RubyGems - rubygems-update - Versions diffs - 2.0.15 → 2.0.16 - Mend

rubygems-update 2.0.15 → 2.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (6) hide show

checksums.yaml +4 -4
data/History.txt +7 -0
data/lib/rubygems.rb +1 -1
data/lib/rubygems/remote_fetcher.rb +7 -1
data/test/rubygems/test_gem_remote_fetcher.rb +17 -2
metadata +37 -111

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b4775dabfae0ef7de44b6438d76446a7880ca4c6
-  data.tar.gz: 510bd734392de9ffac798d6fed2f6f172a89277a
+  metadata.gz: a73bcbd4fbbd72da068f225bc86a61ba6e7ee981
+  data.tar.gz: ab58dc5df51e0735110298073c0780cd855c5d99
 SHA512:
-  metadata.gz: ed05c2af4e670d615e46e646546b6d1621c81d933bac9bd28e3f9203b9c7cfbc04f8f0b88b309349395d76ee642751a212bd28a13b89fb96c8b0b745adf578d0
-  data.tar.gz: 36124f17c87851fe53e8e97a3675c5371d9889685789f44f8a691ce656fb2ff9db874bd879dd55786159d27ebe21cfd54225e04e9cab3b4ba9dfe44cdb2821ba
+  metadata.gz: 40308a04d1211aef0db6578595838f31c9649bef3e1ccabbbf9ddebfbcce5f61401d6986465f7055b7c821f3330ddd351d06962f1b50d0a567843e11218438bc
+  data.tar.gz: 9c265d4e0c4093e4e44ee0e4e676b3db15ae28fff711e5ffc650fca99eb707f7cb8f49040080b901b2ba4ba3ea16df43f9008ef3caec8fbc9c745d5adefc1b77

data/History.txt CHANGED

@@ -1,5 +1,12 @@
 # coding: UTF-8
+=== 2.0.16 / 2015-05-14
+Bug fixes:
+* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
+  Fix by claudijd
 === 2.0.15 / 2014-12-21
 Bug fixes:

data/lib/rubygems.rb CHANGED

@@ -8,7 +8,7 @@
 require 'rbconfig'
 module Gem
-  VERSION = '2.0.15'
+  VERSION = '2.0.16'
 end
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/remote_fetcher.rb CHANGED

@@ -103,7 +103,13 @@ class Gem::RemoteFetcher
     rescue Resolv::ResolvError
       uri
     else
-      URI.parse "#{res.target}#{uri.path}"
+      target = res.target.to_s.strip
+      if /#{host}\z/ =~ target
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+      end
+      uri
     end
   end

data/test/rubygems/test_gem_remote_fetcher.rb CHANGED

@@ -177,15 +177,30 @@ gems:
   end
   def test_api_endpoint
+    uri = URI.parse "http://example.com/foo"
+    target = MiniTest::Mock.new
+    target.expect :target, "gems.example.com"
+    dns = MiniTest::Mock.new
+    dns.expect :getresource, target, [String, Object]
+    fetch = Gem::RemoteFetcher.new nil, dns
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
+    target.verify
+    dns.verify
+  end
+  def test_api_endpoint_ignores_trans_domain_values
     uri = URI.parse "http://gems.example.com/foo"
     target = MiniTest::Mock.new
-    target.expect :target, "http://blah.com"
+    target.expect :target, "blah.com"
     dns = MiniTest::Mock.new
     dns.expect :getresource, target, [String, Object]
     fetch = Gem::RemoteFetcher.new nil, dns
-    assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
     target.verify
     dns.verify

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.0.15
+  version: 2.0.16
 platform: ruby
 authors:
 - Jim Weirich
@@ -10,90 +10,104 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-21 00:00:00.000000000 Z
+date: 2015-05-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5.4'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.1'
 - !ruby/object:Gem::Dependency
   name: hoe-seattlerb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: ZenTest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.9.3
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.13'
 description: |-
@@ -137,9 +151,9 @@ extra_rdoc_files:
 - UPGRADING.rdoc
 - hide_lib_for_update/note.txt
 files:
-- ".autotest"
-- ".document"
-- ".gemtest"
+- .autotest
+- .document
+- .gemtest
 - CVE-2013-4287.txt
 - CVE-2013-4363.txt
 - History.txt
@@ -407,113 +421,25 @@ licenses:
 metadata: {}
 post_install_message:
 rdoc_options:
-- "--main"
+- --main
 - README.rdoc
-- "--title=RubyGems Update Documentation"
+- --title=RubyGems Update Documentation
 require_paths:
 - hide_lib_for_update
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.2
 signing_key:
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby
-test_files:
-- test/rubygems/test_bundled_ca.rb
-- test/rubygems/test_config.rb
-- test/rubygems/test_deprecate.rb
-- test/rubygems/test_gem.rb
-- test/rubygems/test_gem_available_set.rb
-- test/rubygems/test_gem_command.rb
-- test/rubygems/test_gem_command_manager.rb
-- test/rubygems/test_gem_commands_build_command.rb
-- test/rubygems/test_gem_commands_cert_command.rb
-- test/rubygems/test_gem_commands_check_command.rb
-- test/rubygems/test_gem_commands_cleanup_command.rb
-- test/rubygems/test_gem_commands_contents_command.rb
-- test/rubygems/test_gem_commands_dependency_command.rb
-- test/rubygems/test_gem_commands_environment_command.rb
-- test/rubygems/test_gem_commands_fetch_command.rb
-- test/rubygems/test_gem_commands_generate_index_command.rb
-- test/rubygems/test_gem_commands_help_command.rb
-- test/rubygems/test_gem_commands_install_command.rb
-- test/rubygems/test_gem_commands_list_command.rb
-- test/rubygems/test_gem_commands_lock_command.rb
-- test/rubygems/test_gem_commands_mirror.rb
-- test/rubygems/test_gem_commands_outdated_command.rb
-- test/rubygems/test_gem_commands_owner_command.rb
-- test/rubygems/test_gem_commands_pristine_command.rb
-- test/rubygems/test_gem_commands_push_command.rb
-- test/rubygems/test_gem_commands_query_command.rb
-- test/rubygems/test_gem_commands_search_command.rb
-- test/rubygems/test_gem_commands_server_command.rb
-- test/rubygems/test_gem_commands_setup_command.rb
-- test/rubygems/test_gem_commands_sources_command.rb
-- test/rubygems/test_gem_commands_specification_command.rb
-- test/rubygems/test_gem_commands_stale_command.rb
-- test/rubygems/test_gem_commands_uninstall_command.rb
-- test/rubygems/test_gem_commands_unpack_command.rb
-- test/rubygems/test_gem_commands_update_command.rb
-- test/rubygems/test_gem_commands_which_command.rb
-- test/rubygems/test_gem_commands_yank_command.rb
-- test/rubygems/test_gem_config_file.rb
-- test/rubygems/test_gem_dependency.rb
-- test/rubygems/test_gem_dependency_installer.rb
-- test/rubygems/test_gem_dependency_list.rb
-- test/rubygems/test_gem_dependency_resolver.rb
-- test/rubygems/test_gem_doctor.rb
-- test/rubygems/test_gem_ext_builder.rb
-- test/rubygems/test_gem_ext_cmake_builder.rb
-- test/rubygems/test_gem_ext_configure_builder.rb
-- test/rubygems/test_gem_ext_ext_conf_builder.rb
-- test/rubygems/test_gem_ext_rake_builder.rb
-- test/rubygems/test_gem_gem_runner.rb
-- test/rubygems/test_gem_gemcutter_utilities.rb
-- test/rubygems/test_gem_indexer.rb
-- test/rubygems/test_gem_install_update_options.rb
-- test/rubygems/test_gem_installer.rb
-- test/rubygems/test_gem_local_remote_options.rb
-- test/rubygems/test_gem_name_tuple.rb
-- test/rubygems/test_gem_package.rb
-- test/rubygems/test_gem_package_old.rb
-- test/rubygems/test_gem_package_tar_header.rb
-- test/rubygems/test_gem_package_tar_reader.rb
-- test/rubygems/test_gem_package_tar_reader_entry.rb
-- test/rubygems/test_gem_package_tar_writer.rb
-- test/rubygems/test_gem_package_task.rb
-- test/rubygems/test_gem_path_support.rb
-- test/rubygems/test_gem_platform.rb
-- test/rubygems/test_gem_rdoc.rb
-- test/rubygems/test_gem_remote_fetcher.rb
-- test/rubygems/test_gem_request_set.rb
-- test/rubygems/test_gem_requirement.rb
-- test/rubygems/test_gem_security.rb
-- test/rubygems/test_gem_security_policy.rb
-- test/rubygems/test_gem_security_signer.rb
-- test/rubygems/test_gem_security_trust_dir.rb
-- test/rubygems/test_gem_server.rb
-- test/rubygems/test_gem_silent_ui.rb
-- test/rubygems/test_gem_source.rb
-- test/rubygems/test_gem_source_list.rb
-- test/rubygems/test_gem_source_local.rb
-- test/rubygems/test_gem_source_specific_file.rb
-- test/rubygems/test_gem_spec_fetcher.rb
-- test/rubygems/test_gem_specification.rb
-- test/rubygems/test_gem_stream_ui.rb
-- test/rubygems/test_gem_text.rb
-- test/rubygems/test_gem_uninstaller.rb
-- test/rubygems/test_gem_validator.rb
-- test/rubygems/test_gem_version.rb
-- test/rubygems/test_gem_version_option.rb
-- test/rubygems/test_kernel.rb
-- test/rubygems/test_require.rb
+test_files: []