[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: ruby: Update replacement to 2.4.2. Fix CVE-2017-{0898, 10784, 1
From: |
Ben Woodcroft |
Subject: |
01/03: ruby: Update replacement to 2.4.2. Fix CVE-2017-{0898, 10784, 14033, 14064}. |
Date: |
Sun, 17 Sep 2017 06:13:00 -0400 (EDT) |
benwoodcroft pushed a commit to branch master
in repository guix.
commit 312e8a9993bfcc85782bc7090b6cb06027dd4449
Author: Ben Woodcroft <address@hidden>
Date: Sun Sep 17 11:31:49 2017 +1000
ruby: Update replacement to 2.4.2. Fix CVE-2017-{0898,10784,14033,14064}.
* gnu/packages/ruby.scm (ruby): Update replacement to 2.4.2.
(ruby-2.4.1): Rename to ...
(ruby-2.4.2): ... this.
[source]: Remove patches.
* gnu/packages/patches/ruby-rubygems-2612-ruby24.patch,
gnu/packages/patches/ruby-rubygems-2613-ruby24.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
gnu/local.mk | 2 -
.../patches/ruby-rubygems-2612-ruby24.patch | 437 ---------------------
.../patches/ruby-rubygems-2613-ruby24.patch | 355 -----------------
gnu/packages/ruby.scm | 13 +-
4 files changed, 5 insertions(+), 802 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 418cc5e..5c1144e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1012,8 +1012,6 @@ dist_patch_DATA =
\
%D%/packages/patches/rsem-makefile.patch \
%D%/packages/patches/ruby-concurrent-ignore-broken-test.patch \
%D%/packages/patches/ruby-concurrent-test-arm.patch \
- %D%/packages/patches/ruby-rubygems-2612-ruby24.patch \
- %D%/packages/patches/ruby-rubygems-2613-ruby24.patch \
%D%/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch \
%D%/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch \
%D%/packages/patches/ruby-rack-ignore-failing-test.patch \
diff --git a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch
b/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch
deleted file mode 100644
index 8ee32c0..0000000
--- a/gnu/packages/patches/ruby-rubygems-2612-ruby24.patch
+++ /dev/null
@@ -1,437 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index 5cd1a4c47a..bc5bf9b4c2 100644
---- ruby-2.4.1/lib/rubygems.rb
-+++ ruby-2.4.1/lib/rubygems.rb
-@@ -10,7 +10,7 @@
- require 'thread'
-
- module Gem
-- VERSION = "2.6.11"
-+ VERSION = "2.6.12"
- end
-
- # Must be first since it unloads the prelude from 1.9.2
-@@ -234,6 +234,7 @@ def self.needs
-
- def self.finish_resolve(request_set=Gem::RequestSet.new)
- request_set.import Gem::Specification.unresolved_deps.values
-+ request_set.import Gem.loaded_specs.values.map {|s|
Gem::Dependency.new(s.name, s.version) }
-
- request_set.resolve_current.each do |s|
- s.full_spec.activate
-diff --git lib/rubygems/commands/open_command.rb
lib/rubygems/commands/open_command.rb
-index a89b7421e3..059635e835 100644
---- ruby-2.4.1/lib/rubygems/commands/open_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/open_command.rb
-@@ -72,7 +72,7 @@ def open_editor path
- end
-
- def spec_for name
-- spec = Gem::Specification.find_all_by_name(name, @version).last
-+ spec = Gem::Specification.find_all_by_name(name, @version).first
-
- return spec if spec
-
-diff --git lib/rubygems/commands/query_command.rb
lib/rubygems/commands/query_command.rb
-index f25d120b88..70f8127292 100644
---- ruby-2.4.1/lib/rubygems/commands/query_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
-@@ -86,7 +86,7 @@ def execute
- name = Array(options[:name])
- else
- args = options[:args].to_a
-- name = options[:exact] ? args : args.map{|arg| /#{arg}/i }
-+ name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } :
args.map{|arg| /#{arg}/i }
- end
-
- prerelease = options[:prerelease]
-diff --git lib/rubygems/commands/sources_command.rb
lib/rubygems/commands/sources_command.rb
-index 9832afd214..7e46963a4c 100644
---- ruby-2.4.1/lib/rubygems/commands/sources_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/sources_command.rb
-@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc:
- source = Gem::Source.new source_uri
-
- begin
-- if Gem.sources.include? source_uri then
-+ if Gem.sources.include? source then
- say "source #{source_uri} already present in the cache"
- else
- source.load_specs :released
-diff --git lib/rubygems/dependency_list.rb lib/rubygems/dependency_list.rb
-index 35fe7c4c1a..d8314eaf60 100644
---- ruby-2.4.1/lib/rubygems/dependency_list.rb
-+++ ruby-2.4.1/lib/rubygems/dependency_list.rb
-@@ -104,7 +104,7 @@ def find_name(full_name)
- end
-
- def inspect # :nodoc:
-- "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }]
-+ "%s %p>" % [super[0..-2], map { |s| s.full_name }]
- end
-
- ##
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index f4d3e728de..967543c2d1 100644
---- ruby-2.4.1/lib/rubygems/installer.rb
-+++ ruby-2.4.1/lib/rubygems/installer.rb
-@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc:
-
- ruby_executable = true
- existing = io.read.slice(%r{
-- ^(
-+ ^\s*(
- gem \s |
- load \s Gem\.bin_path\( |
- load \s Gem\.activate_bin_path\(
-@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc:
- # Return the text for an application file.
-
- def app_script_text(bin_file_name)
-+ # note that the `load` lines cannot be indented, as old RG versions match
-+ # against the beginning of the line
- return <<-TEXT
- #{shebang bin_file_name}
- #
-@@ -723,7 +725,12 @@ def app_script_text(bin_file_name)
- end
- end
-
-+if Gem.respond_to?(:activate_bin_path)
- load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version)
-+else
-+gem #{spec.name.dump}, version
-+load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version)
-+end
- TEXT
- end
-
-diff --git lib/rubygems/platform.rb lib/rubygems/platform.rb
-index d22d91ae54..2dd9ed5782 100644
---- ruby-2.4.1/lib/rubygems/platform.rb
-+++ ruby-2.4.1/lib/rubygems/platform.rb
-@@ -112,7 +112,7 @@ def initialize(arch)
- end
-
- def inspect
-- "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a]
-+ "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a]
- end
-
- def to_a
-diff --git lib/rubygems/security.rb lib/rubygems/security.rb
-index 119d6d56f7..6963ca156f 100644
---- ruby-2.4.1/lib/rubygems/security.rb
-+++ ruby-2.4.1/lib/rubygems/security.rb
-@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age =
ONE_YEAR,
-
- ##
- # Creates a new key pair of the specified +length+ and +algorithm+. The
-- # default is a 2048 bit RSA key.
-+ # default is a 3072 bit RSA key.
-
- def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM
- algorithm.new length
-diff --git lib/rubygems/server.rb lib/rubygems/server.rb
-index 81df0e608e..df4eb566d3 100644
---- ruby-2.4.1/lib/rubygems/server.rb
-+++ ruby-2.4.1/lib/rubygems/server.rb
-@@ -657,7 +657,7 @@ def root(req, res)
- "only_one_executable" => true,
- "full_name" => "rubygems-#{Gem::VERSION}",
- "has_deps" => false,
-- "homepage" => "http://docs.rubygems.org/",
-+ "homepage" => "http://guides.rubygems.org/",
- "name" => 'rubygems',
- "ri_installed" => true,
- "summary" => "RubyGems itself",
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index a2f289d162..500f0af768 100644
---- ruby-2.4.1/lib/rubygems/specification.rb
-+++ ruby-2.4.1/lib/rubygems/specification.rb
-@@ -2105,7 +2105,7 @@ def inspect # :nodoc:
- if $DEBUG
- super
- else
-- "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>"
-+ "#{super[0..-2]} #{full_name}>"
- end
- end
-
-diff --git lib/rubygems/test_case.rb lib/rubygems/test_case.rb
-index 86b68e1efb..4e48f1eb4c 100644
---- ruby-2.4.1/lib/rubygems/test_case.rb
-+++ ruby-2.4.1/lib/rubygems/test_case.rb
-@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1
-
- system @git, 'add', gemspec
- system @git, 'commit', '-a', '-m', 'a non-empty commit message',
'--quiet'
-- head = Gem::Util.popen('git', 'rev-parse', 'master').strip
-+ head = Gem::Util.popen(@git, 'rev-parse', 'master').strip
- end
-
- return name, git_spec.version, directory, head
-@@ -1498,6 +1498,8 @@ def self.key_path key_name
- begin
- gem 'rdoc'
- require 'rdoc'
-+
-+ require 'rubygems/rdoc'
- rescue LoadError, Gem::LoadError
- end
-
-@@ -1514,3 +1516,4 @@ def self.key_path key_name
- pid = $$
- END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid}
- Gem.clear_paths
-+Gem.loaded_specs.clear
-diff --git test/rubygems/test_gem.rb test/rubygems/test_gem.rb
-index a605f9cdfe..62b36dfd41 100644
---- ruby-2.4.1/test/rubygems/test_gem.rb
-+++ ruby-2.4.1/test/rubygems/test_gem.rb
-@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf
- end
- end
-
-+ def test_self_finish_resolve_respects_loaded_specs
-+ save_loaded_features do
-+ a1 = new_spec "a", "1", "b" => "> 0"
-+ b1 = new_spec "b", "1", "c" => ">= 1"
-+ b2 = new_spec "b", "2", "c" => ">= 2"
-+ c1 = new_spec "c", "1"
-+ c2 = new_spec "c", "2"
-+
-+ install_specs c1, c2, b1, b2, a1
-+
-+ a1.activate
-+ c1.activate
-+
-+ assert_equal %w(a-1 c-1), loaded_spec_names
-+ assert_equal ["b (> 0)"], unresolved_names
-+
-+ Gem.finish_resolve
-+
-+ assert_equal %w(a-1 b-1 c-1), loaded_spec_names
-+ assert_equal [], unresolved_names
-+ end
-+ end
-+
- def test_self_install
- spec_fetcher do |f|
- f.gem 'a', 1
-@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile
- skip if RUBY_VERSION <= "1.8.7"
-
- cwd = File.expand_path("test/rubygems", @@project_dir)
-- $LOAD_PATH.unshift cwd
-+ actual_load_path = $LOAD_PATH.unshift(cwd).dup
-
- discover_path = File.join 'lib', 'sff', 'discover.rb'
-
-@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile
- expected = [
- File.expand_path('test/rubygems/sff/discover.rb', @@project_dir),
- File.join(foo1.full_gem_path, discover_path)
-- ]
-+ ].sort
-
-- assert_equal expected, Gem.find_files('sff/discover')
-- assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]'
-+ assert_equal expected, Gem.find_files('sff/discover').sort
-+ assert_equal expected, Gem.find_files('sff/**.rb').sort,
'[ruby-core:31730]'
- ensure
-- assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7"
-+ assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7"
- end
-
- def test_self_find_latest_files
-diff --git test/rubygems/test_gem_commands_open_command.rb
test/rubygems/test_gem_commands_open_command.rb
-index 3ec38972e6..a96fa6ea23 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
-@@ -24,7 +24,8 @@ def test_execute
- @cmd.options[:args] = %w[foo]
- @cmd.options[:editor] = "#{Gem.ruby} -e0 --"
-
-- spec = gem 'foo'
-+ gem 'foo', '1.0.0'
-+ spec = gem 'foo', '1.0.1'
- mock = MiniTest::Mock.new
- mock.expect(:call, true, [spec.full_gem_path])
-
-diff --git test/rubygems/test_gem_commands_query_command.rb
test/rubygems/test_gem_commands_query_command.rb
-index 223f205b2d..d8d682b136 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-@@ -642,7 +642,7 @@ def test_execute_local_details
- assert_equal expected, @ui.output
- end
-
-- def test_execute_exact
-+ def test_execute_exact_remote
- spec_fetcher do |fetcher|
- fetcher.spec 'coolgem-omg', 3
- fetcher.spec 'coolgem', '4.2.1'
-@@ -665,6 +665,60 @@ def test_execute_exact
- assert_equal expected, @ui.output
- end
-
-+ def test_execute_exact_local
-+ spec_fetcher do |fetcher|
-+ fetcher.spec 'coolgem-omg', 3
-+ fetcher.spec 'coolgem', '4.2.1'
-+ fetcher.spec 'wow_coolgem', 1
-+ end
-+
-+ @cmd.handle_options %w[--exact coolgem]
-+
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+
-+ expected = <<-EOF
-+
-+*** LOCAL GEMS ***
-+
-+coolgem (4.2.1)
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ end
-+
-+ def test_execute_exact_multiple
-+ spec_fetcher do |fetcher|
-+ fetcher.spec 'coolgem-omg', 3
-+ fetcher.spec 'coolgem', '4.2.1'
-+ fetcher.spec 'wow_coolgem', 1
-+
-+ fetcher.spec 'othergem-omg', 3
-+ fetcher.spec 'othergem', '1.2.3'
-+ fetcher.spec 'wow_othergem', 1
-+ end
-+
-+ @cmd.handle_options %w[--exact coolgem othergem]
-+
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+
-+ expected = <<-EOF
-+
-+*** LOCAL GEMS ***
-+
-+coolgem (4.2.1)
-+
-+*** LOCAL GEMS ***
-+
-+othergem (1.2.3)
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ end
-+
- private
-
- def add_gems_to_fetcher
-diff --git test/rubygems/test_gem_commands_sources_command.rb
test/rubygems/test_gem_commands_sources_command.rb
-index 014b4b4c12..d5b6d99419 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
-@@ -108,6 +108,58 @@ def test_execute_add_redundant_source
- assert_equal '', @ui.error
- end
-
-+ def test_execute_add_redundant_source_trailing_slash
-+ # Remove pre-existing gem source (w/ slash)
-+ repo_with_slash = "http://gems.example.com/"
-+ @cmd.handle_options %W[--remove #{repo_with_slash}]
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+ source = Gem::Source.new repo_with_slash
-+ assert_equal false, Gem.sources.include?(source)
-+
-+ expected = <<-EOF
-+#{repo_with_slash} removed from sources
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ assert_equal '', @ui.error
-+
-+ # Re-add pre-existing gem source (w/o slash)
-+ repo_without_slash = "http://gems.example.com"
-+ @cmd.handle_options %W[--add #{repo_without_slash}]
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+ source = Gem::Source.new repo_without_slash
-+ assert_equal true, Gem.sources.include?(source)
-+
-+ expected = <<-EOF
-+http://gems.example.com/ removed from sources
-+http://gems.example.com added to sources
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ assert_equal '', @ui.error
-+
-+ # Re-add original gem source (w/ slash)
-+ @cmd.handle_options %W[--add #{repo_with_slash}]
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+ source = Gem::Source.new repo_with_slash
-+ assert_equal true, Gem.sources.include?(source)
-+
-+ expected = <<-EOF
-+http://gems.example.com/ removed from sources
-+http://gems.example.com added to sources
-+source http://gems.example.com/ already present in the cache
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ assert_equal '', @ui.error
-+ end
-+
- def test_execute_add_http_rubygems_org
- http_rubygems_org = 'http://rubygems.org'
-
-diff --git test/rubygems/test_gem_installer.rb
test/rubygems/test_gem_installer.rb
-index 6ceb2c6dfc..882981d344 100644
---- ruby-2.4.1/test/rubygems/test_gem_installer.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
-@@ -62,7 +62,12 @@ def test_app_script_text
- end
- end
-
-+if Gem.respond_to?(:activate_bin_path)
- load Gem.activate_bin_path('a', 'executable', version)
-+else
-+gem "a", version
-+load Gem.bin_path("a", "executable", version)
-+end
- EOF
-
- wrapper = @installer.app_script_text 'executable'
-diff --git test/rubygems/test_require.rb test/rubygems/test_require.rb
-index dd606e44d4..936f78fb2a 100644
---- ruby-2.4.1/test/rubygems/test_require.rb
-+++ ruby-2.4.1/test/rubygems/test_require.rb
-@@ -301,6 +301,17 @@ def test_default_gem_only
- assert_equal %w(default-2.0.0.0), loaded_spec_names
- end
-
-+ def test_realworld_default_gem
-+ skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2"
-+ cmd = <<-RUBY
-+ $stderr = $stdout
-+ require "json"
-+ puts Gem.loaded_specs["json"].default_gem?
-+ RUBY
-+ output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip
-+ assert_equal "true", output
-+ end
-+
- def test_default_gem_and_normal_gem
- default_gem_spec = new_default_spec("default", "2.0.0.0",
- nil, "default/gem.rb")
diff --git a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch
b/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch
deleted file mode 100644
index c253cc9..0000000
--- a/gnu/packages/patches/ruby-rubygems-2613-ruby24.patch
+++ /dev/null
@@ -1,355 +0,0 @@
-diff --git lib/rubygems.rb lib/rubygems.rb
-index bc5bf9b4c2..55aa85b8b2 100644
---- ruby-2.4.1/lib/rubygems.rb
-+++ ruby-2.4.1/lib/rubygems.rb
-@@ -10,7 +10,7 @@
- require 'thread'
-
- module Gem
-- VERSION = "2.6.12"
-+ VERSION = "2.6.13"
- end
-
- # Must be first since it unloads the prelude from 1.9.2
-diff --git lib/rubygems/commands/query_command.rb
lib/rubygems/commands/query_command.rb
-index 70f8127292..44144203e0 100644
---- ruby-2.4.1/lib/rubygems/commands/query_command.rb
-+++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
-@@ -226,7 +226,7 @@ def output_versions output, versions
- end
- end
-
-- output << make_entry(matching_tuples, platforms)
-+ output << clean_text(make_entry(matching_tuples, platforms))
- end
- end
-
-@@ -353,7 +353,8 @@ def spec_platforms entry, platforms
- end
-
- def spec_summary entry, spec
-- entry << "\n\n" << format_text(spec.summary, 68, 4)
-+ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
-+ entry << "\n\n" << format_text(summary, 68, 4)
- end
-
- end
-diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
-index 967543c2d1..6fd3399dd4 100644
---- ruby-2.4.1/lib/rubygems/installer.rb
-+++ ruby-2.4.1/lib/rubygems/installer.rb
-@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc:
- unpack or File.writable?(gem_home)
- end
-
-+ def verify_spec_name
-+ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
-+ raise Gem::InstallError, "#{spec} has an invalid name"
-+ end
-+
- ##
- # Return the text for an application file.
-
-@@ -823,6 +828,8 @@ def pre_install_checks
-
- ensure_loadable_spec
-
-+ verify_spec_name
-+
- if options[:install_as_default]
- Gem.ensure_default_gem_subdirectories gem_home
- else
-diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
-index e6a13d4b8c..8f0cf0b402 100644
---- ruby-2.4.1/lib/rubygems/remote_fetcher.rb
-+++ ruby-2.4.1/lib/rubygems/remote_fetcher.rb
-@@ -110,7 +110,7 @@ def api_endpoint(uri)
- else
- target = res.target.to_s.strip
-
-- if /\.#{Regexp.quote(host)}\z/ =~ target
-+ if URI("http://" + target).host.end_with?(".#{host}")
- return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
- end
-
-diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
-index 500f0af768..88e320c05a 100644
---- ruby-2.4.1/lib/rubygems/specification.rb
-+++ ruby-2.4.1/lib/rubygems/specification.rb
-@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
-
- private_constant :LOAD_CACHE if defined? private_constant
-
-+ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
-+
- # :startdoc:
-
- ##
-@@ -2671,9 +2673,15 @@ def validate packaging = true
- end
- end
-
-- unless String === name then
-+ if !name.is_a?(String) then
- raise Gem::InvalidSpecificationException,
-- "invalid value for attribute name: \"#{name.inspect}\""
-+ "invalid value for attribute name: \"#{name.inspect}\" must be a
string"
-+ elsif name !~ /[a-zA-Z]/ then
-+ raise Gem::InvalidSpecificationException,
-+ "invalid value for attribute name: #{name.dump} must include at
least one letter"
-+ elsif name !~ VALID_NAME_PATTERN then
-+ raise Gem::InvalidSpecificationException,
-+ "invalid value for attribute name: #{name.dump} can only include
letters, numbers, dashes, and underscores"
- end
-
- if raw_require_paths.empty? then
-diff --git lib/rubygems/text.rb lib/rubygems/text.rb
-index 732f1b99f2..b944b62c27 100644
---- ruby-2.4.1/lib/rubygems/text.rb
-+++ ruby-2.4.1/lib/rubygems/text.rb
-@@ -6,13 +6,26 @@
-
- module Gem::Text
-
-+ ##
-+ # Remove any non-printable characters and make the text suitable for
-+ # printing.
-+ def clean_text(text)
-+ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
-+ end
-+
-+ def truncate_text(text, description, max_length = 100_000)
-+ raise ArgumentError, "max_length must be positive" unless max_length > 0
-+ return text if text.size <= max_length
-+ "Truncating #{description} to
#{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" +
text[0, max_length]
-+ end
-+
- ##
- # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
- # characters
-
- def format_text(text, wrap, indent=0)
- result = []
-- work = text.dup
-+ work = clean_text(text)
-
- while work.length > wrap do
- if work =~ /^(.{0,#{wrap}})[ \n]/ then
-diff --git test/rubygems/test_gem_commands_query_command.rb
test/rubygems/test_gem_commands_query_command.rb
-index d8d682b136..469223c6c0 100644
---- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
-@@ -116,6 +116,86 @@ def test_execute_details
- This is a lot of text. This is a lot of text. This is a lot of text.
- This is a lot of text.
-
-+pl (1)
-+ Platform: i386-linux
-+ Author: A User
-+ Homepage: http://example.com
-+
-+ this is a summary
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ assert_equal '', @ui.error
-+ end
-+
-+ def test_execute_details_cleans_text
-+ spec_fetcher do |fetcher|
-+ fetcher.spec 'a', 2 do |s|
-+ s.summary = 'This is a lot of text. ' * 4
-+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+ s.homepage = "http://a.example.com/\x03"
-+ end
-+
-+ fetcher.legacy_platform
-+ end
-+
-+ @cmd.handle_options %w[-r -d]
-+
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+
-+ expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+ Authors: Abraham Lincoln ., . Hirohito
-+ Homepage: http://a.example.com/.
-+
-+ This is a lot of text. This is a lot of text. This is a lot of text.
-+ This is a lot of text.
-+
-+pl (1)
-+ Platform: i386-linux
-+ Author: A User
-+ Homepage: http://example.com
-+
-+ this is a summary
-+ EOF
-+
-+ assert_equal expected, @ui.output
-+ assert_equal '', @ui.error
-+ end
-+
-+ def test_execute_details_truncates_summary
-+ spec_fetcher do |fetcher|
-+ fetcher.spec 'a', 2 do |s|
-+ s.summary = 'This is a lot of text. ' * 10_000
-+ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
-+ s.homepage = "http://a.example.com/\x03"
-+ end
-+
-+ fetcher.legacy_platform
-+ end
-+
-+ @cmd.handle_options %w[-r -d]
-+
-+ use_ui @ui do
-+ @cmd.execute
-+ end
-+
-+ expected = <<-EOF
-+
-+*** REMOTE GEMS ***
-+
-+a (2)
-+ Authors: Abraham Lincoln ., . Hirohito
-+ Homepage: http://a.example.com/.
-+
-+ Truncating the summary for a-2 to 100,000 characters:
-+#{" This is a lot of text. This is a lot of text. This is a lot of
text.\n" * 1449} This is a lot of te
-+
- pl (1)
- Platform: i386-linux
- Author: A User
-diff --git test/rubygems/test_gem_installer.rb
test/rubygems/test_gem_installer.rb
-index 882981d344..dd049214fb 100644
---- ruby-2.4.1/test/rubygems/test_gem_installer.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
-@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version
- end
- end
-
-+ def test_pre_install_checks_malicious_name
-+ spec = util_spec '../malicious', '1'
-+ def spec.full_name # so the spec is buildable
-+ "malicious-1"
-+ end
-+ def spec.validate; end
-+
-+ util_build_gem spec
-+
-+ gem = File.join(@gemhome, 'cache', spec.file_name)
-+
-+ use_ui @ui do
-+ @installer = Gem::Installer.at gem
-+ e = assert_raises Gem::InstallError do
-+ @installer.pre_install_checks
-+ end
-+ assert_equal '#<Gem::Specification name=../malicious version=1> has an
invalid name', e.message
-+ end
-+ end
-+
- def test_shebang
- util_make_exec @spec, "#!/usr/bin/ruby"
-
-diff --git test/rubygems/test_gem_remote_fetcher.rb
test/rubygems/test_gem_remote_fetcher.rb
-index cb994462cd..fbb7d89019 100644
---- ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
-@@ -241,6 +241,21 @@ def
test_api_endpoint_ignores_trans_domain_values_that_end_with_original
- dns.verify
- end
-
-+ def
test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
-+ uri = URI.parse "http://example.com/foo"
-+ target = MiniTest::Mock.new
-+ target.expect :target, "evil.com/a.example.com"
-+
-+ dns = MiniTest::Mock.new
-+ dns.expect :getresource, target, [String, Object]
-+
-+ fetch = Gem::RemoteFetcher.new nil, dns
-+ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
-+
-+ target.verify
-+ dns.verify
-+ end
-+
- def test_api_endpoint_timeout_warning
- uri = URI.parse "http://gems.example.com/foo"
-
-diff --git test/rubygems/test_gem_specification.rb
test/rubygems/test_gem_specification.rb
-index d43289d745..0fcc11e78f 100644
---- ruby-2.4.1/test/rubygems/test_gem_specification.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_specification.rb
-@@ -2985,7 +2985,37 @@ def test_validate_name
- @a1.validate
- end
-
-- assert_equal 'invalid value for attribute name: ":json"', e.message
-+ assert_equal 'invalid value for attribute name: ":json" must be a
string', e.message
-+
-+ @a1.name = []
-+ e = assert_raises Gem::InvalidSpecificationException do
-+ @a1.validate
-+ end
-+ assert_equal "invalid value for attribute name: \"[]\" must be a string",
e.message
-+
-+ @a1.name = ""
-+ e = assert_raises Gem::InvalidSpecificationException do
-+ @a1.validate
-+ end
-+ assert_equal "invalid value for attribute name: \"\" must include at
least one letter", e.message
-+
-+ @a1.name = "12345"
-+ e = assert_raises Gem::InvalidSpecificationException do
-+ @a1.validate
-+ end
-+ assert_equal "invalid value for attribute name: \"12345\" must include at
least one letter", e.message
-+
-+ @a1.name = "../malicious"
-+ e = assert_raises Gem::InvalidSpecificationException do
-+ @a1.validate
-+ end
-+ assert_equal "invalid value for attribute name: \"../malicious\" can only
include letters, numbers, dashes, and underscores", e.message
-+
-+ @a1.name = "\ba\t"
-+ e = assert_raises Gem::InvalidSpecificationException do
-+ @a1.validate
-+ end
-+ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only
include letters, numbers, dashes, and underscores", e.message
- end
-
- def test_validate_non_nil
-diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
-index a6e22e04da..04f3f605e8 100644
---- ruby-2.4.1/test/rubygems/test_gem_text.rb
-+++ ruby-2.4.1/test/rubygems/test_gem_text.rb
-@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
- assert_equal expected, format_text(text, 78)
- end
-
-+ def test_format_removes_nonprintable_characters
-+ assert_equal "text with weird .. stuff .", format_text("text with weird
\x1b\x02 stuff \x7f", 40)
-+ end
-+
- def test_min3
- assert_equal 1, min3(1, 1, 1)
- assert_equal 1, min3(1, 1, 2)
-@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace
- assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
- assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
- end
-+
-+ def test_truncate_text
-+ assert_equal "abc", truncate_text("abc", "desc")
-+ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc",
"desc", 2)
-+ s = "ab" * 500_001
-+ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0,
1_000_000]}", truncate_text(s, "desc", 1_000_000)
-+ end
- end
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 846860f..d6ed15d 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -49,7 +49,7 @@
(define-public ruby
(package
(name "ruby")
- (replacement ruby-2.4.1)
+ (replacement ruby-2.4.2)
(version "2.4.0")
(source
(origin
@@ -103,11 +103,11 @@ a focus on simplicity and productivity.")
(home-page "https://ruby-lang.org")
(license license:ruby)))
-(define-public ruby-2.4.1
+(define-public ruby-2.4.2
(package
(inherit ruby)
(name "ruby")
- (version "2.4.1")
+ (version "2.4.2")
(source
(origin
(method url-fetch)
@@ -116,15 +116,12 @@ a focus on simplicity and productivity.")
"/ruby-" version ".tar.xz"))
(sha256
(base32
- "0m763zf2v0jhrha3cx21g4dif6vc9gm714invs8h3sg35ncskj2g"))
+ "0dgp4ypk3smrsbh2c249n5pl6nqhpd2igq9484dbsh81sf08k2kl"))
(modules '((guix build utils)))
(snippet `(begin
;; Remove bundled libffi
(delete-file-recursively "ext/fiddle/libffi-3.2.1")
- #t))
- (patches
- (search-patches "ruby-rubygems-2612-ruby24.patch"
- "ruby-rubygems-2613-ruby24.patch"))))))
+ #t))))))
(define-public ruby-2.3
(package
- branch master updated (0329f6f -> 86805c1), Ben Woodcroft, 2017/09/17
- 02/03: gnu: ruby-2.3: Update to 2.3.5. Fix CVE-2017-{0898, 10784, 14033, 14064}., Ben Woodcroft, 2017/09/17
- 03/03: gnu: ruby-2.2: Update to 2.2.8. Fix CVE-2017-{0898, 10784, 14033, 14064}., Ben Woodcroft, 2017/09/17
- 01/03: ruby: Update replacement to 2.4.2. Fix CVE-2017-{0898, 10784, 14033, 14064}.,
Ben Woodcroft <=