Hello community,
here is the log from the commit of package ruby19 for openSUSE:12.3 checked in
at 2013-02-09 10:15:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3/ruby19 (Old)
and /work/SRC/openSUSE:12.3/.ruby19.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby19", Maintainer is "jmassaguer...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:12.3/ruby19/ruby19.changes 2013-01-31
01:36:40.000000000 +0100
+++ /work/SRC/openSUSE:12.3/.ruby19.new/ruby19.changes 2013-02-09
10:15:57.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Feb 6 16:27:34 UTC 2013 - mrueck...@suse.de
+
+- update to 1.9.3 p385 (bnc#802406)
+ XSS exploit of RDoc documentation generated by rdoc
+ (CVE-2013-0256)
+
+ for other changes see /usr/share/doc/packages/ruby19/Changelog
+
+-------------------------------------------------------------------
@@ -6,0 +16,7 @@
+Fri Jan 4 13:33:09 UTC 2013 - kkae...@suse.com
+
+- added bind_stack.patch: (bnc#796757)
+ Fixes stack boundary issues when embedding Ruby into
+ threaded C code (Ruby bug #2294)
+
+-------------------------------------------------------------------
@@ -15 +31 @@
-- update to 1.9.3 p327 to get the fix for
+- update to 1.9.3 p327 (bnc#789983)
@@ -27 +43 @@
-- update to 1.9.3 p286
+- update to 1.9.3 p286 (bnc#783511, bnc#791199)
@@ -33 +49 @@
- many other bug fixes.
+ many other bug fixes. (CVE-2012-4522)
Old:
----
ruby-1.9.3-p362.tar.bz2
New:
----
bind_stack.patch
ruby-1.9.3-p385.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ruby19.spec ++++++
--- /var/tmp/diff_new_pack.jzSkes/_old 2013-02-09 10:15:58.000000000 +0100
+++ /var/tmp/diff_new_pack.jzSkes/_new 2013-02-09 10:15:58.000000000 +0100
@@ -17,11 +17,11 @@
Name: ruby19
-Version: 1.9.3.p362
+Version: 1.9.3.p385
Release: 0
#
%define pkg_version 1.9.3
-%define patch_level p362
+%define patch_level p385
# keep in sync with macro file!
%define rb_binary_suffix 1.9
%define rb_ver 1.9.1
@@ -74,6 +74,7 @@
Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch
Patch2: ruby19-export_init_prelude.patch
Patch3: ruby-sort-rdoc-output.patch
+Patch4: bind_stack.patch
#
Summary: An Interpreted Object-Oriented Scripting Language
License: BSD-2-Clause or Ruby
@@ -208,6 +209,7 @@
%patch1
%patch2 -p1
%patch3 -p1
+%patch4
%if 0%{?needs_optimization_zero}
touch -r configure configure.timestamp
perl -p -i.bak -e 's|-O2|-O0|g' configure
++++++ bind_stack.patch ++++++
Index: gc.c
===================================================================
--- gc.c.orig 2013-01-15 08:29:28.000000000 +0100
+++ gc.c 2013-02-06 17:26:39.675029432 +0100
@@ -2198,6 +2198,24 @@ ready_to_gc(rb_objspace_t *objspace)
return TRUE;
}
+static VALUE *ruby_stack_lower_bound = 0, *ruby_stack_upper_bound = 0;
+static char ruby_stack_is_bound = 0;
+
+void
+ruby_bind_stack(void *lower_bound, void *upper_bound)
+{
+ assert(upper_bound > lower_bound && lower_bound > 0);
+ ruby_stack_lower_bound = lower_bound;
+ ruby_stack_upper_bound = upper_bound;
+ ruby_stack_is_bound = 1;
+}
+
+#define FIX_STACK_BOUNDS(start, end, th) \
+ if (ruby_stack_is_bound && th == th->vm->main_thread) { \
+ if (start < ruby_stack_lower_bound) { start =
ruby_stack_lower_bound; } \
+ if (end > ruby_stack_upper_bound) { end =
ruby_stack_upper_bound; } \
+ }
+
static void
before_gc_sweep(rb_objspace_t *objspace)
{
@@ -2524,6 +2542,7 @@ mark_current_machine_context(rb_objspace
SET_STACK_END;
GET_STACK_BOUNDS(stack_start, stack_end, 1);
+ FIX_STACK_BOUNDS(stack_start, stack_end, th);
mark_locations_array(objspace, save_regs_gc_mark.v,
numberof(save_regs_gc_mark.v));
@@ -2623,6 +2642,7 @@ rb_gc_mark_machine_stack(rb_thread_t *th
VALUE *stack_start, *stack_end;
GET_STACK_BOUNDS(stack_start, stack_end, 0);
+ FIX_STACK_BOUNDS(stack_start, stack_end, th);
rb_gc_mark_locations(stack_start, stack_end);
#ifdef __ia64
rb_gc_mark_locations(th->machine_register_stack_start,
th->machine_register_stack_end);
Index: include/ruby/ruby.h
===================================================================
--- include/ruby/ruby.h.orig 2013-02-06 17:25:51.528019626 +0100
+++ include/ruby/ruby.h 2013-02-06 17:25:51.558019656 +0100
@@ -1224,6 +1224,17 @@ void ruby_init_stack(volatile VALUE*);
#define RUBY_INIT_STACK \
VALUE variable_in_this_stack_frame; \
ruby_init_stack(&variable_in_this_stack_frame);
+/*
+ * Binds the stack of Ruby's main thread to the region of memory that spans
+ * inclusively from the given lower boundary to the given upper boundary:
+ *
+ * (lower) <= (stack pointer of Ruby's main thread) <= (upper)
+ *
+ * These boundaries do not protect Ruby's main thread against stack
+ * overflow and they do not apply to non-main Ruby threads (whose stacks
+ * are dynamically allocated and managed by the native Operating System).
+ */
+void ruby_bind_stack(void *lower_bound, void *upper_bound);
void ruby_init(void);
void ruby_init_prelude(void);
void *ruby_options(int, char**);
++++++ ruby-1.9.3-p362.tar.bz2 -> ruby-1.9.3-p385.tar.bz2 ++++++
/work/SRC/openSUSE:12.3/ruby19/ruby-1.9.3-p362.tar.bz2
/work/SRC/openSUSE:12.3/.ruby19.new/ruby-1.9.3-p385.tar.bz2 differ: char 11,
line 1
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
