Hello community,

here is the log from the commit of package ruby19 for openSUSE:Factory checked 
in at 2013-02-09 10:15:46
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ruby19 (Old)
 and      /work/SRC/openSUSE:Factory/.ruby19.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ruby19", Maintainer is "jmassaguer...@suse.com"

Changes:
--------
--- /work/SRC/openSUSE:Factory/ruby19/ruby19.changes    2013-01-10 
13:53:57.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.ruby19.new/ruby19.changes       2013-02-09 
10:15:49.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Feb  6 16:27:34 UTC 2013 - mrueck...@suse.de
+
+- update to 1.9.3 p385 (bnc#802406)
+  XSS exploit of RDoc documentation generated by rdoc
+  (CVE-2013-0256)
+
+  for other changes see /usr/share/doc/packages/ruby19/Changelog
+
+-------------------------------------------------------------------
@@ -6,0 +16,7 @@
+Fri Jan  4 13:33:09 UTC 2013 - kkae...@suse.com
+
+- added bind_stack.patch: (bnc#796757)
+  Fixes stack boundary issues when embedding Ruby into
+  threaded C code (Ruby bug #2294)
+
+-------------------------------------------------------------------
@@ -15 +31 @@
-- update to 1.9.3 p327 to get the fix for 
+- update to 1.9.3 p327 (bnc#789983)
@@ -27 +43 @@
-- update to 1.9.3 p286
+- update to 1.9.3 p286 (bnc#783511, bnc#791199)
@@ -33 +49 @@
-  many other bug fixes.
+  many other bug fixes. (CVE-2012-4522)

Old:
----
  ruby-1.9.3-p362.tar.bz2

New:
----
  bind_stack.patch
  ruby-1.9.3-p385.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ruby19.spec ++++++
--- /var/tmp/diff_new_pack.N8nSTx/_old  2013-02-09 10:15:52.000000000 +0100
+++ /var/tmp/diff_new_pack.N8nSTx/_new  2013-02-09 10:15:52.000000000 +0100
@@ -17,11 +17,11 @@
 
 
 Name:           ruby19
-Version:        1.9.3.p362
+Version:        1.9.3.p385
 Release:        0
 #
 %define pkg_version 1.9.3
-%define patch_level p362
+%define patch_level p385
 # keep in sync with macro file!
 %define rb_binary_suffix 1.9
 %define rb_ver  1.9.1
@@ -74,6 +74,7 @@
 Patch1:         ruby-1.9.2p290_tcl_no_stupid_rpaths.patch
 Patch2:         ruby19-export_init_prelude.patch
 Patch3:         ruby-sort-rdoc-output.patch
+Patch4:         bind_stack.patch
 #
 Summary:        An Interpreted Object-Oriented Scripting Language
 License:        BSD-2-Clause or Ruby
@@ -208,6 +209,7 @@
 %patch1
 %patch2 -p1
 %patch3 -p1
+%patch4
 %if 0%{?needs_optimization_zero}
 touch -r configure configure.timestamp
 perl -p -i.bak -e 's|-O2|-O0|g' configure

++++++ bind_stack.patch ++++++
Index: gc.c
===================================================================
--- gc.c.orig   2013-01-15 08:29:28.000000000 +0100
+++ gc.c        2013-02-06 17:26:39.675029432 +0100
@@ -2198,6 +2198,24 @@ ready_to_gc(rb_objspace_t *objspace)
     return TRUE;
 }
 
+static VALUE *ruby_stack_lower_bound = 0, *ruby_stack_upper_bound = 0;
+static char ruby_stack_is_bound = 0;
+
+void
+ruby_bind_stack(void *lower_bound, void *upper_bound)
+{
+    assert(upper_bound > lower_bound && lower_bound > 0);
+    ruby_stack_lower_bound = lower_bound;
+    ruby_stack_upper_bound = upper_bound;
+    ruby_stack_is_bound = 1;
+}
+
+#define FIX_STACK_BOUNDS(start, end, th) \
+     if (ruby_stack_is_bound && th == th->vm->main_thread) { \
+          if (start < ruby_stack_lower_bound) { start = 
ruby_stack_lower_bound; } \
+          if (end   > ruby_stack_upper_bound) { end   = 
ruby_stack_upper_bound; } \
+     }
+
 static void
 before_gc_sweep(rb_objspace_t *objspace)
 {
@@ -2524,6 +2542,7 @@ mark_current_machine_context(rb_objspace
 
     SET_STACK_END;
     GET_STACK_BOUNDS(stack_start, stack_end, 1);
+    FIX_STACK_BOUNDS(stack_start, stack_end, th);
 
     mark_locations_array(objspace, save_regs_gc_mark.v, 
numberof(save_regs_gc_mark.v));
 
@@ -2623,6 +2642,7 @@ rb_gc_mark_machine_stack(rb_thread_t *th
     VALUE *stack_start, *stack_end;
 
     GET_STACK_BOUNDS(stack_start, stack_end, 0);
+    FIX_STACK_BOUNDS(stack_start, stack_end, th);
     rb_gc_mark_locations(stack_start, stack_end);
 #ifdef __ia64
     rb_gc_mark_locations(th->machine_register_stack_start, 
th->machine_register_stack_end);
Index: include/ruby/ruby.h
===================================================================
--- include/ruby/ruby.h.orig    2013-02-06 17:25:51.528019626 +0100
+++ include/ruby/ruby.h 2013-02-06 17:25:51.558019656 +0100
@@ -1224,6 +1224,17 @@ void ruby_init_stack(volatile VALUE*);
 #define RUBY_INIT_STACK \
     VALUE variable_in_this_stack_frame; \
     ruby_init_stack(&variable_in_this_stack_frame);
+/*
+ *  Binds the stack of Ruby's main thread to the region of memory that spans
+ *  inclusively from the given lower boundary to the given upper boundary:
+ *
+ *      (lower) <= (stack pointer of Ruby's main thread) <= (upper)
+ *
+ *  These boundaries do not protect Ruby's main thread against stack
+ *  overflow and they do not apply to non-main Ruby threads (whose stacks
+ *  are dynamically allocated and managed by the native Operating System).
+ */
+void ruby_bind_stack(void *lower_bound, void *upper_bound);
 void ruby_init(void);
 void ruby_init_prelude(void);
 void *ruby_options(int, char**);
++++++ ruby-1.9.3-p362.tar.bz2 -> ruby-1.9.3-p385.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/ruby19/ruby-1.9.3-p362.tar.bz2 
/work/SRC/openSUSE:Factory/.ruby19.new/ruby-1.9.3-p385.tar.bz2 differ: char 11, 
line 1

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to