diff options
author | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-04 10:15:34 +0000 |
---|---|---|
committer | akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2008-09-04 10:15:34 +0000 |
commit | 45c37073038bde691ef12350277cd5a0b7796ec3 (patch) | |
tree | a0008d75fa81363442708cdaa98272e426bb8415 /ChangeLog | |
parent | 1633eb7238776b94a5f162b85f225423174e4c26 (diff) | |
download | ruby-45c37073038bde691ef12350277cd5a0b7796ec3.tar.gz |
* include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because
it tend to cause security problem. If the behaviour is really
required, ECONV_INVALID_REPLACE with empty string can be used.
For example, CVE-2006-2313, CVE-2008-1036, [ruby-core:15645]
(ECONV_UNDEF_IGNORE): ditto.
* transcode.c (rb_econv_convert): follow the above change.
(econv_opts): ditto.
(Init_transcode): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@19123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -1,3 +1,15 @@ +Thu Sep 4 19:10:27 2008 Tanaka Akira <akr@fsij.org> + + * include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because + it tend to cause security problem. If the behaviour is really + required, ECONV_INVALID_REPLACE with empty string can be used. + For example, CVE-2006-2313, CVE-2008-1036, [ruby-core:15645] + (ECONV_UNDEF_IGNORE): ditto. + + * transcode.c (rb_econv_convert): follow the above change. + (econv_opts): ditto. + (Init_transcode): ditto. + Thu Sep 4 13:22:02 2008 Nobuyoshi Nakada <nobu@ruby-lang.org> * vm_core.h (struct rb_vm_struct): replaced signal staff with trap |