diff --git a/ChangeLog b/ChangeLog index fffcc76a81..2540307c53 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +Sat Nov 23 03:44:03 2013 Eric Hodel + + * lib/rubygems: Update to RubyGems master dcce4ff. Important changes + in this commit: + + Remove automatic detection of gem dependencies files. This prevents a + security hole as described in [ruby-core:58490] + + Fixed bugs for installing git gems. + + * test/rubygems: ditto. + Fri Nov 22 22:30:00 2013 Kenta Murata * ext/bigdecimal/bigdecimal.c (BigDecimal_power): diff --git a/lib/rubygems.rb b/lib/rubygems.rb index a6c97ed16d..8a0d992141 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -8,7 +8,7 @@ require 'rbconfig' module Gem - VERSION = '2.2.0.preview.2' + VERSION = '2.2.0' end # Must be first since it unloads the prelude from 1.9.2 @@ -995,12 +995,16 @@ module Gem # Looks for gem dependency files (gem.deps.rb, Gemfile, Isolate) from the # current directory up and activates the gems in the first file found. # - # This is run automatically when rubygems starts. To disable, set - # the RUBYGEMS_GEMDEPS= environment variable to an empty - # string. + # You can run this automatically when rubygems starts. To enable, set + # the RUBYGEMS_GEMDEPS environment variable to either the path + # of your Gemfile or "-" to auto-discover in parent directories. + # + # NOTE: Enabling automatic discovery on multiuser systems can lead to + # execution of arbitrary code when used from directories outside your + # control. def self.use_gemdeps - return unless path = ENV['RUBYGEMS_GEMDEPS'] || '-' + return unless path = ENV['RUBYGEMS_GEMDEPS'] path = path.dup.untaint if path == "-" diff --git a/lib/rubygems/resolver/composed_set.rb b/lib/rubygems/resolver/composed_set.rb index 702bd9ccfc..19227e095b 100644 --- a/lib/rubygems/resolver/composed_set.rb +++ b/lib/rubygems/resolver/composed_set.rb @@ -23,9 +23,9 @@ class Gem::Resolver::ComposedSet < Gem::Resolver::Set # Finds all specs matching +req+ in all sets. def find_all req - res = [] - @sets.each { |s| res += s.find_all(req) } - res + @sets.map do |s| + s.find_all req + end.flatten end ## diff --git a/lib/rubygems/source/git.rb b/lib/rubygems/source/git.rb index 82690923ff..c4f2724645 100644 --- a/lib/rubygems/source/git.rb +++ b/lib/rubygems/source/git.rb @@ -120,6 +120,12 @@ class Gem::Source::Git < Gem::Source rev_parse[0..11] end + ## + # Nothing to download for git gems + + def download full_spec, path # :nodoc: + end + ## # The directory where the git gem will be installed. diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index 22e2981198..2bcc2c0ef2 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -2177,7 +2177,7 @@ class Gem::Specification < Gem::BasicSpecification # Used by Gem::Resolver to order Gem::Specification objects def source # :nodoc: - self + Gem::Source::Installed.new end ## diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index 33d4b25e0d..44b6c4a18b 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb @@ -1258,6 +1258,24 @@ class TestGem < Gem::TestCase Gem.use_gemdeps + refute spec.activated? + ensure + ENV['RUBYGEMS_GEMDEPS'] = rubygems_gemdeps + end + + def test_use_gemdeps_automatic + rubygems_gemdeps, ENV['RUBYGEMS_GEMDEPS'] = ENV['RUBYGEMS_GEMDEPS'], '-' + + spec = util_spec 'a', 1 + + refute spec.activated? + + open 'Gemfile', 'w' do |io| + io.write 'gem "a"' + end + + Gem.use_gemdeps + assert spec.activated? ensure ENV['RUBYGEMS_GEMDEPS'] = rubygems_gemdeps diff --git a/test/rubygems/test_gem_source_git.rb b/test/rubygems/test_gem_source_git.rb index 9cdcbc0ed5..e32649c2b0 100644 --- a/test/rubygems/test_gem_source_git.rb +++ b/test/rubygems/test_gem_source_git.rb @@ -51,6 +51,10 @@ class TestGemSourceGit < Gem::TestCase assert_equal @head[0..11], @source.dir_shortref end + def test_download + refute @source.download nil, nil + end + def test_equals2 assert_equal @source, @source diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb index d08e77faff..b63721270e 100644 --- a/test/rubygems/test_gem_specification.rb +++ b/test/rubygems/test_gem_specification.rb @@ -1738,6 +1738,10 @@ dependencies: [] RbConfig::CONFIG['ENABLE_SHARED'] = enable_shared end + def test_source + assert_kind_of Gem::Source::Installed, @a1.source + end + def test_full_require_paths ext_spec