aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorBen Woodcroft <donttrustben@gmail.com>2018-02-18 00:09:17 +1000
committerBen Woodcroft <donttrustben@gmail.com>2018-02-18 00:48:50 +1000
commitbb3359ab8e3c20eb91d61509b5ab364d03c9ec3b (patch)
tree729e805556c7fe4d8c85c83864a7c378387dacc2 /gnu/packages/patches
parent1ecbd859a10d42ead1d2b68342b89ab19952df88 (diff)
downloadguix-bb3359ab8e3c20eb91d61509b5ab364d03c9ec3b.tar.gz
guix-bb3359ab8e3c20eb91d61509b5ab364d03c9ec3b.zip
gnu: ruby-2.4.3: Update rubygems to 2.7.6.
This fixes the security issues described at https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in- rubygems/ * gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch: New file. * gnu/packages/ruby.scm (ruby-2.4.3)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch605
1 files changed, 605 insertions, 0 deletions
diff --git a/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch b/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch
new file mode 100644
index 0000000000..0d0ed6b204
--- /dev/null
+++ b/gnu/packages/patches/ruby-rubygems-276-for-ruby24.patch
@@ -0,0 +1,605 @@
+diff --git lib/rubygems.rb lib/rubygems.rb
+index 0685bcb3c6..a5a9202e56 100644
+--- ruby-2.4.3/lib/rubygems.rb
++++ ruby-2.4.3/lib/rubygems.rb
+@@ -10,7 +10,7 @@
+ require 'thread'
+
+ module Gem
+- VERSION = "2.6.14"
++ VERSION = "2.6.14.1"
+ end
+
+ # Must be first since it unloads the prelude from 1.9.2
+diff --git lib/rubygems/commands/owner_command.rb lib/rubygems/commands/owner_command.rb
+index 4b99434e87..2ee7f84462 100644
+--- ruby-2.4.3/lib/rubygems/commands/owner_command.rb
++++ ruby-2.4.3/lib/rubygems/commands/owner_command.rb
+@@ -62,7 +62,7 @@ def show_owners name
+ end
+
+ with_response response do |resp|
+- owners = YAML.load resp.body
++ owners = Gem::SafeYAML.load resp.body
+
+ say "Owners for gem: #{name}"
+ owners.each do |owner|
+diff --git lib/rubygems/package.rb lib/rubygems/package.rb
+index 77811ed5ec..b5a5fe2a26 100644
+--- ruby-2.4.3/lib/rubygems/package.rb
++++ ruby-2.4.3/lib/rubygems/package.rb
+@@ -378,7 +378,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc:
+ File.dirname destination
+ end
+
+- FileUtils.mkdir_p mkdir, mkdir_options
++ mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name
+
+ open destination, 'wb' do |out|
+ out.write entry.read
+@@ -416,20 +416,35 @@ def install_location filename, destination_dir # :nodoc:
+ raise Gem::Package::PathError.new(filename, destination_dir) if
+ filename.start_with? '/'
+
+- destination_dir = File.realpath destination_dir if
+- File.respond_to? :realpath
++ destination_dir = realpath destination_dir
+ destination_dir = File.expand_path destination_dir
+
+ destination = File.join destination_dir, filename
+ destination = File.expand_path destination
+
+ raise Gem::Package::PathError.new(destination, destination_dir) unless
+- destination.start_with? destination_dir
++ destination.start_with? destination_dir + '/'
+
+ destination.untaint
+ destination
+ end
+
++ def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name
++ destination_dir = realpath File.expand_path(destination_dir)
++ parts = mkdir.split(File::SEPARATOR)
++ parts.reduce do |path, basename|
++ path = realpath path unless path == ""
++ path = File.expand_path(path + File::SEPARATOR + basename)
++ lstat = File.lstat path rescue nil
++ if !lstat || !lstat.directory?
++ unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false)
++ raise Gem::Package::PathError.new(file_name, destination_dir)
++ end
++ end
++ path
++ end
++ end
++
+ ##
+ # Loads a Gem::Specification from the TarEntry +entry+
+
+@@ -603,6 +618,10 @@ def verify_files gem
+ raise Gem::Package::FormatError.new \
+ 'package content (data.tar.gz) is missing', @gem
+ end
++
++ if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any?
++ raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})"
++ end
+ end
+
+ ##
+@@ -616,6 +635,16 @@ def verify_gz entry # :nodoc:
+ raise Gem::Package::FormatError.new(e.message, entry.full_name)
+ end
+
++ if File.respond_to? :realpath
++ def realpath file
++ File.realpath file
++ end
++ else
++ def realpath file
++ file
++ end
++ end
++
+ end
+
+ require 'rubygems/package/digest_io'
+diff --git lib/rubygems/package/tar_header.rb lib/rubygems/package/tar_header.rb
+index c54bd14d57..d557357114 100644
+--- ruby-2.4.3/lib/rubygems/package/tar_header.rb
++++ ruby-2.4.3/lib/rubygems/package/tar_header.rb
+@@ -104,25 +104,30 @@ def self.from(stream)
+ fields = header.unpack UNPACK_FORMAT
+
+ new :name => fields.shift,
+- :mode => fields.shift.oct,
+- :uid => fields.shift.oct,
+- :gid => fields.shift.oct,
+- :size => fields.shift.oct,
+- :mtime => fields.shift.oct,
+- :checksum => fields.shift.oct,
++ :mode => strict_oct(fields.shift),
++ :uid => strict_oct(fields.shift),
++ :gid => strict_oct(fields.shift),
++ :size => strict_oct(fields.shift),
++ :mtime => strict_oct(fields.shift),
++ :checksum => strict_oct(fields.shift),
+ :typeflag => fields.shift,
+ :linkname => fields.shift,
+ :magic => fields.shift,
+- :version => fields.shift.oct,
++ :version => strict_oct(fields.shift),
+ :uname => fields.shift,
+ :gname => fields.shift,
+- :devmajor => fields.shift.oct,
+- :devminor => fields.shift.oct,
++ :devmajor => strict_oct(fields.shift),
++ :devminor => strict_oct(fields.shift),
+ :prefix => fields.shift,
+
+ :empty => empty
+ end
+
++ def self.strict_oct(str)
++ return str.oct if str =~ /\A[0-7]*\z/
++ raise ArgumentError, "#{str.inspect} is not an octal string"
++ end
++
+ ##
+ # Creates a new TarHeader using +vals+
+
+diff --git lib/rubygems/package/tar_writer.rb lib/rubygems/package/tar_writer.rb
+index f68b8d4c5e..390f7851a3 100644
+--- ruby-2.4.3/lib/rubygems/package/tar_writer.rb
++++ ruby-2.4.3/lib/rubygems/package/tar_writer.rb
+@@ -196,6 +196,8 @@ def add_file_signed name, mode, signer
+ digest_name == signer.digest_name
+ end
+
++ raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest
++
+ if signer.key then
+ signature = signer.sign signature_digest.digest
+
+diff --git lib/rubygems/server.rb lib/rubygems/server.rb
+index df4eb566d3..a7b5243ba0 100644
+--- ruby-2.4.3/lib/rubygems/server.rb
++++ ruby-2.4.3/lib/rubygems/server.rb
+@@ -631,6 +631,18 @@ def root(req, res)
+ executables = nil if executables.empty?
+ executables.last["is_last"] = true if executables
+
++ # Pre-process spec homepage for safety reasons
++ begin
++ homepage_uri = URI.parse(spec.homepage)
++ if [URI::HTTP, URI::HTTPS].member? homepage_uri.class
++ homepage_uri = spec.homepage
++ else
++ homepage_uri = "."
++ end
++ rescue URI::InvalidURIError
++ homepage_uri = "."
++ end
++
+ specs << {
+ "authors" => spec.authors.sort.join(", "),
+ "date" => spec.date.to_s,
+@@ -640,7 +652,7 @@ def root(req, res)
+ "only_one_executable" => (executables && executables.size == 1),
+ "full_name" => spec.full_name,
+ "has_deps" => !deps.empty?,
+- "homepage" => spec.homepage,
++ "homepage" => homepage_uri,
+ "name" => spec.name,
+ "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?,
+ "ri_installed" => Gem::RDoc.new(spec).ri_installed?,
+diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
+index 40e3a70d47..0a154b9001 100644
+--- ruby-2.4.3/lib/rubygems/specification.rb
++++ ruby-2.4.3/lib/rubygems/specification.rb
+@@ -15,6 +15,7 @@
+ require 'rubygems/stub_specification'
+ require 'rubygems/util/list'
+ require 'stringio'
++require 'uri'
+
+ ##
+ # The Specification class contains the information for a Gem. Typically
+@@ -2813,10 +2814,16 @@ def validate packaging = true
+ raise Gem::InvalidSpecificationException, "#{lazy} is not a summary"
+ end
+
+- if homepage and not homepage.empty? and
+- homepage !~ /\A[a-z][a-z\d+.-]*:/i then
+- raise Gem::InvalidSpecificationException,
+- "\"#{homepage}\" is not a URI"
++ # Make sure a homepage is valid HTTP/HTTPS URI
++ if homepage and not homepage.empty?
++ begin
++ homepage_uri = URI.parse(homepage)
++ unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class
++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
++ end
++ rescue URI::InvalidURIError
++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI"
++ end
+ end
+
+ # Warnings
+diff --git test/rubygems/test_gem_commands_owner_command.rb test/rubygems/test_gem_commands_owner_command.rb
+index 44652c1093..53cac4ce87 100644
+--- ruby-2.4.3/test/rubygems/test_gem_commands_owner_command.rb
++++ ruby-2.4.3/test/rubygems/test_gem_commands_owner_command.rb
+@@ -43,6 +43,31 @@ def test_show_owners
+ assert_match %r{- 4}, @ui.output
+ end
+
++ def test_show_owners_dont_load_objects
++ skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass)
++
++ response = <<EOF
++---
++- email: !ruby/object:Object {}
++ id: 1
++ handle: user1
++- email: user2@example.com
++- id: 3
++ handle: user3
++- id: 4
++EOF
++
++ @fetcher.data["#{Gem.host}/api/v1/gems/freewill/owners.yaml"] = [response, 200, 'OK']
++
++ assert_raises Psych::DisallowedClass do
++ use_ui @ui do
++ @cmd.show_owners("freewill")
++ end
++ end
++
++ end
++
++
+ def test_show_owners_setting_up_host_through_env_var
+ response = "- email: user1@example.com\n"
+ host = "http://rubygems.example"
+diff --git test/rubygems/test_gem_package.rb test/rubygems/test_gem_package.rb
+index 9d47f0dea4..5b93475314 100644
+--- ruby-2.4.3/test/rubygems/test_gem_package.rb
++++ ruby-2.4.3/test/rubygems/test_gem_package.rb
+@@ -455,6 +455,31 @@ def test_extract_tar_gz_symlink_relative_path
+ File.read(extracted)
+ end
+
++ def test_extract_symlink_parent
++ skip 'symlink not supported' if Gem.win_platform?
++
++ package = Gem::Package.new @gem
++
++ tgz_io = util_tar_gz do |tar|
++ tar.mkdir 'lib', 0755
++ tar.add_symlink 'lib/link', '../..', 0644
++ tar.add_file 'lib/link/outside.txt', 0644 do |io| io.write 'hi' end
++ end
++
++ # Extract into a subdirectory of @destination; if this test fails it writes
++ # a file outside destination_subdir, but we want the file to remain inside
++ # @destination so it will be cleaned up.
++ destination_subdir = File.join @destination, 'subdir'
++ FileUtils.mkdir_p destination_subdir
++
++ e = assert_raises Gem::Package::PathError do
++ package.extract_tar_gz tgz_io, destination_subdir
++ end
++
++ assert_equal("installing into parent path lib/link/outside.txt of " +
++ "#{destination_subdir} is not allowed", e.message)
++ end
++
+ def test_extract_tar_gz_directory
+ package = Gem::Package.new @gem
+
+@@ -566,6 +591,21 @@ def test_install_location_relative
+ "#{@destination} is not allowed", e.message)
+ end
+
++ def test_install_location_suffix
++ package = Gem::Package.new @gem
++
++ filename = "../#{File.basename(@destination)}suffix.rb"
++
++ e = assert_raises Gem::Package::PathError do
++ package.install_location filename, @destination
++ end
++
++ parent = File.expand_path File.join @destination, filename
++
++ assert_equal("installing into parent path #{parent} of " +
++ "#{@destination} is not allowed", e.message)
++ end
++
+ def test_load_spec
+ entry = StringIO.new Gem.gzip @spec.to_yaml
+ def entry.full_name() 'metadata.gz' end
+@@ -723,6 +763,32 @@ def test_verify_nonexistent
+ assert_match %r%nonexistent.gem$%, e.message
+ end
+
++ def test_verify_duplicate_file
++ FileUtils.mkdir_p 'lib'
++ FileUtils.touch 'lib/code.rb'
++
++ build = Gem::Package.new @gem
++ build.spec = @spec
++ build.setup_signer
++ open @gem, 'wb' do |gem_io|
++ Gem::Package::TarWriter.new gem_io do |gem|
++ build.add_metadata gem
++ build.add_contents gem
++
++ gem.add_file_simple 'a.sig', 0444, 0
++ gem.add_file_simple 'a.sig', 0444, 0
++ end
++ end
++
++ package = Gem::Package.new @gem
++
++ e = assert_raises Gem::Security::Exception do
++ package.verify
++ end
++
++ assert_equal 'duplicate files in the package: ("a.sig")', e.message
++ end
++
+ def test_verify_security_policy
+ skip 'openssl is missing' unless defined?(OpenSSL::SSL)
+
+@@ -780,7 +846,13 @@ def test_verify_security_policy_checksum_missing
+
+ # write bogus data.tar.gz to foil signature
+ bogus_data = Gem.gzip 'hello'
+- gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io|
++ fake_signer = Class.new do
++ def digest_name; 'SHA512'; end
++ def digest_algorithm; Digest(:SHA512); end
++ def key; 'key'; end
++ def sign(*); 'fake_sig'; end
++ end
++ gem.add_file_signed 'data2.tar.gz', 0444, fake_signer.new do |io|
+ io.write bogus_data
+ end
+
+diff --git test/rubygems/test_gem_package_tar_header.rb test/rubygems/test_gem_package_tar_header.rb
+index d33877057d..43f508df45 100644
+--- ruby-2.4.3/test/rubygems/test_gem_package_tar_header.rb
++++ ruby-2.4.3/test/rubygems/test_gem_package_tar_header.rb
+@@ -143,5 +143,26 @@ def test_update_checksum
+ assert_equal '012467', @tar_header.checksum
+ end
+
++ def test_from_bad_octal
++ test_cases = [
++ "00000006,44\000", # bogus character
++ "00000006789\000", # non-octal digit
++ "+0000001234\000", # positive sign
++ "-0000001000\000", # negative sign
++ "0x000123abc\000", # radix prefix
++ ]
++
++ test_cases.each do |val|
++ header_s = @tar_header.to_s
++ # overwrite the size field
++ header_s[124, 12] = val
++ io = TempIO.new header_s
++ assert_raises ArgumentError do
++ new_header = Gem::Package::TarHeader.from io
++ end
++ io.close! if io.respond_to? :close!
++ end
++ end
++
+ end
+
+diff --git test/rubygems/test_gem_server.rb test/rubygems/test_gem_server.rb
+index 4873fac5b6..96ed9194e9 100644
+--- ruby-2.4.3/test/rubygems/test_gem_server.rb
++++ ruby-2.4.3/test/rubygems/test_gem_server.rb
+@@ -336,6 +336,171 @@ def test_root_gemdirs
+ assert_match 'z 9', @res.body
+ end
+
++
++ def test_xss_homepage_fix_289313
++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
++ dir = "#{@gemhome}2"
++
++ spec = util_spec 'xsshomepagegem', 1
++ spec.homepage = "javascript:confirm(document.domain)"
++
++ specs_dir = File.join dir, 'specifications'
++ FileUtils.mkdir_p specs_dir
++
++ open File.join(specs_dir, spec.spec_name), 'w' do |io|
++ io.write spec.to_ruby
++ end
++
++ server = Gem::Server.new dir, process_based_port, false
++
++ @req.parse data
++
++ server.root @req, @res
++
++ assert_equal 200, @res.status
++ assert_match 'xsshomepagegem 1', @res.body
++
++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
++ # validated in future versions of Gem::Specification.
++ #
++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
++ #
++ # Variant #1 - rdoc not installed
++ #
++ # <b>xsshomepagegem 1</b>
++ #
++ #
++ # <span title="rdoc not installed">[rdoc]</span>
++ #
++ #
++ #
++ # <a href="." title=".">[www]</a>
++ #
++ # Variant #2 - rdoc installed
++ #
++ # <b>xsshomepagegem 1</b>
++ #
++ #
++ # <a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>
++ #
++ #
++ #
++ # <a href="." title=".">[www]</a>
++ regex_match = /xsshomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/xsshomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
++ assert_match regex_match, @res.body
++ end
++
++ def test_invalid_homepage
++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
++ dir = "#{@gemhome}2"
++
++ spec = util_spec 'invalidhomepagegem', 1
++ spec.homepage = "notavalidhomepageurl"
++
++ specs_dir = File.join dir, 'specifications'
++ FileUtils.mkdir_p specs_dir
++
++ open File.join(specs_dir, spec.spec_name), 'w' do |io|
++ io.write spec.to_ruby
++ end
++
++ server = Gem::Server.new dir, process_based_port, false
++
++ @req.parse data
++
++ server.root @req, @res
++
++ assert_equal 200, @res.status
++ assert_match 'invalidhomepagegem 1', @res.body
++
++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a
++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here,
++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be
++ # validated in future versions of Gem::Specification.
++ #
++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex:
++ #
++ # Variant #1 - rdoc not installed
++ #
++ # <b>invalidhomepagegem 1</b>
++ #
++ #
++ # <span title="rdoc not installed">[rdoc]</span>
++ #
++ #
++ #
++ # <a href="." title=".">[www]</a>
++ #
++ # Variant #2 - rdoc installed
++ #
++ # <b>invalidhomepagegem 1</b>
++ #
++ #
++ # <a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>
++ #
++ #
++ #
++ # <a href="." title=".">[www]</a>
++ regex_match = /invalidhomepagegem 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/invalidhomepagegem-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="\." title="\.">\[www\]<\/a>/
++ assert_match regex_match, @res.body
++ end
++
++ def test_valid_homepage_http
++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
++ dir = "#{@gemhome}2"
++
++ spec = util_spec 'validhomepagegemhttp', 1
++ spec.homepage = "http://rubygems.org"
++
++ specs_dir = File.join dir, 'specifications'
++ FileUtils.mkdir_p specs_dir
++
++ open File.join(specs_dir, spec.spec_name), 'w' do |io|
++ io.write spec.to_ruby
++ end
++
++ server = Gem::Server.new dir, process_based_port, false
++
++ @req.parse data
++
++ server.root @req, @res
++
++ assert_equal 200, @res.status
++ assert_match 'validhomepagegemhttp 1', @res.body
++
++ regex_match = /validhomepagegemhttp 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttp-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="http:\/\/rubygems\.org" title="http:\/\/rubygems\.org">\[www\]<\/a>/
++ assert_match regex_match, @res.body
++ end
++
++ def test_valid_homepage_https
++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n"
++ dir = "#{@gemhome}2"
++
++ spec = util_spec 'validhomepagegemhttps', 1
++ spec.homepage = "https://rubygems.org"
++
++ specs_dir = File.join dir, 'specifications'
++ FileUtils.mkdir_p specs_dir
++
++ open File.join(specs_dir, spec.spec_name), 'w' do |io|
++ io.write spec.to_ruby
++ end
++
++ server = Gem::Server.new dir, process_based_port, false
++
++ @req.parse data
++
++ server.root @req, @res
++
++ assert_equal 200, @res.status
++ assert_match 'validhomepagegemhttps 1', @res.body
++
++ regex_match = /validhomepagegemhttps 1<\/b>[\n\s]+(<span title="rdoc not installed">\[rdoc\]<\/span>|<a href="\/doc_root\/validhomepagegemhttps-1\/">\[rdoc\]<\/a>)[\n\s]+<a href="https:\/\/rubygems\.org" title="https:\/\/rubygems\.org">\[www\]<\/a>/
++ assert_match regex_match, @res.body
++ end
++
+ def test_specs
+ data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n"
+ @req.parse data
+diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
+index 0fcc11e78f..1c68826fb3 100644
+--- ruby-2.4.3/test/rubygems/test_gem_specification.rb
++++ ruby-2.4.3/test/rubygems/test_gem_specification.rb
+@@ -2890,7 +2890,22 @@ def test_validate_homepage
+ @a1.validate
+ end
+
+- assert_equal '"over at my cool site" is not a URI', e.message
++ assert_equal '"over at my cool site" is not a valid HTTP URI', e.message
++
++ @a1.homepage = 'ftp://rubygems.org'
++
++ e = assert_raises Gem::InvalidSpecificationException do
++ @a1.validate
++ end
++
++ assert_equal '"ftp://rubygems.org" is not a valid HTTP URI', e.message
++
++ @a1.homepage = 'http://rubygems.org'
++ assert_equal true, @a1.validate
++
++ @a1.homepage = 'https://rubygems.org'
++ assert_equal true, @a1.validate
++
+ end
+ end
+