rubygems-update 3.5.6 → 3.5.16

Sign up to get free protection for your applications and to get access to all the features.
Files changed (153) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +204 -1
  3. data/CODE_OF_CONDUCT.md +79 -28
  4. data/CONTRIBUTING.md +2 -2
  5. data/Manifest.txt +9 -4
  6. data/POLICIES.md +75 -6
  7. data/bundler/CHANGELOG.md +156 -0
  8. data/bundler/lib/bundler/build_metadata.rb +2 -2
  9. data/bundler/lib/bundler/cli/binstubs.rb +1 -1
  10. data/bundler/lib/bundler/cli/fund.rb +1 -1
  11. data/bundler/lib/bundler/cli/gem.rb +7 -14
  12. data/bundler/lib/bundler/cli/install.rb +1 -1
  13. data/bundler/lib/bundler/cli/plugin.rb +3 -2
  14. data/bundler/lib/bundler/cli.rb +14 -31
  15. data/bundler/lib/bundler/compact_index_client/cache.rb +47 -72
  16. data/bundler/lib/bundler/compact_index_client/parser.rb +84 -0
  17. data/bundler/lib/bundler/compact_index_client.rb +51 -80
  18. data/bundler/lib/bundler/constants.rb +8 -1
  19. data/bundler/lib/bundler/definition.rb +114 -71
  20. data/bundler/lib/bundler/dependency.rb +2 -1
  21. data/bundler/lib/bundler/dsl.rb +16 -1
  22. data/bundler/lib/bundler/endpoint_specification.rb +11 -0
  23. data/bundler/lib/bundler/env.rb +1 -1
  24. data/bundler/lib/bundler/environment_preserver.rb +2 -20
  25. data/bundler/lib/bundler/errors.rb +14 -0
  26. data/bundler/lib/bundler/fetcher/compact_index.rb +15 -24
  27. data/bundler/lib/bundler/gem_helper.rb +1 -1
  28. data/bundler/lib/bundler/gem_helpers.rb +14 -7
  29. data/bundler/lib/bundler/gem_version_promoter.rb +42 -38
  30. data/bundler/lib/bundler/injector.rb +3 -5
  31. data/bundler/lib/bundler/installer/gem_installer.rb +0 -1
  32. data/bundler/lib/bundler/installer/standalone.rb +0 -3
  33. data/bundler/lib/bundler/installer.rb +9 -11
  34. data/bundler/lib/bundler/lazy_specification.rb +1 -0
  35. data/bundler/lib/bundler/man/bundle-add.1 +1 -1
  36. data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
  37. data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
  38. data/bundler/lib/bundler/man/bundle-check.1 +3 -1
  39. data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
  40. data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
  41. data/bundler/lib/bundler/man/bundle-config.1 +2 -4
  42. data/bundler/lib/bundler/man/bundle-config.1.ronn +1 -4
  43. data/bundler/lib/bundler/man/bundle-console.1 +1 -1
  44. data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
  45. data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
  46. data/bundler/lib/bundler/man/bundle-gem.1 +7 -1
  47. data/bundler/lib/bundler/man/bundle-gem.1.ronn +11 -0
  48. data/bundler/lib/bundler/man/bundle-help.1 +1 -1
  49. data/bundler/lib/bundler/man/bundle-info.1 +1 -1
  50. data/bundler/lib/bundler/man/bundle-init.1 +1 -1
  51. data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
  52. data/bundler/lib/bundler/man/bundle-install.1 +3 -3
  53. data/bundler/lib/bundler/man/bundle-install.1.ronn +2 -2
  54. data/bundler/lib/bundler/man/bundle-list.1 +1 -1
  55. data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
  56. data/bundler/lib/bundler/man/bundle-open.1 +1 -1
  57. data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
  58. data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
  59. data/bundler/lib/bundler/man/bundle-plugin.1 +7 -4
  60. data/bundler/lib/bundler/man/bundle-plugin.1.ronn +7 -3
  61. data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
  62. data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
  63. data/bundler/lib/bundler/man/bundle-show.1 +1 -1
  64. data/bundler/lib/bundler/man/bundle-update.1 +1 -1
  65. data/bundler/lib/bundler/man/bundle-version.1 +1 -1
  66. data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
  67. data/bundler/lib/bundler/man/bundle.1 +1 -1
  68. data/bundler/lib/bundler/man/gemfile.5 +3 -3
  69. data/bundler/lib/bundler/man/gemfile.5.ronn +2 -2
  70. data/bundler/lib/bundler/plugin/installer/path.rb +18 -0
  71. data/bundler/lib/bundler/plugin/installer.rb +36 -16
  72. data/bundler/lib/bundler/plugin/source_list.rb +4 -4
  73. data/bundler/lib/bundler/resolver/base.rb +4 -0
  74. data/bundler/lib/bundler/resolver/candidate.rb +5 -17
  75. data/bundler/lib/bundler/resolver/package.rb +4 -0
  76. data/bundler/lib/bundler/resolver/spec_group.rb +20 -2
  77. data/bundler/lib/bundler/resolver.rb +72 -33
  78. data/bundler/lib/bundler/rubygems_ext.rb +98 -10
  79. data/bundler/lib/bundler/rubygems_gem_installer.rb +35 -2
  80. data/bundler/lib/bundler/rubygems_integration.rb +16 -2
  81. data/bundler/lib/bundler/runtime.rb +1 -1
  82. data/bundler/lib/bundler/self_manager.rb +22 -2
  83. data/bundler/lib/bundler/settings.rb +22 -16
  84. data/bundler/lib/bundler/setup.rb +6 -0
  85. data/bundler/lib/bundler/shared_helpers.rb +6 -4
  86. data/bundler/lib/bundler/source/git/git_proxy.rb +8 -0
  87. data/bundler/lib/bundler/source/git.rb +14 -0
  88. data/bundler/lib/bundler/source/metadata.rb +2 -0
  89. data/bundler/lib/bundler/source/path.rb +0 -13
  90. data/bundler/lib/bundler/source/rubygems.rb +31 -30
  91. data/bundler/lib/bundler/source_list.rb +26 -2
  92. data/bundler/lib/bundler/spec_set.rb +15 -13
  93. data/bundler/lib/bundler/stub_specification.rb +8 -0
  94. data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +77 -29
  95. data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +4 -3
  96. data/bundler/lib/bundler/templates/newgem/rubocop.yml.tt +0 -5
  97. data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +1 -0
  98. data/bundler/lib/bundler/vendored_net_http.rb +20 -5
  99. data/bundler/lib/bundler/vendored_timeout.rb +7 -3
  100. data/bundler/lib/bundler/version.rb +1 -1
  101. data/bundler/lib/bundler/yaml_serializer.rb +1 -8
  102. data/bundler/lib/bundler.rb +26 -1
  103. data/exe/update_rubygems +1 -1
  104. data/lib/rubygems/basic_specification.rb +27 -0
  105. data/lib/rubygems/bundler_version_finder.rb +1 -1
  106. data/lib/rubygems/command.rb +1 -1
  107. data/lib/rubygems/command_manager.rb +2 -1
  108. data/lib/rubygems/commands/build_command.rb +2 -11
  109. data/lib/rubygems/commands/help_command.rb +2 -2
  110. data/lib/rubygems/commands/pristine_command.rb +12 -9
  111. data/lib/rubygems/commands/rdoc_command.rb +1 -8
  112. data/lib/rubygems/commands/rebuild_command.rb +264 -0
  113. data/lib/rubygems/commands/setup_command.rb +2 -0
  114. data/lib/rubygems/commands/uninstall_command.rb +1 -1
  115. data/lib/rubygems/commands/update_command.rb +8 -9
  116. data/lib/rubygems/config_file.rb +33 -16
  117. data/lib/rubygems/defaults.rb +4 -4
  118. data/lib/rubygems/dependency.rb +3 -15
  119. data/lib/rubygems/dependency_list.rb +1 -1
  120. data/lib/rubygems/deprecate.rb +79 -77
  121. data/lib/rubygems/ext/cargo_builder.rb +2 -17
  122. data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
  123. data/lib/rubygems/gemcutter_utilities.rb +1 -1
  124. data/lib/rubygems/gemspec_helpers.rb +19 -0
  125. data/lib/rubygems/installer.rb +9 -8
  126. data/lib/rubygems/package/tar_header.rb +20 -4
  127. data/lib/rubygems/package.rb +13 -8
  128. data/lib/rubygems/platform.rb +3 -2
  129. data/lib/rubygems/remote_fetcher.rb +1 -1
  130. data/lib/rubygems/request.rb +1 -1
  131. data/lib/rubygems/request_set.rb +1 -1
  132. data/lib/rubygems/requirement.rb +2 -2
  133. data/lib/rubygems/resolver/spec_specification.rb +7 -0
  134. data/lib/rubygems/s3_uri_signer.rb +1 -1
  135. data/lib/rubygems/safe_yaml.rb +10 -1
  136. data/lib/rubygems/security.rb +1 -1
  137. data/lib/rubygems/specification.rb +55 -124
  138. data/lib/rubygems/specification_policy.rb +26 -6
  139. data/lib/rubygems/specification_record.rb +212 -0
  140. data/lib/rubygems/stub_specification.rb +21 -0
  141. data/lib/rubygems/uninstaller.rb +27 -20
  142. data/lib/rubygems/util/licenses.rb +68 -0
  143. data/lib/rubygems/vendor/molinillo/lib/molinillo/dependency_graph.rb +1 -1
  144. data/lib/rubygems/vendored_net_http.rb +5 -0
  145. data/lib/rubygems/vendored_timeout.rb +5 -0
  146. data/lib/rubygems/yaml_serializer.rb +1 -8
  147. data/lib/rubygems.rb +28 -15
  148. data/rubygems-update.gemspec +1 -1
  149. metadata +12 -7
  150. data/lib/rubygems/net/http.rb +0 -3
  151. data/lib/rubygems/timeout.rb +0 -3
  152. /data/lib/rubygems/{optparse.rb → vendored_optparse.rb} +0 -0
  153. /data/lib/rubygems/{tsort.rb → vendored_tsort.rb} +0 -0
@@ -271,15 +271,7 @@ class Gem::Dependency
271
271
  end
272
272
 
273
273
  def matching_specs(platform_only = false)
274
- env_req = Gem.env_requirement(name)
275
- matches = Gem::Specification.stubs_for(name).find_all do |spec|
276
- requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
277
- end.map(&:to_spec)
278
-
279
- if prioritizes_bundler?
280
- require_relative "bundler_version_finder"
281
- Gem::BundlerVersionFinder.prioritize!(matches)
282
- end
274
+ matches = Gem::Specification.find_all_by_name(name, requirement)
283
275
 
284
276
  if platform_only
285
277
  matches.reject! do |spec|
@@ -297,10 +289,6 @@ class Gem::Dependency
297
289
  @requirement.specific?
298
290
  end
299
291
 
300
- def prioritizes_bundler?
301
- name == "bundler" && !specific?
302
- end
303
-
304
292
  def to_specs
305
293
  matches = matching_specs true
306
294
 
@@ -328,9 +316,9 @@ class Gem::Dependency
328
316
  return active if active
329
317
 
330
318
  unless prerelease?
331
- # Move prereleases to the end of the list for >= 0 requirements
319
+ # Consider prereleases only as a fallback
332
320
  pre, matches = matches.partition {|spec| spec.version.prerelease? }
333
- matches += pre if requirement == Gem::Requirement.default
321
+ matches = pre if matches.empty?
334
322
  end
335
323
 
336
324
  matches.first
@@ -6,7 +6,7 @@
6
6
  # See LICENSE.txt for permissions.
7
7
  #++
8
8
 
9
- require_relative "tsort"
9
+ require_relative "vendored_tsort"
10
10
  require_relative "deprecate"
11
11
 
12
12
  ##
@@ -69,99 +69,101 @@
69
69
  # end
70
70
  # end
71
71
 
72
- module Gem::Deprecate
73
- def self.skip # :nodoc:
74
- @skip ||= false
75
- end
72
+ module Gem
73
+ module Deprecate
74
+ def self.skip # :nodoc:
75
+ @skip ||= false
76
+ end
76
77
 
77
- def self.skip=(v) # :nodoc:
78
- @skip = v
79
- end
78
+ def self.skip=(v) # :nodoc:
79
+ @skip = v
80
+ end
80
81
 
81
- ##
82
- # Temporarily turn off warnings. Intended for tests only.
82
+ ##
83
+ # Temporarily turn off warnings. Intended for tests only.
83
84
 
84
- def skip_during
85
- original = Gem::Deprecate.skip
86
- Gem::Deprecate.skip = true
87
- yield
88
- ensure
89
- Gem::Deprecate.skip = original
90
- end
85
+ def skip_during
86
+ original = Gem::Deprecate.skip
87
+ Gem::Deprecate.skip = true
88
+ yield
89
+ ensure
90
+ Gem::Deprecate.skip = original
91
+ end
91
92
 
92
- def self.next_rubygems_major_version # :nodoc:
93
- Gem::Version.new(Gem.rubygems_version.segments.first).bump
94
- end
93
+ def self.next_rubygems_major_version # :nodoc:
94
+ Gem::Version.new(Gem.rubygems_version.segments.first).bump
95
+ end
95
96
 
96
- ##
97
- # Simple deprecation method that deprecates +name+ by wrapping it up
98
- # in a dummy method. It warns on each call to the dummy method
99
- # telling the user of +repl+ (unless +repl+ is :none) and the
100
- # year/month that it is planned to go away.
97
+ ##
98
+ # Simple deprecation method that deprecates +name+ by wrapping it up
99
+ # in a dummy method. It warns on each call to the dummy method
100
+ # telling the user of +repl+ (unless +repl+ is :none) and the
101
+ # year/month that it is planned to go away.
101
102
 
102
- def deprecate(name, repl, year, month)
103
- class_eval do
104
- old = "_deprecated_#{name}"
105
- alias_method old, name
106
- define_method name do |*args, &block|
107
- klass = is_a? Module
108
- target = klass ? "#{self}." : "#{self.class}#"
109
- msg = [
110
- "NOTE: #{target}#{name} is deprecated",
111
- repl == :none ? " with no replacement" : "; use #{repl} instead",
112
- format(". It will be removed on or after %4d-%02d.", year, month),
113
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
114
- ]
115
- warn "#{msg.join}." unless Gem::Deprecate.skip
116
- send old, *args, &block
103
+ def deprecate(name, repl, year, month)
104
+ class_eval do
105
+ old = "_deprecated_#{name}"
106
+ alias_method old, name
107
+ define_method name do |*args, &block|
108
+ klass = is_a? Module
109
+ target = klass ? "#{self}." : "#{self.class}#"
110
+ msg = [
111
+ "NOTE: #{target}#{name} is deprecated",
112
+ repl == :none ? " with no replacement" : "; use #{repl} instead",
113
+ format(". It will be removed on or after %4d-%02d.", year, month),
114
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
115
+ ]
116
+ warn "#{msg.join}." unless Gem::Deprecate.skip
117
+ send old, *args, &block
118
+ end
119
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
117
120
  end
118
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
119
121
  end
120
- end
121
122
 
122
- ##
123
- # Simple deprecation method that deprecates +name+ by wrapping it up
124
- # in a dummy method. It warns on each call to the dummy method
125
- # telling the user of +repl+ (unless +repl+ is :none) and the
126
- # Rubygems version that it is planned to go away.
123
+ ##
124
+ # Simple deprecation method that deprecates +name+ by wrapping it up
125
+ # in a dummy method. It warns on each call to the dummy method
126
+ # telling the user of +repl+ (unless +repl+ is :none) and the
127
+ # Rubygems version that it is planned to go away.
127
128
 
128
- def rubygems_deprecate(name, replacement=:none)
129
- class_eval do
130
- old = "_deprecated_#{name}"
131
- alias_method old, name
132
- define_method name do |*args, &block|
133
- klass = is_a? Module
134
- target = klass ? "#{self}." : "#{self.class}#"
135
- msg = [
136
- "NOTE: #{target}#{name} is deprecated",
137
- replacement == :none ? " with no replacement" : "; use #{replacement} instead",
138
- ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
139
- "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
140
- ]
141
- warn "#{msg.join}." unless Gem::Deprecate.skip
142
- send old, *args, &block
129
+ def rubygems_deprecate(name, replacement=:none)
130
+ class_eval do
131
+ old = "_deprecated_#{name}"
132
+ alias_method old, name
133
+ define_method name do |*args, &block|
134
+ klass = is_a? Module
135
+ target = klass ? "#{self}." : "#{self.class}#"
136
+ msg = [
137
+ "NOTE: #{target}#{name} is deprecated",
138
+ replacement == :none ? " with no replacement" : "; use #{replacement} instead",
139
+ ". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
140
+ "\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
141
+ ]
142
+ warn "#{msg.join}." unless Gem::Deprecate.skip
143
+ send old, *args, &block
144
+ end
145
+ ruby2_keywords name if respond_to?(:ruby2_keywords, true)
143
146
  end
144
- ruby2_keywords name if respond_to?(:ruby2_keywords, true)
145
147
  end
146
- end
147
148
 
148
- # Deprecation method to deprecate Rubygems commands
149
- def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
150
- class_eval do
151
- define_method "deprecated?" do
152
- true
153
- end
149
+ # Deprecation method to deprecate Rubygems commands
150
+ def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
151
+ class_eval do
152
+ define_method "deprecated?" do
153
+ true
154
+ end
154
155
 
155
- define_method "deprecation_warning" do
156
- msg = [
157
- "#{command} command is deprecated",
158
- ". It will be removed in Rubygems #{version}.\n",
159
- ]
156
+ define_method "deprecation_warning" do
157
+ msg = [
158
+ "#{command} command is deprecated",
159
+ ". It will be removed in Rubygems #{version}.\n",
160
+ ]
160
161
 
161
- alert_warning msg.join.to_s unless Gem::Deprecate.skip
162
+ alert_warning msg.join.to_s unless Gem::Deprecate.skip
163
+ end
162
164
  end
163
165
  end
164
- end
165
166
 
166
- module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
167
+ module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
168
+ end
167
169
  end
@@ -185,6 +185,7 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
185
185
  end
186
186
 
187
187
  def cargo_dylib_path(dest_path, crate_name)
188
+ so_ext = RbConfig::CONFIG["SOEXT"]
188
189
  prefix = so_ext == "dll" ? "" : "lib"
189
190
  path_parts = [dest_path]
190
191
  path_parts << ENV["CARGO_BUILD_TARGET"] if ENV["CARGO_BUILD_TARGET"]
@@ -293,7 +294,7 @@ EOF
293
294
 
294
295
  case var_name
295
296
  # On windows, it is assumed that mkmf has setup an exports file for the
296
- # extension, so we have to to create one ourselves.
297
+ # extension, so we have to create one ourselves.
297
298
  when "DEFFILE"
298
299
  write_deffile(dest_dir, crate_name)
299
300
  else
@@ -313,22 +314,6 @@ EOF
313
314
  deffile_path
314
315
  end
315
316
 
316
- # We have to basically reimplement <code>RbConfig::CONFIG['SOEXT']</code> here to support
317
- # Ruby < 2.5
318
- #
319
- # @see https://github.com/ruby/ruby/blob/c87c027f18c005460746a74c07cd80ee355b16e4/configure.ac#L3185
320
- def so_ext
321
- return RbConfig::CONFIG["SOEXT"] if RbConfig::CONFIG.key?("SOEXT")
322
-
323
- if win_target?
324
- "dll"
325
- elsif darwin_target?
326
- "dylib"
327
- else
328
- "so"
329
- end
330
- end
331
-
332
317
  # Corresponds to $(LIBPATH) in mkmf
333
318
  def mkmf_libpath
334
319
  ["-L", "native=#{makefile_config("libdir")}"]
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
69
69
  rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
70
70
  if credentials.empty?
71
71
  request.add_field "Authorization", api_key
72
+ elsif credentials[:identifier] && credentials[:password]
73
+ request.basic_auth credentials[:identifier], credentials[:password]
72
74
  else
73
- request.basic_auth credentials[:email], credentials[:password]
75
+ raise Gem::WebauthnVerificationError, "Provided missing credentials"
74
76
  end
75
77
  end
76
78
  end
@@ -85,7 +85,7 @@ module Gem::GemcutterUtilities
85
85
  # If +allowed_push_host+ metadata is present, then it will only allow that host.
86
86
 
87
87
  def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block)
88
- require_relative "net/http"
88
+ require_relative "vendored_net_http"
89
89
 
90
90
  self.host = host if host
91
91
  unless self.host
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative "../rubygems"
4
+
5
+ ##
6
+ # Mixin methods for commands that work with gemspecs.
7
+
8
+ module Gem::GemspecHelpers
9
+ def find_gemspec(glob = "*.gemspec")
10
+ gemspecs = Dir.glob(glob).sort
11
+
12
+ if gemspecs.size > 1
13
+ alert_error "Multiple gemspecs found: #{gemspecs}, please specify one"
14
+ terminate_interaction(1)
15
+ end
16
+
17
+ gemspecs.first
18
+ end
19
+ end
@@ -344,7 +344,7 @@ class Gem::Installer
344
344
 
345
345
  say spec.post_install_message if options[:post_install_message] && !spec.post_install_message.nil?
346
346
 
347
- Gem::Specification.add_spec(spec)
347
+ Gem::Specification.add_spec(spec) unless @install_dir
348
348
 
349
349
  load_plugin
350
350
 
@@ -500,8 +500,7 @@ class Gem::Installer
500
500
  dir_mode = options[:prog_mode] || (mode | 0o111)
501
501
 
502
502
  unless dir_mode == mode
503
- require "fileutils"
504
- FileUtils.chmod dir_mode, bin_path
503
+ File.chmod dir_mode, bin_path
505
504
  end
506
505
 
507
506
  check_executable_overwrite filename
@@ -539,12 +538,14 @@ class Gem::Installer
539
538
  def generate_bin_script(filename, bindir)
540
539
  bin_script_path = File.join bindir, formatted_program_filename(filename)
541
540
 
542
- require "fileutils"
543
- FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers
541
+ Gem.open_file_with_flock("#{bin_script_path}.lock") do
542
+ require "fileutils"
543
+ FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers
544
544
 
545
- File.open bin_script_path, "wb", 0o755 do |file|
546
- file.print app_script_text(filename)
547
- file.chmod(options[:prog_mode] || 0o755)
545
+ File.open(bin_script_path, "wb", 0o755) do |file|
546
+ file.write app_script_text(filename)
547
+ file.chmod(options[:prog_mode] || 0o755)
548
+ end
548
549
  end
549
550
 
550
551
  verbose bin_script_path
@@ -95,14 +95,14 @@ class Gem::Package::TarHeader
95
95
 
96
96
  attr_reader(*FIELDS)
97
97
 
98
- EMPTY_HEADER = ("\0" * 512).freeze # :nodoc:
98
+ EMPTY_HEADER = ("\0" * 512).b.freeze # :nodoc:
99
99
 
100
100
  ##
101
101
  # Creates a tar header from IO +stream+
102
102
 
103
103
  def self.from(stream)
104
104
  header = stream.read 512
105
- empty = (header == EMPTY_HEADER)
105
+ return EMPTY if header == EMPTY_HEADER
106
106
 
107
107
  fields = header.unpack UNPACK_FORMAT
108
108
 
@@ -123,7 +123,7 @@ class Gem::Package::TarHeader
123
123
  devminor: strict_oct(fields.shift),
124
124
  prefix: fields.shift,
125
125
 
126
- empty: empty
126
+ empty: false
127
127
  end
128
128
 
129
129
  def self.strict_oct(str)
@@ -172,6 +172,22 @@ class Gem::Package::TarHeader
172
172
  @empty = vals[:empty]
173
173
  end
174
174
 
175
+ EMPTY = new({ # :nodoc:
176
+ checksum: 0,
177
+ gname: "",
178
+ linkname: "",
179
+ magic: "",
180
+ mode: 0,
181
+ name: "",
182
+ prefix: "",
183
+ size: 0,
184
+ uname: "",
185
+ version: 0,
186
+
187
+ empty: true,
188
+ }).freeze
189
+ private_constant :EMPTY
190
+
175
191
  ##
176
192
  # Is the tar entry empty?
177
193
 
@@ -241,7 +257,7 @@ class Gem::Package::TarHeader
241
257
 
242
258
  header = header.pack PACK_FORMAT
243
259
 
244
- header << ("\0" * ((512 - header.size) % 512))
260
+ header.ljust 512, "\0"
245
261
  end
246
262
 
247
263
  def oct(num, len)
@@ -7,7 +7,6 @@
7
7
 
8
8
  # rubocop:enable Style/AsciiComments
9
9
 
10
- require_relative "../rubygems"
11
10
  require_relative "security"
12
11
  require_relative "user_interaction"
13
12
 
@@ -59,7 +58,7 @@ class Gem::Package
59
58
 
60
59
  def initialize(message, source = nil)
61
60
  if source
62
- @path = source.path
61
+ @path = source.is_a?(String) ? source : source.path
63
62
 
64
63
  message += " in #{path}" if path
65
64
  end
@@ -295,7 +294,6 @@ class Gem::Package
295
294
 
296
295
  Gem.load_yaml
297
296
 
298
- @spec.mark_version
299
297
  @spec.validate true, strict_validation unless skip_validation
300
298
 
301
299
  setup_signer(
@@ -454,7 +452,7 @@ EOM
454
452
 
455
453
  if entry.file?
456
454
  File.open(destination, "wb") {|out| copy_stream(entry, out) }
457
- FileUtils.chmod file_mode(entry.header.mode), destination
455
+ FileUtils.chmod file_mode(entry.header.mode) & ~File.umask, destination
458
456
  end
459
457
 
460
458
  verbose destination
@@ -528,12 +526,13 @@ EOM
528
526
  # Loads a Gem::Specification from the TarEntry +entry+
529
527
 
530
528
  def load_spec(entry) # :nodoc:
529
+ limit = 10 * 1024 * 1024
531
530
  case entry.full_name
532
531
  when "metadata" then
533
- @spec = Gem::Specification.from_yaml entry.read
532
+ @spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
534
533
  when "metadata.gz" then
535
534
  Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
536
- @spec = Gem::Specification.from_yaml gzio.read
535
+ @spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
537
536
  end
538
537
  end
539
538
  end
@@ -557,7 +556,7 @@ EOM
557
556
 
558
557
  @checksums = gem.seek "checksums.yaml.gz" do |entry|
559
558
  Zlib::GzipReader.wrap entry do |gz_io|
560
- Gem::SafeYAML.safe_load gz_io.read
559
+ Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
561
560
  end
562
561
  end
563
562
  end
@@ -664,7 +663,7 @@ EOM
664
663
 
665
664
  case file_name
666
665
  when /\.sig$/ then
667
- @signatures[$`] = entry.read if @security_policy
666
+ @signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
668
667
  return
669
668
  else
670
669
  digest entry
@@ -724,6 +723,12 @@ EOM
724
723
  IO.copy_stream(src, dst)
725
724
  end
726
725
  end
726
+
727
+ def limit_read(io, name, limit)
728
+ bytes = io.read(limit + 1)
729
+ raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
730
+ bytes
731
+ end
727
732
  end
728
733
 
729
734
  require_relative "package/digest_io"
@@ -134,6 +134,7 @@ class Gem::Platform
134
134
  when /netbsdelf/ then ["netbsdelf", nil]
135
135
  when /openbsd(\d+\.\d+)?/ then ["openbsd", $1]
136
136
  when /solaris(\d+\.\d+)?/ then ["solaris", $1]
137
+ when /wasi/ then ["wasi", nil]
137
138
  # test
138
139
  when /^(\w+_platform)(\d+)?/ then [$1, $2]
139
140
  else ["unknown", nil]
@@ -175,7 +176,7 @@ class Gem::Platform
175
176
  # they have the same version, or either one has no version
176
177
  #
177
178
  # Additionally, the platform will match if the local CPU is 'arm' and the
178
- # other CPU starts with "arm" (for generic ARM family support).
179
+ # other CPU starts with "armv" (for generic 32-bit ARM family support).
179
180
  #
180
181
  # Of note, this method is not commutative. Indeed the OS 'linux' has a
181
182
  # special case: the version is the libc name, yet while "no version" stands
@@ -196,7 +197,7 @@ class Gem::Platform
196
197
 
197
198
  # cpu
198
199
  ([nil,"universal"].include?(@cpu) || [nil, "universal"].include?(other.cpu) || @cpu == other.cpu ||
199
- (@cpu == "arm" && other.cpu.start_with?("arm"))) &&
200
+ (@cpu == "arm" && other.cpu.start_with?("armv"))) &&
200
201
 
201
202
  # os
202
203
  @os == other.os &&
@@ -74,7 +74,7 @@ class Gem::RemoteFetcher
74
74
 
75
75
  def initialize(proxy=nil, dns=nil, headers={})
76
76
  require_relative "core_ext/tcpsocket_init" if Gem.configuration.ipv4_fallback_enabled
77
- require_relative "net/http"
77
+ require_relative "vendored_net_http"
78
78
  require "stringio"
79
79
  require_relative "vendor/uri/lib/uri"
80
80
 
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative "net/http"
3
+ require_relative "vendored_net_http"
4
4
  require_relative "user_interaction"
5
5
 
6
6
  class Gem::Request
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative "tsort"
3
+ require_relative "vendored_tsort"
4
4
 
5
5
  ##
6
6
  # A RequestSet groups a request to activate a set of dependencies.
@@ -13,8 +13,8 @@ class Gem::Requirement
13
13
  OPS = { # :nodoc:
14
14
  "=" => lambda {|v, r| v == r },
15
15
  "!=" => lambda {|v, r| v != r },
16
- ">" => lambda {|v, r| v > r },
17
- "<" => lambda {|v, r| v < r },
16
+ ">" => lambda {|v, r| v > r },
17
+ "<" => lambda {|v, r| v < r },
18
18
  ">=" => lambda {|v, r| v >= r },
19
19
  "<=" => lambda {|v, r| v <= r },
20
20
  "~>" => lambda {|v, r| v >= r && v.release < r.bump },
@@ -66,4 +66,11 @@ class Gem::Resolver::SpecSpecification < Gem::Resolver::Specification
66
66
  def version
67
67
  spec.version
68
68
  end
69
+
70
+ ##
71
+ # The hash value for this specification.
72
+
73
+ def hash
74
+ spec.hash
75
+ end
69
76
  end
@@ -140,7 +140,7 @@ class Gem::S3URISigner
140
140
  end
141
141
 
142
142
  def ec2_metadata_credentials_json
143
- require_relative "net/http"
143
+ require_relative "vendored_net_http"
144
144
  require_relative "request"
145
145
  require_relative "request/connection_pools"
146
146
  require "json"
@@ -25,8 +25,17 @@ module Gem
25
25
  runtime
26
26
  ].freeze
27
27
 
28
+ @aliases_enabled = true
29
+ def self.aliases_enabled=(value) # :nodoc:
30
+ @aliases_enabled = !!value
31
+ end
32
+
33
+ def self.aliases_enabled? # :nodoc:
34
+ @aliases_enabled
35
+ end
36
+
28
37
  def self.safe_load(input)
29
- ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: true)
38
+ ::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: @aliases_enabled)
30
39
  end
31
40
 
32
41
  def self.load(input)
@@ -323,7 +323,7 @@ require_relative "openssl"
323
323
  # == Original author
324
324
  #
325
325
  # Paul Duncan <pabs@pablotron.org>
326
- # http://pablotron.org/
326
+ # https://pablotron.org/
327
327
 
328
328
  module Gem::Security
329
329
  ##