basebuilder_pel7x64builder0
5 years ago
3 changed files with 258 additions and 0 deletions
@ -0,0 +1,50 @@
@@ -0,0 +1,50 @@
|
||||
From fea3943adadf6527d1e839a2953e9591896e628d Mon Sep 17 00:00:00 2001 |
||||
From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name> |
||||
Date: Tue, 5 Mar 2019 14:30:22 +0100 |
||||
Subject: [PATCH] Use explicit_bzero() on recent glibc versions |
||||
|
||||
glibc 2.25+ has explicit_bzero(), so we can use it to securely wipe memory |
||||
instead of hacking our own memset-based replacement, just like we already |
||||
do on OpenBSD. |
||||
--- |
||||
src/core.c | 13 ++++++++++++- |
||||
1 file changed, 12 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/core.c b/src/core.c |
||||
index 8781852..8361175 100644 |
||||
--- a/src/core.c |
||||
+++ b/src/core.c |
||||
@@ -25,6 +25,9 @@ |
||||
#endif |
||||
#define VC_GE_2005(version) (version >= 1400) |
||||
|
||||
+/* for explicit_bzero() on glibc */ |
||||
+#define _DEFAULT_SOURCE |
||||
+ |
||||
#include <stdio.h> |
||||
#include <stdlib.h> |
||||
#include <string.h> |
||||
@@ -120,12 +123,20 @@ void free_memory(const argon2_context *context, uint8_t *memory, |
||||
} |
||||
} |
||||
|
||||
+#if defined(__OpenBSD__) |
||||
+#define HAVE_EXPLICIT_BZERO 1 |
||||
+#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) |
||||
+#if __GLIBC_PREREQ(2,25) |
||||
+#define HAVE_EXPLICIT_BZERO 1 |
||||
+#endif |
||||
+#endif |
||||
+ |
||||
void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { |
||||
#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) |
||||
SecureZeroMemory(v, n); |
||||
#elif defined memset_s |
||||
memset_s(v, n, 0, n); |
||||
-#elif defined(__OpenBSD__) |
||||
+#elif defined(HAVE_EXPLICIT_BZERO) |
||||
explicit_bzero(v, n); |
||||
#else |
||||
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; |
||||
-- |
||||
2.20.1 |
||||
@ -0,0 +1,41 @@
@@ -0,0 +1,41 @@
|
||||
From cfa4385e728116989ad88b4be7c23b4868422778 Mon Sep 17 00:00:00 2001 |
||||
From: Milan Broz <gmazyland@gmail.com> |
||||
Date: Mon, 11 Mar 2019 21:21:57 +0100 |
||||
Subject: [PATCH] Wait for already running threads if a thread creation |
||||
failed. |
||||
|
||||
On memory-constrained systems (like cgroups limited processes) |
||||
thread creation often fails. |
||||
|
||||
The code needs to wait for already running threads on error path; |
||||
otherwise these threads can access deallocated memory |
||||
(and cause a segfault or another crash). |
||||
--- |
||||
src/core.c | 5 ++++- |
||||
1 file changed, 4 insertions(+), 1 deletion(-) |
||||
|
||||
diff --git a/src/core.c b/src/core.c |
||||
index 8361175..65f0537 100644 |
||||
--- a/src/core.c |
||||
+++ b/src/core.c |
||||
@@ -310,7 +310,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { |
||||
|
||||
for (r = 0; r < instance->passes; ++r) { |
||||
for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { |
||||
- uint32_t l; |
||||
+ uint32_t l, ll; |
||||
|
||||
/* 2. Calling threads */ |
||||
for (l = 0; l < instance->lanes; ++l) { |
||||
@@ -335,6 +335,9 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) { |
||||
sizeof(argon2_position_t)); |
||||
if (argon2_thread_create(&thread[l], &fill_segment_thr, |
||||
(void *)&thr_data[l])) { |
||||
+ /* Wait for already running threads */ |
||||
+ for (ll = 0; ll < l; ++ll) |
||||
+ argon2_thread_join(thread[ll]); |
||||
rc = ARGON2_THREAD_FAIL; |
||||
goto fail; |
||||
} |
||||
-- |
||||
2.20.1 |
||||
@ -0,0 +1,167 @@
@@ -0,0 +1,167 @@
|
||||
# remirepo/fedora spec file for argon2 |
||||
# |
||||
# Copyright (c) 2017-2018 Remi Collet |
||||
# License: CC-BY-SA |
||||
# http://creativecommons.org/licenses/by-sa/4.0/ |
||||
# |
||||
# Please, preserve the changelog entries |
||||
# |
||||
%global libname libargon2 |
||||
%global gh_commit 670229c849b9fe882583688b74eb7dfdc846f9f6 |
||||
%global gh_short %(c=%{gh_commit}; echo ${c:0:7}) |
||||
%global gh_owner P-H-C |
||||
%global gh_project phc-winner-argon2 |
||||
%global soname 1 |
||||
|
||||
%global upstream_version 20171227 |
||||
#global upstream_prever RC1 |
||||
|
||||
Name: argon2 |
||||
Version: %{upstream_version}%{?upstream_prever:~%{upstream_prever}} |
||||
Release: 3%{?dist} |
||||
Summary: The password-hashing tools |
||||
|
||||
License: Public Domain or ASL 2.0 |
||||
URL: https://github.com/%{gh_owner}/%{gh_project} |
||||
Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{upstream_version}%{?upstream_prever}-%{gh_short}.tar.gz |
||||
Patch0: argon2-Use-explicit_bzero-on-recent-glibc-versions.patch |
||||
Patch1: argon2-Wait-for-already-running-threads-if-a-thread-creatio.patch |
||||
|
||||
BuildRequires: gcc |
||||
Requires: %{libname}%{?_isa} = %{version}-%{release} |
||||
|
||||
|
||||
%description |
||||
Argon2 is a password-hashing function that summarizes the state of the art |
||||
in the design of memory-hard functions and can be used to hash passwords |
||||
for credential storage, key derivation, or other applications. |
||||
|
||||
It has a simple design aimed at the highest memory filling rate and |
||||
effective use of multiple computing units, while still providing defense |
||||
against tradeoff attacks (by exploiting the cache and memory organization |
||||
of the recent processors). |
||||
|
||||
Argon2 has three variants: Argon2i, Argon2d, and Argon2id. |
||||
|
||||
* Argon2d is faster and uses data-depending memory access, which makes it |
||||
highly resistant against GPU cracking attacks and suitable for applications |
||||
with no threats from side-channel timing attacks (eg. cryptocurrencies). |
||||
* Argon2i instead uses data-independent memory access, which is preferred for |
||||
password hashing and password-based key derivation, but it is slower as it |
||||
makes more passes over the memory to protect from tradeoff attacks. |
||||
* Argon2id is a hybrid of Argon2i and Argon2d, using a combination of |
||||
data-depending and data-independent memory accesses, which gives some of |
||||
Argon2i's resistance to side-channel cache timing attacks and much of |
||||
Argon2d's resistance to GPU cracking attacks. |
||||
|
||||
|
||||
%package -n %{libname} |
||||
Summary: The password-hashing library |
||||
|
||||
%description -n %{libname} |
||||
Argon2 is a password-hashing function that summarizes the state of the art |
||||
in the design of memory-hard functions and can be used to hash passwords |
||||
for credential storage, key derivation, or other applications. |
||||
|
||||
|
||||
%package -n %{libname}-devel |
||||
Summary: Development files for %{libname} |
||||
Requires: %{libname}%{?_isa} = %{version}-%{release} |
||||
|
||||
%description -n %{libname}-devel |
||||
The %{libname}-devel package contains libraries and header files for |
||||
developing applications that use %{libname}. |
||||
|
||||
|
||||
%prep |
||||
%setup -qn %{gh_project}-%{gh_commit} |
||||
%patch0 -p1 |
||||
%patch1 -p1 |
||||
|
||||
if ! grep -q 'ABI_VERSION = %{soname}' Makefile; then |
||||
: soname have changed |
||||
grep soname Makefile |
||||
exit 1 |
||||
fi |
||||
|
||||
# Fix pkgconfig file |
||||
sed -e 's:lib/@HOST_MULTIARCH@:%{_lib}:;s/@UPSTREAM_VER@/%{version}/' -i %{libname}.pc |
||||
|
||||
# Honours default RPM build options and library path, do not use -march=native |
||||
sed -e '/^CFLAGS/s:^CFLAGS:LDFLAGS=%{?__global_ldflags}\nCFLAGS:' \ |
||||
-e 's:-O3 -Wall:%{optflags}:' \ |
||||
-e '/^LIBRARY_REL/s:lib:%{_lib}:' \ |
||||
-e 's:-march=\$(OPTTARGET) :${CFLAGS} :' \ |
||||
-e 's:CFLAGS += -march=\$(OPTTARGET)::' \ |
||||
-i Makefile |
||||
|
||||
%build |
||||
# parallel build is not supported |
||||
make -j1 |
||||
|
||||
|
||||
%install |
||||
make install DESTDIR=%{buildroot} |
||||
|
||||
# Drop static library |
||||
rm %{buildroot}%{_libdir}/%{libname}.a |
||||
|
||||
# pkgconfig file |
||||
install -Dpm 644 %{libname}.pc %{buildroot}%{_libdir}/pkgconfig/%{libname}.pc |
||||
|
||||
# Fix perms |
||||
chmod -x %{buildroot}%{_includedir}/%{name}.h |
||||
|
||||
|
||||
%check |
||||
make test |
||||
|
||||
|
||||
%files |
||||
%{_bindir}/%{name} |
||||
|
||||
%files -n %{libname} |
||||
%{!?_licensedir:%global license %%doc} |
||||
%license LICENSE |
||||
%{_libdir}/%{libname}.so.%{soname} |
||||
|
||||
|
||||
%files -n %{libname}-devel |
||||
%doc *md |
||||
%{_includedir}/%{name}.h |
||||
%{_libdir}/%{libname}.so |
||||
%{_libdir}/pkgconfig/%{libname}.pc |
||||
|
||||
|
||||
%changelog |
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20171227-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild |
||||
|
||||
* Mon Mar 18 2019 Milan Broz <gmazyland@gmail.com> - 20171227-2 |
||||
- Rebuilt to remove old library. |
||||
|
||||
* Mon Mar 18 2019 Milan Broz <gmazyland@gmail.com> - 20171227-1 |
||||
- Update to version 20171227 (soname increase). |
||||
- Temporarily keep libargon2.so.0. |
||||
- Fix a crash if running under memory pressure. |
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20161029-7 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161029-6 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild |
||||
|
||||
* Thu Feb 15 2018 Remi Collet <remi@remirepo.net> - 20161029-5 |
||||
- honours all build flags #1558128 |
||||
|
||||
* Thu Feb 15 2018 Remi Collet <remi@remirepo.net> - 20161029-4 |
||||
- drop ldconfig scriptlets |
||||
|
||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20161029-3 |
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild |
||||
|
||||
* Thu Nov 16 2017 Milan Broz <gmazyland@gmail.com> - 20161029-2 |
||||
- Do not use -march=native in build, use system flags (rh #1512845). |
||||
|
||||
* Wed Oct 18 2017 Remi Collet <remi@remirepo.net> - 20161029-1 |
||||
- initial package |
||||
Loading…
Reference in new issue