Backport #9052 ยป rubygems.2.0.13.ruby.2.0.0.patch
NEWS (working copy) | ||
---|---|---|
XML declaration is used for XML document encoding.
|
||
* RubyGems
|
||
* Updated to 2.0.12.
|
||
* Updated to 2.0.13.
|
||
See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.12+%2F+2013-10-14
|
||
See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.13+%2F+2013-10-24
|
||
for release notes.
|
||
* Updated to 2.0.10. This fixes CVE_2013-4363:
|
lib/rubygems/server.rb (working copy) | ||
---|---|---|
@spec_dirs = @gem_dirs.map { |gem_dir| File.join gem_dir, 'specifications' }
|
||
@spec_dirs.reject! { |spec_dir| !File.directory? spec_dir }
|
||
Gem::Specification.dirs = @gem_dirs
|
||
reset_gems
|
||
@have_rdoc_4_plus = nil
|
||
end
|
||
... | ... | |
end
|
||
def latest_specs(req, res)
|
||
Gem::Specification.reset
|
||
reset_gems
|
||
res['content-type'] = 'application/x-gzip'
|
||
... | ... | |
end
|
||
def quick(req, res)
|
||
Gem::Specification.reset
|
||
reset_gems
|
||
res['content-type'] = 'text/plain'
|
||
add_date res
|
||
... | ... | |
end
|
||
def root(req, res)
|
||
Gem::Specification.reset
|
||
reset_gems
|
||
add_date res
|
||
raise WEBrick::HTTPStatus::NotFound, "`#{req.path}' not found." unless
|
||
... | ... | |
end
|
||
##
|
||
# Updates the server to use the latest installed gems.
|
||
def reset_gems # :nodoc:
|
||
Gem::Specification.dirs = @gem_dirs
|
||
end
|
||
##
|
||
# Returns true and prepares http response, if rdoc for the requested gem
|
||
# name pattern was found.
|
||
#
|
||
... | ... | |
end
|
||
def specs(req, res)
|
||
Gem::Specification.reset
|
||
reset_gems
|
||
add_date res
|
||
lib/rubygems/source.rb (working copy) | ||
---|---|---|
end
|
||
def update_cache?
|
||
@update_cache ||= File.stat(Gem.user_home).uid == Process.uid
|
||
@update_cache ||=
|
||
begin
|
||
File.stat(Gem.user_home).uid == Process.uid
|
||
rescue Errno::ENOENT
|
||
false
|
||
end
|
||
end
|
||
def fetch_spec(name)
|
lib/rubygems/spec_fetcher.rb (working copy) | ||
---|---|---|
def initialize
|
||
@dir = File.join Gem.user_home, '.gem', 'specs'
|
||
@update_cache = File.stat(Gem.user_home).uid == Process.uid
|
||
@update_cache =
|
||
begin
|
||
File.stat(Gem.user_home).uid == Process.uid
|
||
rescue Errno::EACCES, Errno::ENOENT
|
||
false
|
||
end
|
||
@specs = {}
|
||
@latest_specs = {}
|
lib/rubygems/version.rb (working copy) | ||
---|---|---|
# REFACTOR: There's no real reason this should be separate from #initialize.
|
||
def self.create input
|
||
if input.respond_to? :version then
|
||
if self === input then # check yourself before you wreck yourself
|
||
input
|
||
elsif input.nil? then
|
||
nil
|
lib/rubygems.rb (working copy) | ||
---|---|---|
require 'rbconfig'
|
||
module Gem
|
||
VERSION = '2.0.12'
|
||
VERSION = '2.0.13'
|
||
end
|
||
# Must be first since it unloads the prelude from 1.9.2
|
test/rubygems/test_gem_server.rb (working copy) | ||
---|---|---|
Marshal.load(@res.body)
|
||
end
|
||
def test_latest_specs_gemdirs
|
||
data = StringIO.new "GET /latest_specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
||
dir = "#{@gemhome}2"
|
||
spec = quick_spec 'z', 9
|
||
specs_dir = File.join dir, 'specifications'
|
||
FileUtils.mkdir_p specs_dir
|
||
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
||
io.write spec.to_ruby
|
||
end
|
||
server = Gem::Server.new dir, process_based_port, false
|
||
@req.parse data
|
||
server.latest_specs @req, @res
|
||
assert_equal 200, @res.status
|
||
assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
|
||
end
|
||
def test_latest_specs_gz
|
||
data = StringIO.new "GET /latest_specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
|
||
@req.parse data
|
||
... | ... | |
assert_equal 2, @server.server.listeners.length
|
||
end
|
||
def test_quick_gemdirs
|
||
data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
|
||
dir = "#{@gemhome}2"
|
||
server = Gem::Server.new dir, process_based_port, false
|
||
@req.parse data
|
||
server.quick @req, @res
|
||
assert_equal 404, @res.status
|
||
spec = quick_spec 'z', 9
|
||
specs_dir = File.join dir, 'specifications'
|
||
FileUtils.mkdir_p specs_dir
|
||
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
||
io.write spec.to_ruby
|
||
end
|
||
data.rewind
|
||
req = WEBrick::HTTPRequest.new :Logger => nil
|
||
res = WEBrick::HTTPResponse.new :HTTPVersion => '1.0'
|
||
req.parse data
|
||
server.quick req, res
|
||
assert_equal 200, res.status
|
||
end
|
||
def test_quick_missing
|
||
data = StringIO.new "GET /quick/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
|
||
data = StringIO.new "GET /quick/Marshal.4.8/z-9.gemspec.rz HTTP/1.0\r\n\r\n"
|
||
@req.parse data
|
||
@server.quick @req, @res
|
||
... | ... | |
assert_equal 'text/html', @res['content-type']
|
||
end
|
||
def test_root_gemdirs
|
||
data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
|
||
dir = "#{@gemhome}2"
|
||
spec = quick_spec 'z', 9
|
||
specs_dir = File.join dir, 'specifications'
|
||
FileUtils.mkdir_p specs_dir
|
||
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
||
io.write spec.to_ruby
|
||
end
|
||
server = Gem::Server.new dir, process_based_port, false
|
||
@req.parse data
|
||
server.root @req, @res
|
||
assert_equal 200, @res.status
|
||
assert_match 'z 9', @res.body
|
||
end
|
||
def test_specs
|
||
data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
||
@req.parse data
|
||
... | ... | |
Marshal.load(@res.body)
|
||
end
|
||
def test_specs_gemdirs
|
||
data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
|
||
dir = "#{@gemhome}2"
|
||
spec = quick_spec 'z', 9
|
||
specs_dir = File.join dir, 'specifications'
|
||
FileUtils.mkdir_p specs_dir
|
||
open File.join(specs_dir, spec.spec_name), 'w' do |io|
|
||
io.write spec.to_ruby
|
||
end
|
||
server = Gem::Server.new dir, process_based_port, false
|
||
@req.parse data
|
||
server.specs @req, @res
|
||
assert_equal 200, @res.status
|
||
assert_equal [['z', v(9), Gem::Platform::RUBY]], Marshal.load(@res.body)
|
||
end
|
||
def test_specs_gz
|
||
data = StringIO.new "GET /specs.#{Gem.marshal_version}.gz HTTP/1.0\r\n\r\n"
|
||
@req.parse data
|
test/rubygems/test_gem_source.rb (working copy) | ||
---|---|---|
end
|
||
end
|
||
def test_update_cache_eh
|
||
assert @source.update_cache?
|
||
end
|
||
def test_update_cache_eh_home_nonexistent
|
||
FileUtils.rmdir Gem.user_home
|
||
refute @source.update_cache?
|
||
end
|
||
end
|
||
test/rubygems/test_gem_spec_fetcher.rb (working copy) | ||
---|---|---|
['x', Gem::Version.new(1), 'ruby']]
|
||
end
|
||
def test_initialize_unwritable_home_dir
|
||
skip 'chmod not supported' if Gem.win_platform?
|
||
FileUtils.chmod 0000, Gem.user_home
|
||
begin
|
||
assert Gem::SpecFetcher.new
|
||
ensure
|
||
FileUtils.chmod 0755, Gem.user_home
|
||
end
|
||
end
|
||
def test_spec_for_dependency_all
|
||
d = "#{@gem_repo}#{Gem::MARSHAL_SPEC_DIR}"
|
||
@fetcher.data["#{d}#{@a1.spec_name}.rz"] = util_zip(Marshal.dump(@a1))
|
test/rubygems/test_gem_version.rb (working copy) | ||
---|---|---|
assert_bumped_version_equal "6", "5"
|
||
end
|
||
# FIX: For "legacy reasons," any object that responds to +version+
|
||
# is returned unchanged. I'm not certain why.
|
||
# A Gem::Version is already a Gem::Version and therefore not transformed by
|
||
# Gem::Version.create
|
||
def test_class_create
|
||
fake = Object.new
|
||
def fake.version; "1.0" end
|
||
real = Gem::Version.new(1.0)
|
||
assert_same fake, Gem::Version.create(fake)
|
||
assert_same real, Gem::Version.create(real)
|
||
assert_nil Gem::Version.create(nil)
|
||
assert_equal v("5.1"), Gem::Version.create("5.1")
|
||