summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordrbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-09-10 00:52:14 +0000
committerdrbrain <drbrain@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-09-10 00:52:14 +0000
commitf06f90323133e2f1440cd5090a622b56994c4e65 ()
tree9eb52cdb3b8e0a8bab0c7e10b5c8cdce14762898
parent888e5cbbe7398aa814f5a0208a0fd30cfe337f3b (diff)
* lib/rubygems: Update to RubyGems 2.1.0. Fixes CVE-2013-4287.
See http://rubygems.rubyforge.org/rubygems-update/CVE-2013-4287_txt.html for CVE information. See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.1.0+%2F+2013-09-09 for release notes. * test/rubygems: Tests for the above. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@42898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r--ChangeLog12
-rw-r--r--lib/rubygems.rb4
-rw-r--r--lib/rubygems/dependency_resolver.rb8
-rw-r--r--lib/rubygems/dependency_resolver/api_specification.rb3
-rw-r--r--lib/rubygems/dependency_resolver/index_set.rb11
-rw-r--r--lib/rubygems/dependency_resolver/index_specification.rb11
-rw-r--r--lib/rubygems/dependency_resolver/installed_specification.rb4
-rw-r--r--lib/rubygems/dependency_resolver/installer_set.rb11
-rw-r--r--lib/rubygems/gemcutter_utilities.rb3
-rw-r--r--lib/rubygems/request_set.rb3
-rw-r--r--lib/rubygems/spec_fetcher.rb5
-rw-r--r--lib/rubygems/specification.rb3
-rw-r--r--lib/rubygems/test_case.rb15
-rw-r--r--lib/rubygems/version.rb2
-rw-r--r--test/rubygems/test_gem.rb17
-rw-r--r--test/rubygems/test_gem_dependency_resolver.rb21
-rw-r--r--test/rubygems/test_gem_dependency_resolver_api_specification.rb33
-rw-r--r--test/rubygems/test_gem_dependency_resolver_index_set.rb53
-rw-r--r--test/rubygems/test_gem_dependency_resolver_index_specification.rb46
-rw-r--r--test/rubygems/test_gem_dependency_resolver_installed_specification.rb19
-rw-r--r--test/rubygems/test_gem_dependency_resolver_installer_set.rb28
-rw-r--r--test/rubygems/test_gem_gemcutter_utilities.rb25
-rw-r--r--test/rubygems/test_gem_spec_fetcher.rb15
23 files changed, 313 insertions, 39 deletions
@@ -1,3 +1,15 @@
Mon Sep 9 21:31:45 2013 Tanaka Akira <[email protected]>
* process.c: Remove spaces between SI prefix and unit to follow
@@ -8,7 +8,7 @@
require 'rbconfig'
module Gem
- VERSION = '2.1.0.rc.2'
end
# Must be first since it unloads the prelude from 1.9.2
@@ -315,7 +315,7 @@ module Gem
@paths = nil
@user_home = nil
Gem::Specification.reset
- Gem::Security.reset if const_defined? :Security
end
##
@@ -79,7 +79,9 @@ class Gem::DependencyResolver
needed = nil
@needed.reverse_each do |n|
- needed = Gem::List.new(Gem::DependencyResolver::DependencyRequest.new(n, nil), needed)
end
res = resolve_for needed, nil
@@ -162,7 +164,9 @@ class Gem::DependencyResolver
# Sort them so that we try the highest versions
# first.
- possible = possible.sort_by { |s| [s.source, s.version] }
# We track the conflicts seen so that we can report them
# to help the user figure out how to fix the situation.
@@ -8,6 +8,7 @@ class Gem::DependencyResolver::APISpecification
attr_reader :dependencies
attr_reader :name
attr_reader :set # :nodoc:
attr_reader :version
@@ -15,6 +16,7 @@ class Gem::DependencyResolver::APISpecification
@set = set
@name = api_data[:name]
@version = Gem::Version.new api_data[:number]
@dependencies = api_data[:dependencies].map do |name, ver|
Gem::Dependency.new name, ver.split(/\s*,\s*/)
end
@@ -25,6 +27,7 @@ class Gem::DependencyResolver::APISpecification
@set == other.set and
@name == other.name and
@version == other.version and
@dependencies == other.dependencies
end
@@ -43,9 +43,14 @@ class Gem::DependencyResolver::IndexSet
# Called from IndexSpecification to get a true Specification
# object.
- def load_spec name, ver, source
- key = "#{name}-#{ver}"
- @specs[key] ||= source.fetch_spec(Gem::NameTuple.new(name, ver))
end
##
@@ -8,6 +8,8 @@ class Gem::DependencyResolver::IndexSpecification
attr_reader :name
attr_reader :source
attr_reader :version
@@ -39,14 +41,19 @@ class Gem::DependencyResolver::IndexSpecification
q.breakable
q.text full_name
q.breakable
- q.text ' source '
q.pp @source
end
end
def spec
- @spec ||= @set.load_spec(@name, @version, @source)
end
end
@@ -26,6 +26,10 @@ class Gem::DependencyResolver::InstalledSpecification
@spec.name
end
def source
@source ||= Gem::Source::Installed.new
end
@@ -115,9 +115,14 @@ class Gem::DependencyResolver::InstallerSet
# Called from IndexSpecification to get a true Specification
# object.
- def load_spec name, ver, source
- key = "#{name}-#{ver}"
- @specs[key] ||= source.fetch_spec Gem::NameTuple.new name, ver
end
##
@@ -77,7 +77,8 @@ module Gem::GemcutterUtilities
# Signs in with the RubyGems API at +sign_in_host+ and sets the rubygems API
# key.
- def sign_in sign_in_host = self.host
return if Gem.configuration.rubygems_api_key
pretty_host = if Gem::DEFAULT_HOST == sign_in_host then
@@ -28,7 +28,10 @@ class Gem::RequestSet
@always_install = []
@development = false
@soft_missing = false
yield self if block_given?
end
@@ -200,8 +200,11 @@ class Gem::SpecFetcher
when :released
tuples_for source, :released
when :complete
- tuples_for(source, :prerelease, true) +
tuples_for(source, :released)
when :prerelease
tuples_for(source, :prerelease)
else
@@ -34,7 +34,7 @@ class Date; end
# s.homepage = 'https://rubygems.org/gems/example'
# end
#
-# Starting in RubyGems 1.9.0, a Specification can hold arbitrary
# metadata. This metadata is accessed via Specification#metadata
# and has the following restrictions:
#
@@ -2097,7 +2097,6 @@ class Gem::Specification < Gem::BasicSpecification
# Returns an object you can use to sort specifications in #sort_by.
def sort_obj
- # TODO: this is horrible. Deprecate it.
[@name, @version, @new_platform == Gem::Platform::RUBY ? -1 : 1]
end
@@ -1097,7 +1097,11 @@ Also, a list:
class StaticSet
def initialize(specs)
- @specs = specs.sort_by { |s| s.full_name }
end
def find_spec(dep)
@@ -1110,6 +1114,15 @@ Also, a list:
@specs.find_all { |s| dep.matches_spec? s }
end
def prefetch(reqs)
end
end
@@ -147,7 +147,7 @@ class Gem::Version
# FIX: These are only used once, in .correct?. Do they deserve to be
# constants?
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
##
@@ -1183,23 +1183,28 @@ class TestGem < Gem::TestCase
def test_default_gems_use_full_paths
begin
- engine = RUBY_ENGINE
- Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, 'ruby'
refute Gem.default_gems_use_full_paths?
ensure
Object.send :remove_const, :RUBY_ENGINE
- Object.const_set :RUBY_ENGINE, engine
end
begin
- engine = RUBY_ENGINE
- Object.send :remove_const, :RUBY_ENGINE
Object.const_set :RUBY_ENGINE, 'jruby'
assert Gem.default_gems_use_full_paths?
ensure
Object.send :remove_const, :RUBY_ENGINE
- Object.const_set :RUBY_ENGINE, engine
end
end
@@ -66,6 +66,27 @@ class TestGemDependencyResolver < Gem::TestCase
assert_set [a2], res.resolve
end
def test_only_returns_spec_once
a1 = util_spec "a", "1", "c" => "= 1"
b1 = util_spec "b", "1", "c" => "= 1"
@@ -0,0 +1,33 @@
@@ -0,0 +1,53 @@
@@ -0,0 +1,46 @@
@@ -0,0 +1,19 @@
@@ -0,0 +1,28 @@
@@ -101,7 +101,7 @@ class TestGemGemcutterUtilities < Gem::TestCase
def test_sign_in_with_host
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
- util_sign_in [api_key, 200, 'OK'], 'http://example.com', :param
assert_match "Enter your http://example.com credentials.",
@sign_in_ui.output
@@ -112,6 +112,20 @@ class TestGemGemcutterUtilities < Gem::TestCase
assert_equal api_key, credentials[:rubygems_api_key]
end
def test_sign_in_with_host_ENV
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
util_sign_in [api_key, 200, 'OK'], 'http://example.com'
@@ -163,14 +177,14 @@ class TestGemGemcutterUtilities < Gem::TestCase
assert_match %r{Access Denied.}, @sign_in_ui.output
end
- def util_sign_in response, host = nil, style = :ENV
skip 'Always uses $stdin on windows' if Gem.win_platform?
email = '[email protected]'
password = 'secret'
if host
- ENV['RUBYGEMS_HOST'] = host if style == :ENV
else
host = Gem.host
end
@@ -182,8 +196,8 @@ class TestGemGemcutterUtilities < Gem::TestCase
@sign_in_ui = Gem::MockGemUi.new "#{email}\n#{password}\n"
use_ui @sign_in_ui do
- if style == :param then
- @cmd.sign_in host
else
@cmd.sign_in
end
@@ -209,4 +223,3 @@ class TestGemGemcutterUtilities < Gem::TestCase
end
end
-
@@ -168,7 +168,7 @@ class TestGemSpecFetcher < Gem::TestCase
specs, _ = @sf.available_specs(:latest)
assert_equal [@source], specs.keys
- assert_equal @latest_specs, specs[@source].sort
end
def test_available_specs_released
@@ -176,7 +176,7 @@ class TestGemSpecFetcher < Gem::TestCase
assert_equal [@source], specs.keys
- assert_equal @released, specs[@source].sort
end
def test_available_specs_complete
@@ -184,9 +184,9 @@ class TestGemSpecFetcher < Gem::TestCase
assert_equal [@source], specs.keys
- comp = @prerelease_specs + @released
- assert_equal comp.sort, specs[@source].sort
end
def test_available_specs_complete_handles_no_prerelease
@@ -197,12 +197,9 @@ class TestGemSpecFetcher < Gem::TestCase
assert_equal [@source], specs.keys
- comp = @released
-
- assert_equal comp.sort, specs[@source].sort
end
-
def test_available_specs_cache
specs, _ = @sf.available_specs(:latest)
@@ -230,7 +227,7 @@ class TestGemSpecFetcher < Gem::TestCase
def test_available_specs_prerelease
specs, _ = @sf.available_specs(:prerelease)
- assert_equal @prerelease_specs, specs[@source].sort
end
def test_available_specs_with_bad_source
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-25 00:03:45 +0000