Project

General

Profile

Backport #9052 ยป rubygems.2.0.13.ruby.2.0.0.patch

drbrain (Eric Hodel), 10/25/2013 09:45 AM

View differences:

NEWS (working copy)
461 461
    XML declaration is used for XML document encoding.
462 462

  
463 463
* RubyGems
464
  * Updated to 2.0.12.
464
  * Updated to 2.0.13.
465 465

  
466
    See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.12+%2F+2013-10-14
466
    See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.13+%2F+2013-10-24
467 467
    for release notes.
468 468

  
469 469
  * Updated to 2.0.10.  This fixes CVE_2013-4363:
lib/rubygems/server.rb (working copy)
445 445
    @spec_dirs = @gem_dirs.map { |gem_dir| File.join gem_dir, 'specifications' }
446 446
    @spec_dirs.reject! { |spec_dir| !File.directory? spec_dir }
447 447

  
448
    Gem::Specification.dirs = @gem_dirs
448
    reset_gems
449 449

  
450 450
    @have_rdoc_4_plus = nil
451 451
  end
......
470 470
  end
471 471

  
472 472
  def latest_specs(req, res)
473
    Gem::Specification.reset
473
    reset_gems
474 474

  
475 475
    res['content-type'] = 'application/x-gzip'
476 476

  
......
531 531
  end
532 532

  
533 533
  def quick(req, res)
534
    Gem::Specification.reset
534
    reset_gems
535 535

  
536 536
    res['content-type'] = 'text/plain'
537 537
    add_date res
......
567 567
  end
568 568

  
569 569
  def root(req, res)
570
    Gem::Specification.reset
570
    reset_gems
571

  
571 572
    add_date res
572 573

  
573 574
    raise WEBrick::HTTPStatus::NotFound, "`#{req.path}' not found." unless
......
698 699
  end
699 700

  
700 701
  ##
702
  # Updates the server to use the latest installed gems.
703

  
704
  def reset_gems # :nodoc:
705
    Gem::Specification.dirs = @gem_dirs
706
  end
707

  
708
  ##
701 709
  # Returns true and prepares http response, if rdoc for the requested gem
702 710
  # name pattern was found.
703 711
  #
......
787 795
  end
788 796

  
789 797
  def specs(req, res)
790
    Gem::Specification.reset
798
    reset_gems
791 799

  
792 800
    add_date res
793 801

  
lib/rubygems/source.rb (working copy)
63 63
  end
64 64

  
65 65
  def update_cache?
66
    @update_cache ||= File.stat(Gem.user_home).uid == Process.uid
66
    @update_cache ||=
67
      begin
68
        File.stat(Gem.user_home).uid == Process.uid
69
      rescue Errno::ENOENT
70
        false
71
      end
67 72
  end
68 73

  
69 74
  def fetch_spec(name)
lib/rubygems/spec_fetcher.rb (working copy)
39 39

  
40 40
  def initialize
41 41
    @dir = File.join Gem.user_home, '.gem', 'specs'
42
    @update_cache = File.stat(Gem.user_home).uid == Process.uid
42
    @update_cache =
43
      begin
44
        File.stat(Gem.user_home).uid == Process.uid
45
      rescue Errno::EACCES, Errno::ENOENT
46
        false
47
      end
43 48

  
44 49
    @specs = {}
45 50
    @latest_specs = {}
lib/rubygems/version.rb (working copy)
174 174
  # REFACTOR: There's no real reason this should be separate from #initialize.
175 175

  
176 176
  def self.create input
177
    if input.respond_to? :version then
177
    if self === input then # check yourself before you wreck yourself
178 178
      input
179 179
    elsif input.nil? then
180 180
      nil
lib/rubygems.rb (working copy)
8 8
require 'rbconfig'
9 9

  
10 10
module Gem
11
  VERSION = '2.0.12'
11
  VERSION = '2.0.13'
12 12
end
13 13

  
14 14
# Must be first since it unloads the prelude from 1.9.2
test/rubygems/test_gem_server.rb (working copy)
85 85
    Marshal.load(@res.body)
86 86
  end
87 87

  
88
  def test_latest_specs_gemdirs
89
    data = StringIO.new "GET /latest_specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
90
    dir = "#{@gemhome}2"
91

  
92
    spec = quick_spec 'z', 9
93

  
94
    specs_dir = File.join dir, 'specifications'
95
    FileUtils.mkdir_p specs_dir
96

  
97
    open File.join(specs_dir, spec.spec_name), 'w' do |io|
98
      io.write spec.to_ruby
99
    end
100

  
101
    server = Gem::Server.new dir, process_based_port, false
102

  
103
    @req.parse data
104

  
105
    server.latest_specs @req, @res
106

  
107
    assert_equal 200, @res.status
108

  
109
    assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
110
  end
111

  
88 112
  def test_latest_specs_gz
89 113
    data = StringIO.new "GET /latest_specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
90 114
    @req.parse data
......
120 144
    assert_equal 2, @server.server.listeners.length
121 145
  end
122 146

  
147
  def test_quick_gemdirs
148
    data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
149
    dir = "#{@gemhome}2"
150

  
151
    server = Gem::Server.new dir, process_based_port, false
152

  
153
    @req.parse data
154

  
155
    server.quick @req, @res
156

  
157
    assert_equal 404, @res.status
158

  
159
    spec = quick_spec 'z', 9
160

  
161
    specs_dir = File.join dir, 'specifications'
162

  
163
    FileUtils.mkdir_p specs_dir
164

  
165
    open File.join(specs_dir, spec.spec_name), 'w' do |io|
166
      io.write spec.to_ruby
167
    end
168

  
169
    data.rewind
170

  
171
    req = WEBrick::HTTPRequest.new :Logger => nil
172
    res = WEBrick::HTTPResponse.new :HTTPVersion => '1.0'
173
    req.parse data
174

  
175
    server.quick req, res
176

  
177
    assert_equal 200, res.status
178
  end
179

  
123 180
  def test_quick_missing
124
    data = StringIO.new "GET /quick/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
181
    data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
125 182
    @req.parse data
126 183

  
127 184
    @server.quick @req, @res
......
188 245
    assert_equal 'text/html', @res['content-type']
189 246
  end
190 247

  
248
  def test_root_gemdirs
249
    data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
250
    dir = "#{@gemhome}2"
251

  
252
    spec = quick_spec 'z', 9
253

  
254
    specs_dir = File.join dir, 'specifications'
255
    FileUtils.mkdir_p specs_dir
256

  
257
    open File.join(specs_dir, spec.spec_name), 'w' do |io|
258
      io.write spec.to_ruby
259
    end
260

  
261
    server = Gem::Server.new dir, process_based_port, false
262

  
263
    @req.parse data
264

  
265
    server.root @req, @res
266

  
267
    assert_equal 200, @res.status
268
    assert_match 'z 9', @res.body
269
  end
270

  
191 271
  def test_specs
192 272
    data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
193 273
    @req.parse data
......
203 283
                 Marshal.load(@res.body)
204 284
  end
205 285

  
286
  def test_specs_gemdirs
287
    data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
288
    dir = "#{@gemhome}2"
289

  
290
    spec = quick_spec 'z', 9
291

  
292
    specs_dir = File.join dir, 'specifications'
293
    FileUtils.mkdir_p specs_dir
294

  
295
    open File.join(specs_dir, spec.spec_name), 'w' do |io|
296
      io.write spec.to_ruby
297
    end
298

  
299
    server = Gem::Server.new dir, process_based_port, false
300

  
301
    @req.parse data
302

  
303
    server.specs @req, @res
304

  
305
    assert_equal 200, @res.status
306

  
307
    assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
308
  end
309

  
206 310
  def test_specs_gz
207 311
    data = StringIO.new "GET /specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
208 312
    @req.parse data
test/rubygems/test_gem_source.rb (working copy)
184 184
    end
185 185
  end
186 186

  
187
  def test_update_cache_eh
188
    assert @source.update_cache?
189
  end
190

  
191
  def test_update_cache_eh_home_nonexistent
192
    FileUtils.rmdir Gem.user_home
193

  
194
    refute @source.update_cache?
195
  end
196

  
187 197
end
188 198

  
test/rubygems/test_gem_spec_fetcher.rb (working copy)
52 52
                  ['x',  Gem::Version.new(1),     'ruby']]
53 53
  end
54 54

  
55
  def test_initialize_unwritable_home_dir
56
    skip 'chmod not supported' if Gem.win_platform?
57

  
58
    FileUtils.chmod 0000, Gem.user_home
59

  
60
    begin
61
      assert Gem::SpecFetcher.new
62
    ensure
63
      FileUtils.chmod 0755, Gem.user_home
64
    end
65
  end
66

  
55 67
  def test_spec_for_dependency_all
56 68
    d = "#{@gem_repo}#{Gem::MARSHAL_SPEC_DIR}"
57 69
    @fetcher.data["#{d}#{@a1.spec_name}.rz"]    = util_zip(Marshal.dump(@a1))
test/rubygems/test_gem_version.rb (working copy)
23 23
    assert_bumped_version_equal "6", "5"
24 24
  end
25 25

  
26
  # FIX: For "legacy reasons," any object that responds to +version+
27
  # is returned unchanged. I'm not certain why.
26
  # A Gem::Version is already a Gem::Version and therefore not transformed by
27
  # Gem::Version.create
28 28

  
29 29
  def test_class_create
30
    fake = Object.new
31
    def fake.version; "1.0" end
30
    real = Gem::Version.new(1.0)
32 31

  
33
    assert_same  fake, Gem::Version.create(fake)
32
    assert_same  real, Gem::Version.create(real)
34 33
    assert_nil   Gem::Version.create(nil)
35 34
    assert_equal v("5.1"), Gem::Version.create("5.1")
36 35