rpms
/
rubygem-bundler
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import rubygem-bundler-1.16.1-4.module+el8.5.0+13840+ec418553

Browse Source
c8-stream-2.5 imports/c8-stream-2.5/rubygem-bundler-1.16.1-4.module+el8.10.0+22021+135c76a8
CentOS Sources 3 years ago committed by MSVSphere Packaging Team
commit a846949f10
5 changed files with 759 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -0,0 +1,2 @@
SOURCES/bundler-1.16.1-specs.tgz
SOURCES/bundler-1.16.1.gem

2
.rubygem-bundler.metadata
Unescape View File

@ -0,0 +1,2 @@
d4e20b5d15ca4bba1338eddc7b9e8b858fa10dc1 SOURCES/bundler-1.16.1-specs.tgz
bca8cd6a0d44524c55a04256307da33e6fe37d5f SOURCES/bundler-1.16.1.gem

266
SOURCES/ruby-bundler-raise-error-in-dependency-confusion-tests.patch
Unescape View File

@ -0,0 +1,266 @@
diff --git a/spec/bundler/bundler/definition_dep_confusion_spec.rb b/spec/bundler/bundler/definition_dep_confusion_spec.rb
new file mode 100644
index 0000000000..9fee464960
--- /dev/null
+++ b/spec/bundler/bundler/definition_dep_confusion_spec.rb
@@ -0,0 +1,257 @@
+# frozen_string_literal: true
+
+require "bundler/definition"
+
+RSpec.describe Bundler::Definition do
+ before do
+ allow(Bundler::SharedHelpers).to receive(:find_gemfile) { Pathname.new("Gemfile") }
+ end
+
+ let(:sources) { Bundler::SourceList.new }
+ subject { Bundler::Definition.new(nil, [], sources, []) }
+
+ describe "#validate_dependency_confusion!" do
+ before do
+ subject.instance_variable_set(:@remote, remote)
+ end
+
+ context "when it's not remote" do
+ let(:remote) { false }
+
+ it "should neither raise an error nor warn" do
+ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion)
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+
+ context "when it's remote" do
+ before do
+ allow(sources).to receive(:non_global_rubygems_sources).and_return(non_global_rubygems_sources)
+ end
+
+ let(:remote) { true }
+
+ context "when the number of non-global source is zero" do
+ let(:non_global_rubygems_sources) { [] }
+
+ it "should neither raise an error nor warn" do
+ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion)
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+
+ context "when there are any non dependency API non global sources" do
+ let(:non_global_rubygems_sources) do
+ [
+ double("non-global-source-0", :dependency_api_available? => true, :to_s => "a"),
+ double("non-global-source-1", :dependency_api_available? => false, :to_s => "b"),
+ double("non-global-source-2", :dependency_api_available? => false, :to_s => "c"),
+ ]
+ end
+
+ it "should raise an error or warn" do
+ expect(subject).to receive(:raise_error_or_warn_dependency_confusion).with(<<-M.strip)
+Your Gemfile contains scoped sources that don't implement a dependency API, namely:
+
+ * b
+ * c
+
+Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers.
+ M
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+
+ context "when all the non global sources implement dependency API" do
+ before do
+ allow(subject).to receive(:indirect_dependency_names_in_non_global_rubygems_soruces).and_return(indirect_dependency_names)
+ subject.instance_variable_set(:@index, index)
+ end
+
+ let(:non_global_rubygems_sources) do
+ [
+ double("non-global-source-0", :dependency_api_available? => true, :to_s => "a"),
+ double("non-global-source-1", :dependency_api_available? => true, :to_s => "b"),
+ ]
+ end
+
+ let(:index) { double("index", :sources => index_sources) }
+ let(:index_sources) do
+ [
+ double("index-source-1", :spec_names => ["a1", "a2"]),
+ double("index-source-2", :spec_names => ["a2", "b1", "b2"]),
+ double("index-source-3", :spec_names => ["b2"])
+ ]
+ end
+
+ context "when there is not an indirect dependency in the non global sources" do
+ let(:indirect_dependency_names) {[]}
+
+ it "should neither raise an error nor warn" do
+ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion)
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+
+ context "when there is an indirect dependency in the non global sources" do
+
+ context "when the indirect dependency doesn't exist in another source" do
+ let(:indirect_dependency_names) {["a1", "b1"]}
+
+ it "should neither raise an error nor warn" do
+ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion)
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+
+ context "when the indirect dependency also exists in anotehr source" do
+ let(:indirect_dependency_names) {["a1", "a2", "b2"]}
+
+ it "should raise an error or warn" do
+ expect(subject).to receive(:raise_error_or_warn_dependency_confusion).with(<<-M.strip)
+Your Gemfile contains implicit dependency gems a2, b2 on the scoped sources, namely:
+
+ * a
+ * b
+
+Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile.
+ M
+ subject.send(:validate_dependency_confusion!)
+ end
+ end
+ end
+ end
+ end
+ end
+
+ describe "#indirect_dependency_names_in_non_global_rubygems_soruces" do
+ before do
+ subject.instance_variable_set(:@dependencies, dependencies)
+ allow(sources).to receive(:non_global_rubygems_sources).and_return(non_global_rubygems_sources)
+ end
+
+ # Direct dependencies
+ let(:dependencies) do
+ [
+ double("dependency-0", :name => "g0"),
+ double("dependency-1", :name => "g3")
+ ]
+ end
+ let(:non_global_rubygems_sources) do
+ [
+ double("non-global-source-0", :specs => index_0, :to_s => "s0"),
+ double("non-global-source-1", :specs => index_1, :to_s => "s1"),
+ ]
+ end
+ let(:index_0) do
+ # All the dependencies in the source-0.
+ index = double("index-0", :dependency_names => ["g0", "g1", "g2", "g5"])
+ allow(index).to receive(:local_search) do |query|
+ return_map = {
+ "g1" => [double("spec", :class => Bundler::StubSpecification, :to_s => "g1")],
+ "g2" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g2")],
+ "g5" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g5")]
+ }
+ return_map[query]
+ end
+ index
+ end
+ let(:index_1) do
+ # All the dependencies in the source-1.
+ index = double("index-1", :dependency_names => ["g3", "g4", "g5"])
+ allow(index).to receive(:local_search) do |query|
+ return_map = {
+ "g4" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g4")],
+ "g5" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g5")]
+ }
+ return_map[query]
+ end
+ index
+ end
+
+ it "should return only indirect dependencies of endpoint specification" do
+ expect(subject.send(:indirect_dependency_names_in_non_global_rubygems_soruces)).to eq(["g2", "g4", "g5"])
+ end
+ end
+
+ describe "#raise_error_or_warn_dependency_confusion" do
+ before do
+ allow(subject).to receive(:warn_on_dependnecy_confusion?).and_return(warn_on_dependnecy_confusion)
+ end
+
+ context "when #warn_on_dependnecy_confusion? returns false" do
+ let(:warn_on_dependnecy_confusion) { false }
+
+ it "should raise an error" do
+ expect(Bundler.ui).not_to receive(:warn)
+ expect do
+ subject.send(:raise_error_or_warn_dependency_confusion, "This is a message.")
+ end.to raise_error(Bundler::SecurityError, "This is a message. " \
+ "Or set the environment variable BUNDLE_WARN_ON_DEPENDENCY_CONFUSION.")
+ end
+ end
+
+ context "when #warn_on_dependnecy_confusion? returns true" do
+ let(:warn_on_dependnecy_confusion) { true }
+
+ it "should warn" do
+ expect(Bundler.ui).to receive(:warn).with(<<-W.strip)
+This is a message.
+W
+ subject.send(:raise_error_or_warn_dependency_confusion, "This is a message.")
+ end
+ end
+ end
+
+ describe "#warn_on_dependnecy_confusion?" do
+ context "when BUNDLE_WARN_ON_DEPENDENCY_CONFUSION is set" do
+ it "should return true" do
+ with_env({"BUNDLE_WARN_ON_DEPENDENCY_CONFUSION" => "1"}) do
+ expect(subject.send(:warn_on_dependnecy_confusion?)).to be_truthy
+ end
+ end
+ end
+
+ context "when BUNDLE_WARN_ON_DEPENDENCY_CONFUSION is not set" do
+ it "should return false" do
+ with_env({"BUNDLE_WARN_ON_DEPENDENCY_CONFUSION" => nil}) do
+ expect(subject.send(:warn_on_dependnecy_confusion?)).to be_falsy
+ end
+ end
+ end
+ end
+
+ describe "#disable_dependency_confusion_check?" do
+ context "when BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK is set" do
+ it "should return true" do
+ with_env({"BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK" => "1"}) do
+ expect(subject.send(:disable_dependency_confusion_check?)).to be_truthy
+ end
+ end
+ end
+
+ context "when BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK is not set" do
+ it "should return false" do
+ with_env({"BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK" => nil}) do
+ expect(subject.send(:disable_dependency_confusion_check?)).to be_falsy
+ end
+ end
+ end
+ end
+
+ def with_env(env={})
+ begin
+ tmp_env = {}
+ env.each do |key, value|
+ tmp_env[key] = ENV.delete key
+ ENV[key] = value
+ end
+
+ yield
+ ensure
+ tmp_env.each do |key, value|
+ ENV[key] = value
+ end
+ end
+ end
+end
--
2.31.1

156
SOURCES/ruby-bundler-raise-error-in-dependency-confusion.patch
Unescape View File

@ -0,0 +1,156 @@
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb
index 8e56d4a9bc..c37946b46c 100644
--- a/lib/bundler/definition.rb
+++ b/lib/bundler/definition.rb
@@ -901,6 +901,8 @@ def source_requirements
# Load all specs from remote sources
index
+ validate_dependency_confusion! unless disable_dependency_confusion_check?
+
# Record the specs available in each gem's source, so that those
# specs will be available later when the resolver knows where to
# look for that gemspec (or its dependencies)
@@ -980,5 +982,112 @@ def equivalent_rubygems_remotes?(source)
Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
end
+
+ def validate_dependency_confusion!
+ # Continue if there is a scoped repository in the remote case.
+ return unless @remote && sources.non_global_rubygems_sources.size > 0
+
+ # Raise an error unless all the scope repositories implement the dependency API.
+ # When there is a non-dependency API scoped repository, we cannot get
+ # indirect dependencies used in a `Gemfile`.
+ unless sources.non_global_rubygems_sources.all?(&:dependency_api_available?)
+ non_api_sources = sources.non_global_rubygems_sources.reject(&:dependency_api_available?)
+ non_api_source_names_str = non_api_sources.map {|d| " * #{d}" }.join("\n")
+
+ msg = String.new
+ msg << "Your Gemfile contains scoped sources that don't implement a dependency API, namely:\n\n"
+ msg << non_api_source_names_str
+ msg << "\n\nUsing the above gem servers may result in installing unexpected gems. " \
+ "To resolve this warning, make sure you use gem servers that implement dependency APIs, " \
+ "such as gemstash or geminabox gem servers."
+ raise_error_or_warn_dependency_confusion(msg)
+ return
+ end
+
+ indirect_dep_names = indirect_dependency_names_in_non_global_rubygems_soruces
+ # Get all the gem names from the index made from the default source.
+ # default_source_dep_names = @index.sources.select(&:default_source_used?).map(&:spec_names).flatten
+ # Get all the gem names from each source.
+ all_spec_names_list = @index.sources.map(&:spec_names)
+
+ # Only include the indirect dependency gems on the scoped sources that
+ # also exist on another source. The gems are included in more than 2
+ # sources (the own source + another source). If the gems don't exist on
+ # the another source, the dependency confusion doesn't happen.
+ indirect_dep_names.select! do |name|
+ source_num = all_spec_names_list.select {|all_names| all_names.include?(name) }
+ source_num.size >= 2
+ end
+
+ # Raise an error if there is an indirect dependency.
+ if indirect_dep_names.size > 0
+ dep_names_str = indirect_dep_names.join(", ")
+ source_names_str = sources.non_global_rubygems_sources.map {|d| " * #{d}" }.join("\n")
+
+ msg = String.new
+ msg << "Your Gemfile contains implicit dependency gems #{dep_names_str} on the scoped sources, namely:\n\n"
+ msg << source_names_str
+ msg << "\n\nUsing implicit dependency gems on the above sources may result in installing unexpected gems. "
+ msg << "To suppress this message, make sure you set the gems explicitly in the Gemfile."
+ raise_error_or_warn_dependency_confusion(msg)
+ return
+ end
+ end
+
+ def raise_error_or_warn_dependency_confusion(msg)
+ if warn_on_dependnecy_confusion?
+ Bundler.ui.warn msg
+ else
+ msg = "#{msg} Or set the environment variable BUNDLE_WARN_ON_DEPENDENCY_CONFUSION."
+ raise SecurityError, msg
+ end
+ end
+
+ def indirect_dependency_names_in_non_global_rubygems_soruces
+ # Indirect dependency gem names
+ indirect_dep_names = []
+ # Direct dependency gem names
+ direct_dep_names = @dependencies.map(&:name)
+
+ sources.non_global_rubygems_sources.each do |s|
+ # If the non dependency API source is used, the `dependency_names`
+ # returns gems not only used in the `Gemfile`, but also returns ones
+ # existing in the scoped source too. This method shouldn't be used with
+ # the non dependency API sources.
+ s.specs.dependency_names.each do |dep_name|
+ # Exclude direct dependency gems.
+ next if direct_dep_names.include?(dep_name)
+
+ s.specs.local_search(dep_name).each do |spec|
+ # Debug gems with unexpected `spec.class`.
+ Bundler.ui.debug "Found dependency gem #{dep_name} (#{spec.class}) in scoped sources."
+ # StubSpecification extending RemoteSpecification: the gems by
+ # `gem list`. Exclude the gems.
+ # EndpointSpecification: gems returned by dependency API such as
+ # geminabox
+ # RemoteSpecification: gems returned by non dependency API such as
+ # gem server. This method cannot be executed with the non
+ # dependency API sources.
+ indirect_dep_names << dep_name if spec.class == EndpointSpecification
+ end
+ end
+ end
+
+ indirect_dep_names.sort.uniq
+ end
+
+ # Print a warning instead of raising an error when this option is enabled.
+ # Don't use Bundler.settings to minimize the difference to backport easily
+ # and avoid additional tests.
+ def warn_on_dependnecy_confusion?
+ @warn_on_dependnecy_confusion ||= ENV["BUNDLE_WARN_ON_DEPENDENCY_CONFUSION"]
+ end
+
+ # Disable the dependency confusion check when this option is enabled.
+ # The option can be used as a workaround if the check logic is problematic
+ # in a case such as a performance issue.
+ def disable_dependency_confusion_check?
+ @disable_dependnecy_confusion_check ||= ENV["BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK"]
+ end
end
end
diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb
index 485b388a32..48a2ab736b 100644
--- a/lib/bundler/source/rubygems.rb
+++ b/lib/bundler/source/rubygems.rb
@@ -287,6 +287,10 @@ def dependency_names_to_double_check
names
end
+ def dependency_api_available?
+ api_fetchers.any?
+ end
+
protected
def credless_remotes
diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb
index ac2adacb3d..37869878ce 100644
--- a/lib/bundler/source_list.rb
+++ b/lib/bundler/source_list.rb
@@ -64,6 +64,10 @@ def rubygems_sources
@rubygems_sources + [default_source]
end
+ def non_global_rubygems_sources
+ @rubygems_sources
+ end
+
def rubygems_remotes
rubygems_sources.map(&:remotes).flatten.uniq
end

333
SPECS/rubygem-bundler.spec
Unescape View File

@ -0,0 +1,333 @@
%global gem_name bundler
# Enable test when building on local.
%bcond_with tests
# Ideally it should be checked against FileUtils::VERSION.
# https://github.com/ruby/fileutils/pull/12
%global fileutils_version 0.7.2
%global molinillo_version 0.6.4
%global net_http_persistent_version 2.9.4
%global thor_version 0.20.0
Name: rubygem-%{gem_name}
Version: 1.16.1
Release: 4%{?dist}
Summary: Library and utilities to manage a Ruby application's gem dependencies
Group: Development/Languages
License: MIT
URL: http://bundler.io
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# git clone https://github.com/bundler/bundler.git && cd bundler
# git checkout v1.16.1 && tar czvf bundler-1.16.1-specs.tgz spec/
Source1: %{gem_name}-%{version}-specs.tgz
# Raise an error or print a warning in dependency confusion cases.
# https://github.com/rubygems/rubygems/pull/5029
Patch0: ruby-bundler-raise-error-in-dependency-confusion.patch
Patch1: ruby-bundler-raise-error-in-dependency-confusion-tests.patch
# ruby package has just soft dependency on rubygem(io-console), while
# Bundler always requires it.
Requires: rubygem(io-console)
BuildRequires: ruby(release)
BuildRequires: rubygems-devel
BuildRequires: ruby
%if %{with tests}
BuildRequires: ruby-devel
BuildRequires: rubygem(rspec) >= 3.0
BuildRequires: rubygem(rake)
BuildRequires: git
BuildRequires: %{_bindir}/ps
%endif
# https://github.com/bundler/bundler/issues/3647
Provides: bundled(rubygem-fileutils) = %{fileutils_version}
Provides: bundled(rubygem-molinillo) = %{molinillo_version}
Provides: bundled(rubygem-net-http-persisntent) = %{net_http_persistent_version}
Provides: bundled(rubygem-thor) = %{thor_version}
BuildArch: noarch
%description
Bundler manages an application's dependencies through its entire life, across
many machines, systematically and repeatably.
%package doc
Summary: Documentation for %{name}
Group: Documentation
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description doc
Documentation for %{name}.
%prep
%setup -q -c -T
%gem_install -n %{SOURCE0}
pushd .%{gem_instdir}
%patch0 -p1
popd
%build
%install
mkdir -p %{buildroot}%{gem_dir}
cp -a .%{gem_dir}/* \
%{buildroot}%{gem_dir}/
mkdir -p %{buildroot}%{_bindir}
cp -a .%{_bindir}/* \
%{buildroot}%{_bindir}/
find %{buildroot}%{gem_instdir}/exe -type f | xargs chmod a+x
# Remove unnecessary executable bit.
# https://github.com/bundler/bundler/pull/6285
chmod a-x %{buildroot}%{gem_libdir}/bundler/templates/Executable
# Man pages are used by Bundler internally, do not remove them!
for n in 5 1; do
mkdir -p %{buildroot}%{_mandir}/man${n}
for file in %{buildroot}%{gem_instdir}/man/*.${n}; do
base_name=$(basename "${file}")
cp -a "${file}" "%{buildroot}%{_mandir}/man${n}/${base_name}"
done
done
%check
pushd .%{gem_instdir}
# Check bundled libraries.
[ `ls lib/bundler/vendor | wc -l` == 4 ]
ruby -e '
module Bundler; end
require "./lib/bundler/vendor/fileutils/lib/fileutils.rb"'
[ `ruby -e '
module Bundler; end
require "./lib/bundler/vendor/molinillo/lib/molinillo/gem_metadata"
puts Bundler::Molinillo::VERSION'` == '%{molinillo_version}' ]
[ `ruby -Ilib -e '
module Bundler; module Persistent; module Net; module HTTP; end; end; end; end
require "./lib/bundler/vendor/net-http-persistent/lib/net/http/persistent"
puts Bundler::Persistent::Net::HTTP::Persistent::VERSION'` == '%{net_http_persistent_version}' ]
[ `ruby -e '
module Bundler; end
require "./lib/bundler/vendor/thor/lib/thor/version"
puts Bundler::Thor::VERSION'` == '%{thor_version}' ]
# Test suite has to be disabled for official build, since it downloads various
# gems, which are not in Fedora or they have different version etc.
# Nevertheless, the test suite should run for local builds.
%if %{with tests}
tar xzvf %{SOURCE1}
cat %{PATCH1} | patch -p1
# Re-create bundler.gemspec used in spec/spec_helper.rb to avoid unnecessary
# git dependency.
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
# Color tests do not work in mock building process (but this can be tested
# running from shell).
# https://github.com/rpm-software-management/mock/issues/136
sed -i '/^ context "with color" do$/,/^ end$/ s/^/#/' \
spec/bundler/source_spec.rb
# This test fails due to rubypick.
sed -i '/^ it "like a normally executed executable" do$/,/^ end$/ s/^/#/' \
spec/commands/exec_spec.rb
# RDoc is not default gem on Fedora.
sed -i '/^ context "given a default gem shippped in ruby" do$/,/^ end$/ s/^/#/' \
spec/commands/info_spec.rb
# Avoid unexpected influence of Fedora specific configuration. This forces
# Ruby to load this empty operating_system.rb instead of operatin_system.rb
# shipped as part of RubyGems.
mkdir -p %{_builddir}/rubygems/rubygems/defaults/
touch %{_builddir}/rubygems/rubygems/defaults/operating_system.rb
# Suppress warnings by "git init" on Git >= 2.28.
# Running `git config --global init.defaultBranch <name>` is not enough.
# https://github.blog/2020-07-27-highlights-from-git-2-28/
for file in \
lib/bundler/cli/gem.rb \
spec/bundler/gem_helper_spec.rb \
spec/commands/show_spec.rb \
spec/support/builders.rb
do
sed -E -i 's|(git init( --bare)?)|\1 2> /dev/null|' $file
done
# It is necessary to require spec_helper.rb explicitly.
# https://github.com/bundler/bundler/pull/5634
# To pass other tests, set BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK
RUBYOPT=-I%{_builddir}/rubygems GEM_PATH=/usr/share/gems \
BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK=1 \
rspec -rspec_helper spec -f d
%endif
popd
%files
%dir %{gem_instdir}
%{_bindir}/bundle
%{_bindir}/bundler
%exclude %{gem_instdir}/.*
%exclude %{gem_libdir}/bundler/ssl_certs/index.rubygems.org
%exclude %{gem_libdir}/bundler/ssl_certs/rubygems.global.ssl.fastly.net
%exclude %{gem_libdir}/bundler/ssl_certs/rubygems.org
%exclude %{gem_libdir}/bundler/ssl_certs/.document
%license %{gem_instdir}/LICENSE.md
%exclude %{gem_instdir}/bundler.gemspec
%{gem_instdir}/exe
%{gem_libdir}
%exclude %{gem_instdir}/man/*.ronn
%doc %{gem_instdir}/man
%exclude %{gem_cache}
%{gem_spec}
%doc %{_mandir}/man1/*
%doc %{_mandir}/man5/*
%files doc
%doc %{gem_docdir}
%doc %{gem_instdir}/CHANGELOG.md
%doc %{gem_instdir}/README.md
%changelog
* Mon Dec 13 2021 Jun Aruga <jaruga@redhat.com> - 1.16.1-4
- Fix Bundler dependency confusion.
Resolves: CVE-2020-36327
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Feb 01 2018 Vít Ondruch <vondruch@redhat.com> - 1.16.1-2
- Remove unnecessary executable bit.
* Tue Jan 02 2018 Jun Aruga <jaruga@redhat.com> - 1.16.1-1
- Update to Bundler 1.16.1.
* Mon Nov 06 2017 Jun Aruga <jaruga@redhat.com> - 1.16.0-1
- Update to Bundler 1.16.0.
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Jan 02 2017 Vít Ondruch <vondruch@redhat.com> - 1.13.7-1
- Update to Bundler 1.13.7.
* Fri Dec 16 2016 Vít Ondruch <vondruch@redhat.com> - 1.13.6-1
- Update to Bundler 1.13.6.
* Wed Jul 27 2016 Vít Ondruch <vondruch@redhat.com> - 1.12.5-1
- Update to Bundler 1.12.5.
* Fri Apr 08 2016 Vít Ondruch <vondruch@redhat.com> - 1.10.6-3
- Explicitly set rubygem(io-console) dependency.
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Oct 12 2015 Vít Ondruch <vondruch@redhat.com> - 1.10.6-1
- Update to Bundler 1.10.6.
- Keep vendored libraries.
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Feb 05 2015 Vít Ondruch <vondruch@redhat.com> - 1.7.8-2
- Properly uninstall the vendor directory.
* Tue Dec 09 2014 Vít Ondruch <vondruch@redhat.com> - 1.7.8-1
- Update to Bundler 1.7.8.
* Thu Nov 20 2014 Josef Stribny <jstribny@redhat.com> - 1.7.6-2
- Keep ssl_certs/certificate_manager.rb file (used in tests)
- Correctly add load paths for gems during tests
* Wed Nov 12 2014 Josef Stribny <jstribny@redhat.com> - 1.7.6-1
- Update to 1.7.6
* Tue Nov 11 2014 Josef Stribny <jstribny@redhat.com> - 1.7.4-2
- Use symlinks for vendored libraries (rhbz#1163039)
* Mon Oct 27 2014 Vít Ondruch <vondruch@redhat.com> - 1.7.4-1
- Update to Bundler 1.7.4.
- Add thor and net-http-persistent dependencies into .gemspec.
* Mon Sep 22 2014 Josef Stribny <jstribny@redhat.com> - 1.7.3-1
- Update to 1.7.3
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Jan 12 2014 Sam Kottler <skottler@fedoraproject.org> - 1.5.2-1
- Update to 1.5.2 (BZ #1047222)
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jun 11 2013 Vít Ondruch <vondruch@redhat.com> - 1.3.5-1
- Update to Bundler 1.3.5.
* Mon Mar 04 2013 Josef Stribny <jstribny@redhat.com> - 1.3.1-1
- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0
- Update to Bundler 1.3.1
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Nov 02 2012 Bohuslav Kabrda <bkabrda@redhat.com> - 1.2.1-1
- Update to Bundler 1.2.1.
- Fix permissions on some executable files.
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jul 13 2012 Vít Ondruch <vondruch@redhat.com> - 1.1.4-1
- Update to Bundler 1.1.4.
* Wed Feb 01 2012 Vít Ondruch <vondruch@redhat.com> - 1.0.21-1
- Rebuilt for Ruby 1.9.3.
- Update to Bundler 1.0.21.
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jul 07 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.15-1
- Updated to Bundler 1.0.15
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb 04 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.10-1
- Upstream update
* Thu Jan 27 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.9-2
- More concise summary
- Do not remove manpages, they are used internally
- Added buildroot cleanup in clean section
* Mon Jan 24 2011 Vít Ondruch <vondruch@redhat.com> - 1.0.9-1
- Bumped to Bundler 1.0.9
- Installed manual pages
- Removed obsolete buildroot cleanup
* Mon Nov 1 2010 Jozef Zigmund <jzigmund@redhat.com> - 1.0.3-2
- Add ruby(abi) dependency
- Add using macro %%{geminstdir} in files section
- Add subpackage doc for doc files
- Removed .gitignore file
- Removed rubygem-thor from vendor folder
- Add dependency rubygem(thor)
* Mon Oct 18 2010 Jozef Zigmund <jzigmund@redhat.com> - 1.0.3-1
- Initial package
Write Preview
Loading…
Cancel
Save