From f933cde9390563160d8a12c901e7a408f523c457 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Fri, 15 Dec 2023 10:30:14 -0800 Subject: [PATCH] [rubygems/rubygems] Let the guards have some space to breathe https://github.com/rubygems/rubygems/commit/73f1609715 --- lib/bundler/checksum.rb | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/bundler/checksum.rb b/lib/bundler/checksum.rb index 25e3ca127d9dd2..60ba93417c2d08 100644 --- a/lib/bundler/checksum.rb +++ b/lib/bundler/checksum.rb @@ -30,6 +30,7 @@ def from_gem(io, pathname, algo = DEFAULT_ALGORITHM) def from_api(digest, source_uri, algo = DEFAULT_ALGORITHM) return if Bundler.settings[:disable_checksum_validation] + Checksum.new(algo, to_hexdigest(digest, algo), Source.new(:api, source_uri)) end @@ -41,11 +42,13 @@ def from_lock(lock_checksum, lockfile_location) def to_hexdigest(digest, algo = DEFAULT_ALGORITHM) return digest unless algo == DEFAULT_ALGORITHM return digest if digest.match?(/\A[0-9a-f]{64}\z/i) + if digest.match?(%r{\A[-0-9a-z_+/]{43}={0,2}\z}i) digest = digest.tr("-_", "+/") # fix urlsafe base64 - return digest.unpack1("m0").unpack1("H*") + digest.unpack1("m0").unpack1("H*") + else + raise ArgumentError, "#{digest.inspect} is not a valid SHA256 hex or base64 digest" end - raise ArgumentError, "#{digest.inspect} is not a valid SHA256 hex or base64 digest" end end @@ -85,6 +88,7 @@ def to_lock def merge!(other) return nil unless match?(other) + @sources.concat(other.sources).uniq! self end @@ -185,6 +189,7 @@ def inspect # that contain the same gem with different checksums. def replace(spec, checksum) return unless checksum + lock_name = spec.name_tuple.lock_name @store_mutex.synchronize do existing = fetch_checksum(lock_name, checksum.algo) @@ -198,6 +203,7 @@ def replace(spec, checksum) def register(spec, checksum) return unless checksum + register_checksum(spec.name_tuple.lock_name, checksum) end