ruby-changes:17007
From: shyouhei <ko1@a...>
Date: Mon, 16 Aug 2010 12:41:37 +0900 (JST)
Subject: [ruby-changes:17007] Ruby:r29002 (trunk, ruby_1_8, ruby_1_9_2, ruby_1_8_7): merge revision(s) 28997:
shyouhei 2010-08-16 12:41:12 +0900 (Mon, 16 Aug 2010) New Revision: 29002 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=29002 Log: merge revision(s) 28997: * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): Fix for possible cross-site scripting (CVE-2010-0541). Found by Apple, reported by Hideki Yamane. Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. Modified files: branches/ruby_1_8/ChangeLog branches/ruby_1_8/lib/webrick/httpresponse.rb branches/ruby_1_8_7/ChangeLog branches/ruby_1_8_7/version.h branches/ruby_1_9_2/ChangeLog branches/ruby_1_9_2/lib/webrick/httpresponse.rb trunk/ChangeLog trunk/lib/webrick/httpresponse.rb Index: ChangeLog =================================================================== --- ChangeLog (revision 29001) +++ ChangeLog (revision 29002) @@ -1,3 +1,10 @@ +Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@y...> + + * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): + Fix for possible cross-site scripting (CVE-2010-0541). + Found by Apple, reported by Hideki Yamane. + Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. + Mon Aug 16 12:29:06 2010 Nobuyoshi Nakada <nobu@r...> * Makefile.in, win32/Makefile.sub (test-rubyspec-precheck): split Index: lib/webrick/httpresponse.rb =================================================================== --- lib/webrick/httpresponse.rb (revision 29001) +++ lib/webrick/httpresponse.rb (revision 29002) @@ -208,7 +208,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() Index: ruby_1_8/ChangeLog =================================================================== --- ruby_1_8/ChangeLog (revision 29001) +++ ruby_1_8/ChangeLog (revision 29002) @@ -1,3 +1,10 @@ +Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@y...> + + * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): + Fix for possible cross-site scripting (CVE-2010-0541). + Found by Apple, reported by Hideki Yamane. + Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. + Wed Aug 11 10:53:28 2010 NAKAMURA Usaku <usa@r...> * mkconfig.rb: should use RbConfig instead of Config, because the name Index: ruby_1_8/lib/webrick/httpresponse.rb =================================================================== --- ruby_1_8/lib/webrick/httpresponse.rb (revision 29001) +++ ruby_1_8/lib/webrick/httpresponse.rb (revision 29002) @@ -209,7 +209,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() Index: ruby_1_9_2/ChangeLog =================================================================== --- ruby_1_9_2/ChangeLog (revision 29001) +++ ruby_1_9_2/ChangeLog (revision 29002) @@ -1,3 +1,10 @@ +Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@y...> + + * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): + Fix for possible cross-site scripting (CVE-2010-0541). + Found by Apple, reported by Hideki Yamane. + Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. + Fri Jul 30 08:51:51 2010 Nobuyoshi Nakada <nobu@r...> * file.c (file_expand_path): home directory must be absolute. Index: ruby_1_9_2/lib/webrick/httpresponse.rb =================================================================== --- ruby_1_9_2/lib/webrick/httpresponse.rb (revision 29001) +++ ruby_1_9_2/lib/webrick/httpresponse.rb (revision 29002) @@ -208,7 +208,7 @@ @keep_alive = false self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR end - @header['content-type'] = "text/html" + @header['content-type'] = "text/html; charset=ISO-8859-1" if respond_to?(:create_error_page) create_error_page() Index: ruby_1_8_7/ChangeLog =================================================================== --- ruby_1_8_7/ChangeLog (revision 29001) +++ ruby_1_8_7/ChangeLog (revision 29002) @@ -1,3 +1,10 @@ +Sun Aug 15 19:59:58 2010 Yuki Sonoda (Yugui) <yugui@y...> + + * lib/webrick/httpresponse.rb (WEBrick::HTTPResponse#set_error): + Fix for possible cross-site scripting (CVE-2010-0541). + Found by Apple, reported by Hideki Yamane. + Patch by Hirokazu Nishio <nishio.hirokazu AT gmail.com>. + Sat Jul 17 15:19:58 2010 KOSAKI Motohiro <kosaki.motohiro@g...> * configure.in: Change AC_PREREQ from 2.58 to 2.60 because Index: ruby_1_8_7/version.h =================================================================== --- ruby_1_8_7/version.h (revision 29001) +++ ruby_1_8_7/version.h (revision 29002) @@ -1,15 +1,15 @@ #define RUBY_VERSION "1.8.7" -#define RUBY_RELEASE_DATE "2010-07-17" +#define RUBY_RELEASE_DATE "2010-08-16" #define RUBY_VERSION_CODE 187 -#define RUBY_RELEASE_CODE 20100717 -#define RUBY_PATCHLEVEL 300 +#define RUBY_RELEASE_CODE 20100816 +#define RUBY_PATCHLEVEL 301 #define RUBY_VERSION_MAJOR 1 #define RUBY_VERSION_MINOR 8 #define RUBY_VERSION_TEENY 7 #define RUBY_RELEASE_YEAR 2010 -#define RUBY_RELEASE_MONTH 7 -#define RUBY_RELEASE_DAY 17 +#define RUBY_RELEASE_MONTH 8 +#define RUBY_RELEASE_DAY 16 #ifdef RUBY_EXTERN RUBY_EXTERN const char ruby_version[]; -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/