rubygems-update 2.7.3 → 2.7.11

data/lib/rubygems/package/file_source.rb

@@ -23,11 +23,11 @@ class Gem::Package::FileSource < Gem::Package::Source # :nodoc: all
   end
 
   def with_write_io &block
-    open path, 'wb', &block
+    File.open path, 'wb', &block
   end
 
   def with_read_io &block
-    open path, 'rb', &block
+    File.open path, 'rb', &block
   end
 
 end

data/lib/rubygems/package/old.rb

@@ -80,7 +80,7 @@ class Gem::Package::Old < Gem::Package
 
         FileUtils.mkdir_p File.dirname destination
 
-        open destination, 'wb', entry['mode'] do |out|
+        File.open destination, 'wb', entry['mode'] do |out|
           out.write file_data
         end
 

data/lib/rubygems/package/tar_header.rb

@@ -94,35 +94,42 @@ class Gem::Package::TarHeader
 
   attr_reader(*FIELDS)
 
+  EMPTY_HEADER = ("\0" * 512).freeze # :nodoc:
+
   ##
   # Creates a tar header from IO +stream+
 
   def self.from(stream)
     header = stream.read 512
-    empty = (header == "\0" * 512)
+    empty = (EMPTY_HEADER == header)
 
     fields = header.unpack UNPACK_FORMAT
 
     new :name     => fields.shift,
-        :mode     => fields.shift.oct,
-        :uid      => fields.shift.oct,
-        :gid      => fields.shift.oct,
-        :size     => fields.shift.oct,
-        :mtime    => fields.shift.oct,
-        :checksum => fields.shift.oct,
+        :mode     => strict_oct(fields.shift),
+        :uid      => strict_oct(fields.shift),
+        :gid      => strict_oct(fields.shift),
+        :size     => strict_oct(fields.shift),
+        :mtime    => strict_oct(fields.shift),
+        :checksum => strict_oct(fields.shift),
         :typeflag => fields.shift,
         :linkname => fields.shift,
         :magic    => fields.shift,
-        :version  => fields.shift.oct,
+        :version  => strict_oct(fields.shift),
         :uname    => fields.shift,
         :gname    => fields.shift,
-        :devmajor => fields.shift.oct,
-        :devminor => fields.shift.oct,
+        :devmajor => strict_oct(fields.shift),
+        :devminor => strict_oct(fields.shift),
         :prefix   => fields.shift,
 
         :empty => empty
   end
 
+  def self.strict_oct(str)
+    return str.oct if str =~ /\A[0-7]*\z/
+    raise ArgumentError, "#{str.inspect} is not an octal string"
+  end
+
   ##
   # Creates a new TarHeader using +vals+
 

data/lib/rubygems/package/tar_writer.rb

@@ -111,7 +111,7 @@ class Gem::Package::TarWriter
     name, prefix = split_name name
 
     init_pos = @io.pos
-    @io.write "\0" * 512 # placeholder for the header
+    @io.write Gem::Package::TarHeader::EMPTY_HEADER # placeholder for the header
 
     yield RestrictedStream.new(@io) if block_given?
 
@@ -189,13 +189,14 @@ class Gem::Package::TarWriter
         if digest.respond_to? :name then
           digest.name
         else
-          /::([^:]+)$/ =~ digest.class.name
-          $1
+          digest.class.name[/::([^:]+)\z/, 1]
         end
 
       digest_name == signer.digest_name
     end
 
+    raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest
+
     if signer.key then
       signature = signer.sign signature_digest.digest
 

data/lib/rubygems/remote_fetcher.rb

@@ -293,7 +293,7 @@ class Gem::RemoteFetcher
 
     if data and !head and uri.to_s =~ /\.gz$/
       begin
-        data = Gem.gunzip data
+        data = Gem::Util.gunzip data
       rescue Zlib::GzipFile::Error
         raise FetchError.new("server did not return a valid file", uri.to_s)
       end

data/lib/rubygems/request_set.rb

@@ -171,7 +171,9 @@ class Gem::RequestSet
         rescue Gem::RuntimeRequirementNotMetError => e
           recent_match = req.spec.set.find_all(req.request).sort_by(&:version).reverse_each.find do |s|
             s = s.spec
-            s.required_ruby_version.satisfied_by?(Gem.ruby_version) && s.required_rubygems_version.satisfied_by?(Gem.rubygems_version)
+            s.required_ruby_version.satisfied_by?(Gem.ruby_version) &&
+              s.required_rubygems_version.satisfied_by?(Gem.rubygems_version) &&
+              Gem::Platform.installable?(s)
           end
           if recent_match
             suggestion = "The last version of #{req.request} to support your Ruby & RubyGems was #{recent_match.version}. Try installing it with `gem install #{recent_match.name} -v #{recent_match.version}`"
@@ -189,22 +191,7 @@ class Gem::RequestSet
 
     return requests if options[:gemdeps]
 
-    specs = requests.map do |request|
-      case request
-      when Gem::Resolver::ActivationRequest then
-        request.spec.spec
-      else
-        request
-      end
-    end
-
-    require 'rubygems/dependency_installer'
-    inst = Gem::DependencyInstaller.new options
-    inst.installed_gems.replace specs
-
-    Gem.done_installing_hooks.each do |hook|
-      hook.call inst, specs
-    end unless Gem.done_installing_hooks.empty?
+    install_hooks requests, options
 
     requests
   end
@@ -281,11 +268,35 @@ class Gem::RequestSet
       installed << request
     end
 
+    install_hooks installed, options
+
     installed
   ensure
     ENV['GEM_HOME'] = gem_home
   end
 
+  ##
+  # Call hooks on installed gems
+
+  def install_hooks requests, options
+    specs = requests.map do |request|
+      case request
+      when Gem::Resolver::ActivationRequest then
+        request.spec.spec
+      else
+        request
+      end
+    end
+
+    require "rubygems/dependency_installer"
+    inst = Gem::DependencyInstaller.new options
+    inst.installed_gems.replace specs
+
+    Gem.done_installing_hooks.each do |hook|
+      hook.call inst, specs
+    end unless Gem.done_installing_hooks.empty?
+  end
+
   ##
   # Load a dependency management file.
 

data/lib/rubygems/request_set/lockfile.rb

@@ -223,7 +223,7 @@ class Gem::RequestSet::Lockfile
   def write
     content = to_s
 
-    open "#{@gem_deps_file}.lock", 'w' do |io|
+    File.open "#{@gem_deps_file}.lock", 'w' do |io|
       io.write content
     end
   end

data/lib/rubygems/requirement.rb

@@ -133,6 +133,7 @@ class Gem::Requirement
       @requirements = [DefaultRequirement]
     else
       @requirements = requirements.map! { |r| self.class.parse r }
+      sort_requirements!
     end
   end
 
@@ -146,6 +147,7 @@ class Gem::Requirement
     new = new.map { |r| self.class.parse r }
 
     @requirements.concat new
+    sort_requirements!
   end
 
   ##
@@ -183,11 +185,11 @@ class Gem::Requirement
   end
 
   def as_list # :nodoc:
-    requirements.map { |op, version| "#{op} #{version}" }.sort
+    requirements.map { |op, version| "#{op} #{version}" }
   end
 
   def hash # :nodoc:
-    requirements.sort.hash
+    requirements.hash
   end
 
   def marshal_dump # :nodoc:
@@ -264,7 +266,8 @@ class Gem::Requirement
   end
 
   def == other # :nodoc:
-    Gem::Requirement === other and to_s == other.to_s
+    return unless Gem::Requirement === other
+    requirements == other.requirements
   end
 
   private
@@ -279,6 +282,14 @@ class Gem::Requirement
       end
     end
   end
+
+  def sort_requirements! # :nodoc:
+    @requirements.sort! do |l, r| 
+      comp = l.last <=> r.last # first, sort by the requirement's version
+      next comp unless comp == 0
+      l.first <=> r.first # then, sort by the operator (for stability)
+    end
+  end
 end
 
 class Gem::Version

data/lib/rubygems/resolver/api_specification.rb

@@ -21,6 +21,7 @@ class Gem::Resolver::APISpecification < Gem::Resolver::Specification
     @name = api_data[:name]
     @version = Gem::Version.new api_data[:number]
     @platform = Gem::Platform.new api_data[:platform]
+    @original_platform = api_data[:platform]
     @dependencies = api_data[:dependencies].map do |name, ver|
       Gem::Dependency.new name, ver.split(/\s*,\s*/)
     end
@@ -73,7 +74,11 @@ class Gem::Resolver::APISpecification < Gem::Resolver::Specification
     @spec ||=
       begin
         tuple = Gem::NameTuple.new @name, @version, @platform
+        source.fetch_spec tuple
+      rescue Gem::RemoteFetcher::FetchError
+        raise if @original_platform == @platform
 
+        tuple = Gem::NameTuple.new @name, @version, @original_platform
         source.fetch_spec tuple
       end
   end

data/lib/rubygems/security.rb

@@ -344,14 +344,19 @@ module Gem::Security
       OpenSSL::Digest::SHA256
     elsif defined?(OpenSSL::Digest::SHA1) then
       OpenSSL::Digest::SHA1
+    else
+      require 'digest'
+      Digest::SHA512
     end
 
   ##
   # Used internally to select the signing digest from all computed digests
 
   DIGEST_NAME = # :nodoc:
-    if DIGEST_ALGORITHM then
+    if DIGEST_ALGORITHM.method_defined? :name then
       DIGEST_ALGORITHM.new.name
+    else
+      DIGEST_ALGORITHM.name[/::([^:]+)\z/, 1]
     end
 
   ##
@@ -578,7 +583,7 @@ module Gem::Security
   def self.write pemmable, path, permissions = 0600, passphrase = nil, cipher = KEY_CIPHER
     path = File.expand_path path
 
-    open path, 'wb', permissions do |io|
+    File.open path, 'wb', permissions do |io|
       if passphrase and cipher
         io.write pemmable.to_pem cipher, passphrase
       else

data/lib/rubygems/security/trust_dir.rb

@@ -93,7 +93,7 @@ class Gem::Security::TrustDir
 
     destination = cert_path certificate
 
-    open destination, 'wb', @permissions[:trusted_cert] do |io|
+    File.open destination, 'wb', @permissions[:trusted_cert] do |io|
       io.write certificate.to_pem
     end
   end

data/lib/rubygems/server.rb

@@ -492,7 +492,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
 
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
@@ -553,7 +553,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
 
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'
@@ -623,6 +623,18 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
       executables = nil if executables.empty?
       executables.last["is_last"] = true if executables
 
+      # Pre-process spec homepage for safety reasons
+      begin
+        homepage_uri = URI.parse(spec.homepage)
+        if [URI::HTTP, URI::HTTPS].member? homepage_uri.class
+          homepage_uri = spec.homepage
+        else
+          homepage_uri = "."
+        end
+      rescue URI::InvalidURIError
+        homepage_uri = "."
+      end
+
       specs << {
         "authors"             => spec.authors.sort.join(", "),
         "date"                => spec.date.to_s,
@@ -632,7 +644,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
         "only_one_executable" => (executables && executables.size == 1),
         "full_name"           => spec.full_name,
         "has_deps"            => !deps.empty?,
-        "homepage"            => spec.homepage,
+        "homepage"            => homepage_uri,
         "name"                => spec.name,
         "rdoc_installed"      => Gem::RDoc.new(spec).rdoc_installed?,
         "ri_installed"        => Gem::RDoc.new(spec).ri_installed?,
@@ -840,7 +852,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; }
     specs = Marshal.dump specs
 
     if req.path =~ /\.gz$/ then
-      specs = Gem.gzip specs
+      specs = Gem::Util.gzip specs
       res['content-type'] = 'application/x-gzip'
     else
       res['content-type'] = 'application/octet-stream'

data/lib/rubygems/source.rb

@@ -155,12 +155,12 @@ class Gem::Source
     uri.path << '.rz'
 
     spec = fetcher.fetch_path uri
-    spec = Gem.inflate spec
+    spec = Gem::Util.inflate spec
 
     if update_cache? then
       FileUtils.mkdir_p cache_dir
 
-      open local_spec, 'wb' do |io|
+      File.open local_spec, 'wb' do |io|
         io.write spec
       end
     end

data/lib/rubygems/specification.rb

@@ -15,6 +15,7 @@ require 'rubygems/basic_specification'
 require 'rubygems/stub_specification'
 require 'rubygems/util/list'
 require 'stringio'
+require 'uri'
 
 ##
 # The Specification class contains the information for a Gem.  Typically
@@ -39,6 +40,8 @@ require 'stringio'
 
 class Gem::Specification < Gem::BasicSpecification
 
+  extend Gem::Deprecate
+
   # REFACTOR: Consider breaking out this version stuff into a separate
   # module. There's enough special stuff around it that it may justify
   # a separate class.
@@ -714,6 +717,7 @@ class Gem::Specification < Gem::BasicSpecification
   # Deprecated: You must now specify the executable name to  Gem.bin_path.
 
   attr_writer :default_executable
+  deprecate :default_executable=, :none,       2018, 12
 
   ##
   # Allows deinstallation of gems with legacy platforms.
@@ -738,6 +742,9 @@ class Gem::Specification < Gem::BasicSpecification
   def self._all # :nodoc:
     unless defined?(@@all) && @@all then
       @@all = stubs.map(&:to_spec)
+      if @@all.any?(&:nil?) # TODO: remove once we're happy
+        raise "pid: #{$$} nil spec! included in #{stubs.inspect}"
+      end
 
       # After a reset, make sure already loaded specs
       # are still marked as activated.
@@ -958,6 +965,7 @@ class Gem::Specification < Gem::BasicSpecification
   # -- wilsonb
 
   def self.all= specs
+    raise "nil spec!" if specs.any?(&:nil?) # TODO: remove once we're happy
     @@stubs_by_name = specs.group_by(&:name)
     @@all = @@stubs = specs
   end
@@ -1805,6 +1813,7 @@ class Gem::Specification < Gem::BasicSpecification
     end
     result
   end
+  deprecate :default_executable,  :none,       2018, 12
 
   ##
   # The default value for specification attribute +name+
@@ -2013,6 +2022,7 @@ class Gem::Specification < Gem::BasicSpecification
   def has_rdoc # :nodoc:
     true
   end
+  deprecate :has_rdoc,            :none,       2018, 12
 
   ##
   # Deprecated and ignored.
@@ -2022,8 +2032,10 @@ class Gem::Specification < Gem::BasicSpecification
   def has_rdoc= ignored # :nodoc:
     @has_rdoc = true
   end
+  deprecate :has_rdoc=,           :none,       2018, 12
 
   alias :has_rdoc? :has_rdoc # :nodoc:
+  deprecate :has_rdoc?,           :none,       2018, 12
 
   ##
   # True if this gem has files in test_files
@@ -2818,10 +2830,16 @@ http://spdx.org/licenses or '#{Gem::Licenses::NONSTANDARD}' for a nonstandard li
       raise Gem::InvalidSpecificationException, "#{lazy} is not a summary"
     end
 
-    if homepage and not homepage.empty? and
-       homepage !~ /\A[a-z][a-z\d+.-]*:/i then
-      raise Gem::InvalidSpecificationException,
-            "\"#{homepage}\" is not a URI"
+    # Make sure a homepage is valid HTTP/HTTPS URI
+    if homepage and not homepage.empty?
+      begin
+        homepage_uri = URI.parse(homepage)
+        unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class
+          raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
+        end
+      rescue URI::InvalidURIError
+        raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
+      end
     end
 
     # Warnings
@@ -3063,16 +3081,6 @@ open-ended dependency on #{dep} is not recommended
     @require_paths
   end
 
-  extend Gem::Deprecate
-
-  # TODO:
-  # deprecate :has_rdoc,            :none,       2011, 10
-  # deprecate :has_rdoc?,           :none,       2011, 10
-  # deprecate :has_rdoc=,           :none,       2011, 10
-  # deprecate :default_executable,  :none,       2011, 10
-  # deprecate :default_executable=, :none,       2011, 10
-  # deprecate :file_name,           :cache_file, 2011, 10
-  # deprecate :full_gem_path,     :cache_file, 2011, 10
 end
 
 # DOC: What is this and why is it here, randomly, at the end of this file?