rubygems-update 3.6.1 → 3.6.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15a753eb9565973c8c26c2ec2c51f01d59d3dcc6c052ec3d1e6e1d0652048c5e
4
- data.tar.gz: e12b9ee68d9eff9c9f1924dcaf707754f01ee77e488af13b8a97b80111d97c55
3
+ metadata.gz: c7fc38a36a930a52e9fb812ac5bc206c9f58540bff63db2bee276d514d08ce5f
4
+ data.tar.gz: 8056fefbaf65da55c57da58c72c9f7bb6e59e5813e9963c3cbcb8239c7387206
5
5
  SHA512:
6
- metadata.gz: 1d53ef84edb5ea754ece9390c544b81446fe69153310dbaa489bc4334ebe26a2867384bee7cb366b8bdee302f6087901ed796eeff99644da31138b5e6a4e97d7
7
- data.tar.gz: 9013c49f596fb5f6dea1e8a5ed0b330f6b84c0b8136ba034522b70df974a73ba9c2492e5e51c1f92edde0c2027394ef54dba5771ac698ae8618b06f110af1f54
6
+ metadata.gz: 3c929cdfcbf4282ac045f1906f57d4d289de04834ce74eaec64664148aa2c2ef1813c9ce225432d88e31989c1d1e1d0456a4485babc9608dd2446b44c97eb837
7
+ data.tar.gz: 6945a43c3cda7831f926755d25ae0711a5cbe709b7de819f41b30ce6db3f4dca667106bb7b627a02146a2460d62359b5ba7d876e31e9213fad5440b3dcebb2fd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,27 @@
1
+ # 3.6.2 / 2024-12-23
2
+
3
+ ## Security:
4
+
5
+ * Fix Gem::SafeMarshal buffer overrun when given lengths larger than fit
6
+ into a byte. Pull request
7
+ [#8305](https://github.com/rubygems/rubygems/pull/8305) by segiddins
8
+ * Improve type checking in marshal_load methods. Pull request
9
+ [#8306](https://github.com/rubygems/rubygems/pull/8306) by segiddins
10
+
11
+ ## Enhancements:
12
+
13
+ * Skip rdoc hooks and their tests on newer rdoc versions. Pull request
14
+ [#8340](https://github.com/rubygems/rubygems/pull/8340) by
15
+ deivid-rodriguez
16
+ * Installs bundler 2.6.2 as a default gem.
17
+
18
+ ## Bug fixes:
19
+
20
+ * Fix serialized metadata including an empty `@original_platform`
21
+ attribute. Pull request
22
+ [#8355](https://github.com/rubygems/rubygems/pull/8355) by
23
+ deivid-rodriguez
24
+
1
25
  # 3.6.1 / 2024-12-17
2
26
 
3
27
  ## Enhancements:
data/bundler/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ # 2.6.2 (December 23, 2024)
2
+
3
+ ## Bug fixes:
4
+
5
+ - Restart using `Process.argv0` only if `$PROGRAM_NAME` is not a script [#8343](https://github.com/rubygems/rubygems/pull/8343)
6
+
7
+ ## Documentation:
8
+
9
+ - Fix typo in `bundle lock` man page synopsis (`--add-checkums` → `--add-checksums`) [#8350](https://github.com/rubygems/rubygems/pull/8350)
10
+
1
11
  # 2.6.1 (December 17, 2024)
2
12
 
3
13
  ## Bug fixes:
@@ -4,8 +4,8 @@ module Bundler
4
4
  # Represents metadata from when the Bundler gem was built.
5
5
  module BuildMetadata
6
6
  # begin ivars
7
- @built_at = "2024-12-17".freeze
8
- @git_commit_sha = "00a344e02c8".freeze
7
+ @built_at = "2024-12-23".freeze
8
+ @git_commit_sha = "90ebd47c740".freeze
9
9
  @release = true
10
10
  # end ivars
11
11
 
@@ -4,7 +4,7 @@
4
4
  .SH "NAME"
5
5
  \fBbundle\-lock\fR \- Creates / Updates a lockfile without installing
6
6
  .SH "SYNOPSIS"
7
- \fBbundle lock\fR [\-\-update] [\-\-bundler[=BUNDLER]] [\-\-local] [\-\-print] [\-\-lockfile=PATH] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-add\-checkums] [\-\-add\-platform] [\-\-remove\-platform] [\-\-normalize\-platforms] [\-\-patch] [\-\-minor] [\-\-major] [\-\-pre] [\-\-strict] [\-\-conservative]
7
+ \fBbundle lock\fR [\-\-update] [\-\-bundler[=BUNDLER]] [\-\-local] [\-\-print] [\-\-lockfile=PATH] [\-\-full\-index] [\-\-gemfile=GEMFILE] [\-\-add\-checksums] [\-\-add\-platform] [\-\-remove\-platform] [\-\-normalize\-platforms] [\-\-patch] [\-\-minor] [\-\-major] [\-\-pre] [\-\-strict] [\-\-conservative]
8
8
  .SH "DESCRIPTION"
9
9
  Lock the gems specified in Gemfile\.
10
10
  .SH "OPTIONS"
@@ -10,7 +10,7 @@ bundle-lock(1) -- Creates / Updates a lockfile without installing
10
10
  [--lockfile=PATH]
11
11
  [--full-index]
12
12
  [--gemfile=GEMFILE]
13
- [--add-checkums]
13
+ [--add-checksums]
14
14
  [--add-platform]
15
15
  [--remove-platform]
16
16
  [--normalize-platforms]
@@ -84,8 +84,9 @@ module Bundler
84
84
  require "shellwords"
85
85
  cmd = [*Shellwords.shellsplit(bundler_spec_original_cmd), *ARGV]
86
86
  else
87
- cmd = [Process.argv0, *ARGV]
88
- cmd.unshift(Gem.ruby) unless File.executable?(Process.argv0)
87
+ argv0 = File.exist?($PROGRAM_NAME) ? $PROGRAM_NAME : Process.argv0
88
+ cmd = [argv0, *ARGV]
89
+ cmd.unshift(Gem.ruby) unless File.executable?(argv0)
89
90
  end
90
91
 
91
92
  Bundler.with_original_env do
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: false
2
2
 
3
3
  module Bundler
4
- VERSION = "2.6.1".freeze
4
+ VERSION = "2.6.2".freeze
5
5
 
6
6
  def self.bundler_major_version
7
7
  @bundler_major_version ||= VERSION.split(".").first.to_i
data/lib/rubygems/rdoc.rb CHANGED
@@ -6,8 +6,17 @@ begin
6
6
  require "rdoc/rubygems_hook"
7
7
  module Gem
8
8
  RDoc = ::RDoc::RubygemsHook
9
+
10
+ ##
11
+ # Returns whether RDoc defines its own install hooks through a RubyGems
12
+ # plugin. This and whatever is guarded by it can be removed once no
13
+ # supported Ruby ships with RDoc older than 6.9.0.
14
+
15
+ def self.rdoc_hooks_defined_via_plugin?
16
+ Gem::Version.new(::RDoc::VERSION) >= Gem::Version.new("6.9.0")
17
+ end
9
18
  end
10
19
 
11
- Gem.done_installing(&Gem::RDoc.method(:generation_hook))
20
+ Gem.done_installing(&Gem::RDoc.method(:generation_hook)) unless Gem.rdoc_hooks_defined_via_plugin?
12
21
  rescue LoadError
13
22
  end
@@ -22,7 +22,7 @@ class Gem::Requirement
22
22
 
23
23
  SOURCE_SET_REQUIREMENT = Struct.new(:for_lockfile).new "!" # :nodoc:
24
24
 
25
- quoted = OPS.keys.map {|k| Regexp.quote k }.join "|"
25
+ quoted = Regexp.union(OPS.keys)
26
26
  PATTERN_RAW = "\\s*(#{quoted})?\\s*(#{Gem::Version::VERSION_PATTERN})\\s*".freeze # :nodoc:
27
27
 
28
28
  ##
@@ -201,7 +201,8 @@ class Gem::Requirement
201
201
  def marshal_load(array) # :nodoc:
202
202
  @requirements = array[0]
203
203
 
204
- raise TypeError, "wrong @requirements" unless Array === @requirements
204
+ raise TypeError, "wrong @requirements" unless Array === @requirements &&
205
+ @requirements.all? {|r| r.size == 2 && (r.first.is_a?(String) || r[0] = "=") && r.last.is_a?(Gem::Version) }
205
206
  end
206
207
 
207
208
  def yaml_initialize(tag, vals) # :nodoc:
@@ -238,7 +239,7 @@ class Gem::Requirement
238
239
  def satisfied_by?(version)
239
240
  raise ArgumentError, "Need a Gem::Version: #{version.inspect}" unless
240
241
  Gem::Version === version
241
- requirements.all? {|op, rv| OPS[op].call version, rv }
242
+ requirements.all? {|op, rv| OPS.fetch(op).call version, rv }
242
243
  end
243
244
 
244
245
  alias_method :===, :satisfied_by?
@@ -20,6 +20,12 @@ module Gem
20
20
  class EOFError < Error
21
21
  end
22
22
 
23
+ class DataTooShortError < Error
24
+ end
25
+
26
+ class NegativeLengthError < Error
27
+ end
28
+
23
29
  def initialize(io)
24
30
  @io = io
25
31
  end
@@ -27,7 +33,7 @@ module Gem
27
33
  def read!
28
34
  read_header
29
35
  root = read_element
30
- raise UnconsumedBytesError unless @io.eof?
36
+ raise UnconsumedBytesError, "expected EOF, got #{@io.read(10).inspect}... after top-level element #{root.class}" unless @io.eof?
31
37
  root
32
38
  end
33
39
 
@@ -41,8 +47,16 @@ module Gem
41
47
  raise UnsupportedVersionError, "Unsupported marshal version #{v.bytes.map(&:ord).join(".")}, expected #{Marshal::MAJOR_VERSION}.#{Marshal::MINOR_VERSION}" unless v == MARSHAL_VERSION
42
48
  end
43
49
 
50
+ def read_bytes(n)
51
+ raise NegativeLengthError if n < 0
52
+ str = @io.read(n)
53
+ raise EOFError, "expected #{n} bytes, got EOF" if str.nil?
54
+ raise DataTooShortError, "expected #{n} bytes, got #{str.inspect}" unless str.bytesize == n
55
+ str
56
+ end
57
+
44
58
  def read_byte
45
- @io.getbyte
59
+ @io.getbyte || raise(EOFError, "Unexpected EOF")
46
60
  end
47
61
 
48
62
  def read_integer
@@ -67,8 +81,6 @@ module Gem
67
81
  read_byte | (read_byte << 8) | -0x10000
68
82
  when 0xFF
69
83
  read_byte | -0x100
70
- when nil
71
- raise EOFError, "Unexpected EOF"
72
84
  else
73
85
  signed = (b ^ 128) - 128
74
86
  if b >= 128
@@ -107,8 +119,6 @@ module Gem
107
119
  when 47 then read_regexp # ?/
108
120
  when 83 then read_struct # ?S
109
121
  when 67 then read_user_class # ?C
110
- when nil
111
- raise EOFError, "Unexpected EOF"
112
122
  else
113
123
  raise Error, "Unknown marshal type discriminator #{type.chr.inspect} (#{type})"
114
124
  end
@@ -127,7 +137,7 @@ module Gem
127
137
  Elements::Symbol.new(byte.chr)
128
138
  end
129
139
  else
130
- name = -@io.read(len)
140
+ name = read_bytes(len)
131
141
  Elements::Symbol.new(name)
132
142
  end
133
143
  end
@@ -138,7 +148,7 @@ module Gem
138
148
  def read_string
139
149
  length = read_integer
140
150
  return EMPTY_STRING if length == 0
141
- str = @io.read(length)
151
+ str = read_bytes(length)
142
152
  Elements::String.new(str)
143
153
  end
144
154
 
@@ -152,7 +162,7 @@ module Gem
152
162
 
153
163
  def read_user_defined
154
164
  name = read_element
155
- binary_string = @io.read(read_integer)
165
+ binary_string = read_bytes(read_integer)
156
166
  Elements::UserDefined.new(name, binary_string)
157
167
  end
158
168
 
@@ -162,6 +172,7 @@ module Gem
162
172
  def read_array
163
173
  length = read_integer
164
174
  return EMPTY_ARRAY if length == 0
175
+ raise NegativeLengthError if length < 0
165
176
  elements = Array.new(length) do
166
177
  read_element
167
178
  end
@@ -170,7 +181,9 @@ module Gem
170
181
 
171
182
  def read_object_with_ivars
172
183
  object = read_element
173
- ivars = Array.new(read_integer) do
184
+ length = read_integer
185
+ raise NegativeLengthError if length < 0
186
+ ivars = Array.new(length) do
174
187
  [read_element, read_element]
175
188
  end
176
189
  Elements::WithIvars.new(object, ivars)
@@ -239,7 +252,9 @@ module Gem
239
252
  end
240
253
 
241
254
  def read_hash_with_default_value
242
- pairs = Array.new(read_integer) do
255
+ length = read_integer
256
+ raise NegativeLengthError if length < 0
257
+ pairs = Array.new(length) do
243
258
  [read_element, read_element]
244
259
  end
245
260
  default = read_element
@@ -249,7 +264,9 @@ module Gem
249
264
  def read_object
250
265
  name = read_element
251
266
  object = Elements::Object.new(name)
252
- ivars = Array.new(read_integer) do
267
+ length = read_integer
268
+ raise NegativeLengthError if length < 0
269
+ ivars = Array.new(length) do
253
270
  [read_element, read_element]
254
271
  end
255
272
  Elements::WithIvars.new(object, ivars)
@@ -260,13 +277,13 @@ module Gem
260
277
  end
261
278
 
262
279
  def read_float
263
- string = @io.read(read_integer)
280
+ string = read_bytes(read_integer)
264
281
  Elements::Float.new(string)
265
282
  end
266
283
 
267
284
  def read_bignum
268
285
  sign = read_byte
269
- data = @io.read(read_integer * 2)
286
+ data = read_bytes(read_integer * 2)
270
287
  Elements::Bignum.new(sign, data)
271
288
  end
272
289
 
@@ -45,7 +45,7 @@ module Gem::SafeMarshal
45
45
  idx = 0
46
46
  # not idiomatic, but there's a huge number of IMEMOs allocated here, so we avoid the block
47
47
  # because this is such a hot path when doing a bundle install with the full index
48
- until idx == size
48
+ while idx < size
49
49
  push_stack idx
50
50
  array << visit(elements[idx])
51
51
  idx += 1
@@ -98,16 +98,21 @@ module Gem::SafeMarshal
98
98
  end
99
99
 
100
100
  s = e.object.binary_string
101
+ # 122 is the largest integer that can be represented in marshal in a single byte
102
+ raise TimeTooLargeError.new("binary string too large", stack: formatted_stack) if s.bytesize > 122
101
103
 
102
104
  marshal_string = "\x04\bIu:\tTime".b
103
- marshal_string.concat(s.size + 5)
105
+ marshal_string.concat(s.bytesize + 5)
104
106
  marshal_string << s
107
+ # internal is limited to 5, so no overflow is possible
105
108
  marshal_string.concat(internal.size + 5)
106
109
 
107
110
  internal.each do |k, v|
111
+ k = k.name
112
+ # ivar name can't be too large because only known ivars are in the internal ivars list
108
113
  marshal_string.concat(":")
109
- marshal_string.concat(k.size + 5)
110
- marshal_string.concat(k.to_s)
114
+ marshal_string.concat(k.bytesize + 5)
115
+ marshal_string.concat(k)
111
116
  dumped = Marshal.dump(v)
112
117
  dumped[0, 2] = ""
113
118
  marshal_string.concat(dumped)
@@ -171,11 +176,11 @@ module Gem::SafeMarshal
171
176
  end
172
177
 
173
178
  def visit_Gem_SafeMarshal_Elements_ObjectLink(o)
174
- @objects[o.offset]
179
+ @objects.fetch(o.offset)
175
180
  end
176
181
 
177
182
  def visit_Gem_SafeMarshal_Elements_SymbolLink(o)
178
- @symbols[o.offset]
183
+ @symbols.fetch(o.offset)
179
184
  end
180
185
 
181
186
  def visit_Gem_SafeMarshal_Elements_UserDefined(o)
@@ -219,16 +224,18 @@ module Gem::SafeMarshal
219
224
  end
220
225
 
221
226
  def visit_Gem_SafeMarshal_Elements_Float(f)
222
- case f.string
223
- when "inf"
224
- ::Float::INFINITY
225
- when "-inf"
226
- -::Float::INFINITY
227
- when "nan"
228
- ::Float::NAN
229
- else
230
- f.string.to_f
231
- end
227
+ register_object(
228
+ case f.string
229
+ when "inf"
230
+ ::Float::INFINITY
231
+ when "-inf"
232
+ -::Float::INFINITY
233
+ when "nan"
234
+ ::Float::NAN
235
+ else
236
+ f.string.to_f
237
+ end
238
+ )
232
239
  end
233
240
 
234
241
  def visit_Gem_SafeMarshal_Elements_Bignum(b)
@@ -374,6 +381,12 @@ module Gem::SafeMarshal
374
381
  class Error < StandardError
375
382
  end
376
383
 
384
+ class TimeTooLargeError < Error
385
+ def initialize(message, stack:)
386
+ super "#{message} @ #{stack.join "."}"
387
+ end
388
+ end
389
+
377
390
  class UnpermittedSymbolError < Error
378
391
  def initialize(symbol:, stack:)
379
392
  @symbol = symbol
@@ -1817,16 +1817,8 @@ class Gem::Specification < Gem::BasicSpecification
1817
1817
  def encode_with(coder) # :nodoc:
1818
1818
  coder.add "name", @name
1819
1819
  coder.add "version", @version
1820
- platform = case @new_platform
1821
- when nil, "" then
1822
- "ruby"
1823
- when String then
1824
- @new_platform
1825
- else
1826
- @new_platform.to_s
1827
- end
1828
- coder.add "platform", platform
1829
- coder.add "original_platform", @original_platform.to_s if platform != @original_platform.to_s
1820
+ coder.add "platform", platform.to_s
1821
+ coder.add "original_platform", original_platform.to_s if platform.to_s != original_platform.to_s
1830
1822
 
1831
1823
  attributes = @@attributes.map(&:to_s) - %w[name version platform]
1832
1824
  attributes.each do |name|
@@ -10,7 +10,6 @@ require "fileutils"
10
10
  require_relative "../rubygems"
11
11
  require_relative "installer_uninstaller_utils"
12
12
  require_relative "dependency_list"
13
- require_relative "rdoc"
14
13
  require_relative "user_interaction"
15
14
 
16
15
  ##
@@ -288,7 +288,10 @@ class Gem::Version
288
288
  # 1.3.5 and earlier) compatibility.
289
289
 
290
290
  def marshal_load(array)
291
- initialize array[0]
291
+ string = array[0]
292
+ raise TypeError, "wrong version string" unless string.is_a?(String)
293
+
294
+ initialize string
292
295
  end
293
296
 
294
297
  def yaml_initialize(tag, map) # :nodoc:
data/lib/rubygems.rb CHANGED
@@ -9,7 +9,7 @@
9
9
  require "rbconfig"
10
10
 
11
11
  module Gem
12
- VERSION = "3.6.1"
12
+ VERSION = "3.6.2"
13
13
  end
14
14
 
15
15
  # Must be first since it unloads the prelude from 1.9.2
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = "rubygems-update"
5
- s.version = "3.6.1"
5
+ s.version = "3.6.2"
6
6
  s.authors = ["Jim Weirich", "Chad Fowler", "Eric Hodel", "Luis Lavena", "Aaron Patterson", "Samuel Giddins", "André Arko", "Evan Phoenix", "Hiroshi SHIBATA"]
7
7
  s.email = ["", "", "drbrain@segment7.net", "luislavena@gmail.com", "aaron@tenderlovemaking.com", "segiddins@segiddins.me", "andre@arko.net", "evan@phx.io", "hsbt@ruby-lang.org"]
8
8
 
metadata CHANGED
@@ -1,9 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rubygems-update
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.1
4
+ version: 3.6.2
5
5
  platform: ruby
6
- original_platform: ''
7
6
  authors:
8
7
  - Jim Weirich
9
8
  - Chad Fowler
@@ -16,7 +15,7 @@ authors:
16
15
  - Hiroshi SHIBATA
17
16
  bindir: exe
18
17
  cert_chain: []
19
- date: 2024-12-17 00:00:00.000000000 Z
18
+ date: 2024-12-23 00:00:00.000000000 Z
20
19
  dependencies: []
21
20
  description: |-
22
21
  A package (also known as a library) contains a set of functionality
@@ -747,7 +746,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
747
746
  - !ruby/object:Gem::Version
748
747
  version: '0'
749
748
  requirements: []
750
- rubygems_version: 3.6.1
749
+ rubygems_version: 3.6.2
751
750
  specification_version: 4
752
751
  summary: RubyGems is a package management framework for Ruby. This gem is downloaded
753
752
  and installed by `gem update --system`, so that the `gem` CLI can update itself.