rubygems-update 2.1.0 → 2.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55bcc2565aada10c6c7710d6e7838ea85f6c1f94
-  data.tar.gz: c20b2a65ba400f0f6d870f0337d48982d61e25cf
+  metadata.gz: 73a527f730a84236ed8285db2158a9d417cf8470
+  data.tar.gz: 0934b7ef36edb25fcbf7221f514a52ffd6da8ce4
 SHA512:
-  metadata.gz: d3d07022f951f289b684e8591b2f5d3aa5f0db7246f04169424f5641f559ce1dad1d78ed6e83c0e29871c71284609ebefda43a9f98ba5bb43b8711af0446ff88
-  data.tar.gz: d1a3cb1b550833963887bd2701a6daabf9f8c7d0b5bedd5dc14146fe00f6e4829ab087d90b1ddef33cdf8d6ab67e4ea3f76489f75bcd3973c1c56e9fbfe8219f
+  metadata.gz: f402bb9f16d92df351fa90f007d5342fd66d3005af8fd2649e58425f7ed78276ec09961e155a7228885b934bbf08755ba37ef99531a18d315afc0222aeda0318
+  data.tar.gz: ab7e72b833638746273219032aa3f088f0d6c203faf8448a5613a5ec6b5ccb7954e8bb6b5854fb2b3c4f9f1bc49bfc46480453a6d3033434be77936b3cde3757

data/CVE-2013-4287.txt

@@ -1,9 +1,8 @@
 = Algorithmic complexity vulnerability in RubyGems 2.0.7 and older
 
 RubyGems validates versions with a regular expression that is vulnerable to
-denial of service due to a backtracking regular expression.  For specially
-crafted RubyGems versions attackers can cause denial of service through CPU
-consumption.
+denial of service due to backtracking.  For specially crafted RubyGems
+versions attackers can cause denial of service through CPU consumption.
 
 RubyGems versions 2.0.7 and older, 2.1.0.rc.1 and 2.1.0.rc.2 are vulnerable.
 

data/History.txt

@@ -1,5 +1,12 @@
 # coding: UTF-8
 
+=== 2.1.1 / 2013-09-10
+
+Bug fixes:
+
+* Only matching gems matching your local platform are considered for
+  installation.  Issue #638 by José M. Prieto, issue #639 by sawanoboly.
+
 === 2.1.0 / 2013-09-09
 
 Security fixes:

data/Rakefile

@@ -106,7 +106,7 @@ task :test => :clean_env
 
 task :prerelease => [:clobber, :check_manifest, :test]
 
-task :postrelease => [:publish_docs, :upload]
+task :postrelease => %w[upload publish_docs]
 
 pkg_dir_path = "pkg/rubygems-update-#{hoe.version}"
 task :package do
@@ -117,14 +117,6 @@ task :package do
   end
 end
 
-desc "Upload release to rubyforge"
-task :upload_to_rubyforge do
-  v = hoe.version
-  sh "rubyforge add_release rubygems rubygems #{v} pkg/rubygems-update-#{v}.gem"
-  sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.zip"
-  sh "rubyforge add_file rubygems rubygems #{v} pkg/rubygems-#{v}.tgz"
-end
-
 desc "Upload release to gemcutter S3"
 task :upload_to_gemcutter do
   v = hoe.version
@@ -132,7 +124,7 @@ task :upload_to_gemcutter do
 end
 
 desc "Upload release to rubyforge and gemcutter"
-task :upload => [:upload_to_rubyforge, :upload_to_gemcutter]
+task :upload => %w[upload_to_gemcutter]
 
 # Misc Tasks ---------------------------------------------------------
 

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = '2.1.0'
+  VERSION = '2.1.1'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/dependency_resolver.rb

@@ -131,8 +131,9 @@ class Gem::DependencyResolver
         return conflict
       end
 
-      # Get a list of all specs that satisfy dep
+      # Get a list of all specs that satisfy dep and platform
       possible = @set.find_all dep
+      possible = select_local_platforms possible
 
       case possible.size
       when 0
@@ -228,6 +229,15 @@ class Gem::DependencyResolver
     specs
   end
 
+  ##
+  # Returns the gems in +specs+ that match the local platform.
+
+  def select_local_platforms specs # :nodoc:
+    specs.select do |spec|
+      Gem::Platform.match spec.platform
+    end
+  end
+
 end
 
 require 'rubygems/dependency_resolver/api_set'

data/lib/rubygems/dependency_resolver/index_specification.rb

@@ -43,7 +43,7 @@ class Gem::DependencyResolver::IndexSpecification
 
       unless Gem::Platform::RUBY == @platform then
         q.breakable
-        q.text @platform
+        q.text @platform.to_s
       end
 
       q.breakable

data/test/rubygems/test_gem_dependency_resolver.rb

@@ -68,23 +68,28 @@ class TestGemDependencyResolver < Gem::TestCase
 
   def test_picks_best_platform
     is = Gem::DependencyResolver::IndexSpecification
-    a2_p = quick_spec 'a' do |s| s.platform = Gem::Platform.local end
-    version = Gem::Version.new 2
+    unknown = Gem::Platform.new 'unknown'
+    a2_p1 = quick_spec 'a', 2 do |s| s.platform = Gem::Platform.local end
+    a3_p2 = quick_spec 'a', 3 do |s| s.platform = unknown end
+    v2 = v(2)
+    v3 = v(3)
     source = Gem::Source.new @gem_repo
 
     s = set
 
-    a2   = is.new s, 'a', version, source, Gem::Platform::RUBY
-    a2_p = is.new s, 'a', version, source, Gem::Platform.local.to_s
+    a2    = is.new s, 'a', v2, source, Gem::Platform::RUBY
+    a2_p1 = is.new s, 'a', v2, source, Gem::Platform.local.to_s
+    a3_p2 = is.new s, 'a', v3, source, unknown
 
-    s.add a2_p
+    s.add a3_p2
+    s.add a2_p1
     s.add a2
 
     ad = make_dep "a"
 
     res = Gem::DependencyResolver.new([ad], s)
 
-    assert_set [a2_p], res.resolve
+    assert_set [a2_p1], res.resolve
   end
 
   def test_only_returns_spec_once
@@ -348,4 +353,18 @@ class TestGemDependencyResolver < Gem::TestCase
 
     assert_set [b1, c1, d2], r.resolve
   end
+
+  def test_select_local_platforms
+    r = Gem::DependencyResolver.new nil, nil
+
+    a1    = quick_spec 'a', 1
+    a1_p1 = quick_spec 'a', 1 do |s| s.platform = Gem::Platform.local end
+    a1_p2 = quick_spec 'a', 1 do |s| s.platform = 'unknown'           end
+
+    selected = r.select_local_platforms [a1, a1_p1, a1_p2]
+
+    assert_equal [a1, a1_p1], selected
+  end
+
 end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Jim Weirich
@@ -32,7 +32,7 @@ cert_chain:
   KDyY1VIazVgoC8XvR4h/95/iScPiuglzA+DBG1hip1xScAtw05BrXyUNrc9CEMYU
   wgF94UVoHRp6ywo8I7NP3HcwFQDFNEZPNGXsng==
   -----END CERTIFICATE-----
-date: 2013-09-09 00:00:00.000000000 Z
+date: 2013-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: minitest