net-imap: Update 0.3.9->0.4.24

This commit upgrades the bundled net-imap gem in Ruby 3.2.11 from the
original version of 0.3.9 to 04.24. This release contains a fix
for the following high-severity issue with STARTTLS:

  - GHSA-vcgp-9326-pqcp

There will be no further upstream releases to Ruby 3.2, thus we
have to upgrade this gem ourselves. The 0.4.0 release has a few breaking
changes, however there are several issues with the 0.3.10 version of
`net-imap`:

  - It will be the last release to `net-imap` 0.3.x

  - The 0.3.x releases will not install in containerized build
    environments where the default locale is set to `POSIX` (Debian).
    This was resloved in the 0.4.3 release by:
      ruby/net-imap#210

  - The 0.4.24 release contains fixes for additional medium-to-low
    severity issues:

      * GHSA-hm49-wcqc-g2xg
      * GHSA-q2mw-fvj9-vvcw
      * GHSA-87pf-fpwv-p7m7
      * GHSA-75xq-5h9v-w6px

CVE-2026-42246
CVE-2026-42257
CVE-2026-42256
CVE-2026-42258
CVE-2026-42245
Signed-off-by: Charlie Sharpsteen <charlie@overlookinfratech.com>

Author: Sharpie

configs/components/ruby-3.2.rb

@@ -43,6 +43,26 @@
     pkg.apply_patch "#{base}/openssl3_fips.patch"
   end
 
+  # Upgrade net-imap 0.3.9 -> 0.4.24, fixes CVE-2026-42246, other CVEs, and build issues.
+  pkg.add_source(
+    'https://rubygems.org/downloads/net-imap-0.4.24.gem',
+    {
+      # NOTE: Has to be MD5 due to vanagon limitations.
+      sum: 'dfe894c164fcef8eb7145f0dd3b9ce4f'
+    }
+  )
+  pkg.configure do
+    [
+      'cp ../net-imap-0.4.24.gem gems/',
+      "sed -i.bak 's/^net-imap.*/net-imap 0.4.24 https:\\/\\/github.com\\/ruby\\/net-imap/' gems/bundled_gems",
+      # This next bit can be done via "make extract-gems", but that requires us
+      # to have a "baseruby" installed.
+      'tar xf gems/net-imap-0.4.24.gem',
+      'mkdir .bundle/gems/net-imap-0.4.24',
+      'tar -C .bundle/gems/net-imap-0.4.24 -xzf data.tar.gz'
+    ]
+  end
+
   ####################
   # ENVIRONMENT, FLAGS
   ####################