Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Dec 21, 2014
  1. @luislavena

    Prep for release

    luislavena authored
Commits on Nov 11, 2014
  1. @luislavena

    Backport: Newer Root CA for rubygems.org

    luislavena authored
    Due sunsetting of certificates with SHA1 signature, rubygems.org
    is upgrading, which requires RubyGems (the software) be ugpraded
    too.
  2. @luislavena

    Remove RubyForge Hoe's setting

    luislavena authored
    RubyForge is no available in usage and newer versions of Hoe no longer
    defines or support it.
Commits on Nov 24, 2013
  1. @drbrain

    Update manifest

    drbrain authored
  2. @drbrain
  3. @drbrain

    Fix DigiCert certificate

    drbrain authored
    I accidentally pasted its name in because I was being too clever with
    pbcopy and pbpaste.
  4. @drbrain
  5. @drbrain

    Set release version and date

    drbrain authored
  6. @drbrain

    Fix History.txt processing for empty LANG

    drbrain authored
    When LANG=UTF-8 some versions of ruby are not able to correctly process
    the History file and raise an encoding exception (notably, FreeBSD).
    
    This ensures the History text is processed with UTF-8 encoding.
Commits on Oct 8, 2013
  1. @drbrain

    Fix version numbers in History

    drbrain authored
    There were two 1.8.26 versions, the first is actually 1.8.27
  2. @drbrain
  3. @drbrain

    Set release version and date

    drbrain authored
  4. @drbrain

    Remove ca-bundle.pem

    drbrain authored
    The ca-bundle.pem contains more certificates than I wish to maintain or
    police for compromises.  Limiting to just the certificates needed for
    rubygems.org, S3, cloudfront and fastly will be much less work and
    security risk.
  5. @drbrain

    Remove unneeded require of rubygems/request

    drbrain authored
    Issue #673 added a test for the bundled CA certificates which requires
    rubygems/request, but the file is not used in the test.
  6. @drbrain

    Add proper certificates for S3

    drbrain authored
    Commit @71bc866 did not add the correct certificates as show by the test
    from #673.  Now we have a tool to determine the correct certificates by
    automatically from a certs.pem.
    
    This updates #665 and #671.
  7. @drbrain

    Only run CA tests on travis-ci

    drbrain authored
    The CA tests added in #673 run locally even when I don't have internet,
    which can make the tests slower.
    
    Now they'll only run on travis-ci which can take all the time it likes,
    but will give similar value.
  8. @drbrain

    Mention #673 in History

    drbrain authored
    Issue #673 adds a test for S3 and rubygems.org certificates to rubygems
    so we can more quickly detect when a certificate's roots change.
  9. @hannesg @drbrain

    Added a test for the included certificates

    hannesg authored drbrain committed
  10. @drbrain

    Add #654 to history

    drbrain authored
    Issue #654 removed redundant (useless) certificates that aren't needed
    to connect to https://rubygems.org.  This was committed in @22e5981.
    
    Fixes #654
  11. @drbrain

    Add Verisign G5 CA cert and its intermediary

    drbrain authored
    https://s3.amazonaws.com changed its certificate.  We did not have the
    new root CA certificate (the G5 certificate) in our default certificate
    list.
    
    This caused connections to https://rubygems.org to fail for users who
    did not have a full certificate list for openssl installed separately.
    
    Now we have both the G5 certificate and its intermediary to allow
    connections to succeed for users on cert.pem-less systems.
    
    Fixes #665
    
    Fixes #671
  12. @drbrain
Commits on Sep 24, 2013
  1. @drbrain

    Add CVE-2013-4363.txt to rdoc

    drbrain authored
  2. @drbrain

    Update version for release

    drbrain authored
  3. @drbrain

    Fix CVE-2013-4363, remove regexp backtracking

    drbrain authored
    The Gem::Version regexp used backtracking to validate gem versions, but
    in a different way than CVE-2013-4287. This could cause excessive CPU
    usage when creating Gem::Version objects including when packaging gems.
    See CVE-2013-4363.txt (in this commit) for details.
    
    See #626
Commits on Sep 9, 2013
  1. @drbrain

    Require 'thread' for builder mutex

    drbrain authored
    This was missed when 05e9e55 was cherry-picked
  2. @drbrain

    Update version for release

    drbrain authored
  3. @drbrain

    Fix CVE-2013-4287, remove regexp backtracking

    drbrain authored
    The Gem::Version regexp used backtracking to validate gem versions.
    This could cause excessive CPU usage when creating Gem::Version objects
    including when packaging gems. See CVE-2013-4287.txt (in this commit)
    for details.
    
    Fixes #626
Commits on Sep 5, 2013
  1. @drbrain

    Prevent extensions from building in parallel

    drbrain authored
    Building an extension requires changing the path so commands executed
    via a subprocess will work correctly.  In order to prevent parallel
    extension builds from changing each other's directory a mutex is
    required.
    
    Fixes #607
  2. @drbrain

    Fix extension building on Ruby 1.9.3 and mingw

    drbrain authored
    Supplying DESTDIR on mingw causes link errors due to reasons I don't
    understand (see the related bug).  Now, on 1.9.3, DESTDIR is not
    supplied to the make command which prevents the bug.  Ruby 2.0.0 behaves
    as before.
    
    Fixes #594, see also duplicate bug #599
  3. @drbrain

    Fixed installing gems with extensions under -V

    drbrain authored
    Commit f815636 changed the return value of ExtConfBuilder#build to nil
    from the input result array.  When running with -V RubyGems prints the
    results of compilation by joining the returned Array.  nil does not have
    this so a NoMethodError was raised.
    
    Fixes #601
  4. @drbrain
  5. @drbrain

    Use Tempfile.create to unlink siteconf on Windows

    drbrain authored
    Import of r41893 from ruby trunk by naruse
  6. @drbrain

    Reset RUBYOPT when unlinking siteconf

    drbrain authored
    The rice gem uses an unconventional extconf.rb during its build.
    Instead of using mkmf it gathers configuration information from RbConfig
    and runs a configure script which creates a Makefile.  The Makefile
    invokes ruby during the build process.
    
    When running the Makefile the RUBYOPT environment variable required the
    siteconf file which had been removed.  This would cause ruby to raise an
    exception.
    
    Now RUBYOPT is reset when the siteconf file is removed which fixes this
    bug.
    
    Fixes #582
  7. @domcleal @drbrain

    Remove siteconf temp file once unused

    domcleal authored drbrain committed
    Clean up the sitearch temp file before running any make commands to prevent
    the temp file being copied into the gem installation.
  8. @knu @drbrain

    Pass DESTDIR via command line to override what's in MAKEFLAGS.

    knu authored drbrain committed
    This fixes an installation problem under a package building
    environment where DESTDIR is specified in the (parent) command line.
    
    Related bug reports:
    - https://bugzilla.redhat.com/show_bug.cgi?id=921650
    - ruby/ruby#327
Something went wrong with that request. Please try again.