diff options
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -1,3 +1,29 @@ +Wed Dec 28 21:34:23 2011 URABE Shyouhei <shyouhei@ruby-lang.org> + + * string.c (rb_str_hash): randomize hash to avoid algorithmic + complexity attacks. CVE-2011-4815 + + * st.c (strhash): ditto. + + * string.c (Init_String): initialization of hash_seed to be at the + beginning of the process. + + * st.c (Init_st): ditto. + +Thu Dec 8 11:57:04 2011 Tanaka Akira <akr@fsij.org> + + * inits.c (rb_call_inits): call Init_RandomSeed at first. + + * random.c (seed_initialized): defined. + (fill_random_seed): extracted from random_seed. + (make_seed_value): extracted from random_seed. + (rb_f_rand): initialize random seed at first. + (initial_seed): defined. + (Init_RandomSeed): defined. + (Init_RandomSeed2): defined. + (rb_reset_random_seed): defined. + (Init_Random): call Init_RandomSeed2. + Sat Dec 10 20:44:23 2011 Tanaka Akira <akr@fsij.org> * lib/securerandom.rb: call OpenSSL::Random.seed at the |