From ffca108ee7350bd6f569f3c0dff5f051ce318128 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Sun, 3 Nov 2024 16:05:23 +0100
Subject: [PATCH] Update gitignore, NEWS, and TODO.

---
 .gitignore | 1 +
 NEWS       | 9 +++++++++
 TODO.md    | 9 ---------
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/.gitignore b/.gitignore
index 0b5b4b52..bf9c0a1c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,6 +70,7 @@ test/crypt-des
 test/crypt-gost-yescrypt
 test/crypt-kat
 test/crypt-md5
+test/crypt-multithread
 test/crypt-nthash
 test/crypt-pbkdf1-sha1
 test/crypt-scrypt
diff --git a/NEWS b/NEWS
index 2fae0c87..06b27092 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,15 @@ Version 4.4.37
 * Several fixes to the manpages (issue #185).
 * Add binary compatibility for x86_64 GNU/Hurd (issue #189).
 * Only test the needed makecontext signature during configure (issue #178).
+* crypt and crypt_gensalt now use per-thread storage areas for their
+  output, allocated upon the first call in each thread that uses them.
+  This makes it safe to call these functions from multiple threads
+  simultaneously (but consecutive calls will still clobber the
+  previous output).
+  This feature is a safety net against sloppy coding.  Programs are
+  still strongly encouraged to use the reentrant functions instead,
+  because this safety net is not guaranteed by any standard
+  (although we are informed that Solaris also does this).
 
 Version 4.4.36
 * Fix left over bits failing with Perl v5.38.0 (issue #173).
diff --git a/TODO.md b/TODO.md
index e6b8f257..269cf782 100644
--- a/TODO.md
+++ b/TODO.md
@@ -67,15 +67,6 @@ It was last updated 20 October 2018.
     * If we do, should it know how to trigger the trusted-path
       password prompt in modern GUI environments? (probably)
 
-  * Make the crypt and crypt_gensalt static state thread-specific?
-    * Solaris 11 may have done this (its `crypt(3)` manpage describes
-      it as MT-Safe and I don’t see any other way they could have
-      accomplished that).
-    * if allocated on first use, this would also shave 32kB of
-      data segment off the shared library
-    * alternatively, add a global lock and *crash the program* if we
-      detect concurrent calls
-
   * Allow access to more of yescrypt’s tunable parameters and ROM
     feature, in a way that’s generic enough that we could also use it
     for e.g. Argon2’s tunable parameters