From ca01883eadd14d8f92c1779cb9bb2bb92ef7b628 Mon Sep 17 00:00:00 2001 From: Antonio Terceiro Date: Sat, 21 Oct 2017 23:40:37 +0100 Subject: [PATCH] debian-changes This patch file represents the entire difference between the package as shipped by Debian and the official upstream sources. The goal is to maintain this file as small as possible, avoiding non-upstreamed patches at all costs. The Debian packaging is maintained in the following Git repository: http://anonscm.debian.org/gitweb/?p=collab-maint/ruby.git To obtain a view of the individual commits that affect non-Debian-specific files, you can clone that repository, and from the master branch, run: $ ./debian/upstream-changes Gbp-Pq: Name debian-changes --- configure.in | 2 +- ext/bigdecimal/bigdecimal.gemspec | 3 +- ext/io/console/io-console.gemspec | 3 +- ext/json/generator/generator.c | 12 +-- ext/json/generator/generator.h | 1 - ext/json/json.gemspec | 1 + ext/json/lib/json/version.rb | 2 +- ext/openssl/ossl_cipher.c | 22 ++--- lib/mkmf.rb | 2 +- lib/net/smtp.rb | 9 +++ lib/rdoc/generator/json_index.rb | 4 +- lib/rdoc/rdoc.gemspec | 1 + lib/rdoc/rdoc.rb | 2 +- lib/rubygems.rb | 2 +- lib/rubygems/commands/query_command.rb | 5 +- lib/rubygems/installer.rb | 7 ++ lib/rubygems/remote_fetcher.rb | 2 +- lib/rubygems/specification.rb | 16 +++- lib/rubygems/text.rb | 15 +++- test/excludes/TestProcess.rb | 5 ++ test/excludes/TestRefinement.rb | 2 + test/net/smtp/test_smtp.rb | 47 +++++++++++ test/openssl/test_cipher.rb | 29 +++++-- test/ruby/test_array.rb | 3 +- test/ruby/test_file_exhaustive.rb | 2 +- test/ruby/test_gc.rb | 2 +- .../test_gem_commands_query_command.rb | 80 +++++++++++++++++++ test/rubygems/test_gem_installer.rb | 20 +++++ test/rubygems/test_gem_remote_fetcher.rb | 15 ++++ test/rubygems/test_gem_specification.rb | 32 +++++++- test/rubygems/test_gem_text.rb | 11 +++ 31 files changed, 315 insertions(+), 44 deletions(-) create mode 100644 test/excludes/TestProcess.rb create mode 100644 test/excludes/TestRefinement.rb diff --git a/configure.in b/configure.in index 29b63c2..cc1001f 100644 --- a/configure.in +++ b/configure.in @@ -3686,7 +3686,7 @@ AS_CASE("$enable_shared", [yes], [ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' ], [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku*], [ - LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS_OPTDIR" + LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS $LDFLAGS_OPTDIR" LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' if test "$load_relative" = yes; then libprefix="'\$\${ORIGIN}/../${libdir_basename}'" diff --git a/ext/bigdecimal/bigdecimal.gemspec b/ext/bigdecimal/bigdecimal.gemspec index 1666325..9371d0b 100644 --- a/ext/bigdecimal/bigdecimal.gemspec +++ b/ext/bigdecimal/bigdecimal.gemspec @@ -1,11 +1,10 @@ # -*- ruby -*- _VERSION = "1.2.8" -date = %w$Date:: $[1] Gem::Specification.new do |s| s.name = "bigdecimal" s.version = _VERSION - s.date = date + s.date = RUBY_RELEASE_DATE s.license = 'ruby' s.summary = "Arbitrary-precision decimal floating-point number library." s.homepage = "http://www.ruby-lang.org" diff --git a/ext/io/console/io-console.gemspec b/ext/io/console/io-console.gemspec index 2c5ce6b..6251477 100644 --- a/ext/io/console/io-console.gemspec +++ b/ext/io/console/io-console.gemspec @@ -1,11 +1,10 @@ # -*- ruby -*- _VERSION = "0.4.5" -date = %w$Date:: $[1] Gem::Specification.new do |s| s.name = "io-console" s.version = _VERSION - s.date = date + s.date = RUBY_RELEASE_DATE s.summary = "Console interface" s.email = "nobu@ruby-lang.org" s.description = "add console capabilities to IO instances." diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c index a135e28..2cdca56 100644 --- a/ext/json/generator/generator.c +++ b/ext/json/generator/generator.c @@ -301,7 +301,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { char *result; if (len <= 0) return NULL; result = ALLOC_N(char, len); - memccpy(result, ptr, 0, len); + memcpy(result, ptr, len); return result; } @@ -1055,7 +1055,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) } } else { if (state->indent) ruby_xfree(state->indent); - state->indent = strdup(RSTRING_PTR(indent)); + state->indent = fstrndup(RSTRING_PTR(indent), len); state->indent_len = len; } return Qnil; @@ -1093,7 +1093,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) } } else { if (state->space) ruby_xfree(state->space); - state->space = strdup(RSTRING_PTR(space)); + state->space = fstrndup(RSTRING_PTR(space), len); state->space_len = len; } return Qnil; @@ -1129,7 +1129,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) } } else { if (state->space_before) ruby_xfree(state->space_before); - state->space_before = strdup(RSTRING_PTR(space_before)); + state->space_before = fstrndup(RSTRING_PTR(space_before), len); state->space_before_len = len; } return Qnil; @@ -1166,7 +1166,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) } } else { if (state->object_nl) ruby_xfree(state->object_nl); - state->object_nl = strdup(RSTRING_PTR(object_nl)); + state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); state->object_nl_len = len; } return Qnil; @@ -1201,7 +1201,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) } } else { if (state->array_nl) ruby_xfree(state->array_nl); - state->array_nl = strdup(RSTRING_PTR(array_nl)); + state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); state->array_nl_len = len; } return Qnil; diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h index 298c0a4..6bbf817 100644 --- a/ext/json/generator/generator.h +++ b/ext/json/generator/generator.h @@ -1,7 +1,6 @@ #ifndef _GENERATOR_H_ #define _GENERATOR_H_ -#include #include #include diff --git a/ext/json/json.gemspec b/ext/json/json.gemspec index 9fb6fa1..f52da67 100644 --- a/ext/json/json.gemspec +++ b/ext/json/json.gemspec @@ -1,6 +1,7 @@ Gem::Specification.new do |s| s.name = "json" s.version = "1.8.3" + s.date = RUBY_RELEASE_DATE s.summary = "This json is bundled with Ruby" s.executables = [] s.files = ["json.rb", "json/add/bigdecimal.rb", "json/add/complex.rb", "json/add/core.rb", "json/add/date.rb", "json/add/date_time.rb", "json/add/exception.rb", "json/add/ostruct.rb", "json/add/range.rb", "json/add/rational.rb", "json/add/regexp.rb", "json/add/struct.rb", "json/add/symbol.rb", "json/add/time.rb", "json/common.rb", "json/ext.rb", "json/ext/generator.bundle", "json/ext/parser.bundle", "json/generic_object.rb", "json/version.rb"] diff --git a/ext/json/lib/json/version.rb b/ext/json/lib/json/version.rb index b574833..cd7ddf8 100644 --- a/ext/json/lib/json/version.rb +++ b/ext/json/lib/json/version.rb @@ -1,7 +1,7 @@ # frozen_string_literal: false module JSON # JSON version - VERSION = '1.8.3' + VERSION = '1.8.3.1' VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc: VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: diff --git a/ext/openssl/ossl_cipher.c b/ext/openssl/ossl_cipher.c index 09b021d..24b8467 100644 --- a/ext/openssl/ossl_cipher.c +++ b/ext/openssl/ossl_cipher.c @@ -34,6 +34,7 @@ */ VALUE cCipher; VALUE eCipherError; +static ID id_key_set; static VALUE ossl_cipher_alloc(VALUE klass); static void ossl_cipher_free(void *ptr); @@ -114,7 +115,6 @@ ossl_cipher_initialize(VALUE self, VALUE str) EVP_CIPHER_CTX *ctx; const EVP_CIPHER *cipher; char *name; - unsigned char key[EVP_MAX_KEY_LENGTH]; name = StringValuePtr(str); GetCipherInit(self, ctx); @@ -126,14 +126,7 @@ ossl_cipher_initialize(VALUE self, VALUE str) if (!(cipher = EVP_get_cipherbyname(name))) { ossl_raise(rb_eRuntimeError, "unsupported cipher algorithm (%s)", name); } - /* - * The EVP which has EVP_CIPH_RAND_KEY flag (such as DES3) allows - * uninitialized key, but other EVPs (such as AES) does not allow it. - * Calling EVP_CipherUpdate() without initializing key causes SEGV so we - * set the data filled with "\0" as the key by default. - */ - memset(key, 0, EVP_MAX_KEY_LENGTH); - if (EVP_CipherInit_ex(ctx, cipher, NULL, key, NULL, -1) != 1) + if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, -1) != 1) ossl_raise(eCipherError, NULL); return self; @@ -252,6 +245,9 @@ ossl_cipher_init(int argc, VALUE *argv, VALUE self, int mode) ossl_raise(eCipherError, NULL); } + if (p_key) + rb_ivar_set(self, id_key_set, Qtrue); + return self; } @@ -338,6 +334,8 @@ ossl_cipher_pkcs5_keyivgen(int argc, VALUE *argv, VALUE self) OPENSSL_cleanse(key, sizeof key); OPENSSL_cleanse(iv, sizeof iv); + rb_ivar_set(self, id_key_set, Qtrue); + return Qnil; } @@ -390,6 +388,8 @@ ossl_cipher_update(int argc, VALUE *argv, VALUE self) VALUE data, str; rb_scan_args(argc, argv, "11", &data, &str); + if (!RTEST(rb_attr_get(self, id_key_set))) + ossl_raise(eCipherError, "key not set"); StringValue(data); in = (unsigned char *)RSTRING_PTR(data); @@ -490,6 +490,8 @@ ossl_cipher_set_key(VALUE self, VALUE key) if (EVP_CipherInit_ex(ctx, NULL, NULL, (unsigned char *)RSTRING_PTR(key), NULL, -1) != 1) ossl_raise(eCipherError, NULL); + rb_ivar_set(self, id_key_set, Qtrue); + return key; } @@ -1008,4 +1010,6 @@ Init_ossl_cipher(void) rb_define_method(cCipher, "iv_len", ossl_cipher_iv_length, 0); rb_define_method(cCipher, "block_size", ossl_cipher_block_size, 0); rb_define_method(cCipher, "padding=", ossl_cipher_set_padding, 1); + + id_key_set = rb_intern_const("key_set"); } diff --git a/lib/mkmf.rb b/lib/mkmf.rb index 3181b05..2502476 100644 --- a/lib/mkmf.rb +++ b/lib/mkmf.rb @@ -2275,7 +2275,7 @@ LOCAL_LIBS = #{$LOCAL_LIBS} LIBS = #{$LIBRUBYARG} #{$libs} #{$LIBS} ORIG_SRCS = #{orig_srcs.collect(&File.method(:basename)).join(' ')} SRCS = $(ORIG_SRCS) #{(srcs - orig_srcs).collect(&File.method(:basename)).join(' ')} -OBJS = #{$objs.join(" ")} +OBJS = #{$objs.sort.join(" ")} HDRS = #{hdrs.map{|h| '$(srcdir)/' + File.basename(h)}.join(' ')} TARGET = #{target} TARGET_NAME = #{target && target[/\A\w+/]} diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb index d634274..78f2181 100644 --- a/lib/net/smtp.rb +++ b/lib/net/smtp.rb @@ -926,7 +926,15 @@ module Net private + def validate_line(line) + # A bare CR or LF is not allowed in RFC5321. + if /[\r\n]/ =~ line + raise ArgumentError, "A line must not contain CR or LF" + end + end + def getok(reqline) + validate_line reqline res = critical { @socket.writeline reqline recv_response() @@ -936,6 +944,7 @@ module Net end def get_response(reqline) + validate_line reqline @socket.writeline reqline recv_response() end diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb index 624a2e5..103a938 100644 --- a/lib/rdoc/generator/json_index.rb +++ b/lib/rdoc/generator/json_index.rb @@ -175,7 +175,7 @@ class RDoc::Generator::JsonIndex debug_msg "Writing gzipped search index to %s" % outfile Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(search_index_file) + gz.mtime = -1 gz.orig_name = search_index_file.basename.to_s gz.write search_index gz.close @@ -193,7 +193,7 @@ class RDoc::Generator::JsonIndex debug_msg "Writing gzipped file to %s" % outfile Zlib::GzipWriter.open(outfile) do |gz| - gz.mtime = File.mtime(dest) + gz.mtime = -1 gz.orig_name = dest.basename.to_s gz.write data gz.close diff --git a/lib/rdoc/rdoc.gemspec b/lib/rdoc/rdoc.gemspec index e1631e2..273d867 100644 --- a/lib/rdoc/rdoc.gemspec +++ b/lib/rdoc/rdoc.gemspec @@ -1,6 +1,7 @@ Gem::Specification.new do |s| s.name = "rdoc" s.version = "4.2.1" + s.date = RUBY_RELEASE_DATE s.summary = "This rdoc is bundled with Ruby" s.executables = ["rdoc", "ri"] s.files = ["rdoc.rb", "rdoc/alias.rb", "rdoc/anon_class.rb", "rdoc/any_method.rb", "rdoc/attr.rb", "rdoc/class_module.rb", "rdoc/code_object.rb", "rdoc/code_objects.rb", "rdoc/comment.rb", "rdoc/constant.rb", "rdoc/context.rb", "rdoc/context/section.rb", "rdoc/cross_reference.rb", "rdoc/encoding.rb", "rdoc/erb_partial.rb", "rdoc/erbio.rb", "rdoc/extend.rb", "rdoc/generator.rb", "rdoc/generator/darkfish.rb", "rdoc/generator/json_index.rb", "rdoc/generator/markup.rb", "rdoc/generator/pot.rb", "rdoc/generator/pot/message_extractor.rb", "rdoc/generator/pot/po.rb", "rdoc/generator/pot/po_entry.rb", "rdoc/generator/ri.rb", "rdoc/ghost_method.rb", "rdoc/i18n.rb", "rdoc/i18n/locale.rb", "rdoc/i18n/text.rb", "rdoc/include.rb", "rdoc/known_classes.rb", "rdoc/markdown.rb", "rdoc/markdown/entities.rb", "rdoc/markdown/literals_1_9.rb", "rdoc/markup.rb", "rdoc/markup/attr_changer.rb", "rdoc/markup/attr_span.rb", "rdoc/markup/attribute_manager.rb", "rdoc/markup/attributes.rb", "rdoc/markup/blank_line.rb", "rdoc/markup/block_quote.rb", "rdoc/markup/document.rb", "rdoc/markup/formatter.rb", "rdoc/markup/formatter_test_case.rb", "rdoc/markup/hard_break.rb", "rdoc/markup/heading.rb", "rdoc/markup/include.rb", "rdoc/markup/indented_paragraph.rb", "rdoc/markup/inline.rb", "rdoc/markup/list.rb", "rdoc/markup/list_item.rb", "rdoc/markup/paragraph.rb", "rdoc/markup/parser.rb", "rdoc/markup/pre_process.rb", "rdoc/markup/raw.rb", "rdoc/markup/rule.rb", "rdoc/markup/special.rb", "rdoc/markup/text_formatter_test_case.rb", "rdoc/markup/to_ansi.rb", "rdoc/markup/to_bs.rb", "rdoc/markup/to_html.rb", "rdoc/markup/to_html_crossref.rb", "rdoc/markup/to_html_snippet.rb", "rdoc/markup/to_joined_paragraph.rb", "rdoc/markup/to_label.rb", "rdoc/markup/to_markdown.rb", "rdoc/markup/to_rdoc.rb", "rdoc/markup/to_table_of_contents.rb", "rdoc/markup/to_test.rb", "rdoc/markup/to_tt_only.rb", "rdoc/markup/verbatim.rb", "rdoc/meta_method.rb", "rdoc/method_attr.rb", "rdoc/mixin.rb", "rdoc/normal_class.rb", "rdoc/normal_module.rb", "rdoc/options.rb", "rdoc/parser.rb", "rdoc/parser/c.rb", "rdoc/parser/changelog.rb", "rdoc/parser/markdown.rb", "rdoc/parser/rd.rb", "rdoc/parser/ruby.rb", "rdoc/parser/ruby_tools.rb", "rdoc/parser/simple.rb", "rdoc/parser/text.rb", "rdoc/rd.rb", "rdoc/rd/block_parser.rb", "rdoc/rd/inline.rb", "rdoc/rd/inline_parser.rb", "rdoc/rdoc.rb", "rdoc/require.rb", "rdoc/ri.rb", "rdoc/ri/driver.rb", "rdoc/ri/formatter.rb", "rdoc/ri/paths.rb", "rdoc/ri/store.rb", "rdoc/ri/task.rb", "rdoc/ruby_lex.rb", "rdoc/ruby_token.rb", "rdoc/rubygems_hook.rb", "rdoc/servlet.rb", "rdoc/single_class.rb", "rdoc/stats.rb", "rdoc/stats/normal.rb", "rdoc/stats/quiet.rb", "rdoc/stats/verbose.rb", "rdoc/store.rb", "rdoc/task.rb", "rdoc/test_case.rb", "rdoc/text.rb", "rdoc/token_stream.rb", "rdoc/tom_doc.rb", "rdoc/top_level.rb"] diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb index 7c5d34e..4b74646 100644 --- a/lib/rdoc/rdoc.rb +++ b/lib/rdoc/rdoc.rb @@ -321,7 +321,7 @@ option) end end - file_list.flatten + file_list.flatten.sort end ## diff --git a/lib/rubygems.rb b/lib/rubygems.rb index 04031c7..9c0219c 100644 --- a/lib/rubygems.rb +++ b/lib/rubygems.rb @@ -10,7 +10,7 @@ require 'rbconfig' require 'thread' module Gem - VERSION = '2.5.2' + VERSION = '2.5.2.1' end # Must be first since it unloads the prelude from 1.9.2 diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb index d6196b4..61e9808 100644 --- a/lib/rubygems/commands/query_command.rb +++ b/lib/rubygems/commands/query_command.rb @@ -226,7 +226,7 @@ is too hard to use. end end - output << make_entry(matching_tuples, platforms) + output << clean_text(make_entry(matching_tuples, platforms)) end end @@ -344,7 +344,8 @@ is too hard to use. end def spec_summary entry, spec - entry << "\n\n" << format_text(spec.summary, 68, 4) + summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") + entry << "\n\n" << format_text(summary, 68, 4) end end diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb index 85358e0..709b77d 100644 --- a/lib/rubygems/installer.rb +++ b/lib/rubygems/installer.rb @@ -693,6 +693,11 @@ class Gem::Installer unpack or File.writable?(gem_home) end + def verify_spec_name + return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN + raise Gem::InstallError, "#{spec} has an invalid name" + end + ## # Return the text for an application file. @@ -812,6 +817,8 @@ TEXT ensure_loadable_spec + verify_spec_name + if options[:install_as_default] Gem.ensure_default_gem_subdirectories gem_home else diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb index fda1e06..254bebf 100644 --- a/lib/rubygems/remote_fetcher.rb +++ b/lib/rubygems/remote_fetcher.rb @@ -104,7 +104,7 @@ class Gem::RemoteFetcher else target = res.target.to_s.strip - if /\.#{Regexp.quote(host)}\z/ =~ target + if URI("http://" + target).host.end_with?(".#{host}") return URI.parse "#{uri.scheme}://#{target}#{uri.path}" end diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb index 8e2557c..2519b96 100644 --- a/lib/rubygems/specification.rb +++ b/lib/rubygems/specification.rb @@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification private_constant :LOAD_CACHE if defined? private_constant + VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: + # :startdoc: ## @@ -1754,7 +1756,9 @@ class Gem::Specification < Gem::BasicSpecification raise(Gem::InvalidSpecificationException, "invalid date format in specification: #{date.inspect}") end - when Time, DateLike then + when Time then + Time.utc(date.utc.year, date.utc.month, date.utc.day) + when DateLike then Time.utc(date.year, date.month, date.day) else TODAY @@ -2665,9 +2669,15 @@ class Gem::Specification < Gem::BasicSpecification end end - unless String === name then + if !name.is_a?(String) then + raise Gem::InvalidSpecificationException, + "invalid value for attribute name: \"#{name.inspect}\" must be a string" + elsif name !~ /[a-zA-Z]/ then + raise Gem::InvalidSpecificationException, + "invalid value for attribute name: #{name.dump} must include at least one letter" + elsif name !~ VALID_NAME_PATTERN then raise Gem::InvalidSpecificationException, - "invalid value for attribute name: \"#{name.inspect}\"" + "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" end if raw_require_paths.empty? then diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb index 732f1b9..b944b62 100644 --- a/lib/rubygems/text.rb +++ b/lib/rubygems/text.rb @@ -6,13 +6,26 @@ require 'rubygems' module Gem::Text + ## + # Remove any non-printable characters and make the text suitable for + # printing. + def clean_text(text) + text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) + end + + def truncate_text(text, description, max_length = 100_000) + raise ArgumentError, "max_length must be positive" unless max_length > 0 + return text if text.size <= max_length + "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] + end + ## # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ # characters def format_text(text, wrap, indent=0) result = [] - work = text.dup + work = clean_text(text) while work.length > wrap do if work =~ /^(.{0,#{wrap}})[ \n]/ then diff --git a/test/excludes/TestProcess.rb b/test/excludes/TestProcess.rb new file mode 100644 index 0000000..24f71b4 --- /dev/null +++ b/test/excludes/TestProcess.rb @@ -0,0 +1,5 @@ +# Found on Debian mips* buildds, this test consumes ~2GB RAM and +# a lot of CPU time before failing. Note that the test failure +# may point to an issue in the Array implementation. +# https://bugs.ruby-lang.org/issues/12500 +exclude :test_aspawn_too_long_path, "RAM and time consuming test" diff --git a/test/excludes/TestRefinement.rb b/test/excludes/TestRefinement.rb new file mode 100644 index 0000000..8f148fd --- /dev/null +++ b/test/excludes/TestRefinement.rb @@ -0,0 +1,2 @@ +# Found on Debian arm*, powerpc buildds +exclude :test_prepend_after_refine_wb_miss, "time consuming test" diff --git a/test/net/smtp/test_smtp.rb b/test/net/smtp/test_smtp.rb index 0edb341..3bcceb6 100644 --- a/test/net/smtp/test_smtp.rb +++ b/test/net/smtp/test_smtp.rb @@ -6,6 +6,8 @@ require 'test/unit' module Net class TestSMTP < Test::Unit::TestCase class FakeSocket + attr_reader :write_io + def initialize out = "250 OK\n" @write_io = StringIO.new @read_io = StringIO.new out @@ -51,5 +53,50 @@ module Net assert smtp.rset end + + def test_mailfrom + sock = FakeSocket.new + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, sock + assert smtp.mailfrom("foo@example.com").success? + assert_equal "MAIL FROM:\r\n", sock.write_io.string + end + + def test_rcptto + sock = FakeSocket.new + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, sock + assert smtp.rcptto("foo@example.com").success? + assert_equal "RCPT TO:\r\n", sock.write_io.string + end + + def test_auth_plain + sock = FakeSocket.new + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, sock + assert smtp.auth_plain("foo", "bar").success? + assert_equal "AUTH PLAIN AGZvbwBiYXI=\r\n", sock.write_io.string + end + + def test_crlf_injection + smtp = Net::SMTP.new 'localhost', 25 + smtp.instance_variable_set :@socket, FakeSocket.new + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\r\nbar") + end + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\rbar") + end + + assert_raise(ArgumentError) do + smtp.mailfrom("foo\nbar") + end + + assert_raise(ArgumentError) do + smtp.rcptto("foo\r\nbar") + end + end end end diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb index 89c176f..fb08b61 100644 --- a/test/openssl/test_cipher.rb +++ b/test/openssl/test_cipher.rb @@ -81,6 +81,7 @@ class OpenSSL::TestCipher < Test::Unit::TestCase def test_empty_data @c1.encrypt + @c1.random_key assert_raise(ArgumentError){ @c1.update("") } end @@ -129,12 +130,10 @@ class OpenSSL::TestCipher < Test::Unit::TestCase } end - def test_AES_crush - 500.times do - assert_nothing_raised("[Bug #2768]") do - # it caused OpenSSL SEGV by uninitialized key - OpenSSL::Cipher::AES128.new("ECB").update "." * 17 - end + def test_update_raise_if_key_not_set + assert_raise(OpenSSL::Cipher::CipherError) do + # it caused OpenSSL SEGV by uninitialized key + OpenSSL::Cipher::AES128.new("ECB").update "." * 17 end end end @@ -238,6 +237,24 @@ class OpenSSL::TestCipher < Test::Unit::TestCase end + def test_aes_gcm_key_iv_order_issue + pt = "[ruby/openssl#49]" + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.key = "x" * 16 + cipher.iv = "a" * 12 + ct1 = cipher.update(pt) << cipher.final + tag1 = cipher.auth_tag + + cipher = OpenSSL::Cipher.new("aes-128-gcm").encrypt + cipher.iv = "a" * 12 + cipher.key = "x" * 16 + ct2 = cipher.update(pt) << cipher.final + tag2 = cipher.auth_tag + + assert_equal ct1, ct2 + assert_equal tag1, tag2 + end if has_cipher?("aes-128-gcm") + private def new_encryptor(algo) diff --git a/test/ruby/test_array.rb b/test/ruby/test_array.rb index f27b8a5..bea1f37 100644 --- a/test/ruby/test_array.rb +++ b/test/ruby/test_array.rb @@ -1841,7 +1841,8 @@ class TestArray < Test::Unit::TestCase def test_permutation_stack_error bug9932 = '[ruby-core:63103] [Bug #9932]' - assert_separately([], <<-"end;") # do + # On some platforms (armel, mips), permutation is very expensive/slow. + assert_separately([], <<-"end;", timeout: 60) # do assert_nothing_raised(SystemStackError, "#{bug9932}") do assert_equal(:ok, Array.new(100_000, nil).permutation {break :ok}) end diff --git a/test/ruby/test_file_exhaustive.rb b/test/ruby/test_file_exhaustive.rb index be0a79f..a37c844 100644 --- a/test/ruby/test_file_exhaustive.rb +++ b/test/ruby/test_file_exhaustive.rb @@ -1017,7 +1017,7 @@ class TestFileExhaustive < Test::Unit::TestCase user = ENV['USER'] skip "ENV['USER'] is not set" unless user assert_equal(ENV['HOME'], File.expand_path("~#{user}")) - end unless DRIVE + end if false # does not work in sbuild/buildd environments def test_expand_path_error_for_nonexistent_username user = "\u{3086 3046 3066 3044}:\u{307F 3084 304A 3046}" diff --git a/test/ruby/test_gc.rb b/test/ruby/test_gc.rb index 51b17c6..9732e12 100644 --- a/test/ruby/test_gc.rb +++ b/test/ruby/test_gc.rb @@ -212,7 +212,7 @@ class TestGc < Test::Unit::TestCase assert_in_out_err([env, "-w", "-e", "exit"], "", [], /RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=0\.9/, "") # always full GC when RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR < 1.0 - assert_in_out_err([env, "-e", "1000_000.times{Object.new}; p(GC.stat[:minor_gc_count] < GC.stat[:major_gc_count])"], "", ['true'], //, "") if use_rgengc? + assert_in_out_err([env, "-e", "1000_000.times{Object.new}; p(GC.stat[:minor_gc_count] < GC.stat[:major_gc_count])"], "", ['true'], //, "", timeout: 30) if use_rgengc? # check obsolete assert_in_out_err([{'RUBY_FREE_MIN' => '100'}, '-w', '-eexit'], '', [], diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb index 78c15a1..9ec7154 100644 --- a/test/rubygems/test_gem_commands_query_command.rb +++ b/test/rubygems/test_gem_commands_query_command.rb @@ -116,6 +116,86 @@ a (2) This is a lot of text. This is a lot of text. This is a lot of text. This is a lot of text. +pl (1) + Platform: i386-linux + Author: A User + Homepage: http://example.com + + this is a summary + EOF + + assert_equal expected, @ui.output + assert_equal '', @ui.error + end + + def test_execute_details_cleans_text + spec_fetcher do |fetcher| + fetcher.spec 'a', 2 do |s| + s.summary = 'This is a lot of text. ' * 4 + s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] + s.homepage = "http://a.example.com/\x03" + end + + fetcher.legacy_platform + end + + @cmd.handle_options %w[-r -d] + + use_ui @ui do + @cmd.execute + end + + expected = <<-EOF + +*** REMOTE GEMS *** + +a (2) + Authors: Abraham Lincoln ., . Hirohito + Homepage: http://a.example.com/. + + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + +pl (1) + Platform: i386-linux + Author: A User + Homepage: http://example.com + + this is a summary + EOF + + assert_equal expected, @ui.output + assert_equal '', @ui.error + end + + def test_execute_details_truncates_summary + spec_fetcher do |fetcher| + fetcher.spec 'a', 2 do |s| + s.summary = 'This is a lot of text. ' * 10_000 + s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] + s.homepage = "http://a.example.com/\x03" + end + + fetcher.legacy_platform + end + + @cmd.handle_options %w[-r -d] + + use_ui @ui do + @cmd.execute + end + + expected = <<-EOF + +*** REMOTE GEMS *** + +a (2) + Authors: Abraham Lincoln ., . Hirohito + Homepage: http://a.example.com/. + + Truncating the summary for a-2 to 100,000 characters: +#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te + pl (1) Platform: i386-linux Author: A User diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb index 5ec71d0..1092a0c 100644 --- a/test/rubygems/test_gem_installer.rb +++ b/test/rubygems/test_gem_installer.rb @@ -1227,6 +1227,26 @@ gem 'other', version end end + def test_pre_install_checks_malicious_name + spec = util_spec '../malicious', '1' + def spec.full_name # so the spec is buildable + "malicious-1" + end + def spec.validate; end + + util_build_gem spec + + gem = File.join(@gemhome, 'cache', spec.file_name) + + use_ui @ui do + @installer = Gem::Installer.at gem + e = assert_raises Gem::InstallError do + @installer.pre_install_checks + end + assert_equal '# has an invalid name', e.message + end + end + def test_shebang util_make_exec @spec, "#!/usr/bin/ruby" diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb index 49b6b66..a3919c8 100644 --- a/test/rubygems/test_gem_remote_fetcher.rb +++ b/test/rubygems/test_gem_remote_fetcher.rb @@ -253,6 +253,21 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg== dns.verify end + def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path + uri = URI.parse "http://example.com/foo" + target = MiniTest::Mock.new + target.expect :target, "evil.com/a.example.com" + + dns = MiniTest::Mock.new + dns.expect :getresource, target, [String, Object] + + fetch = Gem::RemoteFetcher.new nil, dns + assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) + + target.verify + dns.verify + end + def test_api_endpoint_timeout_warning uri = URI.parse "http://gems.example.com/foo" diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb index bc1c8d2..9a49bbb 100644 --- a/test/rubygems/test_gem_specification.rb +++ b/test/rubygems/test_gem_specification.rb @@ -2974,7 +2974,37 @@ Did you mean 'Ruby'? @a1.validate end - assert_equal 'invalid value for attribute name: ":json"', e.message + assert_equal 'invalid value for attribute name: ":json" must be a string', e.message + + @a1.name = [] + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message + + @a1.name = "" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message + + @a1.name = "12345" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message + + @a1.name = "../malicious" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message + + @a1.name = "\ba\t" + e = assert_raises Gem::InvalidSpecificationException do + @a1.validate + end + assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message end def test_validate_non_nil diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb index a6e22e0..04f3f60 100644 --- a/test/rubygems/test_gem_text.rb +++ b/test/rubygems/test_gem_text.rb @@ -36,6 +36,10 @@ Without the wrapping, the text might not look good in the RSS feed. assert_equal expected, format_text(text, 78) end + def test_format_removes_nonprintable_characters + assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) + end + def test_min3 assert_equal 1, min3(1, 1, 1) assert_equal 1, min3(1, 1, 2) @@ -74,4 +78,11 @@ Without the wrapping, the text might not look good in the RSS feed. assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") end + + def test_truncate_text + assert_equal "abc", truncate_text("abc", "desc") + assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) + s = "ab" * 500_001 + assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) + end end -- 2.30.2