Author: rfm
Date: Fri Oct 17 15:42:34 2014
New Revision: 38120
URL: http://svn.gna.org/viewcvs/gnustep?rev=38120&view=rev
Log:
bugfix release
Modified:
libs/base/trunk/ChangeLog
libs/base/trunk/Documentation/ReleaseNotes.gsdoc
libs/base/trunk/Documentation/news.texi
libs/base/trunk/NSTimeZones/NSTimeZones.tar
libs/base/trunk/Source/GSTLS.m
libs/base/trunk/Source/NSProcessInfo.m
libs/base/trunk/Version
Modified: libs/base/trunk/ChangeLog
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/ChangeLog?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/ChangeLog (original)
+++ libs/base/trunk/ChangeLog Fri Oct 17 15:42:34 2014
@@ -1,3 +1,17 @@
+2014-10-17 Richard Frith-Macdonald <[email protected]>
+
+ * Documentation/news.texi:
+ * Documentation/ReleaseNotes.gsdoc:
+ * Version: Bump subminor version for bugfix release
+ * NSTimeZones/NSTimeZones.tar: update
+ * Source/NSProcessInfo.m: Use separate lock for globally unique
+ string rather than sharing lock intended for other purposes.
+ * Source/GSTLS.m: Change default TLS 'priority' to disable SSLv3.0
+ as it renders things open to the 'POODLE' attack.
+ Also, print warning if it is expressly requested from the code
+ (though the use of the GSTLSPriority user default will still
+ allow complete control without warnings).
+
2014-10-11 Marcus Mueller <[email protected]>
* Headers/GNUstepBase/GSVersionMacros.h: UNAVAILABLE_ATTRIBUTE added
@@ -8,12 +22,6 @@
* Headers/GNUstepBase/config.h.in: Add test for grantpt function.
* configure: Regenerated.
-
-2014-07-28 Richard Frith-Macdonald <[email protected]>
-
- * Source/NSUserDefaults.m:
- * Source/GSPrivate.h:
- * Source/NSLog.m:
2014-07-25 Richard Frith-Macdonald <[email protected]>
Modified: libs/base/trunk/Documentation/ReleaseNotes.gsdoc
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Documentation/ReleaseNotes.gsdoc?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/Documentation/ReleaseNotes.gsdoc (original)
+++ libs/base/trunk/Documentation/ReleaseNotes.gsdoc Fri Oct 17 15:42:34 2014
@@ -28,6 +28,18 @@
changes and other information that might help developers and users
migrate to using a newer version of the library.
</p>
+
+ <section>
+ <heading>Version 1.24.7</heading>
+ <p>A new stable (bugfix) release.<br />
+ The release has various platform/portability tweaks, as
+ well as a variety of bugfixes.<br />
+ The default HTTPS connection configuration is modified to disable
+ SSLv3.0 support (to prevent the 'POODLE' security attack).<br />
+ This release also contains an update to include the most recent
+ international timezone data.
+ </p>
+ </section>
<section>
<heading>Version 1.24.6</heading>
Modified: libs/base/trunk/Documentation/news.texi
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Documentation/news.texi?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/Documentation/news.texi (original)
+++ libs/base/trunk/Documentation/news.texi Fri Oct 17 15:42:34 2014
@@ -10,6 +10,16 @@
See the @url{ReleaseNotes.html} document for more information.
@end ifclear
+
+@section Noteworthy changes in version @samp{1.24.7}
+
+@itemize @bullet
+@item TLS and other security improvements
+@item Latest timezone data included
+@item Various other bugfixes
+@end itemize
+
+@ifclear ANNOUNCE-ONLY
@section Noteworthy changes in version @samp{1.24.6}
@@ -20,8 +30,6 @@
@item Various new methods for OSX compatibility
@item Various other bugfixes
@end itemize
-
-@ifclear ANNOUNCE-ONLY
@section Noteworthy changes in version @samp{1.24.5}
Modified: libs/base/trunk/NSTimeZones/NSTimeZones.tar
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/NSTimeZones/NSTimeZones.tar?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
Binary files - no diff available.
Modified: libs/base/trunk/Source/GSTLS.m
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Source/GSTLS.m?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/Source/GSTLS.m (original)
+++ libs/base/trunk/Source/GSTLS.m Fri Oct 17 15:42:34 2014
@@ -1448,8 +1448,6 @@
@" these locations.");
}
- gnutls_set_default_priority(session);
-
pri = [opts objectForKey: NSStreamSocketSecurityLevelKey];
str = [opts objectForKey: GSTLSPriority];
if (nil == pri && nil == str)
@@ -1466,6 +1464,15 @@
pri = NSStreamSocketSecurityLevelTLSv1;
str = nil;
}
+
+#if GNUTLS_VERSION_NUMBER < 0x020C00
+ gnutls_set_default_priority(session);
+#else
+ /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
+ * renders it insecure.
+ */
+ gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
+#endif
if (nil == str)
{
@@ -1480,13 +1487,15 @@
else if ([pri isEqual: NSStreamSocketSecurityLevelSSLv2] == YES)
{
// pri = NSStreamSocketSecurityLevelSSLv2;
- GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv2 is insecure ..."
+ GSOnceMLog(@"NSStreamSocketSecurityLevelSSLv2 is insecure ..."
@" not implemented");
DESTROY(self);
return nil;
}
else if ([pri isEqual: NSStreamSocketSecurityLevelSSLv3] == YES)
{
+ GSOnceMLog(@"NSStreamSocketSecurityLevelSSLv3 is insecure ..."
+ @" please change your code to stop using it");
#if GNUTLS_VERSION_NUMBER < 0x020C00
const int proto_prio[2] = {
GNUTLS_SSL3,
Modified: libs/base/trunk/Source/NSProcessInfo.m
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Source/NSProcessInfo.m?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/Source/NSProcessInfo.m (original)
+++ libs/base/trunk/Source/NSProcessInfo.m Fri Oct 17 15:42:34 2014
@@ -200,6 +200,10 @@
/*************************************************************************
*** Static global vars
*************************************************************************/
+
+// The lock to protect shared process resources.
+static NSRecursiveLock *procLock = nil;
+
// The shared NSProcessInfo instance
static NSProcessInfo *_gnu_sharedProcessInfoObject = nil;
@@ -577,23 +581,23 @@
ifp = fopen(proc_file_name, "r");
if (ifp == NULL)
- {
- fprintf(stderr, "Error: Failed to open the process info file:%s\n",
- proc_file_name);
- abort();
- }
+ {
+ fprintf(stderr, "Error: Failed to open the process info file:%s\n",
+ proc_file_name);
+ abort();
+ }
fread(&pinfo, sizeof(pinfo), 1, ifp);
fclose(ifp);
vectors = (char **)pinfo.pr_envp;
if (!vectors)
- {
- fprintf(stderr, "Error: for some reason, environ == NULL "
- "during GNUstep base initialization\n"
- "Please check the linking process\n");
- abort();
- }
+ {
+ fprintf(stderr, "Error: for some reason, environ == NULL "
+ "during GNUstep base initialization\n"
+ "Please check the linking process\n");
+ abort();
+ }
/* copy the environment strings */
for (count = 0; vectors[count]; count++)
@@ -602,11 +606,11 @@
if (!_gnu_noobjc_env)
goto malloc_error;
for (i = 0; i < count; i++)
- {
- _gnu_noobjc_env[i] = (char *)strdup(vectors[i]);
- if (!_gnu_noobjc_env[i])
- goto malloc_error;
- }
+ {
+ _gnu_noobjc_env[i] = (char *)strdup(vectors[i]);
+ if (!_gnu_noobjc_env[i])
+ goto malloc_error;
+ }
_gnu_noobjc_env[i] = NULL;
/* get the argument vectors */
@@ -899,6 +903,7 @@
+ (void) initialize
{
+ if (nil == procLock) procLock = [NSRecursiveLock new];
if (self == [NSProcessInfo class]
&& !_gnu_processName && !_gnu_arguments && !_gnu_environment)
{
@@ -917,6 +922,7 @@
/* For WindowsAPI Library, we know the global variables (argc, etc) */
+ (void) initialize
{
+ if (nil == procLock) procLock = [NSRecursiveLock new];
if (self == [NSProcessInfo class]
&& !_gnu_processName && !_gnu_arguments && !_gnu_environment)
{
@@ -929,6 +935,7 @@
extern char **__libc_argv;
+ (void) initialize
{
+ if (nil == procLock) procLock = [NSRecursiveLock new];
if (self == [NSProcessInfo class]
&& !_gnu_processName && !_gnu_arguments && !_gnu_environment)
{
@@ -938,6 +945,10 @@
#else
++ (void) initialize
+{
+ if (nil == procLock) procLock = [NSRecursiveLock new];
+}
#ifndef GS_PASS_ARGUMENTS
#undef main
/* The gnustep_base_user_main function is declared 'weak' so that the linker
@@ -1008,7 +1019,7 @@
if (!_gnu_sharedProcessInfoObject)
{
_gnu_sharedProcessInfoObject = [[_NSConcreteProcessInfo alloc] init];
- [gnustep_global_lock lock];
+ [procLock lock];
if (mySet != nil)
{
NSEnumerator *e = [mySet objectEnumerator];
@@ -1022,7 +1033,7 @@
[mySet release];
mySet = nil;
}
- [gnustep_global_lock unlock];
+ [procLock unlock];
}
return _gnu_sharedProcessInfoObject;
@@ -1065,19 +1076,30 @@
static unsigned long counter = 0;
unsigned long count;
static NSString *host = nil;
+ NSString *thost = nil;
static int pid;
+ int tpid;
static unsigned long start;
- [gnustep_global_lock lock];
- if (host == nil)
- {
- pid = [self processIdentifier];
+ /* We obtain the host name and pid outside the locked region in case
+ * the lookup is slow or indirectly calls this method fromm another
+ * thread (as unlikely as that is ... some subclass/category could
+ * do it).
+ */
+ if (nil == host)
+ {
+ thost = [[self hostName] stringByReplacingString: @"." withString: @"_"];
+ tpid = [self processIdentifier];
+ }
+ [procLock lock];
+ if (nil == host)
+ {
start = (unsigned long)GSPrivateTimeNow();
- host = [[self hostName] stringByReplacingString: @"." withString: @"_"];
- IF_NO_GC(RETAIN(host);)
+ ASSIGN(host, thost);
+ pid = tpid;
}
count = counter++;
- [gnustep_global_lock unlock];
+ [procLock unlock];
// $$$ The format of the string is not specified by the OpenStep
// specification.
@@ -1449,10 +1471,10 @@
GSInitializeProcess(int argc, char **argv, char **envp)
{
[NSProcessInfo class];
- [gnustep_global_lock lock];
+ [procLock lock];
fallbackInitialisation = YES;
_gnu_process_args(argc, argv, envp);
- [gnustep_global_lock unlock];
+ [procLock unlock];
}
@implementation NSProcessInfo (GNUstep)
Modified: libs/base/trunk/Version
URL:
http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Version?rev=38120&r1=38119&r2=38120&view=diff
==============================================================================
--- libs/base/trunk/Version (original)
+++ libs/base/trunk/Version Fri Oct 17 15:42:34 2014
@@ -7,9 +7,9 @@
# The version number of this release.
MAJOR_VERSION=1
MINOR_VERSION=24
-SUBMINOR_VERSION=6
+SUBMINOR_VERSION=7
# numeric value should match above
-VERSION_NUMBER=124.6
+VERSION_NUMBER=124.7
GNUSTEP_BASE_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.${SUBMINOR_VERSION}
VERSION=${GNUSTEP_BASE_VERSION}
_______________________________________________
Gnustep-cvs mailing list
[email protected]
https://mail.gna.org/listinfo/gnustep-cvs
