diff options
author | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-11-22 18:53:21 +0000 |
---|---|---|
committer | drbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2013-11-22 18:53:21 +0000 |
commit | e8e18cff7a7f61e4cf3ee390e1d6da31ecb9a9e4 (patch) | |
tree | 11423007aa0b1cde32fe3c95086772967810b20e /lib | |
parent | 0a5fc9c35fb0325ac7ee9b9eae65408b17f7add9 (diff) | |
download | ruby-e8e18cff7a7f61e4cf3ee390e1d6da31ecb9a9e4.tar.gz |
* lib/rubygems: Update to RubyGems master dcce4ff. Important changes
in this commit:
Remove automatic detection of gem dependencies files. This prevents a
security hole as described in [ruby-core:58490]
Fixed bugs for installing git gems.
* test/rubygems: ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rubygems.rb | 14 | ||||
-rw-r--r-- | lib/rubygems/resolver/composed_set.rb | 6 | ||||
-rw-r--r-- | lib/rubygems/source/git.rb | 6 | ||||
-rw-r--r-- | lib/rubygems/specification.rb | 2 |
4 files changed, 19 insertions, 9 deletions
diff --git a/lib/rubygems.rb b/lib/rubygems.rb index a6c97ed16d..8a0d992141 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -8,7 +8,7 @@ require 'rbconfig' module Gem - VERSION = '2.2.0.preview.2' + VERSION = '2.2.0' end # Must be first since it unloads the prelude from 1.9.2 @@ -995,12 +995,16 @@ module Gem # Looks for gem dependency files (gem.deps.rb, Gemfile, Isolate) from the # current directory up and activates the gems in the first file found. # - # This is run automatically when rubygems starts. To disable, set - # the <code>RUBYGEMS_GEMDEPS=</code> environment variable to an empty - # string. + # You can run this automatically when rubygems starts. To enable, set + # the <code>RUBYGEMS_GEMDEPS</code> environment variable to either the path + # of your Gemfile or "-" to auto-discover in parent directories. + # + # NOTE: Enabling automatic discovery on multiuser systems can lead to + # execution of arbitrary code when used from directories outside your + # control. def self.use_gemdeps - return unless path = ENV['RUBYGEMS_GEMDEPS'] || '-' + return unless path = ENV['RUBYGEMS_GEMDEPS'] path = path.dup.untaint if path == "-" diff --git a/lib/rubygems/resolver/composed_set.rb b/lib/rubygems/resolver/composed_set.rb index 702bd9ccfc..19227e095b 100644 --- a/lib/rubygems/resolver/composed_set.rb +++ b/lib/rubygems/resolver/composed_set.rb @@ -23,9 +23,9 @@ class Gem::Resolver::ComposedSet < Gem::Resolver::Set # Finds all specs matching +req+ in all sets. def find_all req - res = [] - @sets.each { |s| res += s.find_all(req) } - res + @sets.map do |s| + s.find_all req + end.flatten end ## diff --git a/lib/rubygems/source/git.rb b/lib/rubygems/source/git.rb index 82690923ff..c4f2724645 100644 --- a/lib/rubygems/source/git.rb +++ b/lib/rubygems/source/git.rb @@ -121,6 +121,12 @@ class Gem::Source::Git < Gem::Source end ## + # Nothing to download for git gems + + def download full_spec, path # :nodoc: + end + + ## # The directory where the git gem will be installed. def install_dir # :nodoc: diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index 22e2981198..2bcc2c0ef2 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -2177,7 +2177,7 @@ class Gem::Specification < Gem::BasicSpecification # Used by Gem::Resolver to order Gem::Specification objects def source # :nodoc: - self + Gem::Source::Installed.new end ## |