It seems that since ruby openssl 2.1.0 [[1]], the distinguished name
submitted to `OpenSSL::X509::Name.parse` is not correctly parsed if it
does not contain the first slash:
~~~
$ ruby -v
ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-linux]
$ gem list | grep openssl
openssl (default: 2.2.0)
$ irb -r openssl
irb(main):001:0> OpenSSL::X509::Name.parse("CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody/DC=example"
irb(main):002:0> OpenSSL::X509::Name.parse("/CN=nobody/DC=example").to_s(OpenSSL::X509::Name::ONELINE)
=> "CN = nobody, DC = example"
~~~
Instead, use `OpenSSL::X509::Name.new` directly as suggested by upstream
maintainer.
[1]: 19c67cd10chttps://github.com/rubygems/rubygems/commit/09ca0c2dae
Co-authored-by: Kazuki Yamaguchi <k@rhe.jp>
The previous commit introduces the Gem::Security.create_digest method, allowing to:
- decouple algorithm choice from implementation (OpenSSL or Ruby built-in)
- untangle the SHA512 fallback for TarWriter from the generic hashing digest choice (undoing commit 9471f8ed2bdc12248d2619bbbce6e53cd6c16cb6)
https://github.com/rubygems/rubygems/commit/1bc03231e4
`Gem::Package::TarWriter#add_file_signed` expects to fallback to
`Digest::SHA512`, and `digest.respond_to? :name` or not.
So lib/rubygems/security.rb should use same logic for
`Gem::Security::DIGEST_ALGORITHM` and `Gem::Security::DIGEST_NAME`.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63851 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* Details of changes:
0090800402/History.txt (L3)
* I kept ko1's commmit related thread issue. It's not merged 2.6 branch on rubygems.
1721dfa0ea
* I removed test_realworld_default_gem from rubygems-2.6.12. It fails on
Ruby trunk. Because it's differences of test suite and environment.
https://github.com/rubygems/rubygems/pull/1899
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58530 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It supports to enable frozen string literal and add `--norc` option for
disable to `.gemrc` configuration.
See 2.5.2 release notes for other fixes and enhancements.
a8aa3bac72/History.txt (L3)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53707 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/rubygems/security.rb (DIGEST_ALGORITHM, KEY_ALGORITHM):
should check same name as the used constants.
[ruby-core:72674] [Bug #11940]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53419 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When you change this to true, you may need to add more tests.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53141 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Fixed installing platform gems
Restored concurrent requires
Fixed installing gems with extensions with --install-dir
Fixed `gem fetch -v` to install the latest version
Fixed installing gems with "./" in their files entries
* test/rubygems/test_gem_package.rb: Tests for the above.
* NEWS: Updated for RubyGems 2.1.3
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42938 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
showing details. [ruby-trunk - Bug #8019] RubyGems bug #487
* lib/rubygems/remote_fetcher.rb: ditto.
* lib/rubygems/security/policy.rb: ditto.
* test/rubygems/test_gem_commands_query_command.rb: Test for the
above.
* lib/rubygems/security.rb: Make OpenSSL optional for RubyGems.
* lib/rubygems/commands/cert_command.rb: ditto.
* lib/rubygems/config_file.rb: Display file with YAML error, not
~/.gemrc
* lib/rubygems/remote_fetcher.rb: Only create gem subdirectories when
installing gems.
* lib/rubygems/dependency_resolver.rb: ditto.
* lib/rubygems/test_utilities.rb: ditto.
* test/rubygems/test_gem_commands_fetch_command.rb: Test for the
above.
* lib/rubygems/spec_fetcher.rb: Only try to upgrade
http://rubygems.org to HTTPS
* test/rubygems/test_gem_spec_fetcher.rb: Test for the above.
* lib/rubygems.rb: Update win_platform? check for JRuby compatibility.
* test/rubygems/test_gem_installer.rb: Update for Ruby 1.9.2
compatibility
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39606 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Hiroshi SHIBATA
David Rodríguez
Takuya Noguchi
Vít Ondruch
Jenny Shen
Bart de Water
hsbt
kazu
nobu
naruse
zzak
drbrain
ryan
matz