Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Ruby bundled NKF, add appropriate `bundled` provide and test
License review and clarification
Upgrade by merging Fedora changes up to commit:
ff5301a5f3
Resolves: RHEL-37446
Resolves: RHEL-37448
Resolves: RHEL-37449
Resolves: RHEL-37447
TestGemBundledCA is commented out since some of the build
infra can see DNS but then cannot connect.
Ideally not even DNS can be resolved for the rubygems.org.
The tests always get omitted in builds
as long as the infra does not allow connecting outside,
which is what we expect as correct behavior from mock.
Related: RHEL-17090
Jarek Prokop
Adam Samalik
James Antill