Remove all syck traces from rubygems

After reading [this blog post](https://blog.rubygems.org/2011/08/31/shaving-the-yaml-yak.html), published almost 10 years ago already, my understanding is that this problem could come up in two ways: * Rubygems.org serving corrupted gemspecs". As far as I understand this was fixed in rubygems.org a lot time ago, since rubygems/rubygems.org#331. * Clients having a ten years old gemspec cache with some of these bad gemspecs. In this case, there's no easy solution but I think ten years is enough and rebuilding the cache should do the trick. So, I think it's time we remove this.
rubygems · Jul 23, 2021 · afcb15d · afcb15d
1 parent de0c8fb
commit afcb15d
Show file tree

Hide file tree

Showing 8 changed files with 1 addition and 282 deletions.
diff --git a/Manifest.txt b/Manifest.txt
@@ -486,7 +486,6 @@ lib/rubygems/ssl_certs/.document
 lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA.pem
 lib/rubygems/ssl_certs/rubygems.org/GlobalSignRootCA_R3.pem
 lib/rubygems/stub_specification.rb
-lib/rubygems/syck_hack.rb
 lib/rubygems/text.rb
 lib/rubygems/uninstaller.rb
 lib/rubygems/unknown_command_spell_checker.rb

diff --git a/lib/rubygems.rb b/lib/rubygems.rb
@@ -628,23 +628,13 @@ def self.load_yaml
     rescue ::LoadError
       # If we can't load psych, that's fine, go on.
     else
-      # If 'yaml' has already been required, then we have to
-      # be sure to switch it over to the newly loaded psych.
-      if defined?(YAML::ENGINE) && YAML::ENGINE.yamler != "psych"
-        YAML::ENGINE.yamler = "psych"
-      end
-
       require 'rubygems/psych_additions'
       require 'rubygems/psych_tree'
     end
 
     require 'yaml'
     require 'rubygems/safe_yaml'
 
-    # Now that we're sure some kind of yaml library is loaded, pull
-    # in our hack to deal with Syck's DefaultKey ugliness.
-    require 'rubygems/syck_hack'
-
     @yaml_loaded = true
   end
 

diff --git a/lib/rubygems/requirement.rb b/lib/rubygems/requirement.rb
@@ -194,24 +194,17 @@ def hash # :nodoc:
   end
 
   def marshal_dump # :nodoc:
-    fix_syck_default_key_in_requirements
-
     [@requirements]
   end
 
   def marshal_load(array) # :nodoc:
     @requirements = array[0]
-
-    fix_syck_default_key_in_requirements
   end
 
   def yaml_initialize(tag, vals) # :nodoc:
     vals.each do |ivar, val|
       instance_variable_set "@#{ivar}", val
     end
-
-    Gem.load_yaml
-    fix_syck_default_key_in_requirements
   end
 
   def init_with(coder) # :nodoc:
@@ -246,8 +239,7 @@ def pretty_print(q) # :nodoc:
   def satisfied_by?(version)
     raise ArgumentError, "Need a Gem::Version: #{version.inspect}" unless
       Gem::Version === version
-    # #28965: syck has a bug with unquoted '=' YAML.loading as YAML::DefaultKey
-    requirements.all? {|op, rv| (OPS[op] || OPS["="]).call version, rv }
+    requirements.all? {|op, rv| OPS[op].call version, rv }
   end
 
   alias :=== :satisfied_by?
@@ -289,19 +281,6 @@ def _sorted_requirements
   def _tilde_requirements
     @_tilde_requirements ||= _sorted_requirements.select {|r| r.first == "~>" }
   end
-
-  private
-
-  def fix_syck_default_key_in_requirements # :nodoc:
-    Gem.load_yaml
-
-    # Fixup the Syck DefaultKey bug
-    @requirements.each do |r|
-      if r[0].kind_of? Gem::SyckDefaultKey
-        r[0] = "="
-      end
-    end
-  end
 end
 
 class Gem::Version

diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb
@@ -17,8 +17,6 @@ module SafeYAML
       Gem::Specification
       Gem::Version
       Gem::Version::Requirement
-      YAML::Syck::DefaultKey
-      Syck::DefaultKey
     ].freeze
 
     PERMITTED_SYMBOLS = %w[

diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb
@@ -1690,12 +1690,6 @@ def date=(date)
             when String then
               if DateTimeFormat =~ date
                 Time.utc($1.to_i, $2.to_i, $3.to_i)
-
-              # Workaround for where the date format output from psych isn't
-              # parsed as a Time object by syck and thus comes through as a
-              # string.
-              elsif /\A(\d{4})-(\d{2})-(\d{2}) \d{2}:\d{2}:\d{2}\.\d+?Z\z/ =~ date
-                Time.utc($1.to_i, $2.to_i, $3.to_i)
               else
                 raise(Gem::InvalidSpecificationException,
                       "invalid date format in specification: #{date.inspect}")

diff --git a/lib/rubygems/syck_hack.rb b/lib/rubygems/syck_hack.rb
diff --git a/test/rubygems/data/null-type.gemspec.rz b/test/rubygems/data/null-type.gemspec.rz
diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb
@@ -107,8 +107,6 @@ def setup
     end
 
     @current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-
-    load 'rubygems/syck_hack.rb'
   end
 
   def test_self_find_active_stub_by_path
@@ -747,125 +745,6 @@ def test_self_from_yaml
                  spec.specification_version
   end
 
-  def test_self_from_yaml_syck_date_bug
-    # This is equivalent to (and totally valid) psych 1.0 output and
-    # causes parse errors on syck.
-    yaml = @a1.to_yaml
-    yaml.sub!(/^date:.*/, "date: 2011-04-26 00:00:00.000000000Z")
-
-    spec = with_syck do
-      Gem::Specification.from_yaml yaml
-    end
-
-    assert_kind_of Time, @a1.date
-    assert_kind_of Time, spec.date
-  end
-
-  def test_self_from_yaml_syck_default_key_bug
-    # This is equivalent to (and totally valid) psych 1.0 output and
-    # causes parse errors on syck.
-    yaml = <<-YAML
---- !ruby/object:Gem::Specification
-name: posix-spawn
-version: !ruby/object:Gem::Version
-  version: 0.3.6
-  prerelease:
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake-compiler
-  requirement: &70243867725240 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - =
-      - !ruby/object:Gem::Version
-        version: 0.7.6
-  type: :development
-  prerelease: false
-  version_requirements: *70243867725240
-platform: ruby
-files: []
-test_files: []
-bindir:
-    YAML
-
-    spec = with_syck do
-      Gem::Specification.from_yaml yaml
-    end
-
-    op = spec.dependencies.first.requirement.requirements.first.first
-    refute_kind_of YAML::Syck::DefaultKey, op
-
-    refute_match %r{DefaultKey}, spec.to_ruby
-  end
-
-  def test_self_from_yaml_cleans_up_defaultkey
-    yaml = <<-YAML
---- !ruby/object:Gem::Specification
-name: posix-spawn
-version: !ruby/object:Gem::Version
-  version: 0.3.6
-  prerelease:
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake-compiler
-  requirement: &70243867725240 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - !ruby/object:YAML::Syck::DefaultKey {}
-
-      - !ruby/object:Gem::Version
-        version: 0.7.6
-  type: :development
-  prerelease: false
-  version_requirements: *70243867725240
-platform: ruby
-files: []
-test_files: []
-bindir:
-    YAML
-
-    spec = Gem::Specification.from_yaml yaml
-
-    op = spec.dependencies.first.requirement.requirements.first.first
-    refute_kind_of YAML::Syck::DefaultKey, op
-
-    refute_match %r{DefaultKey}, spec.to_ruby
-  end
-
-  def test_self_from_yaml_cleans_up_defaultkey_from_newer_192
-    yaml = <<-YAML
---- !ruby/object:Gem::Specification
-name: posix-spawn
-version: !ruby/object:Gem::Version
-  version: 0.3.6
-  prerelease:
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake-compiler
-  requirement: &70243867725240 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - !ruby/object:Syck::DefaultKey {}
-
-      - !ruby/object:Gem::Version
-        version: 0.7.6
-  type: :development
-  prerelease: false
-  version_requirements: *70243867725240
-platform: ruby
-files: []
-test_files: []
-bindir:
-    YAML
-
-    spec = Gem::Specification.from_yaml yaml
-
-    op = spec.dependencies.first.requirement.requirements.first.first
-    refute_kind_of YAML::Syck::DefaultKey, op
-
-    refute_match %r{DefaultKey}, spec.to_ruby
-  end
-
   def test_self_from_yaml_cleans_up_Date_objects
     yaml = <<-YAML
 --- !ruby/object:Gem::Specification
@@ -3860,49 +3739,6 @@ def util_setup_validate
     end
   end
 
-  def with_syck
-    begin
-      verbose, $VERBOSE = $VERBOSE, nil
-      require "yaml"
-      old_engine = YAML::ENGINE.yamler
-      YAML::ENGINE.yamler = 'syck'
-      load 'rubygems/syck_hack.rb'
-    rescue NameError
-      # probably on 1.8, ignore
-    ensure
-      $VERBOSE = verbose
-    end
-
-    yield
-  ensure
-    begin
-      YAML::ENGINE.yamler = old_engine
-      load 'rubygems/syck_hack.rb'
-    rescue NameError
-      # ignore
-    end
-  end
-
-  def with_psych
-    begin
-      require "yaml"
-      old_engine = YAML::ENGINE.yamler
-      YAML::ENGINE.yamler = 'psych'
-      load 'rubygems/syck_hack.rb'
-    rescue NameError
-      # probably on 1.8, ignore
-    end
-
-    yield
-  ensure
-    begin
-      YAML::ENGINE.yamler = old_engine
-      load 'rubygems/syck_hack.rb'
-    rescue NameError
-      # ignore
-    end
-  end
-
   def silence_warnings
     old_verbose, $VERBOSE = $VERBOSE, false
     yield