diff --git a/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
index 86eb6ce..afd0c0b 100644
--- a/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
+++ b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch
@@ -179,15 +179,15 @@ index 43fa82571d..ccd2621874 100644
 +  end
 +
 +  def test_execute_details_cleans_text
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 4
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
++    @a2.summary = 'This is a lot of text. ' * 4
++    @a2.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++    @a2.homepage = "http://a.example.com/\x03"
 +
-+      fetcher.legacy_platform
-+    end
++    @pl1.platform = Gem::Platform.new 'i386-linux'
++    @pl1.instance_variable_set :@original_platform, 'i386-linux'
++
++    util_clear_gems
++    util_setup_spec_fetcher @a2, @pl1
 +
 +    @cmd.handle_options %w[-r -d]
 +
@@ -219,15 +219,15 @@ index 43fa82571d..ccd2621874 100644
 +  end
 +
 +  def test_execute_details_truncates_summary
-+    spec_fetcher do |fetcher|
-+      fetcher.spec 'a', 2 do |s|
-+        s.summary = 'This is a lot of text. ' * 10_000
-+        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+        s.homepage = "http://a.example.com/\x03"
-+      end
++    @a2.summary = 'This is a lot of text. ' * 10_000
++    @a2.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++    @a2.homepage = "http://a.example.com/\x03"
 +
-+      fetcher.legacy_platform
-+    end
++    @pl1.platform = Gem::Platform.new 'i386-linux'
++    @pl1.instance_variable_set :@original_platform, 'i386-linux'
++
++    util_clear_gems
++    util_setup_spec_fetcher @a2, @pl1
 +
 +    @cmd.handle_options %w[-r -d]
 +
diff --git a/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch b/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch
new file mode 100644
index 0000000..416c34e
--- /dev/null
+++ b/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch
@@ -0,0 +1,65 @@
+diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
+index 58670e9a49..ba10ce4421 100644
+--- a/test/ruby/test_time_tz.rb
++++ b/test/ruby/test_time_tz.rb
+@@ -84,6 +84,10 @@ class TestTimeTZ < Test::Unit::TestCase
+   has_right_tz &&= have_tz_offset?("right/America/Los_Angeles")
+   has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon")
+ 
++  CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
++    Time.local(1994, 12, 31, 0, 0, 0).year == 1995
++  }
++
+   def time_to_s(t)
+     t.to_s
+   end
+@@ -163,9 +167,17 @@ class TestTimeTZ < Test::Unit::TestCase
+ 
+   def test_pacific_kiritimati
+     with_tz(tz="Pacific/Kiritimati") {
+-      assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59])
+-      assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0])
+-      assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59])
++      assert_time_constructor(tz, "1994-12-30 00:00:00 -1000", :local, [1994,12,30,0,0,0])
++      assert_time_constructor(tz, "1994-12-30 23:59:59 -1000", :local, [1994,12,30,23,59,59])
++      if CORRECT_KIRITIMATI_SKIP_1994
++        assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1994,12,31,0,0,0])
++        assert_time_constructor(tz, "1995-01-01 23:59:59 +1400", :local, [1994,12,31,23,59,59])
++        assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1995,1,1,0,0,0])
++      else
++        assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59])
++        assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0])
++        assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59])
++      end
+       assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,2,0,0,0])
+     }
+   end
+@@ -339,9 +351,18 @@ Europe/London  Sun Aug 10 00:59:59 1947 UTC = Sun Aug 10 02:59:59 1947 BDST isds
+ Europe/London  Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600
+ Europe/London  Sun Nov  2 01:59:59 1947 UTC = Sun Nov  2 02:59:59 1947 BST isdst=1 gmtoff=3600
+ Europe/London  Sun Nov  2 02:00:00 1947 UTC = Sun Nov  2 02:00:00 1947 GMT isdst=0 gmtoff=0
++End
++  if CORRECT_KIRITIMATI_SKIP_1994
++    gen_zdump_test <<'End'
++Pacific/Kiritimati  Sat Dec 31 09:59:59 1994 UTC = Fri Dec 30 23:59:59 1994 LINT isdst=0 gmtoff=-36000
++Pacific/Kiritimati  Sat Dec 31 10:00:00 1994 UTC = Sun Jan  1 00:00:00 1995 LINT isdst=0 gmtoff=50400
++End
++  else
++    gen_zdump_test <<'End'
+ Pacific/Kiritimati  Sun Jan  1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000
+ Pacific/Kiritimati  Sun Jan  1 10:00:00 1995 UTC = Mon Jan  2 00:00:00 1995 LINT isdst=0 gmtoff=50400
+ End
++  end
+   gen_zdump_test <<'End' if has_right_tz
+ right/America/Los_Angeles  Fri Jun 30 23:59:60 1972 UTC = Fri Jun 30 16:59:60 1972 PDT isdst=1 gmtoff=-25200
+ right/America/Los_Angeles  Wed Dec 31 23:59:60 2008 UTC = Wed Dec 31 15:59:60 2008 PST isdst=0 gmtoff=-28800
+@@ -389,5 +410,6 @@ End
+   gen_variational_zdump_test "lisbon", <<'End' if has_lisbon_tz
+ Europe/Lisbon  Mon Jan  1 00:36:31 1912 UTC = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2192
+ Europe/Lisbon  Mon Jan  1 00:36:44 1912 UT = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2205
++Europe/Lisbon  Sun Dec 31 23:59:59 1911 UT = Sun Dec 31 23:23:14 1911 LMT isdst=0 gmtoff=-2205
+ End
+ end
+-- 
+2.17.1
+
diff --git a/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch b/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch
new file mode 100644
index 0000000..1ae92ab
--- /dev/null
+++ b/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch
@@ -0,0 +1,57 @@
+From 3ab0720cc4a6b2525850ea192a99235873f22d6b Mon Sep 17 00:00:00 2001
+From: Kazuki Yamaguchi <k@rhe.jp>
+Date: Fri, 27 Jul 2018 17:01:04 +0900
+Subject: [PATCH] x509name: fix OpenSSL::X509::Name#{cmp,<=>}
+
+Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=>
+could return 0 when the two objects aren't identical.
+
+Reported by Tyler Eckstein. CVE-2018-16395.
+
+Reference: https://hackerone.com/reports/387250
+---
+ ext/openssl/ossl_x509name.c   |  2 +-
+ test/openssl/test_x509name.rb | 14 ++++++++++----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
+index 4b397055ab..a2662159e3 100644
+--- a/ext/openssl/ossl_x509name.c
++++ b/ext/openssl/ossl_x509name.c
+@@ -321,7 +321,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
+ 
+     result = ossl_x509name_cmp0(self, other);
+     if (result < 0) return INT2FIX(-1);
+-    if (result > 1) return INT2FIX(1);
++    if (result > 0) return INT2FIX(1);
+ 
+     return INT2FIX(0);
+ }
+diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
+index de35fc303a..642d7094a8 100644
+--- a/test/openssl/test_x509name.rb
++++ b/test/openssl/test_x509name.rb
+@@ -337,10 +337,16 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase
+   end
+ 
+   def test_spaceship
+-    n1 = OpenSSL::X509::Name.parse 'CN=a'
+-    n2 = OpenSSL::X509::Name.parse 'CN=b'
+-
+-    assert_equal(-1, n1 <=> n2)
++    n1 = OpenSSL::X509::Name.new([["CN", "a"]])
++    n2 = OpenSSL::X509::Name.new([["CN", "a"]])
++    n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
++
++    assert_equal 0, n1 <=> n2
++    assert_equal -1, n1 <=> n3
++    assert_equal 0, n2 <=> n1
++    assert_equal -1, n2 <=> n3
++    assert_equal 1, n3 <=> n1
++    assert_equal 1, n3 <=> n2
+   end
+ 
+   def name_hash(name)
+-- 
+2.17.1
+
diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec
index 4ce9dc1..a81c588 100644
--- a/SPECS/ruby.spec
+++ b/SPECS/ruby.spec
@@ -26,7 +26,7 @@
 %endif
 
 
-%global release 33
+%global release 34
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 %global rubygems_version 2.0.14.1
@@ -238,6 +238,14 @@ Patch47: ruby-2.1.0-Adding-Psych.safe_load.patch
 # Recent tzdata change breaks Ruby test suite.
 # https://bugs.ruby-lang.org/issues/14438
 Patch48: ruby-2.5.0-Disable-Tokyo-TZ-tests.patch
+# TestTimeTZ test failures Kiritimati and Lisbon
+# https://bugs.ruby-lang.org/issues/14655
+Patch49: ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch
+# CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1643086
+# https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5
+# https://github.com/ruby/ruby/commit/93bc10272734cbbb9197470ca629cc4ea019f6f0
+Patch50: ruby-2.5.3-fix-openssl-x509-name.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Requires: ruby(rubygems) >= %{rubygems_version}
@@ -528,6 +536,8 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
 %patch46 -p1
 %patch47 -p1
 %patch48 -p1
+%patch49 -p1
+%patch50 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -718,6 +728,10 @@ sed -i "/test_try_/ a\      return;" test/mkmf/test_flags.rb
 sed -i '/combination(STRINGS, STRINGS) {|str, salt|/i\    strict_crypt = true' \
   test/ruby/test_m17n_comb.rb
 
+# Fix "Could not find 'minitest'" error.
+# http://bugs.ruby-lang.org/issues/9259
+sed -i "/^  gem 'minitest', '~> 4.0'/ s/^/#/" lib/rubygems/test_case.rb
+
 # Allow MD5 in OpenSSL.
 # https://bugs.ruby-lang.org/issues/9154
 OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS"
@@ -1016,6 +1030,10 @@ OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS"
 %{ruby_libdir}/tkextlib
 
 %changelog
+* Thu Nov 01 2018 Jun Aruga <jaruga@redhat.com> - 2.0.0.648-34
+- CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work.
+  Resolves: CVE-2018-16395
+
 * Mon Feb 19 2018 Vít Ondruch <vondruch@redhat.com> - 2.0.0.648-33
 - Fix always passing WEBrick test.