[AutoPR- Security] Patch ruby for CVE-2026-27820 [LOW]

SPECS/ruby/CVE-2026-27820.patch

@@ -0,0 +1,60 @@
+From d5c7a178c764c7cad373e56b9177fcabb8c5b5f8 Mon Sep 17 00:00:00 2001
+From: Nobuyoshi Nakada <nobu@ruby-lang.org>
+Date: Wed, 26 Nov 2025 22:30:27 +0900
+Subject: [PATCH] Fix buffer overflow at ungetc
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: https://github.com/ruby/zlib/commit/6cc139d87c498e60bcf38bc9e4f2ac0f2faa0eb1.patch
+---
+ ext/zlib/zlib.c        |  4 +---
+ test/zlib/test_zlib.rb | 19 +++++++++++++++++++
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/ext/zlib/zlib.c b/ext/zlib/zlib.c
+index 3db4d25..6c83428 100644
+--- a/ext/zlib/zlib.c
++++ b/ext/zlib/zlib.c
+@@ -851,9 +851,7 @@ zstream_buffer_ungets(struct zstream *z, const Bytef *b, unsigned long len)
+     char *bufptr;
+     long filled;
+
+-    if (NIL_P(z->buf) || (long)rb_str_capacity(z->buf) <= ZSTREAM_BUF_FILLED(z)) {
+-	zstream_expand_buffer_into(z, len);
+-    }
++    zstream_expand_buffer_into(z, len);
+
+     RSTRING_GETMEM(z->buf, bufptr, filled);
+     memmove(bufptr + len, bufptr, filled);
+diff --git a/test/zlib/test_zlib.rb b/test/zlib/test_zlib.rb
+index 502ccce..0609eff 100644
+--- a/test/zlib/test_zlib.rb
++++ b/test/zlib/test_zlib.rb
+@@ -876,6 +876,25 @@ if defined? Zlib
+       assert_equal(-1, r.pos, "[ruby-core:81488][Bug #13616]")
+     end
+
++    def test_ungetc_buffer_underflow
++      initial_bufsize = 1024
++      payload = "A" * initial_bufsize
++      gzip_io = StringIO.new
++      Zlib::GzipWriter.wrap(gzip_io) { |gz| gz.write(payload) }
++      compressed = gzip_io.string
++
++      reader = Zlib::GzipReader.new(StringIO.new(compressed))
++      reader.read(1)
++      overflow_bytes = "B" * (initial_bufsize)
++      reader.ungetc(overflow_bytes)
++      data = reader.read(overflow_bytes.bytesize)
++      assert_equal overflow_bytes.bytesize, data.bytesize, data
++      assert_empty data.delete("B"), data
++      data = reader.read()
++      assert_equal initial_bufsize - 1, data.bytesize, data
++      assert_empty data.delete("A"), data
++    end
++
+     def test_open
+       Tempfile.create("test_zlib_gzip_reader_open") {|t|
+         t.close
+-- 
+2.45.4
+

SPECS/ruby/ruby.spec

@@ -87,7 +87,7 @@ Name:           ruby
 # provides should be versioned according to the ruby version.
 # More info: https://stdgems.org/
 Version:        %{ruby_version}
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        (Ruby OR BSD) AND Public Domain AND MIT AND CC0 AND zlib AND UCD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -113,6 +113,7 @@ Patch6:         CVE-2025-27221.patch
 Patch7:         CVE-2025-6442.patch
 Patch8:         CVE-2025-24294.patch
 Patch9:         CVE-2025-61594.patch
+Patch10:        CVE-2026-27820.patch
 BuildRequires:  openssl-devel
 # Pkgconfig(yaml-0.1) is needed to build the 'psych' gem.
 BuildRequires:  pkgconfig(yaml-0.1)
@@ -417,6 +418,9 @@ sudo -u test make test TESTS="-v"
 %{_rpmconfigdir}/rubygems.con
 
 %changelog
+* Sat Apr 25 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.3.5-8
+- Patch for CVE-2026-27820
+
 * Mon Jan 05 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.3.5-7
 - Patch for CVE-2025-61594