RubyGems - rubygems-update - Versions diffs - 2.1.0 → 2.1.1 - Mend

rubygems-update 2.1.0 → 2.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of rubygems-update might be problematic. Click here for more details.

Files changed (12) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/CVE-2013-4287.txt +2 -3
data/History.txt +7 -0
data/Rakefile +2 -10
data/lib/rubygems.rb +1 -1
data/lib/rubygems/dependency_resolver.rb +11 -1
data/lib/rubygems/dependency_resolver/index_specification.rb +1 -1
data/test/rubygems/test_gem_dependency_resolver.rb +25 -6
metadata +2 -2
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55bcc2565aada10c6c7710d6e7838ea85f6c1f94
-  data.tar.gz: c20b2a65ba400f0f6d870f0337d48982d61e25cf
+  metadata.gz: 73a527f730a84236ed8285db2158a9d417cf8470
+  data.tar.gz: 0934b7ef36edb25fcbf7221f514a52ffd6da8ce4
 SHA512:
-  metadata.gz: d3d07022f951f289b684e8591b2f5d3aa5f0db7246f04169424f5641f559ce1dad1d78ed6e83c0e29871c71284609ebefda43a9f98ba5bb43b8711af0446ff88
-  data.tar.gz: d1a3cb1b550833963887bd2701a6daabf9f8c7d0b5bedd5dc14146fe00f6e4829ab087d90b1ddef33cdf8d6ab67e4ea3f76489f75bcd3973c1c56e9fbfe8219f
+  metadata.gz: f402bb9f16d92df351fa90f007d5342fd66d3005af8fd2649e58425f7ed78276ec09961e155a7228885b934bbf08755ba37ef99531a18d315afc0222aeda0318
+  data.tar.gz: ab7e72b833638746273219032aa3f088f0d6c203faf8448a5613a5ec6b5ccb7954e8bb6b5854fb2b3c4f9f1bc49bfc46480453a6d3033434be77936b3cde3757

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

Binary file

data/CVE-2013-4287.txt CHANGED

@@ -1,9 +1,8 @@
 = Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
 RubyGems validates versions with a regular expression that is vulnerable to
-denial of service due to a backtracking regular expression.  For specially
-crafted RubyGems versions attackers can cause denial of service through CPU
-consumption.
+denial of service due to backtracking.  For specially crafted RubyGems
+versions attackers can cause denial of service through CPU consumption.
 RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.

data/History.txt CHANGED

@@ -1,5 +1,12 @@
 # coding: UTF-8
+=== 2.1.1 / 2013-09-10
+Bug fixes:
+* Only matching gems matching your local platform are considered for
+  installation.  Issue #638 by José M. Prieto, issue #639 by sawanoboly.
 === 2.1.0 / 2013-09-09
 Security fixes:

data/Rakefile CHANGED

@@ -106,7 +106,7 @@ task :test => :clean_env
 task :prerelease => [:clobber, :check_manifest, :test]
-task :postrelease => [:publish_docs, :upload]
+task :postrelease => %w[upload publish_docs]
 pkg_dir_path = "pkg/rubygems-update-#{hoe.version}"
 task :package do
@@ -117,14 +117,6 @@ task :package do
   end
 end
-desc "Upload release to rubyforge"
-task :upload_to_rubyforge do
-  v = hoe.version
-  sh "rubyforge add_release rubygems rubygems #{v} pkg/rubygems-update-#{v}.gem"
-  sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.zip"
-  sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.tgz"
-end
 desc "Upload release to gemcutter S3"
 task :upload_to_gemcutter do
   v = hoe.version
@@ -132,7 +124,7 @@ task :upload_to_gemcutter do
 end
 desc "Upload release to rubyforge and gemcutter"
-task :upload => [:upload_to_rubyforge, :upload_to_gemcutter]
+task :upload => %w[upload_to_gemcutter]
 # Misc Tasks ---------------------------------------------------------

data/lib/rubygems.rb CHANGED

@@ -8,7 +8,7 @@
 require 'rbconfig'
 module Gem
-  VERSION = '2.1.0'
+  VERSION = '2.1.1'
 end
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/dependency_resolver.rb CHANGED

@@ -131,8 +131,9 @@ class Gem::DependencyResolver
         return conflict
       end
-      # Get a list of all specs that satisfy dep
+      # Get a list of all specs that satisfy dep and platform
       possible = @set.find_all dep
+      possible = select_local_platforms possible
       case possible.size
       when 0
@@ -228,6 +229,15 @@ class Gem::DependencyResolver
     specs
   end
+  ##
+  # Returns the gems in +specs+ that match the local platform.
+  def select_local_platforms specs # :nodoc:
+    specs.select do |spec|
+      Gem::Platform.match spec.platform
+    end
+  end
 end
 require 'rubygems/dependency_resolver/api_set'

data/lib/rubygems/dependency_resolver/index_specification.rb CHANGED

@@ -43,7 +43,7 @@ class Gem::DependencyResolver::IndexSpecification
       unless Gem::Platform::RUBY == @platform then
         q.breakable
-        q.text @platform
+        q.text @platform.to_s
       end
       q.breakable

data/test/rubygems/test_gem_dependency_resolver.rb CHANGED

@@ -68,23 +68,28 @@ class TestGemDependencyResolver < Gem::TestCase
   def test_picks_best_platform
     is = Gem::DependencyResolver::IndexSpecification
-    a2_p = quick_spec 'a' do |s| s.platform = Gem::Platform.local end
-    version = Gem::Version.new 2
+    unknown = Gem::Platform.new 'unknown'
+    a2_p1 = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
+    a3_p2 = quick_spec 'a', 3 do |s| s.platform = unknown end
+    v2 = v(2)
+    v3 = v(3)
     source = Gem::Source.new @gem_repo
     s = set
-    a2   = is.new s, 'a', version, source, Gem::Platform::RUBY
-    a2_p = is.new s, 'a', version, source, Gem::Platform.local.to_s
+    a2    = is.new s, 'a', v2, source, Gem::Platform::RUBY
+    a2_p1 = is.new s, 'a', v2, source, Gem::Platform.local.to_s
+    a3_p2 = is.new s, 'a', v3, source, unknown
-    s.add a2_p
+    s.add a3_p2
+    s.add a2_p1
     s.add a2
     ad = make_dep "a"
     res = Gem::DependencyResolver.new([ad], s)
-    assert_set [a2_p], res.resolve
+    assert_set [a2_p1], res.resolve
   end
   def test_only_returns_spec_once
@@ -348,4 +353,18 @@ class TestGemDependencyResolver < Gem::TestCase
     assert_set [b1, c1, d2], r.resolve
   end
+  def test_select_local_platforms
+    r = Gem::DependencyResolver.new nil, nil
+    a1    = quick_spec 'a', 1
+    a1_p1 = quick_spec 'a', 1 do |s| s.platform = Gem::Platform.local end
+    a1_p2 = quick_spec 'a', 1 do |s| s.platform = 'unknown'           end
+    selected = r.select_local_platforms [a1, a1_p1, a1_p2]
+    assert_equal [a1, a1_p1], selected
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Jim Weirich
@@ -32,7 +32,7 @@ cert_chain:
   KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
   wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
   -----END CERTIFICATE-----
-date: 2013-09-09 00:00:00.000000000 Z
+date: 2013-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest

metadata.gz.sig CHANGED

Binary file