RubyGems - rubygems-update - Versions diffs - 2.1.3 → 2.1.4 - Mend

rubygems-update 2.1.3 → 2.1.4

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (10) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/History.txt +54 -0
data/Rakefile +7 -1
data/lib/rubygems.rb +1 -1
data/lib/rubygems/commands/uninstall_command.rb +2 -4
data/test/rubygems/test_gem_commands_uninstall_command.rb +32 -8
metadata +4 -4
metadata.gz.sig +2 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79018046efd7dc6889d866e6ea75830e8410e852
-  data.tar.gz: 228fe5ada9988cd6813cbcc9756f6d9b2af5efde
+  metadata.gz: b1fa94d6b820abe075a10e423fc13e4d1a42ff58
+  data.tar.gz: 12967cad3de5815451c7fa652d39caf75b91281d
 SHA512:
-  metadata.gz: ecdfa6a1a3f9cb6ad930967adeb88fd0df589787baebe63d48c9275a6fe053acdaacc5302a1572becbf4555a63e61e666b91593a93042d1ebac1fe3ea9f661b3
-  data.tar.gz: 0a904be4b33d3e6d5a783c729984db008fadb09fe46c63046b607d762d45ef1865de2b9a033580dc9cfa5717c6f36cef79b0524c56424de2840679e33e9bfa8c
+  metadata.gz: 03c8e214c07144821e02af71a49f73d860835b293013eeb8ca03ad22751c6283a50ad0d1c8bd50f824764edd96566922a0275416de2ebbc4a172301a94f3413c
+  data.tar.gz: d5cd8d2ea741cbe7198e1e1ce6352b24cdb58b1468fdb7c7fd249fb3796f275c0d3ab023945054a904f44204406eeb26b492418dc22937c9ca0d0777e28ccf36

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data.tar.gz.sig CHANGED Viewed

Binary file

data/History.txt CHANGED Viewed

@@ -1,5 +1,14 @@
 # coding: UTF-8
+=== 2.1.4 / 2013-09-17
+Bug fixes:
+* `gem uninstall foo --all` now force-uninstalls all versions of foo.  Issue
+  #650 by Kyle (remkade).
+* Fixed uninstalling gems installed in the home directory (as in
+  `--user-install`).  Issue #653 by Lin Jen-Shin.
 === 2.1.3 / 2013-09-12
 Bug fixes:
@@ -120,6 +129,29 @@ Bug fixes:
 * Fixed credential creation for `gem push` when `--host` is not given.  Pull
   request #622 by Arthur Nogueira Neves
+=== 2.0.9 / 2013-09-13
+Bug fixes:
+* Gem fetch now fetches the newest (not oldest) gem when --version is given.
+  Issue #643 by Brian Shirai.
+* Fixed credential creation for `gem push` when `--host` is not given.  Pull
+  request #622 by Arthur Nogueira Neves
+=== 2.0.8 / 2013-09-09
+Security fixes:
+* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4287 for full details
+  including vulnerable APIs.  Fixed versions include 2.0.8, 1.8.26 and
+  1.8.23.1 (for Ruby 1.9.3).  Issue #626 by Damir Sharipov.
+Bug fixes:
+* Fixed Gem.clear_paths when Security is defined at top-level.  Pull request
+  #625 by elarkin
 === 2.0.7 / 2013-08-15
 Bug fixes:
@@ -583,6 +615,19 @@ $SAFE=1.  There is no functional difference compared to Ruby 2.0.0.preview2
   * URI scheme matching is no longer case-sensitive.  Fixes #322
   * ext/builder now checks $MAKE as well as $make (okkez)
+=== 1.8.26 / 2013-09-09
+Security fixes:
+* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4287 for full details
+  including vulnerable APIs.  Fixed versions include 2.0.8, 1.8.26 and
+  1.8.23.1 (for Ruby 1.9.3).  Issue #626 by Damir Sharipov.
+Bug fixes:
+* Fixed editing of a Makefile with 8-bit characters.  Fixes #181
 === 1.8.25 / 2013-01-24
 * Bug fixes:
@@ -601,6 +646,15 @@ $SAFE=1.  There is no functional difference compared to Ruby 2.0.0.preview2
   * Install the .pem files properly. Fixes #320
   * Remove OpenSSL dependency from the http code path
+=== 1.8.23.1 / 2013-09-09
+Security fixes:
+* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4287 for full details
+  including vulnerable APIs.  Fixed versions include 2.0.8, 1.8.26 and
+  1.8.23.1 (for Ruby 1.9.3).  Issue #626 by Damir Sharipov.
 === 1.8.23 / 2012-04-19
 This release increases the security used when RubyGems is talking to

data/Rakefile CHANGED Viewed

@@ -126,6 +126,10 @@ end
 desc "Upload release to rubyforge and gemcutter"
 task :upload => %w[upload_to_gemcutter]
+on_master = `git branch --list master`.strip == '* master'
+Rake::Task['publish_docs'].clear unless on_master
 directory '../guides.rubygems.org' do
   sh 'git', 'clone',
      'git@github.com:rubygems/guides.git',
@@ -166,12 +170,14 @@ namespace 'guides' do
   end
   desc 'Updates and publishes the guides for the just-released RubyGems'
+  task 'publish'
   task 'publish' => %w[
     guides:pull
     guides:update
     guides:commit
     guides:push
-  ]
+  ] if on_master
 end
 directory '../blog.rubygems.org' do

data/lib/rubygems.rb CHANGED Viewed

@@ -8,7 +8,7 @@
 require 'rbconfig'
 module Gem
-  VERSION = '2.1.3'
+  VERSION = '2.1.4'
 end
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/commands/uninstall_command.rb CHANGED Viewed

@@ -15,7 +15,7 @@ class Gem::Commands::UninstallCommand < Gem::Command
   def initialize
     super 'uninstall', 'Uninstall gems from the local repository',
           :version => Gem::Requirement.default, :user_install => true,
-          :install_dir => Gem.dir, :check_dev => false
+          :check_dev => false
     add_option('-a', '--[no-]all',
       'Uninstall all matching versions'
@@ -84,7 +84,6 @@ class Gem::Commands::UninstallCommand < Gem::Command
   def defaults_str # :nodoc:
     "--version '#{Gem::Requirement.default}' --no-force " +
-    "--install-dir #{Gem.dir}\n" +
     "--user-install"
   end
@@ -104,8 +103,7 @@ that is a dependency of an existing gem.  You can use the
   def execute
     if options[:all] and not options[:args].empty? then
-      alert_error 'Gem names and --all may not be used together'
-      terminate_interaction 1
+      uninstall_specific
     elsif options[:all] then
       uninstall_all
     else

data/test/rubygems/test_gem_commands_uninstall_command.rb CHANGED Viewed

@@ -16,18 +16,33 @@ class TestGemCommandsUninstallCommand < Gem::InstallerTestCase
     @executable = File.join(@gemhome, 'bin', 'executable')
   end
-  def test_execute_all_gem_names
-    @cmd.options[:args] = %w[a b]
+  def test_execute_all_named
+    util_make_gems
+    default = new_default_spec 'default', '1'
+    install_default_gems default
+    gemhome2 = "#{@gemhome}2"
+    a_4 = quick_spec 'a', 4
+    install_gem a_4, :install_dir => gemhome2
+    Gem::Specification.dirs = [@gemhome, gemhome2]
+    assert_includes Gem::Specification.all_names, 'a-1'
+    assert_includes Gem::Specification.all_names, 'a-4'
+    assert_includes Gem::Specification.all_names, 'b-2'
+    assert_includes Gem::Specification.all_names, 'default-1'
     @cmd.options[:all] = true
+    @cmd.options[:args] = %w[a]
-    assert_raises Gem::MockGemUi::TermError do
-      use_ui @ui do
-        @cmd.execute
-      end
+    use_ui @ui do
+      @cmd.execute
     end
-    assert_match(/\A(?:WARNING:  Unable to use symlinks on Windows, installing wrapper\n)?ERROR:  Gem names and --all may not be used together\n\z/,
-                 @ui.error)
+    assert_equal %w[a-4 a_evil-9 b-2 c-1.2 default-1 dep_x-1 pl-1-x86-linux x-1],
+                 Gem::Specification.all_names.sort
   end
   def test_execute_dependency_order
@@ -217,5 +232,14 @@ class TestGemCommandsUninstallCommand < Gem::InstallerTestCase
     assert_equal %w[a-4 default-1], Gem::Specification.all_names.sort
   end
+  def test_handle_options
+    @cmd.handle_options %w[]
+    assert_equal false,                    @cmd.options[:check_dev]
+    assert_equal nil,                      @cmd.options[:install_dir]
+    assert_equal true,                     @cmd.options[:user_install]
+    assert_equal Gem::Requirement.default, @cmd.options[:version]
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.1.3
+  version: 2.1.4
 platform: ruby
 authors:
 - Jim Weirich
@@ -32,7 +32,7 @@ cert_chain:
   KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
   wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
   -----END CERTIFICATE-----
-date: 2013-09-13 00:00:00.000000000 Z
+date: 2013-09-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -174,6 +174,7 @@ extra_rdoc_files:
 files:
 - .autotest
 - .document
+- .gemtest
 - CVE-2013-4287.txt
 - History.txt
 - LICENSE.txt
@@ -467,7 +468,6 @@ files:
 - util/CL2notes
 - util/create_certs.rb
 - util/create_encrypted_key.rb
-- .gemtest
 homepage: http://rubygems.org
 licenses:
 - Ruby
@@ -492,7 +492,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: rubygems-update
-rubygems_version: 2.1.2
+rubygems_version: 2.2.0
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby

metadata.gz.sig CHANGED Viewed

@@ -1 +1,2 @@
-���#=�r�}�d�LWtS�:Fk���O�Z�}8��8��`�ѝG�[��^խ��Dĳ`��v���u��nit��UH1�D>Ҥ��#8ڞ���8_���>r����F��Fx�*T�
+@<�B�����~��$+Y#����ɬ���&�y7c��ɾ�%���T�wI6�������/��?��aeB�.= ������G�`i�F寠�������>���=�(ɴFp.2��i�In"kĻ�h�h`���z����h��b���nꃙ����M�s��*�B�CＰ���a������<
+{��7%/�&����(^�9&P�[�c���-�[pC+�>��/�b��G2d.L��絎�Ӈ�H8F���7