rubygems-update 2.2.3 → 2.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e345a424064e1792f6659e8745834b74684a267f
-  data.tar.gz: 354540bea071668966dfc048028d2d923e564e27
+  metadata.gz: e98b04b25f22f349df28ad4154da407e710580d9
+  data.tar.gz: dbe2d28493e2a1b911a6fabd6c52a09a1b01d776
 SHA512:
-  metadata.gz: 36159ab50d042e6151eee80131c25025e7c49e616e3284f57a4e3c7817443d6f8a69930c9b00896349b6692ae34d3a6c3860ffe4d8a7a991f06ab8b944db8f10
-  data.tar.gz: 945ddbd66f94340e93205cd834c65b1364f0a125fda45cda1bdd203cc0354b99fd2165479620c54343ce8694b147c2a41db6ad28b2d0673059f773fa699b112b
+  metadata.gz: 748b24e51af2ef2603fc2d965da192dde7b14f689e88041a648d7349985a8edb80304d3ad00046523579f3af1942ea5a50711382a5eb400a644f5ec41fa2ef3d
+  data.tar.gz: 3e0569007b0adafb4c81221b7d09c77c40435c1581cdcd7d201285cb6492460f1f31da0c494865f2269c0cdbc63b676ffe05b63fe1cf7026015c6e56f1a22152

data/History.txt

@@ -1,5 +1,12 @@
 # coding: UTF-8
 
+=== 2.2.4 / 2015-05-14
+
+Bug fixes:
+
+* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
+  Fix by claudijd
+
 === 2.2.3 / 2014-12-21
 
 Bug fixes:

data/lib/rubygems.rb

@@ -8,7 +8,7 @@
 require 'rbconfig'
 
 module Gem
-  VERSION = '2.2.3'
+  VERSION = '2.2.4'
 end
 
 # Must be first since it unloads the prelude from 1.9.2

data/lib/rubygems/remote_fetcher.rb

@@ -90,7 +90,13 @@ class Gem::RemoteFetcher
     rescue Resolv::ResolvError
       uri
     else
-      URI.parse "#{uri.scheme}://#{res.target}#{uri.path}"
+      target = res.target.to_s.strip
+
+      if /#{host}\z/ =~ target
+        return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+      end
+
+      uri
     end
   end
 

data/test/rubygems/test_gem_remote_fetcher.rb

@@ -163,6 +163,21 @@ gems:
   end
 
   def test_api_endpoint
+    uri = URI.parse "http://example.com/foo"
+    target = MiniTest::Mock.new
+    target.expect :target, "gems.example.com"
+
+    dns = MiniTest::Mock.new
+    dns.expect :getresource, target, [String, Object]
+
+    fetch = Gem::RemoteFetcher.new nil, dns
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
+
+    target.verify
+    dns.verify
+  end
+
+  def test_api_endpoint_ignores_trans_domain_values
     uri = URI.parse "http://gems.example.com/foo"
     target = MiniTest::Mock.new
     target.expect :target, "blah.com"
@@ -171,7 +186,7 @@ gems:
     dns.expect :getresource, target, [String, Object]
 
     fetch = Gem::RemoteFetcher.new nil, dns
-    assert_equal URI.parse("http://blah.com/foo"), fetch.api_endpoint(uri)
+    assert_equal URI.parse("http://gems.example.com/foo"), fetch.api_endpoint(uri)
 
     target.verify
     dns.verify

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubygems-update
 version: !ruby/object:Gem::Version
-  version: 2.2.3
+  version: 2.2.4
 platform: ruby
 authors:
 - Jim Weirich
@@ -10,104 +10,104 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-21 00:00:00.000000000 Z
+date: 2015-05-14 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '5.4'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.0'
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '2.1'
 - !ruby/object:Gem::Dependency
   name: hoe-seattlerb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: ZenTest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '4.5'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.9.3
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '3.13'
 description: |-
@@ -151,9 +151,9 @@ extra_rdoc_files:
 - UPGRADING.rdoc
 - hide_lib_for_update/note.txt
 files:
-- ".autotest"
-- ".document"
-- ".gemtest"
+- .autotest
+- .document
+- .gemtest
 - CVE-2013-4287.txt
 - CVE-2013-4363.txt
 - History.txt
@@ -501,146 +501,25 @@ licenses:
 metadata: {}
 post_install_message: 
 rdoc_options:
-- "--main"
+- --main
 - README.rdoc
-- "--title=RubyGems Update Documentation"
+- --title=RubyGems Update Documentation
 require_paths:
 - hide_lib_for_update
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.2
 signing_key: 
 specification_version: 4
 summary: RubyGems is a package management framework for Ruby
-test_files:
-- test/rubygems/test_bundled_ca.rb
-- test/rubygems/test_config.rb
-- test/rubygems/test_deprecate.rb
-- test/rubygems/test_gem.rb
-- test/rubygems/test_gem_available_set.rb
-- test/rubygems/test_gem_command.rb
-- test/rubygems/test_gem_command_manager.rb
-- test/rubygems/test_gem_commands_build_command.rb
-- test/rubygems/test_gem_commands_cert_command.rb
-- test/rubygems/test_gem_commands_check_command.rb
-- test/rubygems/test_gem_commands_cleanup_command.rb
-- test/rubygems/test_gem_commands_contents_command.rb
-- test/rubygems/test_gem_commands_dependency_command.rb
-- test/rubygems/test_gem_commands_environment_command.rb
-- test/rubygems/test_gem_commands_fetch_command.rb
-- test/rubygems/test_gem_commands_generate_index_command.rb
-- test/rubygems/test_gem_commands_help_command.rb
-- test/rubygems/test_gem_commands_install_command.rb
-- test/rubygems/test_gem_commands_list_command.rb
-- test/rubygems/test_gem_commands_lock_command.rb
-- test/rubygems/test_gem_commands_mirror.rb
-- test/rubygems/test_gem_commands_outdated_command.rb
-- test/rubygems/test_gem_commands_owner_command.rb
-- test/rubygems/test_gem_commands_pristine_command.rb
-- test/rubygems/test_gem_commands_push_command.rb
-- test/rubygems/test_gem_commands_query_command.rb
-- test/rubygems/test_gem_commands_search_command.rb
-- test/rubygems/test_gem_commands_server_command.rb
-- test/rubygems/test_gem_commands_setup_command.rb
-- test/rubygems/test_gem_commands_sources_command.rb
-- test/rubygems/test_gem_commands_specification_command.rb
-- test/rubygems/test_gem_commands_stale_command.rb
-- test/rubygems/test_gem_commands_uninstall_command.rb
-- test/rubygems/test_gem_commands_unpack_command.rb
-- test/rubygems/test_gem_commands_update_command.rb
-- test/rubygems/test_gem_commands_which_command.rb
-- test/rubygems/test_gem_commands_yank_command.rb
-- test/rubygems/test_gem_config_file.rb
-- test/rubygems/test_gem_dependency.rb
-- test/rubygems/test_gem_dependency_installer.rb
-- test/rubygems/test_gem_dependency_list.rb
-- test/rubygems/test_gem_dependency_resolution_error.rb
-- test/rubygems/test_gem_doctor.rb
-- test/rubygems/test_gem_ext_builder.rb
-- test/rubygems/test_gem_ext_cmake_builder.rb
-- test/rubygems/test_gem_ext_configure_builder.rb
-- test/rubygems/test_gem_ext_ext_conf_builder.rb
-- test/rubygems/test_gem_ext_rake_builder.rb
-- test/rubygems/test_gem_gem_runner.rb
-- test/rubygems/test_gem_gemcutter_utilities.rb
-- test/rubygems/test_gem_impossible_dependencies_error.rb
-- test/rubygems/test_gem_indexer.rb
-- test/rubygems/test_gem_install_update_options.rb
-- test/rubygems/test_gem_installer.rb
-- test/rubygems/test_gem_local_remote_options.rb
-- test/rubygems/test_gem_name_tuple.rb
-- test/rubygems/test_gem_package.rb
-- test/rubygems/test_gem_package_old.rb
-- test/rubygems/test_gem_package_tar_header.rb
-- test/rubygems/test_gem_package_tar_reader.rb
-- test/rubygems/test_gem_package_tar_reader_entry.rb
-- test/rubygems/test_gem_package_tar_writer.rb
-- test/rubygems/test_gem_package_task.rb
-- test/rubygems/test_gem_path_support.rb
-- test/rubygems/test_gem_platform.rb
-- test/rubygems/test_gem_rdoc.rb
-- test/rubygems/test_gem_remote_fetcher.rb
-- test/rubygems/test_gem_request.rb
-- test/rubygems/test_gem_request_set.rb
-- test/rubygems/test_gem_request_set_gem_dependency_api.rb
-- test/rubygems/test_gem_request_set_lockfile.rb
-- test/rubygems/test_gem_requirement.rb
-- test/rubygems/test_gem_resolver.rb
-- test/rubygems/test_gem_resolver_activation_request.rb
-- test/rubygems/test_gem_resolver_api_set.rb
-- test/rubygems/test_gem_resolver_api_specification.rb
-- test/rubygems/test_gem_resolver_best_set.rb
-- test/rubygems/test_gem_resolver_composed_set.rb
-- test/rubygems/test_gem_resolver_conflict.rb
-- test/rubygems/test_gem_resolver_dependency_request.rb
-- test/rubygems/test_gem_resolver_git_set.rb
-- test/rubygems/test_gem_resolver_git_specification.rb
-- test/rubygems/test_gem_resolver_index_set.rb
-- test/rubygems/test_gem_resolver_index_specification.rb
-- test/rubygems/test_gem_resolver_installed_specification.rb
-- test/rubygems/test_gem_resolver_installer_set.rb
-- test/rubygems/test_gem_resolver_local_specification.rb
-- test/rubygems/test_gem_resolver_lock_set.rb
-- test/rubygems/test_gem_resolver_lock_specification.rb
-- test/rubygems/test_gem_resolver_requirement_list.rb
-- test/rubygems/test_gem_resolver_specification.rb
-- test/rubygems/test_gem_resolver_vendor_set.rb
-- test/rubygems/test_gem_resolver_vendor_specification.rb
-- test/rubygems/test_gem_security.rb
-- test/rubygems/test_gem_security_policy.rb
-- test/rubygems/test_gem_security_signer.rb
-- test/rubygems/test_gem_security_trust_dir.rb
-- test/rubygems/test_gem_server.rb
-- test/rubygems/test_gem_silent_ui.rb
-- test/rubygems/test_gem_source.rb
-- test/rubygems/test_gem_source_fetch_problem.rb
-- test/rubygems/test_gem_source_git.rb
-- test/rubygems/test_gem_source_installed.rb
-- test/rubygems/test_gem_source_list.rb
-- test/rubygems/test_gem_source_local.rb
-- test/rubygems/test_gem_source_lock.rb
-- test/rubygems/test_gem_source_specific_file.rb
-- test/rubygems/test_gem_source_vendor.rb
-- test/rubygems/test_gem_spec_fetcher.rb
-- test/rubygems/test_gem_specification.rb
-- test/rubygems/test_gem_stream_ui.rb
-- test/rubygems/test_gem_stub_specification.rb
-- test/rubygems/test_gem_text.rb
-- test/rubygems/test_gem_uninstaller.rb
-- test/rubygems/test_gem_uri_formatter.rb
-- test/rubygems/test_gem_util.rb
-- test/rubygems/test_gem_validator.rb
-- test/rubygems/test_gem_version.rb
-- test/rubygems/test_gem_version_option.rb
-- test/rubygems/test_kernel.rb
-- test/rubygems/test_require.rb
+test_files: []