Merge branch 'gnutls_2_4_x' of ssh://git.sv.gnu.org/srv/git/gnutls into gnutls_2_4_x

6 files changed, 124 insertions, 14 deletions

diff --git a/ChangeLog b/ChangeLog
index d3564e6152..e92249d334 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,93 @@
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Version 2.4.1.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* THANKS: Add.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Fix links.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* : commit 0fee3917077e191dea3c9787c95c072979532086 Author: Simon
+	Josefsson <simon@josefsson.org> Date:   Mon Jun 30 22:44:47 2008
+	+0200
+
+2008-06-30  Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+	* src/crypt.c: this fixes a problem in srptool, where the passwords
+	never match (--verify check) on some architectures (patch by
+	Matthias Koenig <mkoenig@suse.de>)
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-30  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-29  Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+	* lib/gnutls_state.c: added check before reallocation of parameters
+	to avoid memory leaks on rehandshake.
+
+2008-06-23  Simon Josefsson <simon@josefsson.org>
+
+	* Makefile.am: Upload to ftp.gnu.org, not alpha.
+
+2008-06-23  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-23  Simon Josefsson <simon@josefsson.org>
+
+	* lib/Makefile.am: Fix build failures related to opencdk.h.
+	Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+
+	<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
+
+2008-06-19  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS: Add.
+
+2008-06-18  Simon Josefsson <simon@josefsson.org>
+
+	* lib/gnutls_state.h: Add prototype for _gnutls_session_is_psk.
+	Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+	<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-18  Simon Josefsson <simon@josefsson.org>
+
+	* src/cli.c: Fix warning.  Reported by Massimo Gaspari
+	<massimo.gaspari@alice.it> in
+	<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-18  Simon Josefsson <simon@josefsson.org>
+
+	* src/cli.c, src/psk.c: Fix warning regarding undeclared getpass
+	replacement.  Reported by Massimo Gaspari <massimo.gaspari@alice.it>
+	in <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-19  Simon Josefsson <simon@josefsson.org>
+
+	* NEWS, configure.in: Bump versions.
+
+2008-06-18  Simon Josefsson <simon@josefsson.org>
+
+	* ChangeLog: Generated.
+
 2008-06-18  Simon Josefsson <simon@josefsson.org>
 
 	* NEWS: Add v2.4.0 release notes.
diff --git a/NEWS b/NEWS
index 5c4a41defa..6f0383c85f 100644
--- a/NEWS
+++ b/NEWS
@@ -3,19 +3,36 @@ Copyright (C) 2004, 2005, 2006, 2007, 2008 Simon Josefsson
 Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavrogiannopoulos
 See the end for copying conditions.
 
-* Version 2.4.1 (unreleased)
+* Version 2.4.2 (unreleased)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.1 (released 2008-06-30)
+
+** libgnutls: Fix local crash in gnutls_handshake.  [GNUTLS-SA-2008-2]
+If the gnutls_handshake function is called for a normal session, which
+can happen for re-handshakes, the library would crash because it tried
+to hash some data using a libgcrypt handle that had been deallocated.
+Report and tiny patch from Tomas Mraz <tmraz@redhat.com>.  Any updates
+with more details about this vulnerability will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix memory leaks when doing a re-handshake.
+Reported by Sam Varshavchik <mrsam@courier-mta.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
 
 ** Fix compiler warnings.
 Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
-<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+<http://thread.gmane.org/gmane.network.gnutls.general/1281>.
 
 ** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
 Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
-<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
 
-** Fix memory leaks when doing a re-handshake.
-Reported by Sam Varshavchik <mrsam@courier-mta.com> in
-<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
+** srptool: Fix a problem where --verify check does not succeed.
+Report and tiny patch by Matthias Koenig <mkoenig@suse.de> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2944>.
 
 ** API and ABI modifications:
 No changes since last version.
diff --git a/THANKS b/THANKS
index 3c715af95b..17fce50bfd 100644
--- a/THANKS
+++ b/THANKS
@@ -83,6 +83,8 @@ Marc F. Clemente                <marc@mclemente.net>
 Daniel Dehennin                 <nebuchadnezzar@asgardr.info>
 martin f krafft                 <madduck@debian.org>
 Sam Varshavchik                 <mrsam@courier-mta.com>
+Tomas Mraz                      <tmraz@redhat.com>
+Matthias Koenig                 <mkoenig@suse.de>
 
 ----------------------------------------------------------------------
 Copying and distribution of this file, with or without modification,
diff --git a/configure.in b/configure.in
index 5c165b30da..af1e863364 100644
--- a/configure.in
+++ b/configure.in
@@ -22,7 +22,7 @@ dnl Process this file with autoconf to produce a configure script.
 # USA
 
 AC_PREREQ(2.61)
-AC_INIT([GnuTLS], [2.4.1], [bug-gnutls@gnu.org])
+AC_INIT([GnuTLS], [2.4.2], [bug-gnutls@gnu.org])
 AC_CONFIG_AUX_DIR([build-aux])
 
 AM_INIT_AUTOMAKE([1.10 dist-bzip2])
@@ -33,7 +33,7 @@ AM_CONFIG_HEADER(config.h)
 # Interfaces added:                             AGE++
 # Interfaces removed:                           AGE=0
 AC_SUBST(LT_CURRENT, 30)
-AC_SUBST(LT_REVISION, 5)
+AC_SUBST(LT_REVISION, 6)
 AC_SUBST(LT_AGE, 4)
 
 # Used when creating the Windows libgnutls-XX.def files.
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 5cec27d6e6..0aab6dd889 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -2260,7 +2260,7 @@ implemented by another example.
 * Client with Resume capability example::
 * Simple client example with SRP authentication::
 * Simple client example with TLS/IA support::
-* Simple client example in @acronym{C++}::
+* Simple client example in C++::
 * Helper function for TCP connections::
 @end menu
 
@@ -2356,11 +2356,11 @@ The following client is a simple client which uses the
 
 @verbatiminclude examples/ex-client-tlsia.c
 
-@node Simple client example in @acronym{C++}
-@subsection Simple Client Example using the @acronym{C++} API
+@node Simple client example in C++
+@subsection Simple Client Example using the C++ API
 
-The following client is a simple example of a client
-client utilizing the GnuTLS @acronym{C++} API. 
+The following client is a simple example of a client client utilizing
+the GnuTLS C++ API.
 
 @verbatiminclude examples/ex-cxx.cpp
 
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index d7981802a0..0192c9f61e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -69,11 +69,12 @@ int _gnutls_server_select_comp_method (gnutls_session_t session,
 
 /* Clears the handshake hash buffers and handles.
  */
-inline static void
+static void
 _gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
 {
   _gnutls_hash_deinit (&session->internals.handshake_mac_handle_md5, NULL);
   _gnutls_hash_deinit (&session->internals.handshake_mac_handle_sha, NULL);
+  session->internals.handshake_mac_handle_init = 0;
   _gnutls_handshake_buffer_clear (session);
 }