* lib/rubygems: Update to RubyGems 2.1.0. Fixes CVE-2013-4287.

See http://rubygems.rubyforge.org/rubygems-update/CVE-2013-4287_txt.html for CVE information. See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.1.0+%2F+2013-09-09 for release notes. * test/rubygems: Tests for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-09-10 00:52:14 +0000
committer: drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2013-09-10 00:52:14 +0000
commit: f06f90323133e2f1440cd5090a622b56994c4e65 ()
tree: 9eb52cdb3b8e0a8bab0c7e10b5c8cdce14762898 /lib
parent: 888e5cbbe7398aa814f5a0208a0fd30cfe337f3b (diff)
13 files changed, 65 insertions, 18 deletions
@@ -8,7 +8,7 @@
 require 'rbconfig'
 module Gem
- VERSION = '2.1.0.rc.2'
 end
 # Must be first since it unloads the prelude from 1.9.2
@@ -315,7 +315,7 @@ module Gem
 @paths = nil
 @user_home = nil
 Gem::Specification.reset
- Gem::Security.reset if const_defined? :Security
 end
 ##
@@ -79,7 +79,9 @@ class Gem::DependencyResolver
 needed = nil
 @needed.reverse_each do |n|
- needed = Gem::List.new(Gem::DependencyResolver::DependencyRequest.new(n, nil), needed)
 end
 res = resolve_for needed, nil
@@ -162,7 +164,9 @@ class Gem::DependencyResolver
 # Sort them so that we try the highest versions
 # first.
- possible = possible.sort_by { |s| [s.source, s.version] }
 # We track the conflicts seen so that we can report them
 # to help the user figure out how to fix the situation.
@@ -8,6 +8,7 @@ class Gem::DependencyResolver::APISpecification
 attr_reader :dependencies
 attr_reader :name
 attr_reader :set # :nodoc:
 attr_reader :version
@@ -15,6 +16,7 @@ class Gem::DependencyResolver::APISpecification
 @set = set
 @name = api_data[:name]
 @version = Gem::Version.new api_data[:number]
 @dependencies = api_data[:dependencies].map do |name, ver|
 Gem::Dependency.new name, ver.split(/\s*,\s*/)
 end
@@ -25,6 +27,7 @@ class Gem::DependencyResolver::APISpecification
 @set == other.set and
 @name == other.name and
 @version == other.version and
 @dependencies == other.dependencies
 end
@@ -43,9 +43,14 @@ class Gem::DependencyResolver::IndexSet
 # Called from IndexSpecification to get a true Specification
 # object.
- def load_spec name, ver, source
- key = "#{name}-#{ver}"
- @specs[key] ||= source.fetch_spec(Gem::NameTuple.new(name, ver))
 end
 ##
@@ -8,6 +8,8 @@ class Gem::DependencyResolver::IndexSpecification
 attr_reader :name
 attr_reader :source
 attr_reader :version
@@ -39,14 +41,19 @@ class Gem::DependencyResolver::IndexSpecification
 q.breakable
 q.text full_name
 q.breakable
- q.text ' source '
 q.pp @source
 end
 end
 def spec
- @spec ||= @set.load_spec(@name, @version, @source)
 end
 end
@@ -26,6 +26,10 @@ class Gem::DependencyResolver::InstalledSpecification
 @spec.name
 end
 def source
 @source ||= Gem::Source::Installed.new
 end
@@ -115,9 +115,14 @@ class Gem::DependencyResolver::InstallerSet
 # Called from IndexSpecification to get a true Specification
 # object.
- def load_spec name, ver, source
- key = "#{name}-#{ver}"
- @specs[key] ||= source.fetch_spec Gem::NameTuple.new name, ver
 end
 ##
@@ -77,7 +77,8 @@ module Gem::GemcutterUtilities
 # Signs in with the RubyGems API at +sign_in_host+ and sets the rubygems API
 # key.
- def sign_in sign_in_host = self.host
 return if Gem.configuration.rubygems_api_key
 pretty_host = if Gem::DEFAULT_HOST == sign_in_host then
@@ -28,7 +28,10 @@ class Gem::RequestSet
 @always_install = []
 @development = false
 @soft_missing = false
 yield self if block_given?
 end
@@ -200,8 +200,11 @@ class Gem::SpecFetcher
 when :released
 tuples_for source, :released
 when :complete
- tuples_for(source, :prerelease, true) +
 tuples_for(source, :released)
 when :prerelease
 tuples_for(source, :prerelease)
 else
@@ -34,7 +34,7 @@ class Date; end
 # s.homepage = 'https://rubygems.org/gems/example'
 # end
 #
-# Starting in RubyGems 1.9.0, a Specification can hold arbitrary
 # metadata. This metadata is accessed via Specification#metadata
 # and has the following restrictions:
 #
@@ -2097,7 +2097,6 @@ class Gem::Specification < Gem::BasicSpecification
 # Returns an object you can use to sort specifications in #sort_by.
 def sort_obj
- # TODO: this is horrible. Deprecate it.
 [@name, @version, @new_platform == Gem::Platform::RUBY ? -1 : 1]
 end
@@ -1097,7 +1097,11 @@ Also, a list:
 class StaticSet
 def initialize(specs)
- @specs = specs.sort_by { |s| s.full_name }
 end
 def find_spec(dep)
@@ -1110,6 +1114,15 @@ Also, a list:
 @specs.find_all { |s| dep.matches_spec? s }
 end
 def prefetch(reqs)
 end
 end
@@ -147,7 +147,7 @@ class Gem::Version
 # FIX: These are only used once, in .correct?. Do they deserve to be
 # constants?
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
 ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
 ##
author	drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-09-10 00:52:14 +0000
committer	drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2013-09-10 00:52:14 +0000
commit	f06f90323133e2f1440cd5090a622b56994c4e65 ()
tree	9eb52cdb3b8e0a8bab0c7e10b5c8cdce14762898 /lib
parent	888e5cbbe7398aa814f5a0208a0fd30cfe337f3b (diff)