Problems found locating distfiles:
Package colorls: missing distfile ls.tar.gz
Package molden: missing distfile molden-4.6/molden4.6.tar.gz
Package softmaker-office-demo: missing distfile ofl06trial.tgz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
=== 2.4.8 / 2015-06-08
Bug fixes:
* Tightened API endpoint checks for CVE-2015-3900
=== 2.4.7 / 2015-05-14
Bug fixes:
* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
Fix by claudijd
* Simplify Gem::Specification definition.
* Remove some pkgsrc specific modifications.
=== 2.4.6 / 2014-02-05
Bug fixes:
* Fixed resolving gems with both upper and lower requirement boundaries.
Issue #1141 by Jakub Jirutka.
* Moved extension directory after require_paths to fix missing constant bugs
in some gems with C extensions. Issue #784 by Andr«± Arko, pull request
#1137 by Barry Allard.
* Use Gem::Dependency#requirement when adding a dependency to an existing
dependency instance. Pull request #1101 by Josh Cheek.
* Fixed warning of shadowed local variable in Gem::Specification. Pull request
#1109 by Rohit Arondekar
* Gem::Requirement should always sort requirements before coercion to Hash.
Pull request #1139 by Eito Katagiri.
* The `gem open` command should change the current working directory before
opening the editor. Pull request #1142 by Alex Wood.
* Ensure quotes are stripped from the Windows launcher script used to install
gems. Pull request #1115 by Youngjun Song.
* Fixed errors when writing to NFS to to 0444 files. Issue #1161 by Emmanuel
Hadoux.
* Removed dead code in Gem::StreamUI. Pull request #1117 by mediaslave24.
* Fixed typos. Pull request #1096 by hakeda.
* Relaxed CMake dependency for RHEL 6 and CentOS 6. Pull request #1124 by V«¿t
Ondruch.
* Relaxed Psych dependency. Pull request #1128 by V«¿t Ondruch.
=== 2.0.10 / 2013-09-24
Security fixes:
* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
backtracking in Gem::Version validation. See CVE-2013-4363 for full details
including vulnerable APIs. Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
1.8.23.2 (for Ruby 1.9.3).
=== 2.0.9 / 2013-09-13
Bug fixes:
* Gem fetch now fetches the newest (not oldest) gem when --version is given.
Issue #643 by Brian Shirai.
* Fixed credential creation for `gem push` when `--host` is not given. Pull
request #622 by Arthur Nogueira Neves
This includes a fix for CVE-2013-4287 in rubygems.
=== 2.0.8 / 2013-09-09
Security fixes:
* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
backtracking in Gem::Version validation. See CVE-2013-4287 for full details
including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and
1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.
Bug fixes:
* Fixed Gem.clear_paths when Security is defined at top-level. Pull request
#625 by elarkin
=== 2.0.7 / 2013-08-15
* Extensions may now be built in parallel (therefore gems may be installed in
parallel). Bug #607 by Hemant Kumar.
* Changed broken link to RubyGems Bookshelf to point to RubyGems guides. Ruby
pull request #369 by 謝致邦.
* Fixed various test failures due to platform differences or poor tests.
Patches by Yui Naruse and Koichi Sasada.
* Fixed documentation for Kernel#require.
=== 2.0.6 / 2013-07-24
Bug fixes:
* Fixed the `--no-install` and `-I` options to `gem list` and friends. Bug
#593 by Blargel.
* Fixed crash when installing gems with extensions under the `-V` flag. Bug
#601 by Nick Hoffman.
* Fixed race condition retrieving HTTP connections in Gem::Request on JRuby.
Bug #597 by Hemant Kumar.
* Fixed building extensions on ruby 1.9.3 under mingw. Bug #594 by jonforums,
Bug #599 by Chris Riesbeck
* Restored default of remote search to `gem search`.
=== 2.0.5 / 2013-07-11
Bug fixes:
* Fixed building of extensions that run ruby in their makefiles. Bug #589 by
Zachary Salzbank.
=== 2.0.4 / 2013-07-09
Bug fixes:
* Fixed error caused by gem install not finding the right platform for your
platform. Bug #576 by John Anderson
* Fixed pushing gems with the default host. Bug #495 by Utkarsh Kukreti
* Improved unhelpful error message from `gem owner --remove`. Bug #488 by
Steve Klabnik
* Fixed typo in `gem spec` help. Pull request #563 by oooooooo
* Fixed creation of build_info with --install-dir. Bug #457 by Vít Ondruch.
* RubyGems converts non-string dependency names to strings now. Bug #505 by
Terence Lee
* Outdated prerelease versions are now listed in `gem outdated`.
* RubyGems now only calls fsync() on the specification when installing, not
every file from the gem. This improves the performance of gem installation
on some systems. Pull Request #556 by Grzesiek Kolodziejczyk
* Removed surprise search term anchoring in `gem search` to restore 1.8-like
search behavior while still defaulting to --remote. Pull request #562 by
Ben Bleything
* Fixed handling of DESTDIR when building extensions. Pull request #573 by
Akinori MUSHA
* Fixed documentation of `gem pristine` defaults (--all is not a default).
Pull request #577 by Shannon Skipper
* Fixed a windows extension-building test failure. Pull request #575 by
Hiroshi Shirosaki
* Fixed issue with `gem update` where it would attempt to use a Version
instead of a Requirement to find the latest gem. Fixes#570 by Nick Cox.
* RubyGems now ignores an empty but set RUBYGEMS_HOST environment variable.
Based on pull request #558 by Robin Dupret.
* Removed duplicate creation of gem subdirectories in
Gem::DependencyInstaller. Pull Request #456 by Vít Ondruch
* RubyGems now works with Ruby built with `--with-ruby-version=''`. Pull
Request #455 by Vít Ondruch
* Fixed race condition when two threads require the same gem. Ruby bug report
#8374 by Joel VanderWerf
* Cleaned up siteconf between extension build and extension install. Pull
request #587 by Dominic Cleal
* Fix deprecation warnings when converting gemspecs to yaml. Ruby commit
r41148 by Yui Naruse
=== 1.8.25/ 2013-01-24
* 6 bug fixes:
* Added 11627 to setup bin_file location to protect against errors.
Fixes#328 by ConradIrwin
* Specification#ruby_code didn't handle Requirement with multiple
* Fix error on creating a Version object with a frozen string.
* Fix incremental index updates
* Fix missing load_yaml in YAML-related requirement.rb code.
* Manually backport encoding-aware YAML gemspec
=== 1.8.23 / 2012-04-19
This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.
You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.
You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.
* 2 security fixes:
* Disallow redirects from https to http
* Turn on verification of server SSL certs
* 1 minor feature:
* Add --clear-sources to fetch
* 2 bug fixes:
* Use File.identical? to check if two files are the same.
* Fixed init_with warning when using psych
=== 1.8.22 / 2012-04-13
* 4 bug fixes:
* Workaround for psych/syck YAML date parsing issue
* Don't trust the encoding of ARGV. Fixes#307
* Quiet default warnings about missing spec variables
* Read a binary file properly (windows fix)
=== 1.8.21 / 2012-03-22
* 2 bug fixes:
* Add workaround for buggy yaml output from 1.9.2
* Force 1.9.1 to remove it's prelude code. Fixes#305
=== 1.8.20 / 2012-03-21
* 4 bug fixes:
* Add --force to `gem build` to skip validation. Fixes#297
* Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
* Treat the source as a proper url base. Fixes#304
* Warn when updating the specs cache fails. Fixes#300
=== 1.8.19 / 2012-03-14
* 3 bug fixes:
* Handle loading psych vs syck properly. Fixes#298
* Make sure Date objects don't leak in via Marshal
* Perform Date => Time coercion on yaml loading. Fixes#266
=== 1.8.18 / 2012-03-11
* 4 bug fixes:
* Use Psych API to emit more compatible YAML
* Download and write inside `gem fetch` directly. Fixes#289
* Honor sysconfdir on 1.8. Fixes#291
* Search everywhere for a spec for `gem spec`. Fixes#288
* Fix Gem.all_load_path. Fixes#171
=== 1.8.17 / 2012-02-17
* 2 minor enhancements:
* Add MacRuby to the list of special cases for platforms (ferrous26)
* Add a default for where to install rubygems itself
* 3 bug fixes:
* Fixed gem loading issue caused by dependencies not resolving.
* Fixed umask error when stdlib is required and unresolved dependencies exist.
* Shebang munging would only take one arg after the cmd
* Define SUCKAGE better, ie only MRI 1.9.2
* Propagate env-shebang to the pristine command if set for install.
=== 1.8.16 / 2012-02-12
* 3 bug fixes:
* Fix gem specification loading when encoding is not UTF-8. #146
* Allow group writable if umask allows it already.
* Uniquify the spec list based on directory order priority
=== 1.8.15 / 2012-01-06
* 1 bug fix:
* Don't eager load yaml, it creates a bad loop. Fixes#256
=== 1.8.14 / 2012-01-05
* 2 bug fixes:
* Ignore old/bad cache data in Version
* Make sure our YAML workarounds are loaded properly. Fixes#250.
=== 1.8.13 / 2011-12-21
* 1 bug fix:
* Check loaded_specs properly when trying to satisfy a dep
* 2 minor enhancements:
* Remove using #loaded_path? for performance
* Remove Zlib workaround for Windows build.
=== 1.8.10 / 2011-08-25
RubyGems 1.8.10 contains a security fix that prevents malicious gems from
executing code when their specification is loaded. See
https://github.com/rubygems/rubygems/pull/165 for details.
* 5 bug fixes:
* RubyGems escapes strings in ruby-format specs using #dump instead of #to_s
and %q to prevent code injection. Issue #165 by Postmodern
* RubyGems attempt to activate the psych gem now to obtain bugfixes from
psych.
* Gem.dir has been restored to the front of Gem.path. Fixes remaining
problem with Issue #115
* Fixed Syck DefaultKey infecting ruby-format specifications.
* `gem uninstall a b` no longer stops if gem "a" is not installed.
Now latest ruby19-base package comes with gem supporting newer format,
so no need to keep older.
Shouold be fix build problem of newer rails3 related packages with
ruby18-base.
Bump PKGREVISION.
o pkgsrc changes:
* Add patches to keep output of specification sub-command as before.
* Make sure to 'yaml is loaded in Gem::Specification::from_yaml().
=== 1.3.7 / 2010-05-13
NOTE:
http://rubygems.org is now the default source for downloading gems.
You may have sources set via ~/.gemrc, so you should replace
http://gems.rubyforge.org with http://rubygems.orghttp://gems.rubyforge.org will continue to work for the forseeable future.
New features:
* `gem` commands
* `gem install` and `gem fetch` now report alternate platforms when a
matching one couldn't be found.
* `gem contents` --prefix is now the default as specified in --help. Bug
#27211 by Mamoru Tasaka.
* `gem fetch` can fetch of old versions again. Bug #27960 by Eric Hankins.
* `gem query` and friends output now lists platforms. Bug #27856 by Greg
Hazel.
* `gem server` now allows specification of multiple gem dirs for
documentation. Bug #27573 by Yuki Sonoda.
* `gem unpack` can unpack gems again. Bug #27872 by Timothy Jones.
* `gem unpack` now unpacks remote gems.
* --user-install is no longer the default. If you really liked it, see
Gem::ConfigFile to learn how to set it by default. (This change was made
in 1.3.6)
* RubyGems now has platform support for IronRuby. Patch #27951 by Will Green.
Bug fixes:
* Require rubygems/custom_require if --disable-gem was set. Bug #27700 by
Roger Pack.
* RubyGems now protects against exceptions being raised by plugins.
* rubygems/builder now requires user_interaction. Ruby Bug #1040 by Phillip
Toland.
* Gem::Dependency support #version_requirements= with a warning. Fix for old
Rails versions. Bug #27868 by Wei Jen Lu.
* Gem::PackageTask depends on the package dir like the other rake package
tasks so dependencies can be hooked up correctly.
=== 1.3.6 / 2010-02-17
New features:
* `gem` commands
* Added `gem push` and `gem owner` for interacting with modern/Gemcutter
sources
* `gem dep` now supports --prerelease.
* `gem fetch` now supports --prerelease.
* `gem server` now supports --bind. Patch #27357 by Bruno Michel.
* `gem rdoc` no longer overwrites built documentation. Use --overwrite
force rebuilding. Patch #25982 by Akinori MUSHA.
* Captial letters are now allowed in prerelease versions.
Bug fixes:
* Development deps are no longer added to rubygems-update gem so older
versions can update sucessfully.
* Installer bugs:
* Prerelease gems can now depend on non-prerelease gems.
* Development dependencies are ignored unless explicitly needed. Bug #27608
by Roger Pack.
* `gem` commands
* `gem which` now fails if no paths were found. Adapted patch #27681 by
Caio Chassot.
* `gem server` no longer has invalid markup. Bug #27045 by Eric Young.
* `gem list` and friends show both prerelease and regular gems when
--prerelease --all is given
* Gem::Format no longer crashes on empty files. Bug #27292 by Ian Ragsdale.
* Gem::GemPathSearcher handles nil require_paths. Patch #27334 by Roger Pack.
* Gem::RemoteFetcher no longer copies the file if it is where we want it.
Patch #27409 by Jakub Stastny.
Deprecation Notices:
* lib/rubygems/timer.rb has been removed.
* Gem::Dependency#version_requirements is deprecated and will be removed on or
after August 2010.
* Bulk index update is no longer supported.
* Gem::manage_gems was removed in 1.3.3.
* Time::today was removed in 1.3.3.
* Add LICENSE.
* Adjust new ruby packages' framework.
* Command name is gem${RUBY_VER} == gem18 now and add ALTERNATIVES.
* Add comments to patches.
* Overhalt --install_root option.
* Avoid access HOME when --install_root is enabled.
* honor PKG_SYSCONFDIR.
Bump PKGREVISION.
Changes:
* Fix use of prerelease gems.
* Gem.bin_path no longer escapes path with spaces. Bug #25935 and #26458.
* Bulk index update is no longer supported (the code currently
remains, but not the tests)
New features since 1.3.1:
* RubyGems now loads plugins from rubygems_plugin.rb in installed gems.
This can be used to add commands (See Gem::CommandManager) or add
install/uninstall hooks (See Gem::Installer and Gem::Uninstaller).
* Gem::Version now understands prerelease versions using letters. (eg.
'1.2.1.b') Thanks to Josh Susser, Alex Vollmer and Phil Hagelberg.
* RubyGems now includes a Rake task for creating gems which replaces rake's
Rake::GemPackageTask. See Gem::PackageTask.
* Gem::find_files now returns paths in $LOAD_PATH.
* Added Gem::promote_load_path for use with Gem::find_files
* Added Gem::bin_path to make finding executables easier. Patch #24114 by
James Tucker.
* Various improvements to build arguments for installing gems.
* `gem contents` added --all and --no-prefix.
* Gem::Specification
* #validate strips directories and errors on not-files.
* #description no longer removes newlines.
* #name must be a String.
* FIXME and TODO are no longer allowed in various fields.
* Added support for a license attribute. Feature #11041 (partial).
* Removed Gem::Specification::list, too much process growth. Bug #23668 by
Steve Purcell.
* `gem generate_index`
* Can now generate an RSS feed.
* Modern indicies can now be updated incrementally.
* Legacy indicies can be updated separately from modern.
* `gem server` allows port names (from /etc/services) with --port.
* `gem server` now has search that jumps to RDoc. Patch #22959 by Vladimir
Dobriakov.
* `gem spec` can retrieve single fields from a spec (like `gem spec rake
authors`).
* Gem::Specification#has_rdoc= is deprecated and ignored (defaults to true)
* RDoc is now generated regardless of Gem::Specification#has_rdoc?
New features since 1.2.0:
* RubyGems doesn't print LOCAL/REMOTE titles for `gem query` and friends if
stdout is not a TTY, except with --both.
* Added Gem.find_files, allows a gem to discover features provided by other
gems.
* Added pre/post (un)install hooks for packagers of RubyGems. (Not for gems
themselves).
* RubyGems now installs gems into ~/.gem if GEM_HOME is not writable. Use
--no-user-install command-line switch to disable this behavior.
* Fetching specs for update now uses If-Modified-Since requests.
* RubyGems now updates the ri cache when the rdoc gem is installed and
documentation is generated.
Release 1.2.0 adds new features and fixes some bugs.
New features:
* RubyGems no longer performs bulk updates and instead only fetches the gemspec
files it needs. Alternate sources will need to upgrade to RubyGems 1.2 to
allow RubyGems to take advantage of the new metadata updater. If a pre 1.2
remote source is in the sources list, RubyGems will revert to the bulk update
code for compatibility.
* RubyGems now has runtime and development dependency types. Use
#add_development_dependency and #add_runtime_dependency. All typeless
dependencies are considered to be runtime dependencies.
* RubyGems will now require rubygems/defaults/operating_system.rb and
rubygems/defaults/#{RBX_ENGINE}.rb if they exist. This allows packagers and
ruby implementers to add custom behavior to RubyGems via these files. (If
the RubyGems API is insufficient, please suggest improvements via the
RubyGems list.)
* /etc/gemrc (and windows equivalent) for global settings
* setup.rb now handles --vendor and --destdir for packagers
* `gem stale` command that lists gems by last access time
Bugs Fixed:
* File modes from gems are now honored, patch #19737
* Marshal Gem::Specification objects from the future can now be loaded.
* A trailing / is now added to remote sources when missing, bug #20134
* Gems with legacy platforms will now be correctly uninstalled, patch #19877
* `gem install --no-wrappers` followed by `gem install --wrappers` no longer
overwrites executables
* `gem pristine` now forces reinstallation of gems, bug #20387
* RubyGems gracefully handles ^C while loading .gemspec files from disk, bug
#20523
* Paths are expanded in more places, bug #19317, bug #19896
* Gem::DependencyInstaller resets installed gems every install, bug #19444
* Gem.default_path is now honored if GEM_PATH is not set, patch #19502
Other Changes Include:
* setup.rb
* stub files created by RubyGems 0.7.x and older are no longer removed. When
upgrading from these ancient versions, upgrade to 1.1.x first to clean up
stubs.
* RDoc is no longer required until necessary, patch #20414
* `gem server`
* Now completely matches the output of `gem generate_index` and
has correct content types
* Refreshes from source directories for every hit. The server will no longer
need to be restarted after installing gems.
* `gem query --details` and friends now display author, homepage, rubyforge url
and installed location
* `gem install` without -i no longer reinstalls dependencies if they are in
GEM_PATH but not in GEM_HOME
* Gem::RemoteFetcher now performs persistent connections for HEAD requests,
bug #7973
