slimgems 1.3.9.2 → 1.3.9.3

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,4 +1,11 @@
1
- === 1.3.9.1 / 2011-06-03
1
+ === 1.3.9.3 / 2011-09-07
2
+
3
+ SlimGems is a drop-in replacement for RubyGems. See README.md for more.
4
+
5
+ * Add support for Ruby 1.9.3 preview release (#9)
6
+ * Fix rubygems-pwn gem install remote execution vulnerability (#10)
7
+
8
+ === 1.3.9.1, 1.3.9.2 / 2011-06-03
2
9
 
3
10
  SlimGems is a drop-in replacement for RubyGems. See README.md for more.
4
11
 
@@ -106,7 +106,7 @@ require 'thread'
106
106
  module Gem
107
107
  NAME = 'SlimGems'
108
108
  GEM_NAME = 'slimgems'
109
- VERSION = '1.3.9.2'
109
+ VERSION = '1.3.9.3'
110
110
  SlimGemsVersion = RubyGemsVersion = VERSION
111
111
 
112
112
  ##
@@ -634,10 +634,23 @@ module Gem
634
634
  # Loads YAML, preferring Psych
635
635
 
636
636
  def self.load_yaml
637
- require 'psych'
638
- rescue ::LoadError
639
- ensure
640
- require 'yaml'
637
+ begin
638
+ require 'psych' unless ENV['TEST_SYCK']
639
+ rescue ::LoadError
640
+ ensure
641
+ require 'yaml'
642
+ end
643
+
644
+ # Hack to handle syck's DefaultKey bug with psych.
645
+ # See the note at the top of lib/rubygems/requirement.rb for
646
+ # why we end up defining DefaultKey more than once.
647
+ if !defined? YAML::Syck
648
+ YAML.module_eval do
649
+ const_set 'Syck', Module.new {
650
+ const_set 'DefaultKey', Class.new
651
+ }
652
+ end
653
+ end
641
654
  end
642
655
 
643
656
  ##
@@ -1214,9 +1227,7 @@ end
1214
1227
  # if --disable-rubygems was used, then the prelude wasn't loaded, so
1215
1228
  # we need to load the custom_require now.
1216
1229
 
1217
- if gem_disabled
1218
- require 'rubygems/custom_require'
1219
- end
1230
+ require 'rubygems/custom_require'
1220
1231
 
1221
1232
  Gem.clear_paths
1222
1233
 
@@ -36,18 +36,32 @@ class Gem::Commands::FetchCommand < Gem::Command
36
36
  version = options[:version] || Gem::Requirement.default
37
37
  all = Gem::Requirement.default != version
38
38
 
39
+ platform = Gem.platforms.last
39
40
  gem_names = get_all_gem_names
40
41
 
41
42
  gem_names.each do |gem_name|
42
43
  dep = Gem::Dependency.new gem_name, version
43
44
  dep.prerelease = options[:prerelease]
44
45
 
45
- specs_and_sources = Gem::SpecFetcher.fetcher.fetch(dep, all, true,
46
- dep.prerelease?)
46
+ # Because of the madness that is SpecFetcher, you can't
47
+ # set both all and prerelease to true. If you do, prerelease
48
+ # is ignored.
49
+
50
+ if dep.prerelease? and all
51
+ specs_and_sources, errors =
52
+ Gem::SpecFetcher.fetcher.fetch_with_errors(dep, false, true,
53
+ dep.prerelease?)
54
+ else
55
+ specs_and_sources, errors =
56
+ Gem::SpecFetcher.fetcher.fetch_with_errors(dep, all, true,
57
+ dep.prerelease?)
58
+ end
59
+
47
60
 
48
- specs_and_sources, errors =
49
- Gem::SpecFetcher.fetcher.fetch_with_errors(dep, all, true,
50
- dep.prerelease?)
61
+ if platform then
62
+ filtered = specs_and_sources.select { |s,| s.platform == platform }
63
+ specs_and_sources = filtered unless filtered.empty?
64
+ end
51
65
 
52
66
  spec, source_uri = specs_and_sources.sort_by { |s,| s.version }.last
53
67
 
@@ -173,10 +173,12 @@ class Gem::Commands::UpdateCommand < Gem::Command
173
173
  gem_names.all? { |name| /#{name}/ !~ l_spec.name }
174
174
 
175
175
  dependency = Gem::Dependency.new l_spec.name, "> #{l_spec.version}"
176
+ dependency.prerelease = options[:prerelease]
176
177
 
177
178
  begin
178
179
  fetcher = Gem::SpecFetcher.fetcher
179
- spec_tuples = fetcher.find_matching dependency
180
+ spec_tuples = fetcher.find_matching dependency, false, true,
181
+ options[:prerelease]
180
182
  rescue Gem::RemoteFetcher::FetchError => e
181
183
  raise unless fetcher.warn_legacy e do
182
184
  require 'rubygems/source_info_cache'
@@ -201,7 +201,7 @@ class Gem::DependencyList
201
201
  # +ignored+.
202
202
 
203
203
  def active_count(specs, ignored)
204
- specs.count { |spec| ignored[spec.full_name].nil? }
204
+ specs.inject(0) {|c, spec| ignored[spec.full_name].nil? ? c + 1 : c }
205
205
  end
206
206
 
207
207
  end
@@ -1,5 +1,24 @@
1
1
  require "rubygems/version"
2
2
 
3
+ # Hack to handle syck's DefaultKey bug with psych
4
+ #
5
+ # Quick note! If/when psych loads in 1.9, it will redefine
6
+ # YAML to point to Psych by removing the YAML constant.
7
+ # Thusly, over in Gem.load_yaml, we define DefaultKey again
8
+ # after proper yaml library has been loaded.
9
+ #
10
+ # All this is so that there is always a YAML::Syck::DefaultKey
11
+ # class no matter if the full yaml library has loaded or not.
12
+ #
13
+ module YAML
14
+ if !defined? Syck
15
+ module Syck
16
+ class DefaultKey
17
+ end
18
+ end
19
+ end
20
+ end
21
+
3
22
  ##
4
23
  # A Requirement is a set of one or more version restrictions. It supports a
5
24
  # few (<tt>=, !=, >, <, >=, <=, ~></tt>) different restriction operators.
@@ -115,6 +134,13 @@ class Gem::Requirement
115
134
 
116
135
  def marshal_load array # :nodoc:
117
136
  @requirements = array[0]
137
+
138
+ # Fixup the Syck DefaultKey bug
139
+ @requirements.each do |r|
140
+ if r[0].kind_of? YAML::Syck::DefaultKey
141
+ r[0] = "="
142
+ end
143
+ end
118
144
  end
119
145
 
120
146
  def prerelease?
@@ -1038,11 +1038,11 @@ class Gem::Specification
1038
1038
 
1039
1039
  def ruby_code(obj)
1040
1040
  case obj
1041
- when String then '%q{' + obj + '}'
1042
- when Array then obj.inspect
1043
- when Gem::Version then obj.to_s.inspect
1044
- when Date then '%q{' + obj.strftime('%Y-%m-%d') + '}'
1045
- when Time then '%q{' + obj.strftime('%Y-%m-%d') + '}'
1041
+ when String then obj.dump
1042
+ when Array then '[' + obj.map { |x| ruby_code x }.join(", ") + ']'
1043
+ when Gem::Version then obj.to_s.dump
1044
+ when Date then obj.strftime('%Y-%m-%d').dump
1045
+ when Time then obj.strftime('%Y-%m-%d').dump
1046
1046
  when Numeric then obj.inspect
1047
1047
  when true, false, nil then obj.inspect
1048
1048
  when Gem::Platform then "Gem::Platform.new(#{obj.to_a.inspect})"
@@ -52,6 +52,30 @@ class TestGemCommandsFetchCommand < RubyGemTestCase
52
52
  "#{@a2_pre.full_name} not fetched"
53
53
  end
54
54
 
55
+ def test_execute_specific_prerelease
56
+ util_setup_fake_fetcher true
57
+ util_clear_gems
58
+ util_setup_spec_fetcher @a2, @a2_pre
59
+
60
+ @fetcher.data["#{@gem_repo}gems/#{@a2.file_name}"] =
61
+ File.read(File.join(@gemhome, 'cache', @a2.file_name))
62
+ @fetcher.data["#{@gem_repo}gems/#{@a2_pre.file_name}"] =
63
+ File.read(File.join(@gemhome, 'cache', @a2_pre.file_name))
64
+
65
+ @cmd.options[:args] = [@a2.name]
66
+ @cmd.options[:prerelease] = true
67
+ @cmd.options[:version] = "2.a"
68
+
69
+ use_ui @ui do
70
+ Dir.chdir @tempdir do
71
+ @cmd.execute
72
+ end
73
+ end
74
+
75
+ assert File.exist?(File.join(@tempdir, @a2_pre.file_name)),
76
+ "#{@a2_pre.full_name} not fetched"
77
+ end
78
+
55
79
  def test_execute_version
56
80
  util_setup_fake_fetcher
57
81
  util_setup_spec_fetcher @a1, @a2
@@ -131,7 +131,7 @@ class TestGemCommandsSpecificationCommand < RubyGemTestCase
131
131
  end
132
132
 
133
133
  assert_match %r|Gem::Specification.new|, @ui.output
134
- assert_match %r|s.name = %q\{foo\}|, @ui.output
134
+ assert_match %r|s.name = "foo"|, @ui.output
135
135
  assert_equal '', @ui.error
136
136
  end
137
137
 
@@ -15,16 +15,18 @@ class TestGemCommandsUpdateCommand < RubyGemTestCase
15
15
  @cmd.options[:generate_ri] = false
16
16
 
17
17
  util_setup_fake_fetcher
18
+ util_setup_spec_fetcher @a1, @a2, @a3a
18
19
 
19
20
  @a1_path = File.join @gemhome, 'cache', @a1.file_name
20
21
  @a2_path = File.join @gemhome, 'cache', @a2.file_name
21
-
22
- util_setup_spec_fetcher @a1, @a2
22
+ @a3a_path = File.join @gemhome, 'cache', @a3a.file_name
23
23
 
24
24
  @fetcher.data["#{@gem_repo}gems/#{@a1.file_name}"] =
25
25
  read_binary @a1_path
26
26
  @fetcher.data["#{@gem_repo}gems/#{@a2.file_name}"] =
27
27
  read_binary @a2_path
28
+ @fetcher.data["#{@gem_repo}gems/#{@a3a.file_name}"] =
29
+ read_binary @a3a_path
28
30
  end
29
31
 
30
32
  def teardown
@@ -296,6 +298,27 @@ class TestGemCommandsUpdateCommand < RubyGemTestCase
296
298
  assert_empty out
297
299
  end
298
300
 
301
+ def test_execute_named_up_to_date_prerelease
302
+ util_clear_gems
303
+
304
+ Gem::Installer.new(@a2_path).install
305
+
306
+ @cmd.options[:args] = [@a2.name]
307
+ @cmd.options[:prerelease] = true
308
+
309
+ use_ui @ui do
310
+ @cmd.execute
311
+ end
312
+
313
+ out = @ui.output.split "\n"
314
+ assert_equal "Updating installed gems", out.shift
315
+ assert_equal "Updating #{@a3a.name}", out.shift
316
+ assert_equal "Successfully installed #{@a3a.full_name}", out.shift
317
+ assert_equal "Gems updated: #{@a3a.name}", out.shift
318
+
319
+ assert_empty out
320
+ end
321
+
299
322
  def test_execute_up_to_date
300
323
  util_clear_gems
301
324
 
@@ -1,5 +1,13 @@
1
1
  require File.expand_path('../gemutilities', __FILE__)
2
- require 'rubygems/gem_runner'
2
+
3
+ module Gem
4
+ class << self
5
+ alias old_load_plugins load_plugins
6
+ def load_plugins; end
7
+ require 'rubygems/gem_runner'
8
+ alias load_plugins old_load_plugins
9
+ end
10
+ end
3
11
 
4
12
  class TestGemGemRunner < RubyGemTestCase
5
13
 
@@ -1,15 +1,29 @@
1
1
  require File.expand_path('../gem_installer_test_case', __FILE__)
2
2
 
3
3
  class TestGemInstaller < GemInstallerTestCase
4
-
4
+
5
+ class StubbedConfigFile < Gem::ConfigFile
6
+ def load_file(filename) {} end
7
+ end
8
+
5
9
  def setup
6
10
  super
7
- @config = Gem.configuration
11
+ if !defined?(@@test_num)
12
+ @@test_num = 0
13
+ @@total_tests = self.class.test_methods.size
14
+ @@config = Gem.configuration
15
+ end
16
+ Gem.configuration = StubbedConfigFile.new([])
8
17
  end
9
-
10
- def teardown
11
- super
12
- Gem.configuration = @config
18
+
19
+ def run(runner)
20
+ result = super
21
+ ensure
22
+ @@test_num += 1
23
+ if @@test_num == @@total_tests
24
+ Gem.configuration = @@config
25
+ end
26
+ result
13
27
  end
14
28
 
15
29
  def test_app_script_text
@@ -828,10 +842,7 @@ load Gem.bin_path('a', 'my_exec', version)
828
842
  end
829
843
 
830
844
  def test_shebang_custom
831
- conf = Gem::ConfigFile.new []
832
- conf[:custom_shebang] = 'test'
833
-
834
- Gem.configuration = conf
845
+ Gem.configuration[:custom_shebang] = 'test'
835
846
 
836
847
  util_make_exec '2', "#!/usr/bin/ruby"
837
848
 
@@ -841,10 +852,7 @@ load Gem.bin_path('a', 'my_exec', version)
841
852
  end
842
853
 
843
854
  def test_shebang_custom_with_expands
844
- conf = Gem::ConfigFile.new []
845
- conf[:custom_shebang] = '1 $env 2 $ruby 3 $exec 4 $name'
846
-
847
- Gem.configuration = conf
855
+ Gem.configuration[:custom_shebang] = '1 $env 2 $ruby 3 $exec 4 $name'
848
856
 
849
857
  util_make_exec '2', "#!/usr/bin/ruby"
850
858
 
@@ -854,10 +862,7 @@ load Gem.bin_path('a', 'my_exec', version)
854
862
  end
855
863
 
856
864
  def test_shebang_custom_with_expands_and_arguments
857
- conf = Gem::ConfigFile.new []
858
- conf[:custom_shebang] = '1 $env 2 $ruby 3 $exec'
859
-
860
- Gem.configuration = conf
865
+ Gem.configuration[:custom_shebang] = '1 $env 2 $ruby 3 $exec'
861
866
 
862
867
  util_make_exec '2', "#!/usr/bin/ruby -ws"
863
868
 
@@ -129,6 +129,51 @@ end
129
129
  assert_equal @a2, gs
130
130
  end
131
131
 
132
+ def test_self_load_escape_curly
133
+ @a2.name = 'a};raise "improper escaping";%q{'
134
+
135
+ full_path = @a2.spec_file
136
+ write_file full_path do |io|
137
+ io.write @a2.to_ruby_for_cache
138
+ end
139
+
140
+ spec = Gem::Specification.load full_path
141
+
142
+ @a2.files.clear
143
+
144
+ assert_equal @a2, spec
145
+ end
146
+
147
+ def test_self_load_escape_interpolation
148
+ @a2.name = 'a#{raise %<improper escaping>}'
149
+
150
+ full_path = @a2.spec_file
151
+ write_file full_path do |io|
152
+ io.write @a2.to_ruby_for_cache
153
+ end
154
+
155
+ spec = Gem::Specification.load full_path
156
+
157
+ @a2.files.clear
158
+
159
+ assert_equal @a2, spec
160
+ end
161
+
162
+ def test_self_load_escape_quote
163
+ @a2.name = 'a";raise "improper escaping";"'
164
+
165
+ full_path = @a2.spec_file
166
+ write_file full_path do |io|
167
+ io.write @a2.to_ruby_for_cache
168
+ end
169
+
170
+ spec = Gem::Specification.load full_path
171
+
172
+ @a2.files.clear
173
+
174
+ assert_equal @a2, spec
175
+ end
176
+
132
177
  def test_self_load_legacy_ruby
133
178
  spec = eval LEGACY_RUBY_SPEC
134
179
  assert_equal 'keyedlist', spec.name
@@ -769,19 +814,19 @@ end
769
814
  # -*- encoding: utf-8 -*-
770
815
 
771
816
  Gem::Specification.new do |s|
772
- s.name = %q{a}
773
- s.version = \"2\"
817
+ s.name = "a"
818
+ s.version = "2"
774
819
 
775
820
  s.required_rubygems_version = Gem::Requirement.new(\"> 0\") if s.respond_to? :required_rubygems_version=
776
- s.authors = [\"A User\"]
777
- s.date = %q{#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}}
778
- s.description = %q{This is a test description}
779
- s.email = %q{example@example.com}
780
- s.files = [\"lib/code.rb\"]
781
- s.homepage = %q{http://example.com}
782
- s.require_paths = [\"lib\"]
783
- s.rubygems_version = %q{#{Gem::VERSION}}
784
- s.summary = %q{this is a summary}
821
+ s.authors = ["A User"]
822
+ s.date = "#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}"
823
+ s.description = "This is a test description"
824
+ s.email = "example@example.com"
825
+ s.files = ["lib/code.rb"]
826
+ s.homepage = "http://example.com"
827
+ s.require_paths = ["lib"]
828
+ s.rubygems_version = "#{Gem::VERSION}"
829
+ s.summary = "this is a summary"
785
830
 
786
831
  if s.respond_to? :specification_version then
787
832
  s.specification_version = #{Gem::Specification::CURRENT_SPECIFICATION_VERSION}
@@ -815,28 +860,28 @@ end
815
860
  # -*- encoding: utf-8 -*-
816
861
 
817
862
  Gem::Specification.new do |s|
818
- s.name = %q{a}
819
- s.version = \"1\"
863
+ s.name = "a"
864
+ s.version = "1"
820
865
  s.platform = Gem::Platform.new(#{expected_platform})
821
866
 
822
867
  s.required_rubygems_version = Gem::Requirement.new(\">= 0\") if s.respond_to? :required_rubygems_version=
823
- s.authors = [\"A User\"]
824
- s.date = %q{#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}}
825
- s.default_executable = %q{exec}
826
- s.description = %q{This is a test description}
827
- s.email = %q{example@example.com}
828
- s.executables = [\"exec\"]
829
- s.extensions = [\"ext/a/extconf.rb\"]
830
- s.files = [\"lib/code.rb\", \"test/suite.rb\", \"bin/exec\", \"ext/a/extconf.rb\"]
831
- s.has_rdoc = %q{true}
832
- s.homepage = %q{http://example.com}
833
- s.licenses = [\"MIT\"]
834
- s.require_paths = [\"lib\"]
835
- s.requirements = [\"A working computer\"]
836
- s.rubyforge_project = %q{example}
837
- s.rubygems_version = %q{#{Gem::VERSION}}
838
- s.summary = %q{this is a summary}
839
- s.test_files = [\"test/suite.rb\"]
868
+ s.authors = ["A User"]
869
+ s.date = "#{Gem::Specification::TODAY.strftime "%Y-%m-%d"}"
870
+ s.default_executable = "exec"
871
+ s.description = "This is a test description"
872
+ s.email = "example@example.com"
873
+ s.executables = ["exec"]
874
+ s.extensions = ["ext/a/extconf.rb"]
875
+ s.files = ["lib/code.rb", "test/suite.rb", "bin/exec", "ext/a/extconf.rb"]
876
+ s.has_rdoc = "true"
877
+ s.homepage = "http://example.com"
878
+ s.licenses = ["MIT"]
879
+ s.require_paths = ["lib"]
880
+ s.requirements = ["A working computer"]
881
+ s.rubyforge_project = "example"
882
+ s.rubygems_version = "#{Gem::VERSION}"
883
+ s.summary = "this is a summary"
884
+ s.test_files = ["test/suite.rb"]
840
885
 
841
886
  if s.respond_to? :specification_version then
842
887
  s.specification_version = 3
metadata CHANGED
@@ -1,10 +1,10 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: slimgems
3
- version: !ruby/object:Gem::Version
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.3.9.3
4
5
  prerelease:
5
- version: 1.3.9.2
6
6
  platform: ruby
7
- authors:
7
+ authors:
8
8
  - Jim Weirich
9
9
  - Chad Fowler
10
10
  - Eric Hodel
@@ -12,29 +12,23 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
-
16
- date: 2011-06-14 00:00:00 -04:00
15
+ date: 2011-09-07 00:00:00.000000000 -04:00
17
16
  default_executable:
18
17
  dependencies: []
19
-
20
- description: |
21
- SlimGems is a drop-in replacement for RubyGems, a package management framework
22
- for Ruby. We forked the project at 1.3.7, which was a great stable release.
23
-
24
- SlimGems focuses on maintaining a sane and stable API. We believe that the
25
- project has been put through enough stress testing by the community to lock
26
- into the current API functionality for the forseeable future. We will also
27
- continue to improve the runtime performance over time; we can do this
28
- without changing the API.
29
-
18
+ description: ! "SlimGems is a drop-in replacement for RubyGems, a package management
19
+ framework \nfor Ruby. This project was forked at 1.3.7, which was a great stable
20
+ release.\n\nSlimGems focuses on maintaining a sane and stable API. We believe that
21
+ the\nproject has been put through enough stress testing by the community to lock\ninto
22
+ the current API functionality for the forseeable future. We will also\ncontinue
23
+ to improve the runtime performance over time; we can do this\nwithout changing the
24
+ API.\n"
30
25
  email: lsegal@soen.ca
31
- executables:
26
+ executables:
32
27
  - update_slimgems
33
- extensions:
28
+ extensions:
34
29
  - bootstrap/Rakefile
35
30
  extra_rdoc_files: []
36
-
37
- files:
31
+ files:
38
32
  - bin/gem
39
33
  - bin/update_slimgems
40
34
  - bootstrap/Rakefile
@@ -222,35 +216,32 @@ files:
222
216
  has_rdoc: true
223
217
  homepage: http://slimgems.github.com
224
218
  licenses: []
225
-
226
- post_install_message: "Upgraded from RubyGems to SlimGems 1.3.9.2\n\
227
- \xEF\xBB\xBF=== 1.3.9.1 / 2011-06-03\n\n\
228
- SlimGems is a drop-in replacement for RubyGems. See README.md for more.\n\n\
229
- * Fixes slimgems getting uninstalled when `gem uninstall GEM` is called.\n\n"
219
+ post_install_message: ! "Upgraded from RubyGems to SlimGems 1.3.9.3\n\uFEFF=== 1.3.9.3
220
+ / 2011-09-07\n\nSlimGems is a drop-in replacement for RubyGems. See README.md for
221
+ more.\n\n* Add support for Ruby 1.9.3 preview release (#9)\n* Fix rubygems-pwn gem
222
+ install remote execution vulnerability (#10)\n\n"
230
223
  rdoc_options: []
231
-
232
- require_paths:
224
+ require_paths:
233
225
  - hide_lib_for_update
234
- required_ruby_version: !ruby/object:Gem::Requirement
226
+ required_ruby_version: !ruby/object:Gem::Requirement
235
227
  none: false
236
- requirements:
237
- - - ">"
238
- - !ruby/object:Gem::Version
228
+ requirements:
229
+ - - ! '>'
230
+ - !ruby/object:Gem::Version
239
231
  version: 1.8.3
240
- required_rubygems_version: !ruby/object:Gem::Requirement
232
+ required_rubygems_version: !ruby/object:Gem::Requirement
241
233
  none: false
242
- requirements:
243
- - - ">="
244
- - !ruby/object:Gem::Version
245
- version: "0"
234
+ requirements:
235
+ - - ! '>='
236
+ - !ruby/object:Gem::Version
237
+ version: '0'
246
238
  requirements: []
247
-
248
239
  rubyforge_project:
249
240
  rubygems_version: 1.3.9.2
250
241
  signing_key:
251
242
  specification_version: 3
252
243
  summary: SlimGems is a package management framework for Ruby
253
- test_files:
244
+ test_files:
254
245
  - test/bogussources.rb
255
246
  - test/fake_certlib/openssl.rb
256
247
  - test/foo/discover.rb