rubygems-update 2.6.1 → 3.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +5899 -0
- data/CODE_OF_CONDUCT.md +76 -35
- data/CONTRIBUTING.md +231 -0
- data/MAINTAINERS.txt +8 -0
- data/Manifest.txt +428 -216
- data/POLICIES.md +135 -0
- data/README.md +112 -0
- data/UPGRADING.md +15 -0
- data/bundler/CHANGELOG.md +4719 -0
- data/bundler/LICENSE.md +22 -0
- data/bundler/README.md +58 -0
- data/bundler/UPGRADING.md +222 -0
- data/bundler/bundler.gemspec +46 -0
- data/bundler/exe/bundle +29 -0
- data/bundler/exe/bundler +4 -0
- data/bundler/lib/bundler/.document +1 -0
- data/bundler/lib/bundler/build_metadata.rb +45 -0
- data/bundler/lib/bundler/capistrano.rb +22 -0
- data/bundler/lib/bundler/checksum.rb +245 -0
- data/bundler/lib/bundler/ci_detector.rb +75 -0
- data/bundler/lib/bundler/cli/add.rb +47 -0
- data/bundler/lib/bundler/cli/binstubs.rb +57 -0
- data/bundler/lib/bundler/cli/cache.rb +43 -0
- data/bundler/lib/bundler/cli/check.rb +40 -0
- data/bundler/lib/bundler/cli/clean.rb +25 -0
- data/bundler/lib/bundler/cli/common.rb +138 -0
- data/bundler/lib/bundler/cli/config.rb +204 -0
- data/bundler/lib/bundler/cli/console.rb +44 -0
- data/bundler/lib/bundler/cli/doctor.rb +157 -0
- data/bundler/lib/bundler/cli/exec.rb +88 -0
- data/bundler/lib/bundler/cli/fund.rb +36 -0
- data/bundler/lib/bundler/cli/gem.rb +471 -0
- data/bundler/lib/bundler/cli/info.rb +83 -0
- data/bundler/lib/bundler/cli/init.rb +51 -0
- data/bundler/lib/bundler/cli/inject.rb +60 -0
- data/bundler/lib/bundler/cli/install.rb +190 -0
- data/bundler/lib/bundler/cli/issue.rb +41 -0
- data/bundler/lib/bundler/cli/list.rb +66 -0
- data/bundler/lib/bundler/cli/lock.rb +73 -0
- data/bundler/lib/bundler/cli/open.rb +29 -0
- data/bundler/lib/bundler/cli/outdated.rb +297 -0
- data/bundler/lib/bundler/cli/platform.rb +48 -0
- data/bundler/lib/bundler/cli/plugin.rb +34 -0
- data/bundler/lib/bundler/cli/pristine.rb +60 -0
- data/bundler/lib/bundler/cli/remove.rb +17 -0
- data/bundler/lib/bundler/cli/show.rb +75 -0
- data/bundler/lib/bundler/cli/update.rb +123 -0
- data/bundler/lib/bundler/cli/viz.rb +31 -0
- data/bundler/lib/bundler/cli.rb +846 -0
- data/bundler/lib/bundler/compact_index_client/cache.rb +121 -0
- data/bundler/lib/bundler/compact_index_client/cache_file.rb +153 -0
- data/bundler/lib/bundler/compact_index_client/gem_parser.rb +32 -0
- data/bundler/lib/bundler/compact_index_client/updater.rb +115 -0
- data/bundler/lib/bundler/compact_index_client.rb +126 -0
- data/bundler/lib/bundler/constants.rb +7 -0
- data/bundler/lib/bundler/current_ruby.rb +92 -0
- data/bundler/lib/bundler/definition.rb +1005 -0
- data/bundler/lib/bundler/dependency.rb +101 -0
- data/bundler/lib/bundler/deployment.rb +69 -0
- data/bundler/lib/bundler/deprecate.rb +44 -0
- data/bundler/lib/bundler/digest.rb +71 -0
- data/bundler/lib/bundler/dsl.rb +601 -0
- data/bundler/lib/bundler/endpoint_specification.rb +147 -0
- data/bundler/lib/bundler/env.rb +148 -0
- data/bundler/lib/bundler/environment_preserver.rb +86 -0
- data/bundler/lib/bundler/errors.rb +233 -0
- data/bundler/lib/bundler/feature_flag.rb +53 -0
- data/bundler/lib/bundler/fetcher/base.rb +52 -0
- data/bundler/lib/bundler/fetcher/compact_index.rb +129 -0
- data/bundler/lib/bundler/fetcher/dependency.rb +78 -0
- data/bundler/lib/bundler/fetcher/downloader.rb +91 -0
- data/bundler/lib/bundler/fetcher/gem_remote_fetcher.rb +16 -0
- data/bundler/lib/bundler/fetcher/index.rb +25 -0
- data/bundler/lib/bundler/fetcher.rb +324 -0
- data/bundler/lib/bundler/force_platform.rb +18 -0
- data/bundler/lib/bundler/friendly_errors.rb +126 -0
- data/bundler/lib/bundler/gem_helper.rb +237 -0
- data/bundler/lib/bundler/gem_helpers.rb +127 -0
- data/bundler/lib/bundler/gem_tasks.rb +7 -0
- data/bundler/lib/bundler/gem_version_promoter.rb +145 -0
- data/bundler/lib/bundler/graph.rb +152 -0
- data/bundler/lib/bundler/index.rb +205 -0
- data/bundler/lib/bundler/injector.rb +287 -0
- data/bundler/lib/bundler/inline.rb +73 -0
- data/bundler/lib/bundler/installer/gem_installer.rb +84 -0
- data/bundler/lib/bundler/installer/parallel_installer.rb +202 -0
- data/bundler/lib/bundler/installer/standalone.rb +116 -0
- data/bundler/lib/bundler/installer.rb +267 -0
- data/bundler/lib/bundler/lazy_specification.rb +170 -0
- data/bundler/lib/bundler/lockfile_generator.rb +104 -0
- data/bundler/lib/bundler/lockfile_parser.rb +289 -0
- data/bundler/lib/bundler/man/.document +1 -0
- data/bundler/lib/bundler/man/bundle-add.1 +59 -0
- data/bundler/lib/bundler/man/bundle-add.1.ronn +58 -0
- data/bundler/lib/bundler/man/bundle-binstubs.1 +30 -0
- data/bundler/lib/bundler/man/bundle-binstubs.1.ronn +41 -0
- data/bundler/lib/bundler/man/bundle-cache.1 +40 -0
- data/bundler/lib/bundler/man/bundle-cache.1.ronn +79 -0
- data/bundler/lib/bundler/man/bundle-check.1 +22 -0
- data/bundler/lib/bundler/man/bundle-check.1.ronn +26 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +17 -0
- data/bundler/lib/bundler/man/bundle-clean.1.ronn +18 -0
- data/bundler/lib/bundler/man/bundle-config.1 +321 -0
- data/bundler/lib/bundler/man/bundle-config.1.ronn +411 -0
- data/bundler/lib/bundler/man/bundle-console.1 +35 -0
- data/bundler/lib/bundler/man/bundle-console.1.ronn +44 -0
- data/bundler/lib/bundler/man/bundle-doctor.1 +30 -0
- data/bundler/lib/bundler/man/bundle-doctor.1.ronn +33 -0
- data/bundler/lib/bundler/man/bundle-exec.1 +104 -0
- data/bundler/lib/bundler/man/bundle-exec.1.ronn +151 -0
- data/bundler/lib/bundler/man/bundle-gem.1 +69 -0
- data/bundler/lib/bundler/man/bundle-gem.1.ronn +117 -0
- data/bundler/lib/bundler/man/bundle-help.1 +9 -0
- data/bundler/lib/bundler/man/bundle-help.1.ronn +12 -0
- data/bundler/lib/bundler/man/bundle-info.1 +14 -0
- data/bundler/lib/bundler/man/bundle-info.1.ronn +17 -0
- data/bundler/lib/bundler/man/bundle-init.1 +20 -0
- data/bundler/lib/bundler/man/bundle-init.1.ronn +31 -0
- data/bundler/lib/bundler/man/bundle-inject.1 +23 -0
- data/bundler/lib/bundler/man/bundle-inject.1.ronn +24 -0
- data/bundler/lib/bundler/man/bundle-install.1 +215 -0
- data/bundler/lib/bundler/man/bundle-install.1.ronn +383 -0
- data/bundler/lib/bundler/man/bundle-list.1 +35 -0
- data/bundler/lib/bundler/man/bundle-list.1.ronn +33 -0
- data/bundler/lib/bundler/man/bundle-lock.1 +60 -0
- data/bundler/lib/bundler/man/bundle-lock.1.ronn +94 -0
- data/bundler/lib/bundler/man/bundle-open.1 +32 -0
- data/bundler/lib/bundler/man/bundle-open.1.ronn +27 -0
- data/bundler/lib/bundler/man/bundle-outdated.1 +100 -0
- data/bundler/lib/bundler/man/bundle-outdated.1.ronn +106 -0
- data/bundler/lib/bundler/man/bundle-platform.1 +49 -0
- data/bundler/lib/bundler/man/bundle-platform.1.ronn +49 -0
- data/bundler/lib/bundler/man/bundle-plugin.1 +55 -0
- data/bundler/lib/bundler/man/bundle-plugin.1.ronn +59 -0
- data/bundler/lib/bundler/man/bundle-pristine.1 +23 -0
- data/bundler/lib/bundler/man/bundle-pristine.1.ronn +34 -0
- data/bundler/lib/bundler/man/bundle-remove.1 +21 -0
- data/bundler/lib/bundler/man/bundle-remove.1.ronn +23 -0
- data/bundler/lib/bundler/man/bundle-show.1 +16 -0
- data/bundler/lib/bundler/man/bundle-show.1.ronn +21 -0
- data/bundler/lib/bundler/man/bundle-update.1 +275 -0
- data/bundler/lib/bundler/man/bundle-update.1.ronn +351 -0
- data/bundler/lib/bundler/man/bundle-version.1 +22 -0
- data/bundler/lib/bundler/man/bundle-version.1.ronn +24 -0
- data/bundler/lib/bundler/man/bundle-viz.1 +30 -0
- data/bundler/lib/bundler/man/bundle-viz.1.ronn +32 -0
- data/bundler/lib/bundler/man/bundle.1 +102 -0
- data/bundler/lib/bundler/man/bundle.1.ronn +116 -0
- data/bundler/lib/bundler/man/gemfile.5 +470 -0
- data/bundler/lib/bundler/man/gemfile.5.ronn +552 -0
- data/bundler/lib/bundler/man/index.txt +29 -0
- data/bundler/lib/bundler/match_metadata.rb +17 -0
- data/bundler/lib/bundler/match_platform.rb +23 -0
- data/bundler/lib/bundler/match_remote_metadata.rb +29 -0
- data/bundler/lib/bundler/mirror.rb +221 -0
- data/bundler/lib/bundler/plugin/api/source.rb +321 -0
- data/bundler/lib/bundler/plugin/api.rb +81 -0
- data/bundler/lib/bundler/plugin/dsl.rb +53 -0
- data/bundler/lib/bundler/plugin/events.rb +61 -0
- data/bundler/lib/bundler/plugin/index.rb +193 -0
- data/bundler/lib/bundler/plugin/installer/git.rb +34 -0
- data/bundler/lib/bundler/plugin/installer/rubygems.rb +19 -0
- data/bundler/lib/bundler/plugin/installer.rb +112 -0
- data/bundler/lib/bundler/plugin/source_list.rb +31 -0
- data/bundler/lib/bundler/plugin.rb +359 -0
- data/bundler/lib/bundler/process_lock.rb +24 -0
- data/bundler/lib/bundler/remote_specification.rb +117 -0
- data/bundler/lib/bundler/resolver/base.rb +107 -0
- data/bundler/lib/bundler/resolver/candidate.rb +94 -0
- data/bundler/lib/bundler/resolver/incompatibility.rb +15 -0
- data/bundler/lib/bundler/resolver/package.rb +77 -0
- data/bundler/lib/bundler/resolver/root.rb +25 -0
- data/bundler/lib/bundler/resolver/spec_group.rb +79 -0
- data/bundler/lib/bundler/resolver.rb +462 -0
- data/bundler/lib/bundler/retry.rb +66 -0
- data/bundler/lib/bundler/ruby_dsl.rb +53 -0
- data/bundler/lib/bundler/ruby_version.rb +131 -0
- data/bundler/lib/bundler/rubygems_ext.rb +328 -0
- data/bundler/lib/bundler/rubygems_gem_installer.rb +137 -0
- data/bundler/lib/bundler/rubygems_integration.rb +493 -0
- data/bundler/lib/bundler/runtime.rb +307 -0
- data/bundler/lib/bundler/safe_marshal.rb +31 -0
- data/bundler/lib/bundler/self_manager.rb +186 -0
- data/bundler/lib/bundler/settings/validator.rb +102 -0
- data/bundler/lib/bundler/settings.rb +588 -0
- data/bundler/lib/bundler/setup.rb +33 -0
- data/bundler/lib/bundler/shared_helpers.rb +380 -0
- data/bundler/lib/bundler/similarity_detector.rb +63 -0
- data/bundler/lib/bundler/source/gemspec.rb +18 -0
- data/bundler/lib/bundler/source/git/git_proxy.rb +455 -0
- data/bundler/lib/bundler/source/git.rb +380 -0
- data/bundler/lib/bundler/source/metadata.rb +62 -0
- data/bundler/lib/bundler/source/path/installer.rb +53 -0
- data/bundler/lib/bundler/source/path.rb +261 -0
- data/bundler/lib/bundler/source/rubygems/remote.rb +68 -0
- data/bundler/lib/bundler/source/rubygems.rb +516 -0
- data/bundler/lib/bundler/source/rubygems_aggregate.rb +68 -0
- data/bundler/lib/bundler/source.rb +116 -0
- data/bundler/lib/bundler/source_list.rb +227 -0
- data/bundler/lib/bundler/source_map.rb +71 -0
- data/bundler/lib/bundler/spec_set.rb +247 -0
- data/bundler/lib/bundler/stub_specification.rb +119 -0
- data/bundler/lib/bundler/templates/.document +1 -0
- data/bundler/lib/bundler/templates/Executable +27 -0
- data/bundler/lib/bundler/templates/Executable.bundler +109 -0
- data/bundler/lib/bundler/templates/Executable.standalone +14 -0
- data/bundler/lib/bundler/templates/Gemfile +5 -0
- data/bundler/lib/bundler/templates/newgem/CHANGELOG.md.tt +5 -0
- data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +84 -0
- data/bundler/lib/bundler/templates/newgem/Cargo.toml.tt +7 -0
- data/bundler/lib/bundler/templates/newgem/Gemfile.tt +26 -0
- data/bundler/lib/bundler/templates/newgem/LICENSE.txt.tt +21 -0
- data/bundler/lib/bundler/templates/newgem/README.md.tt +45 -0
- data/bundler/lib/bundler/templates/newgem/Rakefile.tt +67 -0
- data/bundler/lib/bundler/templates/newgem/bin/console.tt +11 -0
- data/bundler/lib/bundler/templates/newgem/bin/setup.tt +8 -0
- data/bundler/lib/bundler/templates/newgem/circleci/config.yml.tt +25 -0
- data/bundler/lib/bundler/templates/newgem/exe/newgem.tt +3 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/Cargo.toml.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf-c.rb.tt +10 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/extconf-rust.rb.tt +6 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.c.tt +9 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/newgem.h.tt +6 -0
- data/bundler/lib/bundler/templates/newgem/ext/newgem/src/lib.rs.tt +12 -0
- data/bundler/lib/bundler/templates/newgem/github/workflows/main.yml.tt +37 -0
- data/bundler/lib/bundler/templates/newgem/gitignore.tt +23 -0
- data/bundler/lib/bundler/templates/newgem/gitlab-ci.yml.tt +18 -0
- data/bundler/lib/bundler/templates/newgem/lib/newgem/version.rb.tt +9 -0
- data/bundler/lib/bundler/templates/newgem/lib/newgem.rb.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +51 -0
- data/bundler/lib/bundler/templates/newgem/rspec.tt +3 -0
- data/bundler/lib/bundler/templates/newgem/rubocop.yml.tt +13 -0
- data/bundler/lib/bundler/templates/newgem/sig/newgem.rbs.tt +8 -0
- data/bundler/lib/bundler/templates/newgem/spec/newgem_spec.rb.tt +11 -0
- data/bundler/lib/bundler/templates/newgem/spec/spec_helper.rb.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/standard.yml.tt +3 -0
- data/bundler/lib/bundler/templates/newgem/test/minitest/test_helper.rb.tt +6 -0
- data/bundler/lib/bundler/templates/newgem/test/minitest/test_newgem.rb.tt +13 -0
- data/bundler/lib/bundler/templates/newgem/test/test-unit/newgem_test.rb.tt +15 -0
- data/bundler/lib/bundler/templates/newgem/test/test-unit/test_helper.rb.tt +6 -0
- data/bundler/lib/bundler/ui/rg_proxy.rb +19 -0
- data/bundler/lib/bundler/ui/shell.rb +165 -0
- data/bundler/lib/bundler/ui/silent.rb +85 -0
- data/bundler/lib/bundler/ui.rb +9 -0
- data/bundler/lib/bundler/uri_credentials_filter.rb +43 -0
- data/bundler/lib/bundler/uri_normalizer.rb +23 -0
- data/bundler/lib/bundler/vendor/.document +1 -0
- data/bundler/lib/bundler/vendor/connection_pool/LICENSE +20 -0
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/timed_stack.rb +174 -0
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/version.rb +3 -0
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool/wrapper.rb +56 -0
- data/bundler/lib/bundler/vendor/connection_pool/lib/connection_pool.rb +175 -0
- data/bundler/lib/bundler/vendor/fileutils/LICENSE.txt +22 -0
- data/bundler/lib/bundler/vendor/fileutils/lib/fileutils.rb +2694 -0
- data/bundler/lib/bundler/vendor/net-http-persistent/README.rdoc +82 -0
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/connection.rb +41 -0
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/pool.rb +65 -0
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent/timed_stack_multi.rb +79 -0
- data/bundler/lib/bundler/vendor/net-http-persistent/lib/net/http/persistent.rb +1073 -0
- data/bundler/lib/bundler/vendor/pub_grub/LICENSE.txt +21 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/assignment.rb +20 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/basic_package_source.rb +189 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/failure_writer.rb +182 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/incompatibility.rb +150 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/package.rb +43 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/partial_solution.rb +121 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/rubygems.rb +45 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/solve_failure.rb +19 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +60 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/term.rb +105 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version.rb +3 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_constraint.rb +129 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_range.rb +411 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_solver.rb +248 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/version_union.rb +178 -0
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub.rb +31 -0
- data/bundler/lib/bundler/vendor/thor/LICENSE.md +20 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_file.rb +105 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/create_link.rb +61 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/directory.rb +108 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/empty_directory.rb +143 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/file_manipulation.rb +373 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions/inject_into_file.rb +130 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/actions.rb +340 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/base.rb +825 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/command.rb +151 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/core_ext/hash_with_indifferent_access.rb +107 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/error.rb +106 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/group.rb +281 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/invocation.rb +178 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/line_editor/basic.rb +37 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/line_editor/readline.rb +88 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/line_editor.rb +17 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/nested_context.rb +29 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/parser/argument.rb +89 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/parser/arguments.rb +195 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/parser/option.rb +178 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/parser/options.rb +293 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/parser.rb +4 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/rake_compat.rb +72 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/runner.rb +335 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/basic.rb +388 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/color.rb +115 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/column_printer.rb +29 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/html.rb +84 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/lcs_diff.rb +49 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/table_printer.rb +134 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/terminal.rb +42 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell/wrapped_printer.rb +38 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/shell.rb +81 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/util.rb +285 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor/version.rb +3 -0
- data/bundler/lib/bundler/vendor/thor/lib/thor.rb +663 -0
- data/bundler/lib/bundler/vendor/tsort/LICENSE.txt +22 -0
- data/bundler/lib/bundler/vendor/tsort/lib/tsort.rb +455 -0
- data/bundler/lib/bundler/vendor/uri/LICENSE.txt +22 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/common.rb +853 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/file.rb +100 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/ftp.rb +267 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/generic.rb +1588 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/http.rb +125 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/https.rb +23 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/ldap.rb +261 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/ldaps.rb +22 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/mailto.rb +293 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +539 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +183 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/version.rb +6 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/ws.rb +83 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri/wss.rb +23 -0
- data/bundler/lib/bundler/vendor/uri/lib/uri.rb +104 -0
- data/bundler/lib/bundler/vendored_fileutils.rb +4 -0
- data/bundler/lib/bundler/vendored_net_http.rb +8 -0
- data/bundler/lib/bundler/vendored_persistent.rb +11 -0
- data/bundler/lib/bundler/vendored_pub_grub.rb +4 -0
- data/bundler/lib/bundler/vendored_thor.rb +8 -0
- data/bundler/lib/bundler/vendored_timeout.rb +8 -0
- data/bundler/lib/bundler/vendored_tsort.rb +4 -0
- data/bundler/lib/bundler/vendored_uri.rb +4 -0
- data/bundler/lib/bundler/version.rb +13 -0
- data/bundler/lib/bundler/vlad.rb +17 -0
- data/bundler/lib/bundler/worker.rb +117 -0
- data/bundler/lib/bundler/yaml_serializer.rb +93 -0
- data/bundler/lib/bundler.rb +665 -0
- data/{test/rubygems/bogussources.rb → exe/gem} +5 -2
- data/exe/update_rubygems +38 -0
- data/hide_lib_for_update/note.txt +0 -4
- data/lib/rubygems/available_set.rb +12 -12
- data/lib/rubygems/basic_specification.rb +75 -58
- data/lib/rubygems/bundler_version_finder.rb +77 -0
- data/lib/rubygems/ci_detector.rb +75 -0
- data/lib/rubygems/command.rb +144 -71
- data/lib/rubygems/command_manager.rb +64 -27
- data/lib/rubygems/commands/build_command.rb +88 -17
- data/lib/rubygems/commands/cert_command.rb +131 -83
- data/lib/rubygems/commands/check_command.rb +30 -27
- data/lib/rubygems/commands/cleanup_command.rb +57 -40
- data/lib/rubygems/commands/contents_command.rb +37 -39
- data/lib/rubygems/commands/dependency_command.rb +53 -65
- data/lib/rubygems/commands/environment_command.rb +32 -16
- data/lib/rubygems/commands/exec_command.rb +249 -0
- data/lib/rubygems/commands/fetch_command.rb +36 -19
- data/lib/rubygems/commands/generate_index_command.rb +40 -74
- data/lib/rubygems/commands/help_command.rb +22 -22
- data/lib/rubygems/commands/info_command.rb +38 -0
- data/lib/rubygems/commands/install_command.rb +67 -143
- data/lib/rubygems/commands/list_command.rb +10 -9
- data/lib/rubygems/commands/lock_command.rb +12 -14
- data/lib/rubygems/commands/mirror_command.rb +4 -4
- data/lib/rubygems/commands/open_command.rb +28 -26
- data/lib/rubygems/commands/outdated_command.rb +6 -6
- data/lib/rubygems/commands/owner_command.rb +51 -27
- data/lib/rubygems/commands/pristine_command.rb +99 -71
- data/lib/rubygems/commands/push_command.rb +53 -46
- data/lib/rubygems/commands/query_command.rb +21 -328
- data/lib/rubygems/commands/rdoc_command.rb +33 -33
- data/lib/rubygems/commands/search_command.rb +9 -9
- data/lib/rubygems/commands/server_command.rb +15 -76
- data/lib/rubygems/commands/setup_command.rb +370 -186
- data/lib/rubygems/commands/signin_command.rb +34 -0
- data/lib/rubygems/commands/signout_command.rb +32 -0
- data/lib/rubygems/commands/sources_command.rb +57 -41
- data/lib/rubygems/commands/specification_command.rb +38 -28
- data/lib/rubygems/commands/stale_command.rb +6 -5
- data/lib/rubygems/commands/uninstall_command.rb +96 -62
- data/lib/rubygems/commands/unpack_command.rb +44 -53
- data/lib/rubygems/commands/update_command.rb +155 -99
- data/lib/rubygems/commands/which_command.rb +14 -17
- data/lib/rubygems/commands/yank_command.rb +28 -32
- data/lib/rubygems/compatibility.rb +13 -32
- data/lib/rubygems/config_file.rb +214 -119
- data/lib/rubygems/core_ext/kernel_gem.rb +10 -16
- data/lib/rubygems/core_ext/kernel_require.rb +92 -90
- data/lib/rubygems/core_ext/kernel_warn.rb +49 -0
- data/lib/rubygems/core_ext/tcpsocket_init.rb +54 -0
- data/lib/rubygems/defaults.rb +184 -54
- data/lib/rubygems/dependency.rb +75 -62
- data/lib/rubygems/dependency_installer.rb +74 -230
- data/lib/rubygems/dependency_list.rb +32 -33
- data/lib/rubygems/deprecate.rb +113 -17
- data/lib/rubygems/doctor.rb +31 -31
- data/lib/rubygems/errors.rb +51 -13
- data/lib/rubygems/exceptions.rb +65 -35
- data/lib/rubygems/ext/build_error.rb +3 -1
- data/lib/rubygems/ext/builder.rb +103 -77
- data/lib/rubygems/ext/cargo_builder/link_flag_converter.rb +27 -0
- data/lib/rubygems/ext/cargo_builder.rb +360 -0
- data/lib/rubygems/ext/cmake_builder.rb +6 -7
- data/lib/rubygems/ext/configure_builder.rb +6 -9
- data/lib/rubygems/ext/ext_conf_builder.rb +40 -61
- data/lib/rubygems/ext/rake_builder.rb +18 -21
- data/lib/rubygems/ext.rb +8 -7
- data/lib/rubygems/gem_runner.rb +19 -21
- data/lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb +163 -0
- data/lib/rubygems/gemcutter_utilities/webauthn_listener.rb +105 -0
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +78 -0
- data/lib/rubygems/gemcutter_utilities.rb +246 -43
- data/lib/rubygems/install_default_message.rb +3 -3
- data/lib/rubygems/install_message.rb +3 -3
- data/lib/rubygems/install_update_options.rb +104 -98
- data/lib/rubygems/installer.rb +407 -225
- data/lib/rubygems/installer_uninstaller_utils.rb +27 -0
- data/lib/rubygems/local_remote_options.rb +29 -32
- data/lib/rubygems/name_tuple.rb +18 -23
- data/lib/rubygems/net/http.rb +3 -0
- data/lib/rubygems/net-http/LICENSE.txt +22 -0
- data/lib/rubygems/net-http/lib/net/http/backward.rb +40 -0
- data/lib/rubygems/net-http/lib/net/http/exceptions.rb +34 -0
- data/lib/rubygems/net-http/lib/net/http/generic_request.rb +414 -0
- data/lib/rubygems/net-http/lib/net/http/header.rb +981 -0
- data/lib/rubygems/net-http/lib/net/http/proxy_delta.rb +17 -0
- data/lib/rubygems/net-http/lib/net/http/request.rb +88 -0
- data/lib/rubygems/net-http/lib/net/http/requests.rb +425 -0
- data/lib/rubygems/net-http/lib/net/http/response.rb +738 -0
- data/lib/rubygems/net-http/lib/net/http/responses.rb +1174 -0
- data/lib/rubygems/net-http/lib/net/http/status.rb +84 -0
- data/lib/rubygems/net-http/lib/net/http.rb +2496 -0
- data/lib/rubygems/net-http/lib/net/https.rb +23 -0
- data/lib/rubygems/net-protocol/LICENSE.txt +22 -0
- data/lib/rubygems/net-protocol/lib/net/protocol.rb +544 -0
- data/lib/rubygems/openssl.rb +7 -0
- data/lib/rubygems/optparse/.document +1 -0
- data/lib/rubygems/optparse/COPYING +56 -0
- data/lib/rubygems/optparse/lib/optionparser.rb +2 -0
- data/lib/rubygems/optparse/lib/optparse/ac.rb +54 -0
- data/lib/rubygems/optparse/lib/optparse/date.rb +18 -0
- data/lib/rubygems/optparse/lib/optparse/kwargs.rb +22 -0
- data/lib/rubygems/optparse/lib/optparse/shellwords.rb +7 -0
- data/lib/rubygems/optparse/lib/optparse/time.rb +11 -0
- data/lib/rubygems/optparse/lib/optparse/uri.rb +7 -0
- data/lib/rubygems/optparse/lib/optparse/version.rb +71 -0
- data/lib/rubygems/optparse/lib/optparse.rb +2330 -0
- data/lib/rubygems/optparse.rb +3 -0
- data/lib/rubygems/package/digest_io.rb +5 -7
- data/lib/rubygems/package/file_source.rb +6 -8
- data/lib/rubygems/package/io_source.rb +6 -4
- data/lib/rubygems/package/old.rb +19 -28
- data/lib/rubygems/package/source.rb +1 -1
- data/lib/rubygems/package/tar_header.rb +114 -93
- data/lib/rubygems/package/tar_reader/entry.rb +116 -22
- data/lib/rubygems/package/tar_reader.rb +18 -40
- data/lib/rubygems/package/tar_writer.rb +42 -56
- data/lib/rubygems/package.rb +245 -145
- data/lib/rubygems/package_task.rb +8 -14
- data/lib/rubygems/path_support.rb +21 -16
- data/lib/rubygems/platform.rb +135 -74
- data/lib/rubygems/psych_tree.rb +3 -2
- data/lib/rubygems/query_utils.rb +349 -0
- data/lib/rubygems/rdoc.rb +4 -326
- data/lib/rubygems/remote_fetcher.rb +99 -181
- data/lib/rubygems/request/connection_pools.rb +31 -24
- data/lib/rubygems/request/http_pool.rb +6 -7
- data/lib/rubygems/request/https_pool.rb +2 -3
- data/lib/rubygems/request.rb +103 -53
- data/lib/rubygems/request_set/gem_dependency_api.rb +182 -190
- data/lib/rubygems/request_set/lockfile/parser.rb +42 -52
- data/lib/rubygems/request_set/lockfile/tokenizer.rb +34 -24
- data/lib/rubygems/request_set/lockfile.rb +32 -35
- data/lib/rubygems/request_set.rb +115 -71
- data/lib/rubygems/requirement.rb +77 -68
- data/lib/rubygems/resolv/LICENSE.txt +22 -0
- data/lib/rubygems/resolv/lib/resolv.rb +3387 -0
- data/lib/rubygems/resolver/activation_request.rb +34 -61
- data/lib/rubygems/resolver/api_set/gem_parser.rb +24 -0
- data/lib/rubygems/resolver/api_set.rb +40 -32
- data/lib/rubygems/resolver/api_specification.rb +37 -18
- data/lib/rubygems/resolver/best_set.rb +15 -17
- data/lib/rubygems/resolver/composed_set.rb +9 -11
- data/lib/rubygems/resolver/conflict.rb +19 -33
- data/lib/rubygems/resolver/current_set.rb +2 -4
- data/lib/rubygems/resolver/dependency_request.rb +8 -9
- data/lib/rubygems/resolver/git_set.rb +8 -10
- data/lib/rubygems/resolver/git_specification.rb +11 -13
- data/lib/rubygems/resolver/index_set.rb +13 -15
- data/lib/rubygems/resolver/index_specification.rb +42 -11
- data/lib/rubygems/resolver/installed_specification.rb +9 -11
- data/lib/rubygems/resolver/installer_set.rb +87 -45
- data/lib/rubygems/resolver/local_specification.rb +5 -7
- data/lib/rubygems/resolver/lock_set.rb +13 -15
- data/lib/rubygems/resolver/lock_specification.rb +13 -15
- data/lib/rubygems/resolver/molinillo/LICENSE +9 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/resolution_state.rb +57 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/delegates/specification_provider.rb +88 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/action.rb +36 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_edge_no_circular.rb +66 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/add_vertex.rb +62 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/delete_edge.rb +63 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/detach_vertex_named.rb +61 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/log.rb +126 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/set_payload.rb +46 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/tag.rb +36 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph/vertex.rb +164 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb +110 -146
- data/lib/rubygems/resolver/molinillo/lib/molinillo/errors.rb +83 -9
- data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +2 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/specification_provider.rb +13 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/ui.rb +3 -1
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb +552 -172
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolver.rb +3 -2
- data/lib/rubygems/resolver/molinillo/lib/molinillo/state.rb +12 -6
- data/lib/rubygems/resolver/molinillo/lib/molinillo.rb +6 -5
- data/lib/rubygems/resolver/molinillo.rb +2 -1
- data/lib/rubygems/resolver/requirement_list.rb +2 -2
- data/lib/rubygems/resolver/set.rb +3 -5
- data/lib/rubygems/resolver/source_set.rb +6 -7
- data/lib/rubygems/resolver/spec_specification.rb +16 -4
- data/lib/rubygems/resolver/specification.rb +25 -10
- data/lib/rubygems/resolver/stats.rb +1 -0
- data/lib/rubygems/resolver/vendor_set.rb +6 -8
- data/lib/rubygems/resolver/vendor_specification.rb +6 -8
- data/lib/rubygems/resolver.rb +121 -72
- data/lib/rubygems/s3_uri_signer.rb +177 -0
- data/lib/rubygems/safe_marshal/elements.rb +138 -0
- data/lib/rubygems/safe_marshal/reader.rb +306 -0
- data/lib/rubygems/safe_marshal/visitors/stream_printer.rb +31 -0
- data/lib/rubygems/safe_marshal/visitors/to_ruby.rb +385 -0
- data/lib/rubygems/safe_marshal/visitors/visitor.rb +74 -0
- data/lib/rubygems/safe_marshal.rb +74 -0
- data/lib/rubygems/safe_yaml.rb +36 -0
- data/lib/rubygems/security/policies.rb +49 -51
- data/lib/rubygems/security/policy.rb +46 -53
- data/lib/rubygems/security/signer.rb +86 -29
- data/lib/rubygems/security/trust_dir.rb +22 -24
- data/lib/rubygems/security.rb +101 -82
- data/lib/rubygems/security_option.rb +43 -0
- data/lib/rubygems/shellwords.rb +3 -0
- data/lib/rubygems/source/git.rb +40 -42
- data/lib/rubygems/source/installed.rb +5 -9
- data/lib/rubygems/source/local.rb +30 -33
- data/lib/rubygems/source/lock.rb +10 -10
- data/lib/rubygems/source/specific_file.rb +7 -9
- data/lib/rubygems/source/vendor.rb +3 -7
- data/lib/rubygems/source.rb +78 -68
- data/lib/rubygems/source_list.rb +11 -15
- data/lib/rubygems/spec_fetcher.rb +71 -83
- data/lib/rubygems/specification.rb +833 -1115
- data/lib/rubygems/specification_policy.rb +538 -0
- data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA.pem +21 -0
- data/lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem +21 -0
- data/lib/rubygems/stub_specification.rb +55 -57
- data/lib/rubygems/text.rb +39 -27
- data/lib/rubygems/timeout/LICENSE.txt +22 -0
- data/lib/rubygems/timeout/lib/timeout.rb +199 -0
- data/lib/rubygems/timeout.rb +3 -0
- data/lib/rubygems/tsort/.document +1 -0
- data/lib/rubygems/tsort/LICENSE.txt +22 -0
- data/lib/rubygems/tsort/lib/tsort.rb +455 -0
- data/lib/rubygems/tsort.rb +3 -0
- data/lib/rubygems/uninstaller.rb +150 -87
- data/lib/rubygems/unknown_command_spell_checker.rb +21 -0
- data/lib/rubygems/update_suggestion.rb +56 -0
- data/lib/rubygems/uri.rb +126 -0
- data/lib/rubygems/uri_formatter.rb +4 -7
- data/lib/rubygems/user_interaction.rb +92 -146
- data/lib/rubygems/util/licenses.rb +712 -317
- data/lib/rubygems/util/list.rb +5 -2
- data/lib/rubygems/util.rb +58 -75
- data/lib/rubygems/validator.rb +26 -48
- data/lib/rubygems/version.rb +106 -56
- data/lib/rubygems/version_option.rb +22 -14
- data/lib/rubygems/yaml_serializer.rb +93 -0
- data/lib/rubygems.rb +427 -361
- data/rubygems-update.gemspec +38 -0
- data/setup.rb +13 -27
- metadata +500 -363
- data/.autotest +0 -71
- data/.document +0 -5
- data/.travis.yml +0 -46
- data/CONTRIBUTING.rdoc +0 -129
- data/CVE-2013-4287.txt +0 -35
- data/CVE-2013-4363.txt +0 -45
- data/CVE-2015-3900.txt +0 -40
- data/History.txt +0 -3105
- data/MAINTAINERS.md +0 -5
- data/POLICIES.rdoc +0 -61
- data/README.rdoc +0 -54
- data/Rakefile +0 -449
- data/UPGRADING.rdoc +0 -92
- data/appveyor.yml +0 -36
- data/bin/gem +0 -25
- data/bin/update_rubygems +0 -37
- data/lib/gauntlet_rubygems.rb +0 -51
- data/lib/rubygems/indexer.rb +0 -434
- data/lib/rubygems/installer_test_case.rb +0 -194
- data/lib/rubygems/mock_gem_ui.rb +0 -89
- data/lib/rubygems/package/tar_test_case.rb +0 -147
- data/lib/rubygems/psych_additions.rb +0 -10
- data/lib/rubygems/server.rb +0 -869
- data/lib/rubygems/source_local.rb +0 -6
- data/lib/rubygems/source_specific_file.rb +0 -5
- data/lib/rubygems/ssl_certs/AddTrustExternalCARoot-2048.pem +0 -25
- data/lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem +0 -32
- data/lib/rubygems/ssl_certs/Class3PublicPrimaryCertificationAuthority.pem +0 -14
- data/lib/rubygems/ssl_certs/DigiCertHighAssuranceEVRootCA.pem +0 -23
- data/lib/rubygems/ssl_certs/EntrustnetSecureServerCertificationAuthority.pem +0 -28
- data/lib/rubygems/ssl_certs/GeoTrustGlobalCA.pem +0 -20
- data/lib/rubygems/syck_hack.rb +0 -77
- data/lib/rubygems/test_case.rb +0 -1496
- data/lib/rubygems/test_utilities.rb +0 -384
- data/lib/ubygems.rb +0 -11
- data/test/rubygems/alternate_cert.pem +0 -18
- data/test/rubygems/alternate_cert_32.pem +0 -18
- data/test/rubygems/alternate_key.pem +0 -27
- data/test/rubygems/bad_rake.rb +0 -2
- data/test/rubygems/ca_cert.pem +0 -68
- data/test/rubygems/child_cert.pem +0 -18
- data/test/rubygems/child_cert_32.pem +0 -18
- data/test/rubygems/child_key.pem +0 -27
- data/test/rubygems/client.pem +0 -49
- data/test/rubygems/data/gem-private_key.pem +0 -27
- data/test/rubygems/data/gem-public_cert.pem +0 -20
- data/test/rubygems/data/null-type.gemspec.rz +0 -0
- data/test/rubygems/encrypted_private_key.pem +0 -30
- data/test/rubygems/expired_cert.pem +0 -18
- data/test/rubygems/fake_certlib/openssl.rb +0 -8
- data/test/rubygems/fix_openssl_warnings.rb +0 -13
- data/test/rubygems/foo/discover.rb +0 -1
- data/test/rubygems/future_cert.pem +0 -18
- data/test/rubygems/future_cert_32.pem +0 -18
- data/test/rubygems/good_rake.rb +0 -2
- data/test/rubygems/grandchild_cert.pem +0 -18
- data/test/rubygems/grandchild_cert_32.pem +0 -18
- data/test/rubygems/grandchild_key.pem +0 -27
- data/test/rubygems/invalid_client.pem +0 -49
- data/test/rubygems/invalid_issuer_cert.pem +0 -18
- data/test/rubygems/invalid_issuer_cert_32.pem +0 -18
- data/test/rubygems/invalid_key.pem +0 -27
- data/test/rubygems/invalid_signer_cert.pem +0 -18
- data/test/rubygems/invalid_signer_cert_32.pem +0 -18
- data/test/rubygems/invalidchild_cert.pem +0 -18
- data/test/rubygems/invalidchild_cert_32.pem +0 -18
- data/test/rubygems/invalidchild_key.pem +0 -27
- data/test/rubygems/plugin/exception/rubygems_plugin.rb +0 -3
- data/test/rubygems/plugin/load/rubygems_plugin.rb +0 -4
- data/test/rubygems/plugin/standarderror/rubygems_plugin.rb +0 -3
- data/test/rubygems/private_key.pem +0 -27
- data/test/rubygems/public_cert.pem +0 -18
- data/test/rubygems/public_cert_32.pem +0 -18
- data/test/rubygems/public_key.pem +0 -9
- data/test/rubygems/rubygems/commands/crash_command.rb +0 -6
- data/test/rubygems/rubygems_plugin.rb +0 -22
- data/test/rubygems/sff/discover.rb +0 -1
- data/test/rubygems/simple_gem.rb +0 -67
- data/test/rubygems/specifications/bar-0.0.2.gemspec +0 -9
- data/test/rubygems/specifications/foo-0.0.1-x86-mswin32.gemspec +0 -0
- data/test/rubygems/ssl_cert.pem +0 -19
- data/test/rubygems/ssl_key.pem +0 -15
- data/test/rubygems/test_bundled_ca.rb +0 -59
- data/test/rubygems/test_config.rb +0 -24
- data/test/rubygems/test_deprecate.rb +0 -77
- data/test/rubygems/test_gem.rb +0 -1718
- data/test/rubygems/test_gem_available_set.rb +0 -130
- data/test/rubygems/test_gem_command.rb +0 -248
- data/test/rubygems/test_gem_command_manager.rb +0 -264
- data/test/rubygems/test_gem_commands_build_command.rb +0 -121
- data/test/rubygems/test_gem_commands_cert_command.rb +0 -671
- data/test/rubygems/test_gem_commands_check_command.rb +0 -69
- data/test/rubygems/test_gem_commands_cleanup_command.rb +0 -197
- data/test/rubygems/test_gem_commands_contents_command.rb +0 -240
- data/test/rubygems/test_gem_commands_dependency_command.rb +0 -230
- data/test/rubygems/test_gem_commands_environment_command.rb +0 -154
- data/test/rubygems/test_gem_commands_fetch_command.rb +0 -127
- data/test/rubygems/test_gem_commands_generate_index_command.rb +0 -51
- data/test/rubygems/test_gem_commands_help_command.rb +0 -75
- data/test/rubygems/test_gem_commands_install_command.rb +0 -1007
- data/test/rubygems/test_gem_commands_list_command.rb +0 -34
- data/test/rubygems/test_gem_commands_lock_command.rb +0 -69
- data/test/rubygems/test_gem_commands_mirror.rb +0 -20
- data/test/rubygems/test_gem_commands_open_command.rb +0 -70
- data/test/rubygems/test_gem_commands_outdated_command.rb +0 -33
- data/test/rubygems/test_gem_commands_owner_command.rb +0 -205
- data/test/rubygems/test_gem_commands_pristine_command.rb +0 -491
- data/test/rubygems/test_gem_commands_push_command.rb +0 -330
- data/test/rubygems/test_gem_commands_query_command.rb +0 -657
- data/test/rubygems/test_gem_commands_search_command.rb +0 -18
- data/test/rubygems/test_gem_commands_server_command.rb +0 -60
- data/test/rubygems/test_gem_commands_setup_command.rb +0 -136
- data/test/rubygems/test_gem_commands_sources_command.rb +0 -249
- data/test/rubygems/test_gem_commands_specification_command.rb +0 -251
- data/test/rubygems/test_gem_commands_stale_command.rb +0 -43
- data/test/rubygems/test_gem_commands_uninstall_command.rb +0 -283
- data/test/rubygems/test_gem_commands_unpack_command.rb +0 -209
- data/test/rubygems/test_gem_commands_update_command.rb +0 -514
- data/test/rubygems/test_gem_commands_which_command.rb +0 -87
- data/test/rubygems/test_gem_commands_yank_command.rb +0 -100
- data/test/rubygems/test_gem_config_file.rb +0 -491
- data/test/rubygems/test_gem_dependency.rb +0 -362
- data/test/rubygems/test_gem_dependency_installer.rb +0 -1235
- data/test/rubygems/test_gem_dependency_list.rb +0 -260
- data/test/rubygems/test_gem_dependency_resolution_error.rb +0 -29
- data/test/rubygems/test_gem_doctor.rb +0 -169
- data/test/rubygems/test_gem_ext_builder.rb +0 -341
- data/test/rubygems/test_gem_ext_cmake_builder.rb +0 -87
- data/test/rubygems/test_gem_ext_configure_builder.rb +0 -87
- data/test/rubygems/test_gem_ext_ext_conf_builder.rb +0 -211
- data/test/rubygems/test_gem_ext_rake_builder.rb +0 -65
- data/test/rubygems/test_gem_gem_runner.rb +0 -69
- data/test/rubygems/test_gem_gemcutter_utilities.rb +0 -235
- data/test/rubygems/test_gem_impossible_dependencies_error.rb +0 -62
- data/test/rubygems/test_gem_indexer.rb +0 -367
- data/test/rubygems/test_gem_install_update_options.rb +0 -197
- data/test/rubygems/test_gem_installer.rb +0 -1552
- data/test/rubygems/test_gem_local_remote_options.rb +0 -134
- data/test/rubygems/test_gem_name_tuple.rb +0 -45
- data/test/rubygems/test_gem_package.rb +0 -876
- data/test/rubygems/test_gem_package_old.rb +0 -90
- data/test/rubygems/test_gem_package_tar_header.rb +0 -147
- data/test/rubygems/test_gem_package_tar_reader.rb +0 -90
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +0 -142
- data/test/rubygems/test_gem_package_tar_writer.rb +0 -264
- data/test/rubygems/test_gem_package_task.rb +0 -84
- data/test/rubygems/test_gem_path_support.rb +0 -121
- data/test/rubygems/test_gem_platform.rb +0 -308
- data/test/rubygems/test_gem_rdoc.rb +0 -270
- data/test/rubygems/test_gem_remote_fetcher.rb +0 -1051
- data/test/rubygems/test_gem_request.rb +0 -363
- data/test/rubygems/test_gem_request_connection_pools.rb +0 -130
- data/test/rubygems/test_gem_request_set.rb +0 -595
- data/test/rubygems/test_gem_request_set_gem_dependency_api.rb +0 -831
- data/test/rubygems/test_gem_request_set_lockfile.rb +0 -470
- data/test/rubygems/test_gem_request_set_lockfile_parser.rb +0 -549
- data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +0 -306
- data/test/rubygems/test_gem_requirement.rb +0 -387
- data/test/rubygems/test_gem_resolver.rb +0 -715
- data/test/rubygems/test_gem_resolver_activation_request.rb +0 -74
- data/test/rubygems/test_gem_resolver_api_set.rb +0 -209
- data/test/rubygems/test_gem_resolver_api_specification.rb +0 -145
- data/test/rubygems/test_gem_resolver_best_set.rb +0 -138
- data/test/rubygems/test_gem_resolver_composed_set.rb +0 -46
- data/test/rubygems/test_gem_resolver_conflict.rb +0 -88
- data/test/rubygems/test_gem_resolver_dependency_request.rb +0 -85
- data/test/rubygems/test_gem_resolver_git_set.rb +0 -190
- data/test/rubygems/test_gem_resolver_git_specification.rb +0 -114
- data/test/rubygems/test_gem_resolver_index_set.rb +0 -90
- data/test/rubygems/test_gem_resolver_index_specification.rb +0 -90
- data/test/rubygems/test_gem_resolver_installed_specification.rb +0 -50
- data/test/rubygems/test_gem_resolver_installer_set.rb +0 -258
- data/test/rubygems/test_gem_resolver_local_specification.rb +0 -46
- data/test/rubygems/test_gem_resolver_lock_set.rb +0 -64
- data/test/rubygems/test_gem_resolver_lock_specification.rb +0 -100
- data/test/rubygems/test_gem_resolver_requirement_list.rb +0 -21
- data/test/rubygems/test_gem_resolver_specification.rb +0 -65
- data/test/rubygems/test_gem_resolver_vendor_set.rb +0 -84
- data/test/rubygems/test_gem_resolver_vendor_specification.rb +0 -84
- data/test/rubygems/test_gem_security.rb +0 -307
- data/test/rubygems/test_gem_security_policy.rb +0 -541
- data/test/rubygems/test_gem_security_signer.rb +0 -209
- data/test/rubygems/test_gem_security_trust_dir.rb +0 -101
- data/test/rubygems/test_gem_server.rb +0 -409
- data/test/rubygems/test_gem_silent_ui.rb +0 -117
- data/test/rubygems/test_gem_source.rb +0 -242
- data/test/rubygems/test_gem_source_fetch_problem.rb +0 -20
- data/test/rubygems/test_gem_source_git.rb +0 -309
- data/test/rubygems/test_gem_source_installed.rb +0 -37
- data/test/rubygems/test_gem_source_list.rb +0 -118
- data/test/rubygems/test_gem_source_local.rb +0 -107
- data/test/rubygems/test_gem_source_lock.rb +0 -115
- data/test/rubygems/test_gem_source_specific_file.rb +0 -76
- data/test/rubygems/test_gem_source_vendor.rb +0 -32
- data/test/rubygems/test_gem_spec_fetcher.rb +0 -311
- data/test/rubygems/test_gem_specification.rb +0 -3519
- data/test/rubygems/test_gem_stream_ui.rb +0 -239
- data/test/rubygems/test_gem_stub_specification.rb +0 -217
- data/test/rubygems/test_gem_text.rb +0 -77
- data/test/rubygems/test_gem_uninstaller.rb +0 -485
- data/test/rubygems/test_gem_unsatisfiable_dependency_error.rb +0 -33
- data/test/rubygems/test_gem_uri_formatter.rb +0 -29
- data/test/rubygems/test_gem_util.rb +0 -40
- data/test/rubygems/test_gem_validator.rb +0 -46
- data/test/rubygems/test_gem_version.rb +0 -222
- data/test/rubygems/test_gem_version_option.rb +0 -152
- data/test/rubygems/test_kernel.rb +0 -86
- data/test/rubygems/test_require.rb +0 -322
- data/test/rubygems/wrong_key_cert.pem +0 -18
- data/test/rubygems/wrong_key_cert_32.pem +0 -18
- data/util/CL2notes +0 -56
- data/util/create_certs.rb +0 -157
- data/util/create_encrypted_key.rb +0 -17
- data/util/generate_spdx_license_list.rb +0 -51
- data/util/update_bundled_ca_certificates.rb +0 -118
data/.autotest
DELETED
@@ -1,71 +0,0 @@
|
|
1
|
-
# -*- ruby -*-
|
2
|
-
|
3
|
-
Gem.refresh
|
4
|
-
|
5
|
-
require 'autotest/restart'
|
6
|
-
require 'autotest/isolate'
|
7
|
-
|
8
|
-
Autotest.add_hook :run_command do |_, cmd|
|
9
|
-
cmd.sub! ' -e ', ' -we '
|
10
|
-
end
|
11
|
-
|
12
|
-
Autotest.add_hook :initialize do |at|
|
13
|
-
at.testlib = ''
|
14
|
-
|
15
|
-
at.failed_results_re = /^\s+\d+\) (?:Failure|Error):\n(.*?):/
|
16
|
-
at.completed_re = /\d+ tests, \d+ assertions, \d+ failures, \d+ errors/
|
17
|
-
|
18
|
-
at.add_exception %r%/\.git/%
|
19
|
-
at.add_exception %r%\.rbc$%
|
20
|
-
at.add_exception %r%test/rubygems/rubygems%
|
21
|
-
|
22
|
-
at.find_directories.clear
|
23
|
-
at.find_directories.push 'lib', 'test'
|
24
|
-
|
25
|
-
at.add_mapping %r%^lib/rubygems.rb$% do |_, m|
|
26
|
-
"test/rubygems/test_gem.rb"
|
27
|
-
end
|
28
|
-
|
29
|
-
at.add_mapping %r%^lib/rubygems/(.*).rb$% do |_, m|
|
30
|
-
"test/rubygems/test_gem_#{m[1].gsub '/', '_'}.rb"
|
31
|
-
end
|
32
|
-
|
33
|
-
args = ARGV.reject { |a| a =~ /^-/ }
|
34
|
-
at.find_directories = args unless args.empty?
|
35
|
-
|
36
|
-
def at.handle_results results
|
37
|
-
results = results.gsub(/\e\[\d+m/, '') # strip ascii color
|
38
|
-
failed = results.scan(self.failed_results_re).map { |m, k|
|
39
|
-
/(?<k>\w+)#(?<m>\w+)/ =~ m
|
40
|
-
[m, k]
|
41
|
-
}
|
42
|
-
|
43
|
-
completed = results[self.completed_re]
|
44
|
-
|
45
|
-
if completed then
|
46
|
-
completed = completed.scan(/(\d+) (\w+)/).map { |v, k| [k, v.to_i] }
|
47
|
-
|
48
|
-
self.latest_results = Hash[*completed.flatten]
|
49
|
-
self.files_to_test = consolidate_failures failed
|
50
|
-
|
51
|
-
color = failed.empty? ? :green : :red
|
52
|
-
hook color unless $TESTING
|
53
|
-
else
|
54
|
-
self.latest_results = nil
|
55
|
-
end
|
56
|
-
|
57
|
-
self.tainted = true unless self.files_to_test.empty?
|
58
|
-
end
|
59
|
-
|
60
|
-
def at.path_to_classname s
|
61
|
-
sep = File::SEPARATOR
|
62
|
-
|
63
|
-
f = s.sub(/^test#{sep}rubygems#{sep}/, '').sub(/\.rb$/, '').split sep
|
64
|
-
|
65
|
-
f = f.map { |path| path.split(/_|(\d+)/).map { |seg| seg.capitalize }.join }
|
66
|
-
|
67
|
-
f.join('::').
|
68
|
-
gsub('Rdoc', 'RDoc').
|
69
|
-
gsub('GemDependencyApi', 'GemDependencyAPI')
|
70
|
-
end
|
71
|
-
end
|
data/.document
DELETED
data/.travis.yml
DELETED
@@ -1,46 +0,0 @@
|
|
1
|
-
---
|
2
|
-
after_script:
|
3
|
-
- rake travis:after -t
|
4
|
-
before_script:
|
5
|
-
- gem uninstall executable-hooks gem-wrappers -x --force -i `gem env home`@global
|
6
|
-
- gem install rake --no-document
|
7
|
-
- gem install hoe-travis --no-document
|
8
|
-
- gem install minitest -v '~> 4.7' --no-document
|
9
|
-
- rake travis:before -t
|
10
|
-
- gem list --details
|
11
|
-
- gem env
|
12
|
-
language: ruby
|
13
|
-
notifications:
|
14
|
-
email:
|
15
|
-
- drbrain@segment7.net
|
16
|
-
- evan+notify@phx.io
|
17
|
-
rvm:
|
18
|
-
- 1.8.7
|
19
|
-
- 1.9.2
|
20
|
-
- 1.9.3
|
21
|
-
- 2.0.0
|
22
|
-
- 2.1.7
|
23
|
-
- 2.2.3
|
24
|
-
- 2.3.0
|
25
|
-
- ruby-head
|
26
|
-
env:
|
27
|
-
- "YAML=syck"
|
28
|
-
- "YAML=psych"
|
29
|
-
script: rake travis
|
30
|
-
matrix:
|
31
|
-
exclude:
|
32
|
-
- rvm: 1.8.7
|
33
|
-
env: "YAML=psych"
|
34
|
-
- rvm: 2.0.0
|
35
|
-
env: "YAML=syck"
|
36
|
-
- rvm: 2.1.7
|
37
|
-
env: "YAML=syck"
|
38
|
-
- rvm: 2.2.3
|
39
|
-
env: "YAML=syck"
|
40
|
-
- rvm: 2.3.0
|
41
|
-
env: "YAML=syck"
|
42
|
-
- rvm: ruby-head
|
43
|
-
env: "YAML=syck"
|
44
|
-
allow_failures:
|
45
|
-
- rvm: ruby-head
|
46
|
-
sudo: false
|
data/CONTRIBUTING.rdoc
DELETED
@@ -1,129 +0,0 @@
|
|
1
|
-
= How to contribute
|
2
|
-
|
3
|
-
Community involvement is essential to RubyGems. We want to keep it easy as
|
4
|
-
possible to contribute changes. There are a few guidelines that we need
|
5
|
-
contributors to follow to reduce the time it takes to get changes merged in.
|
6
|
-
|
7
|
-
== Guidelines
|
8
|
-
|
9
|
-
1. New features should be coupled with tests.
|
10
|
-
|
11
|
-
2. Ensure that your code blends well with ours:
|
12
|
-
* No trailing whitespace
|
13
|
-
* Match indentation (two spaces)
|
14
|
-
* Match coding style (`if`, `elsif`, `when` need trailing `then`)
|
15
|
-
|
16
|
-
3. Don't modify the history file or version number.
|
17
|
-
|
18
|
-
4. If you have any questions, just ask on IRC in #rubygems on Freenode or file
|
19
|
-
an issue here: http://github.com/rubygems/rubygems/issues
|
20
|
-
|
21
|
-
For more information and ideas on how to contribute to RubyGems ecosystem, see
|
22
|
-
here: http://guides.rubygems.org/contributing/
|
23
|
-
|
24
|
-
== Getting Started
|
25
|
-
|
26
|
-
$ gem install hoe
|
27
|
-
$ rake newb
|
28
|
-
|
29
|
-
To run commands like `gem install` from the repo:
|
30
|
-
|
31
|
-
$ ruby -Ilib bin/gem install
|
32
|
-
|
33
|
-
== Issues
|
34
|
-
|
35
|
-
RubyGems uses labels to track all issues and pull requests. In order to provide
|
36
|
-
guidance to the community this is documentation of how labels are used in the
|
37
|
-
rubygems repository.
|
38
|
-
|
39
|
-
=== Type
|
40
|
-
|
41
|
-
Most Issues or pull requests will have one of these labels, which describes the
|
42
|
-
type of the issue or pull request.
|
43
|
-
|
44
|
-
* <b>bug report</b> - An issue describing a bug in rubygems. This would be something
|
45
|
-
that is broken, confusing, unexpected behavior etc.
|
46
|
-
* <b>bugfix</b> - A pull request that fixes a bug report.
|
47
|
-
* <b>feature request</b> - An issue describing a request for a new feature or
|
48
|
-
enhancement.
|
49
|
-
* <b>feature implementation</b> - A pull request implementing a feature request.
|
50
|
-
* <b>question</b> - An issue that is a more of a question than a call for specific
|
51
|
-
changes in the codebase.
|
52
|
-
* <b>cleanup</b> - Generally for a pull request that improves the code base without
|
53
|
-
fixing a bug or implementing a feature.
|
54
|
-
* <b>major bump</b> - This issue or pull request requires a major version bump
|
55
|
-
* <b>administrative</b> - This issue relates to adminstrative tasks that need to
|
56
|
-
take place as it relates to rubygems
|
57
|
-
|
58
|
-
Bug report and Bugfix have the same color. And feature implementation and
|
59
|
-
feature request have the same color since they are related labels.
|
60
|
-
|
61
|
-
=== Workflow
|
62
|
-
|
63
|
-
These are labels that indicate the state of an issue, where it is in the process
|
64
|
-
from being submitted to being closed. These are listed in rough progression
|
65
|
-
order from submitted to closed.
|
66
|
-
|
67
|
-
* <b>triage</b> - This is an issue or pull request that needs to be properly
|
68
|
-
labeled by by a maintainer.
|
69
|
-
* <b>accepted</b> - This issue / pull request has been accepted as valid and
|
70
|
-
will be worked on by someone.
|
71
|
-
* <b>ready for work</b> - An issue that is available for collaboration. This issue
|
72
|
-
should have existing discussion on the problem, and a description of how to go
|
73
|
-
about solving it. This label should be removed once someone has said they are
|
74
|
-
going to work on it.
|
75
|
-
* <b>claimed</b> - An issue that is claimed by a member of the community and is
|
76
|
-
working on it. If the member can be assigned to the issue, they should be.
|
77
|
-
* <b>feedback</b>- This issue/pull request is waiting on feedback from
|
78
|
-
one ore more of the folks involved in the issue. Generally their should be an
|
79
|
-
<tt>@username/team</tt> in the issue indicating who should respond.
|
80
|
-
* <b>blocked</b> - the issue/pull request is currently unable to move forward because
|
81
|
-
of some specific reason, generally this will be a reason that is outside
|
82
|
-
RubyGems or needs feedback from some specific individual or group, and it may
|
83
|
-
be a while before something it is resolved.
|
84
|
-
|
85
|
-
Feedback and blocked all have the same color since they are all waiting on
|
86
|
-
someone in particular to do something.
|
87
|
-
|
88
|
-
=== Inactive Reason
|
89
|
-
|
90
|
-
Reasons are why an issue / pull request was closed without being worked on or
|
91
|
-
accepted. There should also be more detailed information in the comments.
|
92
|
-
|
93
|
-
* *duplicate* - This is a duplicate of an existing bug. The comments must
|
94
|
-
reference the existing issue.
|
95
|
-
* *abandonded* - This is an issue/pull request that has aged off, is no longer
|
96
|
-
applicable or similar.
|
97
|
-
* *declined* - An issue that won't be fixed/implemented or a pull request that
|
98
|
-
is not accepted.
|
99
|
-
* *deprecated* - An issue/pull request that no longer applies to the actively
|
100
|
-
maintained codebase.
|
101
|
-
|
102
|
-
All the reason labels are the same maroon color.
|
103
|
-
|
104
|
-
=== Categories
|
105
|
-
|
106
|
-
These are aspects of the codebase, or what general area the issue or pull
|
107
|
-
request pertains too. Not all issues will have a category.
|
108
|
-
|
109
|
-
* <b>gemspec</b> - related to the gem specification itself
|
110
|
-
* <b>API</b> - related to the public supported rubygems API. This is the code api,
|
111
|
-
not a network related API.
|
112
|
-
* <b>command</b> - related to something in <tt>Gem::Commands</tt>
|
113
|
-
* <b>install</b> - related to gem installations
|
114
|
-
* <b>documentation</b> - related to updating / fixing / clarifiying documentation or
|
115
|
-
guides
|
116
|
-
|
117
|
-
All category labels are the same blue color.
|
118
|
-
|
119
|
-
=== Platforms
|
120
|
-
|
121
|
-
If an issue or pull request pertains to only one platform, then it should have
|
122
|
-
an appropriate platform tag.
|
123
|
-
|
124
|
-
* *windows*
|
125
|
-
* *java*
|
126
|
-
* *osx*
|
127
|
-
* *linux*
|
128
|
-
|
129
|
-
All platform tags are the same purple color.
|
data/CVE-2013-4287.txt
DELETED
@@ -1,35 +0,0 @@
|
|
1
|
-
= Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
|
2
|
-
|
3
|
-
RubyGems validates versions with a regular expression that is vulnerable to
|
4
|
-
denial of service due to backtracking. For specially crafted RubyGems
|
5
|
-
versions attackers can cause denial of service through CPU consumption.
|
6
|
-
|
7
|
-
RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
|
8
|
-
|
9
|
-
Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
|
10
|
-
versions of RubyGems.
|
11
|
-
|
12
|
-
It does not appear to be possible to exploit this vulnerability by installing a
|
13
|
-
gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include
|
14
|
-
packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
|
15
|
-
sending user input to Gem::Version.new, Gem::Version.correct? or use of the
|
16
|
-
Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
|
17
|
-
constants.
|
18
|
-
|
19
|
-
Notably, users of bundler that install gems from git are vulnerable if a
|
20
|
-
malicious author changes the gemspec to an invalid version.
|
21
|
-
|
22
|
-
The vulnerability can be fixed by changing the first grouping to an atomic
|
23
|
-
grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For
|
24
|
-
RubyGems 2.0.x:
|
25
|
-
|
26
|
-
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
27
|
-
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
28
|
-
|
29
|
-
For RubyGems 1.8.x:
|
30
|
-
|
31
|
-
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
|
32
|
-
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
|
33
|
-
|
34
|
-
This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com>
|
35
|
-
|
data/CVE-2013-4363.txt
DELETED
@@ -1,45 +0,0 @@
|
|
1
|
-
= Algorithmic complexity vulnerability in RubyGems 2.1.4 and older
|
2
|
-
|
3
|
-
The patch for CVE-2013-4287 was insufficiently verified so the combined
|
4
|
-
regular expression for verifying gem version remains vulnerable following
|
5
|
-
CVE-2013-4287.
|
6
|
-
|
7
|
-
RubyGems validates versions with a regular expression that is vulnerable to
|
8
|
-
denial of service due to backtracking. For specially crafted RubyGems
|
9
|
-
versions attackers can cause denial of service through CPU consumption.
|
10
|
-
|
11
|
-
RubyGems versions 2.1.4 and older are vulnerable.
|
12
|
-
|
13
|
-
Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
|
14
|
-
versions of RubyGems.
|
15
|
-
|
16
|
-
It does not appear to be possible to exploit this vulnerability by installing a
|
17
|
-
gem for RubyGems 1.8.x or newer. Vulnerable uses of RubyGems API include
|
18
|
-
packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
|
19
|
-
sending user input to Gem::Version.new, Gem::Version.correct? or use of the
|
20
|
-
Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
|
21
|
-
constants.
|
22
|
-
|
23
|
-
Notably, users of bundler that install gems from git are vulnerable if a
|
24
|
-
malicious author changes the gemspec to an invalid version.
|
25
|
-
|
26
|
-
The vulnerability can be fixed by changing the "*" repetition to a "?"
|
27
|
-
repetition in Gem::Version::ANCHORED_VERSION_PATTERN in
|
28
|
-
lib/rubygems/version.rb. For RubyGems 2.1.x:
|
29
|
-
|
30
|
-
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
|
31
|
-
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc:
|
32
|
-
|
33
|
-
For RubyGems 2.0.x:
|
34
|
-
|
35
|
-
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
|
36
|
-
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc:
|
37
|
-
|
38
|
-
For RubyGems 1.8.x:
|
39
|
-
|
40
|
-
- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
|
41
|
-
+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc:
|
42
|
-
|
43
|
-
|
44
|
-
This vulnerability was discovered by Alexander Cherepanov <cherepan@mccme.ru>
|
45
|
-
|
data/CVE-2015-3900.txt
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
= Request hijacking vulnerability in RubyGems 2.4.6 and earlier
|
2
|
-
|
3
|
-
RubyGems provides the ability of a domain to direct clients to a separate
|
4
|
-
host that is used to fetch gems and make API calls against. This mechanism
|
5
|
-
is implemented via DNS, specificly a SRV record _rubygems._tcp under the
|
6
|
-
original requested domain.
|
7
|
-
|
8
|
-
For example, this is the one that users who use rubygems.org see:
|
9
|
-
|
10
|
-
> dig _rubygems._tcp.rubygems.org SRV
|
11
|
-
|
12
|
-
;; ANSWER SECTION:
|
13
|
-
_rubygems._tcp.rubygems.org. 600 IN SRV 0 1 80 api.rubygems.org.
|
14
|
-
|
15
|
-
RubyGems did not validate the hostname returned in the SRV record before
|
16
|
-
sending requests to it.
|
17
|
-
|
18
|
-
This left clients open to a DNS hijack attack, whereby an attacker could
|
19
|
-
return a SRV of their choosing and get the client to use it. For example:
|
20
|
-
|
21
|
-
> dig _rubygems._tcp.rubygems.org SRV
|
22
|
-
|
23
|
-
;; ANSWER SECTION:
|
24
|
-
_rubygems._tcp.rubygems.org. 600 IN SRV 0 1 80 gems.nottobetrusted.wtf
|
25
|
-
|
26
|
-
The fix, detailed at https://github.com/rubygems/rubygems/commit/6bbee35,
|
27
|
-
shows that we validate the record now to be under the original domain. This
|
28
|
-
restricts the client to be using the original trust/security domain as they
|
29
|
-
would have otherwise.
|
30
|
-
|
31
|
-
RubyGems versions between 2.0 and 2.4.6 are vulnerable.
|
32
|
-
|
33
|
-
RubyGems version 2.0.16, 2.2.4, and 2.4.7 have been released that fix this
|
34
|
-
issue.
|
35
|
-
|
36
|
-
Ruby versions 1.9.0 through 2.2.0 are vulnerable as they contain embedded
|
37
|
-
versions of RubyGems.
|
38
|
-
|
39
|
-
This vulnerability was reported by Jonathan Claudius <JClaudius@trustwave.com>.
|
40
|
-
|