Hi all,

This is a summary of ruby-dev ML in these days.


[ruby-list:38619] dl and Win32 API call
[ruby-dev:22012] Re: [ruby-list:38619] dl and Win32 API call

  arton reported dl.so problem on win32 systems.
  On win32 systems, API callee pops arguments from machine stack.
  But dl.so (API caller) pops arguments on all platforms, it breaks
  the stack.

  Tietew posted a patch in [ruby-dev:21991], and Takaaki Tateishi,
  dl.so maintainer, incorporated this patch.

[ruby-dev:22013] HTTP_PROXY

  TANAKA Akira introduced following web page:

    http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html

  This page describes the security hole about HTTP_PROXY.  HTTP server
  overwrite CGI programs' HTTP_* environment variables by request
  headers, HTTP_PROXY is overwritten by Proxy: HTTP header.
  So HTTP clients can overwrite HTTP_PROXY environment variable.
  If CGI programs use HTTP library and the library uses HTTP_PROXY,
  it causes security problem.

  Akira pointed out some standard libraries uses HTTP_PROXY without
  checking.  Related libraries are:

    * open-uri.rb   (maintainer: TANAKA Akira)
    * SOAP4R        (maintainer: NAKAMURA Hiroshi aka NaHi)
    * (net/http)    (maintainer: Minero Aoki)

  Akira (open-uri maintainer) decided to check if the library is
  used in CGI programs, by referring to REQUEST_METHOD environment
  variable.

  NaHi (SOAP4R maintainer) decided to see soap_use_proxy environment
  variable.  If ENV['soap_use_proxy'] is set, SOAP4R uses HTTP_PROXY,
  no_proxy, and other environment variables.

  At the end, Minero Aoki (net/http maintainer) decided to keep current
  behavior... never rely on HTTP_PROXY environment variable. If you
  want to use proxy, set it explicitly.  open-uri is preferable for
  "handy" use.

  See each CVS HEAD source code for details.

[ruby-dev:22019] $stdout/$stderr must respond to IO methods?

  Currently You can set any object to $stdout/$stderr if only the
  object has #write method.  e.g.

    class StdoutLogging
      def write(str)
        File.open('/tmp/log', 'a') {|f| f.print str }
      end
    end
    $stdout = StdoutLogging.new

  Tietew pointed out that this protocol does not assure that
  following code works:

    $stderr.print 'warning: does not use this method'

  He suggested to make new module such as IO::Writable, which defines
  I/O methods using #write method.

[ruby-dev:22057] drb/drb.rb document

  Minero Aoki suggested that "require 'drb'" is better than
  "require 'drb/drb'".  SEKI Masatoshi, drb maintainer, replied
  that he choose "require 'drb/drb'".

[ruby-dev:22067] exit value as boolean

  Nobu.nakada proposed new semantics of Kernel#exit.
  "exit true" means "exit(EXIT_SUCCESS)" in C,
  "exit false" means "exit(EXIT_FAILURE)".
  Matz agreed with him and incorporated a patch.

[ruby-dev:22071] Dir.glob and shift_jis

  H.Yamamoto posted a patch to allow Dir.glob searching files which
  name includes native language characters.  The latest patch is
  attached to [ruby-dev:22104].


-- Minero Aoki