merges r24371 from trunk into ruby_1_9_1.

--
* thread.c (recursive_push): untrust internal hash to prevent
  unexpected SecurityError.  a patch from Kazuhiro NISHIYAMA.
  Fix: #1864  [ruby-dev:38982]

git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_9_1@24462 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 9 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 72c24a889..e20dcee39 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Mon Aug  3 18:12:54 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
+
+	* thread.c (recursive_push): untrust internal hash to prevent
+	  unexpected SecurityError.  a patch from Kazuhiro NISHIYAMA.
+	  Fix: #1864  [ruby-dev:38982]
+
 Mon Aug  3 17:06:05 2009  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* lib/README: updated.  a patch from Daniel Bovensiepen.
diff --git a/thread.c b/thread.c
index bc6614b17..c264b58af 100644
--- a/thread.c
+++ b/thread.c
@@ -3333,6 +3333,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
     }
     if (NIL_P(list) || TYPE(list) != T_HASH) {
 	list = rb_hash_new();
+	OBJ_UNTRUST(list);
 	rb_hash_aset(hash, sym, list);
     }
     if (!paired_obj) {
@@ -3345,6 +3346,7 @@ recursive_push(VALUE hash, VALUE obj, VALUE paired_obj)
 	if (TYPE(pair_list) != T_HASH){
 	    VALUE other_paired_obj = pair_list;
 	    pair_list = rb_hash_new();
+	    OBJ_UNTRUST(pair_list);
 	    rb_hash_aset(pair_list, other_paired_obj, Qtrue);
 	    rb_hash_aset(list, obj, pair_list);
 	}
diff --git a/version.h b/version.h
index 600082477..da326e43d 100644
--- a/version.h
+++ b/version.h
@@ -1,5 +1,5 @@
 #define RUBY_VERSION "1.9.1"
-#define RUBY_PATCHLEVEL 266
+#define RUBY_PATCHLEVEL 267
 #define RUBY_VERSION_MAJOR 1
 #define RUBY_VERSION_MINOR 9
 #define RUBY_VERSION_TEENY 1