linamh/dev-ruby/rubygems/files/0.8.11-install.rb.extract_files.patch

Index: lib/rubygems/installer.rb
===================================================================
--- lib/rubygems/installer.rb	(revision 1195)
+++ lib/rubygems/installer.rb	(working copy)
@@ -7,6 +7,8 @@ require 'rubygems/dependency_list'
 
 module Gem
 
+  class InstallError < Gem::Exception; end
+
   class DependencyRemovalException < Gem::Exception; end
 
   ##
@@ -321,14 +323,20 @@ TEXT
     #
     def extract_files(directory, format)
       require 'fileutils'
-      wd = Dir.getwd
-      Dir.chdir directory do
-        format.file_entries.each do |entry, file_data|
-          path = entry['path']
-          FileUtils.mkdir_p File.dirname(path)
-          File.open(path, "wb") do |out|
-            out.write file_data
-          end
+      format.file_entries.each do |entry, file_data|
+        path = entry['path']
+        if path =~ /\A\// then # for extra sanity
+          raise Gem::InstallError,
+                "attempt to install file into #{entry['path'].inspect}"
+        end
+        path = File.expand_path File.join(directory, path)
+        if path !~ /\A#{Regexp.escape(File.expand_path(directory))}/ then
+          raise Gem::InstallError,
+                "attempt to install file into #{entry['path'].inspect}"
+        end
+        FileUtils.mkdir_p File.dirname(path)
+        File.open(path, "wb") do |out|
+          out.write file_data
         end
       end
     end
add all my local ebuilds git-svn-id: https://svn.disconnected-by-peer.at/svn/linamh/trunk/linamh@602 6952d904-891a-0410-993b-d76249ca496b 2008-12-08 20:43:30 +01:00			`Index: lib/rubygems/installer.rb`
			`===================================================================`
			`--- lib/rubygems/installer.rb (revision 1195)`
			`+++ lib/rubygems/installer.rb (working copy)`
			`@@ -7,6 +7,8 @@ require 'rubygems/dependency_list'`

			`module Gem`

			`+ class InstallError < Gem::Exception; end`
			`+`
			`class DependencyRemovalException < Gem::Exception; end`

			`##`
			`@@ -321,14 +323,20 @@ TEXT`
			`#`
			`def extract_files(directory, format)`
			`require 'fileutils'`
			`- wd = Dir.getwd`
			`- Dir.chdir directory do`
			`- format.file_entries.each do \|entry, file_data\|`
			`- path = entry['path']`
			`- FileUtils.mkdir_p File.dirname(path)`
			`- File.open(path, "wb") do \|out\|`
			`- out.write file_data`
			`- end`
			`+ format.file_entries.each do \|entry, file_data\|`
			`+ path = entry['path']`
			`+ if path =~ /\A\// then # for extra sanity`
			`+ raise Gem::InstallError,`
			`+ "attempt to install file into #{entry['path'].inspect}"`
			`+ end`
			`+ path = File.expand_path File.join(directory, path)`
			`+ if path !~ /\A#{Regexp.escape(File.expand_path(directory))}/ then`
			`+ raise Gem::InstallError,`
			`+ "attempt to install file into #{entry['path'].inspect}"`
			`+ end`
			`+ FileUtils.mkdir_p File.dirname(path)`
			`+ File.open(path, "wb") do \|out\|`
			`+ out.write file_data`
			`end`
			`end`
			`end`