2010年9月29日

[installer 2526] ruby-1.8.6-p420

ruby-1.8.6-p420 出ています。

http://www.ruby-lang.org/ja/news/2010/08/16/xss-in-webrick-cve-2010-0541/
には反映されていませんが、CVE-2010-0541 の修正が含まれています。

☆ ruby-1.8.6-p420
http://www.ruby-lang.org/
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p420.tar.gz


Tue Aug 18 03:34:00 Kirk Haines <khaines@xxxxx>

* lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information. r29026

Tue Aug 18 03:27:00 Kirk Haines <khaines@xxxxx>

* ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests. r29025

* test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite. r29025

* test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively. r29025

Wed Jun 23 04:26:00 Kirk Haines <khaines@xxxxx>

* io.c: Backport #2267 [ruby-core:26300]; Fix problem with IO so that the file position is correct after a direct write on BSDish platforms like OS X. r28393
* test/ruby/test_io.rb: Added a test for the fix. r28393

Wed Jun 23 02:07:00 Kirk Haines <khaines@xxxxx>

* object.c: Backport #2364 [ruby-core:26733]; Allow result of to_f to be NaN to permit conversion from BigDecimal('NaN') to Float. r28392

Tue Jun 22 04:29:00 Kirk Haines <khaines@xxxxx>

* eval.c: Bug #1886 [ruby-core:24767]; ensure that rb_exc_raise and rb_exc_fatal require an exception object. Backport of r24403. r28374
* test/ruby/test_exception.rb: test for exception change. Backport of r24404. r28374

Sat Jun 12 07:34:00 Kirk Haines <khaines@xxxxx>

* configure.in: Backport #1710 [ruby-core:24104]; backport of r20573 to clean up handling of LIBPATHFLAG. r28291

Thu Jun 10 22:50:00 Kirk Haines <khaines@xxxxx>

* lib/uri/generic.rb: Backport #2428 [ruby-core:27019]; fixed #eql? so that it can handle being passed a nil value. r28255
* test/generic/test_generic.rb: added a test for the fix to #eql?. r28255

Thu Jun 10 06:46:00 Kirk Haines <khaines@xxxxx>

* ext/nkf/nkf-utf8/nkf.c: Backport #2953 [ruby-dev:40606]; change nkf_char buffer in numchar_getc() size form 8 to 10 to avoid potential for a segfault. r28242

* test/nkf/test_nkf.rb: Added a test for the change. r28242

Thu Jun 10 01:40:00 Kirk Haines <khaines@xxxxx>

* lib/delegate.rb: Backport #1781 [ruby-core:24356]; allow a block to be properly passed through. r28239

Wed Jun 9 04:35:00 Kirk Haines <khaines@xxxxx>

* gc.c: Backport #1785 [ruby-core:24395]; check to make sure finalizer_table isn't null before trying to run finalizers. r28235

Wed Jun 9 02:10:00 Kirk Haines <khaines@xxxxx>

* lib/pathname.rb: Backport #2110 [ruby-core:25627]; backport of r23093 to handle the scenario where, on filesystems like Windows', paths are compared using casecmp instead of ==. r28234

Wed Jun 9 01:42:00 Kirk Haines <khaines@xxxxx>

* lib/date.rb: Backport #2707 [ruby-core:28011]; backport r27014 to fix problem with Date#>> and very small numbers. r28233

Wed Jun 9 01:05:00 Kirk Haines <khaines@xxxxx>

* lib/monitor.rb: Backport #2240 [ruby-core:26185]; backport r25420 to ensure that the scheduled thread is alive when a monitor is released. r28232
* test/monitor/test_monitor.rb: Backport #2240 [ruby-core:26185]; added a test for the above functionality. r28232

Tue Jun 8 23:45:00 2010 Kirk Haines <khaines@xxxxx>

* regexp.c: Backport #3403; backported from r28192 to fix a bug with non-greedy matching. r28231
* test/ruby/test_regexp.rb: Backport #3403; added this test suite, commenting out inapplicable tests to the current 1.8.6. r28231
* ChangeLog: Got my date wrong in the last few entries. Tuesday is the 8th, not the 9th! r28231

Tue Jun 8 20:40:00 2010 Kirk Haines <khaines@xxxxx>

* eval.c: Backport #2202 [ruby-core:26074]; backport of r25359, which modifies rb_clear_cache_for_undef to clear entries for inherited methods. r28229
* test/ruby/test_object.rb: Backport #2202 [ruby-core:26074]; Added this file, from r25359, which tests a number of behaviors of Object, including this change. This version differs from the one in r25359 because there are several tests which currently fail on 1.8.6 because those capabilities are not implemented. Those tests are commented out. r28229

Tue Jun 8 3:20:00 2010 Kirk Haines <khaines@xxxxx>

* lib/net/http.rb: Backport #1284 [ruby-core:22874]; Change Net:HTTP to use a block size of 16k instead of 1k when streaming or chunking POST bodies. r28198
* test/net/http/test_post_io.rb: Backport #1284 [ruby-core:22874]; A test to go with the above change. r28198

Fri Jun 4 5:57:00 2010 Kirk Haines <khaines@xxxxx>

* util.c: Backport #2392 [ruby-core:26868]; backport of r23353 which suppresses a strict-aliasing warning in gcc-4.4.x -O2. r28153

Thu May 26 02:15:00 2010 Kirk Haines <khaines@xxxxx>

* signal.c: Bug #911 [ruby-core:20723]; this problem exists because Resolv::ResolvTimeout has Interrupt in its ancestry, and Interrupt, which descends from Signal, still used Signal's initialize() method, which requires an argument. Interrupt, however, should not require an argument. This is a backport of r12226 on the 1.8.7 branch, which fixed this problem. r28029

Mon May 25 06:59:00 2010 Kirk Haines <khaines@xxxxx>

* ChangeLog: Changed dates on the last commit records, because I didn't shift the day when I shifted timezones to JST. r28003

* io.c: Backport #776 [ruby-core:20043]; added an ifdef _#WIN32 to rb_io_flush to do an fsync on windows. r28003

Mon May 25 06:26:00 2010 Kirk haines <khaines@xxxxx>

* ext/openssl/ossl_config.c: Backport #484 [ruby-core:18377]; OpenSSL::Config now freezes correctly, preventing further modification. r28002

Mon May 25 05:25:00 2010 Kirk haines <khaines@xxxxx>

* lib/fileutils.rb: Backport #1700 [ruby-core:24078]; stringify group argument in #fu_get_gid before making regexp match. r28001

Mon May 25 05:15:00 2010 Kirk Haines <khaines@xxxxx>

* configure.in: Bug #2553 [ruby-core:27380]; Add a --disable-ucontext option, for use with --enable-pthreads, to avoid performance loss from --enable-pthreads and the oodles of sigprocmask calls that normally brings. r27999

Thu May 20 04:10:00 2010 Kirk Haines <khaines@xxxxx>

* lib/cgi.rb: Backport #229 [ruby-core:17634]; CGI::Cookie objects can get out of sync when CGI::Cookie#value= is used to assign a new value. Also, if a nil value ends up in the array of values for the cookie, CGI::Cookie#to_s would blow up on a gsub error when it tried to CGI::escape the nil value. This is fixed so that nils are treated as empty strings. r27932

* lib/irb/ext/multi-irb.rb: Backport #145 [ruby-dev:35075]; Fixes some misleading exceptions in IRB's fg command when used with no arguments or invalid arguments. r27934
* lib/irb/extended-command.rb: Backport #145 [ruby-dev:35075]

Fri Mar 5 03:58:00 2010 Kirk Haines <khaines@xxxxx>

* lib/yaml/tag.rb: Add a :startdoc: at the end of the YAML specific Module functions so that the rest of the Module docs get generated. Fixes Bug #1718 [ruby-core:24121].

----
こがよういちろう


投稿者 xml-rpc : 2010年9月29日 09:20
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/98700
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。