[pull] master from ruby:master

class.c

@@ -41,7 +41,7 @@
  *           This is done for classes defined from C to allow storing them in global variables.
  * 1:    RUBY_FL_SINGLETON
  *           This class is a singleton class.
- * 2:    RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE
+ * 2:    RCLASS_PRIME_CLASSEXT_WRITABLE
  *           This class's prime classext is the only classext and writable from any boxes.
  *           If unset, the prime classext is writable only from the root box.
  * 3:    RCLASS_IS_INITIALIZED
@@ -52,7 +52,7 @@
 
 /* Flags of T_ICLASS
  *
- * 2:    RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE
+ * 2:    RCLASS_PRIME_CLASSEXT_WRITABLE
  *           This module's prime classext is the only classext and writable from any boxes.
  *           If unset, the prime classext is writable only from the root box.
  * 4:    RCLASS_BOXABLE
@@ -66,7 +66,7 @@
  *           This is done for classes defined from C to allow storing them in global variables.
  * 1:    <reserved>
  *          Ensures that RUBY_FL_SINGLETON is never set on a T_MODULE. See `rb_class_real`.
- * 2:    RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE
+ * 2:    RCLASS_PRIME_CLASSEXT_WRITABLE
  *           This module's prime classext is the only classext and writable from any boxes.
  *           If unset, the prime classext is writable only from the root box.
  * 3:    RCLASS_IS_INITIALIZED

prism/templates/include/prism/ast.h.erb

@@ -22,7 +22,7 @@
  */
 typedef enum pm_token_type {
 <%- tokens.each do |token| -%>
-    /** <%= token.comment %> */
+    /** <%= Prism::Template::Doxygen.verbatim(token.comment) %> */
     PM_TOKEN_<%= token.name %><%= " = #{token.value}" if token.value %>,
 
 <%- end -%>

prism/templates/template.rb

@@ -49,6 +49,14 @@ def self.escape(value)
       end
     end
 
+    # This module contains methods for escaping characters in Doxygen comments.
+    module Doxygen
+      # Similar to /verbatim ... /endverbatim but doesn't wrap the result in a code block.
+      def self.verbatim(value)
+        value.gsub(/[\.*%!`#<>_+-]/, '\\\\\0')
+      end
+    end
+
     # A comment attached to a field or node.
     class ConfigComment
       attr_reader :value

test/openssl/test_pkcs12.rb

@@ -3,6 +3,29 @@
 
 if defined?(OpenSSL)
 
+# OpenSSL::PKCS12.create calling the PKCS12_create() has the argument mac_iter
+# which uses a MAC key using PKCS12KDF which is not FIPS-approved.
+# OpenSSL::PKCS12.new with base64-encoded example calling PKCS12_parse()
+# verifies the MAC key using PKCS12KDF which is not FIPS-approved.
+#
+# PBE-SHA1-3DES uses PKCS12KDF which is not FIPS-approved according to the RFC
+# 7292 PKCS#12.
+# https://datatracker.ietf.org/doc/html/rfc7292#appendix-C
+# > The PBES1 encryption scheme defined in PKCS #5 provides a number of
+# > algorithm identifiers for deriving keys and IVs; here, we specify a
+# > few more, all of which use the procedure detailed in Appendices B.2
+# > and B.3 to construct keys (and IVs, where needed).  As is implied by
+# > their names, all of the object identifiers below use the hash
+# > function SHA-1.
+# > ...
+# > pbeWithSHAAnd3-KeyTripleDES-CBC  OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
+#
+# Note that the pbeWithSHAAnd3-KeyTripleDES-CBC (pkcs12-pbeids 3) in the RFC
+# 7292 PKCS#12 means PBE-SHA1-3DES in OpenSSL. PKCS12KDF is used in PKCS#12.
+# https://oidref.com/1.2.840.113549.1.12.1.3
+# https://github.com/openssl/openssl/blob/ed57d1e06dca28689190e00d9893e0fd7ecc67c1/crypto/objects/objects.txt#L385
+return if OpenSSL.fips_mode
+
 module OpenSSL
   class TestPKCS12 < OpenSSL::TestCase
     DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES"
@@ -210,8 +233,13 @@ def test_create_with_keytype
     end
 
     def test_new_with_no_keys
-      # generated with:
-      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export
+      # Generated with the following steps:
+      #   Print the value of the @mycert such as by `puts @mycert.to_s` and
+      #   save the value as the file `mycert.pem`.
+      #   Run the following commands:
+      #   openssl pkcs12 -certpbe PBE-SHA1-3DES -in <(cat mycert.pem) \
+      #     -nokeys -export -passout pass:abc123 -out /tmp/p12.out
+      #   base64 -w 60 /tmp/p12.out
       str = <<~EOF.unpack1("m")
 MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3
 DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw
@@ -259,8 +287,10 @@ def test_new_with_no_keys
     end
 
     def test_new_with_no_certs
-      # generated with:
-      #   openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export
+      # Generated with the folowing steps:
+      #   openssl pkcs12 -inkey test/openssl/fixtures/pkey/rsa-1.pem \
+      #     -nocerts -export -passout pass:abc123 -out /tmp/p12.out
+      #   base64 -w 60 /tmp/p12.out
       str = <<~EOF.unpack1("m")
 MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3
 DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK

test/prism/errors_test.rb

@@ -7,7 +7,7 @@
 module Prism
   class ErrorsTest < TestCase
     base = File.expand_path("errors", __dir__)
-    filepaths = Dir["**/*.txt", base: base]
+    filepaths = Dir[ENV.fetch("FOCUS", "**/*.txt"), base: base]
 
     filepaths.each do |filepath|
       ruby_versions_for(filepath).each do |version|
@@ -100,6 +100,10 @@ def assert_errors(filepath, version)
       refute_empty errors, "Expected errors in #{filepath}"
 
       actual = result.errors_format
+      if expected != actual && ENV["UPDATE_SNAPSHOTS"]
+        File.write(filepath, actual)
+      end
+
       assert_equal expected, actual, "Expected errors to match for #{filepath}"
     end
   end

tool/lib/vcs.rb

@@ -459,7 +459,8 @@ def export_changelog(url = '@', from = nil, to = nil, _path = nil, path: _path,
         rev or next
         rev unless rev.empty?
       end
-      unless from&.match?(/./) or (from = branch_beginning(url))&.match?(/./)
+      to ||= url.to_str
+      unless from&.match?(/./) or (from = branch_beginning(to))&.match?(/./)
         warn "no starting commit found", uplevel: 1
         from = nil
       end
@@ -470,7 +471,6 @@ def export_changelog(url = '@', from = nil, to = nil, _path = nil, path: _path,
       else
         warn "Could not fetch notes/commits tree", uplevel: 1
       end
-      to ||= url.to_str
       if from
         arg = ["#{from}^..#{to}"]
       else