rubygems-update 2.4.8 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rubygems-update might be problematic. Click here for more details.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CODE_OF_CONDUCT.md +40 -0
- data/CVE-2015-3900.txt +40 -0
- data/History.txt +173 -2
- data/Manifest.txt +14 -1
- data/Rakefile +36 -1
- data/lib/rubygems.rb +32 -14
- data/lib/rubygems/basic_specification.rb +31 -9
- data/lib/rubygems/commands/dependency_command.rb +25 -15
- data/lib/rubygems/commands/environment_command.rb +2 -0
- data/lib/rubygems/commands/help_command.rb +0 -10
- data/lib/rubygems/commands/install_command.rb +1 -1
- data/lib/rubygems/commands/list_command.rb +1 -1
- data/lib/rubygems/commands/pristine_command.rb +11 -1
- data/lib/rubygems/commands/query_command.rb +1 -1
- data/lib/rubygems/commands/sources_command.rb +1 -1
- data/lib/rubygems/commands/update_command.rb +2 -2
- data/lib/rubygems/config_file.rb +4 -4
- data/lib/rubygems/core_ext/kernel_require.rb +2 -2
- data/lib/rubygems/dependency.rb +9 -6
- data/lib/rubygems/dependency_list.rb +3 -0
- data/lib/rubygems/ext/builder.rb +2 -0
- data/lib/rubygems/ext/ext_conf_builder.rb +6 -1
- data/lib/rubygems/indexer.rb +26 -91
- data/lib/rubygems/installer.rb +58 -26
- data/lib/rubygems/installer_test_case.rb +2 -2
- data/lib/rubygems/package.rb +18 -6
- data/lib/rubygems/package/old.rb +2 -2
- data/lib/rubygems/package/tar_reader/entry.rb +7 -1
- data/lib/rubygems/package/tar_test_case.rb +12 -3
- data/lib/rubygems/package/tar_writer.rb +19 -1
- data/lib/rubygems/platform.rb +3 -2
- data/lib/rubygems/rdoc.rb +1 -2
- data/lib/rubygems/remote_fetcher.rb +25 -6
- data/lib/rubygems/request/connection_pools.rb +8 -4
- data/lib/rubygems/request_set.rb +3 -4
- data/lib/rubygems/request_set/gem_dependency_api.rb +2 -2
- data/lib/rubygems/request_set/lockfile.rb +1 -1
- data/lib/rubygems/request_set/lockfile/parser.rb +54 -43
- data/lib/rubygems/request_set/lockfile/tokenizer.rb +16 -13
- data/lib/rubygems/resolver.rb +47 -242
- data/lib/rubygems/resolver/activation_request.rb +2 -1
- data/lib/rubygems/resolver/conflict.rb +0 -1
- data/lib/rubygems/resolver/dependency_request.rb +4 -1
- data/lib/rubygems/resolver/git_specification.rb +1 -2
- data/lib/rubygems/resolver/molinillo.rb +1 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo.rb +5 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb +266 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/errors.rb +69 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb +3 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/specification_provider.rb +99 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/modules/ui.rb +63 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb +430 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/resolver.rb +43 -0
- data/lib/rubygems/resolver/molinillo/lib/molinillo/state.rb +51 -0
- data/lib/rubygems/resolver/specification.rb +1 -1
- data/lib/rubygems/specification.rb +256 -86
- data/lib/rubygems/stub_specification.rb +37 -29
- data/lib/rubygems/test_case.rb +65 -28
- data/lib/rubygems/test_utilities.rb +18 -18
- data/lib/rubygems/text.rb +0 -2
- data/lib/rubygems/uninstaller.rb +1 -1
- data/lib/rubygems/util.rb +4 -4
- data/lib/rubygems/util/licenses.rb +309 -0
- data/lib/rubygems/util/list.rb +9 -21
- data/lib/rubygems/version.rb +24 -14
- data/test/rubygems/simple_gem.rb +1 -1
- data/test/rubygems/test_config.rb +10 -1
- data/test/rubygems/test_gem.rb +58 -11
- data/test/rubygems/test_gem_available_set.rb +2 -1
- data/test/rubygems/test_gem_commands_cleanup_command.rb +6 -5
- data/test/rubygems/test_gem_commands_dependency_command.rb +9 -1
- data/test/rubygems/test_gem_commands_install_command.rb +17 -28
- data/test/rubygems/test_gem_commands_mirror.rb +0 -13
- data/test/rubygems/test_gem_commands_outdated_command.rb +2 -3
- data/test/rubygems/test_gem_commands_pristine_command.rb +33 -5
- data/test/rubygems/test_gem_commands_query_command.rb +123 -158
- data/test/rubygems/test_gem_commands_server_command.rb +2 -2
- data/test/rubygems/test_gem_commands_specification_command.rb +4 -4
- data/test/rubygems/test_gem_commands_stale_command.rb +2 -0
- data/test/rubygems/test_gem_commands_uninstall_command.rb +5 -4
- data/test/rubygems/test_gem_commands_unpack_command.rb +4 -6
- data/test/rubygems/test_gem_commands_update_command.rb +22 -52
- data/test/rubygems/test_gem_commands_which_command.rb +1 -0
- data/test/rubygems/test_gem_config_file.rb +1 -1
- data/test/rubygems/test_gem_dependency.rb +7 -3
- data/test/rubygems/test_gem_dependency_installer.rb +5 -5
- data/test/rubygems/test_gem_doctor.rb +1 -1
- data/test/rubygems/test_gem_ext_builder.rb +2 -0
- data/test/rubygems/test_gem_ext_configure_builder.rb +8 -4
- data/test/rubygems/test_gem_ext_ext_conf_builder.rb +25 -21
- data/test/rubygems/test_gem_indexer.rb +4 -4
- data/test/rubygems/test_gem_install_update_options.rb +2 -2
- data/test/rubygems/test_gem_installer.rb +32 -26
- data/test/rubygems/test_gem_package.rb +46 -1
- data/test/rubygems/test_gem_package_tar_reader_entry.rb +8 -1
- data/test/rubygems/test_gem_package_tar_writer.rb +10 -1
- data/test/rubygems/test_gem_package_task.rb +5 -2
- data/test/rubygems/test_gem_platform.rb +11 -0
- data/test/rubygems/test_gem_remote_fetcher.rb +64 -3
- data/test/rubygems/test_gem_request.rb +1 -1
- data/test/rubygems/test_gem_request_connection_pools.rb +10 -1
- data/test/rubygems/test_gem_request_set.rb +5 -8
- data/test/rubygems/test_gem_request_set_lockfile.rb +2 -4
- data/test/rubygems/test_gem_request_set_lockfile_tokenizer.rb +1 -1
- data/test/rubygems/test_gem_resolver.rb +12 -31
- data/test/rubygems/test_gem_resolver_git_specification.rb +1 -0
- data/test/rubygems/test_gem_resolver_installer_set.rb +7 -11
- data/test/rubygems/test_gem_resolver_lock_specification.rb +3 -2
- data/test/rubygems/test_gem_security_trust_dir.rb +2 -0
- data/test/rubygems/test_gem_server.rb +4 -0
- data/test/rubygems/test_gem_specification.rb +344 -61
- data/test/rubygems/test_gem_stream_ui.rb +6 -6
- data/test/rubygems/test_gem_stub_specification.rb +21 -6
- data/test/rubygems/test_gem_text.rb +2 -0
- data/test/rubygems/test_gem_uninstaller.rb +2 -1
- data/test/rubygems/test_gem_util.rb +8 -0
- data/test/rubygems/test_require.rb +156 -125
- data/util/generate_spdx_license_list.rb +21 -0
- data/util/update_bundled_ca_certificates.rb +2 -1
- metadata +42 -6
- metadata.gz.sig +0 -0
- data/lib/rubygems/util/stringio.rb +0 -34
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6942268616ad45a23f4f41e7f073dcf914f004f6
|
4
|
+
data.tar.gz: f96fe2747ff20777d3d823fc71d2e0311a913ac0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: eaa189a001aebd337b78364031caa2b0670bba9eda11e994a8b43990618c346f61989dff990b0deb3d451cf2faebb077077b3329e9bda0f1f6878a794e53c617
|
7
|
+
data.tar.gz: 7dd8fff88d8e65a699fa35999b79502c1428e9bcb8afb4c95fa49748382bb10240abad513242e99c588556e3aec6348976e6cf472cf7e6f765dc5e9c5061c3e5
|
checksums.yaml.gz.sig
ADDED
Binary file
|
data.tar.gz.sig
ADDED
Binary file
|
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct.
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct. By adopting this Code of Conduct,
|
26
|
+
project maintainers commit themselves to fairly and consistently applying these
|
27
|
+
principles to every aspect of managing this project. Project maintainers who do
|
28
|
+
not follow or enforce the Code of Conduct may be permanently removed from the
|
29
|
+
project team.
|
30
|
+
|
31
|
+
This code of conduct applies both within project spaces and in public spaces
|
32
|
+
when an individual is representing the project or its community.
|
33
|
+
|
34
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
35
|
+
reported by opening an issue or contacting one or more of the project
|
36
|
+
maintainers.
|
37
|
+
|
38
|
+
This Code of Conduct is adapted from the [Contributor
|
39
|
+
Covenant](http://contributor-covenant.org), version 1.2.0, available at
|
40
|
+
[http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
|
data/CVE-2015-3900.txt
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
= Request hijacking vulnerability in RubyGems 2.4.6 and earlier
|
2
|
+
|
3
|
+
RubyGems provides the ability of a domain to direct clients to a separate
|
4
|
+
host that is used to fetch gems and make API calls against. This mechanism
|
5
|
+
is implemented via DNS, specificly a SRV record _rubygems._tcp under the
|
6
|
+
original requested domain.
|
7
|
+
|
8
|
+
For example, this is the one that users who use rubygems.org see:
|
9
|
+
|
10
|
+
> dig _rubygems._tcp.rubygems.org SRV
|
11
|
+
|
12
|
+
;; ANSWER SECTION:
|
13
|
+
_rubygems._tcp.rubygems.org. 600 IN SRV 0 1 80 api.rubygems.org.
|
14
|
+
|
15
|
+
RubyGems did not validate the hostname returned in the SRV record before
|
16
|
+
sending requests to it.
|
17
|
+
|
18
|
+
This left clients open to a DNS hijack attack, whereby an attacker could
|
19
|
+
return a SRV of their choosing and get the client to use it. For example:
|
20
|
+
|
21
|
+
> dig _rubygems._tcp.rubygems.org SRV
|
22
|
+
|
23
|
+
;; ANSWER SECTION:
|
24
|
+
_rubygems._tcp.rubygems.org. 600 IN SRV 0 1 80 gems.nottobetrusted.wtf
|
25
|
+
|
26
|
+
The fix, detailed at https://github.com/rubygems/rubygems/commit/6bbee35,
|
27
|
+
shows that we validate the record now to be under the original domain. This
|
28
|
+
restricts the client to be using the original trust/security domain as they
|
29
|
+
would have otherwise.
|
30
|
+
|
31
|
+
RubyGems versions between 2.0 and 2.4.6 are vulnerable.
|
32
|
+
|
33
|
+
RubyGems version 2.0.16, 2.2.4, and 2.4.7 have been released that fix this
|
34
|
+
issue.
|
35
|
+
|
36
|
+
Ruby versions 1.9.0 through 2.2.0 are vulnerable as they contain embedded
|
37
|
+
versions of RubyGems.
|
38
|
+
|
39
|
+
This vulnerability was reported by Jonathan Claudius <JClaudius@trustwave.com>.
|
40
|
+
|
data/History.txt
CHANGED
@@ -1,5 +1,136 @@
|
|
1
1
|
# coding: UTF-8
|
2
2
|
|
3
|
+
=== 2.5.0
|
4
|
+
|
5
|
+
Major enhancements:
|
6
|
+
|
7
|
+
* Added the Gem::Licenses class which provides a set of standard license
|
8
|
+
identifiers as set by spdx.org. This is now used by the
|
9
|
+
Gem::Specification#license attribute to try to standardize (though not
|
10
|
+
enforce) licenses set by gem authors.
|
11
|
+
|
12
|
+
Pull request #1249 by Kyle Mitchell.
|
13
|
+
|
14
|
+
Minor enhancements:
|
15
|
+
|
16
|
+
* Use Molinillo as the resolver library. This is the same resolver as used by
|
17
|
+
Bundler. Pull request #1189 by Samuel E. Giddins.
|
18
|
+
* Add `--skip=gem_name` to Pristine command. Pull request #1018 by windwiny.
|
19
|
+
* The parsed gem dependencies file is now available via Gem.gemdeps following
|
20
|
+
Gem.use_gemdeps. Pull request #1224 by Hsing-Hui Hsu, issue #1213 by
|
21
|
+
Michal Papis.
|
22
|
+
* Moved description attribute to recommended for Gem::Specification.
|
23
|
+
Pull request #1046 by Michal Papis
|
24
|
+
* Moved `Gem::Indexer#abbreviate` and `#sanitize` to `Gem::Specification`.
|
25
|
+
Pull request #1145 by Arthur Nogueira Neves
|
26
|
+
* Cache Gem::Version segments for `#bump` and `#release`.
|
27
|
+
Pull request #1131 by Matijs van Zuijlen
|
28
|
+
* Fix edge case in `levenshtein_distance` for comparing longer strings.
|
29
|
+
Pull request #1173 by Richard Schneeman
|
30
|
+
* Remove duplication from List#to_a, improving from O(n^2) to O(n) time.
|
31
|
+
Pull request #1200 by Marc Siegel.
|
32
|
+
* Gem::Specification.add_specs is deprecated and will be removed from version
|
33
|
+
3.0 with no replacement. To add specs, install the gem, then reset the
|
34
|
+
cache.
|
35
|
+
* Gem::Specification.add_spec is deprecated and will be removed from version
|
36
|
+
3.0 with no replacement. To add specs, install the gem, then reset the
|
37
|
+
cache.
|
38
|
+
* Gem::Specification.remove_spec is deprecated and will be removed from version
|
39
|
+
3.0 with no replacement. To remove specs, uninstall the gem, then reset the
|
40
|
+
cache by calling Gem::Specification.reset.
|
41
|
+
* Call Array#compact before calling Array#uniq for minor speed improvement in
|
42
|
+
the Gem::Specification#files method.
|
43
|
+
Pull request #1253 by Marat Amerov.
|
44
|
+
* Use stringio instead of custom String classes.
|
45
|
+
Pull request #1250 by Petr Skocik.
|
46
|
+
* Use URI#host instead of URI#hostname to retain backwards compatibility with
|
47
|
+
Ruby 1.9.2 and earlier in util library.
|
48
|
+
Pull request #1288 by Joe Rafaniello.
|
49
|
+
* Documentation update for gem sources.
|
50
|
+
Pull request #1324 by Ilya Vassilevsky.
|
51
|
+
* Documentation update for required_ruby_version.
|
52
|
+
Pull request #1321 by Matt Patterson.
|
53
|
+
* Documentation update for gem update.
|
54
|
+
Pull request #1306 by Tim Blair.
|
55
|
+
* Emit a warning on SRV resolve failure.
|
56
|
+
Pull request #1023 by Ivan Kuchin.
|
57
|
+
* Allow duplicate dependencies between runtime and development.
|
58
|
+
Pull request #1032 by Murray Steele.
|
59
|
+
* The gem env command now shows the user installation directory.
|
60
|
+
Pull request #1343 by Luis Sagastume.
|
61
|
+
* The Gem::Platform#=== method now treats a nil cpu arch the same as 'universal'.
|
62
|
+
Pull request #1356 by Daniel Berger.
|
63
|
+
* Improved memory performance in Gem::Specification.traverse. Pull request
|
64
|
+
#1188 by Aaron Patterson.
|
65
|
+
* RubyGems packages now support symlinks. Pull request #1209 by Samuel E.
|
66
|
+
Giddins.
|
67
|
+
* RubyGems no longer outputs mkmf.log if it does not exist. Pull request
|
68
|
+
#1222 by Andrew Hooker.
|
69
|
+
* Added Bitrig platform. Pull request #1233 by John C. Vernaleo.
|
70
|
+
* Improved error message for first-time RubyGems developers. Pull request
|
71
|
+
#1241 by André Arko
|
72
|
+
* Improved performance of Gem::Specification#load with cached specs. Pull
|
73
|
+
request #1297 by Samuel E. Giddins.
|
74
|
+
* Gem::RemoteFetcher allows users to set HTTP headers. Pull request #1363 by
|
75
|
+
Agis Anastasopoulos.
|
76
|
+
|
77
|
+
Bug fixes:
|
78
|
+
|
79
|
+
* Fixed Rake homepage url in example for Gem::Specification#homepage.
|
80
|
+
Pull request #1171 by Arthur Nogueira Neves
|
81
|
+
* Don't crash if partially uninstalled gem can't be found.
|
82
|
+
Pull request #1283 by Cezary Baginski.
|
83
|
+
* Test warning cleanup.
|
84
|
+
Pull request #1298 by Samuel E. Giddins.
|
85
|
+
* Documentation fix for GemDependencyAPI.
|
86
|
+
Pull request #1308 by Michael Papis.
|
87
|
+
* Fetcher now ignores ENOLCK errors in single threaded environments. This
|
88
|
+
handles an issue with gem installation on NFS as best we can. Addresses
|
89
|
+
issue #1176 by Ryan Moore.
|
90
|
+
Pull request #1327 by Daniel Berger.
|
91
|
+
* Fix some path quoting issues in the test suite.
|
92
|
+
Pull request #1328 by Gavin Miller.
|
93
|
+
* Fix NoMethodError in running ruby processes when gems are uninstalled.
|
94
|
+
Pull request #1332 by Peter Drake.
|
95
|
+
* Fixed a potential NoMethodError for gem cleanup.
|
96
|
+
Pull request #1333 by Peter Drake.
|
97
|
+
* Fixed gem help bug.
|
98
|
+
Issue #1352 reported by bogem, pull request #1357 by Luis Sagastume.
|
99
|
+
* Remove temporary directories after tests finish. Pull request #1181 by
|
100
|
+
Nobuyoshi Nokada.
|
101
|
+
* Update links in RubyGems documentation. Pull request #1185 by Darío Hereñú.
|
102
|
+
* Prerelease gem executables can now be run. Pull request #1186 by Samuel E.
|
103
|
+
Giddins.
|
104
|
+
* Updated RubyGems travis-ci ruby versions. Pull request #1187 by Samuel E.
|
105
|
+
Giddins.
|
106
|
+
* Fixed release date of RubyGems 2.4.6. Pull request #1190 by Frieder
|
107
|
+
Bluemle.
|
108
|
+
* Fixed bugs in gem activation. Pull request #1202 by Miklós Fazekas.
|
109
|
+
* Fixed documentation for `gem list`. Pull request #1228 by Godfrey Chan.
|
110
|
+
* Fixed #1200 history entry. Pull request #1234 by Marc Siegel.
|
111
|
+
* Fixed synchronization issue when resetting the Gem::Specification gem list.
|
112
|
+
Pull request #1239 by Samuel E. Giddins.
|
113
|
+
* Fixed running tests in parallel. Pull request #1257 by SHIBATA Hiroshi.
|
114
|
+
* Fixed running tests with `--program-prefix` or `--program-suffix` for ruby.
|
115
|
+
Pull request #1258 by Shane Gibbs.
|
116
|
+
* Fixed Gem::Specification#to_yaml. Pull request #1262 by Hiroaki Izu.
|
117
|
+
* Fixed taintedness of Gem::Specification#raw_require_paths. Pull request
|
118
|
+
#1268 by Sam Ruby.
|
119
|
+
* Fixed sorting of platforms when installing gems. Pull request #1271 by
|
120
|
+
nonsequitur.
|
121
|
+
* Use `--no-document` over deprecated documentation options when installing
|
122
|
+
dependencies on travis. Pull request #1272 by takiy33.
|
123
|
+
* Improved support for IPv6 addresses in URIs. Pull request #1275 by Joe
|
124
|
+
Rafaniello.
|
125
|
+
* Spec validation no longer crashes if a file does not exist. Pull request
|
126
|
+
#1278 by Samuel E. Giddins.
|
127
|
+
* Gems can now be installed within `rescue`. Pull request #1282 by Samuel E.
|
128
|
+
Giddins.
|
129
|
+
* Increased Diffie-Hellman key size for tests for modern OpenSSL. Pull
|
130
|
+
request #1290 by Vít Ondruch.
|
131
|
+
* RubyGems handles invalid config files better. Pull request #1367 by Agis
|
132
|
+
Anastasopoulos.
|
133
|
+
|
3
134
|
=== 2.4.8 / 2015-06-08
|
4
135
|
|
5
136
|
Bug fixes:
|
@@ -10,10 +141,10 @@ Bug fixes:
|
|
10
141
|
|
11
142
|
Bug fixes:
|
12
143
|
|
13
|
-
*
|
144
|
+
* Limit API endpoint to original security domain for CVE-2015-3900.
|
14
145
|
Fix by claudijd
|
15
146
|
|
16
|
-
=== 2.4.6 /
|
147
|
+
=== 2.4.6 / 2015-02-05
|
17
148
|
|
18
149
|
Bug fixes:
|
19
150
|
|
@@ -329,6 +460,26 @@ Bug fixes:
|
|
329
460
|
* Gem::BasicSpecification#require_paths respects default_ext_dir_for now. Bug
|
330
461
|
#852 by Vít Ondruch.
|
331
462
|
|
463
|
+
=== 2.2.5 / 2015-06-08
|
464
|
+
|
465
|
+
Bug fixes:
|
466
|
+
|
467
|
+
* Tightened API endpoint checks for CVE-2015-3900
|
468
|
+
|
469
|
+
=== 2.2.4 / 2015-05-14
|
470
|
+
|
471
|
+
Bug fixes:
|
472
|
+
|
473
|
+
* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
|
474
|
+
Fix by claudijd
|
475
|
+
|
476
|
+
=== 2.2.3 / 2014-12-21
|
477
|
+
|
478
|
+
Bug fixes:
|
479
|
+
|
480
|
+
* Backport: Add alternate Root CA for upcoming certificate change.
|
481
|
+
Fixes #1050 by Protosac
|
482
|
+
|
332
483
|
=== 2.2.2 / 2014-02-05
|
333
484
|
|
334
485
|
Bug fixes:
|
@@ -698,6 +849,26 @@ Bug fixes:
|
|
698
849
|
* Fixed credential creation for `gem push` when `--host` is not given. Pull
|
699
850
|
request #622 by Arthur Nogueira Neves
|
700
851
|
|
852
|
+
=== 2.0.17 / 2015-06-08
|
853
|
+
|
854
|
+
Bug fixes:
|
855
|
+
|
856
|
+
* Tightened API endpoint checks for CVE-2015-3900
|
857
|
+
|
858
|
+
=== 2.0.16 / 2015-05-14
|
859
|
+
|
860
|
+
Bug fixes:
|
861
|
+
|
862
|
+
* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
|
863
|
+
Fix by claudijd
|
864
|
+
|
865
|
+
=== 2.0.15 / 2014-12-21
|
866
|
+
|
867
|
+
Bug fixes:
|
868
|
+
|
869
|
+
* Backport: Add alternate Root CA for upcoming certificate change.
|
870
|
+
Fixes #1050 by Protosac
|
871
|
+
|
701
872
|
=== 2.0.14 / 2013-11-12
|
702
873
|
|
703
874
|
Bug fixes:
|
data/Manifest.txt
CHANGED
@@ -1,8 +1,10 @@
|
|
1
1
|
.autotest
|
2
2
|
.document
|
3
|
+
CODE_OF_CONDUCT.md
|
3
4
|
CONTRIBUTING.rdoc
|
4
5
|
CVE-2013-4287.txt
|
5
6
|
CVE-2013-4363.txt
|
7
|
+
CVE-2015-3900.txt
|
6
8
|
History.txt
|
7
9
|
LICENSE.txt
|
8
10
|
MIT.txt
|
@@ -128,6 +130,16 @@ lib/rubygems/resolver/installer_set.rb
|
|
128
130
|
lib/rubygems/resolver/local_specification.rb
|
129
131
|
lib/rubygems/resolver/lock_set.rb
|
130
132
|
lib/rubygems/resolver/lock_specification.rb
|
133
|
+
lib/rubygems/resolver/molinillo.rb
|
134
|
+
lib/rubygems/resolver/molinillo/lib/molinillo.rb
|
135
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/dependency_graph.rb
|
136
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/errors.rb
|
137
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/gem_metadata.rb
|
138
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/modules/specification_provider.rb
|
139
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/modules/ui.rb
|
140
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/resolution.rb
|
141
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/resolver.rb
|
142
|
+
lib/rubygems/resolver/molinillo/lib/molinillo/state.rb
|
131
143
|
lib/rubygems/resolver/requirement_list.rb
|
132
144
|
lib/rubygems/resolver/set.rb
|
133
145
|
lib/rubygems/resolver/spec_specification.rb
|
@@ -169,8 +181,8 @@ lib/rubygems/uninstaller.rb
|
|
169
181
|
lib/rubygems/uri_formatter.rb
|
170
182
|
lib/rubygems/user_interaction.rb
|
171
183
|
lib/rubygems/util.rb
|
184
|
+
lib/rubygems/util/licenses.rb
|
172
185
|
lib/rubygems/util/list.rb
|
173
|
-
lib/rubygems/util/stringio.rb
|
174
186
|
lib/rubygems/validator.rb
|
175
187
|
lib/rubygems/version.rb
|
176
188
|
lib/rubygems/version_option.rb
|
@@ -355,4 +367,5 @@ test/rubygems/wrong_key_cert_32.pem
|
|
355
367
|
util/CL2notes
|
356
368
|
util/create_certs.rb
|
357
369
|
util/create_encrypted_key.rb
|
370
|
+
util/generate_spdx_license_list.rb
|
358
371
|
util/update_bundled_ca_certificates.rb
|
data/Rakefile
CHANGED
@@ -13,7 +13,16 @@ rescue ::LoadError
|
|
13
13
|
require 'yaml'
|
14
14
|
end
|
15
15
|
|
16
|
-
|
16
|
+
begin
|
17
|
+
require 'hoe'
|
18
|
+
rescue ::LoadError
|
19
|
+
abort <<-ERR
|
20
|
+
Error while loading the hoe gem.
|
21
|
+
Please install it by running the following:
|
22
|
+
|
23
|
+
$ [sudo] gem install hoe
|
24
|
+
ERR
|
25
|
+
end
|
17
26
|
|
18
27
|
Hoe::RUBY_FLAGS << " --disable-gems" if RUBY_VERSION > "1.9"
|
19
28
|
|
@@ -99,6 +108,32 @@ task :install_test_deps => :clean_env do
|
|
99
108
|
sh "gem install minitest -v '~> 4.0'"
|
100
109
|
end
|
101
110
|
|
111
|
+
namespace :molinillo do
|
112
|
+
task :namespace do
|
113
|
+
files = Dir.glob('lib/rubygems/resolver/molinillo/**/*.rb')
|
114
|
+
sh "sed -i.bak 's/Molinillo/Gem::Resolver::Molinillo/g' #{files.join(' ')}"
|
115
|
+
sh "sed -i.bak \"s/require 'molinillo/require 'rubygems\\/resolver\\/molinillo\\/lib\\/molinillo/g\" #{files.join(' ')}"
|
116
|
+
sh "rm #{files.join('.bak ')}.bak"
|
117
|
+
end
|
118
|
+
|
119
|
+
task :clean do
|
120
|
+
files = Dir.glob('lib/rubygems/resolver/molinillo*/*', File::FNM_DOTMATCH).reject { |f| %(. .. lib).include? f.split('/').last }
|
121
|
+
puts files
|
122
|
+
sh "rm -r #{files.join(' ')}"
|
123
|
+
end
|
124
|
+
|
125
|
+
task :update, [:tag] => [] do |t, args|
|
126
|
+
tag = args[:tag]
|
127
|
+
Dir.chdir 'lib/rubygems/resolver' do
|
128
|
+
sh "rm -rf molinillo"
|
129
|
+
sh "curl -L https://github.com/CocoaPods/molinillo/archive/#{tag}.tar.gz | tar -xz"
|
130
|
+
sh "mv Molinillo-* molinillo"
|
131
|
+
end
|
132
|
+
Rake::Task['molinillo:namespace'].invoke
|
133
|
+
Rake::Task['molinillo:clean'].invoke
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
102
137
|
# --------------------------------------------------------------------
|
103
138
|
# Creating a release
|
104
139
|
|
data/lib/rubygems.rb
CHANGED
@@ -9,7 +9,7 @@ require 'rbconfig'
|
|
9
9
|
require 'thread'
|
10
10
|
|
11
11
|
module Gem
|
12
|
-
VERSION = '2.
|
12
|
+
VERSION = '2.5.0'
|
13
13
|
end
|
14
14
|
|
15
15
|
# Must be first since it unloads the prelude from 1.9.2
|
@@ -26,12 +26,12 @@ require 'rubygems/errors'
|
|
26
26
|
# For user documentation, see:
|
27
27
|
#
|
28
28
|
# * <tt>gem help</tt> and <tt>gem help [command]</tt>
|
29
|
-
# * {RubyGems User Guide}[http://
|
30
|
-
# * {Frequently Asked Questions}[http://
|
29
|
+
# * {RubyGems User Guide}[http://guides.rubygems.org/]
|
30
|
+
# * {Frequently Asked Questions}[http://guides.rubygems.org/faqs]
|
31
31
|
#
|
32
32
|
# For gem developer documentation see:
|
33
33
|
#
|
34
|
-
# * {Creating Gems}[http://
|
34
|
+
# * {Creating Gems}[http://guides.rubygems.org/make-your-own-gem]
|
35
35
|
# * Gem::Specification
|
36
36
|
# * Gem::Version for version dependency notes
|
37
37
|
#
|
@@ -156,6 +156,7 @@ module Gem
|
|
156
156
|
@@win_platform = nil
|
157
157
|
|
158
158
|
@configuration = nil
|
159
|
+
@gemdeps = nil
|
159
160
|
@loaded_specs = {}
|
160
161
|
LOADED_SPECS_MUTEX = Mutex.new
|
161
162
|
@path_to_default_spec_map = {}
|
@@ -184,13 +185,9 @@ module Gem
|
|
184
185
|
# or if it was ambiguous (and thus unresolved) the code in our custom
|
185
186
|
# require will try to activate the more specific version.
|
186
187
|
|
187
|
-
spec = Gem::Specification.
|
188
|
-
|
189
|
-
|
190
|
-
spec = Gem::Specification.find_by_path path
|
191
|
-
return true if spec && spec.activated?
|
192
|
-
return false
|
193
|
-
end
|
188
|
+
spec = Gem::Specification.find_by_path path
|
189
|
+
return false unless spec
|
190
|
+
return true if spec.activated?
|
194
191
|
|
195
192
|
begin
|
196
193
|
spec.activate
|
@@ -433,7 +430,7 @@ module Gem
|
|
433
430
|
|
434
431
|
files = find_files_from_load_path glob if check_load_path
|
435
432
|
|
436
|
-
files.concat Gem::Specification.map { |spec|
|
433
|
+
files.concat Gem::Specification.stubs.map { |spec|
|
437
434
|
spec.matches_for_glob("#{glob}#{Gem.suffix_pattern}")
|
438
435
|
}.flatten
|
439
436
|
|
@@ -580,6 +577,10 @@ module Gem
|
|
580
577
|
# gem's paths are inserted before site lib directory by default.
|
581
578
|
|
582
579
|
def self.load_path_insert_index
|
580
|
+
$LOAD_PATH.each_with_index do |path, i|
|
581
|
+
return i if path.instance_variable_defined?(:@gem_prelude_index)
|
582
|
+
end
|
583
|
+
|
583
584
|
index = $LOAD_PATH.index RbConfig::CONFIG['sitelibdir']
|
584
585
|
|
585
586
|
index
|
@@ -596,6 +597,9 @@ module Gem
|
|
596
597
|
|
597
598
|
test_syck = ENV['TEST_SYCK']
|
598
599
|
|
600
|
+
# Only Ruby 1.8 and 1.9 have syck
|
601
|
+
test_syck = false unless /^1\./ =~ RUBY_VERSION
|
602
|
+
|
599
603
|
unless test_syck
|
600
604
|
begin
|
601
605
|
gem 'psych', '>= 1.2.1'
|
@@ -777,6 +781,14 @@ module Gem
|
|
777
781
|
open path, 'rb' do |f|
|
778
782
|
f.read
|
779
783
|
end
|
784
|
+
rescue Errno::ENOLCK # NFS
|
785
|
+
if Thread.main != Thread.current
|
786
|
+
raise
|
787
|
+
else
|
788
|
+
open path, 'rb' do |f|
|
789
|
+
f.read
|
790
|
+
end
|
791
|
+
end
|
780
792
|
end
|
781
793
|
|
782
794
|
##
|
@@ -1052,7 +1064,7 @@ module Gem
|
|
1052
1064
|
end
|
1053
1065
|
|
1054
1066
|
rs = Gem::RequestSet.new
|
1055
|
-
rs.load_gemdeps path
|
1067
|
+
@gemdeps = rs.load_gemdeps path
|
1056
1068
|
|
1057
1069
|
rs.resolve_current.map do |s|
|
1058
1070
|
sp = s.full_spec
|
@@ -1082,6 +1094,12 @@ module Gem
|
|
1082
1094
|
|
1083
1095
|
attr_reader :loaded_specs
|
1084
1096
|
|
1097
|
+
##
|
1098
|
+
# GemDependencyAPI object, which is set when .use_gemdeps is called.
|
1099
|
+
# This contains all the information from the Gemfile.
|
1100
|
+
|
1101
|
+
attr_reader :gemdeps
|
1102
|
+
|
1085
1103
|
##
|
1086
1104
|
# Register a Gem::Specification for default gem.
|
1087
1105
|
#
|
@@ -1196,6 +1214,7 @@ module Gem
|
|
1196
1214
|
autoload :DependencyList, 'rubygems/dependency_list'
|
1197
1215
|
autoload :DependencyResolver, 'rubygems/resolver'
|
1198
1216
|
autoload :Installer, 'rubygems/installer'
|
1217
|
+
autoload :Licenses, 'rubygems/util/licenses'
|
1199
1218
|
autoload :PathSupport, 'rubygems/path_support'
|
1200
1219
|
autoload :Platform, 'rubygems/platform'
|
1201
1220
|
autoload :RequestSet, 'rubygems/request_set'
|
@@ -1242,4 +1261,3 @@ require 'rubygems/core_ext/kernel_gem'
|
|
1242
1261
|
require 'rubygems/core_ext/kernel_require'
|
1243
1262
|
|
1244
1263
|
Gem.use_gemdeps
|
1245
|
-
|