From f2c353054111b0398399ba1933a47d34441c875e Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Sun, 12 Nov 2017 14:43:11 +0100 Subject: [PATCH] ruby: security bump to version 2.4.2 Fixed the following security issues: CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode CVE-2017-14064: Heap exposure in generating JSON For more details, see the release notes: https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ Drop now upstreamed rubygems patches and add hashes for the license files while we're at it. Signed-off-by: Peter Korsgaard --- package/ruby/0001-rubygems-2612-ruby24.patch | 445 ------------------- package/ruby/0002-rubygems-2613-ruby24.patch | 364 --------------- package/ruby/ruby.hash | 8 +- package/ruby/ruby.mk | 2 +- 4 files changed, 7 insertions(+), 812 deletions(-) delete mode 100644 package/ruby/0001-rubygems-2612-ruby24.patch delete mode 100644 package/ruby/0002-rubygems-2613-ruby24.patch diff --git a/package/ruby/0001-rubygems-2612-ruby24.patch b/package/ruby/0001-rubygems-2612-ruby24.patch deleted file mode 100644 index ebbefffbed..0000000000 --- a/package/ruby/0001-rubygems-2612-ruby24.patch +++ /dev/null @@ -1,445 +0,0 @@ -[PATCH] bump rubygems to 2.6.12 - -Downloaded from upstream: -https://bugs.ruby-lang.org/attachments/download/6692/rubygems-2612-ruby24.patch - -And converted to patch-p1. - -Signed-off-by: Peter Korsgaard -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index 5cd1a4c47a..bc5bf9b4c2 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -10,7 +10,7 @@ - require 'thread' - - module Gem -- VERSION = "2.6.11" -+ VERSION = "2.6.12" - end - - # Must be first since it unloads the prelude from 1.9.2 -@@ -234,6 +234,7 @@ def self.needs - - def self.finish_resolve(request_set=Gem::RequestSet.new) - request_set.import Gem::Specification.unresolved_deps.values -+ request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) } - - request_set.resolve_current.each do |s| - s.full_spec.activate -diff --git a/lib/rubygems/commands/open_command.rb b/lib/rubygems/commands/open_command.rb -index a89b7421e3..059635e835 100644 ---- a/lib/rubygems/commands/open_command.rb -+++ b/lib/rubygems/commands/open_command.rb -@@ -72,7 +72,7 @@ def open_editor path - end - - def spec_for name -- spec = Gem::Specification.find_all_by_name(name, @version).last -+ spec = Gem::Specification.find_all_by_name(name, @version).first - - return spec if spec - -diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb -index f25d120b88..70f8127292 100644 ---- a/lib/rubygems/commands/query_command.rb -+++ b/lib/rubygems/commands/query_command.rb -@@ -86,7 +86,7 @@ def execute - name = Array(options[:name]) - else - args = options[:args].to_a -- name = options[:exact] ? args : args.map{|arg| /#{arg}/i } -+ name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } : args.map{|arg| /#{arg}/i } - end - - prerelease = options[:prerelease] -diff --git a/lib/rubygems/commands/sources_command.rb b/lib/rubygems/commands/sources_command.rb -index 9832afd214..7e46963a4c 100644 ---- a/lib/rubygems/commands/sources_command.rb -+++ b/lib/rubygems/commands/sources_command.rb -@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc: - source = Gem::Source.new source_uri - - begin -- if Gem.sources.include? source_uri then -+ if Gem.sources.include? source then - say "source #{source_uri} already present in the cache" - else - source.load_specs :released -diff --git a/lib/rubygems/dependency_list.rb b/lib/rubygems/dependency_list.rb -index 35fe7c4c1a..d8314eaf60 100644 ---- a/lib/rubygems/dependency_list.rb -+++ b/lib/rubygems/dependency_list.rb -@@ -104,7 +104,7 @@ def find_name(full_name) - end - - def inspect # :nodoc: -- "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }] -+ "%s %p>" % [super[0..-2], map { |s| s.full_name }] - end - - ## -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index f4d3e728de..967543c2d1 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc: - - ruby_executable = true - existing = io.read.slice(%r{ -- ^( -+ ^\s*( - gem \s | - load \s Gem\.bin_path\( | - load \s Gem\.activate_bin_path\( -@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc: - # Return the text for an application file. - - def app_script_text(bin_file_name) -+ # note that the `load` lines cannot be indented, as old RG versions match -+ # against the beginning of the line - return <<-TEXT - #{shebang bin_file_name} - # -@@ -723,7 +725,12 @@ def app_script_text(bin_file_name) - end - end - -+if Gem.respond_to?(:activate_bin_path) - load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version) -+else -+gem #{spec.name.dump}, version -+load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version) -+end - TEXT - end - -diff --git a/lib/rubygems/platform.rb b/lib/rubygems/platform.rb -index d22d91ae54..2dd9ed5782 100644 ---- a/lib/rubygems/platform.rb -+++ b/lib/rubygems/platform.rb -@@ -112,7 +112,7 @@ def initialize(arch) - end - - def inspect -- "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a] -+ "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a] - end - - def to_a -diff --git a/lib/rubygems/security.rb b/lib/rubygems/security.rb -index 119d6d56f7..6963ca156f 100644 ---- a/lib/rubygems/security.rb -+++ b/lib/rubygems/security.rb -@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age = ONE_YEAR, - - ## - # Creates a new key pair of the specified +length+ and +algorithm+. The -- # default is a 2048 bit RSA key. -+ # default is a 3072 bit RSA key. - - def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM - algorithm.new length -diff --git a/lib/rubygems/server.rb b/lib/rubygems/server.rb -index 81df0e608e..df4eb566d3 100644 ---- a/lib/rubygems/server.rb -+++ b/lib/rubygems/server.rb -@@ -657,7 +657,7 @@ def root(req, res) - "only_one_executable" => true, - "full_name" => "rubygems-#{Gem::VERSION}", - "has_deps" => false, -- "homepage" => "http://docs.rubygems.org/", -+ "homepage" => "http://guides.rubygems.org/", - "name" => 'rubygems', - "ri_installed" => true, - "summary" => "RubyGems itself", -diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb -index a2f289d162..500f0af768 100644 ---- a/lib/rubygems/specification.rb -+++ b/lib/rubygems/specification.rb -@@ -2105,7 +2105,7 @@ def inspect # :nodoc: - if $DEBUG - super - else -- "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>" -+ "#{super[0..-2]} #{full_name}>" - end - end - -diff --git a/lib/rubygems/test_case.rb b/lib/rubygems/test_case.rb -index 86b68e1efb..4e48f1eb4c 100644 ---- a/lib/rubygems/test_case.rb -+++ b/lib/rubygems/test_case.rb -@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1 - - system @git, 'add', gemspec - system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet' -- head = Gem::Util.popen('git', 'rev-parse', 'master').strip -+ head = Gem::Util.popen(@git, 'rev-parse', 'master').strip - end - - return name, git_spec.version, directory, head -@@ -1498,6 +1498,8 @@ def self.key_path key_name - begin - gem 'rdoc' - require 'rdoc' -+ -+ require 'rubygems/rdoc' - rescue LoadError, Gem::LoadError - end - -@@ -1514,3 +1516,4 @@ def self.key_path key_name - pid = $$ - END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid} - Gem.clear_paths -+Gem.loaded_specs.clear -diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb -index a605f9cdfe..62b36dfd41 100644 ---- a/test/rubygems/test_gem.rb -+++ b/test/rubygems/test_gem.rb -@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf - end - end - -+ def test_self_finish_resolve_respects_loaded_specs -+ save_loaded_features do -+ a1 = new_spec "a", "1", "b" => "> 0" -+ b1 = new_spec "b", "1", "c" => ">= 1" -+ b2 = new_spec "b", "2", "c" => ">= 2" -+ c1 = new_spec "c", "1" -+ c2 = new_spec "c", "2" -+ -+ install_specs c1, c2, b1, b2, a1 -+ -+ a1.activate -+ c1.activate -+ -+ assert_equal %w(a-1 c-1), loaded_spec_names -+ assert_equal ["b (> 0)"], unresolved_names -+ -+ Gem.finish_resolve -+ -+ assert_equal %w(a-1 b-1 c-1), loaded_spec_names -+ assert_equal [], unresolved_names -+ end -+ end -+ - def test_self_install - spec_fetcher do |f| - f.gem 'a', 1 -@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile - skip if RUBY_VERSION <= "1.8.7" - - cwd = File.expand_path("test/rubygems", @@project_dir) -- $LOAD_PATH.unshift cwd -+ actual_load_path = $LOAD_PATH.unshift(cwd).dup - - discover_path = File.join 'lib', 'sff', 'discover.rb' - -@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile - expected = [ - File.expand_path('test/rubygems/sff/discover.rb', @@project_dir), - File.join(foo1.full_gem_path, discover_path) -- ] -+ ].sort - -- assert_equal expected, Gem.find_files('sff/discover') -- assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]' -+ assert_equal expected, Gem.find_files('sff/discover').sort -+ assert_equal expected, Gem.find_files('sff/**.rb').sort, '[ruby-core:31730]' - ensure -- assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7" -+ assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7" - end - - def test_self_find_latest_files -diff --git a/test/rubygems/test_gem_commands_open_command.rb b/test/rubygems/test_gem_commands_open_command.rb -index 3ec38972e6..a96fa6ea23 100644 ---- a/test/rubygems/test_gem_commands_open_command.rb -+++ b/test/rubygems/test_gem_commands_open_command.rb -@@ -24,7 +24,8 @@ def test_execute - @cmd.options[:args] = %w[foo] - @cmd.options[:editor] = "#{Gem.ruby} -e0 --" - -- spec = gem 'foo' -+ gem 'foo', '1.0.0' -+ spec = gem 'foo', '1.0.1' - mock = MiniTest::Mock.new - mock.expect(:call, true, [spec.full_gem_path]) - -diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb -index 223f205b2d..d8d682b136 100644 ---- a/test/rubygems/test_gem_commands_query_command.rb -+++ b/test/rubygems/test_gem_commands_query_command.rb -@@ -642,7 +642,7 @@ def test_execute_local_details - assert_equal expected, @ui.output - end - -- def test_execute_exact -+ def test_execute_exact_remote - spec_fetcher do |fetcher| - fetcher.spec 'coolgem-omg', 3 - fetcher.spec 'coolgem', '4.2.1' -@@ -665,6 +665,60 @@ def test_execute_exact - assert_equal expected, @ui.output - end - -+ def test_execute_exact_local -+ spec_fetcher do |fetcher| -+ fetcher.spec 'coolgem-omg', 3 -+ fetcher.spec 'coolgem', '4.2.1' -+ fetcher.spec 'wow_coolgem', 1 -+ end -+ -+ @cmd.handle_options %w[--exact coolgem] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** LOCAL GEMS *** -+ -+coolgem (4.2.1) -+ EOF -+ -+ assert_equal expected, @ui.output -+ end -+ -+ def test_execute_exact_multiple -+ spec_fetcher do |fetcher| -+ fetcher.spec 'coolgem-omg', 3 -+ fetcher.spec 'coolgem', '4.2.1' -+ fetcher.spec 'wow_coolgem', 1 -+ -+ fetcher.spec 'othergem-omg', 3 -+ fetcher.spec 'othergem', '1.2.3' -+ fetcher.spec 'wow_othergem', 1 -+ end -+ -+ @cmd.handle_options %w[--exact coolgem othergem] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** LOCAL GEMS *** -+ -+coolgem (4.2.1) -+ -+*** LOCAL GEMS *** -+ -+othergem (1.2.3) -+ EOF -+ -+ assert_equal expected, @ui.output -+ end -+ - private - - def add_gems_to_fetcher -diff --git a/test/rubygems/test_gem_commands_sources_command.rb b/test/rubygems/test_gem_commands_sources_command.rb -index 014b4b4c12..d5b6d99419 100644 ---- a/test/rubygems/test_gem_commands_sources_command.rb -+++ b/test/rubygems/test_gem_commands_sources_command.rb -@@ -108,6 +108,58 @@ def test_execute_add_redundant_source - assert_equal '', @ui.error - end - -+ def test_execute_add_redundant_source_trailing_slash -+ # Remove pre-existing gem source (w/ slash) -+ repo_with_slash = "http://gems.example.com/" -+ @cmd.handle_options %W[--remove #{repo_with_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_with_slash -+ assert_equal false, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+#{repo_with_slash} removed from sources -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ -+ # Re-add pre-existing gem source (w/o slash) -+ repo_without_slash = "http://gems.example.com" -+ @cmd.handle_options %W[--add #{repo_without_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_without_slash -+ assert_equal true, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+http://gems.example.com/ removed from sources -+http://gems.example.com added to sources -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ -+ # Re-add original gem source (w/ slash) -+ @cmd.handle_options %W[--add #{repo_with_slash}] -+ use_ui @ui do -+ @cmd.execute -+ end -+ source = Gem::Source.new repo_with_slash -+ assert_equal true, Gem.sources.include?(source) -+ -+ expected = <<-EOF -+http://gems.example.com/ removed from sources -+http://gems.example.com added to sources -+source http://gems.example.com/ already present in the cache -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ - def test_execute_add_http_rubygems_org - http_rubygems_org = 'http://rubygems.org' - -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index 6ceb2c6dfc..882981d344 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -62,7 +62,12 @@ def test_app_script_text - end - end - -+if Gem.respond_to?(:activate_bin_path) - load Gem.activate_bin_path('a', 'executable', version) -+else -+gem "a", version -+load Gem.bin_path("a", "executable", version) -+end - EOF - - wrapper = @installer.app_script_text 'executable' -diff --git a/test/rubygems/test_require.rb b/test/rubygems/test_require.rb -index dd606e44d4..936f78fb2a 100644 ---- a/test/rubygems/test_require.rb -+++ b/test/rubygems/test_require.rb -@@ -301,6 +301,17 @@ def test_default_gem_only - assert_equal %w(default-2.0.0.0), loaded_spec_names - end - -+ def test_realworld_default_gem -+ skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2" -+ cmd = <<-RUBY -+ $stderr = $stdout -+ require "json" -+ puts Gem.loaded_specs["json"].default_gem? -+ RUBY -+ output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip -+ assert_equal "true", output -+ end -+ - def test_default_gem_and_normal_gem - default_gem_spec = new_default_spec("default", "2.0.0.0", - nil, "default/gem.rb") diff --git a/package/ruby/0002-rubygems-2613-ruby24.patch b/package/ruby/0002-rubygems-2613-ruby24.patch deleted file mode 100644 index ea25d90347..0000000000 --- a/package/ruby/0002-rubygems-2613-ruby24.patch +++ /dev/null @@ -1,364 +0,0 @@ -[PATCH] bump rubygems to 2.6.12 - -Downloaded from upstream: -https://bugs.ruby-lang.org/attachments/download/6693/rubygems-2613-ruby24.patch - -And converted to patch-p1. - -Signed-off-by: Peter Korsgaard - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index bc5bf9b4c2..55aa85b8b2 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -10,7 +10,7 @@ - require 'thread' - - module Gem -- VERSION = "2.6.12" -+ VERSION = "2.6.13" - end - - # Must be first since it unloads the prelude from 1.9.2 -diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb -index 70f8127292..44144203e0 100644 ---- a/lib/rubygems/commands/query_command.rb -+++ b/lib/rubygems/commands/query_command.rb -@@ -226,7 +226,7 @@ def output_versions output, versions - end - end - -- output << make_entry(matching_tuples, platforms) -+ output << clean_text(make_entry(matching_tuples, platforms)) - end - end - -@@ -353,7 +353,8 @@ def spec_platforms entry, platforms - end - - def spec_summary entry, spec -- entry << "\n\n" << format_text(spec.summary, 68, 4) -+ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") -+ entry << "\n\n" << format_text(summary, 68, 4) - end - - end -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index 967543c2d1..6fd3399dd4 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc: - unpack or File.writable?(gem_home) - end - -+ def verify_spec_name -+ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN -+ raise Gem::InstallError, "#{spec} has an invalid name" -+ end -+ - ## - # Return the text for an application file. - -@@ -823,6 +828,8 @@ def pre_install_checks - - ensure_loadable_spec - -+ verify_spec_name -+ - if options[:install_as_default] - Gem.ensure_default_gem_subdirectories gem_home - else -diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb -index e6a13d4b8c..8f0cf0b402 100644 ---- a/lib/rubygems/remote_fetcher.rb -+++ b/lib/rubygems/remote_fetcher.rb -@@ -110,7 +110,7 @@ def api_endpoint(uri) - else - target = res.target.to_s.strip - -- if /\.#{Regexp.quote(host)}\z/ =~ target -+ if URI("http://" + target).host.end_with?(".#{host}") - return URI.parse "#{uri.scheme}://#{target}#{uri.path}" - end - -diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb -index 500f0af768..88e320c05a 100644 ---- a/lib/rubygems/specification.rb -+++ b/lib/rubygems/specification.rb -@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification - - private_constant :LOAD_CACHE if defined? private_constant - -+ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: -+ - # :startdoc: - - ## -@@ -2671,9 +2673,15 @@ def validate packaging = true - end - end - -- unless String === name then -+ if !name.is_a?(String) then - raise Gem::InvalidSpecificationException, -- "invalid value for attribute name: \"#{name.inspect}\"" -+ "invalid value for attribute name: \"#{name.inspect}\" must be a string" -+ elsif name !~ /[a-zA-Z]/ then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} must include at least one letter" -+ elsif name !~ VALID_NAME_PATTERN then -+ raise Gem::InvalidSpecificationException, -+ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" - end - - if raw_require_paths.empty? then -diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb -index 732f1b99f2..b944b62c27 100644 ---- a/lib/rubygems/text.rb -+++ b/lib/rubygems/text.rb -@@ -6,13 +6,26 @@ - - module Gem::Text - -+ ## -+ # Remove any non-printable characters and make the text suitable for -+ # printing. -+ def clean_text(text) -+ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) -+ end -+ -+ def truncate_text(text, description, max_length = 100_000) -+ raise ArgumentError, "max_length must be positive" unless max_length > 0 -+ return text if text.size <= max_length -+ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] -+ end -+ - ## - # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ - # characters - - def format_text(text, wrap, indent=0) - result = [] -- work = text.dup -+ work = clean_text(text) - - while work.length > wrap do - if work =~ /^(.{0,#{wrap}})[ \n]/ then -diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb -index d8d682b136..469223c6c0 100644 ---- a/test/rubygems/test_gem_commands_query_command.rb -+++ b/test/rubygems/test_gem_commands_query_command.rb -@@ -116,6 +116,86 @@ def test_execute_details - This is a lot of text. This is a lot of text. This is a lot of text. - This is a lot of text. - -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_cleans_text -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 4 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ This is a lot of text. This is a lot of text. This is a lot of text. -+ This is a lot of text. -+ -+pl (1) -+ Platform: i386-linux -+ Author: A User -+ Homepage: http://example.com -+ -+ this is a summary -+ EOF -+ -+ assert_equal expected, @ui.output -+ assert_equal '', @ui.error -+ end -+ -+ def test_execute_details_truncates_summary -+ spec_fetcher do |fetcher| -+ fetcher.spec 'a', 2 do |s| -+ s.summary = 'This is a lot of text. ' * 10_000 -+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] -+ s.homepage = "http://a.example.com/\x03" -+ end -+ -+ fetcher.legacy_platform -+ end -+ -+ @cmd.handle_options %w[-r -d] -+ -+ use_ui @ui do -+ @cmd.execute -+ end -+ -+ expected = <<-EOF -+ -+*** REMOTE GEMS *** -+ -+a (2) -+ Authors: Abraham Lincoln ., . Hirohito -+ Homepage: http://a.example.com/. -+ -+ Truncating the summary for a-2 to 100,000 characters: -+#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te -+ - pl (1) - Platform: i386-linux - Author: A User -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index 882981d344..dd049214fb 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version - end - end - -+ def test_pre_install_checks_malicious_name -+ spec = util_spec '../malicious', '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate; end -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal '# has an invalid name', e.message -+ end -+ end -+ - def test_shebang - util_make_exec @spec, "#!/usr/bin/ruby" - -diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb -index cb994462cd..fbb7d89019 100644 ---- a/test/rubygems/test_gem_remote_fetcher.rb -+++ b/test/rubygems/test_gem_remote_fetcher.rb -@@ -241,6 +241,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original - dns.verify - end - -+ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path -+ uri = URI.parse "http://example.com/foo" -+ target = MiniTest::Mock.new -+ target.expect :target, "evil.com/a.example.com" -+ -+ dns = MiniTest::Mock.new -+ dns.expect :getresource, target, [String, Object] -+ -+ fetch = Gem::RemoteFetcher.new nil, dns -+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) -+ -+ target.verify -+ dns.verify -+ end -+ - def test_api_endpoint_timeout_warning - uri = URI.parse "http://gems.example.com/foo" - -diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb -index d43289d745..0fcc11e78f 100644 ---- a/test/rubygems/test_gem_specification.rb -+++ b/test/rubygems/test_gem_specification.rb -@@ -2985,7 +2985,37 @@ def test_validate_name - @a1.validate - end - -- assert_equal 'invalid value for attribute name: ":json"', e.message -+ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message -+ -+ @a1.name = [] -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message -+ -+ @a1.name = "" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message -+ -+ @a1.name = "12345" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message -+ -+ @a1.name = "../malicious" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message -+ -+ @a1.name = "\ba\t" -+ e = assert_raises Gem::InvalidSpecificationException do -+ @a1.validate -+ end -+ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message - end - - def test_validate_non_nil -diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb -index a6e22e04da..04f3f605e8 100644 ---- a/test/rubygems/test_gem_text.rb -+++ b/test/rubygems/test_gem_text.rb -@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after . - assert_equal expected, format_text(text, 78) - end - -+ def test_format_removes_nonprintable_characters -+ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) -+ end -+ - def test_min3 - assert_equal 1, min3(1, 1, 1) - assert_equal 1, min3(1, 1, 2) -@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace - assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") - assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") - end -+ -+ def test_truncate_text -+ assert_equal "abc", truncate_text("abc", "desc") -+ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) -+ s = "ab" * 500_001 -+ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) -+ end - end diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash index 624ce40f57..d066186d56 100644 --- a/package/ruby/ruby.hash +++ b/package/ruby/ruby.hash @@ -1,2 +1,6 @@ -# From https://www.ruby-lang.org/en/news/2017/03/22/ruby-2-4-1-released/ -sha256 4fc8a9992de3e90191de369270ea4b6c1b171b7941743614cc50822ddc1fe654 ruby-2.4.1.tar.xz +# From https://www.ruby-lang.org/en/news/2017/09/14/ruby-2-4-2-released/ +sha256 748a8980d30141bd1a4124e11745bb105b436fb1890826e0d2b9ea31af27f735 ruby-2.4.2.tar.xz +# License files, Locally calculated +sha256 5cda9584acd5e1096276a375085b7e659fa67a072fd69ec2c3931e54f7f563bb LEGAL +sha256 f5eb1b2956d5f7a67b2e5722a3749bc2fe86f9c580f2e3f5a08519cf073b5864 COPYING +sha256 a5e3042dacb53eebda91f3b1caefbfec8307711df8c4ed1ed20e4e97c43307a4 BSDL diff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk index 3302811890..4bf1a14cee 100644 --- a/package/ruby/ruby.mk +++ b/package/ruby/ruby.mk @@ -5,7 +5,7 @@ ################################################################################ RUBY_VERSION_MAJOR = 2.4 -RUBY_VERSION = $(RUBY_VERSION_MAJOR).1 +RUBY_VERSION = $(RUBY_VERSION_MAJOR).2 RUBY_VERSION_EXT = 2.4.0 RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR) RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz -- 2.30.2