rubygems-update 3.5.6 → 3.5.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +204 -1
- data/CODE_OF_CONDUCT.md +79 -28
- data/CONTRIBUTING.md +2 -2
- data/Manifest.txt +9 -4
- data/POLICIES.md +75 -6
- data/bundler/CHANGELOG.md +156 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/cli/binstubs.rb +1 -1
- data/bundler/lib/bundler/cli/fund.rb +1 -1
- data/bundler/lib/bundler/cli/gem.rb +7 -14
- data/bundler/lib/bundler/cli/install.rb +1 -1
- data/bundler/lib/bundler/cli/plugin.rb +3 -2
- data/bundler/lib/bundler/cli.rb +14 -31
- data/bundler/lib/bundler/compact_index_client/cache.rb +47 -72
- data/bundler/lib/bundler/compact_index_client/parser.rb +84 -0
- data/bundler/lib/bundler/compact_index_client.rb +51 -80
- data/bundler/lib/bundler/constants.rb +8 -1
- data/bundler/lib/bundler/definition.rb +114 -71
- data/bundler/lib/bundler/dependency.rb +2 -1
- data/bundler/lib/bundler/dsl.rb +16 -1
- data/bundler/lib/bundler/endpoint_specification.rb +11 -0
- data/bundler/lib/bundler/env.rb +1 -1
- data/bundler/lib/bundler/environment_preserver.rb +2 -20
- data/bundler/lib/bundler/errors.rb +14 -0
- data/bundler/lib/bundler/fetcher/compact_index.rb +15 -24
- data/bundler/lib/bundler/gem_helper.rb +1 -1
- data/bundler/lib/bundler/gem_helpers.rb +14 -7
- data/bundler/lib/bundler/gem_version_promoter.rb +42 -38
- data/bundler/lib/bundler/injector.rb +3 -5
- data/bundler/lib/bundler/installer/gem_installer.rb +0 -1
- data/bundler/lib/bundler/installer/standalone.rb +0 -3
- data/bundler/lib/bundler/installer.rb +9 -11
- data/bundler/lib/bundler/lazy_specification.rb +1 -0
- data/bundler/lib/bundler/man/bundle-add.1 +1 -1
- data/bundler/lib/bundler/man/bundle-binstubs.1 +1 -1
- data/bundler/lib/bundler/man/bundle-cache.1 +1 -1
- data/bundler/lib/bundler/man/bundle-check.1 +3 -1
- data/bundler/lib/bundler/man/bundle-check.1.ronn +3 -0
- data/bundler/lib/bundler/man/bundle-clean.1 +1 -1
- data/bundler/lib/bundler/man/bundle-config.1 +2 -4
- data/bundler/lib/bundler/man/bundle-config.1.ronn +1 -4
- data/bundler/lib/bundler/man/bundle-console.1 +1 -1
- data/bundler/lib/bundler/man/bundle-doctor.1 +1 -1
- data/bundler/lib/bundler/man/bundle-exec.1 +1 -1
- data/bundler/lib/bundler/man/bundle-gem.1 +7 -1
- data/bundler/lib/bundler/man/bundle-gem.1.ronn +11 -0
- data/bundler/lib/bundler/man/bundle-help.1 +1 -1
- data/bundler/lib/bundler/man/bundle-info.1 +1 -1
- data/bundler/lib/bundler/man/bundle-init.1 +1 -1
- data/bundler/lib/bundler/man/bundle-inject.1 +1 -1
- data/bundler/lib/bundler/man/bundle-install.1 +3 -3
- data/bundler/lib/bundler/man/bundle-install.1.ronn +2 -2
- data/bundler/lib/bundler/man/bundle-list.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-open.1 +1 -1
- data/bundler/lib/bundler/man/bundle-outdated.1 +1 -1
- data/bundler/lib/bundler/man/bundle-platform.1 +1 -1
- data/bundler/lib/bundler/man/bundle-plugin.1 +7 -4
- data/bundler/lib/bundler/man/bundle-plugin.1.ronn +7 -3
- data/bundler/lib/bundler/man/bundle-pristine.1 +1 -1
- data/bundler/lib/bundler/man/bundle-remove.1 +1 -1
- data/bundler/lib/bundler/man/bundle-show.1 +1 -1
- data/bundler/lib/bundler/man/bundle-update.1 +1 -1
- data/bundler/lib/bundler/man/bundle-version.1 +1 -1
- data/bundler/lib/bundler/man/bundle-viz.1 +1 -1
- data/bundler/lib/bundler/man/bundle.1 +1 -1
- data/bundler/lib/bundler/man/gemfile.5 +3 -3
- data/bundler/lib/bundler/man/gemfile.5.ronn +2 -2
- data/bundler/lib/bundler/plugin/installer/path.rb +18 -0
- data/bundler/lib/bundler/plugin/installer.rb +36 -16
- data/bundler/lib/bundler/plugin/source_list.rb +4 -4
- data/bundler/lib/bundler/resolver/base.rb +4 -0
- data/bundler/lib/bundler/resolver/candidate.rb +5 -17
- data/bundler/lib/bundler/resolver/package.rb +4 -0
- data/bundler/lib/bundler/resolver/spec_group.rb +20 -2
- data/bundler/lib/bundler/resolver.rb +72 -33
- data/bundler/lib/bundler/rubygems_ext.rb +98 -10
- data/bundler/lib/bundler/rubygems_gem_installer.rb +35 -2
- data/bundler/lib/bundler/rubygems_integration.rb +16 -2
- data/bundler/lib/bundler/runtime.rb +1 -1
- data/bundler/lib/bundler/self_manager.rb +22 -2
- data/bundler/lib/bundler/settings.rb +22 -16
- data/bundler/lib/bundler/setup.rb +6 -0
- data/bundler/lib/bundler/shared_helpers.rb +6 -4
- data/bundler/lib/bundler/source/git/git_proxy.rb +8 -0
- data/bundler/lib/bundler/source/git.rb +14 -0
- data/bundler/lib/bundler/source/metadata.rb +2 -0
- data/bundler/lib/bundler/source/path.rb +0 -13
- data/bundler/lib/bundler/source/rubygems.rb +31 -30
- data/bundler/lib/bundler/source_list.rb +26 -2
- data/bundler/lib/bundler/spec_set.rb +15 -13
- data/bundler/lib/bundler/stub_specification.rb +8 -0
- data/bundler/lib/bundler/templates/newgem/CODE_OF_CONDUCT.md.tt +77 -29
- data/bundler/lib/bundler/templates/newgem/newgem.gemspec.tt +4 -3
- data/bundler/lib/bundler/templates/newgem/rubocop.yml.tt +0 -5
- data/bundler/lib/bundler/vendor/pub_grub/lib/pub_grub/static_package_source.rb +1 -0
- data/bundler/lib/bundler/vendored_net_http.rb +20 -5
- data/bundler/lib/bundler/vendored_timeout.rb +7 -3
- data/bundler/lib/bundler/version.rb +1 -1
- data/bundler/lib/bundler/yaml_serializer.rb +1 -8
- data/bundler/lib/bundler.rb +26 -1
- data/exe/update_rubygems +1 -1
- data/lib/rubygems/basic_specification.rb +27 -0
- data/lib/rubygems/bundler_version_finder.rb +1 -1
- data/lib/rubygems/command.rb +1 -1
- data/lib/rubygems/command_manager.rb +2 -1
- data/lib/rubygems/commands/build_command.rb +2 -11
- data/lib/rubygems/commands/help_command.rb +2 -2
- data/lib/rubygems/commands/pristine_command.rb +12 -9
- data/lib/rubygems/commands/rdoc_command.rb +1 -8
- data/lib/rubygems/commands/rebuild_command.rb +264 -0
- data/lib/rubygems/commands/setup_command.rb +2 -0
- data/lib/rubygems/commands/uninstall_command.rb +1 -1
- data/lib/rubygems/commands/update_command.rb +8 -9
- data/lib/rubygems/config_file.rb +33 -16
- data/lib/rubygems/defaults.rb +4 -4
- data/lib/rubygems/dependency.rb +3 -15
- data/lib/rubygems/dependency_list.rb +1 -1
- data/lib/rubygems/deprecate.rb +79 -77
- data/lib/rubygems/ext/cargo_builder.rb +2 -17
- data/lib/rubygems/gemcutter_utilities/webauthn_poller.rb +3 -1
- data/lib/rubygems/gemcutter_utilities.rb +1 -1
- data/lib/rubygems/gemspec_helpers.rb +19 -0
- data/lib/rubygems/installer.rb +9 -8
- data/lib/rubygems/package/tar_header.rb +20 -4
- data/lib/rubygems/package.rb +13 -8
- data/lib/rubygems/platform.rb +3 -2
- data/lib/rubygems/remote_fetcher.rb +1 -1
- data/lib/rubygems/request.rb +1 -1
- data/lib/rubygems/request_set.rb +1 -1
- data/lib/rubygems/requirement.rb +2 -2
- data/lib/rubygems/resolver/spec_specification.rb +7 -0
- data/lib/rubygems/s3_uri_signer.rb +1 -1
- data/lib/rubygems/safe_yaml.rb +10 -1
- data/lib/rubygems/security.rb +1 -1
- data/lib/rubygems/specification.rb +55 -124
- data/lib/rubygems/specification_policy.rb +26 -6
- data/lib/rubygems/specification_record.rb +212 -0
- data/lib/rubygems/stub_specification.rb +21 -0
- data/lib/rubygems/uninstaller.rb +27 -20
- data/lib/rubygems/util/licenses.rb +68 -0
- data/lib/rubygems/vendor/molinillo/lib/molinillo/dependency_graph.rb +1 -1
- data/lib/rubygems/vendored_net_http.rb +5 -0
- data/lib/rubygems/vendored_timeout.rb +5 -0
- data/lib/rubygems/yaml_serializer.rb +1 -8
- data/lib/rubygems.rb +28 -15
- data/rubygems-update.gemspec +1 -1
- metadata +12 -7
- data/lib/rubygems/net/http.rb +0 -3
- data/lib/rubygems/timeout.rb +0 -3
- /data/lib/rubygems/{optparse.rb → vendored_optparse.rb} +0 -0
- /data/lib/rubygems/{tsort.rb → vendored_tsort.rb} +0 -0
data/lib/rubygems/dependency.rb
CHANGED
@@ -271,15 +271,7 @@ class Gem::Dependency
|
|
271
271
|
end
|
272
272
|
|
273
273
|
def matching_specs(platform_only = false)
|
274
|
-
|
275
|
-
matches = Gem::Specification.stubs_for(name).find_all do |spec|
|
276
|
-
requirement.satisfied_by?(spec.version) && env_req.satisfied_by?(spec.version)
|
277
|
-
end.map(&:to_spec)
|
278
|
-
|
279
|
-
if prioritizes_bundler?
|
280
|
-
require_relative "bundler_version_finder"
|
281
|
-
Gem::BundlerVersionFinder.prioritize!(matches)
|
282
|
-
end
|
274
|
+
matches = Gem::Specification.find_all_by_name(name, requirement)
|
283
275
|
|
284
276
|
if platform_only
|
285
277
|
matches.reject! do |spec|
|
@@ -297,10 +289,6 @@ class Gem::Dependency
|
|
297
289
|
@requirement.specific?
|
298
290
|
end
|
299
291
|
|
300
|
-
def prioritizes_bundler?
|
301
|
-
name == "bundler" && !specific?
|
302
|
-
end
|
303
|
-
|
304
292
|
def to_specs
|
305
293
|
matches = matching_specs true
|
306
294
|
|
@@ -328,9 +316,9 @@ class Gem::Dependency
|
|
328
316
|
return active if active
|
329
317
|
|
330
318
|
unless prerelease?
|
331
|
-
#
|
319
|
+
# Consider prereleases only as a fallback
|
332
320
|
pre, matches = matches.partition {|spec| spec.version.prerelease? }
|
333
|
-
matches
|
321
|
+
matches = pre if matches.empty?
|
334
322
|
end
|
335
323
|
|
336
324
|
matches.first
|
data/lib/rubygems/deprecate.rb
CHANGED
@@ -69,99 +69,101 @@
|
|
69
69
|
# end
|
70
70
|
# end
|
71
71
|
|
72
|
-
module Gem
|
73
|
-
|
74
|
-
|
75
|
-
|
72
|
+
module Gem
|
73
|
+
module Deprecate
|
74
|
+
def self.skip # :nodoc:
|
75
|
+
@skip ||= false
|
76
|
+
end
|
76
77
|
|
77
|
-
|
78
|
-
|
79
|
-
|
78
|
+
def self.skip=(v) # :nodoc:
|
79
|
+
@skip = v
|
80
|
+
end
|
80
81
|
|
81
|
-
|
82
|
-
|
82
|
+
##
|
83
|
+
# Temporarily turn off warnings. Intended for tests only.
|
83
84
|
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
85
|
+
def skip_during
|
86
|
+
original = Gem::Deprecate.skip
|
87
|
+
Gem::Deprecate.skip = true
|
88
|
+
yield
|
89
|
+
ensure
|
90
|
+
Gem::Deprecate.skip = original
|
91
|
+
end
|
91
92
|
|
92
|
-
|
93
|
-
|
94
|
-
|
93
|
+
def self.next_rubygems_major_version # :nodoc:
|
94
|
+
Gem::Version.new(Gem.rubygems_version.segments.first).bump
|
95
|
+
end
|
95
96
|
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
97
|
+
##
|
98
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
99
|
+
# in a dummy method. It warns on each call to the dummy method
|
100
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
101
|
+
# year/month that it is planned to go away.
|
101
102
|
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
103
|
+
def deprecate(name, repl, year, month)
|
104
|
+
class_eval do
|
105
|
+
old = "_deprecated_#{name}"
|
106
|
+
alias_method old, name
|
107
|
+
define_method name do |*args, &block|
|
108
|
+
klass = is_a? Module
|
109
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
110
|
+
msg = [
|
111
|
+
"NOTE: #{target}#{name} is deprecated",
|
112
|
+
repl == :none ? " with no replacement" : "; use #{repl} instead",
|
113
|
+
format(". It will be removed on or after %4d-%02d.", year, month),
|
114
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
115
|
+
]
|
116
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
117
|
+
send old, *args, &block
|
118
|
+
end
|
119
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
117
120
|
end
|
118
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
119
121
|
end
|
120
|
-
end
|
121
122
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
123
|
+
##
|
124
|
+
# Simple deprecation method that deprecates +name+ by wrapping it up
|
125
|
+
# in a dummy method. It warns on each call to the dummy method
|
126
|
+
# telling the user of +repl+ (unless +repl+ is :none) and the
|
127
|
+
# Rubygems version that it is planned to go away.
|
127
128
|
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
129
|
+
def rubygems_deprecate(name, replacement=:none)
|
130
|
+
class_eval do
|
131
|
+
old = "_deprecated_#{name}"
|
132
|
+
alias_method old, name
|
133
|
+
define_method name do |*args, &block|
|
134
|
+
klass = is_a? Module
|
135
|
+
target = klass ? "#{self}." : "#{self.class}#"
|
136
|
+
msg = [
|
137
|
+
"NOTE: #{target}#{name} is deprecated",
|
138
|
+
replacement == :none ? " with no replacement" : "; use #{replacement} instead",
|
139
|
+
". It will be removed in Rubygems #{Gem::Deprecate.next_rubygems_major_version}",
|
140
|
+
"\n#{target}#{name} called from #{Gem.location_of_caller.join(":")}",
|
141
|
+
]
|
142
|
+
warn "#{msg.join}." unless Gem::Deprecate.skip
|
143
|
+
send old, *args, &block
|
144
|
+
end
|
145
|
+
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
143
146
|
end
|
144
|
-
ruby2_keywords name if respond_to?(:ruby2_keywords, true)
|
145
147
|
end
|
146
|
-
end
|
147
148
|
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
149
|
+
# Deprecation method to deprecate Rubygems commands
|
150
|
+
def rubygems_deprecate_command(version = Gem::Deprecate.next_rubygems_major_version)
|
151
|
+
class_eval do
|
152
|
+
define_method "deprecated?" do
|
153
|
+
true
|
154
|
+
end
|
154
155
|
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
156
|
+
define_method "deprecation_warning" do
|
157
|
+
msg = [
|
158
|
+
"#{command} command is deprecated",
|
159
|
+
". It will be removed in Rubygems #{version}.\n",
|
160
|
+
]
|
160
161
|
|
161
|
-
|
162
|
+
alert_warning msg.join.to_s unless Gem::Deprecate.skip
|
163
|
+
end
|
162
164
|
end
|
163
165
|
end
|
164
|
-
end
|
165
166
|
|
166
|
-
|
167
|
+
module_function :rubygems_deprecate, :rubygems_deprecate_command, :skip_during
|
168
|
+
end
|
167
169
|
end
|
@@ -185,6 +185,7 @@ class Gem::Ext::CargoBuilder < Gem::Ext::Builder
|
|
185
185
|
end
|
186
186
|
|
187
187
|
def cargo_dylib_path(dest_path, crate_name)
|
188
|
+
so_ext = RbConfig::CONFIG["SOEXT"]
|
188
189
|
prefix = so_ext == "dll" ? "" : "lib"
|
189
190
|
path_parts = [dest_path]
|
190
191
|
path_parts << ENV["CARGO_BUILD_TARGET"] if ENV["CARGO_BUILD_TARGET"]
|
@@ -293,7 +294,7 @@ EOF
|
|
293
294
|
|
294
295
|
case var_name
|
295
296
|
# On windows, it is assumed that mkmf has setup an exports file for the
|
296
|
-
# extension, so we have to
|
297
|
+
# extension, so we have to create one ourselves.
|
297
298
|
when "DEFFILE"
|
298
299
|
write_deffile(dest_dir, crate_name)
|
299
300
|
else
|
@@ -313,22 +314,6 @@ EOF
|
|
313
314
|
deffile_path
|
314
315
|
end
|
315
316
|
|
316
|
-
# We have to basically reimplement <code>RbConfig::CONFIG['SOEXT']</code> here to support
|
317
|
-
# Ruby < 2.5
|
318
|
-
#
|
319
|
-
# @see https://github.com/ruby/ruby/blob/c87c027f18c005460746a74c07cd80ee355b16e4/configure.ac#L3185
|
320
|
-
def so_ext
|
321
|
-
return RbConfig::CONFIG["SOEXT"] if RbConfig::CONFIG.key?("SOEXT")
|
322
|
-
|
323
|
-
if win_target?
|
324
|
-
"dll"
|
325
|
-
elsif darwin_target?
|
326
|
-
"dylib"
|
327
|
-
else
|
328
|
-
"so"
|
329
|
-
end
|
330
|
-
end
|
331
|
-
|
332
317
|
# Corresponds to $(LIBPATH) in mkmf
|
333
318
|
def mkmf_libpath
|
334
319
|
["-L", "native=#{makefile_config("libdir")}"]
|
@@ -69,8 +69,10 @@ module Gem::GemcutterUtilities
|
|
69
69
|
rubygems_api_request(:get, "api/v1/webauthn_verification/#{webauthn_token}/status.json") do |request|
|
70
70
|
if credentials.empty?
|
71
71
|
request.add_field "Authorization", api_key
|
72
|
+
elsif credentials[:identifier] && credentials[:password]
|
73
|
+
request.basic_auth credentials[:identifier], credentials[:password]
|
72
74
|
else
|
73
|
-
|
75
|
+
raise Gem::WebauthnVerificationError, "Provided missing credentials"
|
74
76
|
end
|
75
77
|
end
|
76
78
|
end
|
@@ -85,7 +85,7 @@ module Gem::GemcutterUtilities
|
|
85
85
|
# If +allowed_push_host+ metadata is present, then it will only allow that host.
|
86
86
|
|
87
87
|
def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block)
|
88
|
-
require_relative "
|
88
|
+
require_relative "vendored_net_http"
|
89
89
|
|
90
90
|
self.host = host if host
|
91
91
|
unless self.host
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "../rubygems"
|
4
|
+
|
5
|
+
##
|
6
|
+
# Mixin methods for commands that work with gemspecs.
|
7
|
+
|
8
|
+
module Gem::GemspecHelpers
|
9
|
+
def find_gemspec(glob = "*.gemspec")
|
10
|
+
gemspecs = Dir.glob(glob).sort
|
11
|
+
|
12
|
+
if gemspecs.size > 1
|
13
|
+
alert_error "Multiple gemspecs found: #{gemspecs}, please specify one"
|
14
|
+
terminate_interaction(1)
|
15
|
+
end
|
16
|
+
|
17
|
+
gemspecs.first
|
18
|
+
end
|
19
|
+
end
|
data/lib/rubygems/installer.rb
CHANGED
@@ -344,7 +344,7 @@ class Gem::Installer
|
|
344
344
|
|
345
345
|
say spec.post_install_message if options[:post_install_message] && !spec.post_install_message.nil?
|
346
346
|
|
347
|
-
Gem::Specification.add_spec(spec)
|
347
|
+
Gem::Specification.add_spec(spec) unless @install_dir
|
348
348
|
|
349
349
|
load_plugin
|
350
350
|
|
@@ -500,8 +500,7 @@ class Gem::Installer
|
|
500
500
|
dir_mode = options[:prog_mode] || (mode | 0o111)
|
501
501
|
|
502
502
|
unless dir_mode == mode
|
503
|
-
|
504
|
-
FileUtils.chmod dir_mode, bin_path
|
503
|
+
File.chmod dir_mode, bin_path
|
505
504
|
end
|
506
505
|
|
507
506
|
check_executable_overwrite filename
|
@@ -539,12 +538,14 @@ class Gem::Installer
|
|
539
538
|
def generate_bin_script(filename, bindir)
|
540
539
|
bin_script_path = File.join bindir, formatted_program_filename(filename)
|
541
540
|
|
542
|
-
|
543
|
-
|
541
|
+
Gem.open_file_with_flock("#{bin_script_path}.lock") do
|
542
|
+
require "fileutils"
|
543
|
+
FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers
|
544
544
|
|
545
|
-
|
546
|
-
|
547
|
-
|
545
|
+
File.open(bin_script_path, "wb", 0o755) do |file|
|
546
|
+
file.write app_script_text(filename)
|
547
|
+
file.chmod(options[:prog_mode] || 0o755)
|
548
|
+
end
|
548
549
|
end
|
549
550
|
|
550
551
|
verbose bin_script_path
|
@@ -95,14 +95,14 @@ class Gem::Package::TarHeader
|
|
95
95
|
|
96
96
|
attr_reader(*FIELDS)
|
97
97
|
|
98
|
-
EMPTY_HEADER = ("\0" * 512).freeze # :nodoc:
|
98
|
+
EMPTY_HEADER = ("\0" * 512).b.freeze # :nodoc:
|
99
99
|
|
100
100
|
##
|
101
101
|
# Creates a tar header from IO +stream+
|
102
102
|
|
103
103
|
def self.from(stream)
|
104
104
|
header = stream.read 512
|
105
|
-
|
105
|
+
return EMPTY if header == EMPTY_HEADER
|
106
106
|
|
107
107
|
fields = header.unpack UNPACK_FORMAT
|
108
108
|
|
@@ -123,7 +123,7 @@ class Gem::Package::TarHeader
|
|
123
123
|
devminor: strict_oct(fields.shift),
|
124
124
|
prefix: fields.shift,
|
125
125
|
|
126
|
-
empty:
|
126
|
+
empty: false
|
127
127
|
end
|
128
128
|
|
129
129
|
def self.strict_oct(str)
|
@@ -172,6 +172,22 @@ class Gem::Package::TarHeader
|
|
172
172
|
@empty = vals[:empty]
|
173
173
|
end
|
174
174
|
|
175
|
+
EMPTY = new({ # :nodoc:
|
176
|
+
checksum: 0,
|
177
|
+
gname: "",
|
178
|
+
linkname: "",
|
179
|
+
magic: "",
|
180
|
+
mode: 0,
|
181
|
+
name: "",
|
182
|
+
prefix: "",
|
183
|
+
size: 0,
|
184
|
+
uname: "",
|
185
|
+
version: 0,
|
186
|
+
|
187
|
+
empty: true,
|
188
|
+
}).freeze
|
189
|
+
private_constant :EMPTY
|
190
|
+
|
175
191
|
##
|
176
192
|
# Is the tar entry empty?
|
177
193
|
|
@@ -241,7 +257,7 @@ class Gem::Package::TarHeader
|
|
241
257
|
|
242
258
|
header = header.pack PACK_FORMAT
|
243
259
|
|
244
|
-
header
|
260
|
+
header.ljust 512, "\0"
|
245
261
|
end
|
246
262
|
|
247
263
|
def oct(num, len)
|
data/lib/rubygems/package.rb
CHANGED
@@ -7,7 +7,6 @@
|
|
7
7
|
|
8
8
|
# rubocop:enable Style/AsciiComments
|
9
9
|
|
10
|
-
require_relative "../rubygems"
|
11
10
|
require_relative "security"
|
12
11
|
require_relative "user_interaction"
|
13
12
|
|
@@ -59,7 +58,7 @@ class Gem::Package
|
|
59
58
|
|
60
59
|
def initialize(message, source = nil)
|
61
60
|
if source
|
62
|
-
@path = source.path
|
61
|
+
@path = source.is_a?(String) ? source : source.path
|
63
62
|
|
64
63
|
message += " in #{path}" if path
|
65
64
|
end
|
@@ -295,7 +294,6 @@ class Gem::Package
|
|
295
294
|
|
296
295
|
Gem.load_yaml
|
297
296
|
|
298
|
-
@spec.mark_version
|
299
297
|
@spec.validate true, strict_validation unless skip_validation
|
300
298
|
|
301
299
|
setup_signer(
|
@@ -454,7 +452,7 @@ EOM
|
|
454
452
|
|
455
453
|
if entry.file?
|
456
454
|
File.open(destination, "wb") {|out| copy_stream(entry, out) }
|
457
|
-
FileUtils.chmod file_mode(entry.header.mode), destination
|
455
|
+
FileUtils.chmod file_mode(entry.header.mode) & ~File.umask, destination
|
458
456
|
end
|
459
457
|
|
460
458
|
verbose destination
|
@@ -528,12 +526,13 @@ EOM
|
|
528
526
|
# Loads a Gem::Specification from the TarEntry +entry+
|
529
527
|
|
530
528
|
def load_spec(entry) # :nodoc:
|
529
|
+
limit = 10 * 1024 * 1024
|
531
530
|
case entry.full_name
|
532
531
|
when "metadata" then
|
533
|
-
@spec = Gem::Specification.from_yaml entry
|
532
|
+
@spec = Gem::Specification.from_yaml limit_read(entry, "metadata", limit)
|
534
533
|
when "metadata.gz" then
|
535
534
|
Zlib::GzipReader.wrap(entry, external_encoding: Encoding::UTF_8) do |gzio|
|
536
|
-
@spec = Gem::Specification.from_yaml gzio.
|
535
|
+
@spec = Gem::Specification.from_yaml limit_read(gzio, "metadata.gz", limit)
|
537
536
|
end
|
538
537
|
end
|
539
538
|
end
|
@@ -557,7 +556,7 @@ EOM
|
|
557
556
|
|
558
557
|
@checksums = gem.seek "checksums.yaml.gz" do |entry|
|
559
558
|
Zlib::GzipReader.wrap entry do |gz_io|
|
560
|
-
Gem::SafeYAML.safe_load gz_io.
|
559
|
+
Gem::SafeYAML.safe_load limit_read(gz_io, "checksums.yaml.gz", 10 * 1024 * 1024)
|
561
560
|
end
|
562
561
|
end
|
563
562
|
end
|
@@ -664,7 +663,7 @@ EOM
|
|
664
663
|
|
665
664
|
case file_name
|
666
665
|
when /\.sig$/ then
|
667
|
-
@signatures[$`] = entry
|
666
|
+
@signatures[$`] = limit_read(entry, file_name, 1024 * 1024) if @security_policy
|
668
667
|
return
|
669
668
|
else
|
670
669
|
digest entry
|
@@ -724,6 +723,12 @@ EOM
|
|
724
723
|
IO.copy_stream(src, dst)
|
725
724
|
end
|
726
725
|
end
|
726
|
+
|
727
|
+
def limit_read(io, name, limit)
|
728
|
+
bytes = io.read(limit + 1)
|
729
|
+
raise Gem::Package::FormatError, "#{name} is too big (over #{limit} bytes)" if bytes.size > limit
|
730
|
+
bytes
|
731
|
+
end
|
727
732
|
end
|
728
733
|
|
729
734
|
require_relative "package/digest_io"
|
data/lib/rubygems/platform.rb
CHANGED
@@ -134,6 +134,7 @@ class Gem::Platform
|
|
134
134
|
when /netbsdelf/ then ["netbsdelf", nil]
|
135
135
|
when /openbsd(\d+\.\d+)?/ then ["openbsd", $1]
|
136
136
|
when /solaris(\d+\.\d+)?/ then ["solaris", $1]
|
137
|
+
when /wasi/ then ["wasi", nil]
|
137
138
|
# test
|
138
139
|
when /^(\w+_platform)(\d+)?/ then [$1, $2]
|
139
140
|
else ["unknown", nil]
|
@@ -175,7 +176,7 @@ class Gem::Platform
|
|
175
176
|
# they have the same version, or either one has no version
|
176
177
|
#
|
177
178
|
# Additionally, the platform will match if the local CPU is 'arm' and the
|
178
|
-
# other CPU starts with "
|
179
|
+
# other CPU starts with "armv" (for generic 32-bit ARM family support).
|
179
180
|
#
|
180
181
|
# Of note, this method is not commutative. Indeed the OS 'linux' has a
|
181
182
|
# special case: the version is the libc name, yet while "no version" stands
|
@@ -196,7 +197,7 @@ class Gem::Platform
|
|
196
197
|
|
197
198
|
# cpu
|
198
199
|
([nil,"universal"].include?(@cpu) || [nil, "universal"].include?(other.cpu) || @cpu == other.cpu ||
|
199
|
-
(@cpu == "arm" && other.cpu.start_with?("
|
200
|
+
(@cpu == "arm" && other.cpu.start_with?("armv"))) &&
|
200
201
|
|
201
202
|
# os
|
202
203
|
@os == other.os &&
|
@@ -74,7 +74,7 @@ class Gem::RemoteFetcher
|
|
74
74
|
|
75
75
|
def initialize(proxy=nil, dns=nil, headers={})
|
76
76
|
require_relative "core_ext/tcpsocket_init" if Gem.configuration.ipv4_fallback_enabled
|
77
|
-
require_relative "
|
77
|
+
require_relative "vendored_net_http"
|
78
78
|
require "stringio"
|
79
79
|
require_relative "vendor/uri/lib/uri"
|
80
80
|
|
data/lib/rubygems/request.rb
CHANGED
data/lib/rubygems/request_set.rb
CHANGED
data/lib/rubygems/requirement.rb
CHANGED
@@ -13,8 +13,8 @@ class Gem::Requirement
|
|
13
13
|
OPS = { # :nodoc:
|
14
14
|
"=" => lambda {|v, r| v == r },
|
15
15
|
"!=" => lambda {|v, r| v != r },
|
16
|
-
">" => lambda {|v, r| v >
|
17
|
-
"<" => lambda {|v, r| v <
|
16
|
+
">" => lambda {|v, r| v > r },
|
17
|
+
"<" => lambda {|v, r| v < r },
|
18
18
|
">=" => lambda {|v, r| v >= r },
|
19
19
|
"<=" => lambda {|v, r| v <= r },
|
20
20
|
"~>" => lambda {|v, r| v >= r && v.release < r.bump },
|
data/lib/rubygems/safe_yaml.rb
CHANGED
@@ -25,8 +25,17 @@ module Gem
|
|
25
25
|
runtime
|
26
26
|
].freeze
|
27
27
|
|
28
|
+
@aliases_enabled = true
|
29
|
+
def self.aliases_enabled=(value) # :nodoc:
|
30
|
+
@aliases_enabled = !!value
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.aliases_enabled? # :nodoc:
|
34
|
+
@aliases_enabled
|
35
|
+
end
|
36
|
+
|
28
37
|
def self.safe_load(input)
|
29
|
-
::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases:
|
38
|
+
::Psych.safe_load(input, permitted_classes: PERMITTED_CLASSES, permitted_symbols: PERMITTED_SYMBOLS, aliases: @aliases_enabled)
|
30
39
|
end
|
31
40
|
|
32
41
|
def self.load(input)
|