rubygems-update 3.4.18 → 3.4.20

data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.lock

@@ -13,9 +13,9 @@ dependencies = [
 
 [[package]]
 name = "bindgen"
-version = "0.60.1"
+version = "0.66.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6"
+checksum = "f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7"
 dependencies = [
  "bitflags",
  "cexpr",
@@ -28,13 +28,14 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
+ "syn",
 ]
 
 [[package]]
 name = "bitflags"
-version = "1.3.2"
+version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42"
 
 [[package]]
 name = "cexpr"
@@ -133,40 +134,44 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.47"
+version = "1.0.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725"
+checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.21"
+version = "1.0.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbe448f377a7d6961e30f5955f9b8d106c3f5e449d493ee1b125c1d43c2b5179"
+checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965"
 dependencies = [
  "proc-macro2",
 ]
 
 [[package]]
 name = "rb-sys"
-version = "0.9.54"
+version = "0.9.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b3277448b8eee18de8bedb18883ae02dcd60d47922ddfc6ab408def77da0a9b4"
+checksum = "a57240b308b155b09dce81e32829966a99f52d1088b45957e4283e526c5317a1"
 dependencies = [
  "rb-sys-build",
 ]
 
 [[package]]
 name = "rb-sys-build"
-version = "0.9.54"
+version = "0.9.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9baae802c93180af02cccb21819589d109070f8e28e14e7070a9ffdeca9b464"
+checksum = "f24ce877a4c5d07f06f6aa6fec3ac95e4b357b9f73b0f5445d8cbb7266d410e8"
 dependencies = [
  "bindgen",
+ "lazy_static",
+ "proc-macro2",
+ "quote",
  "regex",
  "shell-words",
+ "syn",
 ]
 
 [[package]]
@@ -204,6 +209,17 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
 
+[[package]]
+name = "syn"
+version = "2.0.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.5"

data/test/rubygems/test_gem_ext_cargo_builder/custom_name/ext/custom_name_lib/Cargo.toml

@@ -7,4 +7,4 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-rb-sys = "0.9.54"
+rb-sys = "0.9.81"

data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.lock

@@ -13,9 +13,9 @@ dependencies = [
 
 [[package]]
 name = "bindgen"
-version = "0.60.1"
+version = "0.66.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "062dddbc1ba4aca46de6338e2bf87771414c335f7b2f2036e8f3e9befebf88e6"
+checksum = "f2b84e06fc203107bfbad243f4aba2af864eb7db3b1cf46ea0a023b0b433d2a7"
 dependencies = [
  "bitflags",
  "cexpr",
@@ -28,13 +28,14 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
+ "syn",
 ]
 
 [[package]]
 name = "bitflags"
-version = "1.3.2"
+version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42"
 
 [[package]]
 name = "cexpr"
@@ -126,39 +127,40 @@ checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.47"
+version = "1.0.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725"
+checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
 dependencies = [
  "unicode-ident",
 ]
 
 [[package]]
 name = "quote"
-version = "1.0.23"
+version = "1.0.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b"
+checksum = "50f3b39ccfb720540debaa0164757101c08ecb8d326b15358ce76a62c7e85965"
 dependencies = [
  "proc-macro2",
 ]
 
 [[package]]
 name = "rb-sys"
-version = "0.9.65"
+version = "0.9.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e8fe617bad8e88fd7e5d6f432e35f09e5f94144dfb8e8ee4adde82fb920dc59b"
+checksum = "a57240b308b155b09dce81e32829966a99f52d1088b45957e4283e526c5317a1"
 dependencies = [
  "rb-sys-build",
 ]
 
 [[package]]
 name = "rb-sys-build"
-version = "0.9.65"
+version = "0.9.81"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "007e63597f91c711cbb299e60fecbdb6f5ad4a066d6a20c81943893f1584c895"
+checksum = "f24ce877a4c5d07f06f6aa6fec3ac95e4b357b9f73b0f5445d8cbb7266d410e8"
 dependencies = [
  "bindgen",
  "lazy_static",
+ "proc-macro2",
  "quote",
  "regex",
  "shell-words",
@@ -209,9 +211,9 @@ checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3"
 
 [[package]]
 name = "syn"
-version = "1.0.107"
+version = "2.0.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5"
+checksum = "04361975b3f5e348b2189d8dc55bc942f278b2d482a6a0365de5bdd62d351567"
 dependencies = [
  "proc-macro2",
  "quote",

data/test/rubygems/test_gem_ext_cargo_builder/rust_ruby_example/Cargo.toml

@@ -7,4 +7,4 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-rb-sys = "0.9.65"
+rb-sys = "0.9.81"

data/test/rubygems/test_gem_indexer.rb

@@ -10,7 +10,7 @@ class TestGemIndexer < Gem::TestCase
     util_make_gems
 
     @d2_0 = util_spec "d", "2.0" do |s|
-      s.date = Gem::Specification::TODAY - 86400 * 3
+      s.date = Gem::Specification::TODAY - 86_400 * 3
     end
     util_build_gem @d2_0
 

data/test/rubygems/test_gem_package.rb

@@ -573,6 +573,32 @@ class TestGemPackage < Gem::Package::TarTestCase
                  File.read(extracted)
   end
 
+  def test_extract_symlink_into_symlink_dir
+    package = Gem::Package.new @gem
+    tgz_io = util_tar_gz do |tar|
+      tar.mkdir       "lib", 0o755
+      tar.add_symlink "lib/link", "./inside.rb", 0o644
+      tar.add_file    "lib/inside.rb", 0o644 do |io|
+        io.write "hi"
+      end
+    end
+
+    destination_subdir = File.join @destination, "subdir"
+    FileUtils.mkdir_p destination_subdir
+
+    destination_linkdir = File.join @destination, "linkdir"
+    File.symlink(destination_subdir, destination_linkdir)
+
+    package.extract_tar_gz tgz_io, destination_linkdir
+
+    extracted = File.join destination_subdir, "lib/link"
+    assert_path_exist extracted
+    assert_equal "./inside.rb",
+                 File.readlink(extracted)
+    assert_equal "hi",
+                 File.read(extracted)
+  end
+
   def test_extract_tar_gz_symlink_broken_relative_path
     package = Gem::Package.new @gem
     package.verify
@@ -642,8 +668,8 @@ class TestGemPackage < Gem::Package::TarTestCase
     pend "TMPDIR seems too long to add it as symlink into tar" if destination_user_dir.size > 90
 
     tgz_io = util_tar_gz do |tar|
-      tar.add_symlink "link", destination_user_dir, 16877
-      tar.add_symlink "link/dir", ".", 16877
+      tar.add_symlink "link", destination_user_dir, 16_877
+      tar.add_symlink "link/dir", ".", 16_877
     end
 
     expected_exceptions = win_platform? ? [Gem::Package::SymlinkError, Errno::EACCES] : [Gem::Package::SymlinkError]
@@ -943,6 +969,95 @@ class TestGemPackage < Gem::Package::TarTestCase
     tf.close!
   end
 
+  def test_verify_corrupt_tar_metadata_entry
+    gem = tar_file_header("metadata.gz", "", 0, 999, Time.now)
+
+    File.open "corrupt.gem", "wb" do |io|
+      io.write gem
+    end
+
+    package = Gem::Package.new "corrupt.gem"
+
+    e = nil
+    out_err = capture_output do
+      e = assert_raise Gem::Package::FormatError do
+        package.verify
+      end
+    end
+
+    assert_match(/(EOFError|end of file reached) in corrupt.gem/i, e.message)
+    assert_equal(["", "Exception while verifying corrupt.gem\n"], out_err)
+  end
+
+  def test_verify_corrupt_tar_checksums_entry
+    gem = tar_file_header("checksums.yaml.gz", "", 0, 100, Time.now)
+
+    File.open "corrupt.gem", "wb" do |io|
+      io.write gem
+    end
+
+    package = Gem::Package.new "corrupt.gem"
+
+    e = assert_raise Gem::Package::FormatError do
+      package.verify
+    end
+
+    assert_equal "not in gzip format in corrupt.gem", e.message
+  end
+
+  def test_verify_corrupt_tar_data_entry
+    gem = tar_file_header("data.tar.gz", "", 0, 100, Time.now)
+
+    File.open "corrupt.gem", "wb" do |io|
+      io.write gem
+    end
+
+    package = Gem::Package.new "corrupt.gem"
+
+    e = nil
+    out_err = capture_output do
+      e = assert_raise Gem::Package::FormatError do
+        package.verify
+      end
+    end
+
+    assert_match(/(EOFError|end of file reached) in corrupt.gem/i, e.message)
+    assert_equal(["", "Exception while verifying corrupt.gem\n"], out_err)
+  end
+
+  def test_corrupt_data_tar_gz
+    data_tgz = util_gzip tar_file_header("lib/code.rb", "", 0, 100, Time.now)
+    metadata_gz = util_gzip @spec.to_yaml
+
+    gem = util_tar do |tar|
+      tar.add_file "data.tar.gz", 0o444 do |io|
+        io.write data_tgz
+      end
+
+      tar.add_file "metadata.gz", 0o644 do |io|
+        io.write metadata_gz
+      end
+    end
+
+    File.open "corrupt.gem", "wb" do |io|
+      io.write gem.string
+    end
+
+    package = Gem::Package.new "corrupt.gem"
+
+    e = assert_raise Gem::Package::FormatError do
+      package.contents
+    end
+
+    assert_match(/(EOFError|end of file reached) in corrupt.gem/i, e.message)
+
+    e = assert_raise Gem::Package::FormatError do
+      package.extract_files @destination
+    end
+
+    assert_match(/(EOFError|end of file reached) in corrupt.gem/i, e.message)
+  end
+
   def test_verify_empty
     FileUtils.touch "empty.gem"
 

data/test/rubygems/test_gem_package_tar_header.rb

@@ -11,9 +11,9 @@ class TestGemPackageTarHeader < Gem::Package::TarTestCase
       :name => "x",
       :mode => 0644,
       :uid => 1000,
-      :gid => 10000,
+      :gid => 10_000,
       :size => 100,
-      :mtime => 12345,
+      :mtime => 12_345,
       :typeflag => "0",
       :linkname => "link",
       :uname => "user",
@@ -40,12 +40,12 @@ class TestGemPackageTarHeader < Gem::Package::TarTestCase
     assert_equal "",      @tar_header.checksum, "checksum"
     assert_equal 1,       @tar_header.devmajor, "devmajor"
     assert_equal 2,       @tar_header.devminor, "devminor"
-    assert_equal 10000,   @tar_header.gid,      "gid"
+    assert_equal 10_000, @tar_header.gid, "gid"
     assert_equal "group", @tar_header.gname,    "gname"
     assert_equal "link",  @tar_header.linkname, "linkname"
     assert_equal "ustar", @tar_header.magic,    "magic"
     assert_equal 0644,    @tar_header.mode,     "mode"
-    assert_equal 12345,   @tar_header.mtime,    "mtime"
+    assert_equal 12_345, @tar_header.mtime, "mtime"
     assert_equal "x",     @tar_header.name,     "name"
     assert_equal "y",     @tar_header.prefix,   "prefix"
     assert_equal 100,     @tar_header.size,     "size"
@@ -195,13 +195,13 @@ tjmather\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
 
     tar_header = Gem::Package::TarHeader.from stream
 
-    assert_equal 1991400094, tar_header.uid
-    assert_equal 1991400094, tar_header.gid
+    assert_equal 1_991_400_094, tar_header.uid
+    assert_equal 1_991_400_094, tar_header.gid
 
     assert_equal "GeoIP2-City_20190528/", tar_header.name
     assert_equal 0755, tar_header.mode
     assert_equal 0, tar_header.size
-    assert_equal 1559064640, tar_header.mtime
+    assert_equal 1_559_064_640, tar_header.mtime
     assert_equal 6932, tar_header.checksum
   end
 

data/test/rubygems/test_gem_package_tar_reader_entry.rb

@@ -177,10 +177,15 @@ class TestGemPackageTarReaderEntry < Gem::Package::TarTestCase
     assert_equal @contents[100..-1], @entry.read
   end
 
-  def test_read_partial
+  def test_readpartial
     assert_equal @contents[0...100], @entry.readpartial(100)
   end
 
+  def test_readpartial_to_eof
+    assert_equal @contents, @entry.readpartial(4096)
+    assert @entry.eof?
+  end
+
   def test_read_partial_buffer
     buffer = "".b
     @entry.readpartial(100, buffer)
@@ -189,11 +194,42 @@ class TestGemPackageTarReaderEntry < Gem::Package::TarTestCase
 
   def test_readpartial_past_eof
     @entry.readpartial(@contents.size)
+    assert @entry.eof?
     assert_raise(EOFError) do
       @entry.readpartial(1)
     end
   end
 
+  def test_read_corrupted_tar
+    corrupt_tar = String.new
+    corrupt_tar << tar_file_header("lib/foo", "", 0, 100, Time.now)
+    corrupt_tar << tar_file_contents("")
+    corrupt_entry = util_entry corrupt_tar
+
+    assert_equal "", corrupt_entry.read(0)
+    assert_equal "", corrupt_entry.read, "IO.read without len should return empty string (even though it's at an unpexpected EOF)"
+
+    corrupt_entry.rewind
+
+    assert_nil corrupt_entry.read(100), "IO.read with len should return nil as per IO.read docs"
+  ensure
+    close_util_entry(corrupt_entry) if corrupt_entry
+  end
+
+  def test_readpartial_corrupted_tar
+    corrupt_tar = String.new
+    corrupt_tar << tar_file_header("lib/foo", "", 0, 100, Time.now)
+    corrupt_tar << tar_file_contents("")
+
+    corrupt_entry = util_entry corrupt_tar
+
+    assert_raise EOFError do
+      corrupt_entry.readpartial(100)
+    end
+  ensure
+    close_util_entry(corrupt_entry) if corrupt_entry
+  end
+
   def test_rewind
     char = @entry.getc
 
@@ -295,4 +331,20 @@ class TestGemPackageTarReaderEntry < Gem::Package::TarTestCase
       assert_equal contents2.size, entry.pos
     end
   end
+
+  def test_seek_in_gzip_io_corrupted
+    @tar << tar_file_header("lib/bar", "", 0, 100, Time.now)
+    @tar << tar_file_contents("")
+
+    tgz = util_gzip(@tar)
+
+    Zlib::GzipReader.wrap StringIO.new(tgz) do |gzio|
+      util_entry(gzio).close # skip the first entry so io.pos is not 0
+      entry = util_entry(gzio)
+
+      assert_raise EOFError do
+        entry.seek(50)
+      end
+    end
+  end
 end

data/test/rubygems/test_gem_package_tar_writer.rb

@@ -28,7 +28,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   end
 
   def test_add_file
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file "x", 0644 do |f|
         f.write "a" * 10
       end
@@ -42,7 +42,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
 
   def test_add_file_source_date_epoch
     ENV["SOURCE_DATE_EPOCH"] = "123456789"
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.mkdir "foo", 0644
 
       assert_headers_equal tar_dir_header("foo", "", 0644, Time.at(ENV["SOURCE_DATE_EPOCH"].to_i).utc),
@@ -51,7 +51,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   end
 
   def test_add_symlink
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_symlink "x", "y", 0644
 
       assert_headers_equal(tar_symlink_header("x", "", 0644, Time.now, "y"),
@@ -62,7 +62,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
 
   def test_add_symlink_source_date_epoch
     ENV["SOURCE_DATE_EPOCH"] = "123456789"
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_symlink "x", "y", 0644
 
       assert_headers_equal(tar_symlink_header("x", "", 0644, Time.at(ENV["SOURCE_DATE_EPOCH"].to_i).utc, "y"),
@@ -73,7 +73,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   def test_add_file_digest
     digest_algorithms = Digest::SHA1.new, Digest::SHA512.new
 
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       digests = @tar_writer.add_file_digest "x", 0644, digest_algorithms do |io|
         io.write "a" * 10
       end
@@ -96,7 +96,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   def test_add_file_digest_multiple
     digest_algorithms = [Digest::SHA1.new, Digest::SHA512.new]
 
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       digests = @tar_writer.add_file_digest "x", 0644, digest_algorithms do |io|
         io.write "a" * 10
       end
@@ -121,7 +121,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
 
     signer = Gem::Security::Signer.new PRIVATE_KEY, [PUBLIC_CERT]
 
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file_signed "x", 0644, signer do |io|
         io.write "a" * 10
       end
@@ -149,7 +149,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   def test_add_file_signer_empty
     signer = Gem::Security::Signer.new nil, nil
 
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file_signed "x", 0644, signer do |io|
         io.write "a" * 10
       end
@@ -163,7 +163,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   end
 
   def test_add_file_simple
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file_simple "x", 0644, 10 do |io|
         io.write "a" * 10
       end
@@ -178,7 +178,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
 
   def test_add_file_simple_source_date_epoch
     ENV["SOURCE_DATE_EPOCH"] = "123456789"
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file_simple "x", 0644, 10 do |io|
         io.write "a" * 10
       end
@@ -189,7 +189,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   end
 
   def test_add_file_simple_padding
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.add_file_simple "x", 0, 100
 
       assert_headers_equal tar_file_header("x", "", 0, 100, Time.now),
@@ -247,7 +247,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
   end
 
   def test_mkdir
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.mkdir "foo", 0644
 
       assert_headers_equal tar_dir_header("foo", "", 0644, Time.now),
@@ -259,7 +259,7 @@ class TestGemPackageTarWriter < Gem::Package::TarTestCase
 
   def test_mkdir_source_date_epoch
     ENV["SOURCE_DATE_EPOCH"] = "123456789"
-    Time.stub :now, Time.at(1458518157) do
+    Time.stub :now, Time.at(1_458_518_157) do
       @tar_writer.mkdir "foo", 0644
 
       assert_headers_equal tar_dir_header("foo", "", 0644, Time.at(ENV["SOURCE_DATE_EPOCH"].to_i).utc),