ruby/backport-CVE-2025-27219.patch

From 2c2d89e7cce0c81d9e63bb29c0e65b0436885af1 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 21 Feb 2025 16:01:17 +0900
Subject: [PATCH 1/2] Use String#concat instead of String#+ for reducing cpu
 usage

Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>
---
 lib/cgi/cookie.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index 9498e2f..1c4ef6a 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -190,9 +190,10 @@ class CGI
         values ||= ""
         values = values.split('&').collect{|v| CGI.unescape(v,@@accept_charset) }
         if cookies.has_key?(name)
-          values = cookies[name].value + values
+          cookies[name].concat(values)
+        else
+          cookies[name] = Cookie.new(name, *values)
         end
-        cookies[name] = Cookie.new(name, *values)
       end
 
       cookies
-- 
2.33.0
fix CVE-2025-27219 CVE-2025-27220 CVE-2025-27221 2025-02-28 16:14:19 +08:00			`From 2c2d89e7cce0c81d9e63bb29c0e65b0436885af1 Mon Sep 17 00:00:00 2001`
			`From: Hiroshi SHIBATA <hsbt@ruby-lang.org>`
			`Date: Fri, 21 Feb 2025 16:01:17 +0900`
			`Subject: [PATCH 1/2] Use String#concat instead of String#+ for reducing cpu`
			`usage`

			`Co-authored-by: "Yusuke Endoh" <mame@ruby-lang.org>`
			`---`
			`lib/cgi/cookie.rb \| 5 +++--`
			`1 file changed, 3 insertions(+), 2 deletions(-)`

			`diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb`
			`index 9498e2f..1c4ef6a 100644`
			`--- a/lib/cgi/cookie.rb`
			`+++ b/lib/cgi/cookie.rb`
			`@@ -190,9 +190,10 @@ class CGI`
			`values \|\|= ""`
			`values = values.split('&').collect{\|v\| CGI.unescape(v,@@accept_charset) }`
			`if cookies.has_key?(name)`
			`- values = cookies[name].value + values`
			`+ cookies[name].concat(values)`
			`+ else`
			`+ cookies[name] = Cookie.new(name, *values)`
			`end`
			`- cookies[name] = Cookie.new(name, *values)`
			`end`

			`cookies`
			`--`
			`2.33.0`