diff options
author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-09-10 00:52:14 +0000 |
---|---|---|
committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-09-10 00:52:14 +0000 |
commit | f06f90323133e2f1440cd5090a622b56994c4e65 (patch) | |
tree | 9eb52cdb3b8e0a8bab0c7e10b5c8cdce14762898 /lib/rubygems/dependency_resolver.rb | |
parent | 888e5cbbe7398aa814f5a0208a0fd30cfe337f3b (diff) | |
download | ruby-f06f90323133e2f1440cd5090a622b56994c4e65.tar.gz |
* lib/rubygems: Update to RubyGems 2.1.0. Fixes CVE-2013-4287.
See http://rubygems.rubyforge.org/rubygems-update/CVE-2013-4287_txt.html
for CVE information.
See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.1.0+%2F+2013-09-09
for release notes.
* test/rubygems: Tests for the above.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib/rubygems/dependency_resolver.rb')
-rw-r--r-- | lib/rubygems/dependency_resolver.rb | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/rubygems/dependency_resolver.rb b/lib/rubygems/dependency_resolver.rb index e5c05972d8..721fd43c51 100644 --- a/lib/rubygems/dependency_resolver.rb +++ b/lib/rubygems/dependency_resolver.rb @@ -79,7 +79,9 @@ class Gem::DependencyResolver needed = nil @needed.reverse_each do |n| - needed = Gem::List.new(Gem::DependencyResolver::DependencyRequest.new(n, nil), needed) + request = Gem::DependencyResolver::DependencyRequest.new n, nil + + needed = Gem::List.new request, needed end res = resolve_for needed, nil @@ -162,7 +164,9 @@ class Gem::DependencyResolver # Sort them so that we try the highest versions # first. - possible = possible.sort_by { |s| [s.source, s.version] } + possible = possible.sort_by do |s| + [s.source, s.version, s.platform == Gem::Platform::RUBY ? -1 : 1] + end # We track the conflicts seen so that we can report them # to help the user figure out how to fix the situation. |