Update to version 20171227 (rh #1560753).

Fix thread crash when out of memory (rh #1688752).
6 years ago · 631def3b65
parent 802a10b635
commit 631def3b65
5 changed files with 116 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 /phc-winner-argon2-20161029-1c4fc41.tar.gz
+/phc-winner-argon2-20171227-670229c.tar.gz
--- a/argon2-Use-explicit_bzero-on-recent-glibc-versions.patch
+++ b/argon2-Use-explicit_bzero-on-recent-glibc-versions.patch
@ -0,0 +1,51 @@
+From fea3943adadf6527d1e839a2953e9591896e628d Mon Sep 17 00:00:00 2001
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Tue, 5 Mar 2019 14:30:22 +0100
+Subject: [PATCH] Use explicit_bzero() on recent glibc versions
+
+glibc 2.25+ has explicit_bzero(), so we can use it to securely wipe memory
+instead of hacking our own memset-based replacement, just like we already
+do on OpenBSD.
+---
+ src/core.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/core.c b/src/core.c
+index 8781852..8361175 100644
+--- a/src/core.c
+++ b/src/core.c
+@@ -25,6 +25,9 @@
+ #endif
+ #define VC_GE_2005(version) (version >= 1400)
+ 
+/* for explicit_bzero() on glibc */
+#define _DEFAULT_SOURCE
+
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -120,12 +123,20 @@ void free_memory(const argon2_context *context, uint8_t *memory,
+     }
+ }
+ 
+#if defined(__OpenBSD__)
+#define HAVE_EXPLICIT_BZERO 1
+#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#if __GLIBC_PREREQ(2,25)
+#define HAVE_EXPLICIT_BZERO 1
+#endif
+#endif
+
+ void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
+ #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
+     SecureZeroMemory(v, n);
+ #elif defined memset_s
+     memset_s(v, n, 0, n);
+-#elif defined(__OpenBSD__)
+#elif defined(HAVE_EXPLICIT_BZERO)
+     explicit_bzero(v, n);
+ #else
+     static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
+-- 
+2.20.1
+
--- a/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch
+++ b/argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch
@ -0,0 +1,42 @@
+From cfa4385e728116989ad88b4be7c23b4868422778 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 11 Mar 2019 21:21:57 +0100
+Subject: [PATCH] Wait for already running threads if a thread creation
+ failed.
+
+On memory-constrained systems (like cgroups limited processes)
+thread creation often fails.
+
+The code needs to wait for already running threads on error path;
+otherwise these threads can access deallocated memory
+(and cause a segfault or another crash).
+---
+ src/core.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/core.c b/src/core.c
+index 8361175..65f0537 100644
+--- a/src/core.c
+++ b/src/core.c
+@@ -310,7 +310,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
+ 
+     for (r = 0; r < instance->passes; ++r) {
+         for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
+-            uint32_t l;
+            uint32_t l, ll;
+ 
+             /* 2. Calling threads */
+             for (l = 0; l < instance->lanes; ++l) {
+@@ -335,6 +335,9 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
+                        sizeof(argon2_position_t));
+                 if (argon2_thread_create(&thread[l], &fill_segment_thr,
+                                          (void *)&thr_data[l])) {
+                    /* Wait for already running threads */
+                    for (ll = 0; ll < l; ++ll)
+                        argon2_thread_join(thread[ll]);
+                     rc = ARGON2_THREAD_FAIL;
+                     goto fail;
+                 }
+-- 
+2.20.1
+
--- a/argon2.spec
+++ b/argon2.spec
@ -7,27 +7,31 @@
 # Please, preserve the changelog entries
 #
 %global libname      libargon2
-%global gh_commit    1c4fc41f81f358283755eea88d4ecd05e43b7fd3
+%global gh_commit    670229c849b9fe882583688b74eb7dfdc846f9f6
 %global gh_short     %(c=%{gh_commit}; echo ${c:0:7})
 %global gh_owner     P-H-C
 %global gh_project   phc-winner-argon2
-%global soname       0
+%global soname       1

-%global upstream_version 20161029
+%global upstream_version 20171227
 #global upstream_prever  RC1

 Name:    argon2
 Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}}
-Release: 7%{?dist}
+Release: 1%{?dist}
 Summary: The password-hashing tools

 License: Public Domain or ASL 2.0
 URL:     https://github.com/%{gh_owner}/%{gh_project}
 Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{upstream_version}%{?upstream_prever}-%{gh_short}.tar.gz
+Patch0:  argon2-Use-explicit_bzero-on-recent-glibc-versions.patch
+Patch1:  argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch

 BuildRequires: gcc
 Requires: %{libname}%{?_isa} = %{version}-%{release}

+# TODO remove this - Hack to not break buildroot
+BuildRequires:  libargon2

 %description
 Argon2 is a password-hashing function that summarizes the state of the art
@ -73,8 +77,10 @@ developing applications that use %{libname}.

 %prep
 %setup -qn %{gh_project}-%{gh_commit}
+%patch0 -p1
+%patch1 -p1

-if ! grep -q 'soname,%{libname}.so.%{soname}' Makefile; then
+if ! grep -q 'ABI_VERSION = %{soname}' Makefile; then
  : soname have changed
  grep soname Makefile
  exit 1
@ -102,16 +108,14 @@ make install DESTDIR=%{buildroot}
 # Drop static library
 rm %{buildroot}%{_libdir}/%{libname}.a

-# Create link to soname, see Makefile for value
-mv %{buildroot}%{_libdir}/%{libname}.so %{buildroot}%{_libdir}/%{libname}.so.%{soname}
-ln -s %{libname}.so.%{soname} %{buildroot}%{_libdir}/%{libname}.so
-
 # pkgconfig file
 install -Dpm 644 %{libname}.pc %{buildroot}%{_libdir}/pkgconfig/%{libname}.pc

 # Fix perms
 chmod -x %{buildroot}%{_includedir}/%{name}.h

+# TODO remove this - Hack to not break buildroot
+cp -p %{_libdir}/libargon2.so.0 %{buildroot}%{_libdir}

 %check
 make test
@ -125,6 +129,9 @@ make test
 %license LICENSE
 %{_libdir}/%{libname}.so.%{soname}

+# TODO remove this - Hack to not break buildroot
+%{_libdir}/libargon2.so.0
+
 %files -n %{libname}-devel
 %doc *md
 %{_includedir}/%{name}.h
@ -133,6 +140,11 @@ make test


 %changelog
+* Mon Mar 18 2019 Milan Broz <gmazyland@gmail.com> - 20171227-1
+- Update to version 20171227 (soname increase).
+- Temporarily keep libargon2.so.0.
+- Fix a crash if running under memory pressure.
+
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20161029-7
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (phc-winner-argon2-20161029-1c4fc41.tar.gz) = 1da8241d66f00efce025119bf914cd0bfd3754f6b4e97eedab083ff268a6165e722305b798399815c78a5a82fb728c0e0710e7ee0d5ff1b4bb59d1e9b577beb1
+SHA512 (phc-winner-argon2-20171227-670229c.tar.gz) = 005c6bba5a3fa0470389a667c4d9ee1cd6401a981330cc72c84d87d9563159ce3f600f65204baf999aa6350dfbecc7c036946347306e089154ef09b9fb65494e