rubygems-update 3.6.1 → 3.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -0
- data/bundler/CHANGELOG.md +10 -0
- data/bundler/lib/bundler/build_metadata.rb +2 -2
- data/bundler/lib/bundler/man/bundle-lock.1 +1 -1
- data/bundler/lib/bundler/man/bundle-lock.1.ronn +1 -1
- data/bundler/lib/bundler/self_manager.rb +3 -2
- data/bundler/lib/bundler/version.rb +1 -1
- data/lib/rubygems/rdoc.rb +10 -1
- data/lib/rubygems/requirement.rb +4 -3
- data/lib/rubygems/safe_marshal/reader.rb +31 -14
- data/lib/rubygems/safe_marshal/visitors/to_ruby.rb +29 -16
- data/lib/rubygems/specification.rb +2 -10
- data/lib/rubygems/uninstaller.rb +0 -1
- data/lib/rubygems/version.rb +4 -1
- data/lib/rubygems.rb +1 -1
- data/rubygems-update.gemspec +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c7fc38a36a930a52e9fb812ac5bc206c9f58540bff63db2bee276d514d08ce5f
|
4
|
+
data.tar.gz: 8056fefbaf65da55c57da58c72c9f7bb6e59e5813e9963c3cbcb8239c7387206
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3c929cdfcbf4282ac045f1906f57d4d289de04834ce74eaec64664148aa2c2ef1813c9ce225432d88e31989c1d1e1d0456a4485babc9608dd2446b44c97eb837
|
7
|
+
data.tar.gz: 6945a43c3cda7831f926755d25ae0711a5cbe709b7de819f41b30ce6db3f4dca667106bb7b627a02146a2460d62359b5ba7d876e31e9213fad5440b3dcebb2fd
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,27 @@
|
|
1
|
+
# 3.6.2 / 2024-12-23
|
2
|
+
|
3
|
+
## Security:
|
4
|
+
|
5
|
+
* Fix Gem::SafeMarshal buffer overrun when given lengths larger than fit
|
6
|
+
into a byte. Pull request
|
7
|
+
[#8305](https://github.com/rubygems/rubygems/pull/8305) by segiddins
|
8
|
+
* Improve type checking in marshal_load methods. Pull request
|
9
|
+
[#8306](https://github.com/rubygems/rubygems/pull/8306) by segiddins
|
10
|
+
|
11
|
+
## Enhancements:
|
12
|
+
|
13
|
+
* Skip rdoc hooks and their tests on newer rdoc versions. Pull request
|
14
|
+
[#8340](https://github.com/rubygems/rubygems/pull/8340) by
|
15
|
+
deivid-rodriguez
|
16
|
+
* Installs bundler 2.6.2 as a default gem.
|
17
|
+
|
18
|
+
## Bug fixes:
|
19
|
+
|
20
|
+
* Fix serialized metadata including an empty `@original_platform`
|
21
|
+
attribute. Pull request
|
22
|
+
[#8355](https://github.com/rubygems/rubygems/pull/8355) by
|
23
|
+
deivid-rodriguez
|
24
|
+
|
1
25
|
# 3.6.1 / 2024-12-17
|
2
26
|
|
3
27
|
## Enhancements:
|
data/bundler/CHANGELOG.md
CHANGED
@@ -1,3 +1,13 @@
|
|
1
|
+
# 2.6.2 (December 23, 2024)
|
2
|
+
|
3
|
+
## Bug fixes:
|
4
|
+
|
5
|
+
- Restart using `Process.argv0` only if `$PROGRAM_NAME` is not a script [#8343](https://github.com/rubygems/rubygems/pull/8343)
|
6
|
+
|
7
|
+
## Documentation:
|
8
|
+
|
9
|
+
- Fix typo in `bundle lock` man page synopsis (`--add-checkums` → `--add-checksums`) [#8350](https://github.com/rubygems/rubygems/pull/8350)
|
10
|
+
|
1
11
|
# 2.6.1 (December 17, 2024)
|
2
12
|
|
3
13
|
## Bug fixes:
|
@@ -4,8 +4,8 @@ module Bundler
|
|
4
4
|
# Represents metadata from when the Bundler gem was built.
|
5
5
|
module BuildMetadata
|
6
6
|
# begin ivars
|
7
|
-
@built_at = "2024-12-
|
8
|
-
@git_commit_sha = "
|
7
|
+
@built_at = "2024-12-23".freeze
|
8
|
+
@git_commit_sha = "90ebd47c740".freeze
|
9
9
|
@release = true
|
10
10
|
# end ivars
|
11
11
|
|
@@ -4,7 +4,7 @@
|
|
4
4
|
.SH "NAME"
|
5
5
|
\fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
|
6
6
|
.SH "SYNOPSIS"
|
7
|
-
\fBbundle lock\fR [\-\-update] [\-\-bundler[=BUNDLER]] [\-\-local] [\-\-print] [\-\-lockfile=PATH] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-add\-
|
7
|
+
\fBbundle lock\fR [\-\-update] [\-\-bundler[=BUNDLER]] [\-\-local] [\-\-print] [\-\-lockfile=PATH] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-add\-checksums] [\-\-add\-platform] [\-\-remove\-platform] [\-\-normalize\-platforms] [\-\-patch] [\-\-minor] [\-\-major] [\-\-pre] [\-\-strict] [\-\-conservative]
|
8
8
|
.SH "DESCRIPTION"
|
9
9
|
Lock the gems specified in Gemfile\.
|
10
10
|
.SH "OPTIONS"
|
@@ -84,8 +84,9 @@ module Bundler
|
|
84
84
|
require "shellwords"
|
85
85
|
cmd = [*Shellwords.shellsplit(bundler_spec_original_cmd), *ARGV]
|
86
86
|
else
|
87
|
-
|
88
|
-
cmd
|
87
|
+
argv0 = File.exist?($PROGRAM_NAME) ? $PROGRAM_NAME : Process.argv0
|
88
|
+
cmd = [argv0, *ARGV]
|
89
|
+
cmd.unshift(Gem.ruby) unless File.executable?(argv0)
|
89
90
|
end
|
90
91
|
|
91
92
|
Bundler.with_original_env do
|
data/lib/rubygems/rdoc.rb
CHANGED
@@ -6,8 +6,17 @@ begin
|
|
6
6
|
require "rdoc/rubygems_hook"
|
7
7
|
module Gem
|
8
8
|
RDoc = ::RDoc::RubygemsHook
|
9
|
+
|
10
|
+
##
|
11
|
+
# Returns whether RDoc defines its own install hooks through a RubyGems
|
12
|
+
# plugin. This and whatever is guarded by it can be removed once no
|
13
|
+
# supported Ruby ships with RDoc older than 6.9.0.
|
14
|
+
|
15
|
+
def self.rdoc_hooks_defined_via_plugin?
|
16
|
+
Gem::Version.new(::RDoc::VERSION) >= Gem::Version.new("6.9.0")
|
17
|
+
end
|
9
18
|
end
|
10
19
|
|
11
|
-
Gem.done_installing(&Gem::RDoc.method(:generation_hook))
|
20
|
+
Gem.done_installing(&Gem::RDoc.method(:generation_hook)) unless Gem.rdoc_hooks_defined_via_plugin?
|
12
21
|
rescue LoadError
|
13
22
|
end
|
data/lib/rubygems/requirement.rb
CHANGED
@@ -22,7 +22,7 @@ class Gem::Requirement
|
|
22
22
|
|
23
23
|
SOURCE_SET_REQUIREMENT = Struct.new(:for_lockfile).new "!" # :nodoc:
|
24
24
|
|
25
|
-
quoted = OPS.keys
|
25
|
+
quoted = Regexp.union(OPS.keys)
|
26
26
|
PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gem::Version::VERSION_PATTERN})\\s*".freeze # :nodoc:
|
27
27
|
|
28
28
|
##
|
@@ -201,7 +201,8 @@ class Gem::Requirement
|
|
201
201
|
def marshal_load(array) # :nodoc:
|
202
202
|
@requirements = array[0]
|
203
203
|
|
204
|
-
raise TypeError, "wrong @requirements" unless Array === @requirements
|
204
|
+
raise TypeError, "wrong @requirements" unless Array === @requirements &&
|
205
|
+
@requirements.all? {|r| r.size == 2 && (r.first.is_a?(String) || r[0] = "=") && r.last.is_a?(Gem::Version) }
|
205
206
|
end
|
206
207
|
|
207
208
|
def yaml_initialize(tag, vals) # :nodoc:
|
@@ -238,7 +239,7 @@ class Gem::Requirement
|
|
238
239
|
def satisfied_by?(version)
|
239
240
|
raise ArgumentError, "Need a Gem::Version: #{version.inspect}" unless
|
240
241
|
Gem::Version === version
|
241
|
-
requirements.all? {|op, rv| OPS
|
242
|
+
requirements.all? {|op, rv| OPS.fetch(op).call version, rv }
|
242
243
|
end
|
243
244
|
|
244
245
|
alias_method :===, :satisfied_by?
|
@@ -20,6 +20,12 @@ module Gem
|
|
20
20
|
class EOFError < Error
|
21
21
|
end
|
22
22
|
|
23
|
+
class DataTooShortError < Error
|
24
|
+
end
|
25
|
+
|
26
|
+
class NegativeLengthError < Error
|
27
|
+
end
|
28
|
+
|
23
29
|
def initialize(io)
|
24
30
|
@io = io
|
25
31
|
end
|
@@ -27,7 +33,7 @@ module Gem
|
|
27
33
|
def read!
|
28
34
|
read_header
|
29
35
|
root = read_element
|
30
|
-
raise UnconsumedBytesError unless @io.eof?
|
36
|
+
raise UnconsumedBytesError, "expected EOF, got #{@io.read(10).inspect}... after top-level element #{root.class}" unless @io.eof?
|
31
37
|
root
|
32
38
|
end
|
33
39
|
|
@@ -41,8 +47,16 @@ module Gem
|
|
41
47
|
raise UnsupportedVersionError, "Unsupported marshal version #{v.bytes.map(&:ord).join(".")}, expected #{Marshal::MAJOR_VERSION}.#{Marshal::MINOR_VERSION}" unless v == MARSHAL_VERSION
|
42
48
|
end
|
43
49
|
|
50
|
+
def read_bytes(n)
|
51
|
+
raise NegativeLengthError if n < 0
|
52
|
+
str = @io.read(n)
|
53
|
+
raise EOFError, "expected #{n} bytes, got EOF" if str.nil?
|
54
|
+
raise DataTooShortError, "expected #{n} bytes, got #{str.inspect}" unless str.bytesize == n
|
55
|
+
str
|
56
|
+
end
|
57
|
+
|
44
58
|
def read_byte
|
45
|
-
@io.getbyte
|
59
|
+
@io.getbyte || raise(EOFError, "Unexpected EOF")
|
46
60
|
end
|
47
61
|
|
48
62
|
def read_integer
|
@@ -67,8 +81,6 @@ module Gem
|
|
67
81
|
read_byte | (read_byte << 8) | -0x10000
|
68
82
|
when 0xFF
|
69
83
|
read_byte | -0x100
|
70
|
-
when nil
|
71
|
-
raise EOFError, "Unexpected EOF"
|
72
84
|
else
|
73
85
|
signed = (b ^ 128) - 128
|
74
86
|
if b >= 128
|
@@ -107,8 +119,6 @@ module Gem
|
|
107
119
|
when 47 then read_regexp # ?/
|
108
120
|
when 83 then read_struct # ?S
|
109
121
|
when 67 then read_user_class # ?C
|
110
|
-
when nil
|
111
|
-
raise EOFError, "Unexpected EOF"
|
112
122
|
else
|
113
123
|
raise Error, "Unknown marshal type discriminator #{type.chr.inspect} (#{type})"
|
114
124
|
end
|
@@ -127,7 +137,7 @@ module Gem
|
|
127
137
|
Elements::Symbol.new(byte.chr)
|
128
138
|
end
|
129
139
|
else
|
130
|
-
name =
|
140
|
+
name = read_bytes(len)
|
131
141
|
Elements::Symbol.new(name)
|
132
142
|
end
|
133
143
|
end
|
@@ -138,7 +148,7 @@ module Gem
|
|
138
148
|
def read_string
|
139
149
|
length = read_integer
|
140
150
|
return EMPTY_STRING if length == 0
|
141
|
-
str =
|
151
|
+
str = read_bytes(length)
|
142
152
|
Elements::String.new(str)
|
143
153
|
end
|
144
154
|
|
@@ -152,7 +162,7 @@ module Gem
|
|
152
162
|
|
153
163
|
def read_user_defined
|
154
164
|
name = read_element
|
155
|
-
binary_string =
|
165
|
+
binary_string = read_bytes(read_integer)
|
156
166
|
Elements::UserDefined.new(name, binary_string)
|
157
167
|
end
|
158
168
|
|
@@ -162,6 +172,7 @@ module Gem
|
|
162
172
|
def read_array
|
163
173
|
length = read_integer
|
164
174
|
return EMPTY_ARRAY if length == 0
|
175
|
+
raise NegativeLengthError if length < 0
|
165
176
|
elements = Array.new(length) do
|
166
177
|
read_element
|
167
178
|
end
|
@@ -170,7 +181,9 @@ module Gem
|
|
170
181
|
|
171
182
|
def read_object_with_ivars
|
172
183
|
object = read_element
|
173
|
-
|
184
|
+
length = read_integer
|
185
|
+
raise NegativeLengthError if length < 0
|
186
|
+
ivars = Array.new(length) do
|
174
187
|
[read_element, read_element]
|
175
188
|
end
|
176
189
|
Elements::WithIvars.new(object, ivars)
|
@@ -239,7 +252,9 @@ module Gem
|
|
239
252
|
end
|
240
253
|
|
241
254
|
def read_hash_with_default_value
|
242
|
-
|
255
|
+
length = read_integer
|
256
|
+
raise NegativeLengthError if length < 0
|
257
|
+
pairs = Array.new(length) do
|
243
258
|
[read_element, read_element]
|
244
259
|
end
|
245
260
|
default = read_element
|
@@ -249,7 +264,9 @@ module Gem
|
|
249
264
|
def read_object
|
250
265
|
name = read_element
|
251
266
|
object = Elements::Object.new(name)
|
252
|
-
|
267
|
+
length = read_integer
|
268
|
+
raise NegativeLengthError if length < 0
|
269
|
+
ivars = Array.new(length) do
|
253
270
|
[read_element, read_element]
|
254
271
|
end
|
255
272
|
Elements::WithIvars.new(object, ivars)
|
@@ -260,13 +277,13 @@ module Gem
|
|
260
277
|
end
|
261
278
|
|
262
279
|
def read_float
|
263
|
-
string =
|
280
|
+
string = read_bytes(read_integer)
|
264
281
|
Elements::Float.new(string)
|
265
282
|
end
|
266
283
|
|
267
284
|
def read_bignum
|
268
285
|
sign = read_byte
|
269
|
-
data =
|
286
|
+
data = read_bytes(read_integer * 2)
|
270
287
|
Elements::Bignum.new(sign, data)
|
271
288
|
end
|
272
289
|
|
@@ -45,7 +45,7 @@ module Gem::SafeMarshal
|
|
45
45
|
idx = 0
|
46
46
|
# not idiomatic, but there's a huge number of IMEMOs allocated here, so we avoid the block
|
47
47
|
# because this is such a hot path when doing a bundle install with the full index
|
48
|
-
|
48
|
+
while idx < size
|
49
49
|
push_stack idx
|
50
50
|
array << visit(elements[idx])
|
51
51
|
idx += 1
|
@@ -98,16 +98,21 @@ module Gem::SafeMarshal
|
|
98
98
|
end
|
99
99
|
|
100
100
|
s = e.object.binary_string
|
101
|
+
# 122 is the largest integer that can be represented in marshal in a single byte
|
102
|
+
raise TimeTooLargeError.new("binary string too large", stack: formatted_stack) if s.bytesize > 122
|
101
103
|
|
102
104
|
marshal_string = "\x04\bIu:\tTime".b
|
103
|
-
marshal_string.concat(s.
|
105
|
+
marshal_string.concat(s.bytesize + 5)
|
104
106
|
marshal_string << s
|
107
|
+
# internal is limited to 5, so no overflow is possible
|
105
108
|
marshal_string.concat(internal.size + 5)
|
106
109
|
|
107
110
|
internal.each do |k, v|
|
111
|
+
k = k.name
|
112
|
+
# ivar name can't be too large because only known ivars are in the internal ivars list
|
108
113
|
marshal_string.concat(":")
|
109
|
-
marshal_string.concat(k.
|
110
|
-
marshal_string.concat(k
|
114
|
+
marshal_string.concat(k.bytesize + 5)
|
115
|
+
marshal_string.concat(k)
|
111
116
|
dumped = Marshal.dump(v)
|
112
117
|
dumped[0, 2] = ""
|
113
118
|
marshal_string.concat(dumped)
|
@@ -171,11 +176,11 @@ module Gem::SafeMarshal
|
|
171
176
|
end
|
172
177
|
|
173
178
|
def visit_Gem_SafeMarshal_Elements_ObjectLink(o)
|
174
|
-
@objects
|
179
|
+
@objects.fetch(o.offset)
|
175
180
|
end
|
176
181
|
|
177
182
|
def visit_Gem_SafeMarshal_Elements_SymbolLink(o)
|
178
|
-
@symbols
|
183
|
+
@symbols.fetch(o.offset)
|
179
184
|
end
|
180
185
|
|
181
186
|
def visit_Gem_SafeMarshal_Elements_UserDefined(o)
|
@@ -219,16 +224,18 @@ module Gem::SafeMarshal
|
|
219
224
|
end
|
220
225
|
|
221
226
|
def visit_Gem_SafeMarshal_Elements_Float(f)
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
226
|
-
|
227
|
-
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
227
|
+
register_object(
|
228
|
+
case f.string
|
229
|
+
when "inf"
|
230
|
+
::Float::INFINITY
|
231
|
+
when "-inf"
|
232
|
+
-::Float::INFINITY
|
233
|
+
when "nan"
|
234
|
+
::Float::NAN
|
235
|
+
else
|
236
|
+
f.string.to_f
|
237
|
+
end
|
238
|
+
)
|
232
239
|
end
|
233
240
|
|
234
241
|
def visit_Gem_SafeMarshal_Elements_Bignum(b)
|
@@ -374,6 +381,12 @@ module Gem::SafeMarshal
|
|
374
381
|
class Error < StandardError
|
375
382
|
end
|
376
383
|
|
384
|
+
class TimeTooLargeError < Error
|
385
|
+
def initialize(message, stack:)
|
386
|
+
super "#{message} @ #{stack.join "."}"
|
387
|
+
end
|
388
|
+
end
|
389
|
+
|
377
390
|
class UnpermittedSymbolError < Error
|
378
391
|
def initialize(symbol:, stack:)
|
379
392
|
@symbol = symbol
|
@@ -1817,16 +1817,8 @@ class Gem::Specification < Gem::BasicSpecification
|
|
1817
1817
|
def encode_with(coder) # :nodoc:
|
1818
1818
|
coder.add "name", @name
|
1819
1819
|
coder.add "version", @version
|
1820
|
-
platform
|
1821
|
-
|
1822
|
-
"ruby"
|
1823
|
-
when String then
|
1824
|
-
@new_platform
|
1825
|
-
else
|
1826
|
-
@new_platform.to_s
|
1827
|
-
end
|
1828
|
-
coder.add "platform", platform
|
1829
|
-
coder.add "original_platform", @original_platform.to_s if platform != @original_platform.to_s
|
1820
|
+
coder.add "platform", platform.to_s
|
1821
|
+
coder.add "original_platform", original_platform.to_s if platform.to_s != original_platform.to_s
|
1830
1822
|
|
1831
1823
|
attributes = @@attributes.map(&:to_s) - %w[name version platform]
|
1832
1824
|
attributes.each do |name|
|
data/lib/rubygems/uninstaller.rb
CHANGED
data/lib/rubygems/version.rb
CHANGED
@@ -288,7 +288,10 @@ class Gem::Version
|
|
288
288
|
# 1.3.5 and earlier) compatibility.
|
289
289
|
|
290
290
|
def marshal_load(array)
|
291
|
-
|
291
|
+
string = array[0]
|
292
|
+
raise TypeError, "wrong version string" unless string.is_a?(String)
|
293
|
+
|
294
|
+
initialize string
|
292
295
|
end
|
293
296
|
|
294
297
|
def yaml_initialize(tag, map) # :nodoc:
|
data/lib/rubygems.rb
CHANGED
data/rubygems-update.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "rubygems-update"
|
5
|
-
s.version = "3.6.
|
5
|
+
s.version = "3.6.2"
|
6
6
|
s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
|
7
7
|
s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
|
8
8
|
|
metadata
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rubygems-update
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.6.
|
4
|
+
version: 3.6.2
|
5
5
|
platform: ruby
|
6
|
-
original_platform: ''
|
7
6
|
authors:
|
8
7
|
- Jim Weirich
|
9
8
|
- Chad Fowler
|
@@ -16,7 +15,7 @@ authors:
|
|
16
15
|
- Hiroshi SHIBATA
|
17
16
|
bindir: exe
|
18
17
|
cert_chain: []
|
19
|
-
date: 2024-12-
|
18
|
+
date: 2024-12-23 00:00:00.000000000 Z
|
20
19
|
dependencies: []
|
21
20
|
description: |-
|
22
21
|
A package (also known as a library) contains a set of functionality
|
@@ -747,7 +746,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
747
746
|
- !ruby/object:Gem::Version
|
748
747
|
version: '0'
|
749
748
|
requirements: []
|
750
|
-
rubygems_version: 3.6.
|
749
|
+
rubygems_version: 3.6.2
|
751
750
|
specification_version: 4
|
752
751
|
summary: RubyGems is a package management framework for Ruby. This gem is downloaded
|
753
752
|
and installed by `gem update --system`, so that the `gem` CLI can update itself.
|