rubygems-update 3.0.0 → 3.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ea50377cd0dc10d97b35b8cb30469ec43cee296cdc017ec49ef7b8869128d8c
-  data.tar.gz: 0e21b6e7dc4bc5fdc11beaa64077b8c3e3f429d3c9b39ecc25354dda2beff52c
+  metadata.gz: 0e1fcd26ebdb712316751bc03f488cc9d81bec96aa3e2a05be9744daea7a0c9f
+  data.tar.gz: d54a3231c23976e9c5d1fe04ffeb2f0924706c4d5aebfa0f5d367fd8c94a805b
 SHA512:
-  metadata.gz: 66d9e042e9559a895006fc702ad47a6cadfd2525c7bdab0635dbb14ee84e426e44f65380c6c3984a0e71aeaf6fa6d962e1d7391949aeacd2a087401080f71b2f
-  data.tar.gz: 6c803e3b8b719d8df12fda6857654680ecfa6719c35f66559380daaf2c0141ab3f15ea737e285a06389d4d2fe1ae5edc6e5f0c1f22c5c8e7904100df7238ff5f
+  metadata.gz: 9603fa015ec2c7a56aa30512366bbb3d16246d12084ae01424b94505b41c71886d3676055d81ecb3bc3b3a4c39fa2e330e00117a457cdeb957cb4e0877d67970
+  data.tar.gz: 796d607c5e7b69cd9f7e3886c2d1705e9d4df0ded3bf24f0648c2cd29cf52d9f4a284721abd74a62a2598e7a67b055b8d58c096db574ee6ba271d6adfba5d196

data/.rubocop.yml

@@ -3,6 +3,7 @@ AllCops:
   Exclude:
     - 'bundler/**/*'
     - 'lib/rubygems/resolver/molinillo/**/*'
+    - 'pkg/**/*'
   TargetRubyVersion: 2.3
 
 Layout/AccessModifierIndentation:

data/.travis.yml

@@ -34,5 +34,7 @@ matrix:
   allow_failures:
     - rvm: ruby-head
       env: "TEST_TOOL=rubygems YAML=psych"
+    - rvm: 2.3.8
+      env: "TEST_TOOL=bundler RGV=master"
     - rvm: ruby-head
       env: "TEST_TOOL=bundler RGV=master"

data/CODE_OF_CONDUCT.md

@@ -1,10 +1,10 @@
 # Contributor Code of Conduct
 
-### Our Pledge
+## Our Pledge
 
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
 
-### Our Standards
+## Our Standards
 
 Examples of behavior that contributes to creating a positive environment include:
 
@@ -22,22 +22,24 @@ Examples of unacceptable behavior by participants include:
 * Publishing others' private information, such as a physical or electronic address, without explicit permission
 * Other conduct which could reasonably be considered inappropriate in a professional setting
 
-### Our Responsibilities
+## Our Responsibilities
 
 Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
 
 Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 
-### Scope
+## Scope
 
 This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
 
-### Enforcement
+## Enforcement
 
 Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the [project team](MAINTAINERS.txt). All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 
-### Attribution
+## Attribution
 
-This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at http://contributor-covenant.org/version/1/4.
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org

data/CONTRIBUTING.md

@@ -37,6 +37,13 @@ To run commands like `gem install` from the repo:
 
     $ ruby -Ilib bin/gem install
 
+To run bundler test:
+
+    $ cd bundler
+    $ git submodule update --init --recursive
+    $ bin/rake spec:deps
+    $ bin/rspec spec
+
 ## Issues
 
 RubyGems uses labels to track all issues and pull requests. In order to

data/History.txt

@@ -1,5 +1,185 @@
 # coding: UTF-8
 
+=== 3.0.9 / 2020-12-09
+
+Minor enhancements:
+
+* Add GlobalSign Root CA - R3 cert and remove outdated certs. Pull request #4100
+  by Aditya Prakash.
+
+=== 3.0.8 / 2020-02-19
+
+Bug fixes:
+
+* Gem::Specification#to_ruby needs OpenSSL. Pull request #2937 by
+  Nobuyoshi Nakada.
+
+=== 3.0.7 / 2020-02-18
+
+Bug fixes:
+
+* Fix underscore version selection for bundler #2908 by David Rodríguez.
+* Add missing wrapper. Pull request #2690 by David Rodríguez.
+* Make Gem::Specification#ruby_code handle OpenSSL::PKey::RSA objects.
+  Pull request #2782 by Luis Sagastume.
+* Installer.rb - fix #windows_stub_script. Pull request #2876 by MSP-Greg.
+* Use IAM role to extract security-credentials for EC2 instance. Pull
+  request #2894 by Alexander Pakulov.
+
+=== 3.0.6 / 2019-08-17
+
+Bug fixes:
+
+* Revert #2813. It broke the compatibility with 3.0.x versions.
+
+=== 3.0.5 / 2019-08-16
+
+Minor enhancements:
+
+* Use env var to configure api key on push. Pull request #2559 by Luis
+  Sagastume.
+* Unswallow uninstall error. Pull request #2707 by David Rodríguez.
+* Expose windows path normalization utility. Pull request #2767 by David
+  Rodríguez.
+* Clean which command. Pull request #2801 by Luis Sagastume.
+* Upgrading S3 source signature to AWS SigV4. Pull request #2807 by
+  Alexander Pakulov.
+* Remove missleading comment, no reason to move Gem.host to Gem::Util.
+  Pull request #2811 by Luis Sagastume.
+* Drop support for 'gem env packageversion'. Pull request #2813 by Luis
+  Sagastume.
+* Take into account just git tracked files in update_manifest rake task.
+  Pull request #2816 by Luis Sagastume.
+* Remove TODO comment, there's no Gem::Dirs constant. Pull request #2819
+  by Luis Sagastume.
+* Remove unused 'raise' from test_case. Pull request #2820 by Luis
+  Sagastume.
+* Move TODO comment to an information comment. Pull request #2821 by Luis
+  Sagastume.
+* Use File#open instead of Kernel#open in stub_specification.rb. Pull
+  request #2834 by Luis Sagastume.
+* Make error code a gemcutter_utilities a constant. Pull request #2844 by
+  Luis Sagastume.
+* Remove FIXME comment related to PathSupport. Pull request #2854 by Luis
+  Sagastume.
+* Use gsub with Hash. Pull request #2860 by Kazuhiro NISHIYAMA.
+* Use the standard RUBY_ENGINE_VERSION instead of JRUBY_VERSION. Pull
+  request #2864 by Benoit Daloze.
+* Do not mutate uri.query during s3 signature creation. Pull request #2874
+  by Alexander Pakulov.
+* Fixup #2844. Pull request #2878 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Fix intermittent test error on Appveyor & Travis. Pull request #2568 by
+  MSP-Greg.
+* Extend timeout on assert_self_install_permissions. Pull request #2605 by
+  SHIBATA Hiroshi.
+* Better folder assertions. Pull request #2644 by David Rodríguez.
+* Fix default gem executable installation when folder is not `bin/`. Pull
+  request #2649 by David Rodríguez.
+* Fix gem uninstall behavior. Pull request #2663 by Luis Sagastume.
+* Fix for large values in UID/GID fields in tar archives. Pull request
+  #2780 by Alexey Shein.
+* Fixed task order for release. Pull request #2792 by SHIBATA Hiroshi.
+* Ignore GEMRC variable for test suite. Pull request #2837 by SHIBATA
+  Hiroshi.
+
+=== 3.0.4 / 2019-06-14
+
+Minor enhancements:
+
+* Add support for TruffleRuby #2612 by Benoit Daloze
+* Serve a more descriptive error when --no-ri or --no-rdoc are used #2572
+  by Grey Baker
+* Improve test compatibility with CMake 2.8. Pull request #2590 by Vít
+  Ondruch.
+* Restore gem build behavior and introduce the "-C" flag to gem build.
+  Pull request #2596 by Luis Sagastume.
+* Enabled block call with util_set_arch. Pull request #2603 by SHIBATA
+  Hiroshi.
+* Avoid rdoc hook when it's failed to load rdoc library. Pull request
+  #2604 by SHIBATA Hiroshi.
+* Drop tests for legacy RDoc. Pull request #2608 by Nobuyoshi Nakada.
+* Update TODO comment. Pull request #2658 by Luis Sagastume.
+* Skip malicious extension test with mswin platform. Pull request #2670 by
+  SHIBATA Hiroshi.
+* Check deprecated methods on release. Pull request #2673 by David
+  Rodríguez.
+* Add steps to run bundler tests. Pull request #2680 by Aditya Prakash.
+* Skip temporary "No such host is known" error. Pull request #2684 by
+  Takashi Kokubun.
+* Replaced aws-sdk-s3 instead of s3cmd. Pull request #2688 by SHIBATA
+  Hiroshi.
+* Allow uninstall from symlinked GEM_HOME. Pull request #2720 by David
+  Rodríguez.
+* Use current checkout in CI to uninstall RVM related gems. Pull request
+  #2729 by David Rodríguez.
+* Update Contributor Covenant v1.4.1. Pull request #2751 by SHIBATA
+  Hiroshi.
+* Added supported versions of Ruby. Pull request #2756 by SHIBATA Hiroshi.
+* Fix shadowing outer local variable warning. Pull request #2763 by Luis
+  Sagastume.
+* Update the certificate files to make the test pass on Debian 10. Pull
+  request #2777 by Yusuke Endoh.
+* Backport ruby core changes. Pull request #2778 by SHIBATA Hiroshi.
+
+Bug fixes:
+
+* Test_gem.rb - intermittent failure fix. Pull request #2613 by MSP-Greg.
+* Fix sporadic CI failures. Pull request #2617 by David Rodríguez.
+* Fix flaky bundler version finder tests. Pull request #2624 by David
+  Rodríguez.
+* Fix gem indexer tests leaking utility gems. Pull request #2625 by David
+  Rodríguez.
+* Clean up default spec dir too. Pull request #2639 by David Rodríguez.
+* Fix 2.6.1 build against vendored bundler. Pull request #2645 by David
+  Rodríguez.
+* Fix comment typo. Pull request #2664 by Luis Sagastume.
+* Fix comment of Gem::Specification#required_ruby_version=. Pull request
+  #2732 by Alex Junger.
+* Fix TODOs. Pull request #2748 by David Rodríguez.
+
+=== 3.0.3 / 2019-03-05
+
+Security fixes:
+
+* Fixed following vulnerabilities:
+  * CVE-2019-8320: Delete directory using symlink when decompressing tar
+  * CVE-2019-8321: Escape sequence injection vulnerability in `verbose`
+  * CVE-2019-8322: Escape sequence injection vulnerability in `gem owner`
+  * CVE-2019-8323: Escape sequence injection vulnerability in API response handling
+  * CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
+  * CVE-2019-8325: Escape sequence injection vulnerability in errors
+
+=== 3.0.2 / 2019-01-01
+
+Minor enhancements:
+
+* Use Bundler-1.17.3. Pull request #2556 by SHIBATA Hiroshi.
+* Fix document flag description. Pull request #2555 by Luis Sagastume.
+
+Bug fixes:
+
+* Fix tests when ruby --program-suffix is used without rubygems
+  --format-executable. Pull request #2549 by Jeremy Evans.
+* Fix Gem::Requirement equality comparison when ~> operator is used. Pull
+  request #2554 by Grey Baker.
+* Unset SOURCE_DATE_EPOCH in the test cases. Pull request #2558 by Sorah
+  Fukumori.
+* Restore SOURCE_DATE_EPOCH. Pull request #2560 by SHIBATA Hiroshi.
+
+=== 3.0.1 / 2018-12-23
+
+Bug fixes:
+
+* Ensure globbed files paths are expanded. Pull request #2536 by Tony Ta.
+* Dup the Dir.home string before passing it on. Pull request #2545 by
+  Charles Oliver Nutter.
+* Added permissions to installed files for non-owners. Pull request #2546
+  by SHIBATA Hiroshi.
+* Restore release task without hoe. Pull request #2547 by SHIBATA Hiroshi.
+
 === 3.0.0 / 2018-12-19
 
 Major enhancements:

data/Manifest.txt

@@ -413,6 +413,7 @@ lib/rubygems/resolver/specification.rb
 lib/rubygems/resolver/stats.rb
 lib/rubygems/resolver/vendor_set.rb
 lib/rubygems/resolver/vendor_specification.rb
+lib/rubygems/s3_uri_signer.rb
 lib/rubygems/safe_yaml.rb
 lib/rubygems/security.rb
 lib/rubygems/security/policies.rb
@@ -435,9 +436,8 @@ lib/rubygems/spec_fetcher.rb
 lib/rubygems/specification.rb
 lib/rubygems/specification_policy.rb
 lib/rubygems/ssl_certs/.document
-lib/rubygems/ssl_certs/index.rubygems.org/GlobalSignRootCA.pem
-lib/rubygems/ssl_certs/rubygems.global.ssl.fastly.net/DigiCertHighAssuranceEVRootCA.pem
-lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot.pem
+lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA.pem
+lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
 lib/rubygems/stub_specification.rb
 lib/rubygems/syck_hack.rb
 lib/rubygems/test_case.rb
@@ -639,7 +639,9 @@ test/rubygems/wrong_key_cert.pem
 test/rubygems/wrong_key_cert_32.pem
 util/CL2notes
 util/ci
+util/cops/deprecations.rb
 util/create_certs.rb
+util/create_certs.sh
 util/create_encrypted_key.rb
 util/generate_spdx_license_list.rb
 util/patch_with_prs.rb

data/README.md

@@ -25,6 +25,12 @@ Finally, inside your Ruby program, load the Nokogiri gem and start parsing your
 
 For more information about how to use RubyGems, see our RubyGems basics guide at [guides.rubygems.org](http://guides.rubygems.org/rubygems-basics/)
 
+## Requirements
+
+* RubyGems 2.6 supports Ruby 2.4 or lower.
+* RubyGems 2.7 supports Ruby 2.5 or lower.
+* RubyGems 3.0 supports Ruby 2.3 or later.
+
 ## Installation
 
 RubyGems is likely already installed in your Ruby environment, you can check by running `gem --version` in your terminal emulator.

data/Rakefile

@@ -79,10 +79,25 @@ end
 # --------------------------------------------------------------------
 # Creating a release
 
-task :prerelease => %w[clobber test bundler:build_metadata]
-
+task :prerelease => %w[clobber test bundler:build_metadata check_deprecations]
 task :postrelease => %w[bundler:build_metadata:clean upload guides:publish blog:publish]
 
+desc "Check for deprecated methods with expired deprecation horizon"
+task :check_deprecations do
+  if v.segments[1] == 0 && v.segments[2] == 0
+    sh("util/rubocop -r ./util/cops/deprecations --only Rubygems/Deprecations")
+  else
+    puts "Skipping deprecation checks since not releasing a major version."
+  end
+end
+
+desc "Release rubygems-#{v}"
+task :release => :prerelease do
+  Rake::Task["package"].invoke
+  sh "gem push pkg/rubygems-update-#{v}.gem"
+  Rake::Task["postrelease"].invoke
+end
+
 Gem::PackageTask.new(spec) {}
 
 Rake::Task["package"].enhance ["pkg/rubygems-#{v}.tgz", "pkg/rubygems-#{v}.zip"]
@@ -114,13 +129,23 @@ end
 
 file "pkg/rubygems-#{v}.tgz" => "pkg/rubygems-#{v}" do
   cd 'pkg' do
-    sh "tar -czf rubygems-#{v}.tgz rubygems-#{v}"
+    sh "tar -czf rubygems-#{v}.tgz --owner=rubygems:0 --group=rubygems:0 rubygems-#{v}"
   end
 end
 
 desc "Upload release to S3"
 task :upload_to_s3 do
-  sh "s3cmd put -P pkg/rubygems-#{v}.zip pkg/rubygems-#{v}.tgz s3://oregon.production.s3.rubygems.org/rubygems/"
+  begin
+    require "aws-sdk-s3"
+  rescue LoadError
+    abort "Install the aws-sdk-s3 gem to be able to upload gems to rubygems.org."
+  end
+
+  s3 = Aws::S3::Resource.new(region:'us-west-2')
+  %w[zip tgz].each do |ext|
+    obj = s3.bucket('oregon.production.s3.rubygems.org').object("rubygems/rubygems-#{v}.#{ext}")
+    obj.upload_file("pkg/rubygems-#{v}.#{ext}")
+  end
 end
 
 desc "Upload release to rubygems.org"
@@ -338,9 +363,10 @@ end
 desc "Update the manifest to reflect what's on disk"
 task :update_manifest do
   files = []
-  require 'find'
-  exclude = %r[/\/tmp\/|\/pkg\/|CVS|\.DS_Store|\/doc\/|\/coverage\/|\.svn|\.git|TAGS|extconf.h|\.bundle$|\.o$|\.log$/|\./bundler/(?!lib|man|exe|[^/]+\.md|bundler.gemspec)]ox
-  Find.find(".") do |path|
+  exclude = %r[\.git|\./bundler/(?!lib|man|exe|[^/]+\.md|bundler.gemspec)]ox
+  tracked_files = `git ls-files --recurse-submodules`.split("\n").map {|f| "./#{f}" }
+
+  tracked_files.each do |path|
     next unless File.file?(path)
     next if path =~ exclude
     files << path[2..-1]

data/bundler/CHANGELOG.md

@@ -1,3 +1,14 @@
+## 1.17.3 (2018-12-27)
+
+Bugfixes:
+
+ - Fix a Bundler error when installing gems on old versions of RubyGems ([#6839](https://github.com/bundler/bundler/issues/6839), @colby-swandale)
+ - Fix a rare issue where Bundler was removing itself after a `bundle clean` ([#6829](https://github.com/bundler/bundler/issues/6829), @colby-swandale)
+
+Documentation:
+
+  - Add entry for the `bundle remove` command to the main Bundler manual page
+
 ## 1.17.2 (2018-12-11)
 
  - Add compatibility for bundler merge with Ruby 2.6

data/bundler/lib/bundler/build_metadata.rb

@@ -4,8 +4,8 @@ module Bundler
   # Represents metadata from when the Bundler gem was built.
   module BuildMetadata
     # begin ivars
-    @built_at = "2018-12-19".freeze
-    @git_commit_sha = "3fc4de72b".freeze
+    @built_at = "2020-12-09".freeze
+    @git_commit_sha = "d7089abb6a".freeze
     @release = false
     # end ivars
 

data/bundler/lib/bundler/rubygems_gem_installer.rb

@@ -10,6 +10,13 @@ module Bundler
       end
     end
 
+    attr_reader :options
+
+    def initialize(gem, options = {})
+      @options = {}
+      super
+    end
+
     def check_executable_overwrite(filename)
       # Bundler needs to install gems regardless of binstub overwriting
     end

data/bundler/lib/bundler/source/metadata.rb

@@ -19,9 +19,8 @@ module Bundler
             # can't point to the actual gemspec or else the require paths will be wrong
             s.loaded_from = File.expand_path("..", __FILE__)
           end
-          if loaded_spec = Bundler.rubygems.loaded_specs("bundler")
-            idx << loaded_spec # this has to come after the fake gemspec, to override it
-          elsif local_spec = Bundler.rubygems.find_name("bundler").find {|s| s.version.to_s == VERSION }
+
+          if local_spec = Bundler.rubygems.find_name("bundler").find {|s| s.version.to_s == VERSION }
             idx << local_spec
           end
 

data/bundler/lib/bundler/version.rb

@@ -7,7 +7,7 @@ module Bundler
   # We're doing this because we might write tests that deal
   # with other versions of bundler and we are unsure how to
   # handle this better.
-  VERSION = "1.17.2" unless defined?(::Bundler::VERSION)
+  VERSION = "1.17.3" unless defined?(::Bundler::VERSION)
 
   def self.overwrite_loaded_gem_version
     begin

data/bundler/man/bundle.ronn

@@ -94,6 +94,9 @@ We divide `bundle` subcommands into primary commands and utilities:
 * [`bundle doctor(1)`](bundle-doctor.1.html):
   Display warnings about common problems
 
+* [`bundle remove(1)`](bundle-remove.1.html):
+  Removes gems from the Gemfile
+
 ## PLUGINS
 
 When running a command that isn't listed in PRIMARY COMMANDS or UTILITIES,

data/lib/rubygems/command_manager.rb

@@ -7,6 +7,7 @@
 
 require 'rubygems/command'
 require 'rubygems/user_interaction'
+require 'rubygems/text'
 
 ##
 # The command manager registers and installs all the individual sub-commands
@@ -32,6 +33,7 @@ require 'rubygems/user_interaction'
 
 class Gem::CommandManager
 
+  include Gem::Text
   include Gem::UserInteraction
 
   BUILTIN_COMMANDS = [ # :nodoc:
@@ -145,12 +147,12 @@ class Gem::CommandManager
   def run(args, build_args=nil)
     process_args(args, build_args)
   rescue StandardError, Timeout::Error => ex
-    alert_error "While executing gem ... (#{ex.class})\n    #{ex}"
+    alert_error clean_text("While executing gem ... (#{ex.class})\n    #{ex}")
     ui.backtrace ex
 
     terminate_interaction(1)
   rescue Interrupt
-    alert_error "Interrupted"
+    alert_error clean_text("Interrupted")
     terminate_interaction(1)
   end
 
@@ -167,8 +169,14 @@ class Gem::CommandManager
     when '-v', '--version' then
       say Gem::VERSION
       terminate_interaction 0
+    when '--no-ri', '--no-rdoc' then
+      # This was added to compensate for a deprecation warning not being shown
+      # in Rubygems 2.x.x.
+      # TODO: Remove when Rubygems 3.1 is released.
+      alert_error "Invalid option: #{args.first}. Use --no-document instead."
+      terminate_interaction 1
     when /^-/ then
-      alert_error "Invalid option: #{args.first}. See 'gem --help'."
+      alert_error clean_text("Invalid option: #{args.first}. See 'gem --help'.")
       terminate_interaction 1
     else
       cmd_name = args.shift.downcase
@@ -224,7 +232,7 @@ class Gem::CommandManager
     rescue Exception => e
       e = load_error if load_error
 
-      alert_error "Loading command: #{command_name} (#{e.class})\n\t#{e}"
+      alert_error clean_text("Loading command: #{command_name} (#{e.class})\n\t#{e}")
       ui.backtrace e
     end
   end

data/lib/rubygems/commands/build_command.rb

@@ -18,6 +18,10 @@ class Gem::Commands::BuildCommand < Gem::Command
     add_option '-o', '--output FILE', 'output gem with the given filename' do |value, options|
       options[:output] = value
     end
+
+    add_option '-C PATH', '', 'Run as if gem build was started in <PATH> instead of the current working directory.' do |value, options|
+      options[:build_path] = value
+    end
   end
 
   def arguments # :nodoc:
@@ -60,25 +64,36 @@ Gems can be saved to a specified filename with the output option:
     end
 
     if File.exist? gemspec
-      Dir.chdir(File.dirname(gemspec)) do
-        spec = Gem::Specification.load File.basename(gemspec)
-
-        if spec
-          Gem::Package.build(
-            spec,
-            options[:force],
-            options[:strict],
-            options[:output]
-          )
-        else
-          alert_error "Error loading gemspec. Aborting."
-          terminate_interaction 1
+      spec = Gem::Specification.load(gemspec)
+
+      if options[:build_path]
+        Dir.chdir(File.dirname(gemspec)) do
+          spec = Gem::Specification.load File.basename(gemspec)
+          build_package(spec)
         end
+      else
+        build_package(spec)
       end
+
     else
       alert_error "Gemspec file not found: #{gemspec}"
       terminate_interaction 1
     end
   end
 
+  private
+
+  def build_package(spec)
+    if spec
+      Gem::Package.build(
+        spec,
+        options[:force],
+        options[:strict],
+        options[:output]
+      )
+    else
+      alert_error "Error loading gemspec. Aborting."
+      terminate_interaction 1
+    end
+  end
 end

data/lib/rubygems/commands/owner_command.rb

@@ -2,8 +2,11 @@
 require 'rubygems/command'
 require 'rubygems/local_remote_options'
 require 'rubygems/gemcutter_utilities'
+require 'rubygems/text'
 
 class Gem::Commands::OwnerCommand < Gem::Command
+
+  include Gem::Text
   include Gem::LocalRemoteOptions
   include Gem::GemcutterUtilities
 
@@ -60,12 +63,14 @@ permission to.
   end
 
   def show_owners(name)
+    Gem.load_yaml
+
     response = rubygems_api_request :get, "api/v1/gems/#{name}/owners.yaml" do |request|
       request.add_field "Authorization", api_key
     end
 
     with_response response do |resp|
-      owners = Gem::SafeYAML.load resp.body
+      owners = Gem::SafeYAML.load clean_text(resp.body)
 
       say "Owners for gem: #{name}"
       owners.each do |owner|

data/lib/rubygems/commands/push_command.rb

@@ -15,6 +15,8 @@ https://rubygems.org) and adds it to the index.
 
 The gem can be removed from the index and deleted from the server using the yank
 command.  For further discussion see the help for the yank command.
+
+The push command will use ~/.gem/credentials to authenticate to a server, but you can use the RubyGems environment variable GEM_HOST_API_KEY to set the api key to authenticate.
     EOF
   end