ruby-changes:30985
From: nagachika <ko1@a...>
Date: Fri, 27 Sep 2013 01:46:23 +0900 (JST)
Subject: [ruby-changes:30985] nagachika:r43064 (ruby_2_0_0): * lib/rubygems: Update to Rubygems 2.0.10.
nagachika 2013-09-27 01:46:13 +0900 (Fri, 27 Sep 2013) New Revision: 43064 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=43064 Log: * lib/rubygems: Update to Rubygems 2.0.10. [ruby-core:57360] [Backport #8950] the patch is provided by drbrain (Eric Hodel). this update contains a security fix for CVE-2013-4363. Modified files: branches/ruby_2_0_0/ChangeLog branches/ruby_2_0_0/NEWS branches/ruby_2_0_0/lib/rubygems/version.rb branches/ruby_2_0_0/lib/rubygems.rb branches/ruby_2_0_0/test/rubygems/test_gem_requirement.rb branches/ruby_2_0_0/test/rubygems/test_gem_version.rb branches/ruby_2_0_0/version.h Index: ruby_2_0_0/ChangeLog =================================================================== --- ruby_2_0_0/ChangeLog (revision 43063) +++ ruby_2_0_0/ChangeLog (revision 43064) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1 +Fri Sep 27 01:24:20 2013 CHIKANAGA Tomoyuki <nagachika@r...> + + * lib/rubygems: Update to Rubygems 2.0.10. [ruby-core:57360] + [Backport #8950] + the patch is provided by drbrain (Eric Hodel). + this update contains a security fix for CVE-2013-4363. + Fri Sep 27 01:11:21 2013 Nobuyoshi Nakada <nobu@r...> * parse.y (lambda): adjust position to the beginning of the block. Index: ruby_2_0_0/lib/rubygems/version.rb =================================================================== --- ruby_2_0_0/lib/rubygems/version.rb (revision 43063) +++ ruby_2_0_0/lib/rubygems/version.rb (revision 43064) @@ -148,7 +148,7 @@ class Gem::Version https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/lib/rubygems/version.rb#L148 # FIX: These are only used once, in .correct?. Do they deserve to be # constants? VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: + ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc: ## # A string representation of this Version. Index: ruby_2_0_0/lib/rubygems.rb =================================================================== --- ruby_2_0_0/lib/rubygems.rb (revision 43063) +++ ruby_2_0_0/lib/rubygems.rb (revision 43064) @@ -8,7 +8,7 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/lib/rubygems.rb#L8 require 'rbconfig' module Gem - VERSION = '2.0.9' + VERSION = '2.0.10' end # Must be first since it unloads the prelude from 1.9.2 Index: ruby_2_0_0/NEWS =================================================================== --- ruby_2_0_0/NEWS (revision 43063) +++ ruby_2_0_0/NEWS (revision 43064) @@ -461,9 +461,11 @@ with all sufficient information, see the https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/NEWS#L461 XML declaration is used for XML document encoding. * RubyGems - * Updated to 2.0.9. + * Updated to 2.0.10. This fixes CVE_2013-4363: - http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.9+%2F+2013-09-13 + http://rubygems.rubyforge.org/rubygems-update/CVE-2013-4363_txt.html + + See http://rubygems.rubyforge.org/rubygems-update/History_txt.html#label-2.0.10+%2F+2013-09-24 for release notes. * Updated to 2.0.8. This fixes CVE-2013-4287: Index: ruby_2_0_0/version.h =================================================================== --- ruby_2_0_0/version.h (revision 43063) +++ ruby_2_0_0/version.h (revision 43064) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/version.h#L1 #define RUBY_VERSION "2.0.0" #define RUBY_RELEASE_DATE "2013-09-27" -#define RUBY_PATCHLEVEL 320 +#define RUBY_PATCHLEVEL 321 #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 9 Index: ruby_2_0_0/test/rubygems/test_gem_version.rb =================================================================== --- ruby_2_0_0/test/rubygems/test_gem_version.rb (revision 43063) +++ ruby_2_0_0/test/rubygems/test_gem_version.rb (revision 43064) @@ -67,12 +67,18 @@ class TestGemVersion < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/rubygems/test_gem_version.rb#L67 end def test_initialize_bad - ["junk", "1.0\n2.0"].each do |bad| - e = assert_raises ArgumentError do + %W[ + junk + 1.0\n2.0 + 1..2 + 1.2\ 3.4 + 1-2-3 + ].each do |bad| + e = assert_raises ArgumentError, bad do Gem::Version.new bad end - assert_equal "Malformed version number string #{bad}", e.message + assert_equal "Malformed version number string #{bad}", e.message, bad end end Index: ruby_2_0_0/test/rubygems/test_gem_requirement.rb =================================================================== --- ruby_2_0_0/test/rubygems/test_gem_requirement.rb (revision 43063) +++ ruby_2_0_0/test/rubygems/test_gem_requirement.rb (revision 43064) @@ -47,18 +47,20 @@ class TestGemRequirement < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/rubygems/test_gem_requirement.rb#L47 end def test_parse_bad - e = assert_raises Gem::Requirement::BadRequirementError do - Gem::Requirement.parse nil - end - - assert_equal 'Illformed requirement [nil]', e.message + [ + nil, + '', + '! 1', + '= junk', + '1..2', + ].each do |bad| + e = assert_raises Gem::Requirement::BadRequirementError do + Gem::Requirement.parse bad + end - e = assert_raises Gem::Requirement::BadRequirementError do - Gem::Requirement.parse "" + assert_equal "Illformed requirement [#{bad.inspect}]", e.message end - assert_equal 'Illformed requirement [""]', e.message - assert_equal Gem::Requirement::BadRequirementError.superclass, ArgumentError end -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/