[前][次][番号順一覧][スレッド一覧]

ruby-changes:17007

From: shyouhei <ko1@a...>
Date: Mon, 16 Aug 2010 12:41:37 +0900 (JST)
Subject: [ruby-changes:17007] Ruby:r29002 (trunk, ruby_1_8, ruby_1_9_2, ruby_1_8_7): merge revision(s) 28997:

shyouhei	2010-08-16 12:41:12 +0900 (Mon, 16 Aug 2010)

  New Revision: 29002

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=29002

  Log:
    merge revision(s) 28997:
    * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
      Fix for possible cross-site scripting (CVE-2010-0541). 
      Found by Apple, reported by Hideki Yamane.
      Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.

  Modified files:
    branches/ruby_1_8/ChangeLog
    branches/ruby_1_8/lib/webrick/httpresponse.rb
    branches/ruby_1_8_7/ChangeLog
    branches/ruby_1_8_7/version.h
    branches/ruby_1_9_2/ChangeLog
    branches/ruby_1_9_2/lib/webrick/httpresponse.rb
    trunk/ChangeLog
    trunk/lib/webrick/httpresponse.rb

Index: ChangeLog
===================================================================
--- ChangeLog	(revision 29001)
+++ ChangeLog	(revision 29002)
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@y...>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Mon Aug 16 12:29:06 2010  Nobuyoshi Nakada  <nobu@r...>
 
 	* Makefile.in, win32/Makefile.sub (test-rubyspec-precheck): split
Index: lib/webrick/httpresponse.rb
===================================================================
--- lib/webrick/httpresponse.rb	(revision 29001)
+++ lib/webrick/httpresponse.rb	(revision 29002)
@@ -208,7 +208,7 @@
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
Index: ruby_1_8/ChangeLog
===================================================================
--- ruby_1_8/ChangeLog	(revision 29001)
+++ ruby_1_8/ChangeLog	(revision 29002)
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@y...>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Wed Aug 11 10:53:28 2010  NAKAMURA Usaku  <usa@r...>
 
 	* mkconfig.rb: should use RbConfig instead of Config, because the name
Index: ruby_1_8/lib/webrick/httpresponse.rb
===================================================================
--- ruby_1_8/lib/webrick/httpresponse.rb	(revision 29001)
+++ ruby_1_8/lib/webrick/httpresponse.rb	(revision 29002)
@@ -209,7 +209,7 @@
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
Index: ruby_1_9_2/ChangeLog
===================================================================
--- ruby_1_9_2/ChangeLog	(revision 29001)
+++ ruby_1_9_2/ChangeLog	(revision 29002)
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@y...>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Fri Jul 30 08:51:51 2010  Nobuyoshi Nakada  <nobu@r...>
 
 	* file.c (file_expand_path): home directory must be absolute.
Index: ruby_1_9_2/lib/webrick/httpresponse.rb
===================================================================
--- ruby_1_9_2/lib/webrick/httpresponse.rb	(revision 29001)
+++ ruby_1_9_2/lib/webrick/httpresponse.rb	(revision 29002)
@@ -208,7 +208,7 @@
         @keep_alive = false
         self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
       end
-      @header['content-type'] = "text/html"
+      @header['content-type'] = "text/html; charset=ISO-8859-1"
 
       if respond_to?(:create_error_page)
         create_error_page()
Index: ruby_1_8_7/ChangeLog
===================================================================
--- ruby_1_8_7/ChangeLog	(revision 29001)
+++ ruby_1_8_7/ChangeLog	(revision 29002)
@@ -1,3 +1,10 @@
+Sun Aug 15 19:59:58 2010  Yuki Sonoda (Yugui)  <yugui@y...>
+
+	* lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error):
+	  Fix for possible cross-site scripting (CVE-2010-0541). 
+	  Found by Apple, reported by Hideki Yamane.
+	  Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>.
+
 Sat Jul 17 15:19:58 2010  KOSAKI Motohiro  <kosaki.motohiro@g...>
 
 	* configure.in: Change AC_PREREQ from 2.58 to 2.60 because
Index: ruby_1_8_7/version.h
===================================================================
--- ruby_1_8_7/version.h	(revision 29001)
+++ ruby_1_8_7/version.h	(revision 29002)
@@ -1,15 +1,15 @@
 #define RUBY_VERSION "1.8.7"
-#define RUBY_RELEASE_DATE "2010-07-17"
+#define RUBY_RELEASE_DATE "2010-08-16"
 #define RUBY_VERSION_CODE 187
-#define RUBY_RELEASE_CODE 20100717
-#define RUBY_PATCHLEVEL 300
+#define RUBY_RELEASE_CODE 20100816
+#define RUBY_PATCHLEVEL 301
 
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 8
 #define RUBY_VERSION_TEENY 7
 #define RUBY_RELEASE_YEAR 2010
-#define RUBY_RELEASE_MONTH 7
-#define RUBY_RELEASE_DAY 17
+#define RUBY_RELEASE_MONTH 8
+#define RUBY_RELEASE_DAY 16
 
 #ifdef RUBY_EXTERN
 RUBY_EXTERN const char ruby_version[];

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/

[前][次][番号順一覧][スレッド一覧]