tzinfo 1.2.9 → 1.2.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ddfbcb761e22870203af94d9cd3d47254ce0487d49ab51d804190d7d1961c125
-  data.tar.gz: f1e1f7eb70f406974d3fdbcda4cb78a6e2fa0842c0a6ec912fe80986a59e57fa
+  metadata.gz: 0c5144874478331106359b387585793f77f3d3dfe8ae0fd86ffeceff71c86342
+  data.tar.gz: db94ffee0228f3afa5737b2c2003d258b23b2915919999e7349cf47c047c7cef
 SHA512:
-  metadata.gz: 5fe024d4d8c134dc324dedab7e6bca66293cf52e80ca16a3d32222e961dd5b563eead2bd110a72a212e7cde0e8ad0c87bc075ce19ad06e3d46ee0b3c3fb45c0a
-  data.tar.gz: 2c9c48dd44315d61129850ee160932f64afb1e90d8ca82dcd9388b2a79699c3b140340c9541ef822ba02d0791bc4df7c1c7e5a15c9d5840d37f177c1e5942242
+  metadata.gz: 7aa784cba67cb6908503874be5a5c618052c2d508a6f3f2c76d5fc5339b09970cda98719ecc3cbc5fee743657cd9ca457705fc98fa01a3b79ee156dea3c9ddc9
+  data.tar.gz: 86f994ba37c3e1f38d343d828a58bada483d658544a5f8780b4ed0d28b3a8cadc5bd0a8729e07468fe2d69147ff04342faad614ffdc0dc03ced90dc6a11a3171

data/CHANGES.md

@@ -1,3 +1,19 @@
+Version 1.2.11 - 28-Jan-2023
+----------------------------
+
+* Eliminate Object#untaint deprecation warnings on JRuby 9.4.0.0. #145.
+
+
+Version 1.2.10 - 19-Jul-2022
+----------------------------
+
+* Fixed a relative path traversal bug that could cause arbitrary files to be
+  loaded with require when used with RubyDataSource. Please refer to
+  https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx for
+  details. CVE-2022-31163.
+* Ignore the SECURITY file from Arch Linux's tzdata package. #134.
+
+
 Version 1.2.9 - 16-Dec-2020
 ---------------------------
 

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2005-2020 Philip Ross
+Copyright (c) 2005-2023 Philip Ross
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of 
 this software and associated documentation files (the "Software"), to deal in 

data/README.md

@@ -1,7 +1,7 @@
 TZInfo - Ruby Timezone Library
 ==============================
 
-[![RubyGems](https://img.shields.io/gem/v/tzinfo)](https://rubygems.org/gems/tzinfo) [![Travis CI Build](https://img.shields.io/travis/com/tzinfo/tzinfo/1.2?logo=travis)](https://travis-ci.com/tzinfo/tzinfo) [![AppVeyor Build](https://img.shields.io/appveyor/build/philr/tzinfo/1.2?logo=appveyor)](https://ci.appveyor.com/project/philr/tzinfo/branch/1.2)
+[![RubyGems](https://img.shields.io/gem/v/tzinfo?logo=rubygems&label=Gem)](https://rubygems.org/gems/tzinfo) [![Tests](https://github.com/tzinfo/tzinfo/workflows/Tests/badge.svg?branch=1.2&event=push)](https://github.com/tzinfo/tzinfo/actions?query=workflow%3ATests+branch%3A1.2+event%3Apush)
 
 [TZInfo](https://tzinfo.github.io) provides daylight savings aware
 transformations between times in different timezones.

data/lib/tzinfo/ruby_core_support.rb

@@ -153,16 +153,23 @@ module TZInfo
     end
 
 
-    # Object#untaint is a deprecated no-op in Ruby >= 2.7 and will be removed in
-    # 3.2. Add a refinement to either silence the warning, or supply the method
-    # if needed.
+    # Object#untaint is deprecated and becomes a no-op in Ruby >= 2.7. It has
+    # been removed from Ruby 3.2.
     if !Object.new.respond_to?(:untaint) || RUBY_VERSION =~ /\A(\d+)\.(\d+)(?:\.|\z)/ && ($1 == '2' && $2.to_i >= 7 || $1.to_i >= 3)
-      module UntaintExt
-        refine Object do
-          def untaint
-            self
-          end
-        end
+      # Returns the supplied `Object`
+      #
+      # @param o [Object] the `Object` to untaint.
+      # @return [Object] `o`.
+      def self.untaint(o)
+        o
+      end
+    else
+      # Untaints and returns the supplied `Object`.
+      #
+      # @param o [Object] the `Object` to untaint.
+      # @return [Object] `o`.
+      def self.untaint(o)
+        o.untaint
       end
     end
   end

data/lib/tzinfo/ruby_data_source.rb

@@ -1,8 +1,4 @@
 module TZInfo
-  # Use send as a workaround for erroneous 'wrong number of arguments' errors
-  # with JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-  send(:using, RubyCoreSupport::UntaintExt) if RubyCoreSupport.const_defined?(:UntaintExt)
-
   # A DataSource that loads data from the set of Ruby modules included in the
   # TZInfo::Data library (tzinfo-data gem).
   #
@@ -25,7 +21,7 @@ module TZInfo
         data_file = File.join('', 'tzinfo', 'data.rb')
         path = $".reverse_each.detect {|p| p.end_with?(data_file) }
         if path
-          @base_path = File.join(File.dirname(path), 'data').untaint
+          @base_path = RubyCoreSupport.untaint(File.join(File.dirname(path), 'data'))
         else
           @base_path = tzinfo_data
         end
@@ -38,14 +34,14 @@ module TZInfo
     # Raises InvalidTimezoneIdentifier if the timezone is not found or the 
     # identifier is invalid.
     def load_timezone_info(identifier)
-      raise InvalidTimezoneIdentifier, 'Invalid identifier' if identifier !~ /^[A-Za-z0-9\+\-_]+(\/[A-Za-z0-9\+\-_]+)*$/
+      raise InvalidTimezoneIdentifier, 'Invalid identifier' if identifier !~ /\A[A-Za-z0-9+\-_]+(\/[A-Za-z0-9+\-_]+)*\z/
       
       identifier = identifier.gsub(/-/, '__m__').gsub(/\+/, '__p__')
       
       # Untaint identifier after it has been reassigned to a new string. We
       # don't want to modify the original identifier. identifier may also be 
       # frozen and therefore cannot be untainted.
-      identifier.untaint
+      RubyCoreSupport.untaint(identifier)
       
       identifier = identifier.split('/')
       begin

data/lib/tzinfo/zoneinfo_data_source.rb

@@ -1,12 +1,4 @@
 module TZInfo
-  # Use send as a workaround for an issue on JRuby 9.2.9.0 where using the
-  # refinement causes calls to RubyCoreSupport.file_open to fail to pass the
-  # block parameter.
-  #
-  # https://travis-ci.org/tzinfo/tzinfo/jobs/628812051#L1931
-  # https://github.com/jruby/jruby/issues/6009
-  send(:using, TZInfo::RubyCoreSupport::UntaintExt) if TZInfo::RubyCoreSupport.const_defined?(:UntaintExt)
-
   # An InvalidZoneinfoDirectory exception is raised if the DataSource is
   # set to a specific zoneinfo path, which is not a valid zoneinfo directory
   # (i.e. a directory containing index files named iso3166.tab and zone.tab
@@ -87,6 +79,29 @@ module TZInfo
     # The default value of ZoneinfoDataSource.alternate_iso3166_tab_search_path.
     DEFAULT_ALTERNATE_ISO3166_TAB_SEARCH_PATH = ['/usr/share/misc/iso3166.tab', '/usr/share/misc/iso3166'].freeze
     
+    # File and directories in the top level zoneinfo directory that will be
+    # excluded from the list of available time zones:
+    #
+    #   - +VERSION is included on Mac OS X.
+    #   - leapseconds is a list of leap seconds.
+    #   - localtime is the current local timezone (may be a link).
+    #   - posix, posixrules and right are directories containing other versions
+    #     of the zoneinfo files.
+    #   - SECURITY is included in the Arch Linux tzdata package.
+    #   - src is a directory containing the tzdata source included on Solaris.
+    #   - timeconfig is a symlink included on Slackware.
+    EXCLUDED_FILENAMES = [
+      '+VERSION',
+      'leapseconds',
+      'localtime',
+      'posix',
+      'posixrules',
+      'right',
+      'SECURITY',
+      'src',
+      'timeconfig'
+    ].freeze
+
     # Paths to be checked to find the system zoneinfo directory.
     @@search_path = DEFAULT_SEARCH_PATH.dup
     
@@ -206,7 +221,7 @@ module TZInfo
           # Untaint path rather than identifier. We don't want to modify 
           # identifier. identifier may also be frozen and therefore cannot be
           # untainted.
-          path.untaint
+          RubyCoreSupport.untaint(path)
           
           begin
             ZoneinfoTimezoneInfo.new(identifier, path, @posix_tz_parser)
@@ -352,16 +367,8 @@ module TZInfo
     # identifiers.
     def load_timezone_index
       index = []
-      
-      # Ignoring particular files:
-      # +VERSION is included on Mac OS X.
-      # leapseconds is a list of leap seconds.
-        # localtime is the current local timezone (may be a link).
-      # posix, posixrules and right are directories containing other versions of the zoneinfo files.
-      # src is a directory containing the tzdata source included on Solaris.
-      # timeconfig is a symlink included on Slackware.
-      
-      enum_timezones(nil, ['+VERSION', 'leapseconds', 'localtime', 'posix', 'posixrules', 'right', 'src', 'timeconfig']) do |identifier|
+
+      enum_timezones(nil, EXCLUDED_FILENAMES) do |identifier|
         index << identifier
       end
       
@@ -373,7 +380,7 @@ module TZInfo
     def enum_timezones(dir, exclude = [], &block)
       Dir.foreach(dir ? File.join(@zoneinfo_dir, dir) : @zoneinfo_dir) do |entry|
         unless entry =~ /\./ || exclude.include?(entry)
-          entry.untaint
+          RubyCoreSupport.untaint(entry)
           path = dir ? File.join(dir, entry) : entry
           full_path = File.join(@zoneinfo_dir, path)
  

data/lib/tzinfo/zoneinfo_timezone_info.rb

@@ -1,8 +1,4 @@
 module TZInfo
-  # Use send as a workaround for erroneous 'wrong number of arguments' errors
-  # with JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-  send(:using, RubyCoreSupport::UntaintExt) if RubyCoreSupport.const_defined?(:UntaintExt)
-
   # An InvalidZoneinfoFile exception is raised if an attempt is made to load an
   # invalid zoneinfo file.
   class InvalidZoneinfoFile < StandardError
@@ -351,7 +347,7 @@ module TZInfo
           std_offset = 0
         end
 
-        offset index, utc_offset, std_offset, offset[:abbr].untaint.to_sym
+        offset index, utc_offset, std_offset, RubyCoreSupport.untaint(offset[:abbr]).to_sym
       end
       
       # Parses a zoneinfo file and intializes the DataTimezoneInfo structures.

data/test/assets/payload.rb

@@ -0,0 +1 @@
+raise 'This should never be executed'

data/test/tc_country.rb

@@ -2,10 +2,6 @@ require File.join(File.expand_path(File.dirname(__FILE__)), 'test_utils')
 
 include TZInfo
 
-# Use send as a workaround for erroneous 'wrong number of arguments' errors with
-# JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-send(:using, TaintExt) if Module.const_defined?(:TaintExt)
-
 class TCCountry < Minitest::Test
   def setup
     @orig_data_source = DataSource.get
@@ -48,6 +44,7 @@ class TCCountry < Minitest::Test
   end
   
   def test_get_tainted_loaded
+    skip_if_taint_is_undefined_or_no_op
     Country.get('GB')
   
     safe_test(:unavailable => :skip) do
@@ -60,6 +57,7 @@ class TCCountry < Minitest::Test
   end
   
   def test_get_tainted_and_frozen_loaded
+    skip_if_taint_is_undefined_or_no_op
     Country.get('GB')
   
     safe_test do
@@ -69,6 +67,8 @@ class TCCountry < Minitest::Test
   end
   
   def test_get_tainted_not_previously_loaded
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test(:unavailable => :skip) do
       code = 'GB'.dup.taint
       assert(code.tainted?)
@@ -79,6 +79,8 @@ class TCCountry < Minitest::Test
   end
   
   def test_get_tainted_and_frozen_not_previously_loaded
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test do
       country = Country.get('GB'.dup.taint.freeze)
       assert_equal('GB', country.code)

data/test/tc_ruby_data_source.rb

@@ -2,10 +2,6 @@ require File.join(File.expand_path(File.dirname(__FILE__)), 'test_utils')
 
 include TZInfo
 
-# Use send as a workaround for erroneous 'wrong number of arguments' errors with
-# JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-send(:using, TaintExt) if Module.const_defined?(:TaintExt)
-
 class TCRubyDataSource < Minitest::Test
   def setup
     @data_source = RubyDataSource.new
@@ -48,9 +44,15 @@ class TCRubyDataSource < Minitest::Test
   
   def test_load_timezone_info_invalid
     assert_raises(InvalidTimezoneIdentifier) do
-      @data_source.load_timezone_info('../Definitions/UTC')
+      @data_source.load_timezone_info('../definitions/UTC')
     end
   end
+
+  def test_load_timezone_info_directory_traversal
+    test_data_depth = TZINFO_TEST_DATA_DIR.scan('/').size
+    payload_path = File.join(TESTS_DIR, 'assets', 'payload')
+    assert_raises(InvalidTimezoneIdentifier) { Timezone.get("foo\n#{'/..' * (test_data_depth + 4)}#{payload_path}") }
+  end
   
   def test_load_timezone_info_nil
     assert_raises(InvalidTimezoneIdentifier) do
@@ -75,6 +77,7 @@ class TCRubyDataSource < Minitest::Test
   end
 
   def test_load_timezone_info_tainted
+    skip_if_taint_is_undefined_or_no_op
     skip_if_has_bug_14060
 
     safe_test(:unavailable => :skip) do
@@ -87,6 +90,7 @@ class TCRubyDataSource < Minitest::Test
   end
   
   def test_load_timezone_info_tainted_and_frozen
+    skip_if_taint_is_undefined_or_no_op
     skip_if_has_bug_14060
 
     safe_test do
@@ -143,6 +147,8 @@ class TCRubyDataSource < Minitest::Test
   end
   
   def test_load_country_info_tainted
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test(:unavailable => :skip) do
       code = 'NL'.dup.taint
       assert(code.tainted?)
@@ -153,6 +159,8 @@ class TCRubyDataSource < Minitest::Test
   end
   
   def test_load_country_info_tainted_and_frozen
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test do
       info = @data_source.load_country_info('NL'.dup.taint.freeze)
       assert_equal('NL', info.code)

data/test/tc_timezone.rb

@@ -2,10 +2,6 @@ require File.join(File.expand_path(File.dirname(__FILE__)), 'test_utils')
 
 include TZInfo
 
-# Use send as a workaround for erroneous 'wrong number of arguments' errors with
-# JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-send(:using, TaintExt) if Module.const_defined?(:TaintExt)
-
 class TCTimezone < Minitest::Test
 
   class BlockCalled < StandardError
@@ -213,7 +209,7 @@ class TCTimezone < Minitest::Test
   end
   
   def test_get_invalid
-    assert_raises(InvalidTimezoneIdentifier) { Timezone.get('../Definitions/UTC') }
+    assert_raises(InvalidTimezoneIdentifier) { Timezone.get('../definitions/UTC') }
   end
   
   def test_get_nil
@@ -244,6 +240,7 @@ class TCTimezone < Minitest::Test
   end
   
   def test_get_tainted_loaded
+    skip_if_taint_is_undefined_or_no_op
     Timezone.get('Europe/Andorra')
   
     safe_test(:unavailable => :skip) do
@@ -256,6 +253,7 @@ class TCTimezone < Minitest::Test
   end
   
   def test_get_tainted_and_frozen_loaded
+    skip_if_taint_is_undefined_or_no_op
     Timezone.get('Europe/Andorra')
   
     safe_test do
@@ -265,6 +263,7 @@ class TCTimezone < Minitest::Test
   end
   
   def test_get_tainted_not_previously_loaded
+    skip_if_taint_is_undefined_or_no_op
     skip_if_has_bug_14060
 
     safe_test(:unavailable => :skip) do
@@ -277,6 +276,7 @@ class TCTimezone < Minitest::Test
   end
   
   def test_get_tainted_and_frozen_not_previously_loaded
+    skip_if_taint_is_undefined_or_no_op
     skip_if_has_bug_14060
 
     safe_test do

data/test/tc_zoneinfo_data_source.rb

@@ -7,17 +7,8 @@ require 'tmpdir'
 
 include TZInfo
 
-# Use send as a workaround for an issue on JRuby 9.2.9.0 where using the
-# refinement causes calls to RubyCoreSupport.file_open to fail to pass the block
-# parameter.
-#
-# https://travis-ci.org/tzinfo/tzinfo/jobs/628812051#L1931
-# https://github.com/jruby/jruby/issues/6009
-send(:using, TZInfo::RubyCoreSupport::UntaintExt) if TZInfo::RubyCoreSupport.const_defined?(:UntaintExt)
-send(:using, TaintExt) if Module.const_defined?(:TaintExt)
-
 class TCZoneinfoDataSource < Minitest::Test
-  ZONEINFO_DIR = File.join(File.expand_path(File.dirname(__FILE__)), 'zoneinfo').untaint
+  ZONEINFO_DIR = RubyCoreSupport.untaint(File.join(File.expand_path(File.dirname(__FILE__)), 'zoneinfo'))
   
   def setup
     @orig_search_path = ZoneinfoDataSource.search_path.clone
@@ -374,7 +365,7 @@ class TCZoneinfoDataSource < Minitest::Test
   
   def test_load_timezone_info_invalid
     assert_raises(InvalidTimezoneIdentifier) do
-      @data_source.load_timezone_info('../Definitions/Europe/London')
+      @data_source.load_timezone_info('../zoneinfo/Europe/London')
     end
   end
   
@@ -662,6 +653,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
 
   def test_load_timezone_info_tainted
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test(:unavailable => :skip) do
       identifier = 'Europe/Amsterdam'.dup.taint
       assert(identifier.tainted?)
@@ -672,6 +665,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
   
   def test_load_timezone_info_tainted_and_frozen
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test do
       info = @data_source.load_timezone_info('Europe/Amsterdam'.dup.taint.freeze)
       assert_equal('Europe/Amsterdam', info.identifier)
@@ -679,6 +674,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
   
   def test_load_timezone_info_tainted_zoneinfo_dir_safe_mode
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test(:unavailable => :skip) do
       assert_raises(SecurityError) do
         ZoneinfoDataSource.new(@data_source.zoneinfo_dir.dup.taint)
@@ -687,6 +684,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
   
   def test_load_timezone_info_tainted_zoneinfo_dir
+    skip_if_taint_is_undefined_or_no_op
+
     data_source = ZoneinfoDataSource.new(@data_source.zoneinfo_dir.dup.taint)
     info = data_source.load_timezone_info('Europe/London')
     assert_kind_of(ZoneinfoTimezoneInfo, info)
@@ -697,7 +696,7 @@ class TCZoneinfoDataSource < Minitest::Test
     entries = Dir.glob(File.join(directory, '**', '*'))
     
     entries = entries.select do |file|
-      file.untaint
+      RubyCoreSupport.untaint(file)
       File.file?(file)
     end
        
@@ -818,6 +817,25 @@ class TCZoneinfoDataSource < Minitest::Test
     end
   end
   
+  def test_timezone_identifiers_ignored_security_file
+    # The Arch linux tzdata package includes a file named SECURITY giving
+    # instructions for reporting security-related bugs.
+
+    Dir.mktmpdir('tzinfo_test') do |dir|
+      FileUtils.touch(File.join(dir, 'zone.tab'))
+      FileUtils.touch(File.join(dir, 'iso3166.tab'))
+      FileUtils.cp(File.join(@data_source.zoneinfo_dir, 'EST'), File.join(dir, 'EST'))
+
+      File.open(File.join(dir, 'SECURITY'), 'w') do |f|
+        f.binmode
+        f.write("Please report any sensitive security-related bugs...\n")
+      end
+
+      data_source = ZoneinfoDataSource.new(dir)
+      assert_equal(['EST'], data_source.timezone_identifiers)
+    end
+  end
+
   def test_load_country_info
     info = @data_source.load_country_info('GB')
     assert_equal('GB', info.code)
@@ -849,6 +867,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
   
   def test_load_country_info_tainted
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test(:unavailable => :skip) do
       code = 'NL'.dup.taint
       assert(code.tainted?)
@@ -859,6 +879,8 @@ class TCZoneinfoDataSource < Minitest::Test
   end
   
   def test_load_country_info_tainted_and_frozen
+    skip_if_taint_is_undefined_or_no_op
+
     safe_test do
       info = @data_source.load_country_info('NL'.dup.taint.freeze)
       assert_equal('NL', info.code)

data/test/tc_zoneinfo_timezone_info.rb

@@ -5,10 +5,6 @@ require 'tempfile'
 
 include TZInfo
 
-# Use send as a workaround for erroneous 'wrong number of arguments' errors with
-# JRuby 9.0.5.0 when calling methods with Java implementations. See #114.
-send(:using, RubyCoreSupport::UntaintExt) if RubyCoreSupport.const_defined?(:UntaintExt)
-
 class TCZoneinfoTimezoneInfo < Minitest::Test
   class FakePosixTimeZoneParser
     def initialize(&block)
@@ -1281,7 +1277,7 @@ class TCZoneinfoTimezoneInfo < Minitest::Test
         
     tzif_test(offsets, []) do |path, format|
       # untaint only required for Ruby 1.9.2
-      path.untaint
+      RubyCoreSupport.untaint(path)
       
       safe_test do        
         info = ZoneinfoTimezoneInfo.new('Zone/three', path, @posix_tz_parser)

data/test/test_utils.rb

@@ -108,6 +108,25 @@ module Kernel
       skip('Skipping test due to Ruby 2.4.4 being affected by Bug 14060 (see https://bugs.ruby-lang.org/issues/14060#note-5)')
     end
   end
+
+  # Object#taint is deprecated in Ruby >= 2.7 and will be removed in 3.2.
+  # 2.7 makes it a no-op with a warning.
+  # Define a method that will skip for use in tests that deal with tainted
+  # objects.
+  if Object.respond_to?(:taint)
+    if RUBY_VERSION >= '2.7'
+      def skip_if_taint_is_undefined_or_no_op
+        skip('Object#taint is a no-op')
+      end
+    else
+      def skip_if_taint_is_undefined_or_no_op
+      end
+    end
+  else
+    def skip_if_taint_is_undefined_or_no_op
+      skip('Object#taint is not defined')
+    end
+  end
   
   def assert_array_same_items(expected, actual, msg = nil)
     full_message = message(msg, '') { diff(expected, actual) }
@@ -153,6 +172,22 @@ module Kernel
       
       actual_lines = process.readlines
       actual_lines = actual_lines.collect {|l| l.chomp}
+
+      # Ignore warnings from JRuby 1.7 and 9.0 on modern versions of Java:
+      # https://github.com/tzinfo/tzinfo/runs/1664655982#step:8:1893
+      #
+      # Ignore untaint deprecation warnings from Bundler 1 on Ruby 3.0.
+      actual_lines = actual_lines.reject do |l|
+        l.start_with?('unsupported Java version') ||
+          l.start_with?('WARNING: An illegal reflective access operation has occurred') ||
+          l.start_with?('WARNING: Illegal reflective access by') ||
+          l.start_with?('WARNING: Please consider reporting this to the maintainers of') ||
+          l.start_with?('WARNING: All illegal access operations will be denied in a future release') ||
+          l.start_with?('WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations') ||
+          l.start_with?('io/console on JRuby shells out to stty for most operations') ||
+          l =~ /\/bundler-1\..*\/lib\/bundler\/.*\.rb:\d+: warning: (Object|Pathname)#untaint is deprecated and will be removed in Ruby 3\.2\.\z/
+      end
+
       assert_equal(expected_lines, actual_lines)
     end
   end
@@ -168,19 +203,6 @@ module Kernel
 end
 
 
-# Object#taint is a deprecated no-op in Ruby 2.7 and outputs a warning. It will
-# be removed in 3.2. Silence the warning or supply a replacement.
-if TZInfo::RubyCoreSupport.const_defined?(:UntaintExt)
-  module TaintExt
-    refine Object do
-      def taint
-        self
-      end
-    end
-  end
-end
-
-
 # JRuby 1.7.5 to 1.7.9 consider DateTime instances that differ by less than 
 # 1 millisecond to be equivalent (https://github.com/jruby/jruby/issues/1311).
 #

data/test/ts_all_zoneinfo.rb

@@ -3,7 +3,7 @@ require File.join(File.expand_path(File.dirname(__FILE__)), 'test_utils.rb')
 # Use a zoneinfo directory containing files needed by the tests.
 # The symlinks in this directory are set up in test_utils.rb.
 zoneinfo_path = File.join(File.expand_path(File.dirname(__FILE__)), 'zoneinfo')
-zoneinfo_path.untaint if RUBY_VERSION < '2.7'
+TZInfo.const_get(:RubyCoreSupport).untaint(zoneinfo_path) if RUBY_VERSION < '2.7'
 TZInfo::DataSource.set(:zoneinfo, zoneinfo_path)
 
 require File.join(File.expand_path(File.dirname(__FILE__)), 'ts_all.rb')

data/tzinfo.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name = 'tzinfo'
-  s.version = '1.2.9'
+  s.version = '1.2.11'
   s.summary = 'Daylight savings aware timezone library'
   s.description = 'TZInfo provides daylight savings aware transformations between times in different time zones.'
   s.author = 'Philip Ross'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tzinfo
 version: !ruby/object:Gem::Version
-  version: 1.2.9
+  version: 1.2.11
 platform: ruby
 authors:
 - Philip Ross
@@ -29,7 +29,7 @@ cert_chain:
   J3Zn/kSTjTekiaspyGbczC3PUaeJNxr+yCvR4sk71Xmk/GaKKGOHedJ1uj/LAXrA
   MR0mpl7b8zCg0PFC1J73uw==
   -----END CERTIFICATE-----
-date: 2020-12-16 00:00:00.000000000 Z
+date: 2023-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thread_safe
@@ -92,6 +92,7 @@ files:
 - lib/tzinfo/zoneinfo_country_info.rb
 - lib/tzinfo/zoneinfo_data_source.rb
 - lib/tzinfo/zoneinfo_timezone_info.rb
+- test/assets/payload.rb
 - test/tc_annual_rules.rb
 - test/tc_country.rb
 - test/tc_country_index_definition.rb
@@ -190,7 +191,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.4.5
 signing_key: 
 specification_version: 4
 summary: Daylight savings aware timezone library