rubygems-update 1.8.25 → 1.8.26

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 96e012cc53e235e197d84c2d2a4eea42b89bc4e5
+  data.tar.gz: 6963749517681827506e11a24b0e7c1fb75ae347
+SHA512:
+  metadata.gz: 09a61481c125c0740fc699d29b1ee5567bb3ef6e6b7c9622f546d496b09319fcaa12282b7056d1ee961cda99739f2849114b6d81fd550f5786baf842474a0a85
+  data.tar.gz: bdb3d9f8e46d4ba2270589f7085e844c59052485a990d557e506e57ad30132e196e05684cfaf3ee0c94bfbc9ca241e927048a9961236677b6d3f94bdefedbd01

checksums.yaml.gz.sig

@@ -0,0 +1 @@
+M���#��������i1���,T,�-�^�k�Trwj�-

data.tar.gz.sig

@@ -0,0 +1,2 @@
+X�$���>X�个��FZF���(7�����G
+m���D�۰�`��~�V��T�=;G�Tv0*Y���~,���T�TH���i��N>2�p�5�W��6CR�G��znٷ-�4��4���ر���D>��˝3i��48_!S��G��|�*����s�Ͱ�Lu

data/.autotest

@@ -6,7 +6,7 @@ Gem.refresh
 require 'autotest/restart'
 
 Autotest.add_hook :initialize do |at|
-  at.testlib = 'minitest/autorun'
+  at.testlib = ''
 
   at.add_exception %r%/\.git/%
   at.add_exception %r%/\.svn/%

data/CVE-2013-4287.txt

@@ -0,0 +1,36 @@
+= Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
+
+RubyGems validates versions with a regular expression that is vulnerable to
+denial of service due to a backtracking regular expression.  For specially
+crafted RubyGems versions attackers can cause denial of service through CPU
+consumption.
+
+RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
+
+Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
+versions of RubyGems.
+
+It does not appear to be possible to exploit this vulnerability by installing a
+gem for RubyGems 1.8.x or 2.0.x.  Vulnerable uses of RubyGems API include
+packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
+sending user input to Gem::Version.new, Gem::Version.correct? or use of the
+Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
+constants.
+
+Notably, users of bundler that install gems from git are vulnerable if a
+malicious author changes the gemspec to an invalid version.
+
+The vulnerability can be fixed by changing the first grouping to an atomic
+grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb.  For
+RubyGems 2.0.x:
+
+  -  VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
+  +  VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
+
+For RubyGems 1.8.x:
+
+  -  VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
+  +  VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
+
+This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com>
+

data/History.txt

@@ -1,6 +1,19 @@
 # coding: UTF-8
 
-=== 1.8.25/ 2013-01-24
+=== 1.8.26 / 2013-09-09
+
+Security fixes:
+
+* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
+  backtracking in Gem::Version validation.  See CVE-2013-4287 for full details
+  including vulnerable APIs.  Fixed versions include 2.0.8, 1.8.26 and
+  1.8.23.1 (for Ruby 1.9.3).  Issue #626 by Damir Sharipov.
+
+Bug fixes:
+
+* Fixed editing of a Makefile with 8-bit characters.  Fixes #181
+
+=== 1.8.25 / 2013-01-24
 
 * 6 bug fixes:
 

data/Manifest.txt

@@ -1,5 +1,6 @@
 .autotest
 .document
+CVE-2013-4287.txt
 History.txt
 LICENSE.txt
 MIT.txt
@@ -164,6 +165,7 @@ test/rubygems/test_gem_dependency.rb
 test/rubygems/test_gem_dependency_installer.rb
 test/rubygems/test_gem_dependency_list.rb
 test/rubygems/test_gem_doc_manager.rb
+test/rubygems/test_gem_ext_builder.rb
 test/rubygems/test_gem_ext_configure_builder.rb
 test/rubygems/test_gem_ext_ext_conf_builder.rb
 test/rubygems/test_gem_ext_rake_builder.rb

data/Rakefile

@@ -26,6 +26,9 @@ hoe = Hoe.spec 'rubygems-update' do
   self.email          = %w[rubygems-developers@rubyforge.org]
   self.readme_file    = 'README.rdoc'
 
+  license 'Ruby'
+  license 'MIT'
+
   spec_extras[:required_rubygems_version] = Gem::Requirement.default
   spec_extras[:required_ruby_version]     = Gem::Requirement.new '>= 1.8.7'
   spec_extras[:executables]               = ['update_rubygems']
@@ -50,7 +53,9 @@ hoe = Hoe.spec 'rubygems-update' do
   extra_dev_deps << ['rcov', '~> 0.9.0']
   extra_dev_deps << ['ZenTest', '~> 4.5']
 
-  self.extra_rdoc_files = Dir["*.rdoc"]
+  self.extra_rdoc_files = Dir["*.rdoc"] + %w[
+    CVE-2013-4287.txt
+  ]
 
   spec_extras['rdoc_options'] = proc do |rdoc_options|
     rdoc_options << "--title=RubyGems #{self.version} Documentation"
@@ -65,6 +70,8 @@ hoe = Hoe.spec 'rubygems-update' do
     ENV['RAKE_SUCKS']
 end
 
+hoe.test_prelude = 'gem "minitest", "~> 4.0"'
+
 task :docs => :rake_sucks
 task :rake_sucks do
   # This exists ENTIRELY because the rake design convention of
@@ -84,7 +91,7 @@ end
 
 task :prerelease => [:clobber, :check_manifest, :test]
 
-task :postrelease => [:publish_docs, :upload]
+task :postrelease => [:upload, :publish_docs]
 
 pkg_dir_path = "pkg/rubygems-update-#{hoe.version}"
 task :package do

data/lib/rubygems.rb

@@ -121,7 +121,7 @@ require "rubygems/deprecate"
 # -The RubyGems Team
 
 module Gem
-  VERSION = '1.8.25'
+  VERSION = '1.8.26'
 
   ##
   # Raised when RubyGems is unable to load or activate a gem.  Contains the

data/lib/rubygems/ext/builder.rb

@@ -4,8 +4,18 @@
 # See LICENSE.txt for permissions.
 #++
 
+require 'thread'
+
 class Gem::Ext::Builder
 
+  ##
+  # The builder shells-out to run various commands after changing the
+  # directory.  This means multiple installations cannot be allowed to build
+  # extensions in parallel as they may change each other's directories leading
+  # to broken extensions or failed installations.
+
+  CHDIR_MUTEX = Mutex.new # :nodoc:
+
   def self.class_name
     name =~ /Ext::(.*)Builder/
     $1.downcase
@@ -16,12 +26,6 @@ class Gem::Ext::Builder
       raise Gem::InstallError, "Makefile not found:\n\n#{results.join "\n"}"
     end
 
-    mf = File.read('Makefile')
-    mf = mf.gsub(/^RUBYARCHDIR\s*=\s*\$[^$]*/, "RUBYARCHDIR = #{dest_path}")
-    mf = mf.gsub(/^RUBYLIBDIR\s*=\s*\$[^$]*/, "RUBYLIBDIR = #{dest_path}")
-
-    File.open('Makefile', 'wb') {|f| f.print mf}
-
     # try to find make program from Ruby configure arguments first
     RbConfig::CONFIG['configure_args'] =~ /with-make-prog\=(\w+)/
     make_program = $1 || ENV['make']
@@ -29,13 +33,16 @@ class Gem::Ext::Builder
       make_program = (/mswin/ =~ RUBY_PLATFORM) ? 'nmake' : 'make'
     end
 
-    ['', ' install'].each do |target|
-      cmd = "#{make_program}#{target}"
-      results << cmd
-      results << `#{cmd} #{redirector}`
+    destdir = '"DESTDIR=%s"' % ENV['DESTDIR'] if RUBY_VERSION > '2.0'
 
-      raise Gem::InstallError, "make#{target} failed:\n\n#{results}" unless
-        $?.success?
+    ['', 'install'].each do |target|
+      # Pass DESTDIR via command line to override what's in MAKEFLAGS
+      cmd = [
+        make_program,
+        destdir,
+        target
+      ].join(' ').rstrip
+      run(cmd, results, "make #{target}".rstrip)
     end
   end
 
@@ -43,12 +50,12 @@ class Gem::Ext::Builder
     '2>&1'
   end
 
-  def self.run(command, results)
+  def self.run(command, results, command_name = nil)
     results << command
     results << `#{command} #{redirector}`
 
     unless $?.success? then
-      raise Gem::InstallError, "#{class_name} failed:\n\n#{results.join "\n"}"
+      raise Gem::InstallError, "#{command_name || class_name} failed:\n\n#{results.join "\n"}"
     end
   end
 

data/lib/rubygems/ext/ext_conf_builder.rb

@@ -6,18 +6,58 @@
 
 require 'rubygems/ext/builder'
 require 'rubygems/command'
+require 'fileutils'
+require 'tempfile'
 
 class Gem::Ext::ExtConfBuilder < Gem::Ext::Builder
+  FileEntry = FileUtils::Entry_ # :nodoc:
 
   def self.build(extension, directory, dest_path, results)
-    cmd = "#{Gem.ruby} #{File.basename extension}"
-    cmd << " #{Gem::Command.build_args.join ' '}" unless Gem::Command.build_args.empty?
+    tmp_dest = Dir.mktmpdir(".gem.", ".")
 
-    run cmd, results
+    t = nil
+    Tempfile.open %w"siteconf .rb", "." do |siteconf|
+      t = siteconf
+      siteconf.puts "require 'rbconfig'"
+      siteconf.puts "dest_path = #{(tmp_dest || dest_path).dump}"
+      %w[sitearchdir sitelibdir].each do |dir|
+        siteconf.puts "RbConfig::MAKEFILE_CONFIG['#{dir}'] = dest_path"
+        siteconf.puts "RbConfig::CONFIG['#{dir}'] = dest_path"
+      end
 
-    make dest_path, results
+      siteconf.flush
+
+      rubyopt = ENV["RUBYOPT"]
+      destdir = ENV["DESTDIR"]
+
+      begin
+        ENV["RUBYOPT"] = ["-r#{siteconf.path}", rubyopt].compact.join(' ')
+        cmd = [Gem.ruby, File.basename(extension), *Gem::Command.build_args].join ' '
+
+        run cmd, results
+
+        ENV["DESTDIR"] = nil
+        ENV["RUBYOPT"] = rubyopt
+        siteconf.unlink
+
+        make dest_path, results
+
+        if tmp_dest
+          FileEntry.new(tmp_dest).traverse do |ent|
+            destent = ent.class.new(dest_path, ent.rel)
+            destent.exist? or File.rename(ent.path, destent.path)
+          end
+        end
+      ensure
+        ENV["RUBYOPT"] = rubyopt
+        ENV["DESTDIR"] = destdir
+      end
+    end
+    t.unlink if t and t.path
 
     results
+  ensure
+    FileUtils.rm_rf tmp_dest if tmp_dest
   end
 
 end

data/lib/rubygems/installer.rb

@@ -538,10 +538,12 @@ TEXT
 
 
       begin
-        Dir.chdir extension_dir do
-          results = builder.build(extension, gem_dir, dest_path, results)
+        Gem::Ext::Builder::CHDIR_MUTEX.synchronize do
+          Dir.chdir extension_dir do
+            results = builder.build(extension, gem_dir, dest_path, results)
 
-          say results.join("\n") if Gem.configuration.really_verbose
+            say results.join("\n") if Gem.configuration.really_verbose
+          end
         end
       rescue
         results = results.join "\n"

data/lib/rubygems/test_case.rb

@@ -1,5 +1,7 @@
 at_exit { $SAFE = 1 }
 
+gem 'minitest', '~> 4.0'
+
 if defined? Gem::QuickLoader
   Gem::QuickLoader.load_full_rubygems_library
 else
@@ -21,6 +23,7 @@ require 'rubygems/test_utilities'
 require 'pp'
 require 'zlib'
 require 'pathname'
+require 'shellwords'
 Gem.load_yaml
 
 require 'rubygems/mock_gem_ui'
@@ -92,6 +95,63 @@ class Gem::TestCase < MiniTest::Unit::TestCase
     refute File.exist?(path), msg
   end
 
+  def scan_make_command_lines(output)
+    output.scan(/^#{Regexp.escape make_command}(?:[[:blank:]].*)?$/)
+  end
+
+  def parse_make_command_line(line)
+    command, *args = line.shellsplit
+
+    targets = []
+    macros = {}
+
+    args.each do |arg|
+      case arg
+      when /\A(\w+)=/
+        macros[$1] = $'
+      else
+        targets << arg
+      end
+    end
+
+    targets << '' if targets.empty?
+
+    {
+      :command => command,
+      :targets => targets,
+      :macros => macros,
+    }
+  end
+
+  def assert_contains_make_command(target, output, msg = nil)
+    if output.match(/\n/)
+      msg = message(msg) {
+        'Expected output containing make command "%s": %s' % [
+          ('%s %s' % [make_command, target]).rstrip,
+          output.inspect
+        ]
+      }
+    else
+      msg = message(msg) {
+        'Expected make command "%s": %s' % [
+          ('%s %s' % [make_command, target]).rstrip,
+          output.inspect
+        ]
+      }
+    end
+
+    assert scan_make_command_lines(output).any? { |line|
+      make = parse_make_command_line(line)
+
+      if make[:targets].include?(target)
+        yield make, line if block_given?
+        true
+      else
+        false
+      end
+    }, msg
+  end
+
   include Gem::DefaultUserInteraction
 
   undef_method :default_test if instance_methods.include? 'default_test' or

data/lib/rubygems/version.rb

@@ -145,7 +145,7 @@ class Gem::Version
 
   include Comparable
 
-  VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
+  VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
   ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
 
   ##

data/test/rubygems/test_gem_ext_builder.rb

@@ -0,0 +1,58 @@
+require 'rubygems/test_case'
+require 'rubygems/ext'
+
+class TestGemExtBuilder < Gem::TestCase
+
+  def setup
+    super
+
+    @ext = File.join @tempdir, 'ext'
+    @dest_path = File.join @tempdir, 'prefix'
+
+    FileUtils.mkdir_p @ext
+    FileUtils.mkdir_p @dest_path
+
+    @orig_DESTDIR = ENV['DESTDIR']
+  end
+
+  def teardown
+    ENV['DESTDIR'] = @orig_DESTDIR
+
+    super
+  end
+
+  def test_class_make
+    ENV['DESTDIR'] = 'destination'
+    results = []
+
+    Dir.chdir @ext do
+      open 'Makefile', 'w' do |io|
+        io.puts <<-MAKEFILE
+all:
+\t@#{Gem.ruby} -e "puts %Q{all: \#{ENV['DESTDIR']}}"
+
+install:
+\t@#{Gem.ruby} -e "puts %Q{install: \#{ENV['DESTDIR']}}"
+        MAKEFILE
+      end
+
+      Gem::Ext::Builder.make @dest_path, results
+    end
+
+    results = results.join "\n"
+
+
+    if RUBY_VERSION > '2.0' then
+      assert_match %r%"DESTDIR=#{ENV['DESTDIR']}"$%,         results
+      assert_match %r%"DESTDIR=#{ENV['DESTDIR']}" install$%, results
+    else
+      refute_match %r%"DESTDIR=#{ENV['DESTDIR']}"$%,         results
+      refute_match %r%"DESTDIR=#{ENV['DESTDIR']}" install$%, results
+    end
+
+    assert_match %r%^all: destination$%,     results
+    assert_match %r%^install: destination$%, results
+  end
+
+end
+

data/test/rubygems/test_gem_ext_configure_builder.rb

@@ -30,9 +30,9 @@ class TestGemExtConfigureBuilder < Gem::TestCase
 
     assert_equal "sh ./configure --prefix=#{@dest_path}", output.shift
     assert_equal "", output.shift
-    assert_equal make_command, output.shift
+    assert_contains_make_command '', output.shift
     assert_match(/^ok$/m, output.shift)
-    assert_equal make_command + " install", output.shift
+    assert_contains_make_command 'install', output.shift
     assert_match(/^ok$/m, output.shift)
   end
 
@@ -76,8 +76,8 @@ class TestGemExtConfigureBuilder < Gem::TestCase
       Gem::Ext::ConfigureBuilder.build nil, nil, @dest_path, output
     end
 
-    assert_equal make_command, output[0]
-    assert_equal "#{make_command} install", output[2]
+    assert_contains_make_command '', output[0]
+    assert_contains_make_command 'install', output[2]
   end
 
 end

data/test/rubygems/test_gem_ext_ext_conf_builder.rb

@@ -1,3 +1,5 @@
+# coding: UTF-8
+
 require 'rubygems/test_case'
 require 'rubygems/ext'
 
@@ -25,19 +27,17 @@ class TestGemExtExtConfBuilder < Gem::TestCase
     output = []
 
     Dir.chdir @ext do
-      Gem::Ext::ExtConfBuilder.build 'extconf.rb', nil, @dest_path, output
+      result =
+        Gem::Ext::ExtConfBuilder.build 'extconf.rb', nil, @dest_path, output
+
+      assert_same result, output
     end
 
     assert_match(/^#{Gem.ruby} extconf.rb/, output[0])
     assert_equal "creating Makefile\n", output[1]
-    case RUBY_PLATFORM
-    when /mswin/ then
-      assert_equal "nmake", output[2]
-      assert_equal "nmake install", output[4]
-    else
-      assert_equal "make", output[2]
-      assert_equal "make install", output[4]
-    end
+    assert_contains_make_command '', output[2]
+    assert_contains_make_command 'install', output[4]
+    assert_empty Dir.glob(File.join(@ext, 'siteconf*.rb'))
   end
 
   def test_class_build_rbconfig_make_prog
@@ -54,8 +54,8 @@ class TestGemExtExtConfBuilder < Gem::TestCase
     end
 
     assert_equal "creating Makefile\n", output[1]
-    assert_equal make_command, output[2]
-    assert_equal "#{make_command} install", output[4]
+    assert_contains_make_command '', output[2]
+    assert_contains_make_command 'install', output[4]
   ensure
     RbConfig::CONFIG['configure_args'] = configure_args
   end
@@ -78,7 +78,7 @@ class TestGemExtExtConfBuilder < Gem::TestCase
     end
 
     assert_equal "creating Makefile\n", output[1]
-    assert_equal "anothermake", output[2]
+    assert_contains_make_command '', output[2]
   ensure
     RbConfig::CONFIG['configure_args'] = configure_args
     ENV['make'] = env_make
@@ -108,7 +108,43 @@ class TestGemExtExtConfBuilder < Gem::TestCase
 #{Gem.ruby} extconf.rb.*
 checking for main\(\) in .*?nonexistent/m, error.message)
 
-    assert_match(/^#{Gem.ruby} extconf.rb/, output[0])
+    assert_equal("#{Gem.ruby} extconf.rb", output[0])
+  end
+
+  def test_class_build_unconventional
+    if vc_windows? && !nmake_found?
+      skip("test_class_build skipped - nmake not found")
+    end
+
+    File.open File.join(@ext, 'extconf.rb'), 'w' do |extconf|
+      extconf.puts <<-'EXTCONF'
+include RbConfig
+
+ruby_exe = "#{CONFIG['RUBY_INSTALL_NAME']}#{CONFIG['EXEEXT']}"
+ruby = File.join CONFIG['bindir'], ruby_exe
+
+open 'Makefile', 'w' do |io|
+  io.write <<-Makefile
+all: ruby
+install: ruby
+
+ruby:
+\t#{ruby} -e0
+
+  Makefile
+end
+      EXTCONF
+    end
+
+    output = []
+
+    Dir.chdir @ext do
+      Gem::Ext::ExtConfBuilder.build 'extconf.rb', nil, @dest_path, output
+    end
+
+    assert_contains_make_command '', output[2]
+    assert_contains_make_command 'install', output[4]
+    assert_empty Dir.glob(File.join(@ext, 'siteconf*.rb'))
   end
 
   def test_class_make
@@ -119,6 +155,7 @@ checking for main\(\) in .*?nonexistent/m, error.message)
     output = []
     makefile_path = File.join(@ext, 'Makefile')
     File.open makefile_path, 'w' do |makefile|
+      makefile.puts "# π"
       makefile.puts "RUBYARCHDIR = $(foo)$(target_prefix)"
       makefile.puts "RUBYLIBDIR = $(bar)$(target_prefix)"
       makefile.puts "all:"
@@ -129,17 +166,8 @@ checking for main\(\) in .*?nonexistent/m, error.message)
       Gem::Ext::ExtConfBuilder.make @ext, output
     end
 
-    assert_equal make_command, output[0]
-    assert_equal "#{make_command} install", output[2]
-
-    edited_makefile = <<-EOF
-RUBYARCHDIR = #{@ext}$(target_prefix)
-RUBYLIBDIR = #{@ext}$(target_prefix)
-all:
-install:
-    EOF
-
-    assert_equal edited_makefile, File.read(makefile_path)
+    assert_contains_make_command '', output[0]
+    assert_contains_make_command 'install', output[2]
   end
 
   def test_class_make_no_Makefile

data/test/rubygems/test_gem_indexer.rb

@@ -117,6 +117,8 @@ class TestGemIndexer < Gem::TestCase
     assert_indexed @tempdir, "latest_specs.#{@marshal_version}"
     assert_indexed @tempdir, "latest_specs.#{@marshal_version}.gz"
 
+    single_quote = CGI.escapeHTML "'"
+
     expected = <<-EOF
 <?xml version=\"1.0\"?>
 <rss version=\"2.0\">
@@ -227,13 +229,13 @@ class TestGemIndexer < Gem::TestCase
       <description>
 &lt;pre&gt;This line is really, really long.  So long, in fact, that it is more than
 eighty characters long!  The purpose of this line is for testing wrapping
-behavior because sometimes people don't wrap their text to eighty characters.
+behavior because sometimes people don#{single_quote}t wrap their text to eighty characters.
 Without the wrapping, the text might not look good in the RSS feed.
 
 Also, a list:
-  * An entry that's actually kind of sort
-  * an entry that's really long, which will probably get wrapped funny.
-That's ok, somebody wasn't thinking straight when they made it more than
+  * An entry that#{single_quote}s actually kind of sort
+  * an entry that#{single_quote}s really long, which will probably get wrapped funny.
+That#{single_quote}s ok, somebody wasn#{single_quote}t thinking straight when they made it more than
 eighty characters.&lt;/pre&gt;
       </description>
       <author>example@example.com (Example), example2@example.com (Example2)</author>

data/test/rubygems/test_gem_installer.rb

@@ -1031,6 +1031,46 @@ load Gem.bin_path('a', 'executable', version)
     end
   end
 
+  def test_install_extension_flat
+    skip '1.8 mkmf.rb does not create TOUCH' if RUBY_VERSION < '1.9'
+    @spec.require_paths = ["."]
+
+    @spec.extensions << "extconf.rb"
+
+    write_file File.join(@tempdir, "extconf.rb") do |io|
+      io.write <<-RUBY
+        require "mkmf"
+
+        CONFIG['CC'] = '$(TOUCH) $@ ||'
+        CONFIG['LDSHARED'] = '$(TOUCH) $@ ||'
+
+        create_makefile("#{@spec.name}")
+      RUBY
+    end
+
+    # empty depend file for no auto dependencies
+    @spec.files += %W"depend #{@spec.name}.c".each {|file|
+      write_file File.join(@tempdir, file)
+    }
+
+    so = File.join(@gemhome, 'gems', @spec.full_name, "#{@spec.name}.#{RbConfig::CONFIG["DLEXT"]}")
+    assert !File.exist?(so)
+    use_ui @ui do
+      path = Gem::Builder.new(@spec).build
+
+      @installer = Gem::Installer.new path
+      @installer.install
+    end
+    assert File.exist?(so), so
+  rescue
+    puts '-' * 78
+    puts File.read File.join(@gemhome, 'gems', 'a-2', 'Makefile')
+    puts '-' * 78
+    puts File.read File.join(@gemhome, 'gems', 'a-2', 'gem_make.out')
+    puts '-' * 78
+    raise
+  end
+
   def test_installation_satisfies_dependency_eh
     util_setup_install
 

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 1.8.25
-  prerelease: 
+  version: 1.8.26
 platform: ruby
 authors:
 - Jim Weirich
@@ -10,45 +9,62 @@ authors:
 - Eric Hodel
 autorequire: 
 bindir: bin
-cert_chain: []
-date: 2013-01-25 00:00:00.000000000 Z
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
+  YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
+  ZXQwHhcNMTMwMjI4MDUyMjA4WhcNMTQwMjI4MDUyMjA4WjBBMRAwDgYDVQQDDAdk
+  cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
+  FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
+  LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
+  U5ddZCVywn5nnAQ+Ui7jMW54CYt5/H6f2US6U0hQOjJR6cpfiymgxGdfyTiVcvTm
+  Gj/okWrQl0NjYOYBpDi+9PPmaH2RmLJu0dB/NylsDnW5j6yN1BEI8MfJRR+HRKZY
+  mUtgzBwF1V4KIZQ8EuL6I/nHVu07i6IkrpAgxpXUfdJQJi0oZAqXurAV3yTxkFwd
+  g62YrrW26mDe+pZBzR6bpLE+PmXCzz7UxUq3AE0gPHbiMXie3EFE0oxnsU3lIduh
+  sCANiQ8BAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+  BBS5k4Z75VSpdM0AclG2UvzFA/VW5DAfBgNVHREEGDAWgRRkcmJyYWluQHNlZ21l
+  bnQ3Lm5ldDAfBgNVHRIEGDAWgRRkcmJyYWluQHNlZ21lbnQ3Lm5ldDANBgkqhkiG
+  9w0BAQUFAAOCAQEAOflo4Md5aJF//EetzXIGZ2EI5PzKWX/mMpp7cxFyDcVPtTv0
+  js/6zWrWSbd60W9Kn4ch3nYiATFKhisgeYotDDz2/pb/x1ivJn4vEvs9kYKVvbF8
+  V7MV/O5HDW8Q0pA1SljI6GzcOgejtUMxZCyyyDdbUpyAMdt9UpqTZkZ5z1sicgQk
+  5o2XJ+OhceOIUVqVh1r6DNY5tLVaGJabtBmJAYFVznDcHiSFybGKBa5n25Egql1t
+  KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
+  wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
+  -----END CERTIFICATE-----
+date: 2013-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '4.1'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '3.10'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -56,7 +72,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -64,7 +79,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: hoe-seattlerb
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -72,7 +86,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -80,7 +93,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: session
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -88,7 +100,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -96,7 +107,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rcov
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -104,7 +114,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -112,7 +121,6 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: ZenTest
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -120,7 +128,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -128,35 +135,49 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: '3.0'
-description: ! "RubyGems is a package management framework for Ruby.\n\nThis gem is
-  an update for the RubyGems software. You must have an\ninstallation of RubyGems
-  before this update can be applied.\n\nSee Gem for information on RubyGems (or `ri
-  Gem`)\n\nTo upgrade to the latest RubyGems, run:\n\n  $ gem update --system  # you
-  might need to be an administrator or root\n\nSee UPGRADING.rdoc for more details
-  and alternative instructions.\n\n-----\n\nIf you don't have RubyGems installed,
-  your can still do it manually:\n\n* Download from: https://rubygems.org/pages/download\n*
-  Unpack into a directory and cd there\n* Install with: ruby setup.rb  # you may need
-  admin/root privilege\n\nFor more details and other options, see:\n\n  ruby setup.rb
-  --help"
+        version: '3.7'
+description: |-
+  RubyGems is a package management framework for Ruby.
+
+  This gem is an update for the RubyGems software. You must have an
+  installation of RubyGems before this update can be applied.
+
+  See Gem for information on RubyGems (or `ri Gem`)
+
+  To upgrade to the latest RubyGems, run:
+
+    $ gem update --system  # you might need to be an administrator or root
+
+  See UPGRADING.rdoc for more details and alternative instructions.
+
+  -----
+
+  If you don't have RubyGems installed, your can still do it manually:
+
+  * Download from: https://rubygems.org/pages/download
+  * Unpack into a directory and cd there
+  * Install with: ruby setup.rb  # you may need admin/root privilege
+
+  For more details and other options, see:
+
+    ruby setup.rb --help
 email:
 - rubygems-developers@rubyforge.org
 executables:
 - update_rubygems
 extensions: []
 extra_rdoc_files:
+- CVE-2013-4287.txt
 - History.txt
 - LICENSE.txt
 - MIT.txt
@@ -167,6 +188,7 @@ extra_rdoc_files:
 files:
 - .autotest
 - .document
+- CVE-2013-4287.txt
 - History.txt
 - LICENSE.txt
 - MIT.txt
@@ -331,6 +353,7 @@ files:
 - test/rubygems/test_gem_dependency_installer.rb
 - test/rubygems/test_gem_dependency_list.rb
 - test/rubygems/test_gem_doc_manager.rb
+- test/rubygems/test_gem_ext_builder.rb
 - test/rubygems/test_gem_ext_configure_builder.rb
 - test/rubygems/test_gem_ext_ext_conf_builder.rb
 - test/rubygems/test_gem_ext_rake_builder.rb
@@ -369,31 +392,32 @@ files:
 - util/CL2notes
 - .gemtest
 homepage: http://rubygems.org
-licenses: []
+licenses:
+- Ruby
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options:
 - --main
 - README.rdoc
-- --title=RubyGems 1.8.25 Documentation
+- --title=RubyGems 1.8.26 Documentation
 require_paths:
 - hide_lib_for_update
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: rubygems
-rubygems_version: 1.8.24
+rubygems_version: 2.1.0
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: RubyGems is a package management framework for Ruby
 test_files:
 - test/rubygems/test_config.rb
@@ -432,6 +456,7 @@ test_files:
 - test/rubygems/test_gem_dependency_installer.rb
 - test/rubygems/test_gem_dependency_list.rb
 - test/rubygems/test_gem_doc_manager.rb
+- test/rubygems/test_gem_ext_builder.rb
 - test/rubygems/test_gem_ext_configure_builder.rb
 - test/rubygems/test_gem_ext_ext_conf_builder.rb
 - test/rubygems/test_gem_ext_rake_builder.rb