ruby
diff --git a/‎.changelog.yml‎
Lines changed: 1 addition & 1 deletion b/‎.changelog.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ruby-core.yml‎
Lines changed: 3 additions & 5 deletions b/‎.github/workflows/ruby-core.yml‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎Manifest.txt‎
Lines changed: 1 addition & 0 deletions b/‎Manifest.txt‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎bundler/.changelog.yml‎
Lines changed: 1 addition & 1 deletion b/‎bundler/.changelog.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bundler/CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions b/‎bundler/CHANGELOG.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎bundler/lib/bundler/definition.rb‎
Lines changed: 25 additions & 49 deletions b/‎bundler/lib/bundler/definition.rb‎
Lines changed: 25 additions & 49 deletions
diff --git a/‎bundler/lib/bundler/dsl.rb‎
Lines changed: 25 additions & 38 deletions b/‎bundler/lib/bundler/dsl.rb‎
Lines changed: 25 additions & 38 deletions
diff --git a/‎bundler/lib/bundler/feature_flag.rb‎
Lines changed: 1 addition & 0 deletions b/‎bundler/lib/bundler/feature_flag.rb‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎bundler/lib/bundler/inline.rb‎
Lines changed: 0 additions & 1 deletion b/‎bundler/lib/bundler/inline.rb‎
Lines changed: 0 additions & 1 deletion
@@ -24,9 +24,9 @@ patch_level_labels:
   - "rubygems: enhancement"
   - "rubygems: bug fix"
   - "rubygems: performance"
+  - "rubygems: documentation"
   - "rubygems: backport"
 
 minor_level_labels:
   - "rubygems: deprecation"
   - "rubygems: feature"
-  - "rubygems: documentation"
@@ -46,17 +46,15 @@ jobs:
       - uses: actions/checkout@v2
         with:
           path: rubygems/rubygems
-      - name: Sync tools
+      - name: Test RubyGems
         run: |
           ruby tool/sync_default_gems.rb rubygems
-          ruby tool/sync_default_gems.rb bundler
-        working-directory: ruby/ruby
-      - name: Test RubyGems
-        run: make -j2 -s test-all TESTS="rubygems --no-retry"
+          make -j2 -s test-all TESTS="rubygems --no-retry"
         working-directory: ruby/ruby
         if: matrix.target == 'Rubygems'
       - name: Test Bundler
         run: |
+          ruby tool/sync_default_gems.rb bundler
           git checkout lib/bundler/bundler.gemspec
           git add .
           make test-bundler-parallel
 
@@ -1,3 +1,10 @@
+# 3.2.11 / 2021-02-17
+
+## Enhancements:
+
+* Optionally fallback to IPv4 when IPv6 is unreachable. Pull request #2662
+  by sonalkr132
+
 # 3.2.10 / 2021-02-15
 
 ## Documentation:
 
@@ -354,6 +354,7 @@ lib/rubygems/config_file.rb
 lib/rubygems/core_ext/kernel_gem.rb
 lib/rubygems/core_ext/kernel_require.rb
 lib/rubygems/core_ext/kernel_warn.rb
+lib/rubygems/core_ext/tcpsocket_init.rb
 lib/rubygems/defaults.rb
 lib/rubygems/dependency.rb
 lib/rubygems/dependency_installer.rb
 
@@ -22,9 +22,9 @@ patch_level_labels:
   - "bundler: enhancement"
   - "bundler: bug fix"
   - "bundler: performance"
+  - "bundler: documentation"
   - "bundler: backport"
 
 minor_level_labels:
   - "bundler: deprecation"
   - "bundler: feature"
-  - "bundler: documentation"
@@ -1,3 +1,9 @@
+# 2.2.11 (February 17, 2021)
+
+## Bug fixes:
+
+  - Revert disable_multisource changes [#4385](https://github.com/rubygems/rubygems/pull/4385)
+
 # 2.2.10 (February 15, 2021)
 
 ## Security fixes:
 
@@ -106,19 +106,6 @@ def initialize(lockfile, dependencies, sources, unlock, ruby_version = nil, opti
         @locked_platforms = []
       end
 
-      @locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
-      @disable_multisource = !Bundler.frozen_bundle? || @locked_gem_sources.none? {|s| s.remotes.size > 1 }
-
-      unless @disable_multisource
-        msg = "Your lockfile contains a single rubygems source section with multiple remotes, which is insecure. " \
-          "You should regenerate your lockfile in a non frozen environment."
-
-        Bundler::SharedHelpers.major_deprecation 2, msg
-
-        @sources.allow_multisource!
-        @locked_gem_sources.each(&:allow_multisource!)
-      end
-
       @unlock[:gems] ||= []
       @unlock[:sources] ||= []
       @unlock[:ruby] ||= if @ruby_version && locked_ruby_version_object
@@ -158,14 +145,6 @@ def gem_version_promoter
       end
     end
 
-    def disable_multisource?
-      @disable_multisource
-    end
-
-    def allow_multisource!
-      @disable_multisource = false
-    end
-
     def resolve_with_cache!
       raise "Specs already loaded" if @specs
       sources.cached!
@@ -285,7 +264,7 @@ def resolve
           # Run a resolve against the locally available gems
           Bundler.ui.debug("Found changes from the lockfile, re-resolving dependencies because #{change_reason}")
           expanded_dependencies = expand_dependencies(dependencies + metadata_dependencies, @remote)
-          Resolver.resolve(expanded_dependencies, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
+          Resolver.resolve(expanded_dependencies, index, source_requirements, last_resolve, gem_version_promoter, additional_base_requirements_for_resolve, platforms)
         end
       end
     end
@@ -551,9 +530,6 @@ def find_indexed_specs(current_spec)
     attr_reader :sources
     private :sources
 
-    attr_reader :locked_gem_sources
-    private :locked_gem_sources
-
     def nothing_changed?
       !@source_changes && !@dependency_changes && !@new_platform && !@path_changes && !@local_changes && !@locked_specs_incomplete_for_platform
     end
@@ -678,20 +654,21 @@ def converge_path_sources_to_gemspec_sources
     end
 
     def converge_rubygems_sources
-      return false if disable_multisource?
+      return false if Bundler.feature_flag.disable_multisource?
 
-      return false if locked_gem_sources.empty?
+      changes = false
 
+      # Get the RubyGems sources from the Gemfile.lock
+      locked_gem_sources = @locked_sources.select {|s| s.is_a?(Source::Rubygems) }
       # Get the RubyGems remotes from the Gemfile
       actual_remotes = sources.rubygems_remotes
-      return false if actual_remotes.empty?
-
-      changes = false
 
       # If there is a RubyGems source in both
-      locked_gem_sources.each do |locked_gem|
-        # Merge the remotes from the Gemfile into the Gemfile.lock
-        changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
+      if !locked_gem_sources.empty? && !actual_remotes.empty?
+        locked_gem_sources.each do |locked_gem|
+          # Merge the remotes from the Gemfile into the Gemfile.lock
+          changes |= locked_gem.replace_remotes(actual_remotes, Bundler.settings[:allow_deployment_source_credential_changes])
+        end
       end
 
       changes
@@ -916,18 +893,30 @@ def source_requirements
       # Record the specs available in each gem's source, so that those
       # specs will be available later when the resolver knows where to
       # look for that gemspec (or its dependencies)
-      source_requirements = { :default => sources.default_source }.merge(dependency_source_requirements)
+      default = sources.default_source
+      source_requirements = { :default => default }
+      default = nil unless Bundler.feature_flag.disable_multisource?
+      dependencies.each do |dep|
+        next unless source = dep.source || default
+        source_requirements[dep.name] = source
+      end
       metadata_dependencies.each do |dep|
         source_requirements[dep.name] = sources.metadata_source
       end
-      source_requirements[:global] = index unless disable_multisource?
       source_requirements[:default_bundler] = source_requirements["bundler"] || source_requirements[:default]
       source_requirements["bundler"] = sources.metadata_source # needs to come last to override
       source_requirements
     end
 
     def pinned_spec_names(skip = nil)
-      dependency_source_requirements.reject {|_, source| source == skip }.keys
+      pinned_names = []
+      default = Bundler.feature_flag.disable_multisource? && sources.default_source
+      @dependencies.each do |dep|
+        next unless dep_source = dep.source || default
+        next if dep_source == skip
+        pinned_names << dep.name
+      end
+      pinned_names
     end
 
     def requested_groups
@@ -984,18 +973,5 @@ def equivalent_rubygems_remotes?(source)
 
       Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes)
     end
-
-    def dependency_source_requirements
-      @dependency_source_requirements ||= begin
-        source_requirements = {}
-        default = disable_multisource? && sources.default_source
-        dependencies.each do |dep|
-          dep_source = dep.source || default
-          next unless dep_source
-          source_requirements[dep.name] = dep_source
-        end
-        source_requirements
-      end
-    end
   end
 end
@@ -24,9 +24,6 @@ def self.evaluate(gemfile, lockfile, unlock)
     def initialize
       @source               = nil
       @sources              = SourceList.new
-
-      @global_rubygems_sources = []
-
       @git_sources          = {}
       @dependencies         = []
       @groups               = []
@@ -48,7 +45,6 @@ def eval_gemfile(gemfile, contents = nil)
       @gemfiles << expanded_gemfile_path
       contents ||= Bundler.read_file(@gemfile.to_s)
       instance_eval(contents.dup.tap{|x| x.untaint if RUBY_VERSION < "2.7" }, gemfile.to_s, 1)
-      check_primary_source_safety
     rescue Exception => e # rubocop:disable Lint/RescueException
       message = "There was an error " \
         "#{e.is_a?(GemfileEvalError) ? "evaluating" : "parsing"} " \
@@ -168,7 +164,8 @@ def source(source, *args, &blk)
       elsif block_given?
         with_source(@sources.add_rubygems_source("remotes" => source), &blk)
       else
-        @global_rubygems_sources << source
+        check_primary_source_safety(@sources)
+        @sources.global_rubygems_source = source
       end
     end
 
@@ -186,14 +183,24 @@ def git_source(name, &block)
     end
 
     def path(path, options = {}, &blk)
+      unless block_given?
+        msg = "You can no longer specify a path source by itself. Instead, \n" \
+              "either use the :path option on a gem, or specify the gems that \n" \
+              "bundler should find in the path source by passing a block to \n" \
+              "the path method, like: \n\n" \
+              "    path 'dir/containing/rails' do\n" \
+              "      gem 'rails'\n" \
+              "    end\n\n"
+
+        raise DeprecatedError, msg if Bundler.feature_flag.disable_multisource?
+        SharedHelpers.major_deprecation(2, msg.strip)
+      end
+
       source_options = normalize_hash(options).merge(
         "path" => Pathname.new(path),
         "root_path" => gemfile_root,
         "gemspec" => gemspecs.find {|g| g.name == options["name"] }
       )
-
-      source_options["global"] = true unless block_given?
-
       source = @sources.add_path_source(source_options)
       with_source(source, &blk)
     end
@@ -272,11 +279,6 @@ def method_missing(name, *args)
       raise GemfileError, "Undefined local variable or method `#{name}' for Gemfile"
     end
 
-    def check_primary_source_safety
-      check_path_source_safety
-      check_rubygems_source_safety
-    end
-
     private
 
     def add_git_sources
@@ -438,40 +440,25 @@ def normalize_source(source)
       end
     end
 
-    def check_path_source_safety
-      return if @sources.global_path_source.nil?
-
-      msg = "You can no longer specify a path source by itself. Instead, \n" \
-              "either use the :path option on a gem, or specify the gems that \n" \
-              "bundler should find in the path source by passing a block to \n" \
-              "the path method, like: \n\n" \
-              "    path 'dir/containing/rails' do\n" \
-              "      gem 'rails'\n" \
-              "    end\n\n"
+    def check_primary_source_safety(source_list)
+      return if source_list.rubygems_primary_remotes.empty? && source_list.global_rubygems_source.nil?
 
-      SharedHelpers.major_deprecation(2, msg.strip)
-    end
-
-    def check_rubygems_source_safety
-      if @global_rubygems_sources.size <= 1
-        @sources.global_rubygems_source = @global_rubygems_sources.first
-        return
-      end
-
-      @global_rubygems_sources.each do |source|
-        @sources.add_rubygems_remote(source)
-      end
-
-      if Bundler.feature_flag.bundler_3_mode?
+      if Bundler.feature_flag.disable_multisource?
         msg = "This Gemfile contains multiple primary sources. " \
           "Each source after the first must include a block to indicate which gems " \
           "should come from that source"
+        unless Bundler.feature_flag.bundler_2_mode?
+          msg += ". To downgrade this error to a warning, run " \
+            "`bundle config unset disable_multisource`"
+        end
         raise GemfileEvalError, msg
       else
         Bundler::SharedHelpers.major_deprecation 2, "Your Gemfile contains multiple primary sources. " \
           "Using `source` more than once without a block is a security risk, and " \
           "may result in installing unexpected gems. To resolve this warning, use " \
-          "a block to indicate which gems should come from the secondary source."
+          "a block to indicate which gems should come from the secondary source. " \
+          "To upgrade this warning to an error, run `bundle config set --local " \
+          "disable_multisource true`."
       end
     end
 
 
@@ -32,6 +32,7 @@ def self.settings_method(name, key, &default)
     settings_flag(:cache_all) { bundler_3_mode? }
     settings_flag(:default_install_uses_path) { bundler_3_mode? }
     settings_flag(:deployment_means_frozen) { bundler_3_mode? }
+    settings_flag(:disable_multisource) { bundler_3_mode? }
     settings_flag(:forget_cli_options) { bundler_3_mode? }
     settings_flag(:global_gem_cache) { bundler_3_mode? }
     settings_flag(:only_update_to_newer_versions) { bundler_3_mode? }
 
@@ -50,7 +50,6 @@ def Bundler.root
     Bundler::Plugin.gemfile_install(&gemfile) if Bundler.feature_flag.plugins?
     builder = Bundler::Dsl.new
     builder.instance_eval(&gemfile)
-    builder.check_primary_source_safety
 
     Bundler.settings.temporary(:frozen => false) do
       definition = builder.to_definition(nil, true)