From b88e2aab8a321c44bd4eb5b2722f9aac5f72119d Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Wed, 29 Sep 2021 13:48:53 +0200
Subject: [PATCH] Update to cryptsetup 2.4.1.

- Resloves: #2005035 #200587
---
 .gitignore                                    |  2 +-
 cryptsetup-2.4.0.tar.sign                     | 16 ------
 cryptsetup-2.4.1.tar.sign                     | 16 ++++++
 ...eate-device-failed-in-an-early-phase.patch | 48 +++++++++++++++++
 ...t-compiler-optimization-flag-if-wipe.patch | 53 +++++++++++++++++++
 cryptsetup.spec                               |  8 ++-
 sources                                       |  2 +-
 7 files changed, 126 insertions(+), 19 deletions(-)
 delete mode 100644 cryptsetup-2.4.0.tar.sign
 create mode 100644 cryptsetup-2.4.1.tar.sign
 create mode 100644 cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
 create mode 100644 cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch

diff --git a/.gitignore b/.gitignore
index 851604e..9be593d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/cryptsetup-2.4.0.tar.xz
+/cryptsetup-2.4.1.tar.xz
diff --git a/cryptsetup-2.4.0.tar.sign b/cryptsetup-2.4.0.tar.sign
deleted file mode 100644
index 9034627..0000000
--- a/cryptsetup-2.4.0.tar.sign
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEdJXMACgkQ2bBXe9k+
-mPwJSg/+OW43g7S4Q/K+vBi8S+RN3Pzqi8ao2K+OmGWK/7FhKWxrXSN7J8gJigxd
-uD+NukmQublFtYdfKXj2unF/Fd28YGHCqSfVrFvn2jmcMnlwxSz5220Bic1eai8a
-hq0Hve425n5RpTzNtpkBBZQbiLmY25J1wUkygcoEwT+spyFA0d6oZUhTWcAcqa2b
-IP9XkVFEociSWpjZfuhJGN5+jSG91JwYKbuNJFZvH1uez6zTLdNDj9+zoxfsrLW4
-BZYh8FQbZq54pUJnX4tafuRm7L/3LjK0DWWq60P3dvzTyj5b/qzORThNMpvCoolN
-I7Yfl7PD8j3B2WpgLQ+62jBVSOBjZGOpvj6PbQVizk2ELznF1LkTyneQ1rIwzxRw
-xWqHZfFU0Frj16yiNfRDrBKq4QsrYBOGov7q3OP3Xsw3H/C5lNxEOzx9NkC97LlA
-ryMiFSOXFHfCvTCXWQi90N311S4Usg/+n4qevwM4MxXmHJ6HfIqOLYMFftrWoiqC
-c+86lgZnNFtmFQnD+/Jvfu7AlAE0aLQodDz3w9otF4QfztDwnvnWsrjAntff4u1U
-WqL3EK7NGPJELDRvOpLq77l5eCJ1x5Qgma1RN2ag5APgs5IrmKBGz3H0WxEArz4K
-IWQ9FAHMMVIcJfblW96mE/zIoTc6dc0quUlpmROTFWKleijMk0I=
-=nfsi
------END PGP SIGNATURE-----
diff --git a/cryptsetup-2.4.1.tar.sign b/cryptsetup-2.4.1.tar.sign
new file mode 100644
index 0000000..f1c5815
--- /dev/null
+++ b/cryptsetup-2.4.1.tar.sign
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmFBwN8ACgkQ2bBXe9k+
+mPwndA//ZFMeCgbtSnTJugvZhmIBFHCHofq9yBiCDYyL8qEMw0m3BQLqSSaPt6Bd
+l1xm4ypuy9Rjen5hKbyRJtSko6tbbArCf+OsJfyy2Yr/r5cvnd0eLNwdIdUPKf/l
+3hgRPXBiCHdm63mSWsxM5tUr128Cyj0W4mkn5OmjKPblCd4qgnhNLawn7x7JYoWc
+JS6olNYS6c0M7GBuZ7icKCTtGfO1lKYCIBiCfkuNChJTQbvZ7JiqX/OprHYdBqn1
+WXgrrBrBjO8Ai2w9/uCOAWyPOhy1J8pewuHNX2Hh1LNXEu5z+47QexUpwhweq21/
+QzOITbgb0yZPdQXceAGqmZYa0BPfdo08MakTjaYGrO8rGR0XwgEvtpD5L2eMsVle
+hhg96f4E3f5/7yrtmsL2hbj2v8enhN39ycvn7u/LsfUyoRciCTNwxV/jHU9/laR5
+tDRLUGE3TiiNtTiMk4MucGRHNrae2d6exIpXhhFHN3nD2flOTFqb6KaQRtbdNmPt
+YCMMg4+ZoNzl+YLQYcbkYj4uGGrVosEoAmRl8ROfzPSwHM8mJdUhqGouylTRaQGt
+82SaEdlFO2VthoJUZBy05uCHKthXhwiRplp27MMbCOXOjv3rbnqxyQoMDNb4VQQy
+7CHF50XrEBLpdnyKFNbKFPKyZToBcBLBaPTnm5lf5eTyJ7whkXI=
+=dXjt
+-----END PGP SIGNATURE-----
diff --git a/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch b/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
new file mode 100644
index 0000000..67ae8df
--- /dev/null
+++ b/cryptsetup-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
@@ -0,0 +1,48 @@
+From 10b1d6493e3be04953ac9f65d2b2d992ab87bdde Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Tue, 21 Sep 2021 15:54:07 +0200
+Subject: [PATCH 2/7] Check if DM create device failed in an early phase.
+
+This happens when concurrent creation of DM devices meets
+in the very early state (no device node exists but creation fails).
+
+Return -ENODEV here instead of -EINVAL.
+
+(Should "fix" random verity concurrent test failure.)
+---
+ lib/libdevmapper.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
+index 09fd9588..1594f877 100644
+--- a/lib/libdevmapper.c
++++ b/lib/libdevmapper.c
+@@ -1346,12 +1346,6 @@ err:
+ 	return r;
+ }
+ 
+-static bool dm_device_exists(struct crypt_device *cd, const char *name)
+-{
+-	int r = dm_status_device(cd, name);
+-	return (r >= 0 || r == -EEXIST);
+-}
+-
+ static int _dm_create_device(struct crypt_device *cd, const char *name, const char *type,
+ 			     struct crypt_dm_active_device *dmd)
+ {
+@@ -1402,8 +1396,11 @@ static int _dm_create_device(struct crypt_device *cd, const char *name, const ch
+ 		goto out;
+ 
+ 	if (!dm_task_run(dmt)) {
+-		if (dm_device_exists(cd, name))
++		r = dm_status_device(cd, name);;
++		if (r >= 0)
+ 			r = -EEXIST;
++		if (r != -EEXIST && r != -ENODEV)
++			r = -EINVAL;
+ 		goto out;
+ 	}
+ 
+-- 
+2.27.0
+
diff --git a/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch b/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
new file mode 100644
index 0000000..7ec2b84
--- /dev/null
+++ b/cryptsetup-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
@@ -0,0 +1,53 @@
+From a76310b53fbb117e620f2c37350b68dd267f1088 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Mon, 20 Sep 2021 17:42:20 +0200
+Subject: [PATCH 1/7] Do not try to set compiler optimization flag if wipe is
+ implemented in libc.
+
+If zeroing memory is implemented through libc call (like memset_bzero),
+compiler should never remove such call. It is not needed to set O0
+optimization flag explicitly.
+
+Various checkers like annocheck causes problems with these flags,
+just remove it where it makes no sense.
+
+(Moreover, we use the same pattern without compiler magic
+in crypt_backend_memzero() already.)
+---
+ lib/crypto_backend/argon2/core.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/lib/crypto_backend/argon2/core.c b/lib/crypto_backend/argon2/core.c
+index b204ba98..db9a7741 100644
+--- a/lib/crypto_backend/argon2/core.c
++++ b/lib/crypto_backend/argon2/core.c
+@@ -120,18 +120,24 @@ void free_memory(const argon2_context *context, uint8_t *memory,
+     }
+ }
+ 
+-void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
+ #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER)
++void secure_wipe_memory(void *v, size_t n) {
+     SecureZeroMemory(v, n);
++}
+ #elif defined memset_s
++void secure_wipe_memory(void *v, size_t n) {
+     memset_s(v, n, 0, n);
++}
+ #elif defined(HAVE_EXPLICIT_BZERO)
++void secure_wipe_memory(void *v, size_t n) {
+     explicit_bzero(v, n);
++}
+ #else
++void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) {
+     static void *(*const volatile memset_sec)(void *, int, size_t) = &memset;
+     memset_sec(v, 0, n);
+-#endif
+ }
++#endif
+ 
+ /* Memory clear flag defaults to true. */
+ int FLAG_clear_internal_memory = 1;
+-- 
+2.27.0
+
diff --git a/cryptsetup.spec b/cryptsetup.spec
index 3f0f42a..ba1d65b 100644
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@@ -1,6 +1,6 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.4.0
+Version: 2.4.1
 Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
@@ -14,6 +14,8 @@ Requires: libpwquality >= 1.2.0
 %global upstream_version %{version}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
 # Following patch has to applied last
+Patch0000: %{name}-2.4.2-Do-not-try-to-set-compiler-optimization-flag-if-wipe.patch
+Patch0001: %{name}-2.4.2-Check-if-DM-create-device-failed-in-an-early-phase.patch
 Patch9999: %{name}-add-system-library-paths.patch
 
 %description
@@ -111,6 +113,10 @@ rm -rf %{buildroot}%{_libdir}/*.la
 %ghost %attr(700, -, -) %dir /run/cryptsetup
 
 %changelog
+* Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
+- Update to cryptsetup 2.4.1.
+  Resolves: #2005035 #2005877
+
 * Thu Aug 19 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.0-1
 - Update to cryptsetup 2.4.0.
   Resolves: #1869553 #1972722 #1974271 #1975799
diff --git a/sources b/sources
index 2651be0..8e477e0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cryptsetup-2.4.0.tar.xz) = 9c868b1dee7145f91092160cf977d3ada57a14634b5312d54477e111250975b6f077a92c417373bb7de07244b01ab19553bcce5030ee456ca2c38030e3067186
+SHA512 (cryptsetup-2.4.1.tar.xz) = 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7