From 61f8b79aee55fe6eb56cc1f68a35ee42675d0320 Mon Sep 17 00:00:00 2001
From: akr <akr@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 4 Sep 2008 10:15:34 +0000
Subject: * include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because  
 it tend to cause security problem.  If the behaviour is really   required,
 ECONV_INVALID_REPLACE with empty string can be used.   For example,
 CVE-2006-2313, CVE-2008-1036, [ruby-core:15645]   (ECONV_UNDEF_IGNORE):
 ditto.

* transcode.c (rb_econv_convert): follow the above change.
  (econv_opts): ditto.
  (Init_transcode): ditto.



git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@19123 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 ChangeLog | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index f30b43bf1..116aff0bb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+Thu Sep  4 19:10:27 2008  Tanaka Akira  <akr@fsij.org>
+
+	* include/ruby/encoding.h (ECONV_INVALID_IGNORE): removed because
+	  it tend to cause security problem.  If the behaviour is really
+	  required, ECONV_INVALID_REPLACE with empty string can be used.
+	  For example, CVE-2006-2313, CVE-2008-1036, [ruby-core:15645]
+	  (ECONV_UNDEF_IGNORE): ditto.
+
+	* transcode.c (rb_econv_convert): follow the above change.
+	  (econv_opts): ditto.
+	  (Init_transcode): ditto.
+
 Thu Sep  4 13:22:02 2008  Nobuyoshi Nakada  <nobu@ruby-lang.org>
 
 	* vm_core.h (struct rb_vm_struct): replaced signal staff with trap
-- 
cgit