39 changes: 39 additions & 0 deletions support/hoe/deprecated_gem.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
module Hoe::Deprecated_Gem
def linked_spec(spec)
atm = YAML.load(YAML.dump(spec))
atm.name = 'archive-tar-minitar'
d = %Q('#{atm.name}' has been deprecated; just install '#{spec.name}'.)
atm.description = "#{d} #{spec.description}"
atm.summary = atm.post_install_message = d
atm.files.delete_if { |f| f !~ %r{lib/archive-tar-minitar\.rb} }
atm.extra_rdoc_files.clear
atm.rdoc_options.clear
atm.dependencies.clear
atm.add_dependency(%Q(#{spec.name}), "~> #{spec.version}")
atm.add_dependency(%Q(#{spec.name}-cli), "<= 1.0")

unless @include_all
[ :signing_key, :cert_chain ].each { |name|
atm.send("#{name}=".to_sym, atm.default_value(name))
}
end

atm
end

def define_deprecated_gem_tasks
gemspec = spec.name + '.gemspec'
atmspec = 'archive-tar-minitar.gemspec'

file atmspec => gemspec do
open(atmspec, 'w') { |f| f.write(linked_spec(spec).to_ruby) }
end

task :gemspec => atmspec

Gem::PackageTask.new linked_spec(spec) do |pkg|
pkg.need_tar = @need_tar
pkg.need_zip = @need_zip
end
end
end
35 changes: 35 additions & 0 deletions test/test_tar_input.rb
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ def test_each_works

outer += 1
end

assert_equal(2, outer)
end
end
Expand Down Expand Up @@ -131,4 +132,38 @@ def test_extract_entry_works
assert_equal(2, outer_count)
end
end

def test_extract_entry_breaks_symlinks
return if Minitar.windows?

IO.respond_to?(:write) &&
IO.write('data__/file4', '') ||
File.open('data__/file4', 'w') { |f| f.write '' }

File.symlink('data__/file4', 'data__/file3')
File.symlink('data__/file4', 'data__/data')

Minitar.unpack(Zlib::GzipReader.new(StringIO.new(TEST_TGZ)), 'data__')
Minitar.unpack(Zlib::GzipReader.new(File.open('data__/data.tar.gz', 'rb')),
'data__')

refute File.symlink?('data__/file3')
refute File.symlink?('data__/data')
end

RELATIVE_DIRECTORY_TGZ = Base64.decode64 <<-EOS
H4sICIIoKVgCA2JhZC1kaXIudGFyANPT0y8sTy0qqWSgHTAwMDAzMVEA0eZmpmDawAjChwEFQ2MDQyMg
MDUzVDAwNDY0N2VQMGCgAygtLkksAjolEcjIzMOtDqgsLQ2/J0H+gNOjYBSMglEwyAEA2LchrwAGAAA=
EOS

def test_extract_entry_fails_with_relative_directory
reader = Zlib::GzipReader.new(StringIO.new(RELATIVE_DIRECTORY_TGZ))
Minitar::Input.open(reader) do |stream|
stream.each do |entry|
assert_raises Archive::Tar::Minitar::SecureRelativePathError do
stream.extract_entry("data__", entry)
end
end
end
end
end