=== 1.8.10 / 2011-08-25
RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded. See
https://github.com/rubygems/rubygems/pull/165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes from
psych.
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.
Now latest ruby19-base package comes with gem supporting newer format,
so no need to keep older.
Shouold be fix build problem of newer rails3 related packages with
ruby18-base.
Bump PKGREVISION.
o pkgsrc changes:
* Add patches to keep output of specification sub-command as before.
* Make sure to 'yaml is loaded in Gem::Specification::from_yaml().
=== 1.3.7 / 2010-05-13
NOTE:
http://rubygems.org is now the default source for downloading gems.
You may have sources set via ~/.gemrc, so you should replace
http://gems.rubyforge.org with http://rubygems.orghttp://gems.rubyforge.org will continue to work for the forseeable future.
New features:
* `gem` commands
* `gem install` and `gem fetch` now report alternate platforms when a
matching one couldn't be found.
* `gem contents` --prefix is now the default as specified in --help. Bug
#27211 by Mamoru Tasaka.
* `gem fetch` can fetch of old versions again. Bug #27960 by Eric Hankins.
* `gem query` and friends output now lists platforms. Bug #27856 by Greg
Hazel.
* `gem server` now allows specification of multiple gem dirs for
documentation. Bug #27573 by Yuki Sonoda.
* `gem unpack` can unpack gems again. Bug #27872 by Timothy Jones.
* `gem unpack` now unpacks remote gems.
* --user-install is no longer the default. If you really liked it, see
Gem::ConfigFile to learn how to set it by default. (This change was made
in 1.3.6)
* RubyGems now has platform support for IronRuby. Patch #27951 by Will Green.
Bug fixes:
* Require rubygems/custom_require if --disable-gem was set. Bug #27700 by
Roger Pack.
* RubyGems now protects against exceptions being raised by plugins.
* rubygems/builder now requires user_interaction. Ruby Bug #1040 by Phillip
Toland.
* Gem::Dependency support #version_requirements= with a warning. Fix for old
Rails versions. Bug #27868 by Wei Jen Lu.
* Gem::PackageTask depends on the package dir like the other rake package
tasks so dependencies can be hooked up correctly.
=== 1.3.6 / 2010-02-17
New features:
* `gem` commands
* Added `gem push` and `gem owner` for interacting with modern/Gemcutter
sources
* `gem dep` now supports --prerelease.
* `gem fetch` now supports --prerelease.
* `gem server` now supports --bind. Patch #27357 by Bruno Michel.
* `gem rdoc` no longer overwrites built documentation. Use --overwrite
force rebuilding. Patch #25982 by Akinori MUSHA.
* Captial letters are now allowed in prerelease versions.
Bug fixes:
* Development deps are no longer added to rubygems-update gem so older
versions can update sucessfully.
* Installer bugs:
* Prerelease gems can now depend on non-prerelease gems.
* Development dependencies are ignored unless explicitly needed. Bug #27608
by Roger Pack.
* `gem` commands
* `gem which` now fails if no paths were found. Adapted patch #27681 by
Caio Chassot.
* `gem server` no longer has invalid markup. Bug #27045 by Eric Young.
* `gem list` and friends show both prerelease and regular gems when
--prerelease --all is given
* Gem::Format no longer crashes on empty files. Bug #27292 by Ian Ragsdale.
* Gem::GemPathSearcher handles nil require_paths. Patch #27334 by Roger Pack.
* Gem::RemoteFetcher no longer copies the file if it is where we want it.
Patch #27409 by Jakub Stastny.
Deprecation Notices:
* lib/rubygems/timer.rb has been removed.
* Gem::Dependency#version_requirements is deprecated and will be removed on or
after August 2010.
* Bulk index update is no longer supported.
* Gem::manage_gems was removed in 1.3.3.
* Time::today was removed in 1.3.3.
* Add LICENSE.
* Adjust new ruby packages' framework.
* Command name is gem${RUBY_VER} == gem18 now and add ALTERNATIVES.
* Add comments to patches.
* Overhalt --install_root option.
* Avoid access HOME when --install_root is enabled.
* honor PKG_SYSCONFDIR.
Bump PKGREVISION.
Changes:
* Fix use of prerelease gems.
* Gem.bin_path no longer escapes path with spaces. Bug #25935 and #26458.
* Bulk index update is no longer supported (the code currently
remains, but not the tests)
New features since 1.3.1:
* RubyGems now loads plugins from rubygems_plugin.rb in installed gems.
This can be used to add commands (See Gem::CommandManager) or add
install/uninstall hooks (See Gem::Installer and Gem::Uninstaller).
* Gem::Version now understands prerelease versions using letters. (eg.
'1.2.1.b') Thanks to Josh Susser, Alex Vollmer and Phil Hagelberg.
* RubyGems now includes a Rake task for creating gems which replaces rake's
Rake::GemPackageTask. See Gem::PackageTask.
* Gem::find_files now returns paths in $LOAD_PATH.
* Added Gem::promote_load_path for use with Gem::find_files
* Added Gem::bin_path to make finding executables easier. Patch #24114 by
James Tucker.
* Various improvements to build arguments for installing gems.
* `gem contents` added --all and --no-prefix.
* Gem::Specification
* #validate strips directories and errors on not-files.
* #description no longer removes newlines.
* #name must be a String.
* FIXME and TODO are no longer allowed in various fields.
* Added support for a license attribute. Feature #11041 (partial).
* Removed Gem::Specification::list, too much process growth. Bug #23668 by
Steve Purcell.
* `gem generate_index`
* Can now generate an RSS feed.
* Modern indicies can now be updated incrementally.
* Legacy indicies can be updated separately from modern.
* `gem server` allows port names (from /etc/services) with --port.
* `gem server` now has search that jumps to RDoc. Patch #22959 by Vladimir
Dobriakov.
* `gem spec` can retrieve single fields from a spec (like `gem spec rake
authors`).
* Gem::Specification#has_rdoc= is deprecated and ignored (defaults to true)
* RDoc is now generated regardless of Gem::Specification#has_rdoc?
New features since 1.2.0:
* RubyGems doesn't print LOCAL/REMOTE titles for `gem query` and friends if
stdout is not a TTY, except with --both.
* Added Gem.find_files, allows a gem to discover features provided by other
gems.
* Added pre/post (un)install hooks for packagers of RubyGems. (Not for gems
themselves).
* RubyGems now installs gems into ~/.gem if GEM_HOME is not writable. Use
--no-user-install command-line switch to disable this behavior.
* Fetching specs for update now uses If-Modified-Since requests.
* RubyGems now updates the ri cache when the rdoc gem is installed and
documentation is generated.
Release 1.2.0 adds new features and fixes some bugs.
New features:
* RubyGems no longer performs bulk updates and instead only fetches the gemspec
files it needs. Alternate sources will need to upgrade to RubyGems 1.2 to
allow RubyGems to take advantage of the new metadata updater. If a pre 1.2
remote source is in the sources list, RubyGems will revert to the bulk update
code for compatibility.
* RubyGems now has runtime and development dependency types. Use
#add_development_dependency and #add_runtime_dependency. All typeless
dependencies are considered to be runtime dependencies.
* RubyGems will now require rubygems/defaults/operating_system.rb and
rubygems/defaults/#{RBX_ENGINE}.rb if they exist. This allows packagers and
ruby implementers to add custom behavior to RubyGems via these files. (If
the RubyGems API is insufficient, please suggest improvements via the
RubyGems list.)
* /etc/gemrc (and windows equivalent) for global settings
* setup.rb now handles --vendor and --destdir for packagers
* `gem stale` command that lists gems by last access time
Bugs Fixed:
* File modes from gems are now honored, patch #19737
* Marshal Gem::Specification objects from the future can now be loaded.
* A trailing / is now added to remote sources when missing, bug #20134
* Gems with legacy platforms will now be correctly uninstalled, patch #19877
* `gem install --no-wrappers` followed by `gem install --wrappers` no longer
overwrites executables
* `gem pristine` now forces reinstallation of gems, bug #20387
* RubyGems gracefully handles ^C while loading .gemspec files from disk, bug
#20523
* Paths are expanded in more places, bug #19317, bug #19896
* Gem::DependencyInstaller resets installed gems every install, bug #19444
* Gem.default_path is now honored if GEM_PATH is not set, patch #19502
Other Changes Include:
* setup.rb
* stub files created by RubyGems 0.7.x and older are no longer removed. When
upgrading from these ancient versions, upgrade to 1.1.x first to clean up
stubs.
* RDoc is no longer required until necessary, patch #20414
* `gem server`
* Now completely matches the output of `gem generate_index` and
has correct content types
* Refreshes from source directories for every hit. The server will no longer
need to be restarted after installing gems.
* `gem query --details` and friends now display author, homepage, rubyforge url
and installed location
* `gem install` without -i no longer reinstalls dependencies if they are in
GEM_PATH but not in GEM_HOME
* Gem::RemoteFetcher now performs persistent connections for HEAD requests,
bug #7973
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
* Gem.prefix now returns non-nil only when RubyGems was installed outside
sitelibdir or libdir.
* The `gem server` gem list now correctly links to gem details.
* `gem update --system` now passes --no-format-executable to setup.rb.
* Gem::SourceIndex#refresh! now works with multiple gem repositories.
* Downloaded gems now go into --install-dir's cache directory.
* Various fixes to downloading gem metadata.
* `gem install --force` now ignores network errors too.
* `gem pristine` now rebuilds extensions.
* `gem update --system` now works on virgin Apple ruby.
* Gem::RemoteFetcher handles Errno::ECONNABORTED.
+ Port patches to allow gems to be installed into an "installion root"
from 1.0.1nb2.
+ Rename the --build-root option to --install-root, which more accurately
reflects the purpose of the option.
+ Update rubygem.mk to work with rubygems-1.1.0.
+ Require 1.1.0 as the minimum rubygems version for the build.
+ Remove GEM_FORMAT and special code to extract the gemspec file
from a gem archive -- `gem spec' can now do it correctly by itself.
+ Rename various *buildroot* targets to *install-root* to match the
name of the `gem' option.
* RubyGems now uses persistent connections on index updates and only
updates from a latest index by default, cutting candidate gems for
updates to roughly 1/4 (at present). Index updates are much faster
now.
* `gem list -r` may only show the latest version of a gem, add --all to
see all gems.
* `gem spec` now extracts specifications from .gem files.
* `gem query --installed` to aid automation of checking for gems.
This update has been tested with the 3 packages in pkgsrc that install
using the ``gem'' command:
devel/rubyforge
misc/ruby-gem_plugin
www/mongrel
This update has also been tested with the 129 packages in my local
tree that install using the ``gem'' command.
Manually check that the installation actually succeeds or exit with an
error so that the pkgsrc make process halts with the proper error code.
Suggestion for change by <seb> in private email.
+ Add a GEM_SPECFILE variable which points to the gemspec file
to use when building using the ``gemspec'' GEM_BUILD method.
It defaults to ${WRKDIR}/${DISTNAME}.gemspec.
+ Add a GEM_FORMAT variable that indicates the archive format of
the downloaded gem. Possible are "packed" and "tar" with a default
of "tar". "Packed" is the old gem-0.8.x format, while "tar" is the
current one.
+ Make gem-extract a dependency for post-extract, not do-extract.
This allows for the usual do-extract actions to take place in
the case where EXTRACT_SUFX is not ".gem".
Now, if any of the DISTFILES are gems, then gem-extract takes care
of all of the extraction, but otherwise, the usual do-extract actions
take place.
+ Use the gem script to unpack the downloaded gem. We still have to
manually extract the gemspec file, but at least we make fewer
assumptions about the format of the gem.
this file was awkward because PKG_DESTDIR_SUPPORT must be set before
the first inclusion of bsd.prefs.mk, which forced rubygem.mk to be
included before any other file. Instead, packages which install as
Ruby gems should define PKG_DESTDIR_SUPPORT on their own.
generated by mkmf.rb are actually not DESTDIR-safe because the $(DESTDIR)
value gets propagated to the rpath. Since we already pass --buildroot
to deal with staged installations, explicitly strip out DESTDIR from
the environment.
regardless of the #! line at the head of a script, so we can skip
the interpreter path check for gems.
As a side benefit, the resulting gems are more suitable for distribution
to other platforms.
