[#59445] [ruby-trunk - Bug #9335][Open] dynamic rescue regression in Ruby 2.1 — "fdr (Daniel Farina)" <daniel@...>
6 messages
2014/01/01
[#59448] [ruby-trunk - Bug #9335][Rejected] dynamic rescue regression in Ruby 2.1
— "nobu (Nobuyoshi Nakada)" <nobu@...>
2014/01/01
[#59462] [ruby-trunk - Bug #9342][Open] [PATCH] SizedQueue#clear does not notify waiting threads in Ruby 1.9.3 — "jsc (Justin Collins)" <redmine@...>
9 messages
2014/01/02
[#59466] [ruby-trunk - Bug #9343][Open] [PATCH] SizedQueue#max= wakes up waiters properly — "normalperson (Eric Wong)" <normalperson@...>
11 messages
2014/01/02
[#60513] [ruby-trunk - Bug #9343] [PATCH] SizedQueue#max= wakes up waiters properly
— normalperson@...
2014/02/05
Issue #9343 has been updated by Eric Wong.
[#59498] [ruby-trunk - Bug #9352][Open] [BUG] rb_sys_fail_str(connect(2) for [fe80::1%lo0]:3000) - errno == 0 — "kain (Claudio Poli)" <claudio@...>
10 messages
2014/01/03
[#59516] [ruby-trunk - Bug #9356][Open] TCPSocket.new does not seem to handle INTR — "charliesome (Charlie Somerville)" <charliesome@...>
48 messages
2014/01/03
[#60863] [ruby-trunk - Bug #9356] TCPSocket.new does not seem to handle INTR
— shugo@...
2014/02/19
Issue #9356 has been updated by Shugo Maeda.
[#59546] [ruby-trunk - Bug #9356] TCPSocket.new does not seem to handle INTR
— "charliesome (Charlie Somerville)" <charliesome@...>
2014/01/04
[#59517] [ruby-trunk - Bug #9357][Open] TracePoint's c_return traces return from call to 'trace' — "andhapp (Anuj Dutta)" <anuj@...>
5 messages
2014/01/03
[#59538] [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed — "shyouhei (Shyouhei Urabe)" <shyouhei@...>
33 messages
2014/01/03
[#59582] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— SASADA Koichi <ko1@...>
2014/01/06
Intersting challenge.
[#59585] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Urabe Shyouhei <shyouhei@...>
2014/01/06
On 01/06/2014 04:52 PM, SASADA Koichi wrote:
[#59594] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Urabe Shyouhei <shyouhei@...>
2014/01/06
On 01/06/2014 06:11 PM, Urabe Shyouhei wrote:
[#59605] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— SASADA Koichi <ko1@...>
2014/01/06
(2014/01/06 23:10), Urabe Shyouhei wrote:
[#59630] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Urabe Shyouhei <shyouhei@...>
2014/01/07
On 01/07/2014 07:36 AM, SASADA Koichi wrote:
[#59541] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/04
Hi, I noticed a trivial typo in array.c, and it fails building struct.c
[#59542] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/04
Eric Wong <normalperson@yhbt.net> wrote:
[#59543] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/04
Btw, I just pushed a few trivial fixes up (a few more failures below):
[#59545] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/04
OK, last update of the night :o I think everything is good on 32-bit...
[#59551] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/04
Eric Wong <normalperson@yhbt.net> wrote:
[#59565] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/06
Btw, I started working on cachelined-time branch on git://80x24.org/ruby
[#59566] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/06
Eric Wong <normalperson@yhbt.net> wrote:
[#59567] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Urabe Shyouhei <shyouhei@...>
2014/01/06
On 01/06/2014 12:02 PM, Eric Wong wrote:
[#59568] Re: [ruby-trunk - Feature #9362][Assigned] Minimize cache misshit to gain optimal speed
— Eric Wong <normalperson@...>
2014/01/06
Urabe Shyouhei <shyouhei@ruby-lang.org> wrote:
[#59564] [ruby-trunk - Bug #9365][Open] Sporadic TypeError (wrong argument type Thread (expected VM/thread)) from IO#close (via Net:HTTP) — "ggiesemann (Geoffrey Giesemann)" <geoffwa@...>
6 messages
2014/01/05
[#60151] [ruby-trunk - Bug #9365] Sporadic TypeError (wrong argument type Thread (expected VM/thread)) from IO#close (via Net:HTTP)
— geoffwa@...
2014/01/28
Issue #9365 has been updated by Geoffrey Giesemann.
[#59728] Ruby 2.1.0 in Production: known bugs and patches — Aman Gupta <ruby@...1.net>
Last week, we upgraded the github.com rails app to ruby 2.1.0 in production.
6 messages
2014/01/13
[#59733] Re: Ruby 2.1.0 in Production: known bugs and patches
— "Martin J. Dürst" <duerst@...>
2014/01/13
Hello Aman,
[#59770] bug report did not propagate to ruby-core — Mean Login <meanlogin@...>
https://bugs.ruby-lang.org/issues/9416
4 messages
2014/01/15
[#59791] About unmarshallable DRb objects life-time — Rodrigo Rosenfeld Rosas <rr.rosas@...>
A while ago I created a proof-of-concept that I intended to use in my
16 messages
2014/01/15
[#59794] Re: About unmarshallable DRb objects life-time
— Eric Hodel <drbrain@...7.net>
2014/01/15
On 15 Jan 2014, at 11:58, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:
[#59808] Re: About unmarshallable DRb objects life-time
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2014/01/16
Em 15-01-2014 19:42, Eric Hodel escreveu:
[#59810] Re: About unmarshallable DRb objects life-time
— Eric Hodel <drbrain@...7.net>
2014/01/16
On 16 Jan 2014, at 02:15, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:
[#59826] Re: About unmarshallable DRb objects life-time
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2014/01/17
Em 16-01-2014 19:43, Eric Hodel escreveu:
[#59832] Re: About unmarshallable DRb objects life-time
— Eric Hodel <drbrain@...7.net>
2014/01/17
On 17 Jan 2014, at 04:22, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:
[#59860] Re: About unmarshallable DRb objects life-time
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2014/01/18
Em 17-01-2014 19:53, Eric Hodel escreveu:
[#59915] Re: About unmarshallable DRb objects life-time
— Eric Hodel <drbrain@...7.net>
2014/01/20
On 18 Jan 2014, at 15:12, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:
[#59929] Re: About unmarshallable DRb objects life-time
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2014/01/21
Em 20-01-2014 21:51, Eric Hodel escreveu:
[#59937] Re: About unmarshallable DRb objects life-time
— Eric Hodel <drbrain@...7.net>
2014/01/21
On 21 Jan 2014, at 02:01, Rodrigo Rosenfeld Rosas <rr.rosas@gmail.com> wrote:
[#59974] Re: About unmarshallable DRb objects life-time
— Rodrigo Rosenfeld Rosas <rr.rosas@...>
2014/01/22
Em 21-01-2014 19:36, Eric Hodel escreveu:
[#59807] [ruby-trunk - misc #9421] [Open] [PATCH] doc/contributing.rdoc: allow/encourage other git hosts — normalperson@...
Issue #9421 has been reported by Eric Wong.
5 messages
2014/01/16
[#59882] [ruby-trunk - Feature #9428] [Rejected] Inline argument expressions and re-assignment — matz@...
Issue #9428 has been updated by Yukihiro Matsumoto.
4 messages
2014/01/20
[#59896] Re: [ruby-trunk - Feature #9428] [Rejected] Inline argument expressions and re-assignment
— "Martin J. Dürst" <duerst@...>
2014/01/20
On 2014/01/20 11:32, matz@ruby-lang.org wrote:
[#59909] [ruby-trunk - Feature #9425] [PATCH] st: use power-of-two sizes to avoid slow modulo ops — shyouhei@...
Issue #9425 has been updated by Shyouhei Urabe.
4 messages
2014/01/20
[#59917] Re: [ruby-trunk - Feature #9425] [PATCH] st: use power-of-two sizes to avoid slow modulo ops
— Eric Wong <normalperson@...>
2014/01/21
shyouhei@ruby-lang.org wrote:
[#60229] [ruby-trunk - Feature #9427] [Feedback] [PATCH] io.c: remove socket check for sendfile — akr@...
Issue #9427 has been updated by Akira Tanaka.
3 messages
2014/01/29
[#60377] Re: [ruby-cvs:51920] nobu:r44775 (trunk): socket.c: suppress warnings — Eric Wong <normalperson@...>
nobu@ruby-lang.org wrote:
3 messages
2014/01/31
[ruby-core:60261] [ruby-trunk - Bug #5418] Some properties of WEBrick::HTTPRequest could be malformed
From:
shibata.hiroshi@...
Date:
2014-01-30 06:16:31 UTC
List:
ruby-core #60261
Issue #5418 has been updated by Hiroshi SHIBATA. Target version changed from 2.1.0 to current: 2.2.0 ---------------------------------------- Bug #5418: Some properties of WEBrick::HTTPRequest could be malformed https://bugs.ruby-lang.org/issues/5418#change-44740 * Author: Hiroshi Nakamura * Status: Assigned * Priority: Normal * Assignee: Hiroshi Nakamura * Category: lib * Target version: current: 2.2.0 * ruby -v: - * Backport: ---------------------------------------- Original reported issue: CVE-2011-3187 Users may expect that properties of WEBrick::HTTPRequest to be not malformed/faked. But at the fact, in current implementation, following properties can be malformed and faked by HTTP header sent by attacker. - HTTPRequest#host - can be malformed/faked by 'x-forwarded-host' - can be faked by 'Host' - HTTPRequest#port - can be faked by 'Host' - HTTPRequest#server_name - can be malformed/faked by 'x-forwarded-server' - HTTPRequest#remote_ip - can be malformed/faked by 'x-forwarded-for' and 'client-ip' - HTTPRequest#ssl? - can be faked by 'Host' - HTTPRequest#meta_vars (Hash of meta vars such as 'REQUEST_URI') - can be malformed/faked by some HTTP headers Here's the list of reason why we're thinking it's not a high-priority security bug at this moment. - For faked data issue, we don't have a way to guarantee that it's not faked. So developers of HTTPRequest must aware of that. - For malformed data issue, it should be a bug of HTTPRequest to be fixed, but it's the same problem for x-forwarded-host, x-forwarded-server and client-ip. We're offering those data in as-is basis from HTTP header so we can expect users handle the data properly for their purpose (for dumping to xterm, embedding to HTML, etc.) - And the fix for this bug would be a little complex for quick-fix because it's not only x-forwarded-for which causes this issue. 'client-ip' needs care, too. Documentation would be enough for server_name. We think we need general development cycle for fixing it. ref: https://bugzilla.novell.com/show_bug.cgi?id=673010 http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html -- http://bugs.ruby-lang.org/