rubygems-update 2.0.15 → 2.0.16

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of rubygems-update might be problematic. Click here for more details.

checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b4775dabfae0ef7de44b6438d76446a7880ca4c6
4
- data.tar.gz: 510bd734392de9ffac798d6fed2f6f172a89277a
3
+ metadata.gz: a73bcbd4fbbd72da068f225bc86a61ba6e7ee981
4
+ data.tar.gz: ab58dc5df51e0735110298073c0780cd855c5d99
5
5
  SHA512:
6
- metadata.gz: ed05c2af4e670d615e46e646546b6d1621c81d933bac9bd28e3f9203b9c7cfbc04f8f0b88b309349395d76ee642751a212bd28a13b89fb96c8b0b745adf578d0
7
- data.tar.gz: 36124f17c87851fe53e8e97a3675c5371d9889685789f44f8a691ce656fb2ff9db874bd879dd55786159d27ebe21cfd54225e04e9cab3b4ba9dfe44cdb2821ba
6
+ metadata.gz: 40308a04d1211aef0db6578595838f31c9649bef3e1ccabbbf9ddebfbcce5f61401d6986465f7055b7c821f3330ddd351d06962f1b50d0a567843e11218438bc
7
+ data.tar.gz: 9c265d4e0c4093e4e44ee0e4e676b3db15ae28fff711e5ffc650fca99eb707f7cb8f49040080b901b2ba4ba3ea16df43f9008ef3caec8fbc9c745d5adefc1b77
@@ -1,5 +1,12 @@
1
1
  # coding: UTF-8
2
2
 
3
+ === 2.0.16 / 2015-05-14
4
+
5
+ Bug fixes:
6
+
7
+ * Backport: Limit API endpoint to original security domain for CVE-2015-3900.
8
+ Fix by claudijd
9
+
3
10
  === 2.0.15 / 2014-12-21
4
11
 
5
12
  Bug fixes:
@@ -8,7 +8,7 @@
8
8
  require 'rbconfig'
9
9
 
10
10
  module Gem
11
- VERSION = '2.0.15'
11
+ VERSION = '2.0.16'
12
12
  end
13
13
 
14
14
  # Must be first since it unloads the prelude from 1.9.2
@@ -103,7 +103,13 @@ class Gem::RemoteFetcher
103
103
  rescue Resolv::ResolvError
104
104
  uri
105
105
  else
106
- URI.parse "#{res.target}#{uri.path}"
106
+ target = res.target.to_s.strip
107
+
108
+ if /#{host}\z/ =~ target
109
+ return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
110
+ end
111
+
112
+ uri
107
113
  end
108
114
  end
109
115
 
@@ -177,15 +177,30 @@ gems:
177
177
  end
178
178
 
179
179
  def test_api_endpoint
180
+ uri = URI.parse "http://example.com/foo"
181
+ target = MiniTest::Mock.new
182
+ target.expect :target, "gems.example.com"
183
+
184
+ dns = MiniTest::Mock.new
185
+ dns.expect :getresource, target, [String, Object]
186
+
187
+ fetch = Gem::RemoteFetcher.new nil, dns
188
+ assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
189
+
190
+ target.verify
191
+ dns.verify
192
+ end
193
+
194
+ def test_api_endpoint_ignores_trans_domain_values
180
195
  uri = URI.parse "http://gems.example.com/foo"
181
196
  target = MiniTest::Mock.new
182
- target.expect :target, "http://blah.com"
197
+ target.expect :target, "blah.com"
183
198
 
184
199
  dns = MiniTest::Mock.new
185
200
  dns.expect :getresource, target, [String, Object]
186
201
 
187
202
  fetch = Gem::RemoteFetcher.new nil, dns
188
- assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
203
+ assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
189
204
 
190
205
  target.verify
191
206
  dns.verify
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubygems-update
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.15
4
+ version: 2.0.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jim Weirich
@@ -10,90 +10,104 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2014-12-21 00:00:00.000000000 Z
13
+ date: 2015-05-14 00:00:00.000000000 Z
14
14
  dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: minitest
17
+ requirement: !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '5.4'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ requirements:
26
+ - - ~>
27
+ - !ruby/object:Gem::Version
28
+ version: '5.4'
15
29
  - !ruby/object:Gem::Dependency
16
30
  name: rdoc
17
31
  requirement: !ruby/object:Gem::Requirement
18
32
  requirements:
19
- - - "~>"
33
+ - - ~>
20
34
  - !ruby/object:Gem::Version
21
35
  version: '4.0'
22
36
  type: :development
23
37
  prerelease: false
24
38
  version_requirements: !ruby/object:Gem::Requirement
25
39
  requirements:
26
- - - "~>"
40
+ - - ~>
27
41
  - !ruby/object:Gem::Version
28
42
  version: '4.0'
29
43
  - !ruby/object:Gem::Dependency
30
44
  name: builder
31
45
  requirement: !ruby/object:Gem::Requirement
32
46
  requirements:
33
- - - "~>"
47
+ - - ~>
34
48
  - !ruby/object:Gem::Version
35
49
  version: '2.1'
36
50
  type: :development
37
51
  prerelease: false
38
52
  version_requirements: !ruby/object:Gem::Requirement
39
53
  requirements:
40
- - - "~>"
54
+ - - ~>
41
55
  - !ruby/object:Gem::Version
42
56
  version: '2.1'
43
57
  - !ruby/object:Gem::Dependency
44
58
  name: hoe-seattlerb
45
59
  requirement: !ruby/object:Gem::Requirement
46
60
  requirements:
47
- - - "~>"
61
+ - - ~>
48
62
  - !ruby/object:Gem::Version
49
63
  version: '1.2'
50
64
  type: :development
51
65
  prerelease: false
52
66
  version_requirements: !ruby/object:Gem::Requirement
53
67
  requirements:
54
- - - "~>"
68
+ - - ~>
55
69
  - !ruby/object:Gem::Version
56
70
  version: '1.2'
57
71
  - !ruby/object:Gem::Dependency
58
72
  name: ZenTest
59
73
  requirement: !ruby/object:Gem::Requirement
60
74
  requirements:
61
- - - "~>"
75
+ - - ~>
62
76
  - !ruby/object:Gem::Version
63
77
  version: '4.5'
64
78
  type: :development
65
79
  prerelease: false
66
80
  version_requirements: !ruby/object:Gem::Requirement
67
81
  requirements:
68
- - - "~>"
82
+ - - ~>
69
83
  - !ruby/object:Gem::Version
70
84
  version: '4.5'
71
85
  - !ruby/object:Gem::Dependency
72
86
  name: rake
73
87
  requirement: !ruby/object:Gem::Requirement
74
88
  requirements:
75
- - - "~>"
89
+ - - ~>
76
90
  - !ruby/object:Gem::Version
77
91
  version: 0.9.3
78
92
  type: :development
79
93
  prerelease: false
80
94
  version_requirements: !ruby/object:Gem::Requirement
81
95
  requirements:
82
- - - "~>"
96
+ - - ~>
83
97
  - !ruby/object:Gem::Version
84
98
  version: 0.9.3
85
99
  - !ruby/object:Gem::Dependency
86
100
  name: hoe
87
101
  requirement: !ruby/object:Gem::Requirement
88
102
  requirements:
89
- - - "~>"
103
+ - - ~>
90
104
  - !ruby/object:Gem::Version
91
105
  version: '3.13'
92
106
  type: :development
93
107
  prerelease: false
94
108
  version_requirements: !ruby/object:Gem::Requirement
95
109
  requirements:
96
- - - "~>"
110
+ - - ~>
97
111
  - !ruby/object:Gem::Version
98
112
  version: '3.13'
99
113
  description: |-
@@ -137,9 +151,9 @@ extra_rdoc_files:
137
151
  - UPGRADING.rdoc
138
152
  - hide_lib_for_update/note.txt
139
153
  files:
140
- - ".autotest"
141
- - ".document"
142
- - ".gemtest"
154
+ - .autotest
155
+ - .document
156
+ - .gemtest
143
157
  - CVE-2013-4287.txt
144
158
  - CVE-2013-4363.txt
145
159
  - History.txt
@@ -407,113 +421,25 @@ licenses:
407
421
  metadata: {}
408
422
  post_install_message:
409
423
  rdoc_options:
410
- - "--main"
424
+ - --main
411
425
  - README.rdoc
412
- - "--title=RubyGems Update Documentation"
426
+ - --title=RubyGems Update Documentation
413
427
  require_paths:
414
428
  - hide_lib_for_update
415
429
  required_ruby_version: !ruby/object:Gem::Requirement
416
430
  requirements:
417
- - - ">="
431
+ - - '>='
418
432
  - !ruby/object:Gem::Version
419
433
  version: 1.8.7
420
434
  required_rubygems_version: !ruby/object:Gem::Requirement
421
435
  requirements:
422
- - - ">="
436
+ - - '>='
423
437
  - !ruby/object:Gem::Version
424
438
  version: '0'
425
439
  requirements: []
426
440
  rubyforge_project:
427
- rubygems_version: 2.2.2
441
+ rubygems_version: 2.4.2
428
442
  signing_key:
429
443
  specification_version: 4
430
444
  summary: RubyGems is a package management framework for Ruby
431
- test_files:
432
- - test/rubygems/test_bundled_ca.rb
433
- - test/rubygems/test_config.rb
434
- - test/rubygems/test_deprecate.rb
435
- - test/rubygems/test_gem.rb
436
- - test/rubygems/test_gem_available_set.rb
437
- - test/rubygems/test_gem_command.rb
438
- - test/rubygems/test_gem_command_manager.rb
439
- - test/rubygems/test_gem_commands_build_command.rb
440
- - test/rubygems/test_gem_commands_cert_command.rb
441
- - test/rubygems/test_gem_commands_check_command.rb
442
- - test/rubygems/test_gem_commands_cleanup_command.rb
443
- - test/rubygems/test_gem_commands_contents_command.rb
444
- - test/rubygems/test_gem_commands_dependency_command.rb
445
- - test/rubygems/test_gem_commands_environment_command.rb
446
- - test/rubygems/test_gem_commands_fetch_command.rb
447
- - test/rubygems/test_gem_commands_generate_index_command.rb
448
- - test/rubygems/test_gem_commands_help_command.rb
449
- - test/rubygems/test_gem_commands_install_command.rb
450
- - test/rubygems/test_gem_commands_list_command.rb
451
- - test/rubygems/test_gem_commands_lock_command.rb
452
- - test/rubygems/test_gem_commands_mirror.rb
453
- - test/rubygems/test_gem_commands_outdated_command.rb
454
- - test/rubygems/test_gem_commands_owner_command.rb
455
- - test/rubygems/test_gem_commands_pristine_command.rb
456
- - test/rubygems/test_gem_commands_push_command.rb
457
- - test/rubygems/test_gem_commands_query_command.rb
458
- - test/rubygems/test_gem_commands_search_command.rb
459
- - test/rubygems/test_gem_commands_server_command.rb
460
- - test/rubygems/test_gem_commands_setup_command.rb
461
- - test/rubygems/test_gem_commands_sources_command.rb
462
- - test/rubygems/test_gem_commands_specification_command.rb
463
- - test/rubygems/test_gem_commands_stale_command.rb
464
- - test/rubygems/test_gem_commands_uninstall_command.rb
465
- - test/rubygems/test_gem_commands_unpack_command.rb
466
- - test/rubygems/test_gem_commands_update_command.rb
467
- - test/rubygems/test_gem_commands_which_command.rb
468
- - test/rubygems/test_gem_commands_yank_command.rb
469
- - test/rubygems/test_gem_config_file.rb
470
- - test/rubygems/test_gem_dependency.rb
471
- - test/rubygems/test_gem_dependency_installer.rb
472
- - test/rubygems/test_gem_dependency_list.rb
473
- - test/rubygems/test_gem_dependency_resolver.rb
474
- - test/rubygems/test_gem_doctor.rb
475
- - test/rubygems/test_gem_ext_builder.rb
476
- - test/rubygems/test_gem_ext_cmake_builder.rb
477
- - test/rubygems/test_gem_ext_configure_builder.rb
478
- - test/rubygems/test_gem_ext_ext_conf_builder.rb
479
- - test/rubygems/test_gem_ext_rake_builder.rb
480
- - test/rubygems/test_gem_gem_runner.rb
481
- - test/rubygems/test_gem_gemcutter_utilities.rb
482
- - test/rubygems/test_gem_indexer.rb
483
- - test/rubygems/test_gem_install_update_options.rb
484
- - test/rubygems/test_gem_installer.rb
485
- - test/rubygems/test_gem_local_remote_options.rb
486
- - test/rubygems/test_gem_name_tuple.rb
487
- - test/rubygems/test_gem_package.rb
488
- - test/rubygems/test_gem_package_old.rb
489
- - test/rubygems/test_gem_package_tar_header.rb
490
- - test/rubygems/test_gem_package_tar_reader.rb
491
- - test/rubygems/test_gem_package_tar_reader_entry.rb
492
- - test/rubygems/test_gem_package_tar_writer.rb
493
- - test/rubygems/test_gem_package_task.rb
494
- - test/rubygems/test_gem_path_support.rb
495
- - test/rubygems/test_gem_platform.rb
496
- - test/rubygems/test_gem_rdoc.rb
497
- - test/rubygems/test_gem_remote_fetcher.rb
498
- - test/rubygems/test_gem_request_set.rb
499
- - test/rubygems/test_gem_requirement.rb
500
- - test/rubygems/test_gem_security.rb
501
- - test/rubygems/test_gem_security_policy.rb
502
- - test/rubygems/test_gem_security_signer.rb
503
- - test/rubygems/test_gem_security_trust_dir.rb
504
- - test/rubygems/test_gem_server.rb
505
- - test/rubygems/test_gem_silent_ui.rb
506
- - test/rubygems/test_gem_source.rb
507
- - test/rubygems/test_gem_source_list.rb
508
- - test/rubygems/test_gem_source_local.rb
509
- - test/rubygems/test_gem_source_specific_file.rb
510
- - test/rubygems/test_gem_spec_fetcher.rb
511
- - test/rubygems/test_gem_specification.rb
512
- - test/rubygems/test_gem_stream_ui.rb
513
- - test/rubygems/test_gem_text.rb
514
- - test/rubygems/test_gem_uninstaller.rb
515
- - test/rubygems/test_gem_validator.rb
516
- - test/rubygems/test_gem_version.rb
517
- - test/rubygems/test_gem_version_option.rb
518
- - test/rubygems/test_kernel.rb
519
- - test/rubygems/test_require.rb
445
+ test_files: []