rubygems-update 2.1.0 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rubygems-update might be problematic. Click here for more details.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CVE-2013-4287.txt +2 -3
- data/History.txt +7 -0
- data/Rakefile +2 -10
- data/lib/rubygems.rb +1 -1
- data/lib/rubygems/dependency_resolver.rb +11 -1
- data/lib/rubygems/dependency_resolver/index_specification.rb +1 -1
- data/test/rubygems/test_gem_dependency_resolver.rb +25 -6
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 73a527f730a84236ed8285db2158a9d417cf8470
|
4
|
+
data.tar.gz: 0934b7ef36edb25fcbf7221f514a52ffd6da8ce4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f402bb9f16d92df351fa90f007d5342fd66d3005af8fd2649e58425f7ed78276ec09961e155a7228885b934bbf08755ba37ef99531a18d315afc0222aeda0318
|
7
|
+
data.tar.gz: ab7e72b833638746273219032aa3f088f0d6c203faf8448a5613a5ec6b5ccb7954e8bb6b5854fb2b3c4f9f1bc49bfc46480453a6d3033434be77936b3cde3757
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/CVE-2013-4287.txt
CHANGED
@@ -1,9 +1,8 @@
|
|
1
1
|
= Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
|
2
2
|
|
3
3
|
RubyGems validates versions with a regular expression that is vulnerable to
|
4
|
-
denial of service due to
|
5
|
-
|
6
|
-
consumption.
|
4
|
+
denial of service due to backtracking. For specially crafted RubyGems
|
5
|
+
versions attackers can cause denial of service through CPU consumption.
|
7
6
|
|
8
7
|
RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
|
9
8
|
|
data/History.txt
CHANGED
data/Rakefile
CHANGED
@@ -106,7 +106,7 @@ task :test => :clean_env
|
|
106
106
|
|
107
107
|
task :prerelease => [:clobber, :check_manifest, :test]
|
108
108
|
|
109
|
-
task :postrelease => [
|
109
|
+
task :postrelease => %w[upload publish_docs]
|
110
110
|
|
111
111
|
pkg_dir_path = "pkg/rubygems-update-#{hoe.version}"
|
112
112
|
task :package do
|
@@ -117,14 +117,6 @@ task :package do
|
|
117
117
|
end
|
118
118
|
end
|
119
119
|
|
120
|
-
desc "Upload release to rubyforge"
|
121
|
-
task :upload_to_rubyforge do
|
122
|
-
v = hoe.version
|
123
|
-
sh "rubyforge add_release rubygems rubygems #{v} pkg/rubygems-update-#{v}.gem"
|
124
|
-
sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.zip"
|
125
|
-
sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.tgz"
|
126
|
-
end
|
127
|
-
|
128
120
|
desc "Upload release to gemcutter S3"
|
129
121
|
task :upload_to_gemcutter do
|
130
122
|
v = hoe.version
|
@@ -132,7 +124,7 @@ task :upload_to_gemcutter do
|
|
132
124
|
end
|
133
125
|
|
134
126
|
desc "Upload release to rubyforge and gemcutter"
|
135
|
-
task :upload => [
|
127
|
+
task :upload => %w[upload_to_gemcutter]
|
136
128
|
|
137
129
|
# Misc Tasks ---------------------------------------------------------
|
138
130
|
|
data/lib/rubygems.rb
CHANGED
@@ -131,8 +131,9 @@ class Gem::DependencyResolver
|
|
131
131
|
return conflict
|
132
132
|
end
|
133
133
|
|
134
|
-
# Get a list of all specs that satisfy dep
|
134
|
+
# Get a list of all specs that satisfy dep and platform
|
135
135
|
possible = @set.find_all dep
|
136
|
+
possible = select_local_platforms possible
|
136
137
|
|
137
138
|
case possible.size
|
138
139
|
when 0
|
@@ -228,6 +229,15 @@ class Gem::DependencyResolver
|
|
228
229
|
specs
|
229
230
|
end
|
230
231
|
|
232
|
+
##
|
233
|
+
# Returns the gems in +specs+ that match the local platform.
|
234
|
+
|
235
|
+
def select_local_platforms specs # :nodoc:
|
236
|
+
specs.select do |spec|
|
237
|
+
Gem::Platform.match spec.platform
|
238
|
+
end
|
239
|
+
end
|
240
|
+
|
231
241
|
end
|
232
242
|
|
233
243
|
require 'rubygems/dependency_resolver/api_set'
|
@@ -68,23 +68,28 @@ class TestGemDependencyResolver < Gem::TestCase
|
|
68
68
|
|
69
69
|
def test_picks_best_platform
|
70
70
|
is = Gem::DependencyResolver::IndexSpecification
|
71
|
-
|
72
|
-
|
71
|
+
unknown = Gem::Platform.new 'unknown'
|
72
|
+
a2_p1 = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
73
|
+
a3_p2 = quick_spec 'a', 3 do |s| s.platform = unknown end
|
74
|
+
v2 = v(2)
|
75
|
+
v3 = v(3)
|
73
76
|
source = Gem::Source.new @gem_repo
|
74
77
|
|
75
78
|
s = set
|
76
79
|
|
77
|
-
a2
|
78
|
-
|
80
|
+
a2 = is.new s, 'a', v2, source, Gem::Platform::RUBY
|
81
|
+
a2_p1 = is.new s, 'a', v2, source, Gem::Platform.local.to_s
|
82
|
+
a3_p2 = is.new s, 'a', v3, source, unknown
|
79
83
|
|
80
|
-
s.add
|
84
|
+
s.add a3_p2
|
85
|
+
s.add a2_p1
|
81
86
|
s.add a2
|
82
87
|
|
83
88
|
ad = make_dep "a"
|
84
89
|
|
85
90
|
res = Gem::DependencyResolver.new([ad], s)
|
86
91
|
|
87
|
-
assert_set [
|
92
|
+
assert_set [a2_p1], res.resolve
|
88
93
|
end
|
89
94
|
|
90
95
|
def test_only_returns_spec_once
|
@@ -348,4 +353,18 @@ class TestGemDependencyResolver < Gem::TestCase
|
|
348
353
|
|
349
354
|
assert_set [b1, c1, d2], r.resolve
|
350
355
|
end
|
356
|
+
|
357
|
+
def test_select_local_platforms
|
358
|
+
r = Gem::DependencyResolver.new nil, nil
|
359
|
+
|
360
|
+
a1 = quick_spec 'a', 1
|
361
|
+
a1_p1 = quick_spec 'a', 1 do |s| s.platform = Gem::Platform.local end
|
362
|
+
a1_p2 = quick_spec 'a', 1 do |s| s.platform = 'unknown' end
|
363
|
+
|
364
|
+
selected = r.select_local_platforms [a1, a1_p1, a1_p2]
|
365
|
+
|
366
|
+
assert_equal [a1, a1_p1], selected
|
367
|
+
end
|
368
|
+
|
351
369
|
end
|
370
|
+
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rubygems-update
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jim Weirich
|
@@ -32,7 +32,7 @@ cert_chain:
|
|
32
32
|
KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
|
33
33
|
wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
|
34
34
|
-----END CERTIFICATE-----
|
35
|
-
date: 2013-09-
|
35
|
+
date: 2013-09-10 00:00:00.000000000 Z
|
36
36
|
dependencies:
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
38
|
name: minitest
|
metadata.gz.sig
CHANGED
Binary file
|