der)
-+    end
-+
-     class << self
-       # :call-seq:
-       #    DSA.generate(size) -> dsa
-@@ -159,6 +199,21 @@ def to_bn(conversion_form = group.point_conversion_form)
-   class RSA
-     include OpenSSL::Marshal
- 
-+    # :call-seq:
-+    #    rsa.public_key -> rsanew
-+    #
-+    # Returns a new RSA instance that carries just the public key components.
-+    #
-+    # This method is provided for backwards compatibility. In most cases, there
-+    # is no need to call this method.
-+    #
-+    # For the purpose of serializing the public key, to PEM or DER encoding of
-+    # X.509 SubjectPublicKeyInfo format, check PKey#public_to_pem and
-+    # PKey#public_to_der.
-+    def public_key
-+      OpenSSL::PKey.read(public_to_der)
-+    end
-+
-     class << self
-       # :call-seq:
-       #    RSA.generate(size, exponent = 65537) -> RSA
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index acd3bf474e..a512b209d3 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -266,48 +266,6 @@ ossl_dh_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *     dh.public_key -> aDH
-- *
-- * Returns a new DH instance that carries just the public information, i.e.
-- * the prime _p_ and the generator _g_, but no public/private key yet. Such
-- * a pair may be generated using DH#generate_key!. The "public key" needed
-- * for a key exchange with DH#compute_key is considered as per-session
-- * information and may be retrieved with DH#pub_key once a key pair has
-- * been generated.
-- * If the current instance already contains private information (and thus a
-- * valid public/private key pair), this information will no longer be present
-- * in the new instance generated by DH#public_key. This feature is helpful for
-- * publishing the Diffie-Hellman parameters without leaking any of the private
-- * per-session information.
-- *
-- * === Example
-- *  dh = OpenSSL::PKey::DH.new(2048) # has public and private key set
-- *  public_key = dh.public_key # contains only prime and generator
-- *  parameters = public_key.to_der # it's safe to publish this
-- */
--static VALUE
--ossl_dh_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey;
--    DH *orig_dh, *dh;
--    VALUE obj;
--
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey);
--
--    GetDH(self, orig_dh);
--    dh = DHparams_dup(orig_dh);
--    if (!dh)
--        ossl_raise(eDHError, "DHparams_dup");
--    if (!EVP_PKEY_assign_DH(pkey, dh)) {
--        DH_free(dh);
--        ossl_raise(eDHError, "EVP_PKEY_assign_DH");
--    }
--    return obj;
--}
--
- /*
-  *  call-seq:
-  *     dh.params_ok? -> true | false
-@@ -384,14 +342,20 @@ Init_ossl_dh(void)
-      *   The per-session private key, an OpenSSL::BN.
-      *
-      * === Example of a key exchange
--     *  dh1 = OpenSSL::PKey::DH.new(2048)
--     *  der = dh1.public_key.to_der #you may send this publicly to the participating party
--     *  dh2 = OpenSSL::PKey::DH.new(der)
--     *  dh2.generate_key! #generate the per-session key pair
--     *  symm_key1 = dh1.compute_key(dh2.pub_key)
--     *  symm_key2 = dh2.compute_key(dh1.pub_key)
-+     *   # you may send the parameters (der) and own public key (pub1) publicly
-+     *   # to the participating party
-+     *   dh1 = OpenSSL::PKey::DH.new(2048)
-+     *   der = dh1.to_der
-+     *   pub1 = dh1.pub_key
-+     *
-+     *   # the other party generates its per-session key pair
-+     *   dhparams = OpenSSL::PKey::DH.new(der)
-+     *   dh2 = OpenSSL::PKey.generate_key(dhparams)
-+     *   pub2 = dh2.pub_key
-      *
--     *  puts symm_key1 == symm_key2 # => true
-+     *   symm_key1 = dh1.compute_key(pub2)
-+     *   symm_key2 = dh2.compute_key(pub1)
-+     *   puts symm_key1 == symm_key2 # => true
-      */
-     cDH = rb_define_class_under(mPKey, "DH", cPKey);
-     rb_define_method(cDH, "initialize", ossl_dh_initialize, -1);
-@@ -402,7 +366,6 @@ Init_ossl_dh(void)
-     rb_define_alias(cDH, "to_pem", "export");
-     rb_define_alias(cDH, "to_s", "export");
-     rb_define_method(cDH, "to_der", ossl_dh_to_der, 0);
--    rb_define_method(cDH, "public_key", ossl_dh_to_public_key, 0);
-     rb_define_method(cDH, "params_ok?", ossl_dh_check_params, 0);
- 
-     DEF_OSSL_PKEY_BN(cDH, dh, p);
-diff --git a/ext/openssl/ossl_pkey_dsa.c b/ext/openssl/ossl_pkey_dsa.c
-index f017cceb4a..ab9ac781e8 100644
---- a/ext/openssl/ossl_pkey_dsa.c
-+++ b/ext/openssl/ossl_pkey_dsa.c
-@@ -264,47 +264,6 @@ ossl_dsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- *  call-seq:
-- *    dsa.public_key -> aDSA
-- *
-- * Returns a new DSA instance that carries just the public key information.
-- * If the current instance has also private key information, this will no
-- * longer be present in the new instance. This feature is helpful for
-- * publishing the public key information without leaking any of the private
-- * information.
-- *
-- * === Example
-- *  dsa = OpenSSL::PKey::DSA.new(2048) # has public and private information
-- *  pub_key = dsa.public_key # has only the public part available
-- *  pub_key_der = pub_key.to_der # it's safe to publish this
-- *
-- *
-- */
--static VALUE
--ossl_dsa_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey, *pkey_new;
--    DSA *dsa;
--    VALUE obj;
--
--    GetPKeyDSA(self, pkey);
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey_new);
--
--#define DSAPublicKey_dup(dsa) (DSA *)ASN1_dup( \
--	(i2d_of_void *)i2d_DSAPublicKey, (d2i_of_void *)d2i_DSAPublicKey, (char *)(dsa))
--    dsa = DSAPublicKey_dup(EVP_PKEY_get0_DSA(pkey));
--#undef DSAPublicKey_dup
--    if (!dsa)
--        ossl_raise(eDSAError, "DSAPublicKey_dup");
--    if (!EVP_PKEY_assign_DSA(pkey_new, dsa)) {
--        DSA_free(dsa);
--        ossl_raise(eDSAError, "EVP_PKEY_assign_DSA");
--    }
--    return obj;
--}
--
- /*
-  *  call-seq:
-  *    dsa.syssign(string) -> aString
-@@ -445,7 +404,6 @@ Init_ossl_dsa(void)
-     rb_define_alias(cDSA, "to_pem", "export");
-     rb_define_alias(cDSA, "to_s", "export");
-     rb_define_method(cDSA, "to_der", ossl_dsa_to_der, 0);
--    rb_define_method(cDSA, "public_key", ossl_dsa_to_public_key, 0);
-     rb_define_method(cDSA, "syssign", ossl_dsa_sign, 1);
-     rb_define_method(cDSA, "sysverify", ossl_dsa_verify, 2);
- 
-diff --git a/ext/openssl/ossl_pkey_rsa.c b/ext/openssl/ossl_pkey_rsa.c
-index 7a7e66dbda..1c5476cdcd 100644
---- a/ext/openssl/ossl_pkey_rsa.c
-+++ b/ext/openssl/ossl_pkey_rsa.c
-@@ -390,7 +390,7 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self)
-  *   data = "Sign me!"
-  *   pkey = OpenSSL::PKey::RSA.new(2048)
-  *   signature = pkey.sign_pss("SHA256", data, salt_length: :max, mgf1_hash: "SHA256")
-- *   pub_key = pkey.public_key
-+ *   pub_key = OpenSSL::PKey.read(pkey.public_to_der)
-  *   puts pub_key.verify_pss("SHA256", signature, data,
-  *                           salt_length: :auto, mgf1_hash: "SHA256") # => true
-  */
-@@ -587,61 +587,6 @@ ossl_rsa_get_params(VALUE self)
-     return hash;
- }
- 
--/*
-- * call-seq:
-- *    rsa.public_key -> RSA
-- *
-- * Makes new RSA instance containing the public key from the private key.
-- */
--static VALUE
--ossl_rsa_to_public_key(VALUE self)
--{
--    EVP_PKEY *pkey, *pkey_new;
--    RSA *rsa;
--    VALUE obj;
--
--    GetPKeyRSA(self, pkey);
--    obj = rb_obj_alloc(rb_obj_class(self));
--    GetPKey(obj, pkey_new);
--
--    rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey));
--    if (!rsa)
--        ossl_raise(eRSAError, "RSAPublicKey_dup");
--    if (!EVP_PKEY_assign_RSA(pkey_new, rsa)) {
--        RSA_free(rsa);
--        ossl_raise(eRSAError, "EVP_PKEY_assign_RSA");
--    }
--    return obj;
--}
--
--/*
-- * TODO: Test me
--
--static VALUE
--ossl_rsa_blinding_on(VALUE self)
--{
--    RSA *rsa;
--
--    GetRSA(self, rsa);
--
--    if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) {
--	ossl_raise(eRSAError, NULL);
--    }
--    return self;
--}
--
--static VALUE
--ossl_rsa_blinding_off(VALUE self)
--{
--    RSA *rsa;
--
--    GetRSA(self, rsa);
--    RSA_blinding_off(rsa);
--
--    return self;
--}
-- */
--
- /*
-  * Document-method: OpenSSL::PKey::RSA#set_key
-  * call-seq:
-@@ -712,7 +657,6 @@ Init_ossl_rsa(void)
-     rb_define_alias(cRSA, "to_pem", "export");
-     rb_define_alias(cRSA, "to_s", "export");
-     rb_define_method(cRSA, "to_der", ossl_rsa_to_der, 0);
--    rb_define_method(cRSA, "public_key", ossl_rsa_to_public_key, 0);
-     rb_define_method(cRSA, "public_encrypt", ossl_rsa_public_encrypt, -1);
-     rb_define_method(cRSA, "public_decrypt", ossl_rsa_public_decrypt, -1);
-     rb_define_method(cRSA, "private_encrypt", ossl_rsa_private_encrypt, -1);
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index d1e68dbc9f..5f8d04e754 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -69,29 +69,28 @@ def test_private
-   end
- 
-   def test_new
--    key = OpenSSL::PKey::RSA.new 512
--    pem  = key.public_key.to_pem
--    OpenSSL::PKey::RSA.new pem
--    assert_equal([], OpenSSL.errors)
--  end
-+    key = OpenSSL::PKey::RSA.new(512)
-+    assert_equal 512, key.n.num_bits
-+    assert_equal 65537, key.e
-+    assert_not_nil key.d
- 
--  def test_new_exponent_default
--    assert_equal(65537, OpenSSL::PKey::RSA.new(512).e)
-+    # Specify public exponent
-+    key2 = OpenSSL::PKey::RSA.new(512, 3)
-+    assert_equal 512, key2.n.num_bits
-+    assert_equal 3, key2.e
-+    assert_not_nil key2.d
-   end
- 
--  def test_new_with_exponent
--    1.upto(30) do |idx|
--      e = (2 ** idx) + 1
--      key = OpenSSL::PKey::RSA.new(512, e)
--      assert_equal(e, key.e)
--    end
--  end
-+  def test_s_generate
-+    key1 = OpenSSL::PKey::RSA.generate(512)
-+    assert_equal 512, key1.n.num_bits
-+    assert_equal 65537, key1.e
- 
--  def test_generate
--    key = OpenSSL::PKey::RSA.generate(512, 17)
--    assert_equal 512, key.n.num_bits
--    assert_equal 17, key.e
--    assert_not_nil key.d
-+    # Specify public exponent
-+    key2 = OpenSSL::PKey::RSA.generate(512, 3)
-+    assert_equal 512, key2.n.num_bits
-+    assert_equal 3, key2.e
-+    assert_not_nil key2.d
-   end
- 
-   def test_new_break
--- 
-2.32.0
-
-
-From 2150af0e55b2a25c24f62006e27e0aec3dc81b57 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 10 Jul 2020 14:34:51 +0900
-Subject: [PATCH 3/3] pkey/dh, pkey/ec: use EVP_PKEY_check() family
-
-Use EVP_PKEY_param_check() instead of DH_check() if available. Also,
-use EVP_PKEY_public_check() instead of EC_KEY_check_key().
-
-EVP_PKEY_*check() is part of the EVP API and is meant to replace those
-low-level functions. They were added by OpenSSL 1.1.1. It is currently
-not provided by LibreSSL.
----
- ext/openssl/extconf.rb       |  3 +++
- ext/openssl/ossl_pkey_dh.c   | 27 +++++++++++++++++++++++----
- ext/openssl/ossl_pkey_ec.c   | 23 +++++++++++++++++++----
- test/openssl/test_pkey_dh.rb | 16 ++++++++++++++++
- 4 files changed, 61 insertions(+), 8 deletions(-)
-
-diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
-index b3c6647faf..17d93443fc 100644
---- a/ext/openssl/extconf.rb
-+++ b/ext/openssl/extconf.rb
-@@ -173,6 +173,9 @@ def find_openssl_library
- have_func("EVP_PBE_scrypt")
- have_func("SSL_CTX_set_post_handshake_auth")
- 
-+# added in 1.1.1
-+have_func("EVP_PKEY_check")
-+
- Logging::message "=== Checking done. ===\n"
- 
- create_header
-diff --git a/ext/openssl/ossl_pkey_dh.c b/ext/openssl/ossl_pkey_dh.c
-index a512b209d3..ca782bbe59 100644
---- a/ext/openssl/ossl_pkey_dh.c
-+++ b/ext/openssl/ossl_pkey_dh.c
-@@ -273,19 +273,38 @@ ossl_dh_get_params(VALUE self)
-  * Validates the Diffie-Hellman parameters associated with this instance.
-  * It checks whether a safe prime and a suitable generator are used. If this
-  * is not the case, +false+ is returned.
-+ *
-+ * See also the man page EVP_PKEY_param_check(3).
-  */
- static VALUE
- ossl_dh_check_params(VALUE self)
- {
-+    int ret;
-+#ifdef HAVE_EVP_PKEY_CHECK
-+    EVP_PKEY *pkey;
-+    EVP_PKEY_CTX *pctx;
-+
-+    GetPKey(self, pkey);
-+    pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
-+    if (!pctx)
-+        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
-+    ret = EVP_PKEY_param_check(pctx);
-+    EVP_PKEY_CTX_free(pctx);
-+#else
-     DH *dh;
-     int codes;
- 
-     GetDH(self, dh);
--    if (!DH_check(dh, &codes)) {
--	return Qfalse;
--    }
-+    ret = DH_check(dh, &codes) == 1 && codes == 0;
-+#endif
- 
--    return codes == 0 ? Qtrue : Qfalse;
-+    if (ret == 1)
-+        return Qtrue;
-+    else {
-+        /* DH_check_ex() will put error entry on failure */
-+        ossl_clear_error();
-+        return Qfalse;
-+    }
- }
- 
- /*
-diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
-index ecb8305184..829529d4b9 100644
---- a/ext/openssl/ossl_pkey_ec.c
-+++ b/ext/openssl/ossl_pkey_ec.c
-@@ -443,20 +443,35 @@ static VALUE ossl_ec_key_generate_key(VALUE self)
- }
- 
- /*
-- *  call-seq:
-- *     key.check_key   => true
-+ * call-seq:
-+ *    key.check_key   => true
-  *
-- *  Raises an exception if the key is invalid.
-+ * Raises an exception if the key is invalid.
-  *
-- *  See the OpenSSL documentation for EC_KEY_check_key()
-+ * See also the man page EVP_PKEY_public_check(3).
-  */
- static VALUE ossl_ec_key_check_key(VALUE self)
- {
-+#ifdef HAVE_EVP_PKEY_CHECK
-+    EVP_PKEY *pkey;
-+    EVP_PKEY_CTX *pctx;
-+    int ret;
-+
-+    GetPKey(self, pkey);
-+    pctx = EVP_PKEY_CTX_new(pkey, /* engine */NULL);
-+    if (!pctx)
-+        ossl_raise(eDHError, "EVP_PKEY_CTX_new");
-+    ret = EVP_PKEY_public_check(pctx);
-+    EVP_PKEY_CTX_free(pctx);
-+    if (ret != 1)
-+        ossl_raise(eECError, "EVP_PKEY_public_check");
-+#else
-     EC_KEY *ec;
- 
-     GetEC(self, ec);
-     if (EC_KEY_check_key(ec) != 1)
- 	ossl_raise(eECError, "EC_KEY_check_key");
-+#endif
- 
-     return Qtrue;
- }
-diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
-index 279ce1984c..f80af8f841 100644
---- a/test/openssl/test_pkey_dh.rb
-+++ b/test/openssl/test_pkey_dh.rb
-@@ -86,6 +86,22 @@ def test_key_exchange
-     assert_equal(dh.compute_key(dh2.pub_key), dh2.compute_key(dh.pub_key))
-   end
- 
-+  def test_params_ok?
-+    dh0 = Fixtures.pkey("dh1024")
-+
-+    dh1 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([
-+      OpenSSL::ASN1::Integer(dh0.p),
-+      OpenSSL::ASN1::Integer(dh0.g)
-+    ]))
-+    assert_equal(true, dh1.params_ok?)
-+
-+    dh2 = OpenSSL::PKey::DH.new(OpenSSL::ASN1::Sequence([
-+      OpenSSL::ASN1::Integer(dh0.p + 1),
-+      OpenSSL::ASN1::Integer(dh0.g)
-+    ]))
-+    assert_equal(false, dh2.params_ok?)
-+  end
-+
-   def test_dup
-     dh = Fixtures.pkey("dh1024")
-     dh2 = dh.dup
--- 
-2.32.0
-

ruby-3.1.0-addr2line-DW_FORM_ref_addr.patch

@@ -1,29 +0,0 @@
-From a9977ba2f9863e3fb1b2346589ebbca67d80536c Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Sat, 14 Aug 2021 10:08:19 +0900
-Subject: [PATCH] Constified addr2line.c
-
----
- addr2line.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/addr2line.c b/addr2line.c
-index 8ee4416650d3..fed1a8da84e5 100644
---- a/addr2line.c
-+++ b/addr2line.c
-@@ -1138,12 +1138,12 @@ debug_info_reader_read_value(DebugInfoReader *reader, uint64_t form, DebugInfoVa
-         set_uint_value(v, read_uleb128(reader));
-         break;
-       case DW_FORM_ref_addr:
--        if (reader->address_size == 4) {
-+        if (reader->format == 4) {
-             set_uint_value(v, read_uint32(&reader->p));
--        } else if (reader->address_size == 8) {
-+        } else if (reader->format == 8) {
-             set_uint_value(v, read_uint64(&reader->p));
-         } else {
--            fprintf(stderr,"unknown address_size:%d", reader->address_size);
-+            fprintf(stderr,"unknown format:%d", reader->format);
-             abort();
-         }
-         break;

ruby-3.1.0-autoconf-2.70-add-ac-prog-cc.patch

@@ -1,27 +0,0 @@
-From 912a8dcfc5369d840dcd6bf0f88ee0bac7d902d6 Mon Sep 17 00:00:00 2001
-From: Nobuyoshi Nakada <nobu@ruby-lang.org>
-Date: Thu, 30 Sep 2021 18:24:37 +0900
-Subject: [PATCH] Needs `AC_PROG_CC`
-
-Although `AC_PROG_CC_C99` has been obsolete, `AC_PROG_CC` is not
-and the latter is necessary not to make C++ compiler mandatory.
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index b24a8f59b0..c7059ee1ec 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -203,7 +203,7 @@ rb_test_CXXFLAGS=${CXXFLAGS+yes}
- # BSD's ports and MacPorts prefix GNU binutils with 'g'
- 
- dnl Seems necessarily in order to add -std=gnu99 option for gcc 4.9.
--m4_version_prereq([2.70], [], [AC_PROG_CC_C99])
-+m4_version_prereq([2.70], [AC_PROG_CC], [AC_PROG_CC_C99])
- 
- AC_PROG_CXX
- AC_PROG_CPP
--- 
-2.31.1
-

ruby-3.1.0-test-openssl-test_digest-do-not-test-constants-for-l.patch

@@ -1,29 +0,0 @@
-From b4b5eab2a5fd0e9ac62c01102dd26d0a433c5683 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 18 May 2020 02:17:28 +0900
-Subject: [PATCH] test/openssl/test_digest: do not test constants for legacy
- algorithms
-
-Remove availability test for MD4 and RIPEMD160 as they are considered
-legacy and may be missing depending on the compile-time options of
-OpenSSL. OpenSSL 3.0 by default disables them.
----
- test/openssl/test_digest.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/test/openssl/test_digest.rb b/test/openssl/test_digest.rb
-index 8d7046e831..84c128c12f 100644
---- a/test/openssl/test_digest.rb
-+++ b/test/openssl/test_digest.rb
-@@ -54,7 +54,7 @@ def test_reset
-   end
- 
-   def test_digest_constants
--    %w{MD4 MD5 RIPEMD160 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
-+    %w{MD5 SHA1 SHA224 SHA256 SHA384 SHA512}.each do |name|
-       assert_not_nil(OpenSSL::Digest.new(name))
-       klass = OpenSSL::Digest.const_get(name.tr('-', '_'))
-       assert_not_nil(klass.new)
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_pkcs12-fix-test-failures-with-Open.patch

@@ -1,439 +0,0 @@
-From 9596788bdd2d061bef042485af14262e9fc4020c Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 13 Aug 2020 23:20:55 +0900
-Subject: [PATCH] test/openssl/test_pkcs12: fix test failures with OpenSSL 3.0
-
-OpenSSL's PKCS12_create() by default uses pbewithSHAAnd40BitRC2-CBC for
-encryption of the certificates. However, in OpenSSL 3.0, the algorithm
-is part of the legacy provider and is not enabled by default.
-
-Specify another algorithm that is still in the default provider for
-these test cases.
----
- test/openssl/test_pkcs12.rb | 297 ++++++++++++++++++------------------
- 1 file changed, 149 insertions(+), 148 deletions(-)
-
-diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb
-index fdbe753b17..ec676743bc 100644
---- a/test/openssl/test_pkcs12.rb
-+++ b/test/openssl/test_pkcs12.rb
-@@ -5,6 +5,9 @@
- 
- module OpenSSL
-   class TestPKCS12 < OpenSSL::TestCase
-+    DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES"
-+    DEFAULT_PBE_CERTS = "PBE-SHA1-3DES"
-+
-     def setup
-       super
-       ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA")
-@@ -14,47 +17,41 @@ def setup
-         ["subjectKeyIdentifier","hash",false],
-         ["authorityKeyIdentifier","keyid:always",false],
-       ]
--      @cacert = issue_cert(ca, Fixtures.pkey("rsa2048"), 1, ca_exts, nil, nil)
-+      ca_key = Fixtures.pkey("rsa-1")
-+      @cacert = issue_cert(ca, ca_key, 1, ca_exts, nil, nil)
- 
-       inter_ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Intermediate CA")
--      inter_ca_key = OpenSSL::PKey.read <<-_EOS_
-------BEGIN RSA PRIVATE KEY-----
--MIICXAIBAAKBgQDp7hIG0SFMG/VWv1dBUWziAPrNmkMXJgTCAoB7jffzRtyyN04K
--oq/89HAszTMStZoMigQURfokzKsjpUp8OYCAEsBtt9d5zPndWMz/gHN73GrXk3LT
--ZsxEn7Xv5Da+Y9F/Hx2QZUHarV5cdZixq2NbzWGwrToogOQMh2pxN3Z/0wIDAQAB
--AoGBAJysUyx3olpsGzv3OMRJeahASbmsSKTXVLZvoIefxOINosBFpCIhZccAG6UV
--5c/xCvS89xBw8aD15uUfziw3AuT8QPEtHCgfSjeT7aWzBfYswEgOW4XPuWr7EeI9
--iNHGD6z+hCN/IQr7FiEBgTp6A+i/hffcSdR83fHWKyb4M7TRAkEA+y4BNd668HmC
--G5MPRx25n6LixuBxrNp1umfjEI6UZgEFVpYOg4agNuimN6NqM253kcTR94QNTUs5
--Kj3EhG1YWwJBAO5rUjiOyCNVX2WUQrOMYK/c1lU7fvrkdygXkvIGkhsPoNRzLPeA
--HGJszKtrKD8bNihWpWNIyqKRHfKVD7yXT+kCQGCAhVCIGTRoypcDghwljHqLnysf
--ci0h5ZdPcIqc7ODfxYhFsJ/Rql5ONgYsT5Ig/+lOQAkjf+TRYM4c2xKx2/8CQBvG
--jv6dy70qDgIUgqzONtlmHeYyFzn9cdBO5sShdVYHvRHjFSMEXsosqK9zvW2UqvuK
--FJx7d3f29gkzynCLJDkCQGQZlEZJC4vWmWJGRKJ24P6MyQn3VsPfErSKOg4lvyM3
--Li8JsX5yIiuVYaBg/6ha3tOg4TCa5K/3r3tVliRZ2Es=
-------END RSA PRIVATE KEY-----
--      _EOS_
--      @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, Fixtures.pkey("rsa2048"))
-+      inter_ca_key = Fixtures.pkey("rsa-2")
-+      @inter_cacert = issue_cert(inter_ca, inter_ca_key, 2, ca_exts, @cacert, ca_key)
- 
-       exts = [
-         ["keyUsage","digitalSignature",true],
-         ["subjectKeyIdentifier","hash",false],
-       ]
-       ee = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=Ruby PKCS12 Test Certificate")
--      @mykey = Fixtures.pkey("rsa1024")
-+      @mykey = Fixtures.pkey("rsa-3")
-       @mycert = issue_cert(ee, @mykey, 3, exts, @inter_cacert, inter_ca_key)
-     end
- 
--    def test_create
-+    def test_create_single_key_single_cert
-       pkcs12 = OpenSSL::PKCS12.create(
-         "omg",
-         "hello",
-         @mykey,
--        @mycert
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
--      assert_equal @mycert.to_der, pkcs12.certificate.to_der
-+      assert_equal @mycert, pkcs12.certificate
-       assert_equal @mykey.to_der, pkcs12.key.to_der
-       assert_nil pkcs12.ca_certs
-+
-+      der = pkcs12.to_der
-+      decoded = OpenSSL::PKCS12.new(der, "omg")
-+      assert_equal @mykey.to_der, decoded.key.to_der
-+      assert_equal @mycert, decoded.certificate
-+      assert_equal [], Array(decoded.ca_certs)
-     end
- 
-     def test_create_no_pass
-@@ -62,14 +59,17 @@ def test_create_no_pass
-         nil,
-         "hello",
-         @mykey,
--        @mycert
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
--      assert_equal @mycert.to_der, pkcs12.certificate.to_der
-+      assert_equal @mycert, pkcs12.certificate
-       assert_equal @mykey.to_der, pkcs12.key.to_der
-       assert_nil pkcs12.ca_certs
- 
-       decoded = OpenSSL::PKCS12.new(pkcs12.to_der)
--      assert_cert @mycert, decoded.certificate
-+      assert_equal @mycert, decoded.certificate
-     end
- 
-     def test_create_with_chain
-@@ -80,7 +80,9 @@ def test_create_with_chain
-         "hello",
-         @mykey,
-         @mycert,
--        chain
-+        chain,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
-       assert_equal chain, pkcs12.ca_certs
-     end
-@@ -95,14 +97,16 @@ def test_create_with_chain_decode
-         "hello",
-         @mykey,
-         @mycert,
--        chain
-+        chain,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-       )
- 
-       decoded = OpenSSL::PKCS12.new(pkcs12.to_der, passwd)
-       assert_equal chain.size, decoded.ca_certs.size
--      assert_include_cert @cacert, decoded.ca_certs
--      assert_include_cert @inter_cacert, decoded.ca_certs
--      assert_cert @mycert, decoded.certificate
-+      assert_include decoded.ca_certs, @cacert
-+      assert_include decoded.ca_certs, @inter_cacert
-+      assert_equal @mycert, decoded.certificate
-       assert_equal @mykey.to_der, decoded.key.to_der
-     end
- 
-@@ -126,8 +130,8 @@ def test_create_with_itr
-         @mykey,
-         @mycert,
-         [],
--        nil,
--        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-         2048
-       )
- 
-@@ -138,8 +142,8 @@ def test_create_with_itr
-           @mykey,
-           @mycert,
-           [],
--          nil,
--          nil,
-+          DEFAULT_PBE_PKEYS,
-+          DEFAULT_PBE_CERTS,
-           "omg"
-         )
-       end
-@@ -152,7 +156,8 @@ def test_create_with_mac_itr
-         @mykey,
-         @mycert,
-         [],
--        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-         nil,
-         nil,
-         2048
-@@ -165,148 +170,144 @@ def test_create_with_mac_itr
-           @mykey,
-           @mycert,
-           [],
--          nil,
--          nil,
-+          DEFAULT_PBE_PKEYS,
-+          DEFAULT_PBE_CERTS,
-           nil,
-           "omg"
-         )
-       end
-     end
- 
--    def test_new_with_one_key_and_one_cert
--      # generated with:
--      #   openssl version #=> OpenSSL 1.0.2h  3 May 2016
--      #   openssl pkcs12 -in <@mycert> -inkey <RSA1024> -export -out <out>
--      str = <<~EOF.unpack("m").first
--MIIGQQIBAzCCBgcGCSqGSIb3DQEHAaCCBfgEggX0MIIF8DCCAu8GCSqGSIb3DQEH
--BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIeZPM
--Rh6KiXgCAggAgIICqL6O+LCZmBzdIg6mozPF3FpY0hVbWHvTNMiDHieW3CrAanhN
--YCH2/wHqH8WpFpEWwF0qEEXAWjHsIlYB4Cfqo6b7XpuZe5eVESsjNTOTMF1JCUJj
--A6iNefXmCFLync1JK5LUodRDhTlKLU1WPK20X9X4vuEwHn8wt5RUb8P0E+Xh6rpS
--XC4LkZKT45zF3cJa/n5+dW65ohVGNVnF9D1bCNEKHMOllK1V9omutQ9slW88hpga
--LGiFsJoFOb/ESGb78KO+bd6zbX1MdKdBV+WD6t1uF/cgU65y+2A4nXs1urda+MJ7
--7iVqiB7Vnc9cANTbAkTSGNyoUDVM/NZde782/8IvddLAzUZ2EftoRDke6PvuBOVL
--ljBhNWmdamrtBqzuzVZCRdWq44KZkF2Xoc9asepwIkdVmntzQF7f1Z+Ta5yg6HFp
--xnr7CuM+MlHEShXkMgYtHnwAq10fDMSXIvjhi/AA5XUAusDO3D+hbtcRDcJ4uUes
--dm5dhQE2qJ02Ysn4aH3o1F3RYNOzrxejHJwl0D2TCE8Ww2X342xib57+z9u03ufj
--jswhiMKxy67f1LhUMq3XrT3uV6kCVXk/KUOUPcXPlPVNA5JmZeFhMp6GrtB5xJJ9
--wwBZD8UL5A2U2Mxi2OZsdUBv8eo3jnjZ284aFpt+mCjIHrLW5O0jwY8OCwSlYUoY
--IY00wlabX0s82kBcIQNZbC1RSV2267ro/7A0MClc8YQ/zWN0FKY6apgtUkHJI1cL
--1dc77mhnjETjwW94iLMDFy4zQfVu7IfCBqOBzygRNnqqUG66UhTs1xFnWM0mWXl/
--Zh9+AMpbRLIPaKCktIjl5juzzm+KEgkhD+707XRCFIGUYGP5bSHzGaz8PK9hj0u1
--E2SpZHUvYOcawmxtA7pmpSxl5uQjMIIC+QYJKoZIhvcNAQcBoIIC6gSCAuYwggLi
--MIIC3gYLKoZIhvcNAQwKAQKgggKmMIICojAcBgoqhkiG9w0BDAEDMA4ECKB338m8
--qSzHAgIIAASCAoACFhJeqA3xx+s1qIH6udNQYY5hAL6oz7SXoGwFhDiceSyJjmAD
--Dby9XWM0bPl1Gj5nqdsuI/lAM++fJeoETk+rxw8q6Ofk2zUaRRE39qgpwBwSk44o
--0SAFJ6bzHpc5CFh6sZmDaUX5Lm9GtjnGFmmsPTSJT5an5JuJ9WczGBEd0nSBQhJq
--xHbTGZiN8i3SXcIH531Sub+CBIFWy5lyCKgDYh/kgJFGQAaWUOjLI+7dCEESonXn
--F3Jh2uPbnDF9MGJyAFoNgWFhgSpi1cf6AUi87GY4Oyur88ddJ1o0D0Kz2uw8/bpG
--s3O4PYnIW5naZ8mozzbnYByEFk7PoTwM7VhoFBfYNtBoAI8+hBnPY/Y71YUojEXf
--SeX6QbtkIANfzS1XuFNKElShC3DPQIHpKzaatEsfxHfP+8VOav6zcn4mioao7NHA
--x7Dp6R1enFGoQOq4UNjBT8YjnkG5vW8zQHW2dAHLTJBq6x2Fzm/4Pjo/8vM1FiGl
--BQdW5vfDeJ/l6NgQm3xR9ka2E2HaDqIcj1zWbN8jy/bHPFJYuF/HH8MBV/ngMIXE
--vFEW/ToYv8eif0+EpUtzBsCKD4a7qYYYh87RmEVoQU96q6m+UbhpD2WztYfAPkfo
--OSL9j2QHhVczhL7OAgqNeM95pOsjA9YMe7exTeqK31LYnTX8oH8WJD1xGbRSJYgu
--SY6PQbumcJkc/TFPn0GeVUpiDdf83SeG50lo/i7UKQi2l1hi5Y51fQhnBnyMr68D
--llSZEvSWqfDxBJkBpeg6PIYvkTpEwKRJpVQoM3uYvdqVSSnW6rydqIb+snfOrlhd
--f+xCtq9xr+kHeTSqLIDRRAnMfgFRhY3IBlj6MSUwIwYJKoZIhvcNAQkVMRYEFBdb
--8XGWehZ6oPj56Pf/uId46M9AMDEwITAJBgUrDgMCGgUABBRvSCB04/f8f13pp2PF
--vyl2WuMdEwQIMWFFphPkIUICAggA
--      EOF
--      p12 = OpenSSL::PKCS12.new(str, "abc123")
--
--      assert_equal @mykey.to_der, p12.key.to_der
--      assert_equal @mycert.subject.to_der, p12.certificate.subject.to_der
--      assert_equal [], Array(p12.ca_certs)
--    end
--
-     def test_new_with_no_keys
-       # generated with:
--      #   openssl pkcs12 -in <@mycert> -nokeys -export -out <out>
-+      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export
-       str = <<~EOF.unpack("m").first
--MIIDHAIBAzCCAuIGCSqGSIb3DQEHAaCCAtMEggLPMIICyzCCAscGCSqGSIb3DQEH
--BqCCArgwggK0AgEAMIICrQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIX4+W
--irqwH40CAggAgIICgOaCyo+5+6IOVoGCCL80c50bkkzAwqdXxvkKExJSdcJz2uMU
--0gRrKnZEjL5wrUsN8RwZu8DvgQTEhNEkKsUgM7AWainmN/EnwohIdHZAHpm6WD67
--I9kLGp0/DHrqZrV9P2dLfhXLUSQE8PI0tqZPZ8UEABhizkViw4eISTkrOUN7pGbN
--Qtx/oqgitXDuX2polbxYYDwt9vfHZhykHoKgew26SeJyZfeMs/WZ6olEI4cQUAFr
--mvYGuC1AxEGTo9ERmU8Pm16j9Hr9PFk50WYe+rnk9oX3wJogQ7XUWS5kYf7XRycd
--NDkNiwV/ts94bbuaGZp1YA6I48FXpIc8b5fX7t9tY0umGaWy0bARe1L7o0Y89EPe
--lMg25rOM7j3uPtFG8whbSfdETSy57UxzzTcJ6UwexeaK6wb2jqEmj5AOoPLWeaX0
--LyOAszR3v7OPAcjIDYZGdrbb3MZ2f2vo2pdQfu9698BrWhXuM7Odh73RLhJVreNI
--aezNOAtPyBlvGiBQBGTzRIYHSLL5Y5aVj2vWLAa7hjm5qTL5C5mFdDIo6TkEMr6I
--OsexNQofEGs19kr8nARXDlcbEimk2VsPj4efQC2CEXZNzURsKca82pa62MJ8WosB
--DTFd8X06zZZ4nED50vLopZvyW4fyW60lELwOyThAdG8UchoAaz2baqP0K4de44yM
--Y5/yPFDu4+GoimipJfbiYviRwbzkBxYW8+958ILh0RtagLbvIGxbpaym9PqGjOzx
--ShNXjLK2aAFZsEizQ8kd09quJHU/ogq2cUXdqqhmOqPnUWrJVi/VCoRB3Pv1/lE4
--mrUgr2YZ11rYvBw6g5XvNvFcSc53OKyV7SLn0dwwMTAhMAkGBSsOAwIaBQAEFEWP
--1WRQykaoD4uJCpTx/wv0SLLBBAiDKI26LJK7xgICCAA=
-+MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3
-+DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw
-+DgQIjv5c3OHvnBgCAggAgIIFiMJa8Z/w7errRvCQPXh9dGQz3eJaFq3S2gXD
-+rh6oiwsgIRJZvYAWgU6ll9NV7N5SgvS2DDNVuc3tsP8TPWjp+bIxzS9qmGUV
-+kYWuURWLMKhpF12ZRDab8jcIwBgKoSGiDJk8xHjx6L613/XcRM6ln3VeQK+C
-+hlW5kXniNAUAgTft25Fn61Xa8xnhmsz/fk1ycGnyGjKCnr7Mgy7KV0C1vs23
-+18n8+b1ktDWLZPYgpmXuMFVh0o+HJTV3O86mkIhJonMcnOMgKZ+i8KeXaocN
-+JQlAPBG4+HOip7FbQT/h6reXv8/J+hgjLfqAb5aV3m03rUX9mXx66nR1tQU0
-+Jq+XPfDh5+V4akIczLlMyyo/xZjI1/qupcMjr+giOGnGd8BA3cuXW+ueLQiA
-+PpTp+DQLVHRfz9XTZbyqOReNEtEXvO9gOlKSEY5lp65ItXVEs2Oqyf9PfU9y
-+DUltN6fCMilwPyyrsIBKXCu2ZLM5h65KVCXAYEX9lNqj9zrQ7vTqvCNN8RhS
-+ScYouTX2Eqa4Z+gTZWLHa8RCQFoyP6hd+97/Tg2Gv2UTH0myQxIVcnpdi1wy
-+cqb+er7tyKbcO96uSlUjpj/JvjlodtjJcX+oinEqGb/caj4UepbBwiG3vv70
-+63bS3jTsOLNjDRsR9if3LxIhLa6DW8zOJiGC+EvMD1o4dzHcGVpQ/pZWCHZC
-++YiNJpQOBApiZluE+UZ0m3XrtHFQYk7xblTrh+FJF91wBsok0rZXLAKd8m4p
-+OJsc7quCq3cuHRRTzJQ4nSe01uqbwGDAYwLvi6VWy3svU5qa05eDRmgzEFTG
-+e84Gp/1LQCtpQFr4txkjFchO2whWS80KoQKqmLPyGm1D9Lv53Q4ZsKMgNihs
-+rEepuaOZMKHl4yMAYFoOXZCAYzfbhN6b2phcFAHjMUHUw9e3F0QuDk9D0tsr
-+riYTrkocqlOKfK4QTomx27O0ON2J6f1rtEojGgfl9RNykN7iKGzjS3914QjW
-+W6gGiZejxHsDPEAa4gUp0WiSUSXtD5WJgoyAzLydR2dKWsQ4WlaUXi01CuGy
-++xvncSn2nO3bbot8VD5H6XU1CjREVtnIfbeRYO/uofyLUP3olK5RqN6ne6Xo
-+eXnJ/bjYphA8NGuuuvuW1SCITmINkZDLC9cGlER9+K65RR/DR3TigkexXMeN
-+aJ70ivZYAl0OuhZt3TGIlAzS64TIoyORe3z7Ta1Pp9PZQarYJpF9BBIZIFor
-+757PHHuQKRuugiRkp8B7v4eq1BQ+VeAxCKpyZ7XrgEtbY/AWDiaKcGPKPjc3
-+AqQraVeQm7kMBT163wFmZArCphzkDOI3bz2oEO8YArMgLq2Vto9jAZlqKyWr
-+pi2bSJxuoP1aoD58CHcWMrf8/j1LVdQhKgHQXSik2ID0H2Wc/XnglhzlVFuJ
-+JsNIW/EGJlZh/5WDez9U0bXqnBlu3uasPEOezdoKlcCmQlmTO5+uLHYLEtNA
-+EH9MtnGZebi9XS5meTuS6z5LILt8O9IHZxmT3JRPHYj287FEzotlLdcJ4Ee5
-+enW41UHjLrfv4OaITO1hVuoLRGdzjESx/fHMWmxroZ1nVClxECOdT42zvIYJ
-+J3xBZ0gppzQ5fjoYiKjJpxTflRxUuxshk3ih6VUoKtqj/W18tBQ3g5SOlkgT
-+yCW8r74yZlfYmNrPyDMUQYpLUPWj2n71GF0KyPfTU5yOatRgvheh262w5BG3
-+omFY7mb3tCv8/U2jdMIoukRKacpZiagofz3SxojOJq52cHnCri+gTHBMX0cO
-+j58ygfntHWRzst0pV7Ze2X3fdCAJ4DokH6bNJNthcgmolFJ/y3V1tJjgsdtQ
-+7Pjn/vE6xUV0HXE2x4yoVYNirbAMIvkN/X+atxrN0dA4AchN+zGp8TAxMCEw
-+CQYFKw4DAhoFAAQUQ+6XXkyhf6uYgtbibILN2IjKnOAECLiqoY45MPCrAgII
-+AA==
-       EOF
-       p12 = OpenSSL::PKCS12.new(str, "abc123")
- 
-       assert_equal nil, p12.key
-       assert_equal nil, p12.certificate
-       assert_equal 1, p12.ca_certs.size
--      assert_equal @mycert.subject.to_der, p12.ca_certs[0].subject.to_der
-+      assert_equal @mycert.subject, p12.ca_certs[0].subject
-     end
- 
-     def test_new_with_no_certs
-       # generated with:
--      #   openssl pkcs12 -inkey <RSA1024> -nocerts -export -out <out>
-+      #   openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export
-       str = <<~EOF.unpack("m").first
--MIIDJwIBAzCCAu0GCSqGSIb3DQEHAaCCAt4EggLaMIIC1jCCAtIGCSqGSIb3DQEH
--AaCCAsMEggK/MIICuzCCArcGCyqGSIb3DQEMCgECoIICpjCCAqIwHAYKKoZIhvcN
--AQwBAzAOBAg6AaYnJs84SwICCAAEggKAQzZH+fWSpcQYD1J7PsGSune85A++fLCQ
--V7tacp2iv95GJkxwYmfTP176pJdgs00mceB9UJ/u9EX5nD0djdjjQjwo6sgKjY0q
--cpVhZw8CMxw7kBD2dhtui0zT8z5hy03LePxsjEKsGiSbeVeeGbSfw/I6AAYbv+Uh
--O/YPBGumeHj/D2WKnfsHJLQ9GAV3H6dv5VKYNxjciK7f/JEyZCuUQGIN64QFHDhJ
--7fzLqd/ul3FZzJZO6a+dwvcgux09SKVXDRSeFmRCEX4b486iWhJJVspCo9P2KNne
--ORrpybr3ZSwxyoICmjyo8gj0OSnEfdx9790Ej1takPqSA1wIdSdBLekbZqB0RBQg
--DEuPOsXNo3QFi8ji1vu0WBRJZZSNC2hr5NL6lNR+DKxG8yzDll2j4W4BBIp22mAE
--7QRX7kVxu17QJXQhOUac4Dd1qXmzebP8t6xkAxD9L7BWEN5OdiXWwSWGjVjMBneX
--nYObi/3UT/aVc5WHMHK2BhCI1bwH51E6yZh06d5m0TQpYGUTWDJdWGBSrp3A+8jN
--N2PMQkWBFrXP3smHoTEN4oZC4FWiPsIEyAkQsfKRhcV9lGKl2Xgq54ROTFLnwKoj
--Z3zJScnq9qmNzvVZSMmDLkjLyDq0pxRxGKBvgouKkWY7VFFIwwBIJM39iDJ5NbBY
--i1AQFTRsRSsZrNVPasCXrIq7bhMoJZb/YZOGBLNyJVqKUoYXhtwsajzSq54VlWft
--JxsPayEd4Vi6O9EU1ahnj6qFEZiKFzsicgK2J1Rb8cYagrp0XWjHW0SBn5GVUWCg
--GUokSFG/0JTdeYTo/sQuG4qNgJkOolRjpeI48Fciq5VUWLvVdKioXzAxMCEwCQYF
--Kw4DAhoFAAQUYAuwVtGD1TdgbFK4Yal2XBgwUR4ECEawsN3rNaa6AgIIAA==
-+MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3
-+DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK
-+KoZIhvcNAQwBAzAOBAjX5nN8jyRKwQICCAAEgglIBIRLHfiY1mNHpl3FdX6+
-+72L+ZOVXnlZ1MY9HSeg0RMkCJcm0mJ2UD7INUOGXvwpK9fr6WJUZM1IqTihQ
-+1dM0crRC2m23aP7KtAlXh2DYD3otseDtwoN/NE19RsiJzeIiy5TSW1d47weU
-++D4Ig/9FYVFPTDgMzdCxXujhvO/MTbZIjqtcS+IOyF+91KkXrHkfkGjZC7KS
-+WRmYw9BBuIPQEewdTI35sAJcxT8rK7JIiL/9mewbSE+Z28Wq1WXwmjL3oZm9
-+lw6+f515b197GYEGomr6LQqJJamSYpwQbTGHonku6Tf3ylB4NLFqOnRCKE4K
-+zRSSYIqJBlKHmQ4pDm5awoupHYxMZLZKZvXNYyYN3kV8r1iiNVlY7KBR4CsX
-+rqUkXehRmcPnuqEMW8aOpuYe/HWf8PYI93oiDZjcEZMwW2IZFFrgBbqUeNCM
-+CQTkjAYxi5FyoaoTnHrj/aRtdLOg1xIJe4KKcmOXAVMmVM9QEPNfUwiXJrE7
-+n42gl4NyzcZpxqwWBT++9TnQGZ/lEpwR6dzkZwICNQLdQ+elsdT7mumywP+1
-+WaFqg9kpurimaiBu515vJNp9Iqv1Nmke6R8Lk6WVRKPg4Akw0fkuy6HS+LyN
-+ofdCfVUkPGN6zkjAxGZP9ZBwvXUbLRC5W3N5qZuAy5WcsS75z+oVeX9ePV63
-+cue23sClu8JSJcw3HFgPaAE4sfkQ4MoihPY5kezgT7F7Lw/j86S0ebrDNp4N
-+Y685ec81NRHJ80CAM55f3kGCOEhoifD4VZrvr1TdHZY9Gm3b1RYaJCit2huF
-+nlOfzeimdcv/tkjb6UsbpXx3JKkF2NFFip0yEBERRCdWRYMUpBRcl3ad6XHy
-+w0pVTgIjTxGlbbtOCi3siqMOK0GNt6UgjoEFc1xqjsgLwU0Ta2quRu7RFPGM
-+GoEwoC6VH23p9Hr4uTFOL0uHfkKWKunNN+7YPi6LT6IKmTQwrp+fTO61N6Xh
-+KlqTpwESKsIJB2iMnc8wBkjXJtmG/e2n5oTqfhICIrxYmEb7zKDyK3eqeTj3
-+FhQh2t7cUIiqcT52AckUqniPmlE6hf82yBjhaQUPfi/ExTBtTDSmFfRPUzq+
-+Rlla4OHllPRzUXJExyansgCxZbPqlw46AtygSWRGcWoYAKUKwwoYjerqIV5g
-+JoZICV9BOU9TXco1dHXZQTs/nnTwoRmYiL/Ly5XpvUAnQOhYeCPjBeFnPSBR
-+R/hRNqrDH2MOV57v5KQIH2+mvy26tRG+tVGHmLMaOJeQkjLdxx+az8RfXIrH
-+7hpAsoBb+g9jUDY1mUVavPk1T45GMpQH8u3kkzRvChfOst6533GyIZhE7FhN
-+KanC6ACabVFDUs6P9pK9RPQMp1qJfpA0XJFx5TCbVbPkvnkZd8K5Tl/tzNM1
-+n32eRao4MKr9KDwoDL93S1yJgYTlYjy1XW/ewdedtX+B4koAoz/wSXDYO+GQ
-+Zu6ZSpKSEHTRPhchsJ4oICvpriVaJkn0/Z7H3YjNMB9U5RR9+GiIg1wY1Oa1
-+S3WfuwrrI6eqfbQwj6PDNu3IKy6srEgvJwaofQALNBPSYWbauM2brc8qsD+t
-+n8jC/aD1aMcy00+9t3H/RVCjEOb3yKfUpAldIkEA2NTTnZpoDQDXeNYU2F/W
-+yhmFjJy8A0O4QOk2xnZK9kcxSRs0v8vI8HivvgWENoVPscsDC4742SSIe6SL
-+f/T08reIX11f0K70rMtLhtFMQdHdYOTNl6JzhkHPLr/f9MEZsBEQx52depnF
-+ARb3gXGbCt7BAi0OeCEBSbLr2yWuW4r55N0wRZSOBtgqgjsiHP7CDQSkbL6p
-+FPlQS1do9gBSHiNYvsmN1LN5bG+mhcVb0UjZub4mL0EqGadjDfDdRJmWqlX0
-+r5dyMcOWQVy4O2cPqYFlcP9lk8buc5otcyVI2isrAFdlvBK29oK6jc52Aq5Q
-+0b2ESDlgX8WRgiOPPxK8dySKEeuIwngCtJyNTecP9Ug06TDsu0znZGCXJ+3P
-+8JOpykgA8EQdOZOYHbo76ZfB2SkklI5KeRA5IBjGs9G3TZ4PHLy2DIwsbWzS
-+H1g01o1x264nx1cJ+eEgUN/KIiGFIib42RS8Af4D5e+Vj54Rt3axq+ag3kI+
-+53p8uotyu+SpvvXUP7Kv4xpQ/L6k41VM0rfrd9+DrlDVvSfxP2uh6I1TKF7A
-+CT5n8zguMbng4PGjxvyPBM5k62t6hN5fuw6Af0aZFexh+IjB/5wFQ6onSz23
-+fBzMW4St7RgSs8fDg3lrM+5rwXiey1jxY1ddaxOoUsWRMvvdd7rZxRZQoN5v
-+AcI5iMkK/vvpQgC/sfzhtXtrJ2XOPZ+GVgi7VcuDLKSkdFMcPbGzO8SdxUnS
-+SLV5XTKqKND+Lrfx7DAoKi5wbDFHu5496/MHK5qP4tBe6sJ5bZc+KDJIH46e
-+wTV1oWtB5tV4q46hOb5WRcn/Wjz3HSKaGZgx5QbK1MfKTzD5CTUn+ArMockX
-+2wJhPnFK85U4rgv8iBuh9bRjyw+YaKf7Z3loXRiE1eRG6RzuPF0ZecFiDumk
-+AC/VUXynJhzePBLqzrQj0exanACdullN+pSfHiRWBxR2VFUkjoFP5X45GK3z
-+OstSH6FOkMVU4afqEmjsIwozDFIyin5EyWTtdhJe3szdJSGY23Tut+9hUatx
-+9FDFLESOd8z3tyQSNiLk/Hib+e/lbjxqbXBG/p/oyvP3N999PLUPtpKqtYkV
-+H0+18sNh9CVfojiJl44fzxe8yCnuefBjut2PxEN0EFRBPv9P2wWlmOxkPKUq
-+NrCJP0rDj5aONLrNZPrR8bZNdIShkZ/rKkoTuA0WMZ+xUlDRxAupdMkWAlrz
-+8IcwNcdDjPnkGObpN5Ctm3vK7UGSBmPeNqkXOYf3QTJ9gStJEd0F6+DzTN5C
-+KGt1IyuGwZqL2Yk51FDIIkr9ykEnBMaA39LS7GFHEDNGlW+fKC7AzA0zfoOr
-+fXZlHMBuqHtXqk3zrsHRqGGoocigg4ctrhD1UREYKj+eIj1TBiRdf7c6+COf
-+NIOmej8pX3FmZ4ui+dDA8r2ctgsWHrb4A6iiH+v1DRA61GtoaA/tNRggewXW
-+VXCZCGWyyTuyHGOqq5ozrv5MlzZLWD/KV/uDsAWmy20RAed1C4AzcXlpX25O
-+M4SNl47g5VRNJRtMqokc8j6TjZrzMDEwITAJBgUrDgMCGgUABBRrkIRuS5qg
-+BC8fv38mue8LZVcbHQQIUNrWKEnskCoCAggA
-       EOF
-       p12 = OpenSSL::PKCS12.new(str, "abc123")
- 
--      assert_equal @mykey.to_der, p12.key.to_der
-+      assert_equal Fixtures.pkey("rsa-1").to_der, p12.key.to_der
-       assert_equal nil, p12.certificate
-       assert_equal [], Array(p12.ca_certs)
-     end
- 
-     def test_dup
--      p12 = OpenSSL::PKCS12.create("pass", "name", @mykey, @mycert)
-+      p12 = OpenSSL::PKCS12.create(
-+        "pass",
-+        "name",
-+        @mykey,
-+        @mycert,
-+        nil,
-+        DEFAULT_PBE_PKEYS,
-+        DEFAULT_PBE_CERTS,
-+      )
-       assert_equal p12.to_der, p12.dup.to_der
-     end
--
--    private
--    def assert_cert expected, actual
--      [
--        :subject,
--        :issuer,
--        :serial,
--        :not_before,
--        :not_after,
--      ].each do |attribute|
--        assert_equal expected.send(attribute), actual.send(attribute)
--      end
--      assert_equal expected.to_der, actual.to_der
--    end
--
--    def assert_include_cert cert, ary
--      der = cert.to_der
--      ary.each do |candidate|
--        if candidate.to_der == der
--          return true
--        end
--      end
--      false
--    end
-   end
- end
- 
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_pkey-use-EC-keys-for-PKey.generate.patch

@@ -1,67 +0,0 @@
-From 10d2216b2f35a31777a099d9f765b0b6ea34a63e Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 18 May 2020 02:35:35 +0900
-Subject: [PATCH] test/openssl/test_pkey: use EC keys for
- PKey.generate_parameters tests
-
-OpenSSL 3.0 refuses to generate DSA parameters shorter than 2048 bits,
-but generating 2048 bits parameters takes very long time. Let's use EC
-in these test cases instead.
----
- test/openssl/test_pkey.rb | 27 +++++++++++----------------
- 1 file changed, 11 insertions(+), 16 deletions(-)
-
-diff --git a/test/openssl/test_pkey.rb b/test/openssl/test_pkey.rb
-index 3630458b3c..88a6e04581 100644
---- a/test/openssl/test_pkey.rb
-+++ b/test/openssl/test_pkey.rb
-@@ -27,20 +27,16 @@ def test_generic_oid_inspect
-   end
- 
-   def test_s_generate_parameters
--    # 512 is non-default; 1024 is used if 'dsa_paramgen_bits' is not specified
--    # with OpenSSL 1.1.0.
--    pkey = OpenSSL::PKey.generate_parameters("DSA", {
--      "dsa_paramgen_bits" => 512,
--      "dsa_paramgen_q_bits" => 256,
-+    pkey = OpenSSL::PKey.generate_parameters("EC", {
-+      "ec_paramgen_curve" => "secp384r1",
-     })
--    assert_instance_of OpenSSL::PKey::DSA, pkey
--    assert_equal 512, pkey.p.num_bits
--    assert_equal 256, pkey.q.num_bits
--    assert_equal nil, pkey.priv_key
-+    assert_instance_of OpenSSL::PKey::EC, pkey
-+    assert_equal "secp384r1", pkey.group.curve_name
-+    assert_equal nil, pkey.private_key
- 
-     # Invalid options are checked
-     assert_raise(OpenSSL::PKey::PKeyError) {
--      OpenSSL::PKey.generate_parameters("DSA", "invalid" => "option")
-+      OpenSSL::PKey.generate_parameters("EC", "invalid" => "option")
-     }
- 
-     # Parameter generation callback is called
-@@ -59,14 +55,13 @@ def test_s_generate_key
-       # DSA key pair cannot be generated without parameters
-       OpenSSL::PKey.generate_key("DSA")
-     }
--    pkey_params = OpenSSL::PKey.generate_parameters("DSA", {
--      "dsa_paramgen_bits" => 512,
--      "dsa_paramgen_q_bits" => 256,
-+    pkey_params = OpenSSL::PKey.generate_parameters("EC", {
-+      "ec_paramgen_curve" => "secp384r1",
-     })
-     pkey = OpenSSL::PKey.generate_key(pkey_params)
--    assert_instance_of OpenSSL::PKey::DSA, pkey
--    assert_equal 512, pkey.p.num_bits
--    assert_not_equal nil, pkey.priv_key
-+    assert_instance_of OpenSSL::PKey::EC, pkey
-+    assert_equal "secp384r1", pkey.group.curve_name
-+    assert_not_equal nil, pkey.private_key
-   end
- 
-   def test_hmac_sign_verify
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-test_ssl-relax-regex-to-match-OpenSSL-s.patch

@@ -1,31 +0,0 @@
-From 05fd14aea7eff2a6911a6f529f1237276482c6e7 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Fri, 10 Jul 2020 13:56:38 +0900
-Subject: [PATCH] test/openssl/test_ssl: relax regex to match OpenSSL's error
- message
-
-OpenSSL 3.0 slightly changed the error message for a certificate
-verification failure when an untrusted self-signed certificate is found
-in the chain.
----
- test/openssl/test_ssl.rb | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
-index 6095d545b5..9e9b8b9b69 100644
---- a/test/openssl/test_ssl.rb
-+++ b/test/openssl/test_ssl.rb
-@@ -964,7 +964,9 @@ def test_connect_certificate_verify_failed_exception_message
-     start_server(ignore_listener_error: true) { |port|
-       ctx = OpenSSL::SSL::SSLContext.new
-       ctx.set_params
--      assert_raise_with_message(OpenSSL::SSL::SSLError, /self signed/) {
-+      # OpenSSL <= 1.1.0: "self signed certificate in certificate chain"
-+      # OpenSSL >= 3.0.0: "self-signed certificate in certificate chain"
-+      assert_raise_with_message(OpenSSL::SSL::SSLError, /self.signed/) {
-         server_connect(port, ctx)
-       }
-     }
--- 
-2.32.0
-

ruby-3.1.0-test-openssl-utils-remove-dup_public-helper-method.patch

@@ -1,265 +0,0 @@
-From 2c6797bc97d7c92284dc3c0ed27f97ace4e5cfb9 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Mon, 31 May 2021 11:44:05 +0900
-Subject: [PATCH] test/openssl/utils: remove dup_public helper method
-
-It uses deprecated PKey::{RSA,DSA,DH}#set_* methods, which will not
-work with OpenSSL 3.0. The same can easily be achieved using
-PKey#public_to_der regardless of the key kind.
----
- test/openssl/test_pkey_dh.rb  |  8 +++++---
- test/openssl/test_pkey_dsa.rb | 15 +++++++++++----
- test/openssl/test_pkey_ec.rb  | 15 +++++++++++----
- test/openssl/test_pkey_rsa.rb | 31 +++++++++++++++++--------------
- test/openssl/utils.rb         | 26 --------------------------
- 5 files changed, 44 insertions(+), 51 deletions(-)
-
-diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
-index f80af8f841..757704caf6 100644
---- a/test/openssl/test_pkey_dh.rb
-+++ b/test/openssl/test_pkey_dh.rb
-@@ -40,12 +40,14 @@ def test_derive_key
- 
-   def test_DHparams
-     dh1024 = Fixtures.pkey("dh1024")
-+    dh1024params = dh1024.public_key
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Integer(dh1024.p),
-       OpenSSL::ASN1::Integer(dh1024.g)
-     ])
-     key = OpenSSL::PKey::DH.new(asn1.to_der)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
- 
-     pem = <<~EOF
-     -----BEGIN DH PARAMETERS-----
-@@ -55,9 +57,9 @@ def test_DHparams
-     -----END DH PARAMETERS-----
-     EOF
-     key = OpenSSL::PKey::DH.new(pem)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
-     key = OpenSSL::PKey.read(pem)
--    assert_same_dh dup_public(dh1024), key
-+    assert_same_dh dh1024params, key
- 
-     assert_equal asn1.to_der, dh1024.to_der
-     assert_equal pem, dh1024.export
-diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
-index 147e50176b..0994607f21 100644
---- a/test/openssl/test_pkey_dsa.rb
-+++ b/test/openssl/test_pkey_dsa.rb
-@@ -138,6 +138,8 @@ def test_DSAPrivateKey_encrypted
- 
-   def test_PUBKEY
-     dsa512 = Fixtures.pkey("dsa512")
-+    dsa512pub = OpenSSL::PKey::DSA.new(dsa512.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("DSA"),
-@@ -153,7 +155,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::DSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_dsa dup_public(dsa512), key
-+    assert_same_dsa dsa512pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -166,10 +168,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::DSA.new(pem)
--    assert_same_dsa dup_public(dsa512), key
-+    assert_same_dsa dsa512pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(dsa512).to_der
--    assert_equal pem, dup_public(dsa512).export
-+    assert_equal asn1.to_der, dsa512.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, dsa512.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_read_DSAPublicKey_pem
-diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
-index 4b6df0290f..d62f1b5eb8 100644
---- a/test/openssl/test_pkey_ec.rb
-+++ b/test/openssl/test_pkey_ec.rb
-@@ -210,6 +210,8 @@ def test_ECPrivateKey_encrypted
- 
-   def test_PUBKEY
-     p256 = Fixtures.pkey("p256")
-+    p256pub = OpenSSL::PKey::EC.new(p256.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
-@@ -221,7 +223,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::EC.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_ec dup_public(p256), key
-+    assert_same_ec p256pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -230,10 +232,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::EC.new(pem)
--    assert_same_ec dup_public(p256), key
-+    assert_same_ec p256pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(p256).to_der
--    assert_equal pem, dup_public(p256).export
-+    assert_equal asn1.to_der, p256.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, p256.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_ec_group
-diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
-index 5e127f5407..4548bdb2cf 100644
---- a/test/openssl/test_pkey_rsa.rb
-+++ b/test/openssl/test_pkey_rsa.rb
-@@ -201,7 +201,7 @@ def test_sign_verify_pss
- 
-   def test_encrypt_decrypt
-     rsapriv = Fixtures.pkey("rsa-1")
--    rsapub = dup_public(rsapriv)
-+    rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
- 
-     # Defaults to PKCS #1 v1.5
-     raw = "data"
-@@ -216,7 +216,7 @@ def test_encrypt_decrypt
- 
-   def test_encrypt_decrypt_legacy
-     rsapriv = Fixtures.pkey("rsa-1")
--    rsapub = dup_public(rsapriv)
-+    rsapub = OpenSSL::PKey.read(rsapriv.public_to_der)
- 
-     # Defaults to PKCS #1 v1.5
-     raw = "data"
-@@ -346,13 +346,15 @@ def test_RSAPrivateKey_encrypted
- 
-   def test_RSAPublicKey
-     rsa1024 = Fixtures.pkey("rsa1024")
-+    rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Integer(rsa1024.n),
-       OpenSSL::ASN1::Integer(rsa1024.e)
-     ])
-     key = OpenSSL::PKey::RSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
- 
-     pem = <<~EOF
-     -----BEGIN RSA PUBLIC KEY-----
-@@ -362,11 +364,13 @@ def test_RSAPublicKey
-     -----END RSA PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::RSA.new(pem)
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
-   end
- 
-   def test_PUBKEY
-     rsa1024 = Fixtures.pkey("rsa1024")
-+    rsa1024pub = OpenSSL::PKey::RSA.new(rsa1024.public_to_der)
-+
-     asn1 = OpenSSL::ASN1::Sequence([
-       OpenSSL::ASN1::Sequence([
-         OpenSSL::ASN1::ObjectId("rsaEncryption"),
-@@ -381,7 +385,7 @@ def test_PUBKEY
-     ])
-     key = OpenSSL::PKey::RSA.new(asn1.to_der)
-     assert_not_predicate key, :private?
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
- 
-     pem = <<~EOF
-     -----BEGIN PUBLIC KEY-----
-@@ -392,10 +396,15 @@ def test_PUBKEY
-     -----END PUBLIC KEY-----
-     EOF
-     key = OpenSSL::PKey::RSA.new(pem)
--    assert_same_rsa dup_public(rsa1024), key
-+    assert_same_rsa rsa1024pub, key
-+
-+    assert_equal asn1.to_der, key.to_der
-+    assert_equal pem, key.export
- 
--    assert_equal asn1.to_der, dup_public(rsa1024).to_der
--    assert_equal pem, dup_public(rsa1024).export
-+    assert_equal asn1.to_der, rsa1024.public_to_der
-+    assert_equal asn1.to_der, key.public_to_der
-+    assert_equal pem, rsa1024.public_to_pem
-+    assert_equal pem, key.public_to_pem
-   end
- 
-   def test_pem_passwd
-@@ -482,12 +491,6 @@ def test_private_encoding_encrypted
-     assert_same_rsa rsa1024, OpenSSL::PKey.read(pem, "abcdef")
-   end
- 
--  def test_public_encoding
--    rsa1024 = Fixtures.pkey("rsa1024")
--    assert_equal dup_public(rsa1024).to_der, rsa1024.public_to_der
--    assert_equal dup_public(rsa1024).to_pem, rsa1024.public_to_pem
--  end
--
-   def test_dup
-     key = Fixtures.pkey("rsa1024")
-     key2 = key.dup
-diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
-index c1d737b2ab..f664bd3074 100644
---- a/test/openssl/utils.rb
-+++ b/test/openssl/utils.rb
-@@ -313,32 +313,6 @@ def check_component(base, test, keys)
-       assert_equal base.send(comp), test.send(comp)
-     }
-   end
--
--  def dup_public(key)
--    case key
--    when OpenSSL::PKey::RSA
--      rsa = OpenSSL::PKey::RSA.new
--      rsa.set_key(key.n, key.e, nil)
--      rsa
--    when OpenSSL::PKey::DSA
--      dsa = OpenSSL::PKey::DSA.new
--      dsa.set_pqg(key.p, key.q, key.g)
--      dsa.set_key(key.pub_key, nil)
--      dsa
--    when OpenSSL::PKey::DH
--      dh = OpenSSL::PKey::DH.new
--      dh.set_pqg(key.p, nil, key.g)
--      dh
--    else
--      if defined?(OpenSSL::PKey::EC) && OpenSSL::PKey::EC === key
--        ec = OpenSSL::PKey::EC.new(key.group)
--        ec.public_key = key.public_key
--        ec
--      else
--        raise "unknown key type"
--      end
--    end
--  end
- end
- 
- module OpenSSL::Certs
--- 
-2.32.0
-

ruby.rpmlintrc

@@ -15,42 +15,38 @@ addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/g
 
 # The bundled gem files permissions are overridden as 644 by `make install`.
 # https://bugs.ruby-lang.org/issues/17840
-# power_assert
-# https://github.com/ruby/power_assert/issues/35
-addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-power_assert\.noarch: E: non-executable-script /usr/share/gems/gems/power_assert-[\d\.]+/bin/setup 644 ')
-# rake
-# https://github.com/ruby/rake/issues/385
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/bundle 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rake 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rdoc 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/rubocop 644 ')
-addFilter(r'^rubygem-rake\.noarch: E: non-executable-script /usr/share/gems/gems/rake-[\d\.]+/bin/setup 644 ')
-# rbs
-# https://github.com/ruby/rbs/issues/673
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/annotate-with-rdoc 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/console 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/query-rdoc 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/rbs-prof 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/setup 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/sort 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/steep 644 ')
-addFilter(r'^rubygem-rbs\.noarch: E: non-executable-script /usr/share/gems/gems/rbs-[\d\.]+/bin/test_runner.rb 644 ')
-# test-unit
-addFilter(r'^rubygem-test-unit\.noarch: E: non-executable-script /usr/share/gems/gems/test-unit-[\d\.]+/test/run-test.rb 644 ')
+# https://github.com/rubygems/rubygems/issues/5255
+# https://github.com/ruby/debug/pull/481
+# https://github.com/ruby/net-ftp/pull/12
+# https://github.com/ruby/net-imap/pull/53
+# https://github.com/ruby/net-pop/pull/7
+# https://github.com/ruby/prime/pull/16
+addFilter(r'^.*: E: non-executable-script /usr/share/gems/gems/(debug|net-(ftp|imap|pop)|prime)-[\d\.]+/bin/\w+ 644 ')
 
-# The function `chroot` without using `chdir` is detected by rpmlint with the
-# following message. However it looks a false positive as the `chroot` in the
-# `dir.c` is just used as a Ruby binding `Dir.chroot` for the function.
-#
-# ruby-libs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib64/libruby.so.3.0.1
-# This executable appears to call chroot without using chdir to change the
-# current directory. This is likely an error and permits an attacker to break
-# out of the chroot by using fchdir. While that's not always a security issue,
-# this has to be checked.
-addFilter(r'^ruby-libs\.\w+: E: missing-call-to-chdir-with-chroot /usr/lib(64)?/libruby.so.[\d/.]+$')
+# Ruby provides API to set the cipher list.
+addFilter(r'^ruby-libs\.\w+: W: crypto-policy-non-compliance-openssl /usr/lib(64)?/ruby/openssl.so SSL_CTX_set_cipher_list$')
+
+# `gethostbyname` is part of deprecated Ruby API. There is also request to drop the API altogether:
+# https://bugs.ruby-lang.org/issues/13097
+# https://bugs.ruby-lang.org/issues/17944
+addFilter(r'^ruby-libs\.\w+: W: binary-or-shlib-calls-gethostbyname /usr/lib(64)?/ruby/socket.so$')
 
 # Nothing referred and no dependency information should be no problem.
 # https://bugs.ruby-lang.org/issues/16558#note-2
-addFilter(r'^ruby-libs\.\w+: E: shared-lib-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
+addFilter(r'^ruby-libs\.\w+: E: shared-library-without-dependency-information /usr/lib(64)?/ruby/enc/gb2312.so$')
+
+# These are Ruby plugins, where Ruby always load glibc prior the library.
+addFilter(r'^ruby-libs\.\w+: W: library-not-linked-against-libc /usr/lib(64)?/ruby/.*.so$')
+
+# Rake ships some examples.
+addFilter(r'^rubygem-rake.noarch: W: devel-file-in-non-devel-package /usr/share/gems/gems/rake-[\d\.]+/doc/example/\w+.c$')
+
+# Some executables don't have their manual pages. Is it worth of use help2man?
+addFilter(r'^.+: W: no-manual-page-for-binary (bundler|gem|rbs|rdbg|rdoc|ruby-mri|typeprof)$')
+
+# Default gems does not come with any documentation.
+addFilter(r'^rubygem-(bigdecimal|io-console|json|psych)\.\w+: W: no-documentation$')
+
+# rubygems-devel ships only RPM macros and generators. Their placement is given
+# by RPM and can't be modified.
+addFilter(r'rubygems-devel.noarch: W: only-non-binary-in-usr-lib$')

ruby.spec

@@ -1,6 +1,6 @@
 %global major_version 3
-%global minor_version 0
-%global teeny_version 3
+%global minor_version 1
+%global teeny_version 0
 %global major_minor_version %{major_version}.%{minor_version}
 
 %global ruby_version %{major_minor_version}.%{teeny_version}
@@ -10,7 +10,7 @@
 #%%global milestone rc1
 
 # Keep the revision enabled for pre-releases from GIT.
-#%%global revision 684649ea05
+#%%global revision fb4df44d16
 
 %global ruby_archive %{name}-%{ruby_version}
 
@@ -22,7 +22,7 @@
 %endif
 
 
-%global release 154
+%global release 1
 %{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory tree, since the
@@ -30,39 +30,49 @@
 %global rubygems_dir %{_datadir}/rubygems
 
 # Bundled libraries versions
-%global rubygems_version 3.2.32
+%global rubygems_version 3.3.3
 %global rubygems_molinillo_version 0.7.0
 
 # Default gems.
-%global bundler_version 2.2.32
+%global bundler_version 2.3.3
 %global bundler_connection_pool_version 2.3.0
 %global bundler_fileutils_version 1.4.1
 %global bundler_molinillo_version 0.7.0
 %global bundler_net_http_persistent_version 4.0.0
 %global bundler_thor_version 1.1.0
 %global bundler_tmpdir_version 0.1.0
-%global bundler_uri_version 0.10.0
+# TODO: Check the version if/when available in library.
+%global bundler_tsort_version 0.1.1
+%global bundler_uri_version 0.10.1
 
-%global bigdecimal_version 3.0.0
-%global did_you_mean_version 1.5.0
-%global erb_version 2.2.0
-%global io_console_version 0.5.7
-%global irb_version 1.3.5
-%global json_version 2.5.1
-%global openssl_version 2.2.1
-%global psych_version 3.3.2
-%global racc_version 1.5.2
-%global rdoc_version 6.3.3
+%global bigdecimal_version 3.1.1
+%global did_you_mean_version 1.6.1
+%global erb_version 2.2.3
+%global io_console_version 0.5.10
+%global irb_version 1.4.1
+%global json_version 2.6.1
+%global openssl_version 3.0.0
+%global psych_version 4.0.3
+%global racc_version 1.6.0
+%global rdoc_version 6.4.0
+%global stringio_version 3.0.1
 
 # Bundled gems.
-%global minitest_version 5.14.2
-%global power_assert_version 1.2.0
-%global rake_version 13.0.3
-%global rbs_version 1.4.0
-%global test_unit_version 3.3.7
+%global minitest_version 5.15.0
+%global power_assert_version 2.0.1
+%global rake_version 13.0.6
+%global test_unit_version 3.5.3
 %global rexml_version 3.2.5
 %global rss_version 0.2.9
-%global typeprof_version 0.15.2
+%global net_ftp_version 0.1.3
+%global net_imap_version 0.2.2
+%global net_pop_version 0.1.1
+%global net_smtp_version 0.3.1
+%global matrix_version 0.4.2
+%global prime_version 0.1.2
+%global rbs_version 2.0.0
+%global typeprof_version 0.21.1
+%global debug_version 1.4.0
 
 %global tapset_libdir %(echo %{_libdir} | sed 's/64//')*
 
@@ -109,8 +119,8 @@ Source14: test_systemtap.rb
 
 # The load directive is supported since RPM 4.12, i.e. F21+. The build process
 # fails on older Fedoras.
-%{load:%{SOURCE4}}
-%{load:%{SOURCE5}}
+%{load %{SOURCE4}}
+%{load %{SOURCE5}}
 
 # Fix ruby_version abuse.
 # https://bugs.ruby-lang.org/issues/11002
@@ -138,95 +148,9 @@ Patch5: ruby-1.9.3-mkmf-verbose.patch
 # https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org/message/LH6L6YJOYQT4Y5ZNOO4SLIPTUWZ5V45Q/
 # For now, load the ABRT hook via this simple patch:
 Patch6: ruby-2.7.0-Initialize-ABRT-hook.patch
-# Workaround "an invalid stdio handle" error on PPC, due to recently introduced
-# hardening features of glibc (rhbz#1361037).
-# https://bugs.ruby-lang.org/issues/12666
-Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
-# Fix DWARF5 support.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1920533
-# https://bugs.ruby-lang.org/issues/17585
-# https://github.com/ruby/ruby/pull/4240
-Patch15: ruby-3.1.0-Support-GCCs-DWARF-5.patch
-# Fix segfaults with enabled LTO.
-# https://bugs.ruby-lang.org/issues/18062
-# https://github.com/ruby/ruby/pull/4716
-Patch16: ruby-3.1.0-Get-rid-of-type-punning-pointer-casts.patch
-# DWARF5/LTO fixes for SIGSEV handler.
-# https://bugs.ruby-lang.org/issues/17052
-# https://github.com/ruby/ruby/commit/72317b333b85eed483ad00bcd4f40944019a7c13
-Patch17: ruby-3.1.0-Ignore-DW_FORM_ref_addr.patch
-# https://bugs.ruby-lang.org/issues/17052#note-9
-# https://bugs.ruby-lang.org/attachments/download/8974/ruby-addr2line-DW_FORM_ref_addr.patch
-# https://github.com/ruby/ruby/commit/a9977ba2f9863e3fb1b2346589ebbca67d80536c
-Patch18: ruby-3.1.0-addr2line-DW_FORM_ref_addr.patch
 # Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
 # https://bugs.ruby-lang.org/issues/16492
 Patch19: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
-# Add AC_PROG_CC to make C++ compiler dependency optional on autoconf >= 2.70.
-# https://github.com/ruby/ruby/commit/912a8dcfc5369d840dcd6bf0f88ee0bac7d902d6
-Patch20: ruby-3.1.0-autoconf-2.70-add-ac-prog-cc.patch
-# Allow to exclude test with fully qualified name.
-# https://bugs.ruby-lang.org/issues/16936
-# https://github.com/ruby/ruby/pull/5026
-Patch21: ruby-3.1.0-Properly-exclude-test-cases.patch
-
-
-# OpenSSL 3.0 compatibility patches
-
-# Revert OpenSSL < 3.x enforcement.
-# https://github.com/ruby/openssl/commit/202ff1372a40a8adf9aac74bfe8a39141b0c57e5
-Patch30: ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch
-
-# Fix test broken by wrongly formatted distinguished name submitted to
-# `OpenSSL::X509::Name.parse`.
-# https://github.com/ruby/openssl/issues/470
-# https://github.com/rubygems/rubygems/pull/5030
-Patch31: rubygems-3.2.30-Provide-distinguished-name-which-will-be-correctly-p.patch
-
-# Refactor PEM/DER serialization code.
-# https://github.com/ruby/openssl/pull/328
-Patch40: ruby-3.1.0-Refactor-PEM-DER-serialization-code.patch
-# Implement more 'generic' operations using the EVP API.
-# https://github.com/ruby/openssl/pull/329
-Patch41: ruby-3.1.0-Add-more-support-for-generic-pkey-types.patch
-# Allow setting algorithm-specific options in #sign and #verify.
-# https://github.com/ruby/openssl/pull/374
-Patch42: ruby-3.1.0-Allow-setting-algorithm-specific-options-in-sign-and-verify.patch
-# Use high level EVP interface to generate parameters and keys.
-# https://github.com/ruby/openssl/pull/397
-Patch43: ruby-3.1.0-Use-high-level-EVP-interface-to-generate-parameters-and-keys.patch
-# Use EVP API in more places.
-# https://github.com/ruby/openssl/pull/436
-Patch44: ruby-3.1.0-Use-EVP-API-in-more-places.patch
-# Implement PKey#{encrypt,decrypt,sign_raw,verify_{raw,verify_recover}}.
-# https://github.com/ruby/openssl/pull/382
-Patch45: ruby-3.1.0-Implement-PKey-encrypt-decrypt-sign_raw-verify_raw-and-verify_recover.patch
-# Fix `OpenSSL::TestSSL#test_dup` test failure.
-# https://github.com/ruby/openssl/commit/7b66eaa2dbabb6570dbbbdfac24c4dcdcc6793d7
-Patch46: ruby-3.1.0-test-openssl-utils-remove-dup_public-helper-method.patch
-# Fix `OpenSSL::TestDigest#test_digest_constants` test case.
-# https://github.com/ruby/openssl/commit/a3e59f4c2e200c76ef1d93945ff8737a05715e17
-Patch47: ruby-3.1.0-test-openssl-test_digest-do-not-test-constants-for-l.patch
-# Fix `OpenSSL::TestSSL#test_connect_certificate_verify_failed_exception_message`
-# test case.
-# https://github.com/ruby/openssl/commit/b5a0a198505452c7457b192da2e5cd5dda04f23d
-Patch48: ruby-3.1.0-test-openssl-test_ssl-relax-regex-to-match-OpenSSL-s.patch
-# Fix `OpenSSL::TestPKCS12#test_{new_with_no_keys,new_with_one_key_and_one_cert}`
-# test failures.
-# https://github.com/ruby/openssl/commit/998406d18f2acf73090e9fd9d92a7b4227ac593b
-Patch49: ruby-3.1.0-test-openssl-test_pkcs12-fix-test-failures-with-Open.patch
-# Fix `OpenSSL::TestPKey#test_s_generate_key` test case.
-# https://github.com/ruby/openssl/commit/c732387ee5aaa8c5a9717e8b3ffebb3d7430e99a
-Patch50: ruby-3.1.0-test-openssl-test_pkey-use-EC-keys-for-PKey.generate.patch
-# Miscellaneous changes for OpenSSL 3.0 support.
-# https://github.com/ruby/openssl/pull/468
-Patch51: ruby-3.1.0-Miscellaneous-changes-for-OpenSSL-3.0-support.patch
-# Support OpenSSL 3.0.
-# https://github.com/ruby/openssl/pull/399
-Patch52: ruby-3.1.0-Support-OpenSSL-3.0.patch
-# Fix `TestPumaControlCli#test_control_ssl` testcase in Puma.
-# https://github.com/ruby/openssl/pull/399#issuecomment-966239736
-Patch53: ruby-3.1.0-SSL_read-EOF-handling.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -234,7 +158,6 @@ Recommends: ruby(rubygems) >= %{rubygems_version}
 Recommends: rubygem(bigdecimal) >= %{bigdecimal_version}
 
 BuildRequires: autoconf
-BuildRequires: gdbm-devel
 %{?with_gmp:BuildRequires: gmp-devel}
 BuildRequires: libffi-devel
 BuildRequires: openssl-devel
@@ -362,6 +285,7 @@ Obsoletes: rubygem-racc < 1.4.16-130
 # Obsoleted by Ruby 3.0 in F34 timeframe.
 Obsoletes: rubygem-openssl < 2.2.0-145
 Provides: rubygem(openssl) = %{openssl_version}-%{release}
+Provides: rubygem(stringio) = %{stringio_version}
 BuildArch:  noarch
 
 %description default-gems
@@ -399,6 +323,7 @@ Requires:   ruby(release)
 Requires:   ruby(rubygems) >= %{rubygems_version}
 Requires:   rubygem(io-console) >= %{io_console_version}
 Requires:   rubygem(json) >= %{json_version}
+Requires:   rubygem(psych) >= %{psych_version}
 Provides:   rdoc = %{version}-%{release}
 Provides:   ri = %{version}-%{release}
 Provides:   rubygem(rdoc) = %{version}-%{release}
@@ -474,6 +399,7 @@ Version:    %{psych_version}
 License:    MIT
 Requires:   ruby(release)
 Requires:   ruby(rubygems) >= %{rubygems_version}
+Requires:   rubygem(stringio) >= %{stringio_version}
 Provides:   rubygem(psych) = %{version}-%{release}
 
 %description -n rubygem-psych
@@ -511,6 +437,22 @@ many machines, systematically and repeatably.
 # These are regular packages, which might be installed just optionally. Users
 # should list them among their dependencies (in Gemfile).
 
+%package bundled-gems
+Summary:    Bundled gems which are part of Ruby StdLib
+Requires:   ruby(rubygems) >= %{rubygems_version}
+Provides:   rubygem(net-ftp) = %{net_ftp_version}
+Provides:   rubygem(net-imap) = %{net_imap_version}
+Provides:   rubygem(net-pop) = %{net_pop_version}
+Provides:   rubygem(net-smtp) = %{net_smtp_version}
+Provides:   rubygem(matrix) = %{matrix_version}
+Provides:   rubygem(prime) = %{prime_version}
+Provides:   rubygem(debug) = %{debug_version}
+
+%description bundled-gems
+Bundled gems which are part of Ruby StdLib. While being part of Ruby, these
+needs to be listed in Gemfile to be used by Bundler.
+
+
 %package -n rubygem-minitest
 Summary:    Minitest provides a complete suite of testing facilities
 Version:    %{minitest_version}
@@ -572,7 +514,6 @@ License:    Ruby or BSD
 Requires:   ruby(release)
 Requires:   ruby(rubygems) >= %{rubygems_version}
 Provides:   rubygem(rbs) = %{version}-%{release}
-BuildArch:  noarch
 
 %description -n rubygem-rbs
 RBS is the language for type signatures for Ruby and standard library
@@ -670,30 +611,7 @@ rm -rf ext/fiddle/libffi*
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
-%patch9 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
 %patch19 -p1
-%patch20 -p1
-%patch21 -p1
-%patch30 -p1 -R
-%patch31 -p1
-%patch40 -p1
-%patch41 -p1
-%patch42 -p1
-%patch43 -p1
-%patch44 -p1
-%patch45 -p1
-%patch46 -p1
-%patch47 -p1
-%patch48 -p1
-%patch49 -p1
-%patch50 -p1
-%patch51 -p1
-%patch52 -p1
-%patch53 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -727,6 +645,14 @@ autoconf
 
 %install
 rm -rf %{buildroot}
+
+# Workaround binary extensions installation issues.
+# https://bugs.ruby-lang.org/issues/18373
+find .bundle -name extconf.rb -exec \
+  sed -i \
+    -e '/create_makefile/i \$arch_hdrdir = "$(hdrdir)/../.ext/include/$(arch)"' \
+    -e '/create_makefile/i \$DLDFLAGS << " -L#{$top_srcdir}"' {} \;
+
 %make_install
 
 # TODO: Regenerate RBS parser in lib/rbs/parser.rb
@@ -849,10 +775,16 @@ ln -s %{_libdir}/gems/%{name}/psych-%{psych_version}/psych.so %{buildroot}%{ruby
 
 # Move the binary extensions into proper place (if no gem has binary extension,
 # the extensions directory might be empty).
+# TODO: Get information about extension form .gemspec files.
 find %{buildroot}%{gem_dir}/extensions/*-%{_target_os}/%{ruby_version}/* -maxdepth 0 \
+  -exec rm '{}/gem_make.out' \; \
   -exec mv '{}' %{buildroot}%{_libdir}/gems/%{name}/ \; \
   || echo "No gem binary extensions to move."
 
+# Remove the extension sources and library copies from `lib` dir.
+find %{buildroot}%{gem_dir}/gems/*/ext -maxdepth 0 -exec rm -rf '{}' +
+find %{buildroot}%{gem_dir}/gems/*/lib -name \*.so -delete
+
 # Move man pages into proper location
 mkdir -p %{buildroot}%{_mandir}/man{1,5}
 mv %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/doc/rake.1 %{buildroot}%{_mandir}/man1
@@ -928,7 +860,10 @@ checksec --file=libruby.so.%{ruby_version} | \
   == '%{bundler_molinillo_version}' ]
 
 # Net::HTTP::Persistent.
-[ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
+# Require `rubygems` to workaround the `<class:Wrapper>': uninitialized
+# constant Gem (NameError) issue.
+# https://github.com/rubygems/rubygems/issues/5119
+[ "`make runruby TESTRUN_SCRIPT=\"-rrubygems -e \\\" \
   module Bundler; module Persistent; module Net; module HTTP; \
   end; end; end; end; \
   require 'bundler/vendor/net-http-persistent/lib/net/http/persistent'; \
@@ -972,12 +907,15 @@ MSPECOPTS=""
 # Avoid `hostname' dependency.
 %{!?with_hostname:MSPECOPTS="-P 'Socket.gethostname returns the host name'"}
 
-# Some tests are failing upstream due to OpenSSL 3.x compatibility.
-# https://github.com/ruby/openssl/pull/399/checks?check_run_id=3716152870
-DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestEC#test_check_key/"
-DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestPKeyDH#test_derive_key/"
-DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestPKeyDH#test_key_exchange/"
-DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
+# https://bugs.ruby-lang.org/issues/18380
+DISABLE_TESTS="$DISABLE_TESTS -n !/TestAddressResolve#test_socket_getnameinfo_domain_blocking/"
+
+%ifarch armv7hl
+# TestReadline#test_interrupt_in_other_thread fails on 32 bit arches according
+# to upstream, but the test is disabled just on Travis, not in test suite.
+# https://bugs.ruby-lang.org/issues/18393
+DISABLE_TESTS="$DISABLE_TESTS -n !/TestReadline#test_interrupt_in_other_thread/"
+%endif
 
 # Give an option to increase the timeout in tests.
 # https://bugs.ruby-lang.org/issues/16921
@@ -1036,28 +974,26 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libdir}/coverage.rb
 %{ruby_libdir}/csv*
 %{ruby_libdir}/date.rb
-%{ruby_libdir}/debug.rb
 %{ruby_libdir}/delegate*
 %{ruby_libdir}/digest*
 %{ruby_libdir}/drb*
 %{ruby_libdir}/English.rb
-%{ruby_libdir}/erb.rb
+%{ruby_libdir}/erb*
+%{ruby_libdir}/error_highlight*
 %{ruby_libdir}/expect.rb
 %{ruby_libdir}/fiddle*
 %{ruby_libdir}/fileutils.rb
 %{ruby_libdir}/find.rb
 %{ruby_libdir}/forwardable*
 %{ruby_libdir}/getoptlong*
-%{ruby_libdir}/io
 %{ruby_libdir}/ipaddr.rb
 %{ruby_libdir}/kconv.rb
 %{ruby_libdir}/logger*
-%{ruby_libdir}/matrix*
 %{ruby_libdir}/mkmf.rb
 %{ruby_libdir}/monitor.rb
 %{ruby_libdir}/mutex_m.rb
 %{ruby_libdir}/net
-%{ruby_libdir}/objspace.rb
+%{ruby_libdir}/objspace*
 %{ruby_libdir}/observer*
 %{ruby_libdir}/open-uri.rb
 %{ruby_libdir}/open3*
@@ -1067,8 +1003,8 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libdir}/pathname.rb
 %{ruby_libdir}/pp.rb
 %{ruby_libdir}/prettyprint.rb
-%{ruby_libdir}/prime.rb
 %{ruby_libdir}/pstore*
+%{ruby_libdir}/random
 %{ruby_libdir}/readline.rb
 %{ruby_libdir}/reline*
 %{ruby_libdir}/resolv.rb
@@ -1085,7 +1021,6 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libdir}/timeout*
 %{ruby_libdir}/time.rb
 %{ruby_libdir}/tmpdir.rb
-%{ruby_libdir}/tracer*
 %{ruby_libdir}/tsort.rb
 %{ruby_libdir}/unicode_normalize
 %{ruby_libdir}/un.rb
@@ -1094,14 +1029,13 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libdir}/yaml*
 
 # Platform specific libraries.
-%{_libdir}/libruby.so.*
+%{_libdir}/libruby.so.{%{major_minor_version},%{ruby_version}}
 %dir %{ruby_libarchdir}
 %dir %{ruby_libarchdir}/cgi
 %{ruby_libarchdir}/cgi/escape.so
 %{ruby_libarchdir}/continuation.so
 %{ruby_libarchdir}/coverage.so
 %{ruby_libarchdir}/date_core.so
-%{ruby_libarchdir}/dbm.so
 %dir %{ruby_libarchdir}/digest
 %{ruby_libarchdir}/digest.so
 %{ruby_libarchdir}/digest/bubblebabble.so
@@ -1174,9 +1108,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libarchdir}/enc/windows_31j.so
 %{ruby_libarchdir}/etc.so
 %{ruby_libarchdir}/fcntl.so
-%{ruby_libarchdir}/fiber.so
 %{ruby_libarchdir}/fiddle.so
-%{ruby_libarchdir}/gdbm.so
 %dir %{ruby_libarchdir}/io
 %{ruby_libarchdir}/io/nonblock.so
 %{ruby_libarchdir}/io/wait.so
@@ -1237,77 +1169,69 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 
 %files default-gems
 %{gem_dir}/specifications/default/abbrev-0.1.0.gemspec
-%{gem_dir}/specifications/default/base64-0.1.0.gemspec
-%{gem_dir}/specifications/default/benchmark-0.1.1.gemspec
-%{gem_dir}/specifications/default/cgi-0.2.1.gemspec
-%{gem_dir}/specifications/default/csv-3.1.9.gemspec
-%{gem_dir}/specifications/default/date-3.1.3.gemspec
-%{gem_dir}/specifications/default/dbm-1.1.0.gemspec
-%{gem_dir}/specifications/default/debug-0.2.1.gemspec
+%{gem_dir}/specifications/default/base64-0.1.1.gemspec
+%{gem_dir}/specifications/default/benchmark-0.2.0.gemspec
+%{gem_dir}/specifications/default/cgi-0.3.1.gemspec
+%{gem_dir}/specifications/default/csv-3.2.2.gemspec
+%{gem_dir}/specifications/default/date-3.2.2.gemspec
 %{gem_dir}/specifications/default/delegate-0.2.0.gemspec
 %{gem_dir}/specifications/default/did_you_mean-%{did_you_mean_version}.gemspec
-%{gem_dir}/specifications/default/digest-3.0.0.gemspec
-%{gem_dir}/specifications/default/drb-2.0.5.gemspec
+%{gem_dir}/specifications/default/digest-3.1.0.gemspec
+%{gem_dir}/specifications/default/drb-2.1.0.gemspec
 %{gem_dir}/specifications/default/english-0.7.1.gemspec
 %{gem_dir}/specifications/default/erb-%{erb_version}.gemspec
+%{gem_dir}/specifications/default/error_highlight-0.3.0.gemspec
 %{gem_dir}/specifications/default/etc-1.3.0.gemspec
 %{gem_dir}/specifications/default/fcntl-1.0.1.gemspec
-%{gem_dir}/specifications/default/fiddle-1.0.8.gemspec
-%{gem_dir}/specifications/default/fileutils-1.5.0.gemspec
-%{gem_dir}/specifications/default/find-0.1.0.gemspec
+%{gem_dir}/specifications/default/fiddle-1.1.0.gemspec
+%{gem_dir}/specifications/default/fileutils-1.6.0.gemspec
+%{gem_dir}/specifications/default/find-0.1.1.gemspec
 %{gem_dir}/specifications/default/forwardable-1.3.2.gemspec
-%{gem_dir}/specifications/default/gdbm-2.1.0.gemspec
 %{gem_dir}/specifications/default/getoptlong-0.1.1.gemspec
 %{gem_dir}/specifications/default/io-nonblock-0.1.0.gemspec
-%{gem_dir}/specifications/default/io-wait-0.2.0.gemspec
-%{gem_dir}/specifications/default/ipaddr-1.2.2.gemspec
-%{gem_dir}/specifications/default/logger-1.4.3.gemspec
-%{gem_dir}/specifications/default/matrix-0.3.1.gemspec
+%{gem_dir}/specifications/default/io-wait-0.2.1.gemspec
+%{gem_dir}/specifications/default/ipaddr-1.2.3.gemspec
+%{gem_dir}/specifications/default/logger-1.5.0.gemspec
 %{gem_dir}/specifications/default/mutex_m-0.1.1.gemspec
-%{gem_dir}/specifications/default/net-ftp-0.1.2.gemspec
-%{gem_dir}/specifications/default/net-http-0.1.1.gemspec
-%{gem_dir}/specifications/default/net-imap-0.1.1.gemspec
-%{gem_dir}/specifications/default/net-pop-0.1.1.gemspec
-%{gem_dir}/specifications/default/net-protocol-0.1.1.gemspec
-%{gem_dir}/specifications/default/net-smtp-0.2.1.gemspec
-%{gem_dir}/specifications/default/nkf-0.1.0.gemspec
+%{gem_dir}/specifications/default/net-http-0.2.0.gemspec
+%{gem_dir}/specifications/default/net-protocol-0.1.2.gemspec
+%{gem_dir}/specifications/default/nkf-0.1.1.gemspec
 %{gem_dir}/specifications/default/observer-0.1.1.gemspec
 %{gem_dir}/specifications/default/open3-0.1.1.gemspec
-%{gem_dir}/specifications/default/open-uri-0.1.0.gemspec
-%{gem_dir}/specifications/default/optparse-0.1.1.gemspec
+%{gem_dir}/specifications/default/open-uri-0.2.0.gemspec
+%{gem_dir}/specifications/default/optparse-0.2.0.gemspec
 %{gem_dir}/specifications/default/openssl-%{openssl_version}.gemspec
-%{gem_dir}/specifications/default/ostruct-0.3.1.gemspec
-%{gem_dir}/specifications/default/pathname-0.1.0.gemspec
-%{gem_dir}/specifications/default/pp-0.2.1.gemspec
+%{gem_dir}/specifications/default/ostruct-0.5.2.gemspec
+%{gem_dir}/specifications/default/pathname-0.2.0.gemspec
+%{gem_dir}/specifications/default/pp-0.3.0.gemspec
 %{gem_dir}/specifications/default/prettyprint-0.1.1.gemspec
-%{gem_dir}/specifications/default/prime-0.1.2.gemspec
 %{gem_dir}/specifications/default/pstore-0.1.1.gemspec
 %{gem_dir}/specifications/default/racc-%{racc_version}.gemspec
-%{gem_dir}/specifications/default/readline-0.0.2.gemspec
-%{gem_dir}/specifications/default/readline-ext-0.1.1.gemspec
-%{gem_dir}/specifications/default/reline-0.2.5.gemspec
+%{gem_dir}/specifications/default/readline-0.0.3.gemspec
+%{gem_dir}/specifications/default/readline-ext-0.1.4.gemspec
+%{gem_dir}/specifications/default/reline-0.3.0.gemspec
 %{gem_dir}/specifications/default/resolv-0.2.1.gemspec
 %{gem_dir}/specifications/default/resolv-replace-0.1.0.gemspec
 %{gem_dir}/specifications/default/rinda-0.1.1.gemspec
-%{gem_dir}/specifications/default/securerandom-0.1.0.gemspec
-%{gem_dir}/specifications/default/set-1.0.1.gemspec
+%{gem_dir}/specifications/default/ruby2_keywords-0.0.5.gemspec
+%{gem_dir}/specifications/default/securerandom-0.1.1.gemspec
+%{gem_dir}/specifications/default/set-1.0.2.gemspec
 %{gem_dir}/specifications/default/shellwords-0.1.0.gemspec
 %{gem_dir}/specifications/default/singleton-0.1.1.gemspec
-%{gem_dir}/specifications/default/stringio-3.0.1.gemspec
+%{gem_dir}/specifications/default/stringio-%{stringio_version}.gemspec
 %{gem_dir}/specifications/default/strscan-3.0.1.gemspec
 %{gem_dir}/specifications/default/syslog-0.1.0.gemspec
-%{gem_dir}/specifications/default/tempfile-0.1.1.gemspec
-%{gem_dir}/specifications/default/time-0.1.0.gemspec
-%{gem_dir}/specifications/default/timeout-0.1.1.gemspec
+%{gem_dir}/specifications/default/tempfile-0.1.2.gemspec
+%{gem_dir}/specifications/default/time-0.2.0.gemspec
+%{gem_dir}/specifications/default/timeout-0.2.0.gemspec
 %{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec
 %{gem_dir}/specifications/default/tsort-0.1.0.gemspec
-%{gem_dir}/specifications/default/tracer-0.1.1.gemspec
-%{gem_dir}/specifications/default/un-0.1.0.gemspec
-%{gem_dir}/specifications/default/uri-0.10.1.gemspec
+%{gem_dir}/specifications/default/un-0.2.0.gemspec
+%{gem_dir}/specifications/default/uri-0.11.0.gemspec
 %{gem_dir}/specifications/default/weakref-0.1.1.gemspec
 #%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec
-%{gem_dir}/specifications/default/yaml-0.1.1.gemspec
-%{gem_dir}/specifications/default/zlib-2.0.0.gemspec
+%{gem_dir}/specifications/default/yaml-0.2.0.gemspec
+%{gem_dir}/specifications/default/zlib-2.1.1.gemspec
 
 %{gem_dir}/gems/erb-%{erb_version}
 # Use standalone rubygem-racc if Racc binary is required. Shipping this
@@ -1363,7 +1287,8 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{ruby_libdir}/psych.rb
 %{ruby_libarchdir}/psych.so
 %{_libdir}/gems/%{name}/psych-%{psych_version}
-%{gem_dir}/gems/psych-%{psych_version}
+%dir %{gem_dir}/gems/psych-%{psych_version}
+%{gem_dir}/gems/psych-%{psych_version}/lib
 %{gem_dir}/specifications/psych-%{psych_version}.gemspec
 
 %files -n rubygem-bundler
@@ -1374,15 +1299,95 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{_mandir}/man1/bundle*.1*
 %{_mandir}/man5/gemfile.5*
 
+%files bundled-gems
+%{_bindir}/rdbg
+%dir %{_libdir}/gems/%{name}/debug-%{debug_version}
+%{_libdir}/gems/%{name}/debug-%{debug_version}/gem.build_complete
+%dir %{_libdir}/gems/%{name}/debug-%{debug_version}/debug
+%{_libdir}/gems/%{name}/debug-%{debug_version}/debug/debug.so
+%dir %{gem_dir}/gems/debug-%{debug_version}
+%exclude %{gem_dir}/gems/debug-%{debug_version}/.*
+%doc %{gem_dir}/gems/debug-%{debug_version}/CONTRIBUTING.md
+%{gem_dir}/gems/debug-%{debug_version}/Gemfile
+%license %{gem_dir}/gems/debug-%{debug_version}/LICENSE.txt
+%doc %{gem_dir}/gems/debug-%{debug_version}/README.md
+%{gem_dir}/gems/debug-%{debug_version}/Rakefile
+%doc %{gem_dir}/gems/debug-%{debug_version}/TODO.md
+%{gem_dir}/gems/debug-%{debug_version}/bin
+%{gem_dir}/gems/debug-%{debug_version}/exe
+%{gem_dir}/gems/debug-%{debug_version}/lib
+%{gem_dir}/gems/debug-%{debug_version}/misc
+%{gem_dir}/specifications/debug-%{debug_version}.gemspec
+
+%dir %{gem_dir}/gems/net-ftp-%{net_ftp_version}
+%{gem_dir}/gems/net-ftp-%{net_ftp_version}/Gemfile
+%license %{gem_dir}/gems/net-ftp-%{net_ftp_version}/LICENSE.txt
+%doc %{gem_dir}/gems/net-ftp-%{net_ftp_version}/README.md
+%{gem_dir}/gems/net-ftp-%{net_ftp_version}/Rakefile
+%{gem_dir}/gems/net-ftp-%{net_ftp_version}/bin
+%{gem_dir}/gems/net-ftp-%{net_ftp_version}/lib
+%{gem_dir}/specifications/net-ftp-%{net_ftp_version}.gemspec
+
+%dir %{gem_dir}/gems/net-imap-%{net_imap_version}
+%{gem_dir}/gems/net-imap-%{net_imap_version}/Gemfile
+%license %{gem_dir}/gems/net-imap-%{net_imap_version}/LICENSE.txt
+%doc %{gem_dir}/gems/net-imap-%{net_imap_version}/README.md
+%{gem_dir}/gems/net-imap-%{net_imap_version}/Rakefile
+%{gem_dir}/gems/net-imap-%{net_imap_version}/bin
+%{gem_dir}/gems/net-imap-%{net_imap_version}/lib
+%{gem_dir}/specifications/net-imap-%{net_imap_version}.gemspec
+
+%dir %{gem_dir}/gems/net-pop-%{net_pop_version}
+%{gem_dir}/gems/net-pop-%{net_pop_version}/Gemfile
+%license %{gem_dir}/gems/net-pop-%{net_pop_version}/LICENSE.txt
+%doc %{gem_dir}/gems/net-pop-%{net_pop_version}/README.md
+%{gem_dir}/gems/net-pop-%{net_pop_version}/Rakefile
+%{gem_dir}/gems/net-pop-%{net_pop_version}/bin
+%{gem_dir}/gems/net-pop-%{net_pop_version}/lib
+%{gem_dir}/specifications/net-pop-%{net_pop_version}.gemspec
+
+%dir %{gem_dir}/gems/net-smtp-%{net_smtp_version}
+%license %{gem_dir}/gems/net-smtp-%{net_smtp_version}/LICENSE.txt
+%{gem_dir}/gems/net-smtp-%{net_smtp_version}/lib
+%{gem_dir}/specifications/net-smtp-%{net_smtp_version}.gemspec
+
+%dir %{gem_dir}/gems/matrix-%{matrix_version}
+%license %{gem_dir}/gems/matrix-%{matrix_version}/LICENSE.txt
+%{gem_dir}/gems/matrix-%{matrix_version}/lib
+%{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
+
+%dir %{gem_dir}/gems/prime-%{prime_version}
+%{gem_dir}/gems/prime-%{prime_version}/Gemfile
+%license %{gem_dir}/gems/prime-%{prime_version}/LICENSE.txt
+%doc %{gem_dir}/gems/prime-%{prime_version}/README.md
+%{gem_dir}/gems/prime-%{prime_version}/Rakefile
+%{gem_dir}/gems/prime-%{prime_version}/bin
+%{gem_dir}/gems/prime-%{prime_version}/lib
+%{gem_dir}/specifications/prime-%{prime_version}.gemspec
+
 %files -n rubygem-minitest
-%{gem_dir}/gems/minitest-%{minitest_version}
+%dir %{gem_dir}/gems/minitest-%{minitest_version}
 %exclude %{gem_dir}/gems/minitest-%{minitest_version}/.*
+%{gem_dir}/gems/minitest-%{minitest_version}/Manifest.txt
+%{gem_dir}/gems/minitest-%{minitest_version}/design_rationale.rb
+%{gem_dir}/gems/minitest-%{minitest_version}/lib
 %{gem_dir}/specifications/minitest-%{minitest_version}.gemspec
+%doc %{gem_dir}/gems/minitest-%{minitest_version}/History.rdoc
+%doc %{gem_dir}/gems/minitest-%{minitest_version}/README.rdoc
+%{gem_dir}/gems/minitest-%{minitest_version}/Rakefile
+%{gem_dir}/gems/minitest-%{minitest_version}/test
 
 %files -n rubygem-power_assert
-%{gem_dir}/gems/power_assert-%{power_assert_version}
+%dir %{gem_dir}/gems/power_assert-%{power_assert_version}
 %exclude %{gem_dir}/gems/power_assert-%{power_assert_version}/.*
+%license %{gem_dir}/gems/power_assert-%{power_assert_version}/BSDL
+%license %{gem_dir}/gems/power_assert-%{power_assert_version}/COPYING
+%license %{gem_dir}/gems/power_assert-%{power_assert_version}/LEGAL
+%{gem_dir}/gems/power_assert-%{power_assert_version}/lib
 %{gem_dir}/specifications/power_assert-%{power_assert_version}.gemspec
+%{gem_dir}/gems/power_assert-%{power_assert_version}/Gemfile
+%doc %{gem_dir}/gems/power_assert-%{power_assert_version}/README.md
+%{gem_dir}/gems/power_assert-%{power_assert_version}/Rakefile
 
 %files -n rubygem-rake
 %{_bindir}/rake
@@ -1392,6 +1397,9 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 
 %files -n rubygem-rbs
 %{_bindir}/rbs
+%dir %{_libdir}/gems/%{name}/rbs-%{rbs_version}
+%{_libdir}/gems/%{name}/rbs-%{rbs_version}/gem.build_complete
+%{_libdir}/gems/%{name}/rbs-%{rbs_version}/rbs_extension.so
 %dir %{gem_dir}/gems/rbs-%{rbs_version}
 %exclude %{gem_dir}/gems/rbs-%{rbs_version}/.*
 %license %{gem_dir}/gems/rbs-%{rbs_version}/BSDL
@@ -1413,8 +1421,16 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %{gem_dir}/specifications/rbs-%{rbs_version}.gemspec
 
 %files -n rubygem-test-unit
-%{gem_dir}/gems/test-unit-%{test_unit_version}
+%dir %{gem_dir}/gems/test-unit-%{test_unit_version}
+%license %{gem_dir}/gems/test-unit-%{test_unit_version}/BSDL
+%license %{gem_dir}/gems/test-unit-%{test_unit_version}/COPYING
+%license %{gem_dir}/gems/test-unit-%{test_unit_version}/PSFL
+%{gem_dir}/gems/test-unit-%{test_unit_version}/lib
+%{gem_dir}/gems/test-unit-%{test_unit_version}/sample
 %{gem_dir}/specifications/test-unit-%{test_unit_version}.gemspec
+%doc %{gem_dir}/gems/test-unit-%{test_unit_version}/README.md
+%{gem_dir}/gems/test-unit-%{test_unit_version}/Rakefile
+%doc %{gem_dir}/gems/test-unit-%{test_unit_version}/doc
 
 %files -n rubygem-rexml
 %dir %{gem_dir}/gems/rexml-%{rexml_version}
@@ -1444,18 +1460,19 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/OpenSSL::TestCipher#test_ciphers/"
 %license %{gem_dir}/gems/typeprof-%{typeprof_version}/LICENSE
 %{gem_dir}/gems/typeprof-%{typeprof_version}/exe
 %{gem_dir}/gems/typeprof-%{typeprof_version}/lib
-%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/smoke
 %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/tools
+%exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/typeprof-lsp
+%exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/vscode
 %{gem_dir}/specifications/typeprof-%{typeprof_version}.gemspec
 %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/Gemfile*
 %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/README.md
 %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/Rakefile
-%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/doc
-%lang(ja) %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/doc/doc.ja.md
-%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/testbed
 
 
 %changelog
+* Wed Dec 01 2021 Vít Ondruch <vondruch@redhat.com> - 3.1.0-1
+- Upgrade to Ruby 3.1.0.
+
 * Thu Nov 25 2021 Vít Ondruch <vondruch@redhat.com> - 3.0.2-154
 - Upgrade to Ruby 3.0.3.
 

rubygems-3.2.30-Provide-distinguished-name-which-will-be-correctly-p.patch

@@ -1,44 +0,0 @@
-From bb0f57aeb4de36a3b2b8b8cb01d25b32af0357d3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
-Date: Wed, 27 Oct 2021 16:28:24 +0200
-Subject: [PATCH] Provide distinguished name which will be correctly parsed.
-
-It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
-submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
-does not contain the first slash:
-
-~~~
-$ ruby -v
-ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
-
-$ gem list | grep openssl
-openssl (default: 2.2.0)
-
-$ irb -r openssl
-irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
-=> "CN = nobody/DC=example"
-irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
-=> "CN = nobody, DC = example"
-~~~
-
-[1]: https://github.com/ruby/openssl/commit/19c67cd10c57f3ab7b13966c36431ebc3fdd653b
----
- lib/rubygems/security.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb
-index c80639af6d..12de141f36 100644
---- a/lib/rubygems/security.rb
-+++ b/lib/rubygems/security.rb
-@@ -510,7 +510,7 @@ def self.email_to_name(email_address)
- 
-     dcs = dcs.split '.'
- 
--    name = "CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
-+    name = "/CN=#{cn}/#{dcs.map {|dc| "DC=#{dc}" }.join '/'}"
- 
-     OpenSSL::X509::Name.parse name
-   end
--- 
-2.32.0
-

sources

@@ -1 +1 @@
-SHA512 (ruby-3.0.3.tar.xz) = bb9ea426278d5a7ac46595296f03b82d43df8b7db41045cdf85611e05e26c703c53f700494cd7cf5d4c27fa953bdc5c144317d7720812db0a6e3b6f4bc4d2e00
+SHA512 (ruby-3.1.0.tar.xz) = a2bb6b5e62d5fa06dd9c30cf84ddcb2c27cb87fbaaffd2309a44391a6b110e1dde6b7b0d8c659b56387ee3c9b4264003f3532d5a374123a7c187ebba9293f320