bugfix release

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@38120 72102866-910b-0410-8b05-ffd578937521
2025-04-22 16:33:29 +00:00 · 2014-10-17 13:42:34 +00:00 · 2014-10-17 13:42:34 +00:00 · 0c8fc03acf
commit 0c8fc03acf
parent f01e62e5cd
7 changed files with 98 additions and 39 deletions
--- a/20
+++ b/20
@ -1,3 +1,17 @@
+2014-10-17  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Documentation/news.texi:
+	* Documentation/ReleaseNotes.gsdoc:
+	* Version: Bump subminor version for bugfix release
+	* NSTimeZones/NSTimeZones.tar: update
+	* Source/NSProcessInfo.m: Use separate lock for globally unique
+	string rather than sharing lock intended for other purposes.
+	* Source/GSTLS.m: Change default TLS 'priority' to disable SSLv3.0
+	as it renders things open to the 'POODLE' attack.
+	Also, print warning if it is expressly requested from the code
+	(though the use of the GSTLSPriority user default will still
+	allow complete control without warnings).
+
 2014-10-11  Marcus Mueller <znek@mulle-kybernetik.com>

 	* Headers/GNUstepBase/GSVersionMacros.h: UNAVAILABLE_ATTRIBUTE added
@ -9,12 +23,6 @@

 	* configure: Regenerated.

-2014-07-28  Richard Frith-Macdonald <rfm@gnu.org>
-
-	* Source/NSUserDefaults.m:
-	* Source/GSPrivate.h:
-	* Source/NSLog.m:
-
 2014-07-25  Richard Frith-Macdonald <rfm@gnu.org>

 	* Source/Tools/gdomap.c: Unless running on windows, allow new -j
--- a/Documentation/ReleaseNotes.gsdoc
+++ b/Documentation/ReleaseNotes.gsdoc
@ -29,6 +29,18 @@ notice and this notice are preserved.
 	migrate to using a newer version of the library.
      </p>

+      <section>
+	<heading>Version 1.24.7</heading>
+        <p>A new stable (bugfix) release.<br />
+        The release has various platform/portability tweaks, as
+        well as a variety of bugfixes.<br />
+        The default HTTPS connection configuration is modified to disable
+        SSLv3.0 support (to prevent the 'POODLE' security attack).<br />
+        This release also contains an update to include the most recent
+        international timezone data.
+        </p>
+      </section>
+
      <section>
 	<heading>Version 1.24.6</heading>
        <p>A new stable (bugfix) release.<br />
--- a/Documentation/news.texi
+++ b/Documentation/news.texi
@ -11,6 +11,16 @@ The currently released version of the library is
 See the @url{ReleaseNotes.html} document for more information.
@end ifclear

+@section Noteworthy changes in version @samp{1.24.7}
+
+@itemize @bullet
+@item TLS and other security improvements
+@item Latest timezone data included
+@item Various other bugfixes
+@end itemize
+
+@ifclear ANNOUNCE-ONLY
+
@section Noteworthy changes in version @samp{1.24.6}

@itemize @bullet
@ -21,8 +31,6 @@ See the @url{ReleaseNotes.html} document for more information.
@item Various other bugfixes
@end itemize

-@ifclear ANNOUNCE-ONLY
-
@section Noteworthy changes in version @samp{1.24.5}

@itemize @bullet
--- a/NSTimeZones/NSTimeZones.tar
+++ b/NSTimeZones/NSTimeZones.tar
--- a/Source/GSTLS.m
+++ b/Source/GSTLS.m
@ -1448,8 +1448,6 @@ static NSMutableDictionary      *credentialsCache = nil;
            @" these locations.");
        }

-      gnutls_set_default_priority(session);
-
      pri = [opts objectForKey: NSStreamSocketSecurityLevelKey];
      str = [opts objectForKey: GSTLSPriority];
      if (nil == pri && nil == str)
@ -1467,6 +1465,15 @@ static NSMutableDictionary      *credentialsCache = nil;
          str = nil;
        }

+#if GNUTLS_VERSION_NUMBER < 0x020C00
+      gnutls_set_default_priority(session);
+#else
+      /* By default we disable SSL3.0 as the 'POODLE' attack (Oct 2014)
+       * renders it insecure.
+       */
+      gnutls_priority_set_direct(session, "NORMAL:-VERS-SSL3.0", NULL);
+#endif
+
      if (nil == str)
        {
          if ([pri isEqual: NSStreamSocketSecurityLevelNone] == YES)
@ -1480,13 +1487,15 @@ static NSMutableDictionary      *credentialsCache = nil;
          else if ([pri isEqual: NSStreamSocketSecurityLevelSSLv2] == YES)
            {
              // pri = NSStreamSocketSecurityLevelSSLv2;
-              GSOnceMLog(@"NSStreamSocketSecurityLevelTLSv2 is insecure ..."
+              GSOnceMLog(@"NSStreamSocketSecurityLevelSSLv2 is insecure ..."
                @" not implemented");
              DESTROY(self);
              return nil;
            }
          else if ([pri isEqual: NSStreamSocketSecurityLevelSSLv3] == YES)
            {
+              GSOnceMLog(@"NSStreamSocketSecurityLevelSSLv3 is insecure ..."
+                @" please change your code to stop using it");
 #if GNUTLS_VERSION_NUMBER < 0x020C00
              const int proto_prio[2] = {
                GNUTLS_SSL3,
--- a/Source/NSProcessInfo.m
+++ b/Source/NSProcessInfo.m
@ -200,6 +200,10 @@ For more detailed assistance, please report the error to bug-gnustep@gnu.org.\n\
 /*************************************************************************
 *** Static global vars
 *************************************************************************/
+
+// The lock to protect shared process resources.
+static NSRecursiveLock  *procLock = nil;
+
 // The shared NSProcessInfo instance
 static NSProcessInfo	*_gnu_sharedProcessInfoObject = nil;

@ -577,23 +581,23 @@ static char	**_gnu_noobjc_env = NULL;
  
  ifp = fopen(proc_file_name, "r");
  if (ifp == NULL)
-  {
-    fprintf(stderr, "Error: Failed to open the process info file:%s\n", 
-	    proc_file_name);
-    abort();
-  }
+    {
+      fprintf(stderr, "Error: Failed to open the process info file:%s\n", 
+              proc_file_name);
+      abort();
+    }
  
  fread(&pinfo, sizeof(pinfo), 1, ifp);
  fclose(ifp);
  
  vectors = (char **)pinfo.pr_envp;
  if (!vectors)
-  {
-    fprintf(stderr, "Error: for some reason, environ == NULL "
-      "during GNUstep base initialization\n"
-      "Please check the linking process\n");
-    abort();
-  }
+    {
+      fprintf(stderr, "Error: for some reason, environ == NULL "
+        "during GNUstep base initialization\n"
+        "Please check the linking process\n");
+      abort();
+    }
  
  /* copy the environment strings */
  for (count = 0; vectors[count]; count++)
@ -602,11 +606,11 @@ static char	**_gnu_noobjc_env = NULL;
  if (!_gnu_noobjc_env)
    goto malloc_error;
  for (i = 0; i < count; i++)
-  {
-  	_gnu_noobjc_env[i] = (char *)strdup(vectors[i]);
-    if (!_gnu_noobjc_env[i])
-      goto malloc_error;
-  }
+    {
+      _gnu_noobjc_env[i] = (char *)strdup(vectors[i]);
+      if (!_gnu_noobjc_env[i])
+        goto malloc_error;
+    }
  _gnu_noobjc_env[i] = NULL;

  /* get the argument vectors */
@ -899,6 +903,7 @@ _gnu_noobjc_free_vars(void)

 + (void) initialize
 {
+  if (nil == procLock) procLock = [NSRecursiveLock new];
  if (self == [NSProcessInfo class]
    && !_gnu_processName && !_gnu_arguments && !_gnu_environment)
    {
@ -917,6 +922,7 @@ _gnu_noobjc_free_vars(void)
 /* For WindowsAPI Library, we know the global variables (argc, etc) */
 + (void) initialize
 {
+  if (nil == procLock) procLock = [NSRecursiveLock new];
  if (self == [NSProcessInfo class]
    && !_gnu_processName && !_gnu_arguments && !_gnu_environment)
    {
@ -929,6 +935,7 @@ extern int __libc_argc;
 extern char **__libc_argv;
 + (void) initialize
 {
+  if (nil == procLock) procLock = [NSRecursiveLock new];
  if (self == [NSProcessInfo class]
    && !_gnu_processName && !_gnu_arguments && !_gnu_environment)
    {
@ -938,6 +945,10 @@ extern char **__libc_argv;


 #else
+ (void) initialize
+{
+  if (nil == procLock) procLock = [NSRecursiveLock new];
+}
 #ifndef GS_PASS_ARGUMENTS
 #undef main
 /* The gnustep_base_user_main function is declared 'weak' so that the linker
@ -1008,7 +1019,7 @@ int main(int argc, char *argv[], char *env[])
  if (!_gnu_sharedProcessInfoObject)
    {
      _gnu_sharedProcessInfoObject = [[_NSConcreteProcessInfo alloc] init];
-      [gnustep_global_lock lock];
+      [procLock lock];
      if (mySet != nil)
 	{
 	  NSEnumerator	*e = [mySet objectEnumerator];
@ -1022,7 +1033,7 @@ int main(int argc, char *argv[], char *env[])
 	  [mySet release];
 	  mySet = nil;
        }
-      [gnustep_global_lock unlock];
+      [procLock unlock];
    }

  return _gnu_sharedProcessInfoObject;
@ -1065,19 +1076,30 @@ int main(int argc, char *argv[], char *env[])
  static unsigned long	counter = 0;
  unsigned long		count;
  static NSString	*host = nil;
+  NSString              *thost = nil;
  static int		pid;
+  int                   tpid;
  static unsigned long	start;

-  [gnustep_global_lock lock];
-  if (host == nil)
+  /* We obtain the host name and pid outside the locked region in case
+   * the lookup is slow or indirectly calls this method fromm another
+   * thread (as unlikely as that is ... some subclass/category could
+   * do it).
+   */
+  if (nil == host)
+    {
+      thost = [[self hostName] stringByReplacingString: @"." withString: @"_"];
+      tpid = [self processIdentifier];
+    }
+  [procLock lock];
+  if (nil == host)
    {
-      pid = [self processIdentifier];
      start = (unsigned long)GSPrivateTimeNow();
-      host = [[self hostName] stringByReplacingString: @"." withString: @"_"];
-      IF_NO_GC(RETAIN(host);)
+      ASSIGN(host, thost);
+      pid = tpid;
    }
  count = counter++;
-  [gnustep_global_lock unlock];
+  [procLock unlock];

  // $$$ The format of the string is not specified by the OpenStep
  // specification.
@ -1449,10 +1471,10 @@ void
 GSInitializeProcess(int argc, char **argv, char **envp)
 {
  [NSProcessInfo class];
-  [gnustep_global_lock lock];
+  [procLock lock];
  fallbackInitialisation = YES;
  _gnu_process_args(argc, argv, envp);
-  [gnustep_global_lock unlock];
+  [procLock unlock];
 }

@implementation	NSProcessInfo (GNUstep)
--- a/4
+++ b/4
@ -7,9 +7,9 @@ GCC_VERSION=4.0.0
 # The version number of this release.
 MAJOR_VERSION=1
 MINOR_VERSION=24
-SUBMINOR_VERSION=6
+SUBMINOR_VERSION=7
 # numeric value should match above
-VERSION_NUMBER=124.6
+VERSION_NUMBER=124.7
 GNUSTEP_BASE_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}.${SUBMINOR_VERSION}
 VERSION=${GNUSTEP_BASE_VERSION}