diff --git a/.gitignore b/.gitignore
index a24978b..1dfa940 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/ruby-2.7.4.tar.xz
+SOURCES/ruby-2.7.6.tar.xz
 SOURCES/ruby-rubygems-bundler-v2.2.24.txz
diff --git a/.rh-ruby27-ruby.metadata b/.rh-ruby27-ruby.metadata
index 9907499..72f3175 100644
--- a/.rh-ruby27-ruby.metadata
+++ b/.rh-ruby27-ruby.metadata
@@ -1,2 +1,2 @@
-6e044d835f9f432cfa9441241c1ef66e3d607cbf SOURCES/ruby-2.7.4.tar.xz
+068e3e11799250781ba4a68eb4f015bab35966e3 SOURCES/ruby-2.7.6.tar.xz
 da17623116cb189baeb3251f828d679e5570a938 SOURCES/ruby-rubygems-bundler-v2.2.24.txz
diff --git a/SOURCES/ruby-2.7.4-Revert-fix-2.7-build-for-jit.patch b/SOURCES/ruby-2.7.4-Revert-fix-2.7-build-for-jit.patch
index bced19a..feb7790 100644
--- a/SOURCES/ruby-2.7.4-Revert-fix-2.7-build-for-jit.patch
+++ b/SOURCES/ruby-2.7.4-Revert-fix-2.7-build-for-jit.patch
@@ -1075,7 +1075,7 @@ diff --git a/win32/Makefile.sub b/win32/Makefile.sub
 index 0bc5efbfb2..326bd7fa7a 100644
 --- a/win32/Makefile.sub
 +++ b/win32/Makefile.sub
-@@ -726,6 +726,7 @@ $(CONFIG_H): $(MKFILES) $(srcdir)/win32/Makefile.sub $(win_srcdir)/Makefile.sub
+@@ -728,6 +728,7 @@ $(CONFIG_H): $(MKFILES) $(srcdir)/win32/Makefile.sub $(win_srcdir)/Makefile.sub
  #define rb_gid_t int
  #define rb_uid_t int
  #define HAVE_STRUCT_STAT_ST_RDEV 1
diff --git a/SOURCES/ruby-2.8.0-remove-unneeded-gem-require-for-ipaddr.patch b/SOURCES/ruby-2.8.0-remove-unneeded-gem-require-for-ipaddr.patch
index c6923ee..ddd70e6 100644
--- a/SOURCES/ruby-2.8.0-remove-unneeded-gem-require-for-ipaddr.patch
+++ b/SOURCES/ruby-2.8.0-remove-unneeded-gem-require-for-ipaddr.patch
@@ -12,11 +12,11 @@ diff --git a/ext/openssl/openssl.gemspec b/ext/openssl/openssl.gemspec
 index 7c17cd54..f721f247 100644
 --- a/ext/openssl/openssl.gemspec
 +++ b/ext/openssl/openssl.gemspec
-@@ -21,7 +21,6 @@ Gem::Specification.new do |spec|
-   s.rubygems_version = "3.0.0.beta1"
-   s.summary = "OpenSSL provides SSL, TLS and general purpose cryptography."
+@@ -17,7 +17,6 @@ Gem::Specification.new do |spec|
  
--  s.add_runtime_dependency("ipaddr", [">= 0"])
-   s.add_development_dependency("rake", [">= 0"])
-   s.add_development_dependency("rake-compiler", [">= 0"])
-   s.add_development_dependency("test-unit", ["~> 3.0"])
+   spec.required_ruby_version = ">= 2.3.0"
+ 
+-  spec.add_runtime_dependency "ipaddr"
+   spec.add_development_dependency "rake"
+   spec.add_development_dependency "rake-compiler"
+   spec.add_development_dependency "test-unit", "~> 3.0"
diff --git a/SOURCES/ruby-spec-Fix-tests-on-tzdata-2022b.patch b/SOURCES/ruby-spec-Fix-tests-on-tzdata-2022b.patch
new file mode 100644
index 0000000..19386d9
--- /dev/null
+++ b/SOURCES/ruby-spec-Fix-tests-on-tzdata-2022b.patch
@@ -0,0 +1,40 @@
+From 7e9ec8a20b0f7469b415283d2ec0c22087f8eb2b Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Wed, 24 Aug 2022 12:02:56 +0200
+Subject: [PATCH] Fix tests with Europe/Amsterdam pre-1970 time on tzdata
+ version 2022b.
+
+The Time Zone Database (tzdata) changed the pre-1970 timestamps in some zones
+including Europe/Amsterdam on tzdata version 2022b or later.
+See <https://github.com/eggert/tz/commit/35fa37fbbb152f5dbed4fd5edfdc968e3584fe12>.
+
+The tzdata RPM package maintainer on Fedora project suggested changing the Ruby
+test, because the change is intentional.
+See <https://bugzilla.redhat.com/show_bug.cgi?id=2118259#c1>.
+
+We use post-1970 time test data to simplify the test.
+---
+ core/time/shared/local.rb | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/spec/ruby/core/time/shared/local.rb b/spec/ruby/core/time/shared/local.rb
+index 43f331c4c..c4aa7a7ea 100644
+--- a/spec/ruby/core/time/shared/local.rb
++++ b/spec/ruby/core/time/shared/local.rb
+@@ -8,10 +8,10 @@ describe :time_local, shared: true do
+ 
+   platform_is_not :windows do
+     describe "timezone changes" do
+-      it "correctly adjusts the timezone change to 'CEST' on 'Europe/Amsterdam'" do
++      it "correctly adjusts the timezone change to 'CET' on 'Europe/Amsterdam'" do
+         with_timezone("Europe/Amsterdam") do
+-          Time.send(@method, 1940, 5, 16).to_a.should ==
+-            [0, 40, 1, 16, 5, 1940, 4, 137, true, "CEST"]
++          Time.send(@method, 1970, 5, 16).to_a.should ==
++            [0, 0, 0, 16, 5, 1970, 6, 136, false, "CET"]
+         end
+       end
+     end
+-- 
+2.36.1
+
diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec
index 8bf2e03..c85eb74 100644
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@@ -3,7 +3,7 @@
 
 %global major_version 2
 %global minor_version 7
-%global teeny_version 4
+%global teeny_version 6
 %global major_minor_version %{major_version}.%{minor_version}
 
 %global ruby_version %{major_minor_version}.%{teeny_version}
@@ -35,7 +35,7 @@
 %global irb_version 1.2.6
 %global json_version 2.3.0
 %global net_telnet_version 0.2.0
-%global openssl_version 2.1.2
+%global openssl_version 2.1.3
 %global psych_version 3.1.0
 %global racc_version 1.4.16
 %global rdoc_version 6.2.1.1
@@ -76,7 +76,7 @@ Name: %{?scl_prefix}ruby
 Version: %{ruby_version}
 # Use release tag directly dropping the %%{release_string} entirely
 # as %%{?!foo: %%define foo bar} does not work for rpm < 4.14 on RHEL 7.
-Release: 130%{?dist}
+Release: 131%{?dist}
 Group: Development/Languages
 # Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ...
 # MIT and CCO: ccan/*
@@ -170,6 +170,9 @@ Patch23: rubygems-3.2.13-test-gem-message.patch
 # https://github.com/rubygems/rubygems/commit/d62539f23aa1624ae170008e47a5a3e15f0dc2ef
 # https://github.com/ruby/ruby/commit/c082c6eb7c786a432bea23cf78839f64585cb630
 Patch24: rubygems-3.2.22-fix-requirement-equals.patch
+# Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
+# https://github.com/ruby/spec/pull/939
+Patch25: ruby-spec-Fix-tests-on-tzdata-2022b.patch
 
 # Skip some clocks that are not available on Brew build environment.
 # https://projects.engineering.redhat.com/browse/BST-1017
@@ -177,7 +180,7 @@ Patch100: ruby-2.7.0-skip-some-clocks.patch
 
 Requires: %{?scl_prefix}%{pkg_name}-libs%{?_isa} = %{version}-%{release}
 Requires: %{?scl_prefix}ruby(rubygems) >= %{rubygems_version}
-# We keep some default installed gems that is sub pacakge as Requires,
+# We keep some default installed gems that is sub package as Requires,
 # focusing customer's use cases on RHEL.
 # Make the bigdecimal gem a runtime dependency of Ruby to avoid problems
 # with user-installed gems, that don't require it in gemspec/Gemfile
@@ -613,6 +616,7 @@ cp -a %{_builddir}/rubygems/bundler/tool/bundler tool/bundler
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
+%patch25 -p1
 %patch100 -p1
 
 # Provide an example of usage of the tapset:
@@ -931,11 +935,6 @@ MSPECOPTS=""
 # Avoid `hostname' dependency.
 %{!?with_hostname:MSPECOPTS="-P 'Socket.gethostname returns the host name'"}
 
-# Disable "File.utime allows Time instances in the far future to set
-# mtime and atime".
-# https://bugs.ruby-lang.org/issues/16410
-MSPECOPTS="$MSPECOPTS -P 'File.utime allows Time instances in the far future to set mtime and atime'"
-
 # Increase timeout for TestBugReporter#test_bug_reporter_add test, which fails
 # quite often.
 # https://bugs.ruby-lang.org/issues/16492
@@ -1165,9 +1164,9 @@ make test-bundler
 
 # TODO: Gemify these libraries
 %{gem_dir}/specifications/default/benchmark-0.1.0.gemspec
-%{gem_dir}/specifications/default/cgi-0.1.0.gemspec
+%{gem_dir}/specifications/default/cgi-0.1.0.1.gemspec
 %{gem_dir}/specifications/default/csv-3.1.2.gemspec
-%{gem_dir}/specifications/default/date-3.0.0.gemspec
+%{gem_dir}/specifications/default/date-3.0.3.gemspec
 %{gem_dir}/specifications/default/dbm-1.1.0.gemspec
 %{gem_dir}/specifications/default/delegate-0.1.0.gemspec
 %{gem_dir}/specifications/default/etc-1.1.0.gemspec
@@ -1325,14 +1324,26 @@ make test-bundler
 %{gem_dir}/specifications/racc-%{racc_version}.gemspec
 
 %changelog
+* Mon Sep 19 2022 Jarek Prokop <jprokop@redhat.com> - 2.7.6-131
+- Upgrade to Ruby 2.7.6.
+  Resolves: rhbz#2128631
+- Fix buffer overflow in CGI.escape_html.
+  Resolves: CVE-2021-41816
+- Fix Regular Expression Denial of Service Vulnerability of Date parsing methods.
+  Resolves: CVE-2021-41817
+- Fix cookie prefix spoofing in CGI::Cookie.parse.
+  Resolves: CVE-2021-41819
+- Fix buffer overrun in String-to-Float conversion.
+  Resolves: CVE-2022-28739
+
 * Thu Jul 15 2021 Jun Aruga <jaruga@redhat.com> - 2.7.4-130
 - Upgrade to Ruby 2.7.4.
 - Fix command injection vulnerability in RDoc.
-  Resolves: rhbz#1996669
+  Resolves: CVE-2021-31799
 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
-  Resolves: rhbz#1996666
+  Resolves: CVE-2021-31810
 - Fix StartTLS stripping vulnerability in Net::IMAP.
-  Resolves: rhbz#1996668
+  Resolves: CVE-2021-32066
 - Revert a commit changing CFLAGS to avoid failures in test_jit.rb.
 - Upgrade to Bundler 2.2.24.
   Resolves: CVE-2020-36327