rubygems-update 2.1.0.rc.2 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rubygems-update might be problematic. Click here for more details.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.autotest +1 -1
- data/CVE-2013-4287.txt +36 -0
- data/History.txt +14 -1
- data/Manifest.txt +6 -0
- data/Rakefile +3 -1
- data/lib/rubygems.rb +2 -2
- data/lib/rubygems/dependency_resolver.rb +6 -2
- data/lib/rubygems/dependency_resolver/api_specification.rb +3 -0
- data/lib/rubygems/dependency_resolver/index_set.rb +8 -3
- data/lib/rubygems/dependency_resolver/index_specification.rb +9 -2
- data/lib/rubygems/dependency_resolver/installed_specification.rb +4 -0
- data/lib/rubygems/dependency_resolver/installer_set.rb +8 -3
- data/lib/rubygems/gemcutter_utilities.rb +2 -1
- data/lib/rubygems/request_set.rb +3 -0
- data/lib/rubygems/spec_fetcher.rb +4 -1
- data/lib/rubygems/specification.rb +1 -2
- data/lib/rubygems/test_case.rb +14 -1
- data/lib/rubygems/version.rb +1 -1
- data/test/rubygems/test_gem_dependency_resolver.rb +21 -0
- data/test/rubygems/test_gem_dependency_resolver_api_specification.rb +33 -0
- data/test/rubygems/test_gem_dependency_resolver_index_set.rb +53 -0
- data/test/rubygems/test_gem_dependency_resolver_index_specification.rb +46 -0
- data/test/rubygems/test_gem_dependency_resolver_installed_specification.rb +19 -0
- data/test/rubygems/test_gem_dependency_resolver_installer_set.rb +28 -0
- data/test/rubygems/test_gem_gemcutter_utilities.rb +19 -6
- data/test/rubygems/test_gem_spec_fetcher.rb +6 -9
- metadata +15 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 55bcc2565aada10c6c7710d6e7838ea85f6c1f94
|
4
|
+
data.tar.gz: c20b2a65ba400f0f6d870f0337d48982d61e25cf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d3d07022f951f289b684e8591b2f5d3aa5f0db7246f04169424f5641f559ce1dad1d78ed6e83c0e29871c71284609ebefda43a9f98ba5bb43b8711af0446ff88
|
7
|
+
data.tar.gz: d1a3cb1b550833963887bd2701a6daabf9f8c7d0b5bedd5dc14146fe00f6e4829ab087d90b1ddef33cdf8d6ab67e4ea3f76489f75bcd3973c1c56e9fbfe8219f
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/.autotest
CHANGED
data/CVE-2013-4287.txt
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
= Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
|
2
|
+
|
3
|
+
RubyGems validates versions with a regular expression that is vulnerable to
|
4
|
+
denial of service due to a backtracking regular expression. For specially
|
5
|
+
crafted RubyGems versions attackers can cause denial of service through CPU
|
6
|
+
consumption.
|
7
|
+
|
8
|
+
RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
|
9
|
+
|
10
|
+
Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
|
11
|
+
versions of RubyGems.
|
12
|
+
|
13
|
+
It does not appear to be possible to exploit this vulnerability by installing a
|
14
|
+
gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include
|
15
|
+
packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
|
16
|
+
sending user input to Gem::Version.new, Gem::Version.correct? or use of the
|
17
|
+
Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
|
18
|
+
constants.
|
19
|
+
|
20
|
+
Notably, users of bundler that install gems from git are vulnerable if a
|
21
|
+
malicious author changes the gemspec to an invalid version.
|
22
|
+
|
23
|
+
The vulnerability can be fixed by changing the first grouping to an atomic
|
24
|
+
grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For
|
25
|
+
RubyGems 2.0.x:
|
26
|
+
|
27
|
+
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
28
|
+
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
29
|
+
|
30
|
+
For RubyGems 1.8.x:
|
31
|
+
|
32
|
+
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
|
33
|
+
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
|
34
|
+
|
35
|
+
This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com>
|
36
|
+
|
data/History.txt
CHANGED
@@ -1,6 +1,13 @@
|
|
1
1
|
# coding: UTF-8
|
2
2
|
|
3
|
-
=== 2.1.0
|
3
|
+
=== 2.1.0 / 2013-09-09
|
4
|
+
|
5
|
+
Security fixes:
|
6
|
+
|
7
|
+
* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
|
8
|
+
backtracking in Gem::Version validation. See CVE-2013-4287 for full details
|
9
|
+
including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and
|
10
|
+
1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.
|
4
11
|
|
5
12
|
Major enhancements:
|
6
13
|
|
@@ -83,9 +90,15 @@ Minor enhancements:
|
|
83
90
|
Bug fixes:
|
84
91
|
|
85
92
|
* rubygems_plugin.rb files are now only loaded from the latest installed gem.
|
93
|
+
* Fixed Gem.clear_paths when Security is defined at top-level. Pull request
|
94
|
+
#625 by elarkin
|
95
|
+
* Fixed credential creation for `gem push` when `--host` is not given. Pull
|
96
|
+
request #622 by Arthur Nogueira Neves
|
86
97
|
|
87
98
|
=== 2.0.7 / 2013-08-15
|
88
99
|
|
100
|
+
Bug fixes:
|
101
|
+
|
89
102
|
* Extensions may now be built in parallel (therefore gems may be installed in
|
90
103
|
parallel). Bug #607 by Hemant Kumar.
|
91
104
|
* Changed broken link to RubyGems Bookshelf to point to RubyGems guides. Ruby
|
data/Manifest.txt
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
.autotest
|
2
2
|
.document
|
3
|
+
CVE-2013-4287.txt
|
3
4
|
History.txt
|
4
5
|
LICENSE.txt
|
5
6
|
MIT.txt
|
@@ -230,7 +231,12 @@ test/rubygems/test_gem_dependency.rb
|
|
230
231
|
test/rubygems/test_gem_dependency_installer.rb
|
231
232
|
test/rubygems/test_gem_dependency_list.rb
|
232
233
|
test/rubygems/test_gem_dependency_resolver.rb
|
234
|
+
test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
233
235
|
test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
236
|
+
test/rubygems/test_gem_dependency_resolver_index_set.rb
|
237
|
+
test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
238
|
+
test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
239
|
+
test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
234
240
|
test/rubygems/test_gem_doctor.rb
|
235
241
|
test/rubygems/test_gem_ext_builder.rb
|
236
242
|
test/rubygems/test_gem_ext_cmake_builder.rb
|
data/Rakefile
CHANGED
@@ -56,7 +56,9 @@ hoe = Hoe.spec 'rubygems-update' do
|
|
56
56
|
dependency 'rake', '~> 0.9.3', :dev
|
57
57
|
dependency 'minitest', '~> 4.0', :dev
|
58
58
|
|
59
|
-
self.extra_rdoc_files = Dir["*.rdoc"]
|
59
|
+
self.extra_rdoc_files = Dir["*.rdoc"] + %w[
|
60
|
+
CVE-2013-4287.txt
|
61
|
+
]
|
60
62
|
|
61
63
|
spec_extras['rdoc_options'] = proc do |rdoc_options|
|
62
64
|
rdoc_options << "--title=RubyGems Update Documentation"
|
data/lib/rubygems.rb
CHANGED
@@ -8,7 +8,7 @@
|
|
8
8
|
require 'rbconfig'
|
9
9
|
|
10
10
|
module Gem
|
11
|
-
VERSION = '2.1.0
|
11
|
+
VERSION = '2.1.0'
|
12
12
|
end
|
13
13
|
|
14
14
|
# Must be first since it unloads the prelude from 1.9.2
|
@@ -315,7 +315,7 @@ module Gem
|
|
315
315
|
@paths = nil
|
316
316
|
@user_home = nil
|
317
317
|
Gem::Specification.reset
|
318
|
-
Gem::Security.reset if
|
318
|
+
Gem::Security.reset if defined?(Gem::Security)
|
319
319
|
end
|
320
320
|
|
321
321
|
##
|
@@ -79,7 +79,9 @@ class Gem::DependencyResolver
|
|
79
79
|
needed = nil
|
80
80
|
|
81
81
|
@needed.reverse_each do |n|
|
82
|
-
|
82
|
+
request = Gem::DependencyResolver::DependencyRequest.new n, nil
|
83
|
+
|
84
|
+
needed = Gem::List.new request, needed
|
83
85
|
end
|
84
86
|
|
85
87
|
res = resolve_for needed, nil
|
@@ -162,7 +164,9 @@ class Gem::DependencyResolver
|
|
162
164
|
|
163
165
|
# Sort them so that we try the highest versions
|
164
166
|
# first.
|
165
|
-
possible = possible.sort_by
|
167
|
+
possible = possible.sort_by do |s|
|
168
|
+
[s.source, s.version, s.platform == Gem::Platform::RUBY ? -1 : 1]
|
169
|
+
end
|
166
170
|
|
167
171
|
# We track the conflicts seen so that we can report them
|
168
172
|
# to help the user figure out how to fix the situation.
|
@@ -8,6 +8,7 @@ class Gem::DependencyResolver::APISpecification
|
|
8
8
|
|
9
9
|
attr_reader :dependencies
|
10
10
|
attr_reader :name
|
11
|
+
attr_reader :platform
|
11
12
|
attr_reader :set # :nodoc:
|
12
13
|
attr_reader :version
|
13
14
|
|
@@ -15,6 +16,7 @@ class Gem::DependencyResolver::APISpecification
|
|
15
16
|
@set = set
|
16
17
|
@name = api_data[:name]
|
17
18
|
@version = Gem::Version.new api_data[:number]
|
19
|
+
@platform = api_data[:platform]
|
18
20
|
@dependencies = api_data[:dependencies].map do |name, ver|
|
19
21
|
Gem::Dependency.new name, ver.split(/\s*,\s*/)
|
20
22
|
end
|
@@ -25,6 +27,7 @@ class Gem::DependencyResolver::APISpecification
|
|
25
27
|
@set == other.set and
|
26
28
|
@name == other.name and
|
27
29
|
@version == other.version and
|
30
|
+
@platform == other.platform and
|
28
31
|
@dependencies == other.dependencies
|
29
32
|
end
|
30
33
|
|
@@ -43,9 +43,14 @@ class Gem::DependencyResolver::IndexSet
|
|
43
43
|
# Called from IndexSpecification to get a true Specification
|
44
44
|
# object.
|
45
45
|
|
46
|
-
def load_spec name, ver, source
|
47
|
-
key = "#{name}-#{ver}"
|
48
|
-
|
46
|
+
def load_spec name, ver, platform, source
|
47
|
+
key = "#{name}-#{ver}-#{platform}"
|
48
|
+
|
49
|
+
@specs.fetch key do
|
50
|
+
tuple = Gem::NameTuple.new name, ver, platform
|
51
|
+
|
52
|
+
@specs[key] = source.fetch_spec tuple
|
53
|
+
end
|
49
54
|
end
|
50
55
|
|
51
56
|
##
|
@@ -8,6 +8,8 @@ class Gem::DependencyResolver::IndexSpecification
|
|
8
8
|
|
9
9
|
attr_reader :name
|
10
10
|
|
11
|
+
attr_reader :platform
|
12
|
+
|
11
13
|
attr_reader :source
|
12
14
|
|
13
15
|
attr_reader :version
|
@@ -39,14 +41,19 @@ class Gem::DependencyResolver::IndexSpecification
|
|
39
41
|
q.breakable
|
40
42
|
q.text full_name
|
41
43
|
|
44
|
+
unless Gem::Platform::RUBY == @platform then
|
45
|
+
q.breakable
|
46
|
+
q.text @platform
|
47
|
+
end
|
48
|
+
|
42
49
|
q.breakable
|
43
|
-
q.text '
|
50
|
+
q.text 'source '
|
44
51
|
q.pp @source
|
45
52
|
end
|
46
53
|
end
|
47
54
|
|
48
55
|
def spec
|
49
|
-
@spec ||= @set.load_spec(@name, @version, @source)
|
56
|
+
@spec ||= @set.load_spec(@name, @version, @platform, @source)
|
50
57
|
end
|
51
58
|
|
52
59
|
end
|
@@ -115,9 +115,14 @@ class Gem::DependencyResolver::InstallerSet
|
|
115
115
|
# Called from IndexSpecification to get a true Specification
|
116
116
|
# object.
|
117
117
|
|
118
|
-
def load_spec name, ver, source
|
119
|
-
key = "#{name}-#{ver}"
|
120
|
-
|
118
|
+
def load_spec name, ver, platform, source
|
119
|
+
key = "#{name}-#{ver}-#{platform}"
|
120
|
+
|
121
|
+
@specs.fetch key do
|
122
|
+
tuple = Gem::NameTuple.new name, ver, platform
|
123
|
+
|
124
|
+
@specs[key] = source.fetch_spec tuple
|
125
|
+
end
|
121
126
|
end
|
122
127
|
|
123
128
|
##
|
@@ -77,7 +77,8 @@ module Gem::GemcutterUtilities
|
|
77
77
|
# Signs in with the RubyGems API at +sign_in_host+ and sets the rubygems API
|
78
78
|
# key.
|
79
79
|
|
80
|
-
def sign_in sign_in_host =
|
80
|
+
def sign_in sign_in_host = nil
|
81
|
+
sign_in_host ||= self.host
|
81
82
|
return if Gem.configuration.rubygems_api_key
|
82
83
|
|
83
84
|
pretty_host = if Gem::DEFAULT_HOST == sign_in_host then
|
data/lib/rubygems/request_set.rb
CHANGED
@@ -200,8 +200,11 @@ class Gem::SpecFetcher
|
|
200
200
|
when :released
|
201
201
|
tuples_for source, :released
|
202
202
|
when :complete
|
203
|
-
|
203
|
+
names =
|
204
|
+
tuples_for(source, :prerelease, true) +
|
204
205
|
tuples_for(source, :released)
|
206
|
+
|
207
|
+
names.sort
|
205
208
|
when :prerelease
|
206
209
|
tuples_for(source, :prerelease)
|
207
210
|
else
|
@@ -34,7 +34,7 @@ class Date; end
|
|
34
34
|
# s.homepage = 'https://rubygems.org/gems/example'
|
35
35
|
# end
|
36
36
|
#
|
37
|
-
# Starting in RubyGems
|
37
|
+
# Starting in RubyGems 2.0, a Specification can hold arbitrary
|
38
38
|
# metadata. This metadata is accessed via Specification#metadata
|
39
39
|
# and has the following restrictions:
|
40
40
|
#
|
@@ -2097,7 +2097,6 @@ class Gem::Specification < Gem::BasicSpecification
|
|
2097
2097
|
# Returns an object you can use to sort specifications in #sort_by.
|
2098
2098
|
|
2099
2099
|
def sort_obj
|
2100
|
-
# TODO: this is horrible. Deprecate it.
|
2101
2100
|
[@name, @version, @new_platform == Gem::Platform::RUBY ? -1 : 1]
|
2102
2101
|
end
|
2103
2102
|
|
data/lib/rubygems/test_case.rb
CHANGED
@@ -1097,7 +1097,11 @@ Also, a list:
|
|
1097
1097
|
|
1098
1098
|
class StaticSet
|
1099
1099
|
def initialize(specs)
|
1100
|
-
@specs = specs
|
1100
|
+
@specs = specs
|
1101
|
+
end
|
1102
|
+
|
1103
|
+
def add spec
|
1104
|
+
@specs << spec
|
1101
1105
|
end
|
1102
1106
|
|
1103
1107
|
def find_spec(dep)
|
@@ -1110,6 +1114,15 @@ Also, a list:
|
|
1110
1114
|
@specs.find_all { |s| dep.matches_spec? s }
|
1111
1115
|
end
|
1112
1116
|
|
1117
|
+
def load_spec name, ver, platform, source
|
1118
|
+
dep = Gem::Dependency.new name, ver
|
1119
|
+
spec = find_spec dep
|
1120
|
+
|
1121
|
+
Gem::Specification.new spec.name, spec.version do |s|
|
1122
|
+
s.platform = spec.platform
|
1123
|
+
end
|
1124
|
+
end
|
1125
|
+
|
1113
1126
|
def prefetch(reqs)
|
1114
1127
|
end
|
1115
1128
|
end
|
data/lib/rubygems/version.rb
CHANGED
@@ -147,7 +147,7 @@ class Gem::Version
|
|
147
147
|
|
148
148
|
# FIX: These are only used once, in .correct?. Do they deserve to be
|
149
149
|
# constants?
|
150
|
-
VERSION_PATTERN = '[0-9]+(
|
150
|
+
VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
151
151
|
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
|
152
152
|
|
153
153
|
##
|
@@ -66,6 +66,27 @@ class TestGemDependencyResolver < Gem::TestCase
|
|
66
66
|
assert_set [a2], res.resolve
|
67
67
|
end
|
68
68
|
|
69
|
+
def test_picks_best_platform
|
70
|
+
is = Gem::DependencyResolver::IndexSpecification
|
71
|
+
a2_p = quick_spec 'a' do |s| s.platform = Gem::Platform.local end
|
72
|
+
version = Gem::Version.new 2
|
73
|
+
source = Gem::Source.new @gem_repo
|
74
|
+
|
75
|
+
s = set
|
76
|
+
|
77
|
+
a2 = is.new s, 'a', version, source, Gem::Platform::RUBY
|
78
|
+
a2_p = is.new s, 'a', version, source, Gem::Platform.local.to_s
|
79
|
+
|
80
|
+
s.add a2_p
|
81
|
+
s.add a2
|
82
|
+
|
83
|
+
ad = make_dep "a"
|
84
|
+
|
85
|
+
res = Gem::DependencyResolver.new([ad], s)
|
86
|
+
|
87
|
+
assert_set [a2_p], res.resolve
|
88
|
+
end
|
89
|
+
|
69
90
|
def test_only_returns_spec_once
|
70
91
|
a1 = util_spec "a", "1", "c" => "= 1"
|
71
92
|
b1 = util_spec "b", "1", "c" => "= 1"
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'rubygems/test_case'
|
2
|
+
require 'rubygems/dependency_resolver'
|
3
|
+
|
4
|
+
class TestGemDependencyResolverAPISpecification < Gem::TestCase
|
5
|
+
|
6
|
+
def test_initialize
|
7
|
+
set = Gem::DependencyResolver::APISet.new
|
8
|
+
data = {
|
9
|
+
:name => 'rails',
|
10
|
+
:number => '3.0.3',
|
11
|
+
:platform => 'ruby',
|
12
|
+
:dependencies => [
|
13
|
+
['bundler', '~> 1.0'],
|
14
|
+
['railties', '= 3.0.3'],
|
15
|
+
],
|
16
|
+
}
|
17
|
+
|
18
|
+
spec = Gem::DependencyResolver::APISpecification.new set, data
|
19
|
+
|
20
|
+
assert_equal 'rails', spec.name
|
21
|
+
assert_equal Gem::Version.new('3.0.3'), spec.version
|
22
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
23
|
+
|
24
|
+
expected = [
|
25
|
+
Gem::Dependency.new('bundler', '~> 1.0'),
|
26
|
+
Gem::Dependency.new('railties', '= 3.0.3'),
|
27
|
+
]
|
28
|
+
|
29
|
+
assert_equal expected, spec.dependencies
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
|
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'rubygems/test_case'
|
2
|
+
require 'rubygems/dependency_resolver'
|
3
|
+
|
4
|
+
class TestGemDependencyResolverIndexSet < Gem::TestCase
|
5
|
+
|
6
|
+
def test_load_spec
|
7
|
+
@fetcher = Gem::FakeFetcher.new
|
8
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
9
|
+
|
10
|
+
a_2 = quick_spec 'a', 2
|
11
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
12
|
+
|
13
|
+
Gem::Specification.add_specs a_2, a_2_p
|
14
|
+
|
15
|
+
util_setup_spec_fetcher a_2, a_2_p
|
16
|
+
|
17
|
+
source = Gem::Source.new @gem_repo
|
18
|
+
version = v 2
|
19
|
+
|
20
|
+
set = Gem::DependencyResolver::IndexSet.new
|
21
|
+
|
22
|
+
spec = set.load_spec 'a', version, Gem::Platform.local, source
|
23
|
+
|
24
|
+
assert_equal a_2_p.full_name, spec.full_name
|
25
|
+
end
|
26
|
+
|
27
|
+
def test_load_spec_cached
|
28
|
+
@fetcher = Gem::FakeFetcher.new
|
29
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
30
|
+
|
31
|
+
a_2 = quick_spec 'a', 2
|
32
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
33
|
+
|
34
|
+
Gem::Specification.add_specs a_2, a_2_p
|
35
|
+
|
36
|
+
util_setup_spec_fetcher a_2, a_2_p
|
37
|
+
|
38
|
+
source = Gem::Source.new @gem_repo
|
39
|
+
version = v 2
|
40
|
+
|
41
|
+
set = Gem::DependencyResolver::IndexSet.new
|
42
|
+
|
43
|
+
first = set.load_spec 'a', version, Gem::Platform.local, source
|
44
|
+
|
45
|
+
util_setup_spec_fetcher # clear
|
46
|
+
|
47
|
+
second = set.load_spec 'a', version, Gem::Platform.local, source
|
48
|
+
|
49
|
+
assert_same first, second
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
|
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'rubygems/test_case'
|
2
|
+
require 'rubygems/dependency_resolver'
|
3
|
+
|
4
|
+
class TestGemDependencyResolverIndexSpecification < Gem::TestCase
|
5
|
+
|
6
|
+
def test_initialize
|
7
|
+
set = Gem::DependencyResolver::IndexSet.new
|
8
|
+
source = Gem::Source.new @gem_repo
|
9
|
+
version = Gem::Version.new '3.0.3'
|
10
|
+
|
11
|
+
spec = Gem::DependencyResolver::IndexSpecification.new(
|
12
|
+
set, 'rails', version, source, Gem::Platform::RUBY)
|
13
|
+
|
14
|
+
assert_equal 'rails', spec.name
|
15
|
+
assert_equal version, spec.version
|
16
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
17
|
+
|
18
|
+
assert_equal source, spec.source
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_spec
|
22
|
+
@fetcher = Gem::FakeFetcher.new
|
23
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
24
|
+
|
25
|
+
a_2 = quick_spec 'a', 2
|
26
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
27
|
+
|
28
|
+
Gem::Specification.add_specs a_2, a_2_p
|
29
|
+
|
30
|
+
util_setup_spec_fetcher a_2, a_2_p
|
31
|
+
|
32
|
+
source = Gem::Source.new @gem_repo
|
33
|
+
version = v 2
|
34
|
+
|
35
|
+
set = Gem::DependencyResolver::IndexSet.new
|
36
|
+
i_spec = Gem::DependencyResolver::IndexSpecification.new \
|
37
|
+
set, 'a', version, source, Gem::Platform.local
|
38
|
+
|
39
|
+
spec = i_spec.spec
|
40
|
+
|
41
|
+
assert_equal a_2_p.full_name, spec.full_name
|
42
|
+
end
|
43
|
+
|
44
|
+
|
45
|
+
end
|
46
|
+
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rubygems/test_case'
|
2
|
+
require 'rubygems/dependency_resolver'
|
3
|
+
|
4
|
+
class TestGemDependencyResolverInstalledSpecification < Gem::TestCase
|
5
|
+
|
6
|
+
def test_initialize
|
7
|
+
set = Gem::DependencyResolver::CurrentSet.new
|
8
|
+
|
9
|
+
source_spec = quick_spec 'a'
|
10
|
+
|
11
|
+
spec = Gem::DependencyResolver::InstalledSpecification.new set, source_spec
|
12
|
+
|
13
|
+
assert_equal 'a', spec.name
|
14
|
+
assert_equal Gem::Version.new(2), spec.version
|
15
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
19
|
+
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'rubygems/test_case'
|
2
|
+
require 'rubygems/dependency_resolver'
|
3
|
+
|
4
|
+
class TestGemDependencyResolverInstallerSet < Gem::TestCase
|
5
|
+
|
6
|
+
def test_load_spec
|
7
|
+
@fetcher = Gem::FakeFetcher.new
|
8
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
9
|
+
|
10
|
+
a_2 = quick_spec 'a', 2
|
11
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
12
|
+
|
13
|
+
Gem::Specification.add_specs a_2, a_2_p
|
14
|
+
|
15
|
+
util_setup_spec_fetcher a_2, a_2_p
|
16
|
+
|
17
|
+
source = Gem::Source.new @gem_repo
|
18
|
+
version = v 2
|
19
|
+
|
20
|
+
set = Gem::DependencyResolver::InstallerSet.new :remote
|
21
|
+
|
22
|
+
spec = set.load_spec 'a', version, Gem::Platform.local, source
|
23
|
+
|
24
|
+
assert_equal a_2_p.full_name, spec.full_name
|
25
|
+
end
|
26
|
+
|
27
|
+
end
|
28
|
+
|
@@ -101,7 +101,7 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
101
101
|
def test_sign_in_with_host
|
102
102
|
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
103
103
|
|
104
|
-
util_sign_in [api_key, 200, 'OK'], 'http://example.com',
|
104
|
+
util_sign_in [api_key, 200, 'OK'], 'http://example.com', ['http://example.com']
|
105
105
|
|
106
106
|
assert_match "Enter your http://example.com credentials.",
|
107
107
|
@sign_in_ui.output
|
@@ -112,6 +112,20 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
112
112
|
assert_equal api_key, credentials[:rubygems_api_key]
|
113
113
|
end
|
114
114
|
|
115
|
+
def test_sign_in_with_host_nil
|
116
|
+
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
117
|
+
|
118
|
+
util_sign_in [api_key, 200, 'OK'], nil, [nil]
|
119
|
+
|
120
|
+
assert_match "Enter your RubyGems.org credentials.",
|
121
|
+
@sign_in_ui.output
|
122
|
+
assert @fetcher.last_request["authorization"]
|
123
|
+
assert_match %r{Signed in.}, @sign_in_ui.output
|
124
|
+
|
125
|
+
credentials = YAML.load_file Gem.configuration.credentials_path
|
126
|
+
assert_equal api_key, credentials[:rubygems_api_key]
|
127
|
+
end
|
128
|
+
|
115
129
|
def test_sign_in_with_host_ENV
|
116
130
|
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
117
131
|
util_sign_in [api_key, 200, 'OK'], 'http://example.com'
|
@@ -163,14 +177,14 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
163
177
|
assert_match %r{Access Denied.}, @sign_in_ui.output
|
164
178
|
end
|
165
179
|
|
166
|
-
def util_sign_in response, host = nil,
|
180
|
+
def util_sign_in response, host = nil, args = []
|
167
181
|
skip 'Always uses $stdin on windows' if Gem.win_platform?
|
168
182
|
|
169
183
|
email = 'you@example.com'
|
170
184
|
password = 'secret'
|
171
185
|
|
172
186
|
if host
|
173
|
-
ENV['RUBYGEMS_HOST'] = host
|
187
|
+
ENV['RUBYGEMS_HOST'] = host
|
174
188
|
else
|
175
189
|
host = Gem.host
|
176
190
|
end
|
@@ -182,8 +196,8 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
182
196
|
@sign_in_ui = Gem::MockGemUi.new "#{email}\n#{password}\n"
|
183
197
|
|
184
198
|
use_ui @sign_in_ui do
|
185
|
-
if
|
186
|
-
@cmd.sign_in
|
199
|
+
if args.length > 0 then
|
200
|
+
@cmd.sign_in(*args)
|
187
201
|
else
|
188
202
|
@cmd.sign_in
|
189
203
|
end
|
@@ -209,4 +223,3 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
209
223
|
end
|
210
224
|
|
211
225
|
end
|
212
|
-
|
@@ -168,7 +168,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
168
168
|
specs, _ = @sf.available_specs(:latest)
|
169
169
|
|
170
170
|
assert_equal [@source], specs.keys
|
171
|
-
assert_equal @latest_specs, specs[@source]
|
171
|
+
assert_equal @latest_specs, specs[@source]
|
172
172
|
end
|
173
173
|
|
174
174
|
def test_available_specs_released
|
@@ -176,7 +176,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
176
176
|
|
177
177
|
assert_equal [@source], specs.keys
|
178
178
|
|
179
|
-
assert_equal @released, specs[@source]
|
179
|
+
assert_equal @released, specs[@source]
|
180
180
|
end
|
181
181
|
|
182
182
|
def test_available_specs_complete
|
@@ -184,9 +184,9 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
184
184
|
|
185
185
|
assert_equal [@source], specs.keys
|
186
186
|
|
187
|
-
|
187
|
+
expected = (@prerelease_specs + @released).sort
|
188
188
|
|
189
|
-
assert_equal
|
189
|
+
assert_equal expected, specs[@source]
|
190
190
|
end
|
191
191
|
|
192
192
|
def test_available_specs_complete_handles_no_prerelease
|
@@ -197,12 +197,9 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
197
197
|
|
198
198
|
assert_equal [@source], specs.keys
|
199
199
|
|
200
|
-
|
201
|
-
|
202
|
-
assert_equal comp.sort, specs[@source].sort
|
200
|
+
assert_equal @released, specs[@source]
|
203
201
|
end
|
204
202
|
|
205
|
-
|
206
203
|
def test_available_specs_cache
|
207
204
|
specs, _ = @sf.available_specs(:latest)
|
208
205
|
|
@@ -230,7 +227,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
230
227
|
def test_available_specs_prerelease
|
231
228
|
specs, _ = @sf.available_specs(:prerelease)
|
232
229
|
|
233
|
-
assert_equal @prerelease_specs, specs[@source]
|
230
|
+
assert_equal @prerelease_specs, specs[@source]
|
234
231
|
end
|
235
232
|
|
236
233
|
def test_available_specs_with_bad_source
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rubygems-update
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.0
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jim Weirich
|
@@ -32,7 +32,7 @@ cert_chain:
|
|
32
32
|
KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
|
33
33
|
wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
|
34
34
|
-----END CERTIFICATE-----
|
35
|
-
date: 2013-
|
35
|
+
date: 2013-09-09 00:00:00.000000000 Z
|
36
36
|
dependencies:
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
38
|
name: minitest
|
@@ -163,6 +163,7 @@ executables:
|
|
163
163
|
- update_rubygems
|
164
164
|
extensions: []
|
165
165
|
extra_rdoc_files:
|
166
|
+
- CVE-2013-4287.txt
|
166
167
|
- History.txt
|
167
168
|
- LICENSE.txt
|
168
169
|
- MIT.txt
|
@@ -173,6 +174,7 @@ extra_rdoc_files:
|
|
173
174
|
files:
|
174
175
|
- .autotest
|
175
176
|
- .document
|
177
|
+
- CVE-2013-4287.txt
|
176
178
|
- History.txt
|
177
179
|
- LICENSE.txt
|
178
180
|
- MIT.txt
|
@@ -403,7 +405,12 @@ files:
|
|
403
405
|
- test/rubygems/test_gem_dependency_installer.rb
|
404
406
|
- test/rubygems/test_gem_dependency_list.rb
|
405
407
|
- test/rubygems/test_gem_dependency_resolver.rb
|
408
|
+
- test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
406
409
|
- test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
410
|
+
- test/rubygems/test_gem_dependency_resolver_index_set.rb
|
411
|
+
- test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
412
|
+
- test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
413
|
+
- test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
407
414
|
- test/rubygems/test_gem_doctor.rb
|
408
415
|
- test/rubygems/test_gem_ext_builder.rb
|
409
416
|
- test/rubygems/test_gem_ext_cmake_builder.rb
|
@@ -485,7 +492,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
485
492
|
version: '0'
|
486
493
|
requirements: []
|
487
494
|
rubyforge_project: rubygems-update
|
488
|
-
rubygems_version: 2.0
|
495
|
+
rubygems_version: 2.1.0
|
489
496
|
signing_key:
|
490
497
|
specification_version: 4
|
491
498
|
summary: RubyGems is a package management framework for Ruby
|
@@ -531,7 +538,12 @@ test_files:
|
|
531
538
|
- test/rubygems/test_gem_dependency_installer.rb
|
532
539
|
- test/rubygems/test_gem_dependency_list.rb
|
533
540
|
- test/rubygems/test_gem_dependency_resolver.rb
|
541
|
+
- test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
534
542
|
- test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
543
|
+
- test/rubygems/test_gem_dependency_resolver_index_set.rb
|
544
|
+
- test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
545
|
+
- test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
546
|
+
- test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
535
547
|
- test/rubygems/test_gem_doctor.rb
|
536
548
|
- test/rubygems/test_gem_ext_builder.rb
|
537
549
|
- test/rubygems/test_gem_ext_cmake_builder.rb
|
metadata.gz.sig
CHANGED
Binary file
|