2013-09-30 05:12:59 by Takahiro Kambe | Files touched by this commit (2) |
Log message:
Update rubygems package to 2.0.10. This is security fix for CVE-2013-4363.
=== 2.0.10 / 2013-09-24
Security fixes:
* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
backtracking in Gem::Version validation. See CVE-2013-4363 for full details
including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
1.8.23.2 (for Ruby 1.9.3).
=== 2.0.9 / 2013-09-13
Bug fixes:
* Gem fetch now fetches the newest (not oldest) gem when --version is given.
Issue #643 by Brian Shirai.
* Fixed credential creation for `gem push` when `--host` is not given. Pull
request #622 by Arthur Nogueira Neves
|
2013-09-10 18:33:29 by Takahiro Kambe | Files touched by this commit (8) | |
Log message:
Update rubygems to 2.0.8.
This includes a fix for CVE-2013-4287 in rubygems.
=== 2.0.8 / 2013-09-09
Security fixes:
* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
backtracking in Gem::Version validation. See CVE-2013-4287 for full details
including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and
1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.
Bug fixes:
* Fixed Gem.clear_paths when Security is defined at top-level. Pull request
#625 by elarkin
=== 2.0.7 / 2013-08-15
* Extensions may now be built in parallel (therefore gems may be installed in
parallel). Bug #607 by Hemant Kumar.
* Changed broken link to RubyGems Bookshelf to point to RubyGems guides. Ruby
pull request #369 by è¬è´é¦.
* Fixed various test failures due to platform differences or poor tests.
Patches by Yui Naruse and Koichi Sasada.
* Fixed documentation for Kernel#require.
=== 2.0.6 / 2013-07-24
Bug fixes:
* Fixed the `--no-install` and `-I` options to `gem list` and friends. Bug
#593 by Blargel.
* Fixed crash when installing gems with extensions under the `-V` flag. Bug
#601 by Nick Hoffman.
* Fixed race condition retrieving HTTP connections in Gem::Request on JRuby.
Bug #597 by Hemant Kumar.
* Fixed building extensions on ruby 1.9.3 under mingw. Bug #594 by jonforums,
Bug #599 by Chris Riesbeck
* Restored default of remote search to `gem search`.
=== 2.0.5 / 2013-07-11
Bug fixes:
* Fixed building of extensions that run ruby in their makefiles. Bug #589 by
Zachary Salzbank.
=== 2.0.4 / 2013-07-09
Bug fixes:
* Fixed error caused by gem install not finding the right platform for your
platform. Bug #576 by John Anderson
* Fixed pushing gems with the default host. Bug #495 by Utkarsh Kukreti
* Improved unhelpful error message from `gem owner --remove`. Bug #488 by
Steve Klabnik
* Fixed typo in `gem spec` help. Pull request #563 by oooooooo
* Fixed creation of build_info with --install-dir. Bug #457 by VÃt Ondruch.
* RubyGems converts non-string dependency names to strings now. Bug #505 by
Terence Lee
* Outdated prerelease versions are now listed in `gem outdated`.
* RubyGems now only calls fsync() on the specification when installing, not
every file from the gem. This improves the performance of gem installation
on some systems. Pull Request #556 by Grzesiek Kolodziejczyk
* Removed surprise search term anchoring in `gem search` to restore 1.8-like
search behavior while still defaulting to --remote. Pull request #562 by
Ben Bleything
* Fixed handling of DESTDIR when building extensions. Pull request #573 by
Akinori MUSHA
* Fixed documentation of `gem pristine` defaults (--all is not a default).
Pull request #577 by Shannon Skipper
* Fixed a windows extension-building test failure. Pull request #575 by
Hiroshi Shirosaki
* Fixed issue with `gem update` where it would attempt to use a Version
instead of a Requirement to find the latest gem. Fixes #570 by Nick Cox.
* RubyGems now ignores an empty but set RUBYGEMS_HOST environment variable.
Based on pull request #558 by Robin Dupret.
* Removed duplicate creation of gem subdirectories in
Gem::DependencyInstaller. Pull Request #456 by VÃt Ondruch
* RubyGems now works with Ruby built with `--with-ruby-version=''`. Pull
Request #455 by VÃt Ondruch
* Fixed race condition when two threads require the same gem. Ruby bug report
#8374 by Joel VanderWerf
* Cleaned up siteconf between extension build and extension install. Pull
request #587 by Dominic Cleal
* Fix deprecation warnings when converting gemspecs to yaml. Ruby commit
r41148 by Yui Naruse
|
2013-07-07 17:12:56 by Takahiro Kambe | Files touched by this commit (1) | |
Log message:
Remove Ruby's version denendent directory.
No PKGREVISION bump for short time updates.
|
2013-07-07 17:02:57 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Fix creating proper build_info directory.
Bump PKGREVISION.
|
2013-06-15 04:12:48 by Takahiro Kambe | Files touched by this commit (7) |
Log message:
* Fix a problem of installing gem with Ruby 1.8.7 noted by David Holland.
* Clean up patch files.
Bump PKGREVISION.
|
2013-06-11 16:55:54 by Takahiro Kambe | Files touched by this commit (16) |
Log message:
Update rubygems to 2.0.3.
THere are too many changes to write here, please refer these release notes.
http://blog.rubygems.org/2013/03/11/2.0.3-released.html
http://blog.rubygems.org/2013/03/06/2.0.2-released.html
http://blog.rubygems.org/2013/03/05/2.0.1-released.html
http://blog.rubygems.org/2013/02/24/2.0.0-released.html
http://blog.rubygems.org/2013/02/08/2.0.0.rc.2-released.html
http://blog.rubygems.org/2012/12/03/2.0.0-preview2.html
|
2013-02-03 17:04:04 by Takahiro Kambe | Files touched by this commit (2) | |
Log message:
Update rubygems to 1.8.25.
=== 1.8.25/ 2013-01-24
* 6 bug fixes:
* Added 11627 to setup bin_file location to protect against errors.
Fixes #328 by ConradIrwin
* Specification#ruby_code didn't handle Requirement with multiple
* Fix error on creating a Version object with a frozen string.
* Fix incremental index updates
* Fix missing load_yaml in YAML-related requirement.rb code.
* Manually backport encoding-aware YAML gemspec
|
2012-10-08 11:57:42 by Aleksej Saushev | Files touched by this commit (239) |
Log message:
Drop PKG_DESTDIR_SUPPORT setting, "user-destdir" is default these days.
|
2012-04-28 15:52:45 by Takahiro Kambe | Files touched by this commit (3) |
Log message:
Update rubygems package to 1.8.24.
=== 1.8.24 / 2012-04-27
* 1 bug fix:
* Install the .pem files properly. Fixes #320
* Remove OpenSSL dependency from the http code path
|
2012-04-22 10:11:54 by Takahiro Kambe | Files touched by this commit (5) |
Log message:
Update rubygems package to 1.8.23.
=== 1.8.23 / 2012-04-19
This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.
You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.
You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.
* 2 security fixes:
* Disallow redirects from https to http
* Turn on verification of server SSL certs
* 1 minor feature:
* Add --clear-sources to fetch
* 2 bug fixes:
* Use File.identical? to check if two files are the same.
* Fixed init_with warning when using psych
=== 1.8.22 / 2012-04-13
* 4 bug fixes:
* Workaround for psych/syck YAML date parsing issue
* Don't trust the encoding of ARGV. Fixes #307
* Quiet default warnings about missing spec variables
* Read a binary file properly (windows fix)
=== 1.8.21 / 2012-03-22
* 2 bug fixes:
* Add workaround for buggy yaml output from 1.9.2
* Force 1.9.1 to remove it's prelude code. Fixes #305
=== 1.8.20 / 2012-03-21
* 4 bug fixes:
* Add --force to `gem build` to skip validation. Fixes #297
* Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
* Treat the source as a proper url base. Fixes #304
* Warn when updating the specs cache fails. Fixes #300
=== 1.8.19 / 2012-03-14
* 3 bug fixes:
* Handle loading psych vs syck properly. Fixes #298
* Make sure Date objects don't leak in via Marshal
* Perform Date => Time coercion on yaml loading. Fixes #266
=== 1.8.18 / 2012-03-11
* 4 bug fixes:
* Use Psych API to emit more compatible YAML
* Download and write inside `gem fetch` directly. Fixes #289
* Honor sysconfdir on 1.8. Fixes #291
* Search everywhere for a spec for `gem spec`. Fixes #288
* Fix Gem.all_load_path. Fixes #171
|