Updated RubyGems to 2.1.10.

=== 2.1.9 / 2013-10-14

Bug fixes:

* Reduce sorting when fetching specifications.  This speeds up the update and
  outdated commands, and others.  Issue rubinius#657 by windwiny.
* Proxy usernames and passwords are now escaped properly.  Ruby Bug #8979 by
  Masahiro Tomita, Issue rubinius#668 by Kouhei Sutou.

=== 2.1.8 / 2013-10-10

Bug fixes:

* Fixed local installation of platform gem files.  Issue rubinius#664 by Ryan Melton.
* Files starting with "." in the root directory are installed again.  Issue
  rubinius#680 by Ivo Wever, Pull Request rubinius#681 by Jeremy Evans.
* The index generator no longer indexes default gems.  Issue rubinius#661 by
  Jeremy Hinegardner.

=== 2.1.7 / 2013-10-09

Bug fixes:

* `gem sources --list` now displays a list of sources.  Pull request rubinius#672 by
  Nathan Marley.
* RubyGems no longer alters Gem::Specification.dirs when installing.  Pull
  Request rubinius#670 by Vít Ondruch
* Use RFC 2616-compatible time in HTTP headers.  Pull request rubinius#655 by Larry
  Marburger.
* RubyGems now gives a more descriptive message for missing licenses on
  validation.  Issue rubinius#656 by Markus Heiler.
* Expand unpack destination directory.  This fixes problems when File.realpath
  is missing and $GEM_HOME contains "..".  Issue rubinius#679 by Charles Nutter.

=== 2.1.6 / 2013-10-08

Bug fixes:

* Added certificates to follow the s3.amazonaws.com certificate change.  Fixes
  rubinius#665 by emeyekayee.  Fixes rubinius#671 by jonforums.
* Remove redundant built-in certificates not needed for https://rubygems.org
  Fixes rubinius#654 by Vít Ondruch.
* Added test for missing certificates for https://s3.amazonaws.com or
  https://rubygems.org.  Pull request rubinius#673 by Hannes Georg.
* RubyGems now allows a Pathname for Kernel#require like the built-in
  Kernel#require.  Pull request rubinius#663 by Aaron Patterson.
* Required rbconfig in Gem::ConfigFile for Ruby 1.9.1 compatibility.  (Ruby
  1.9.1 is no longer receiving security fixes, so please update to a newer
  version.)  Issue rubinius#676 by Michal Papis.  Issue rvm/rvm#2262 by
  Thomas Sänger.

=== 2.1.5 / 2013-09-24

Security fixes:

* RubyGems 2.1.4 and earlier are vulnerable to excessive CPU usage due to a
  backtracking in Gem::Version validation.  See CVE-2013-4363 for full details
  including vulnerable APIs.  Fixed versions include 2.1.5, 2.0.10, 1.8.27 and
  1.8.23.2 (for Ruby 1.9.3).

=== 2.1.4 / 2013-09-17

Bug fixes:

* `gem uninstall foo --all` now force-uninstalls all versions of foo.  Issue
  rubinius#650 by Kyle (remkade).
* Fixed uninstalling gems installed in the home directory (as in
  `--user-install`).  Issue rubinius#653 by Lin Jen-Shin.

=== 2.1.3 / 2013-09-12

Bug fixes:

* Gems with files entries starting with "./" no longer install 0 files.  Issue
  rubinius#644 by Darragh Curran, rubinius#645 by Brandon Turner, rubinius#646 by Alex Tambellini

=== 2.1.2 / 2013-09-11

Bug fixes:

* Restore concurrent requires following the fix for ruby bug #8374.  Pull
  request rubinius#637 and issue rubinius#640 by Charles Nutter.
* Gems with extensions are now installed correctly when the --install-dir
  option is used.  Issue rubinius#642 by Lin Jen-Shin.
* Gem fetch now fetches the newest (not oldest) gem when --version is given.
  Issue rubinius#643 by Brian Shirai.

=== 2.1.1 / 2013-09-10

Bug fixes:

* Only matching gems matching your local platform are considered for
  installation.  Issue rubinius#638 by José M. Prieto, issue rubinius#639 by sawanoboly.

=== 2.1.0 / 2013-09-09

Security fixes:

* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
  backtracking in Gem::Version validation.  See CVE-2013-4287 for full details
  including vulnerable APIs.  Fixed versions include 2.0.8, 1.8.26 and
  1.8.23.1 (for Ruby 1.9.3).  Issue rubinius#626 by Damir Sharipov.

Major enhancements:

* RubyGems uses a new dependency resolver for gem installation which works
  similar to the bundler resolver.  The new resolver can resolve conflicts the
  previous resolver could not and offers improved diagnostics when conflicts
  are discovered.

Minor enhancements:

* RubyGems now has improved platform matching for the ARM architecture.  Gems
  built with a CPU of "arm" will match any specific ARM CPU.  See `gem help
  platform` for further details.  Fixes rubinius#532 by Kim Burgestrand.
* The --version option now accepts compound requirements the same as in a gem
  dependency.  The following invocation will install rails between 4.0.0.beta
  and 4.2:

    gem install rails -v '>= 4.0.0.beta, < 4.2'

  Fixes rubinius#531 by Gary S. Weaver
* `gem clean` now allows `-n` as an alias for `--dryrun`.  Pull Request rubinius#517
  by Gastón Ramos
* Added `gem update --system` to `gem help`.  Pull Request rubinius#514 by Vince
  Wadhwani
* Added PATH to `gem env` output.  Pull Request rubinius#490 by Michal Papis
* Added --host option to `gem owner` to match other commands using the
  gemcutter API.  Pull Request rubinius#462 and issue rubinius#461 by Hugo Lopes Tavares
* Added --abort-on-dependent to `gem uninstall`.  This will abort instead of
  asking to uninstall a gem that is depended upon by another gem.  Pull
  request rubinius#549 by Philip Arndt.
* RubyGems no longer alters Gem::Specification.dirs when installing.  Based on
  Pull Request rubinius#452 by Vít Ondruch
* RubyGems uses ENV['MAKE'] or ENV['make'] over rbconfig.rb's make if present.
  Pull Request rubinius#443 by Erik Hollensbe
* RubyGems can now save remote source cache files in an alternate directory
  controlled by `ENV["GEM_SPEC_CACHE"]`.  Pull Request rubinius#489 by Michal Papis
* Generated private keys are now encrypted.  Pull Request rubinius#453 by pietro
* Separated Gem::Request from Gem::RemoteFetcher.  Pull Request rubinius#283 by Steve
  Klabnik.
* RubyGems indicates when a .gem's content is corrupt while verifying.  Bug
  rubinius#519 by William T Nelson.
* Refactored common installer setup.  Pull request rubinius#520 by Gastón Ramos
* Moved activation tests to Gem::Specification.  Pull request rubinius#521 by Gastón
  Ramos
* When a --version option with a prerelease version is given RubyGems
  automatically enables prerelease versions but only the last version is
  used.  If the first version is a prerelease version this is no longer sticky
  unless an explicit --[no-]prerelease was also given.  Fixes part of rubinius#531.
* RubyGems now supports an SSL client certificate.  Pull request rubinius#550 by
  Robert Kenny.
* RubyGems now suggests how to fix permission errors.  Pull request rubinius#553 by
  Odin Dutton.
* Added support for installing a gem as default gems for alternate ruby
  implementations.  Pull request rubinius#566 by Charles Nutter.
* Improved performance of Gem::Specification#load by caching the loaded
  gemspec.  Pull request rubinius#569 by Charlie Somerville.
* RubyGems now warns when an unsigned gem is verified if -P was given during
  installation even if the security policy allows unsigned gems and warns when
  an untrusted certificate is seen even if the security policy allows
  untrusted certificates.  Issue rubinius#474 by Grant Olson
* RubyGems can now rewrite executables with or without a shebang of
  /usr/bin/env via <code>gem pristine --all --only-executables
  --env-[no-]shebang</code>.  Issue rubinius#579 by Paul Annesley.
* RubyGems can now run its tests without OpenSSL.  Ruby Bug #8557 by nobu.
* Improved performance by caching Gem::Version objects and avoiding
  method_missing in Gem::Specification.  Pull request rubinius#447 by Jon Leighton.
* Files in a .gem now preserve their modification times.  Pull request rubinius#582 by
  Jesse Bowes
* Improved speed of looking up dependencies in SpecFetcher through
  Array#bsearch (when present).  Pull request rubinius#595 by Andras Suller
* Added `--all` option to `gem uninstall` which removes all gems in GEM_HOME.
  Pull request rubinius#584 by Shannon Skipper.
* Added Gem.find_latest_files which is equivalent to Gem.find_files but only
  returns matching files from the latest version of each gem.  Issue rubinius#186 by
  Ryan Davis.
* Improved performance of `gem outdated` by reducing duplicate work (it is
  still slow, but I see a near 50% improvement for 250 gems on a fast
  connection).  See also Gem::Specification::outdated_and_latest_version

Bug fixes:

* rubygems_plugin.rb files are now only loaded from the latest installed gem.
* Fixed Gem.clear_paths when Security is defined at top-level.  Pull request
  rubinius#625 by elarkin
* Fixed credential creation for `gem push` when `--host` is not given.  Pull
  request rubinius#622 by Arthur Nogueira Neves

------------------------------------------------------------------------------

RubyGems installed the following executables:
  /source/rubinius/rubinius/bin/gem

RubyGems system software updated

library/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = '2.1.5'
+  VERSION = '2.1.10'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

library/rubygems/commands/sources_command.rb

@@ -154,8 +154,7 @@ def list # :nodoc:
   end
 
   def list? # :nodoc:
-    !(options[:list] ||
-      options[:add] ||
+    !(options[:add] ||
       options[:clear_all] ||
       options[:remove] ||
       options[:update])

library/rubygems/commands/update_command.rb

@@ -110,7 +110,11 @@ def fetch_remote_gems spec # :nodoc:
 
     fetcher = Gem::SpecFetcher.fetcher
 
-    spec_tuples, _ = fetcher.search_for_dependency dependency
+    spec_tuples, errors = fetcher.search_for_dependency dependency
+
+    error = errors.find { |e| e.respond_to? :exception }
+
+    raise error if error
 
     spec_tuples
   end

library/rubygems/config_file.rb

@@ -5,6 +5,7 @@
 #++
 
 require 'rubygems/user_interaction'
+require 'rbconfig'
 
 ##
 # Gem::ConfigFile RubyGems options and gem command options from gemrc.

library/rubygems/core_ext/kernel_require.rb

@@ -38,6 +38,8 @@ module Kernel
   def require path
     RUBYGEMS_ACTIVATION_MONITOR.enter
 
+    path = path.to_path if path.respond_to? :to_path
+
     spec = Gem.find_unresolved_default_spec(path)
     if spec
       Gem.remove_unresolved_default_spec(spec)

library/rubygems/dependency_installer.rb

@@ -74,12 +74,6 @@ def initialize options = {}
     @only_install_dir = !!options[:install_dir]
     @install_dir = options[:install_dir] || Gem.dir
 
-    if options[:install_dir] then
-      # HACK shouldn't change the global settings, needed for -i behavior
-      # maybe move to the install command?  See also github #442
-      Gem::Specification.dirs = @install_dir
-    end
-
     options = DEFAULT_OPTIONS.merge options
 
     @bin_dir             = options[:bin_dir]
@@ -409,7 +403,9 @@ def resolve_dependencies dep_or_name, version # :nodoc:
       request_set.soft_missing = true
     end
 
-    request_set.resolve Gem::DependencyResolver.compose_sets(as, installer_set)
+    composed_set = Gem::DependencyResolver.compose_sets as, installer_set
+
+    request_set.resolve composed_set
 
     request_set
   end

library/rubygems/dependency_resolver.rb

@@ -118,7 +118,7 @@ def resolve_for needed, specs
         # on the dep for the activation itself. Otherwise, issue
         # it on the requester's request itself.
         #
-        if existing.others_possible?
+        if existing.others_possible? or existing.request.requester.nil? then
           conflict =
             Gem::DependencyResolver::DependencyConflict.new dep, existing
         else
@@ -132,16 +132,16 @@ def resolve_for needed, specs
       end
 
       # Get a list of all specs that satisfy dep and platform
-      possible = @set.find_all dep
-      possible = select_local_platforms possible
+      all_possible = @set.find_all dep
+      possible = select_local_platforms all_possible
 
       case possible.size
       when 0
         @missing << dep
 
         unless @soft_missing
           # If there are none, then our work here is done.
-          raise Gem::UnsatisfiableDependencyError, dep
+          raise Gem::UnsatisfiableDependencyError.new dep, all_possible
         end
       when 1
         # If there is one, then we just add it to specs
@@ -234,7 +234,7 @@ def resolve_for needed, specs
 
   def select_local_platforms specs # :nodoc:
     specs.select do |spec|
-      Gem::Platform.match spec.platform
+      Gem::Platform.installable? spec
     end
   end
 

library/rubygems/dependency_resolver/dependency_request.rb

@@ -32,6 +32,22 @@ def name
     @dependency.name
   end
 
+  # Indicate that the request is for a gem explicitly requested by the user
+  def explicit?
+    @requester.nil?
+  end
+
+  # Indicate that the requset is for a gem requested as a dependency of another gem
+  def implicit?
+    !explicit?
+  end
+
+  # Return a String indicating who caused this request to be added (only
+  # valid for implicit requests)
+  def request_context
+    @requester ? @requester.request : "(unknown)"
+  end
+
   def pretty_print q # :nodoc:
     q.group 2, '[Dependency request ', ']' do
       q.breakable

library/rubygems/dependency_resolver/index_set.rb

@@ -30,7 +30,7 @@ def find_all req
     name = req.dependency.name
 
     @all[name].each do |uri, n|
-      if req.dependency.match? n
+      if req.dependency.match? n then
         res << Gem::DependencyResolver::IndexSpecification.new(
           self, n.name, n.version, uri, n.platform)
       end

library/rubygems/dependency_resolver/index_specification.rb

@@ -14,12 +14,12 @@ class Gem::DependencyResolver::IndexSpecification
 
   attr_reader :version
 
-  def initialize set, name, version, source, plat
+  def initialize set, name, version, source, platform
     @set = set
     @name = name
     @version = version
     @source = source
-    @platform = plat
+    @platform = platform.to_s
 
     @spec = nil
   end

library/rubygems/dependency_resolver/installed_specification.rb

@@ -30,6 +30,16 @@ def platform
     @spec.platform
   end
 
+  def installable_platform?
+    # BACKCOMPAT If the file is coming out of a specified file, then we
+    # ignore the platform. This code can be removed in RG 3.0.
+    if @source.kind_of? Gem::Source::SpecificFile
+      return true
+    else
+      Gem::Platform.match @spec.platform
+    end
+  end
+
   def source
     @source ||= Gem::Source::Installed.new
   end

library/rubygems/dependency_resolver/installer_set.rb

@@ -87,7 +87,11 @@ def find_all req
   end
 
   def inspect # :nodoc:
-    '#<%s domain: %s specs: %p>' % [ self.class, @domain, @specs.keys ]
+    always_install = @always_install.map { |s| s.full_name }
+
+    '#<%s domain: %s specs: %p always install: %p>' % [
+      self.class, @domain, @specs.keys, always_install,
+    ]
   end
 
   ##
@@ -131,5 +135,20 @@ def load_spec name, ver, platform, source
   def prefetch(reqs)
   end
 
+  def pretty_print q # :nodoc:
+    q.group 2, '[InstallerSet', ']' do
+      q.breakable
+      q.text "domain: #{@domain}"
+
+      q.breakable
+      q.text 'specs: '
+      q.pp @specs.keys
+
+      q.breakable
+      q.text 'always install: '
+      q.pp @always_install
+    end
+  end
+
 end
 

library/rubygems/errors.rb

@@ -85,5 +85,10 @@ def initialize(source, error)
     def wordy
       "Unable to download data from #{@source.uri} - #{@error.message}"
     end
+
+    ##
+    # The "exception" alias allows you to call raise on a SourceFetchProblem.
+
+    alias exception error
   end
 end

library/rubygems/exceptions.rb

@@ -179,10 +179,17 @@ class Gem::UnsatisfiableDependencyError < Gem::Exception
 
   attr_reader :dependency
 
-  def initialize dep
-    requester = dep.requester ? dep.requester.request : '(unknown)'
-
-    super "Unable to resolve dependency: #{requester} requires #{dep}"
+  def initialize dep, platform_mismatch=nil
+    if platform_mismatch and !platform_mismatch.empty?
+      plats = platform_mismatch.map { |x| x.platform.to_s }.sort.uniq
+      super "Unable to resolve dependency: No match for '#{dep}' on this platform. Found: #{plats.join(', ')}"
+    else
+      if dep.explicit?
+        super "Unable to resolve dependency: user requested '#{dep}'"
+      else
+        super "Unable to resolve dependency: '#{dep.request_context}' requires '#{dep}'"
+      end
+    end
 
     @dependency = dep
   end

library/rubygems/ext/cmake_builder.rb

@@ -1,3 +1,5 @@
+require 'rubygems/command'
+
 class Gem::Ext::CmakeBuilder < Gem::Ext::Builder
   def self.build(extension, directory, dest_path, results)
     unless File.exist?('Makefile') then

library/rubygems/indexer.rb

@@ -126,7 +126,7 @@ def build_indicies
   # Builds Marshal quick index gemspecs.
 
   def build_marshal_gemspecs
-    count = Gem::Specification.count
+    count = Gem::Specification.count { |s| not s.default_gem? }
     progress = ui.progress_reporter count,
                                     "Generating Marshal quick index gemspecs for #{count} gems",
                                     "Complete"
@@ -135,6 +135,7 @@ def build_marshal_gemspecs
 
     Gem.time 'Generated Marshal quick index gemspecs' do
       Gem::Specification.each do |spec|
+        next if spec.default_gem?
         spec_file_name = "#{spec.original_name}.gemspec.rz"
         marshal_name = File.join @quick_marshal_dir, spec_file_name
 
@@ -188,10 +189,13 @@ def build_modern_index(index, file, name)
   # Builds indicies for RubyGems 1.2 and newer. Handles full, latest, prerelease
 
   def build_modern_indicies
-    prerelease, released = Gem::Specification.partition { |s|
+    specs = Gem::Specification.reject { |s| s.default_gem? }
+
+    prerelease, released = specs.partition { |s|
       s.version.prerelease?
     }
-    latest_specs = Gem::Specification.latest_specs
+    latest_specs =
+      Gem::Specification.latest_specs.reject { |s| s.default_gem? }
 
     build_modern_index(released.sort, @specs_index, 'specs')
     build_modern_index(latest_specs.sort, @latest_specs_index, 'latest specs')

library/rubygems/installer.rb

@@ -4,6 +4,7 @@
 # See LICENSE.txt for permissions.
 #++
 
+require 'rubygems/command'
 require 'rubygems/exceptions'
 require 'rubygems/package'
 require 'rubygems/ext'

library/rubygems/package.rb

@@ -339,13 +339,9 @@ def extract_files destination_dir, pattern = "*"
   def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
     open_tar_gz io do |tar|
       tar.each do |entry|
-        # Some entries start with "./" which fnmatch does not like, see github
-        # issue #644
-        full_name = entry.full_name.sub %r%\A\./%, ''
+        next unless File.fnmatch pattern, entry.full_name, File::FNM_DOTMATCH
 
-        next unless File.fnmatch pattern, full_name
-
-        destination = install_location full_name, destination_dir
+        destination = install_location entry.full_name, destination_dir
 
         FileUtils.rm_rf destination
 
@@ -386,6 +382,7 @@ def install_location filename, destination_dir # :nodoc:
 
     destination_dir = File.realpath destination_dir if
       File.respond_to? :realpath
+    destination_dir = File.expand_path destination_dir
 
     destination = File.join destination_dir, filename
     destination = File.expand_path destination

library/rubygems/platform.rb

@@ -29,6 +29,14 @@ def self.match(platform)
     end
   end
 
+  def self.installable?(spec)
+    if spec.respond_to? :installable_platform?
+      spec.installable_platform?
+    else
+      match spec.platform
+    end
+  end
+
   def self.new(arch) # :nodoc:
     case arch
     when Gem::Platform::CURRENT then

library/rubygems/request.rb

@@ -78,8 +78,8 @@ def connection_for(uri)
       net_http_args += [
         @proxy_uri.host,
         @proxy_uri.port,
-        @proxy_uri.user,
-        @proxy_uri.password
+        Gem::UriFormatter.new(@proxy_uri.user).unescape,
+        Gem::UriFormatter.new(@proxy_uri.password).unescape,
       ]
     end
 
@@ -114,8 +114,7 @@ def fetch
     request.add_field 'Keep-Alive', '30'
 
     if @last_modified then
-      @last_modified = @last_modified.utc
-      request.add_field 'If-Modified-Since', @last_modified.rfc2822
+      request.add_field 'If-Modified-Since', @last_modified.httpdate
     end
 
     yield request if block_given?

library/rubygems/request_set.rb

@@ -5,6 +5,19 @@
 require 'rubygems/installer'
 require 'tsort'
 
+##
+# A RequestSet groups a request to activate a set of dependencies.
+#
+#   nokogiri = Gem::Dependency.new 'nokogiri', '~> 1.6'
+#   pg = Gem::Dependency.new 'pg', '~> 0.14'
+#
+#   set = Gem::RequestSet.new nokogiri, pg
+#
+#   requests = set.resolve
+#
+#   p requests.map { |r| r.full_name }
+#   #=> ["nokogiri-1.6.0", "mini_portile-0.5.1", "pg-0.17.0"]
+
 class Gem::RequestSet
 
   include TSort
@@ -23,6 +36,15 @@ class Gem::RequestSet
 
   attr_accessor :soft_missing
 
+  ##
+  # Creates a RequestSet for a list of Gem::Dependency objects, +deps+.  You
+  # can then #resolve and #install the resolved list of dependencies.
+  #
+  #   nokogiri = Gem::Dependency.new 'nokogiri', '~> 1.6'
+  #   pg = Gem::Dependency.new 'pg', '~> 0.14'
+  #
+  #   set = Gem::RequestSet.new nokogiri, pg
+
   def initialize *deps
     @dependencies = deps