rubygems-update 2.1.0.rc.2 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of rubygems-update might be problematic. Click here for more details.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.autotest +1 -1
- data/CVE-2013-4287.txt +36 -0
- data/History.txt +14 -1
- data/Manifest.txt +6 -0
- data/Rakefile +3 -1
- data/lib/rubygems.rb +2 -2
- data/lib/rubygems/dependency_resolver.rb +6 -2
- data/lib/rubygems/dependency_resolver/api_specification.rb +3 -0
- data/lib/rubygems/dependency_resolver/index_set.rb +8 -3
- data/lib/rubygems/dependency_resolver/index_specification.rb +9 -2
- data/lib/rubygems/dependency_resolver/installed_specification.rb +4 -0
- data/lib/rubygems/dependency_resolver/installer_set.rb +8 -3
- data/lib/rubygems/gemcutter_utilities.rb +2 -1
- data/lib/rubygems/request_set.rb +3 -0
- data/lib/rubygems/spec_fetcher.rb +4 -1
- data/lib/rubygems/specification.rb +1 -2
- data/lib/rubygems/test_case.rb +14 -1
- data/lib/rubygems/version.rb +1 -1
- data/test/rubygems/test_gem_dependency_resolver.rb +21 -0
- data/test/rubygems/test_gem_dependency_resolver_api_specification.rb +33 -0
- data/test/rubygems/test_gem_dependency_resolver_index_set.rb +53 -0
- data/test/rubygems/test_gem_dependency_resolver_index_specification.rb +46 -0
- data/test/rubygems/test_gem_dependency_resolver_installed_specification.rb +19 -0
- data/test/rubygems/test_gem_dependency_resolver_installer_set.rb +28 -0
- data/test/rubygems/test_gem_gemcutter_utilities.rb +19 -6
- data/test/rubygems/test_gem_spec_fetcher.rb +6 -9
- metadata +15 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 55bcc2565aada10c6c7710d6e7838ea85f6c1f94
|
|
4
|
+
data.tar.gz: c20b2a65ba400f0f6d870f0337d48982d61e25cf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d3d07022f951f289b684e8591b2f5d3aa5f0db7246f04169424f5641f559ce1dad1d78ed6e83c0e29871c71284609ebefda43a9f98ba5bb43b8711af0446ff88
|
|
7
|
+
data.tar.gz: d1a3cb1b550833963887bd2701a6daabf9f8c7d0b5bedd5dc14146fe00f6e4829ab087d90b1ddef33cdf8d6ab67e4ea3f76489f75bcd3973c1c56e9fbfe8219f
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data.tar.gz.sig
CHANGED
|
Binary file
|
data/.autotest
CHANGED
data/CVE-2013-4287.txt
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
= Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
|
|
2
|
+
|
|
3
|
+
RubyGems validates versions with a regular expression that is vulnerable to
|
|
4
|
+
denial of service due to a backtracking regular expression. For specially
|
|
5
|
+
crafted RubyGems versions attackers can cause denial of service through CPU
|
|
6
|
+
consumption.
|
|
7
|
+
|
|
8
|
+
RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
|
|
9
|
+
|
|
10
|
+
Ruby versions 1.9.0 through 2.0.0p247 are vulnerable as they contain embedded
|
|
11
|
+
versions of RubyGems.
|
|
12
|
+
|
|
13
|
+
It does not appear to be possible to exploit this vulnerability by installing a
|
|
14
|
+
gem for RubyGems 1.8.x or 2.0.x. Vulnerable uses of RubyGems API include
|
|
15
|
+
packaging a gem (through `gem build`, Gem::Package or Gem::PackageTask),
|
|
16
|
+
sending user input to Gem::Version.new, Gem::Version.correct? or use of the
|
|
17
|
+
Gem::Version::VERSION_PATTERN or Gem::Version::ANCHORED_VERSION_PATTERN
|
|
18
|
+
constants.
|
|
19
|
+
|
|
20
|
+
Notably, users of bundler that install gems from git are vulnerable if a
|
|
21
|
+
malicious author changes the gemspec to an invalid version.
|
|
22
|
+
|
|
23
|
+
The vulnerability can be fixed by changing the first grouping to an atomic
|
|
24
|
+
grouping in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb. For
|
|
25
|
+
RubyGems 2.0.x:
|
|
26
|
+
|
|
27
|
+
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
|
28
|
+
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
|
29
|
+
|
|
30
|
+
For RubyGems 1.8.x:
|
|
31
|
+
|
|
32
|
+
- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc:
|
|
33
|
+
+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc:
|
|
34
|
+
|
|
35
|
+
This vulnerability was discovered by Damir Sharipov <dammer2k@gmail.com>
|
|
36
|
+
|
data/History.txt
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# coding: UTF-8
|
|
2
2
|
|
|
3
|
-
=== 2.1.0
|
|
3
|
+
=== 2.1.0 / 2013-09-09
|
|
4
|
+
|
|
5
|
+
Security fixes:
|
|
6
|
+
|
|
7
|
+
* RubyGems 2.0.7 and earlier are vulnerable to excessive CPU usage due to a
|
|
8
|
+
backtracking in Gem::Version validation. See CVE-2013-4287 for full details
|
|
9
|
+
including vulnerable APIs. Fixed versions include 2.0.8, 1.8.26 and
|
|
10
|
+
1.8.23.1 (for Ruby 1.9.3). Issue #626 by Damir Sharipov.
|
|
4
11
|
|
|
5
12
|
Major enhancements:
|
|
6
13
|
|
|
@@ -83,9 +90,15 @@ Minor enhancements:
|
|
|
83
90
|
Bug fixes:
|
|
84
91
|
|
|
85
92
|
* rubygems_plugin.rb files are now only loaded from the latest installed gem.
|
|
93
|
+
* Fixed Gem.clear_paths when Security is defined at top-level. Pull request
|
|
94
|
+
#625 by elarkin
|
|
95
|
+
* Fixed credential creation for `gem push` when `--host` is not given. Pull
|
|
96
|
+
request #622 by Arthur Nogueira Neves
|
|
86
97
|
|
|
87
98
|
=== 2.0.7 / 2013-08-15
|
|
88
99
|
|
|
100
|
+
Bug fixes:
|
|
101
|
+
|
|
89
102
|
* Extensions may now be built in parallel (therefore gems may be installed in
|
|
90
103
|
parallel). Bug #607 by Hemant Kumar.
|
|
91
104
|
* Changed broken link to RubyGems Bookshelf to point to RubyGems guides. Ruby
|
data/Manifest.txt
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
.autotest
|
|
2
2
|
.document
|
|
3
|
+
CVE-2013-4287.txt
|
|
3
4
|
History.txt
|
|
4
5
|
LICENSE.txt
|
|
5
6
|
MIT.txt
|
|
@@ -230,7 +231,12 @@ test/rubygems/test_gem_dependency.rb
|
|
|
230
231
|
test/rubygems/test_gem_dependency_installer.rb
|
|
231
232
|
test/rubygems/test_gem_dependency_list.rb
|
|
232
233
|
test/rubygems/test_gem_dependency_resolver.rb
|
|
234
|
+
test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
|
233
235
|
test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
|
236
|
+
test/rubygems/test_gem_dependency_resolver_index_set.rb
|
|
237
|
+
test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
|
238
|
+
test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
|
239
|
+
test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
|
234
240
|
test/rubygems/test_gem_doctor.rb
|
|
235
241
|
test/rubygems/test_gem_ext_builder.rb
|
|
236
242
|
test/rubygems/test_gem_ext_cmake_builder.rb
|
data/Rakefile
CHANGED
|
@@ -56,7 +56,9 @@ hoe = Hoe.spec 'rubygems-update' do
|
|
|
56
56
|
dependency 'rake', '~> 0.9.3', :dev
|
|
57
57
|
dependency 'minitest', '~> 4.0', :dev
|
|
58
58
|
|
|
59
|
-
self.extra_rdoc_files = Dir["*.rdoc"]
|
|
59
|
+
self.extra_rdoc_files = Dir["*.rdoc"] + %w[
|
|
60
|
+
CVE-2013-4287.txt
|
|
61
|
+
]
|
|
60
62
|
|
|
61
63
|
spec_extras['rdoc_options'] = proc do |rdoc_options|
|
|
62
64
|
rdoc_options << "--title=RubyGems Update Documentation"
|
data/lib/rubygems.rb
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
require 'rbconfig'
|
|
9
9
|
|
|
10
10
|
module Gem
|
|
11
|
-
VERSION = '2.1.0
|
|
11
|
+
VERSION = '2.1.0'
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
# Must be first since it unloads the prelude from 1.9.2
|
|
@@ -315,7 +315,7 @@ module Gem
|
|
|
315
315
|
@paths = nil
|
|
316
316
|
@user_home = nil
|
|
317
317
|
Gem::Specification.reset
|
|
318
|
-
Gem::Security.reset if
|
|
318
|
+
Gem::Security.reset if defined?(Gem::Security)
|
|
319
319
|
end
|
|
320
320
|
|
|
321
321
|
##
|
|
@@ -79,7 +79,9 @@ class Gem::DependencyResolver
|
|
|
79
79
|
needed = nil
|
|
80
80
|
|
|
81
81
|
@needed.reverse_each do |n|
|
|
82
|
-
|
|
82
|
+
request = Gem::DependencyResolver::DependencyRequest.new n, nil
|
|
83
|
+
|
|
84
|
+
needed = Gem::List.new request, needed
|
|
83
85
|
end
|
|
84
86
|
|
|
85
87
|
res = resolve_for needed, nil
|
|
@@ -162,7 +164,9 @@ class Gem::DependencyResolver
|
|
|
162
164
|
|
|
163
165
|
# Sort them so that we try the highest versions
|
|
164
166
|
# first.
|
|
165
|
-
possible = possible.sort_by
|
|
167
|
+
possible = possible.sort_by do |s|
|
|
168
|
+
[s.source, s.version, s.platform == Gem::Platform::RUBY ? -1 : 1]
|
|
169
|
+
end
|
|
166
170
|
|
|
167
171
|
# We track the conflicts seen so that we can report them
|
|
168
172
|
# to help the user figure out how to fix the situation.
|
|
@@ -8,6 +8,7 @@ class Gem::DependencyResolver::APISpecification
|
|
|
8
8
|
|
|
9
9
|
attr_reader :dependencies
|
|
10
10
|
attr_reader :name
|
|
11
|
+
attr_reader :platform
|
|
11
12
|
attr_reader :set # :nodoc:
|
|
12
13
|
attr_reader :version
|
|
13
14
|
|
|
@@ -15,6 +16,7 @@ class Gem::DependencyResolver::APISpecification
|
|
|
15
16
|
@set = set
|
|
16
17
|
@name = api_data[:name]
|
|
17
18
|
@version = Gem::Version.new api_data[:number]
|
|
19
|
+
@platform = api_data[:platform]
|
|
18
20
|
@dependencies = api_data[:dependencies].map do |name, ver|
|
|
19
21
|
Gem::Dependency.new name, ver.split(/\s*,\s*/)
|
|
20
22
|
end
|
|
@@ -25,6 +27,7 @@ class Gem::DependencyResolver::APISpecification
|
|
|
25
27
|
@set == other.set and
|
|
26
28
|
@name == other.name and
|
|
27
29
|
@version == other.version and
|
|
30
|
+
@platform == other.platform and
|
|
28
31
|
@dependencies == other.dependencies
|
|
29
32
|
end
|
|
30
33
|
|
|
@@ -43,9 +43,14 @@ class Gem::DependencyResolver::IndexSet
|
|
|
43
43
|
# Called from IndexSpecification to get a true Specification
|
|
44
44
|
# object.
|
|
45
45
|
|
|
46
|
-
def load_spec name, ver, source
|
|
47
|
-
key = "#{name}-#{ver}"
|
|
48
|
-
|
|
46
|
+
def load_spec name, ver, platform, source
|
|
47
|
+
key = "#{name}-#{ver}-#{platform}"
|
|
48
|
+
|
|
49
|
+
@specs.fetch key do
|
|
50
|
+
tuple = Gem::NameTuple.new name, ver, platform
|
|
51
|
+
|
|
52
|
+
@specs[key] = source.fetch_spec tuple
|
|
53
|
+
end
|
|
49
54
|
end
|
|
50
55
|
|
|
51
56
|
##
|
|
@@ -8,6 +8,8 @@ class Gem::DependencyResolver::IndexSpecification
|
|
|
8
8
|
|
|
9
9
|
attr_reader :name
|
|
10
10
|
|
|
11
|
+
attr_reader :platform
|
|
12
|
+
|
|
11
13
|
attr_reader :source
|
|
12
14
|
|
|
13
15
|
attr_reader :version
|
|
@@ -39,14 +41,19 @@ class Gem::DependencyResolver::IndexSpecification
|
|
|
39
41
|
q.breakable
|
|
40
42
|
q.text full_name
|
|
41
43
|
|
|
44
|
+
unless Gem::Platform::RUBY == @platform then
|
|
45
|
+
q.breakable
|
|
46
|
+
q.text @platform
|
|
47
|
+
end
|
|
48
|
+
|
|
42
49
|
q.breakable
|
|
43
|
-
q.text '
|
|
50
|
+
q.text 'source '
|
|
44
51
|
q.pp @source
|
|
45
52
|
end
|
|
46
53
|
end
|
|
47
54
|
|
|
48
55
|
def spec
|
|
49
|
-
@spec ||= @set.load_spec(@name, @version, @source)
|
|
56
|
+
@spec ||= @set.load_spec(@name, @version, @platform, @source)
|
|
50
57
|
end
|
|
51
58
|
|
|
52
59
|
end
|
|
@@ -115,9 +115,14 @@ class Gem::DependencyResolver::InstallerSet
|
|
|
115
115
|
# Called from IndexSpecification to get a true Specification
|
|
116
116
|
# object.
|
|
117
117
|
|
|
118
|
-
def load_spec name, ver, source
|
|
119
|
-
key = "#{name}-#{ver}"
|
|
120
|
-
|
|
118
|
+
def load_spec name, ver, platform, source
|
|
119
|
+
key = "#{name}-#{ver}-#{platform}"
|
|
120
|
+
|
|
121
|
+
@specs.fetch key do
|
|
122
|
+
tuple = Gem::NameTuple.new name, ver, platform
|
|
123
|
+
|
|
124
|
+
@specs[key] = source.fetch_spec tuple
|
|
125
|
+
end
|
|
121
126
|
end
|
|
122
127
|
|
|
123
128
|
##
|
|
@@ -77,7 +77,8 @@ module Gem::GemcutterUtilities
|
|
|
77
77
|
# Signs in with the RubyGems API at +sign_in_host+ and sets the rubygems API
|
|
78
78
|
# key.
|
|
79
79
|
|
|
80
|
-
def sign_in sign_in_host =
|
|
80
|
+
def sign_in sign_in_host = nil
|
|
81
|
+
sign_in_host ||= self.host
|
|
81
82
|
return if Gem.configuration.rubygems_api_key
|
|
82
83
|
|
|
83
84
|
pretty_host = if Gem::DEFAULT_HOST == sign_in_host then
|
data/lib/rubygems/request_set.rb
CHANGED
|
@@ -200,8 +200,11 @@ class Gem::SpecFetcher
|
|
|
200
200
|
when :released
|
|
201
201
|
tuples_for source, :released
|
|
202
202
|
when :complete
|
|
203
|
-
|
|
203
|
+
names =
|
|
204
|
+
tuples_for(source, :prerelease, true) +
|
|
204
205
|
tuples_for(source, :released)
|
|
206
|
+
|
|
207
|
+
names.sort
|
|
205
208
|
when :prerelease
|
|
206
209
|
tuples_for(source, :prerelease)
|
|
207
210
|
else
|
|
@@ -34,7 +34,7 @@ class Date; end
|
|
|
34
34
|
# s.homepage = 'https://rubygems.org/gems/example'
|
|
35
35
|
# end
|
|
36
36
|
#
|
|
37
|
-
# Starting in RubyGems
|
|
37
|
+
# Starting in RubyGems 2.0, a Specification can hold arbitrary
|
|
38
38
|
# metadata. This metadata is accessed via Specification#metadata
|
|
39
39
|
# and has the following restrictions:
|
|
40
40
|
#
|
|
@@ -2097,7 +2097,6 @@ class Gem::Specification < Gem::BasicSpecification
|
|
|
2097
2097
|
# Returns an object you can use to sort specifications in #sort_by.
|
|
2098
2098
|
|
|
2099
2099
|
def sort_obj
|
|
2100
|
-
# TODO: this is horrible. Deprecate it.
|
|
2101
2100
|
[@name, @version, @new_platform == Gem::Platform::RUBY ? -1 : 1]
|
|
2102
2101
|
end
|
|
2103
2102
|
|
data/lib/rubygems/test_case.rb
CHANGED
|
@@ -1097,7 +1097,11 @@ Also, a list:
|
|
|
1097
1097
|
|
|
1098
1098
|
class StaticSet
|
|
1099
1099
|
def initialize(specs)
|
|
1100
|
-
@specs = specs
|
|
1100
|
+
@specs = specs
|
|
1101
|
+
end
|
|
1102
|
+
|
|
1103
|
+
def add spec
|
|
1104
|
+
@specs << spec
|
|
1101
1105
|
end
|
|
1102
1106
|
|
|
1103
1107
|
def find_spec(dep)
|
|
@@ -1110,6 +1114,15 @@ Also, a list:
|
|
|
1110
1114
|
@specs.find_all { |s| dep.matches_spec? s }
|
|
1111
1115
|
end
|
|
1112
1116
|
|
|
1117
|
+
def load_spec name, ver, platform, source
|
|
1118
|
+
dep = Gem::Dependency.new name, ver
|
|
1119
|
+
spec = find_spec dep
|
|
1120
|
+
|
|
1121
|
+
Gem::Specification.new spec.name, spec.version do |s|
|
|
1122
|
+
s.platform = spec.platform
|
|
1123
|
+
end
|
|
1124
|
+
end
|
|
1125
|
+
|
|
1113
1126
|
def prefetch(reqs)
|
|
1114
1127
|
end
|
|
1115
1128
|
end
|
data/lib/rubygems/version.rb
CHANGED
|
@@ -147,7 +147,7 @@ class Gem::Version
|
|
|
147
147
|
|
|
148
148
|
# FIX: These are only used once, in .correct?. Do they deserve to be
|
|
149
149
|
# constants?
|
|
150
|
-
VERSION_PATTERN = '[0-9]+(
|
|
150
|
+
VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?' # :nodoc:
|
|
151
151
|
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc:
|
|
152
152
|
|
|
153
153
|
##
|
|
@@ -66,6 +66,27 @@ class TestGemDependencyResolver < Gem::TestCase
|
|
|
66
66
|
assert_set [a2], res.resolve
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
def test_picks_best_platform
|
|
70
|
+
is = Gem::DependencyResolver::IndexSpecification
|
|
71
|
+
a2_p = quick_spec 'a' do |s| s.platform = Gem::Platform.local end
|
|
72
|
+
version = Gem::Version.new 2
|
|
73
|
+
source = Gem::Source.new @gem_repo
|
|
74
|
+
|
|
75
|
+
s = set
|
|
76
|
+
|
|
77
|
+
a2 = is.new s, 'a', version, source, Gem::Platform::RUBY
|
|
78
|
+
a2_p = is.new s, 'a', version, source, Gem::Platform.local.to_s
|
|
79
|
+
|
|
80
|
+
s.add a2_p
|
|
81
|
+
s.add a2
|
|
82
|
+
|
|
83
|
+
ad = make_dep "a"
|
|
84
|
+
|
|
85
|
+
res = Gem::DependencyResolver.new([ad], s)
|
|
86
|
+
|
|
87
|
+
assert_set [a2_p], res.resolve
|
|
88
|
+
end
|
|
89
|
+
|
|
69
90
|
def test_only_returns_spec_once
|
|
70
91
|
a1 = util_spec "a", "1", "c" => "= 1"
|
|
71
92
|
b1 = util_spec "b", "1", "c" => "= 1"
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'rubygems/test_case'
|
|
2
|
+
require 'rubygems/dependency_resolver'
|
|
3
|
+
|
|
4
|
+
class TestGemDependencyResolverAPISpecification < Gem::TestCase
|
|
5
|
+
|
|
6
|
+
def test_initialize
|
|
7
|
+
set = Gem::DependencyResolver::APISet.new
|
|
8
|
+
data = {
|
|
9
|
+
:name => 'rails',
|
|
10
|
+
:number => '3.0.3',
|
|
11
|
+
:platform => 'ruby',
|
|
12
|
+
:dependencies => [
|
|
13
|
+
['bundler', '~> 1.0'],
|
|
14
|
+
['railties', '= 3.0.3'],
|
|
15
|
+
],
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
spec = Gem::DependencyResolver::APISpecification.new set, data
|
|
19
|
+
|
|
20
|
+
assert_equal 'rails', spec.name
|
|
21
|
+
assert_equal Gem::Version.new('3.0.3'), spec.version
|
|
22
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
|
23
|
+
|
|
24
|
+
expected = [
|
|
25
|
+
Gem::Dependency.new('bundler', '~> 1.0'),
|
|
26
|
+
Gem::Dependency.new('railties', '= 3.0.3'),
|
|
27
|
+
]
|
|
28
|
+
|
|
29
|
+
assert_equal expected, spec.dependencies
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
end
|
|
33
|
+
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
require 'rubygems/test_case'
|
|
2
|
+
require 'rubygems/dependency_resolver'
|
|
3
|
+
|
|
4
|
+
class TestGemDependencyResolverIndexSet < Gem::TestCase
|
|
5
|
+
|
|
6
|
+
def test_load_spec
|
|
7
|
+
@fetcher = Gem::FakeFetcher.new
|
|
8
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
|
9
|
+
|
|
10
|
+
a_2 = quick_spec 'a', 2
|
|
11
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
|
12
|
+
|
|
13
|
+
Gem::Specification.add_specs a_2, a_2_p
|
|
14
|
+
|
|
15
|
+
util_setup_spec_fetcher a_2, a_2_p
|
|
16
|
+
|
|
17
|
+
source = Gem::Source.new @gem_repo
|
|
18
|
+
version = v 2
|
|
19
|
+
|
|
20
|
+
set = Gem::DependencyResolver::IndexSet.new
|
|
21
|
+
|
|
22
|
+
spec = set.load_spec 'a', version, Gem::Platform.local, source
|
|
23
|
+
|
|
24
|
+
assert_equal a_2_p.full_name, spec.full_name
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def test_load_spec_cached
|
|
28
|
+
@fetcher = Gem::FakeFetcher.new
|
|
29
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
|
30
|
+
|
|
31
|
+
a_2 = quick_spec 'a', 2
|
|
32
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
|
33
|
+
|
|
34
|
+
Gem::Specification.add_specs a_2, a_2_p
|
|
35
|
+
|
|
36
|
+
util_setup_spec_fetcher a_2, a_2_p
|
|
37
|
+
|
|
38
|
+
source = Gem::Source.new @gem_repo
|
|
39
|
+
version = v 2
|
|
40
|
+
|
|
41
|
+
set = Gem::DependencyResolver::IndexSet.new
|
|
42
|
+
|
|
43
|
+
first = set.load_spec 'a', version, Gem::Platform.local, source
|
|
44
|
+
|
|
45
|
+
util_setup_spec_fetcher # clear
|
|
46
|
+
|
|
47
|
+
second = set.load_spec 'a', version, Gem::Platform.local, source
|
|
48
|
+
|
|
49
|
+
assert_same first, second
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
end
|
|
53
|
+
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
require 'rubygems/test_case'
|
|
2
|
+
require 'rubygems/dependency_resolver'
|
|
3
|
+
|
|
4
|
+
class TestGemDependencyResolverIndexSpecification < Gem::TestCase
|
|
5
|
+
|
|
6
|
+
def test_initialize
|
|
7
|
+
set = Gem::DependencyResolver::IndexSet.new
|
|
8
|
+
source = Gem::Source.new @gem_repo
|
|
9
|
+
version = Gem::Version.new '3.0.3'
|
|
10
|
+
|
|
11
|
+
spec = Gem::DependencyResolver::IndexSpecification.new(
|
|
12
|
+
set, 'rails', version, source, Gem::Platform::RUBY)
|
|
13
|
+
|
|
14
|
+
assert_equal 'rails', spec.name
|
|
15
|
+
assert_equal version, spec.version
|
|
16
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
|
17
|
+
|
|
18
|
+
assert_equal source, spec.source
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def test_spec
|
|
22
|
+
@fetcher = Gem::FakeFetcher.new
|
|
23
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
|
24
|
+
|
|
25
|
+
a_2 = quick_spec 'a', 2
|
|
26
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
|
27
|
+
|
|
28
|
+
Gem::Specification.add_specs a_2, a_2_p
|
|
29
|
+
|
|
30
|
+
util_setup_spec_fetcher a_2, a_2_p
|
|
31
|
+
|
|
32
|
+
source = Gem::Source.new @gem_repo
|
|
33
|
+
version = v 2
|
|
34
|
+
|
|
35
|
+
set = Gem::DependencyResolver::IndexSet.new
|
|
36
|
+
i_spec = Gem::DependencyResolver::IndexSpecification.new \
|
|
37
|
+
set, 'a', version, source, Gem::Platform.local
|
|
38
|
+
|
|
39
|
+
spec = i_spec.spec
|
|
40
|
+
|
|
41
|
+
assert_equal a_2_p.full_name, spec.full_name
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
end
|
|
46
|
+
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require 'rubygems/test_case'
|
|
2
|
+
require 'rubygems/dependency_resolver'
|
|
3
|
+
|
|
4
|
+
class TestGemDependencyResolverInstalledSpecification < Gem::TestCase
|
|
5
|
+
|
|
6
|
+
def test_initialize
|
|
7
|
+
set = Gem::DependencyResolver::CurrentSet.new
|
|
8
|
+
|
|
9
|
+
source_spec = quick_spec 'a'
|
|
10
|
+
|
|
11
|
+
spec = Gem::DependencyResolver::InstalledSpecification.new set, source_spec
|
|
12
|
+
|
|
13
|
+
assert_equal 'a', spec.name
|
|
14
|
+
assert_equal Gem::Version.new(2), spec.version
|
|
15
|
+
assert_equal Gem::Platform::RUBY, spec.platform
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
end
|
|
19
|
+
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
require 'rubygems/test_case'
|
|
2
|
+
require 'rubygems/dependency_resolver'
|
|
3
|
+
|
|
4
|
+
class TestGemDependencyResolverInstallerSet < Gem::TestCase
|
|
5
|
+
|
|
6
|
+
def test_load_spec
|
|
7
|
+
@fetcher = Gem::FakeFetcher.new
|
|
8
|
+
Gem::RemoteFetcher.fetcher = @fetcher
|
|
9
|
+
|
|
10
|
+
a_2 = quick_spec 'a', 2
|
|
11
|
+
a_2_p = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
|
|
12
|
+
|
|
13
|
+
Gem::Specification.add_specs a_2, a_2_p
|
|
14
|
+
|
|
15
|
+
util_setup_spec_fetcher a_2, a_2_p
|
|
16
|
+
|
|
17
|
+
source = Gem::Source.new @gem_repo
|
|
18
|
+
version = v 2
|
|
19
|
+
|
|
20
|
+
set = Gem::DependencyResolver::InstallerSet.new :remote
|
|
21
|
+
|
|
22
|
+
spec = set.load_spec 'a', version, Gem::Platform.local, source
|
|
23
|
+
|
|
24
|
+
assert_equal a_2_p.full_name, spec.full_name
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
end
|
|
28
|
+
|
|
@@ -101,7 +101,7 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
|
101
101
|
def test_sign_in_with_host
|
|
102
102
|
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
|
103
103
|
|
|
104
|
-
util_sign_in [api_key, 200, 'OK'], 'http://example.com',
|
|
104
|
+
util_sign_in [api_key, 200, 'OK'], 'http://example.com', ['http://example.com']
|
|
105
105
|
|
|
106
106
|
assert_match "Enter your http://example.com credentials.",
|
|
107
107
|
@sign_in_ui.output
|
|
@@ -112,6 +112,20 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
|
112
112
|
assert_equal api_key, credentials[:rubygems_api_key]
|
|
113
113
|
end
|
|
114
114
|
|
|
115
|
+
def test_sign_in_with_host_nil
|
|
116
|
+
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
|
117
|
+
|
|
118
|
+
util_sign_in [api_key, 200, 'OK'], nil, [nil]
|
|
119
|
+
|
|
120
|
+
assert_match "Enter your RubyGems.org credentials.",
|
|
121
|
+
@sign_in_ui.output
|
|
122
|
+
assert @fetcher.last_request["authorization"]
|
|
123
|
+
assert_match %r{Signed in.}, @sign_in_ui.output
|
|
124
|
+
|
|
125
|
+
credentials = YAML.load_file Gem.configuration.credentials_path
|
|
126
|
+
assert_equal api_key, credentials[:rubygems_api_key]
|
|
127
|
+
end
|
|
128
|
+
|
|
115
129
|
def test_sign_in_with_host_ENV
|
|
116
130
|
api_key = 'a5fdbb6ba150cbb83aad2bb2fede64cf040453903'
|
|
117
131
|
util_sign_in [api_key, 200, 'OK'], 'http://example.com'
|
|
@@ -163,14 +177,14 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
|
163
177
|
assert_match %r{Access Denied.}, @sign_in_ui.output
|
|
164
178
|
end
|
|
165
179
|
|
|
166
|
-
def util_sign_in response, host = nil,
|
|
180
|
+
def util_sign_in response, host = nil, args = []
|
|
167
181
|
skip 'Always uses $stdin on windows' if Gem.win_platform?
|
|
168
182
|
|
|
169
183
|
email = 'you@example.com'
|
|
170
184
|
password = 'secret'
|
|
171
185
|
|
|
172
186
|
if host
|
|
173
|
-
ENV['RUBYGEMS_HOST'] = host
|
|
187
|
+
ENV['RUBYGEMS_HOST'] = host
|
|
174
188
|
else
|
|
175
189
|
host = Gem.host
|
|
176
190
|
end
|
|
@@ -182,8 +196,8 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
|
182
196
|
@sign_in_ui = Gem::MockGemUi.new "#{email}\n#{password}\n"
|
|
183
197
|
|
|
184
198
|
use_ui @sign_in_ui do
|
|
185
|
-
if
|
|
186
|
-
@cmd.sign_in
|
|
199
|
+
if args.length > 0 then
|
|
200
|
+
@cmd.sign_in(*args)
|
|
187
201
|
else
|
|
188
202
|
@cmd.sign_in
|
|
189
203
|
end
|
|
@@ -209,4 +223,3 @@ class TestGemGemcutterUtilities < Gem::TestCase
|
|
|
209
223
|
end
|
|
210
224
|
|
|
211
225
|
end
|
|
212
|
-
|
|
@@ -168,7 +168,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
|
168
168
|
specs, _ = @sf.available_specs(:latest)
|
|
169
169
|
|
|
170
170
|
assert_equal [@source], specs.keys
|
|
171
|
-
assert_equal @latest_specs, specs[@source]
|
|
171
|
+
assert_equal @latest_specs, specs[@source]
|
|
172
172
|
end
|
|
173
173
|
|
|
174
174
|
def test_available_specs_released
|
|
@@ -176,7 +176,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
|
176
176
|
|
|
177
177
|
assert_equal [@source], specs.keys
|
|
178
178
|
|
|
179
|
-
assert_equal @released, specs[@source]
|
|
179
|
+
assert_equal @released, specs[@source]
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
def test_available_specs_complete
|
|
@@ -184,9 +184,9 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
|
184
184
|
|
|
185
185
|
assert_equal [@source], specs.keys
|
|
186
186
|
|
|
187
|
-
|
|
187
|
+
expected = (@prerelease_specs + @released).sort
|
|
188
188
|
|
|
189
|
-
assert_equal
|
|
189
|
+
assert_equal expected, specs[@source]
|
|
190
190
|
end
|
|
191
191
|
|
|
192
192
|
def test_available_specs_complete_handles_no_prerelease
|
|
@@ -197,12 +197,9 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
|
197
197
|
|
|
198
198
|
assert_equal [@source], specs.keys
|
|
199
199
|
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
assert_equal comp.sort, specs[@source].sort
|
|
200
|
+
assert_equal @released, specs[@source]
|
|
203
201
|
end
|
|
204
202
|
|
|
205
|
-
|
|
206
203
|
def test_available_specs_cache
|
|
207
204
|
specs, _ = @sf.available_specs(:latest)
|
|
208
205
|
|
|
@@ -230,7 +227,7 @@ class TestGemSpecFetcher < Gem::TestCase
|
|
|
230
227
|
def test_available_specs_prerelease
|
|
231
228
|
specs, _ = @sf.available_specs(:prerelease)
|
|
232
229
|
|
|
233
|
-
assert_equal @prerelease_specs, specs[@source]
|
|
230
|
+
assert_equal @prerelease_specs, specs[@source]
|
|
234
231
|
end
|
|
235
232
|
|
|
236
233
|
def test_available_specs_with_bad_source
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rubygems-update
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.1.0
|
|
4
|
+
version: 2.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jim Weirich
|
|
@@ -32,7 +32,7 @@ cert_chain:
|
|
|
32
32
|
KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
|
|
33
33
|
wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
|
|
34
34
|
-----END CERTIFICATE-----
|
|
35
|
-
date: 2013-
|
|
35
|
+
date: 2013-09-09 00:00:00.000000000 Z
|
|
36
36
|
dependencies:
|
|
37
37
|
- !ruby/object:Gem::Dependency
|
|
38
38
|
name: minitest
|
|
@@ -163,6 +163,7 @@ executables:
|
|
|
163
163
|
- update_rubygems
|
|
164
164
|
extensions: []
|
|
165
165
|
extra_rdoc_files:
|
|
166
|
+
- CVE-2013-4287.txt
|
|
166
167
|
- History.txt
|
|
167
168
|
- LICENSE.txt
|
|
168
169
|
- MIT.txt
|
|
@@ -173,6 +174,7 @@ extra_rdoc_files:
|
|
|
173
174
|
files:
|
|
174
175
|
- .autotest
|
|
175
176
|
- .document
|
|
177
|
+
- CVE-2013-4287.txt
|
|
176
178
|
- History.txt
|
|
177
179
|
- LICENSE.txt
|
|
178
180
|
- MIT.txt
|
|
@@ -403,7 +405,12 @@ files:
|
|
|
403
405
|
- test/rubygems/test_gem_dependency_installer.rb
|
|
404
406
|
- test/rubygems/test_gem_dependency_list.rb
|
|
405
407
|
- test/rubygems/test_gem_dependency_resolver.rb
|
|
408
|
+
- test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
|
406
409
|
- test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
|
410
|
+
- test/rubygems/test_gem_dependency_resolver_index_set.rb
|
|
411
|
+
- test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
|
412
|
+
- test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
|
413
|
+
- test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
|
407
414
|
- test/rubygems/test_gem_doctor.rb
|
|
408
415
|
- test/rubygems/test_gem_ext_builder.rb
|
|
409
416
|
- test/rubygems/test_gem_ext_cmake_builder.rb
|
|
@@ -485,7 +492,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
485
492
|
version: '0'
|
|
486
493
|
requirements: []
|
|
487
494
|
rubyforge_project: rubygems-update
|
|
488
|
-
rubygems_version: 2.0
|
|
495
|
+
rubygems_version: 2.1.0
|
|
489
496
|
signing_key:
|
|
490
497
|
specification_version: 4
|
|
491
498
|
summary: RubyGems is a package management framework for Ruby
|
|
@@ -531,7 +538,12 @@ test_files:
|
|
|
531
538
|
- test/rubygems/test_gem_dependency_installer.rb
|
|
532
539
|
- test/rubygems/test_gem_dependency_list.rb
|
|
533
540
|
- test/rubygems/test_gem_dependency_resolver.rb
|
|
541
|
+
- test/rubygems/test_gem_dependency_resolver_api_specification.rb
|
|
534
542
|
- test/rubygems/test_gem_dependency_resolver_dependency_conflict.rb
|
|
543
|
+
- test/rubygems/test_gem_dependency_resolver_index_set.rb
|
|
544
|
+
- test/rubygems/test_gem_dependency_resolver_index_specification.rb
|
|
545
|
+
- test/rubygems/test_gem_dependency_resolver_installed_specification.rb
|
|
546
|
+
- test/rubygems/test_gem_dependency_resolver_installer_set.rb
|
|
535
547
|
- test/rubygems/test_gem_doctor.rb
|
|
536
548
|
- test/rubygems/test_gem_ext_builder.rb
|
|
537
549
|
- test/rubygems/test_gem_ext_cmake_builder.rb
|
metadata.gz.sig
CHANGED
|
Binary file
|