rubygems-update 2.4.6 → 2.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0859dfcdadf9be0170afcca83b23b0234426ef27
-  data.tar.gz: af835223a2d14abe818b559c1bcb76642dd19259
+  metadata.gz: 5957b4caef4d5ae7826a3f4ee4ea8e7174a1dde0
+  data.tar.gz: ec0b2563d1b6b07d34f3375ce857e32a928b9b4c
 SHA512:
-  metadata.gz: 07313e5435e5a114cdfbcd097bfb0c94ee5f757232c7101407eb1e40628342fa00d54a38f90491101304bfe2a403f57f8f421ca0375fb8e5c43115f291c3ca83
-  data.tar.gz: 8a13fa1ff299fd1107aaa79150e7c1fab6a6e9ed686ebd4072dc0694556b59898bc2b5d659454f09623a7047d97c7a64a6c3143ffc42ac68098a4b1f70653669
+  metadata.gz: cb03080a6d5f74eca52ee3f06b825a8b7438dc51b0a9e18107f978df09b3d2d51e17a749a6d9564acf6d63fd6ca253bf44d62664448ca8164003b9fea43a77c8
+  data.tar.gz: 937345a29ff97fa27d915d367f66df8edd56d9e0505cb84ebdb702162e8d258faf9e2babb760efe047491a7b0123c2018c9d6cf7cd0a8cadd7c3b9b478133d88

data/History.txt

@@ -1,5 +1,12 @@
 # coding: UTF-8
 
+=== 2.4.7 / 2015-05-14
+
+Bug fixes:
+
+* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
+  Fix by claudijd
+
 === 2.4.6 / 2014-02-05
 
 Bug fixes:

data/Rakefile

@@ -34,7 +34,7 @@ hoe = Hoe.spec 'rubygems-update' do
   spec_extras[:executables]               = ['update_rubygems']
 
   rdoc_locations <<
-    'docs.seattlerb.org:/data/www/docs.seattlerb.org/rubygems/'
+    'docs-push.seattlerb.org:/data/www/docs.seattlerb.org/rubygems/'
 
   clean_globs.push('**/debug.log',
                    '*.out',

data/lib/rubygems.rb

@@ -9,7 +9,7 @@ require 'rbconfig'
 require 'thread'
 
 module Gem
-  VERSION = '2.4.6'
+  VERSION = '2.4.7'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/remote_fetcher.rb

@@ -94,7 +94,13 @@ class Gem::RemoteFetcher
     rescue Resolv::ResolvError
       uri
     else
-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
+      target = res.target.to_s.strip
+
+      if /#{host}\z/ =~ target
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+      end
+
+      uri
     end
   end
 

data/test/rubygems/test_gem_remote_fetcher.rb

@@ -167,6 +167,21 @@ gems:
   end
 
   def test_api_endpoint
+    uri = URI.parse "http://example.com/foo"
+    target = MiniTest::Mock.new
+    target.expect :target, "gems.example.com"
+
+    dns = MiniTest::Mock.new
+    dns.expect :getresource, target, [String, Object]
+
+    fetch = Gem::RemoteFetcher.new nil, dns
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
+
+    target.verify
+    dns.verify
+  end
+
+  def test_api_endpoint_ignores_trans_domain_values
     uri = URI.parse "http://gems.example.com/foo"
     target = MiniTest::Mock.new
     target.expect :target, "blah.com"
@@ -175,8 +190,7 @@ gems:
     dns.expect :getresource, target, [String, Object]
 
     fetch = Gem::RemoteFetcher.new nil, dns
-    @fetcher = fetcher
-    assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
 
     target.verify
     dns.verify

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.4.6
+  version: 2.4.7
 platform: ruby
 authors:
 - Jim Weirich
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-16 00:00:00.000000000 Z
+date: 2015-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest
@@ -18,14 +18,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.4'
+        version: '5.6'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.4'
+        version: '5.6'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
@@ -535,134 +535,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby
-test_files:
-- test/rubygems/test_bundled_ca.rb
-- test/rubygems/test_config.rb
-- test/rubygems/test_deprecate.rb
-- test/rubygems/test_gem.rb
-- test/rubygems/test_gem_available_set.rb
-- test/rubygems/test_gem_command.rb
-- test/rubygems/test_gem_command_manager.rb
-- test/rubygems/test_gem_commands_build_command.rb
-- test/rubygems/test_gem_commands_cert_command.rb
-- test/rubygems/test_gem_commands_check_command.rb
-- test/rubygems/test_gem_commands_cleanup_command.rb
-- test/rubygems/test_gem_commands_contents_command.rb
-- test/rubygems/test_gem_commands_dependency_command.rb
-- test/rubygems/test_gem_commands_environment_command.rb
-- test/rubygems/test_gem_commands_fetch_command.rb
-- test/rubygems/test_gem_commands_generate_index_command.rb
-- test/rubygems/test_gem_commands_help_command.rb
-- test/rubygems/test_gem_commands_install_command.rb
-- test/rubygems/test_gem_commands_list_command.rb
-- test/rubygems/test_gem_commands_lock_command.rb
-- test/rubygems/test_gem_commands_mirror.rb
-- test/rubygems/test_gem_commands_open_command.rb
-- test/rubygems/test_gem_commands_outdated_command.rb
-- test/rubygems/test_gem_commands_owner_command.rb
-- test/rubygems/test_gem_commands_pristine_command.rb
-- test/rubygems/test_gem_commands_push_command.rb
-- test/rubygems/test_gem_commands_query_command.rb
-- test/rubygems/test_gem_commands_search_command.rb
-- test/rubygems/test_gem_commands_server_command.rb
-- test/rubygems/test_gem_commands_setup_command.rb
-- test/rubygems/test_gem_commands_sources_command.rb
-- test/rubygems/test_gem_commands_specification_command.rb
-- test/rubygems/test_gem_commands_stale_command.rb
-- test/rubygems/test_gem_commands_uninstall_command.rb
-- test/rubygems/test_gem_commands_unpack_command.rb
-- test/rubygems/test_gem_commands_update_command.rb
-- test/rubygems/test_gem_commands_which_command.rb
-- test/rubygems/test_gem_commands_yank_command.rb
-- test/rubygems/test_gem_config_file.rb
-- test/rubygems/test_gem_dependency.rb
-- test/rubygems/test_gem_dependency_installer.rb
-- test/rubygems/test_gem_dependency_list.rb
-- test/rubygems/test_gem_dependency_resolution_error.rb
-- test/rubygems/test_gem_doctor.rb
-- test/rubygems/test_gem_ext_builder.rb
-- test/rubygems/test_gem_ext_cmake_builder.rb
-- test/rubygems/test_gem_ext_configure_builder.rb
-- test/rubygems/test_gem_ext_ext_conf_builder.rb
-- test/rubygems/test_gem_ext_rake_builder.rb
-- test/rubygems/test_gem_gem_runner.rb
-- test/rubygems/test_gem_gemcutter_utilities.rb
-- test/rubygems/test_gem_impossible_dependencies_error.rb
-- test/rubygems/test_gem_indexer.rb
-- test/rubygems/test_gem_install_update_options.rb
-- test/rubygems/test_gem_installer.rb
-- test/rubygems/test_gem_local_remote_options.rb
-- test/rubygems/test_gem_name_tuple.rb
-- test/rubygems/test_gem_package.rb
-- test/rubygems/test_gem_package_old.rb
-- test/rubygems/test_gem_package_tar_header.rb
-- test/rubygems/test_gem_package_tar_reader.rb
-- test/rubygems/test_gem_package_tar_reader_entry.rb
-- test/rubygems/test_gem_package_tar_writer.rb
-- test/rubygems/test_gem_package_task.rb
-- test/rubygems/test_gem_path_support.rb
-- test/rubygems/test_gem_platform.rb
-- test/rubygems/test_gem_rdoc.rb
-- test/rubygems/test_gem_remote_fetcher.rb
-- test/rubygems/test_gem_request.rb
-- test/rubygems/test_gem_request_connection_pools.rb
-- test/rubygems/test_gem_request_set.rb
-- test/rubygems/test_gem_request_set_gem_dependency_api.rb
-- test/rubygems/test_gem_request_set_lockfile.rb
-- test/rubygems/test_gem_request_set_lockfile_parser.rb
-- test/rubygems/test_gem_request_set_lockfile_tokenizer.rb
-- test/rubygems/test_gem_requirement.rb
-- test/rubygems/test_gem_resolver.rb
-- test/rubygems/test_gem_resolver_activation_request.rb
-- test/rubygems/test_gem_resolver_api_set.rb
-- test/rubygems/test_gem_resolver_api_specification.rb
-- test/rubygems/test_gem_resolver_best_set.rb
-- test/rubygems/test_gem_resolver_composed_set.rb
-- test/rubygems/test_gem_resolver_conflict.rb
-- test/rubygems/test_gem_resolver_dependency_request.rb
-- test/rubygems/test_gem_resolver_git_set.rb
-- test/rubygems/test_gem_resolver_git_specification.rb
-- test/rubygems/test_gem_resolver_index_set.rb
-- test/rubygems/test_gem_resolver_index_specification.rb
-- test/rubygems/test_gem_resolver_installed_specification.rb
-- test/rubygems/test_gem_resolver_installer_set.rb
-- test/rubygems/test_gem_resolver_local_specification.rb
-- test/rubygems/test_gem_resolver_lock_set.rb
-- test/rubygems/test_gem_resolver_lock_specification.rb
-- test/rubygems/test_gem_resolver_requirement_list.rb
-- test/rubygems/test_gem_resolver_specification.rb
-- test/rubygems/test_gem_resolver_vendor_set.rb
-- test/rubygems/test_gem_resolver_vendor_specification.rb
-- test/rubygems/test_gem_security.rb
-- test/rubygems/test_gem_security_policy.rb
-- test/rubygems/test_gem_security_signer.rb
-- test/rubygems/test_gem_security_trust_dir.rb
-- test/rubygems/test_gem_server.rb
-- test/rubygems/test_gem_silent_ui.rb
-- test/rubygems/test_gem_source.rb
-- test/rubygems/test_gem_source_fetch_problem.rb
-- test/rubygems/test_gem_source_git.rb
-- test/rubygems/test_gem_source_installed.rb
-- test/rubygems/test_gem_source_list.rb
-- test/rubygems/test_gem_source_local.rb
-- test/rubygems/test_gem_source_lock.rb
-- test/rubygems/test_gem_source_specific_file.rb
-- test/rubygems/test_gem_source_vendor.rb
-- test/rubygems/test_gem_spec_fetcher.rb
-- test/rubygems/test_gem_specification.rb
-- test/rubygems/test_gem_stream_ui.rb
-- test/rubygems/test_gem_stub_specification.rb
-- test/rubygems/test_gem_text.rb
-- test/rubygems/test_gem_uninstaller.rb
-- test/rubygems/test_gem_unsatisfiable_dependency_error.rb
-- test/rubygems/test_gem_uri_formatter.rb
-- test/rubygems/test_gem_util.rb
-- test/rubygems/test_gem_validator.rb
-- test/rubygems/test_gem_version.rb
-- test/rubygems/test_gem_version_option.rb
-- test/rubygems/test_kernel.rb
-- test/rubygems/test_require.rb
+test_files: []