slimgems 1.3.9.2 → 1.3.9.3

data/History.txt

@@ -1,4 +1,11 @@
-=== 1.3.9.1 / 2011-06-03
+=== 1.3.9.3 / 2011-09-07
+
+SlimGems is a drop-in replacement for RubyGems. See README.md for more.
+
+* Add support for Ruby 1.9.3 preview release (#9)
+* Fix rubygems-pwn gem install remote execution vulnerability (#10)
+
+=== 1.3.9.1, 1.3.9.2 / 2011-06-03
 
 SlimGems is a drop-in replacement for RubyGems. See README.md for more.
 

data/lib/rubygems.rb

@@ -106,7 +106,7 @@ require 'thread'
 module Gem
   NAME = 'SlimGems'
   GEM_NAME = 'slimgems'
-  VERSION = '1.3.9.2'
+  VERSION = '1.3.9.3'
   SlimGemsVersion = RubyGemsVersion = VERSION
 
   ##
@@ -634,10 +634,23 @@ module Gem
   # Loads YAML, preferring Psych
 
   def self.load_yaml
-    require 'psych'
-  rescue ::LoadError
-  ensure
-    require 'yaml'
+    begin
+      require 'psych' unless ENV['TEST_SYCK']
+    rescue ::LoadError
+    ensure
+      require 'yaml'
+    end
+
+    # Hack to handle syck's DefaultKey bug with psych.
+    # See the note at the top of lib/rubygems/requirement.rb for
+    # why we end up defining DefaultKey more than once.
+    if !defined? YAML::Syck
+      YAML.module_eval do
+          const_set 'Syck', Module.new {
+            const_set 'DefaultKey', Class.new
+          }
+        end
+    end
   end
 
   ##
@@ -1214,9 +1227,7 @@ end
 # if --disable-rubygems was used, then the prelude wasn't loaded, so
 # we need to load the custom_require now.
 
-if gem_disabled
-  require 'rubygems/custom_require'
-end
+require 'rubygems/custom_require'
 
 Gem.clear_paths
 

data/lib/rubygems/commands/fetch_command.rb

@@ -36,18 +36,32 @@ class Gem::Commands::FetchCommand < Gem::Command
     version = options[:version] || Gem::Requirement.default
     all = Gem::Requirement.default != version
 
+    platform  = Gem.platforms.last
     gem_names = get_all_gem_names
 
     gem_names.each do |gem_name|
       dep = Gem::Dependency.new gem_name, version
       dep.prerelease = options[:prerelease]
 
-      specs_and_sources = Gem::SpecFetcher.fetcher.fetch(dep, all, true,
-                                                         dep.prerelease?)
+      # Because of the madness that is SpecFetcher, you can't
+      # set both all and prerelease to true. If you do, prerelease
+      # is ignored.
+
+      if dep.prerelease? and all
+        specs_and_sources, errors =
+          Gem::SpecFetcher.fetcher.fetch_with_errors(dep, false, true,
+                                                     dep.prerelease?)
+      else
+        specs_and_sources, errors =
+          Gem::SpecFetcher.fetcher.fetch_with_errors(dep, all, true,
+                                                     dep.prerelease?)
+      end
+
 
-      specs_and_sources, errors =
-        Gem::SpecFetcher.fetcher.fetch_with_errors(dep, all, true,
-                                                   dep.prerelease?)
+      if platform then
+        filtered = specs_and_sources.select { |s,| s.platform == platform }
+        specs_and_sources = filtered unless filtered.empty?
+      end
 
       spec, source_uri = specs_and_sources.sort_by { |s,| s.version }.last
 

data/lib/rubygems/commands/update_command.rb

@@ -173,10 +173,12 @@ class Gem::Commands::UpdateCommand < Gem::Command
               gem_names.all? { |name| /#{name}/ !~ l_spec.name }
 
       dependency = Gem::Dependency.new l_spec.name, "> #{l_spec.version}"
+      dependency.prerelease = options[:prerelease]
 
       begin
         fetcher = Gem::SpecFetcher.fetcher
-        spec_tuples = fetcher.find_matching dependency
+        spec_tuples = fetcher.find_matching dependency, false, true,
+                                            options[:prerelease]
       rescue Gem::RemoteFetcher::FetchError => e
         raise unless fetcher.warn_legacy e do
           require 'rubygems/source_info_cache'

data/lib/rubygems/dependency_list.rb

@@ -201,7 +201,7 @@ class Gem::DependencyList
   # +ignored+.
 
   def active_count(specs, ignored)
-    specs.count { |spec| ignored[spec.full_name].nil? }
+    specs.inject(0) {|c, spec| ignored[spec.full_name].nil? ? c + 1 : c }
   end
 
 end

data/lib/rubygems/requirement.rb

@@ -1,5 +1,24 @@
 require "rubygems/version"
 
+# Hack to handle syck's DefaultKey bug with psych
+#
+# Quick note! If/when psych loads in 1.9, it will redefine
+# YAML to point to Psych by removing the YAML constant.
+# Thusly, over in Gem.load_yaml, we define DefaultKey again
+# after proper yaml library has been loaded.
+#
+# All this is so that there is always a YAML::Syck::DefaultKey
+# class no matter if the full yaml library has loaded or not.
+#
+module YAML
+  if !defined? Syck
+    module Syck
+      class DefaultKey
+      end
+    end
+  end
+end
+
 ##
 # A Requirement is a set of one or more version restrictions. It supports a
 # few (<tt>=, !=, >, <, >=, <=, ~></tt>) different restriction operators.
@@ -115,6 +134,13 @@ class Gem::Requirement
 
   def marshal_load array # :nodoc:
     @requirements = array[0]
+
+    # Fixup the Syck DefaultKey bug
+    @requirements.each do |r|
+      if r[0].kind_of? YAML::Syck::DefaultKey
+        r[0] = "="
+      end
+    end
   end
 
   def prerelease?

data/lib/rubygems/specification.rb

@@ -1038,11 +1038,11 @@ class Gem::Specification
 
   def ruby_code(obj)
     case obj
-    when String            then '%q{' + obj + '}'
-    when Array             then obj.inspect
-    when Gem::Version      then obj.to_s.inspect
-    when Date              then '%q{' + obj.strftime('%Y-%m-%d') + '}'
-    when Time              then '%q{' + obj.strftime('%Y-%m-%d') + '}'
+    when String            then obj.dump
+    when Array             then '[' + obj.map { |x| ruby_code x }.join(", ") + ']'
+    when Gem::Version      then obj.to_s.dump
+    when Date              then obj.strftime('%Y-%m-%d').dump
+    when Time              then obj.strftime('%Y-%m-%d').dump
     when Numeric           then obj.inspect
     when true, false, nil  then obj.inspect
     when Gem::Platform     then "Gem::Platform.new(#{obj.to_a.inspect})"

data/test/test_gem_commands_fetch_command.rb

@@ -52,6 +52,30 @@ class TestGemCommandsFetchCommand < RubyGemTestCase
            "#{@a2_pre.full_name} not fetched"
   end
 
+  def test_execute_specific_prerelease
+    util_setup_fake_fetcher true
+    util_clear_gems
+    util_setup_spec_fetcher @a2, @a2_pre
+
+    @fetcher.data["#{@gem_repo}gems/#{@a2.file_name}"] =
+      File.read(File.join(@gemhome, 'cache', @a2.file_name))
+    @fetcher.data["#{@gem_repo}gems/#{@a2_pre.file_name}"] =
+      File.read(File.join(@gemhome, 'cache', @a2_pre.file_name))
+
+    @cmd.options[:args] = [@a2.name]
+    @cmd.options[:prerelease] = true
+    @cmd.options[:version] = "2.a"
+
+    use_ui @ui do
+      Dir.chdir @tempdir do
+        @cmd.execute
+      end
+    end
+
+    assert File.exist?(File.join(@tempdir, @a2_pre.file_name)),
+           "#{@a2_pre.full_name} not fetched"
+  end
+
   def test_execute_version
     util_setup_fake_fetcher
     util_setup_spec_fetcher @a1, @a2

data/test/test_gem_commands_specification_command.rb

@@ -131,7 +131,7 @@ class TestGemCommandsSpecificationCommand < RubyGemTestCase
     end
 
     assert_match %r|Gem::Specification.new|, @ui.output
-    assert_match %r|s.name = %q\{foo\}|, @ui.output
+    assert_match %r|s.name = "foo"|, @ui.output
     assert_equal '', @ui.error
   end
 

data/test/test_gem_commands_update_command.rb

@@ -15,16 +15,18 @@ class TestGemCommandsUpdateCommand < RubyGemTestCase
     @cmd.options[:generate_ri]   = false
 
     util_setup_fake_fetcher
+    util_setup_spec_fetcher @a1, @a2, @a3a
 
     @a1_path = File.join @gemhome, 'cache', @a1.file_name
     @a2_path = File.join @gemhome, 'cache', @a2.file_name
-
-    util_setup_spec_fetcher @a1, @a2
+    @a3a_path = File.join @gemhome, 'cache', @a3a.file_name
 
     @fetcher.data["#{@gem_repo}gems/#{@a1.file_name}"] =
       read_binary @a1_path
     @fetcher.data["#{@gem_repo}gems/#{@a2.file_name}"] =
       read_binary @a2_path
+    @fetcher.data["#{@gem_repo}gems/#{@a3a.file_name}"] =
+      read_binary @a3a_path
   end
   
   def teardown
@@ -296,6 +298,27 @@ class TestGemCommandsUpdateCommand < RubyGemTestCase
     assert_empty out
   end
 
+  def test_execute_named_up_to_date_prerelease
+    util_clear_gems
+
+    Gem::Installer.new(@a2_path).install
+
+    @cmd.options[:args] = [@a2.name]
+    @cmd.options[:prerelease] = true
+
+    use_ui @ui do
+      @cmd.execute
+    end
+
+    out = @ui.output.split "\n"
+    assert_equal "Updating installed gems", out.shift
+    assert_equal "Updating #{@a3a.name}", out.shift
+    assert_equal "Successfully installed #{@a3a.full_name}", out.shift
+    assert_equal "Gems updated: #{@a3a.name}", out.shift
+
+    assert_empty out
+  end
+
   def test_execute_up_to_date
     util_clear_gems
 

data/test/test_gem_gem_runner.rb

@@ -1,5 +1,13 @@
 require File.expand_path('../gemutilities', __FILE__)
-require 'rubygems/gem_runner'
+
+module Gem
+  class << self
+    alias old_load_plugins load_plugins
+    def load_plugins; end
+    require 'rubygems/gem_runner'
+    alias load_plugins old_load_plugins
+  end
+end
 
 class TestGemGemRunner < RubyGemTestCase
 

data/test/test_gem_installer.rb

@@ -1,15 +1,29 @@
 require File.expand_path('../gem_installer_test_case', __FILE__)
 
 class TestGemInstaller < GemInstallerTestCase
-
+  
+  class StubbedConfigFile < Gem::ConfigFile
+    def load_file(filename) {} end
+  end
+  
   def setup
     super
-    @config = Gem.configuration
+    if !defined?(@@test_num)
+      @@test_num = 0
+      @@total_tests = self.class.test_methods.size
+      @@config = Gem.configuration
+    end
+    Gem.configuration = StubbedConfigFile.new([])
   end
-
-  def teardown
-    super
-    Gem.configuration = @config
+  
+  def run(runner)
+    result = super
+  ensure
+    @@test_num += 1
+    if @@test_num == @@total_tests
+      Gem.configuration = @@config
+    end
+    result
   end
 
   def test_app_script_text
@@ -828,10 +842,7 @@ load Gem.bin_path('a', 'my_exec', version)
   end
 
   def test_shebang_custom
-    conf = Gem::ConfigFile.new []
-    conf[:custom_shebang] = 'test'
-
-    Gem.configuration = conf
+    Gem.configuration[:custom_shebang] = 'test'
 
     util_make_exec '2', "#!/usr/bin/ruby"
 
@@ -841,10 +852,7 @@ load Gem.bin_path('a', 'my_exec', version)
   end
 
   def test_shebang_custom_with_expands
-    conf = Gem::ConfigFile.new []
-    conf[:custom_shebang] = '1 $env 2 $ruby 3 $exec 4 $name'
-
-    Gem.configuration = conf
+    Gem.configuration[:custom_shebang] = '1 $env 2 $ruby 3 $exec 4 $name'
 
     util_make_exec '2', "#!/usr/bin/ruby"
 
@@ -854,10 +862,7 @@ load Gem.bin_path('a', 'my_exec', version)
   end
 
   def test_shebang_custom_with_expands_and_arguments
-    conf = Gem::ConfigFile.new []
-    conf[:custom_shebang] = '1 $env 2 $ruby 3 $exec'
-
-    Gem.configuration = conf
+    Gem.configuration[:custom_shebang] = '1 $env 2 $ruby 3 $exec'
 
     util_make_exec '2', "#!/usr/bin/ruby -ws"
 

data/test/test_gem_specification.rb

@@ -129,6 +129,51 @@ end
     assert_equal @a2, gs
   end
 
+  def test_self_load_escape_curly
+    @a2.name = 'a};raise "improper escaping";%q{'
+
+    full_path = @a2.spec_file
+    write_file full_path do |io|
+      io.write @a2.to_ruby_for_cache
+    end
+
+    spec = Gem::Specification.load full_path
+
+    @a2.files.clear
+
+    assert_equal @a2, spec
+  end
+
+  def test_self_load_escape_interpolation
+    @a2.name = 'a#{raise %<improper escaping>}'
+
+    full_path = @a2.spec_file
+    write_file full_path do |io|
+      io.write @a2.to_ruby_for_cache
+    end
+
+    spec = Gem::Specification.load full_path
+
+    @a2.files.clear
+
+    assert_equal @a2, spec
+  end
+
+  def test_self_load_escape_quote
+    @a2.name = 'a";raise "improper escaping";"'
+
+    full_path = @a2.spec_file
+    write_file full_path do |io|
+      io.write @a2.to_ruby_for_cache
+    end
+
+    spec = Gem::Specification.load full_path
+
+    @a2.files.clear
+
+    assert_equal @a2, spec
+  end
+
   def test_self_load_legacy_ruby
     spec = eval LEGACY_RUBY_SPEC
     assert_equal 'keyedlist', spec.name
@@ -769,19 +814,19 @@ end
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{a}
-  s.version = \"2\"
+  s.name = "a"
+  s.version = "2"
 
   s.required_rubygems_version = Gem::Requirement.new(\"> 0\") if s.respond_to? :required_rubygems_version=
-  s.authors = [\"A User\"]
-  s.date = %q{#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}}
-  s.description = %q{This is a test description}
-  s.email = %q{example@example.com}
-  s.files = [\"lib/code.rb\"]
-  s.homepage = %q{http://example.com}
-  s.require_paths = [\"lib\"]
-  s.rubygems_version = %q{#{Gem::VERSION}}
-  s.summary = %q{this is a summary}
+  s.authors = ["A User"]
+  s.date = "#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}"
+  s.description = "This is a test description"
+  s.email = "example@example.com"
+  s.files = ["lib/code.rb"]
+  s.homepage = "http://example.com"
+  s.require_paths = ["lib"]
+  s.rubygems_version = "#{Gem::VERSION}"
+  s.summary = "this is a summary"
 
   if s.respond_to? :specification_version then
     s.specification_version = #{Gem::Specification::CURRENT_SPECIFICATION_VERSION}
@@ -815,28 +860,28 @@ end
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{a}
-  s.version = \"1\"
+  s.name = "a"
+  s.version = "1"
   s.platform = Gem::Platform.new(#{expected_platform})
 
   s.required_rubygems_version = Gem::Requirement.new(\">= 0\") if s.respond_to? :required_rubygems_version=
-  s.authors = [\"A User\"]
-  s.date = %q{#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}}
-  s.default_executable = %q{exec}
-  s.description = %q{This is a test description}
-  s.email = %q{example@example.com}
-  s.executables = [\"exec\"]
-  s.extensions = [\"ext/a/extconf.rb\"]
-  s.files = [\"lib/code.rb\", \"test/suite.rb\", \"bin/exec\", \"ext/a/extconf.rb\"]
-  s.has_rdoc = %q{true}
-  s.homepage = %q{http://example.com}
-  s.licenses = [\"MIT\"]
-  s.require_paths = [\"lib\"]
-  s.requirements = [\"A working computer\"]
-  s.rubyforge_project = %q{example}
-  s.rubygems_version = %q{#{Gem::VERSION}}
-  s.summary = %q{this is a summary}
-  s.test_files = [\"test/suite.rb\"]
+  s.authors = ["A User"]
+  s.date = "#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}"
+  s.default_executable = "exec"
+  s.description = "This is a test description"
+  s.email = "example@example.com"
+  s.executables = ["exec"]
+  s.extensions = ["ext/a/extconf.rb"]
+  s.files = ["lib/code.rb", "test/suite.rb", "bin/exec", "ext/a/extconf.rb"]
+  s.has_rdoc = "true"
+  s.homepage = "http://example.com"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.requirements = ["A working computer"]
+  s.rubyforge_project = "example"
+  s.rubygems_version = "#{Gem::VERSION}"
+  s.summary = "this is a summary"
+  s.test_files = ["test/suite.rb"]
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

metadata

@@ -1,10 +1,10 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: slimgems
-version: !ruby/object:Gem::Version 
+version: !ruby/object:Gem::Version
+  version: 1.3.9.3
   prerelease: 
-  version: 1.3.9.2
 platform: ruby
-authors: 
+authors:
 - Jim Weirich
 - Chad Fowler
 - Eric Hodel
@@ -12,29 +12,23 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-06-14 00:00:00 -04:00
+date: 2011-09-07 00:00:00.000000000 -04:00
 default_executable: 
 dependencies: []
-
-description: |
-  SlimGems is a drop-in replacement for RubyGems, a package management framework 
-  for Ruby. We forked the project at 1.3.7, which was a great stable release.
-  
-  SlimGems focuses on maintaining a sane and stable API. We believe that the
-  project has been put through enough stress testing by the community to lock
-  into the current API functionality for the forseeable future. We will also
-  continue to improve the runtime performance over time; we can do this
-  without changing the API.
-
+description: ! "SlimGems is a drop-in replacement for RubyGems, a package management
+  framework \nfor Ruby. This project was forked at 1.3.7, which was a great stable
+  release.\n\nSlimGems focuses on maintaining a sane and stable API. We believe that
+  the\nproject has been put through enough stress testing by the community to lock\ninto
+  the current API functionality for the forseeable future. We will also\ncontinue
+  to improve the runtime performance over time; we can do this\nwithout changing the
+  API.\n"
 email: lsegal@soen.ca
-executables: 
+executables:
 - update_slimgems
-extensions: 
+extensions:
 - bootstrap/Rakefile
 extra_rdoc_files: []
-
-files: 
+files:
 - bin/gem
 - bin/update_slimgems
 - bootstrap/Rakefile
@@ -222,35 +216,32 @@ files:
 has_rdoc: true
 homepage: http://slimgems.github.com
 licenses: []
-
-post_install_message: "Upgraded from RubyGems to SlimGems 1.3.9.2\n\
-  \xEF\xBB\xBF=== 1.3.9.1 / 2011-06-03\n\n\
-  SlimGems is a drop-in replacement for RubyGems. See README.md for more.\n\n\
-  * Fixes slimgems getting uninstalled when `gem uninstall GEM` is called.\n\n"
+post_install_message: ! "Upgraded from RubyGems to SlimGems 1.3.9.3\n\uFEFF=== 1.3.9.3
+  / 2011-09-07\n\nSlimGems is a drop-in replacement for RubyGems. See README.md for
+  more.\n\n* Add support for Ruby 1.9.3 preview release (#9)\n* Fix rubygems-pwn gem
+  install remote execution vulnerability (#10)\n\n"
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - hide_lib_for_update
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">"
-    - !ruby/object:Gem::Version 
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
       version: 1.8.3
-required_rubygems_version: !ruby/object:Gem::Requirement 
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
 rubygems_version: 1.3.9.2
 signing_key: 
 specification_version: 3
 summary: SlimGems is a package management framework for Ruby
-test_files: 
+test_files:
 - test/bogussources.rb
 - test/fake_certlib/openssl.rb
 - test/foo/discover.rb