Merge RubyGems upstream: 56c0bbb69e4506bda7ef7f447dfec5db820df20b

  It fixed the multiple vulnerabilities.
  https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 1 insertions, 11 deletions

diff --git a/lib/rubygems/requirement.rb b/lib/rubygems/requirement.rb
index 918404f2cd..34ae4b808d 100644
--- a/lib/rubygems/requirement.rb
+++ b/lib/rubygems/requirement.rb
@@ -130,7 +130,6 @@ class Gem::Requirement
       @requirements = [DefaultRequirement]
     else
       @requirements = requirements.map! { |r| self.class.parse r }
-      sort_requirements!
     end
   end
 
@@ -144,7 +143,6 @@ class Gem::Requirement
     new = new.map { |r| self.class.parse r }
 
     @requirements.concat new
-    sort_requirements!
   end
 
   ##
@@ -186,7 +184,7 @@ class Gem::Requirement
   end
 
   def hash # :nodoc:
-    requirements.hash
+    requirements.sort.hash
   end
 
   def marshal_dump # :nodoc:
@@ -295,14 +293,6 @@ class Gem::Requirement
     end
   end
 
-  def sort_requirements! # :nodoc:
-    @requirements.sort! do |l, r|
-      comp = l.last <=> r.last # first, sort by the requirement's version
-      next comp unless comp == 0
-      l.first <=> r.first # then, sort by the operator (for stability)
-    end
-  end
-
 end
 
 class Gem::Version