From 8839a939ee7681f8ca42846d05ce19b3df1e55d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 28 Mar 2022 08:38:26 +0200 Subject: [PATCH 1/8] libs/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List of changes since previous release from 2018 is quite long: * Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there. Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release. This release is not available on @SF (yet?) so the sources are now pulled from GitHub. Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar --- package/libs/zlib/Makefile | 11 +- .../001-neon-implementation-of-adler32.patch | 21 +- ...x-compressor-crash-on-certain-inputs.patch | 343 ------------------ 3 files changed, 13 insertions(+), 362 deletions(-) delete mode 100644 package/libs/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch diff --git a/package/libs/zlib/Makefile b/package/libs/zlib/Makefile index 7321ec51c5..8512394ff4 100644 --- a/package/libs/zlib/Makefile +++ b/package/libs/zlib/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zlib -PKG_VERSION:=1.2.11 -PKG_RELEASE:=4 +PKG_VERSION:=1.2.12 +PKG_RELEASE:=$(AUTORELEASE) -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@SF/libpng http://www.zlib.net -PKG_HASH:=4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/madler/zlib +PKG_MIRROR_HASH:=a162fc219763635f0c1591ec515d4b08684e4b0bfb4b1c8e65e4eab18d597c27 +PKG_SOURCE_VERSION:=21767c654d31d2dccdde4330529775c6c5fd5389 PKG_LICENSE:=Zlib PKG_LICENSE_FILES:=README diff --git a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch index 843ef45c7d..9ed784e3d3 100644 --- a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch +++ b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch @@ -21,11 +21,9 @@ https://bugs.chromium.org/p/chromium/issues/detail?id=688601 4 files changed, 166 insertions(+), 8 deletions(-) create mode 100644 contrib/arm/neon_adler32.c -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 0fe939df..8e75f664 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -7,6 +7,7 @@ set(VERSION "1.2.11") +@@ -7,6 +7,7 @@ set(VERSION "1.2.12") option(ASM686 "Enable building i686 assembly implementation") option(AMD64 "Enable building amd64 assembly implementation") @@ -94,23 +92,18 @@ index d0be4380..45ebaa4b 100644 } /* ========================================================================= */ -diff --git a/contrib/README.contrib b/contrib/README.contrib -index a411d5c3..3fd1d202 100644 --- a/contrib/README.contrib +++ b/contrib/README.contrib -@@ -12,6 +12,9 @@ amd64/ by Mikhail Teterin - asm code for AMD64 - See patch at http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/96393 +@@ -8,6 +8,9 @@ ada/ by Dmitriy Anisimkov + ARM optimizations (NEON and ARMv8 code). + - asm686/ by Brian Raiter - asm code for Pentium and PPro/PII, using the AT&T (GNU as) syntax - See http://www.muppetlabs.com/~breadbox/software/assembly.html -diff --git a/contrib/arm/neon_adler32.c b/contrib/arm/neon_adler32.c -new file mode 100644 -index 00000000..f173a74f + blast/ by Mark Adler + Decompressor for output of PKWare Data Compression Library (DCL) + --- /dev/null +++ b/contrib/arm/neon_adler32.c @@ -0,0 +1,137 @@ diff --git a/package/libs/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch b/package/libs/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch deleted file mode 100644 index 9f37ba5c58..0000000000 --- a/package/libs/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Tue, 17 Apr 2018 22:09:22 -0700 -Subject: [PATCH] Fix a bug that can crash deflate on some input when using - Z_FIXED. - -This bug was reported by Danilo Ramos of Eideticom, Inc. It has -lain in wait 13 years before being found! The bug was introduced -in zlib 1.2.2.2, with the addition of the Z_FIXED option. That -option forces the use of fixed Huffman codes. For rare inputs with -a large number of distant matches, the pending buffer into which -the compressed data is written can overwrite the distance symbol -table which it overlays. That results in corrupted output due to -invalid distances, and can result in out-of-bound accesses, -crashing the application. - -The fix here combines the distance buffer and literal/length -buffers into a single symbol buffer. Now three bytes of pending -buffer space are opened up for each literal or length/distance -pair consumed, instead of the previous two bytes. This assures -that the pending buffer cannot overwrite the symbol table, since -the maximum fixed code compressed length/distance is 31 bits, and -since there are four bytes of pending space for every three bytes -of symbol space. ---- - deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++--------------- - deflate.h | 25 +++++++++---------- - trees.c | 50 +++++++++++-------------------------- - 3 files changed, 79 insertions(+), 70 deletions(-) - -diff --git a/deflate.c b/deflate.c -index 425babc00..19cba873a 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - int wrap = 1; - static const char my_version[] = ZLIB_VERSION; - -- ushf *overlay; -- /* We overlay pending_buf and d_buf+l_buf. This works since the average -- * output size for (length,distance) codes is <= 24 bits. -- */ -- - if (version == Z_NULL || version[0] != my_version[0] || - stream_size != sizeof(z_stream)) { - return Z_VERSION_ERROR; -@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - -- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); -- s->pending_buf = (uchf *) overlay; -- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); -+ /* We overlay pending_buf and sym_buf. This works since the average size -+ * for length/distance pairs over any compressed block is assured to be 31 -+ * bits or less. -+ * -+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 -+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are -+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest -+ * possible fixed-codes length/distance pair is then 31 bits total. -+ * -+ * sym_buf starts one-fourth of the way into pending_buf. So there are -+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol -+ * in sym_buf is three bytes -- two for the distance and one for the -+ * literal/length. As each symbol is consumed, the pointer to the next -+ * sym_buf value to read moves forward three bytes. From that symbol, up to -+ * 31 bits are written to pending_buf. The closest the written pending_buf -+ * bits gets to the next sym_buf symbol to read is just before the last -+ * code is written. At that time, 31*(n-2) bits have been written, just -+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at -+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 -+ * symbols are written.) The closest the writing gets to what is unread is -+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and -+ * can range from 128 to 32768. -+ * -+ * Therefore, at a minimum, there are 142 bits of space between what is -+ * written and what is read in the overlain buffers, so the symbols cannot -+ * be overwritten by the compressed data. That space is actually 139 bits, -+ * due to the three-bit fixed-code block header. -+ * -+ * That covers the case where either Z_FIXED is specified, forcing fixed -+ * codes, or when the use of fixed codes is chosen, because that choice -+ * results in a smaller compressed block than dynamic codes. That latter -+ * condition then assures that the above analysis also covers all dynamic -+ * blocks. A dynamic-code block will only be chosen to be emitted if it has -+ * fewer bits than a fixed-code block would for the same set of symbols. -+ * Therefore its average symbol length is assured to be less than 31. So -+ * the compressed data for a dynamic block also cannot overwrite the -+ * symbols from which it is being constructed. -+ */ -+ -+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); -+ s->pending_buf_size = (ulg)s->lit_bufsize * 4; - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { -@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - deflateEnd (strm); - return Z_MEM_ERROR; - } -- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); -- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; -+ s->sym_buf = s->pending_buf + s->lit_bufsize; -+ s->sym_end = (s->lit_bufsize - 1) * 3; -+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K -+ * on 16 bit machines and because stored blocks are restricted to -+ * 64K-1 bytes. -+ */ - - s->level = level; - s->strategy = strategy; -@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value) - - if (deflateStateCheck(strm)) return Z_STREAM_ERROR; - s = strm->state; -- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) -+ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) - return Z_BUF_ERROR; - do { - put = Buf_size - s->bi_valid; -@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source) - #else - deflate_state *ds; - deflate_state *ss; -- ushf *overlay; - - - if (deflateStateCheck(source) || dest == Z_NULL) { -@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source) - ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); - ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); - ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); -- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); -- ds->pending_buf = (uchf *) overlay; -+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); - - if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || - ds->pending_buf == Z_NULL) { -@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source) - zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); - - ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); -- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); -- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; -+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; - - ds->l_desc.dyn_tree = ds->dyn_ltree; - ds->d_desc.dyn_tree = ds->dyn_dtree; -@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -diff --git a/deflate.h b/deflate.h -index 23ecdd312..d4cf1a98b 100644 ---- a/deflate.h -+++ b/deflate.h -@@ -217,7 +217,7 @@ typedef struct internal_state { - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - -- uchf *l_buf; /* buffer for literals or lengths */ -+ uchf *sym_buf; /* buffer for distances and literals/lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for -@@ -239,13 +239,8 @@ typedef struct internal_state { - * - I can't count above 4 - */ - -- uInt last_lit; /* running index in l_buf */ -- -- ushf *d_buf; -- /* Buffer for distances. To simplify the code, d_buf and l_buf have -- * the same number of elements. To use different lengths, an extra flag -- * array would be necessary. -- */ -+ uInt sym_next; /* running index in sym_buf */ -+ uInt sym_end; /* symbol table full when sym_next reaches this */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ -@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, - - # define _tr_tally_lit(s, c, flush) \ - { uch cc = (c); \ -- s->d_buf[s->last_lit] = 0; \ -- s->l_buf[s->last_lit++] = cc; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = cc; \ - s->dyn_ltree[cc].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - # define _tr_tally_dist(s, distance, length, flush) \ - { uch len = (uch)(length); \ - ush dist = (ush)(distance); \ -- s->d_buf[s->last_lit] = dist; \ -- s->l_buf[s->last_lit++] = len; \ -+ s->sym_buf[s->sym_next++] = dist; \ -+ s->sym_buf[s->sym_next++] = dist >> 8; \ -+ s->sym_buf[s->sym_next++] = len; \ - dist--; \ - s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ - s->dyn_dtree[d_code(dist)].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - #else - # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) -diff --git a/trees.c b/trees.c -index 4f4a65011..decaeb7c3 100644 ---- a/trees.c -+++ b/trees.c -@@ -416,7 +416,7 @@ local void init_block(s) - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; -- s->last_lit = s->matches = 0; -+ s->sym_next = s->matches = 0; - } - - #define SMALLEST 1 -@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, -- s->last_lit)); -+ s->sym_next / 3)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - -@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) - unsigned dist; /* distance of matched string */ - unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ - { -- s->d_buf[s->last_lit] = (ush)dist; -- s->l_buf[s->last_lit++] = (uch)lc; -+ s->sym_buf[s->sym_next++] = dist; -+ s->sym_buf[s->sym_next++] = dist >> 8; -+ s->sym_buf[s->sym_next++] = lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; -@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) - s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } -- --#ifdef TRUNCATE_BLOCK -- /* Try to guess if it is profitable to stop the current block here */ -- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { -- /* Compute an upper bound for the compressed length */ -- ulg out_length = (ulg)s->last_lit*8L; -- ulg in_length = (ulg)((long)s->strstart - s->block_start); -- int dcode; -- for (dcode = 0; dcode < D_CODES; dcode++) { -- out_length += (ulg)s->dyn_dtree[dcode].Freq * -- (5L+extra_dbits[dcode]); -- } -- out_length >>= 3; -- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", -- s->last_lit, in_length, out_length, -- 100L - out_length*100L/in_length)); -- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; -- } --#endif -- return (s->last_lit == s->lit_bufsize-1); -- /* We avoid equality with lit_bufsize because of wraparound at 64K -- * on 16 bit machines and because stored blocks are restricted to -- * 64K-1 bytes. -- */ -+ return (s->sym_next == s->sym_end); - } - - /* =========================================================================== -@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree) - { - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ -- unsigned lx = 0; /* running index in l_buf */ -+ unsigned sx = 0; /* running index in sym_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - -- if (s->last_lit != 0) do { -- dist = s->d_buf[lx]; -- lc = s->l_buf[lx++]; -+ if (s->sym_next != 0) do { -+ dist = s->sym_buf[sx++] & 0xff; -+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; -+ lc = s->sym_buf[sx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); -@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree) - } - } /* literal or match pair ? */ - -- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ -- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, -- "pendingBuf overflow"); -+ /* Check that the overlay between pending_buf and sym_buf is ok: */ -+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); - -- } while (lx < s->last_lit); -+ } while (sx < s->sym_next); - - send_code(s, END_BLOCK, ltree); - } From 3eb777e1807f52b51c812fe691b811da6af44d77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 28 Mar 2022 08:41:54 +0200 Subject: [PATCH 2/8] libs/zlib: fix implicit function declaration warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes following warning: adler32.c:141:12: warning: implicit declaration of function 'NEON_adler32' [-Wimplicit-function-declaration] 141 | return NEON_adler32(adler, buf, len); Signed-off-by: Petr Štetiar --- .../zlib/patches/001-neon-implementation-of-adler32.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch index 9ed784e3d3..c5517299d7 100644 --- a/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch +++ b/package/libs/zlib/patches/001-neon-implementation-of-adler32.patch @@ -75,16 +75,16 @@ https://bugs.chromium.org/p/chromium/issues/detail?id=688601 set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL) set_target_properties(zlib PROPERTIES SOVERSION 1) -diff --git a/adler32.c b/adler32.c -index d0be4380..45ebaa4b 100644 --- a/adler32.c +++ b/adler32.c -@@ -136,7 +136,12 @@ uLong ZEXPORT adler32(adler, buf, len) +@@ -136,7 +136,14 @@ uLong ZEXPORT adler32(adler, buf, len) const Bytef *buf; uInt len; { +#ifdef ARMv8 +# pragma message("Using NEON-ized Adler32.") ++unsigned long NEON_adler32(unsigned long adler, const unsigned char *buf, ++ const unsigned int len); + return NEON_adler32(adler, buf, len); +#else return adler32_z(adler, buf, len); From 9d8f620679df7f6f58ba1452311400da088a404b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 28 Mar 2022 08:43:41 +0200 Subject: [PATCH 3/8] tools/zlib: bump to latest stable release 1.2.12 (CVE-2018-25032) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List of changes since previous release from 2018 is quite long: * Fix crc32.c to compile local functions only if used. * Check for cc masquerading as gcc or clang in configure. * Remove destructive aspects of make distclean. * Separate out address sanitizing from warnings in configure. * Eliminate use of ULL constants. * Add fallthrough comments for gcc. * Clean up minizip to reduce warnings for testing. * Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner) * minizip warning fix if MAXU32 already defined. (gvollant) * Replace black/white with allow/block. (theresa-m) * Fix indentation in minizip's zip.c. * Improve portability of contrib/minizip. * Correct typo in blast.c. * Change macro name in inflate.c to avoid collision in VxWorks. * Clarify gz* function interfaces, referring to parameter names. * Fix error in comment on the polynomial representation of a byte. * Fix memory leak on error in gzlog.c. * Avoid adding empty gzip member after gzflush with Z_FINISH. * Explicitly note that the 32-bit check values are 32 bits. * Use ARM crc32 instructions if the ARM architecture has them. * Add use of the ARMv8 crc32 instructions when requested. * Correct comment in crc32.c. * Don't bother computing check value after successful inflateSync(). * Use atomic test and set, if available, for dynamic CRC tables. * Speed up software CRC-32 computation by a factor of 1.5 to 3. * Add crc32_combine_gen() and crc32_combine_op() for fast combines. * Add tables for crc32_combine(), to speed it up by a factor of 200. * Fix the zran.c example to work on a multiple-member gzip file. * Add gznorm.c example, which normalizes gzip files. * Show all the codes for the maximum tables size in enough.c. * Clarify that prefix codes are counted in enough.c. * Use inline function instead of macro for index in enough.c. * Clean up code style in enough.c, update version. * Use a macro for the printf format of big_t in enough.c. * Use a structure to make globals in enough.c evident. * Assure that the number of bits for deflatePrime() is valid. * Fix a bug that can crash deflate on some input when using Z_FIXED. * Correct the initialization requirements for deflateInit2(). * Emphasize the need to continue decompressing gzip members. * Add legal disclaimer to README. * Fix deflateEnd() to not report an error at start of raw deflate. * Remove old assembler code in which bugs have manifested. * Make the names in functions declarations identical to definitions. * Avoid an undefined behavior of memcpy() in _tr_stored_block(). * Avoid undefined behaviors of memcpy() in gz*printf(). * Avoid an undefined behavior of memcpy() in gzappend(). * Avoid the use of ptrdiff_t. * Handle case where inflateSync used when header never processed. * Don't compute check value for raw inflate if asked to validate. * Add address checking in clang to -w option of configure. * Return an error if the gzputs string length can't fit in an int. * Small speedup to inflate [psumbera]. * Update use of errno for newer Windows CE versions. * Avoid some conversion warnings in gzread.c and gzwrite.c. * Have Makefile return non-zero error code on test failure. * Avoid a conversion error in gzseek when off_t type too small. * Fix CLEAR_HASH macro to be usable as a single statement. * Fix bug when window full in deflate_stored(). * Limit hash table inserts after switch from stored deflate. * Permit a deflateParams() parameter change as soon as possible. * Cygwin does not have _wopen(), so do not create gzopen_w() there. Removed 006-fix-compressor-crash-on-certain-inputs.patch which was hotfix for CVE-2018-25032 and is now included in this release. This release is not available on @SF (yet?) so the sources are now pulled from GitHub. Fixes: CVE-2018-25032 Signed-off-by: Petr Štetiar --- tools/zlib/Makefile | 11 +- ...x-compressor-crash-on-certain-inputs.patch | 343 ------------------ 2 files changed, 6 insertions(+), 348 deletions(-) delete mode 100644 tools/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch diff --git a/tools/zlib/Makefile b/tools/zlib/Makefile index c83cc6d55b..58315b8083 100644 --- a/tools/zlib/Makefile +++ b/tools/zlib/Makefile @@ -8,12 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=zlib -PKG_VERSION:=1.2.11 -PKG_RELEASE:=2 +PKG_VERSION:=1.2.12 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_SOURCE_URL:=@SF/libpng http://www.zlib.net -PKG_HASH:=4ff941449631ace0d4d203e3483be9dbc9da454084111f97ea0a2114e19bf066 +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/madler/zlib +PKG_MIRROR_HASH:=a162fc219763635f0c1591ec515d4b08684e4b0bfb4b1c8e65e4eab18d597c27 +PKG_SOURCE_VERSION:=21767c654d31d2dccdde4330529775c6c5fd5389 PKG_LICENSE:=Zlib PKG_LICENSE_FILES:=README diff --git a/tools/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch b/tools/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch deleted file mode 100644 index 9f37ba5c58..0000000000 --- a/tools/zlib/patches/006-fix-compressor-crash-on-certain-inputs.patch +++ /dev/null @@ -1,343 +0,0 @@ -From 5c44459c3b28a9bd3283aaceab7c615f8020c531 Mon Sep 17 00:00:00 2001 -From: Mark Adler -Date: Tue, 17 Apr 2018 22:09:22 -0700 -Subject: [PATCH] Fix a bug that can crash deflate on some input when using - Z_FIXED. - -This bug was reported by Danilo Ramos of Eideticom, Inc. It has -lain in wait 13 years before being found! The bug was introduced -in zlib 1.2.2.2, with the addition of the Z_FIXED option. That -option forces the use of fixed Huffman codes. For rare inputs with -a large number of distant matches, the pending buffer into which -the compressed data is written can overwrite the distance symbol -table which it overlays. That results in corrupted output due to -invalid distances, and can result in out-of-bound accesses, -crashing the application. - -The fix here combines the distance buffer and literal/length -buffers into a single symbol buffer. Now three bytes of pending -buffer space are opened up for each literal or length/distance -pair consumed, instead of the previous two bytes. This assures -that the pending buffer cannot overwrite the symbol table, since -the maximum fixed code compressed length/distance is 31 bits, and -since there are four bytes of pending space for every three bytes -of symbol space. ---- - deflate.c | 74 ++++++++++++++++++++++++++++++++++++++++--------------- - deflate.h | 25 +++++++++---------- - trees.c | 50 +++++++++++-------------------------- - 3 files changed, 79 insertions(+), 70 deletions(-) - -diff --git a/deflate.c b/deflate.c -index 425babc00..19cba873a 100644 ---- a/deflate.c -+++ b/deflate.c -@@ -255,11 +255,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - int wrap = 1; - static const char my_version[] = ZLIB_VERSION; - -- ushf *overlay; -- /* We overlay pending_buf and d_buf+l_buf. This works since the average -- * output size for (length,distance) codes is <= 24 bits. -- */ -- - if (version == Z_NULL || version[0] != my_version[0] || - stream_size != sizeof(z_stream)) { - return Z_VERSION_ERROR; -@@ -329,9 +324,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - -- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2); -- s->pending_buf = (uchf *) overlay; -- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L); -+ /* We overlay pending_buf and sym_buf. This works since the average size -+ * for length/distance pairs over any compressed block is assured to be 31 -+ * bits or less. -+ * -+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5 -+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are -+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest -+ * possible fixed-codes length/distance pair is then 31 bits total. -+ * -+ * sym_buf starts one-fourth of the way into pending_buf. So there are -+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol -+ * in sym_buf is three bytes -- two for the distance and one for the -+ * literal/length. As each symbol is consumed, the pointer to the next -+ * sym_buf value to read moves forward three bytes. From that symbol, up to -+ * 31 bits are written to pending_buf. The closest the written pending_buf -+ * bits gets to the next sym_buf symbol to read is just before the last -+ * code is written. At that time, 31*(n-2) bits have been written, just -+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at -+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1 -+ * symbols are written.) The closest the writing gets to what is unread is -+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and -+ * can range from 128 to 32768. -+ * -+ * Therefore, at a minimum, there are 142 bits of space between what is -+ * written and what is read in the overlain buffers, so the symbols cannot -+ * be overwritten by the compressed data. That space is actually 139 bits, -+ * due to the three-bit fixed-code block header. -+ * -+ * That covers the case where either Z_FIXED is specified, forcing fixed -+ * codes, or when the use of fixed codes is chosen, because that choice -+ * results in a smaller compressed block than dynamic codes. That latter -+ * condition then assures that the above analysis also covers all dynamic -+ * blocks. A dynamic-code block will only be chosen to be emitted if it has -+ * fewer bits than a fixed-code block would for the same set of symbols. -+ * Therefore its average symbol length is assured to be less than 31. So -+ * the compressed data for a dynamic block also cannot overwrite the -+ * symbols from which it is being constructed. -+ */ -+ -+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4); -+ s->pending_buf_size = (ulg)s->lit_bufsize * 4; - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { -@@ -340,8 +373,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy, - deflateEnd (strm); - return Z_MEM_ERROR; - } -- s->d_buf = overlay + s->lit_bufsize/sizeof(ush); -- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize; -+ s->sym_buf = s->pending_buf + s->lit_bufsize; -+ s->sym_end = (s->lit_bufsize - 1) * 3; -+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K -+ * on 16 bit machines and because stored blocks are restricted to -+ * 64K-1 bytes. -+ */ - - s->level = level; - s->strategy = strategy; -@@ -552,7 +589,7 @@ int ZEXPORT deflatePrime (strm, bits, value) - - if (deflateStateCheck(strm)) return Z_STREAM_ERROR; - s = strm->state; -- if ((Bytef *)(s->d_buf) < s->pending_out + ((Buf_size + 7) >> 3)) -+ if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3)) - return Z_BUF_ERROR; - do { - put = Buf_size - s->bi_valid; -@@ -1113,7 +1150,6 @@ int ZEXPORT deflateCopy (dest, source) - #else - deflate_state *ds; - deflate_state *ss; -- ushf *overlay; - - - if (deflateStateCheck(source) || dest == Z_NULL) { -@@ -1133,8 +1169,7 @@ int ZEXPORT deflateCopy (dest, source) - ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); - ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos)); - ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos)); -- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2); -- ds->pending_buf = (uchf *) overlay; -+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4); - - if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL || - ds->pending_buf == Z_NULL) { -@@ -1148,8 +1183,7 @@ int ZEXPORT deflateCopy (dest, source) - zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size); - - ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); -- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush); -- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize; -+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize; - - ds->l_desc.dyn_tree = ds->dyn_ltree; - ds->d_desc.dyn_tree = ds->dyn_dtree; -@@ -1925,7 +1959,7 @@ local block_state deflate_fast(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2056,7 +2090,7 @@ local block_state deflate_slow(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2131,7 +2165,7 @@ local block_state deflate_rle(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -@@ -2170,7 +2204,7 @@ local block_state deflate_huff(s, flush) - FLUSH_BLOCK(s, 1); - return finish_done; - } -- if (s->last_lit) -+ if (s->sym_next) - FLUSH_BLOCK(s, 0); - return block_done; - } -diff --git a/deflate.h b/deflate.h -index 23ecdd312..d4cf1a98b 100644 ---- a/deflate.h -+++ b/deflate.h -@@ -217,7 +217,7 @@ typedef struct internal_state { - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - -- uchf *l_buf; /* buffer for literals or lengths */ -+ uchf *sym_buf; /* buffer for distances and literals/lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for -@@ -239,13 +239,8 @@ typedef struct internal_state { - * - I can't count above 4 - */ - -- uInt last_lit; /* running index in l_buf */ -- -- ushf *d_buf; -- /* Buffer for distances. To simplify the code, d_buf and l_buf have -- * the same number of elements. To use different lengths, an extra flag -- * array would be necessary. -- */ -+ uInt sym_next; /* running index in sym_buf */ -+ uInt sym_end; /* symbol table full when sym_next reaches this */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ -@@ -325,20 +320,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf, - - # define _tr_tally_lit(s, c, flush) \ - { uch cc = (c); \ -- s->d_buf[s->last_lit] = 0; \ -- s->l_buf[s->last_lit++] = cc; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = 0; \ -+ s->sym_buf[s->sym_next++] = cc; \ - s->dyn_ltree[cc].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - # define _tr_tally_dist(s, distance, length, flush) \ - { uch len = (uch)(length); \ - ush dist = (ush)(distance); \ -- s->d_buf[s->last_lit] = dist; \ -- s->l_buf[s->last_lit++] = len; \ -+ s->sym_buf[s->sym_next++] = dist; \ -+ s->sym_buf[s->sym_next++] = dist >> 8; \ -+ s->sym_buf[s->sym_next++] = len; \ - dist--; \ - s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \ - s->dyn_dtree[d_code(dist)].Freq++; \ -- flush = (s->last_lit == s->lit_bufsize-1); \ -+ flush = (s->sym_next == s->sym_end); \ - } - #else - # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c) -diff --git a/trees.c b/trees.c -index 4f4a65011..decaeb7c3 100644 ---- a/trees.c -+++ b/trees.c -@@ -416,7 +416,7 @@ local void init_block(s) - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; -- s->last_lit = s->matches = 0; -+ s->sym_next = s->matches = 0; - } - - #define SMALLEST 1 -@@ -948,7 +948,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last) - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, -- s->last_lit)); -+ s->sym_next / 3)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - -@@ -1017,8 +1017,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) - unsigned dist; /* distance of matched string */ - unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ - { -- s->d_buf[s->last_lit] = (ush)dist; -- s->l_buf[s->last_lit++] = (uch)lc; -+ s->sym_buf[s->sym_next++] = dist; -+ s->sym_buf[s->sym_next++] = dist >> 8; -+ s->sym_buf[s->sym_next++] = lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; -@@ -1033,30 +1034,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc) - s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } -- --#ifdef TRUNCATE_BLOCK -- /* Try to guess if it is profitable to stop the current block here */ -- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) { -- /* Compute an upper bound for the compressed length */ -- ulg out_length = (ulg)s->last_lit*8L; -- ulg in_length = (ulg)((long)s->strstart - s->block_start); -- int dcode; -- for (dcode = 0; dcode < D_CODES; dcode++) { -- out_length += (ulg)s->dyn_dtree[dcode].Freq * -- (5L+extra_dbits[dcode]); -- } -- out_length >>= 3; -- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", -- s->last_lit, in_length, out_length, -- 100L - out_length*100L/in_length)); -- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; -- } --#endif -- return (s->last_lit == s->lit_bufsize-1); -- /* We avoid equality with lit_bufsize because of wraparound at 64K -- * on 16 bit machines and because stored blocks are restricted to -- * 64K-1 bytes. -- */ -+ return (s->sym_next == s->sym_end); - } - - /* =========================================================================== -@@ -1069,13 +1047,14 @@ local void compress_block(s, ltree, dtree) - { - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ -- unsigned lx = 0; /* running index in l_buf */ -+ unsigned sx = 0; /* running index in sym_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - -- if (s->last_lit != 0) do { -- dist = s->d_buf[lx]; -- lc = s->l_buf[lx++]; -+ if (s->sym_next != 0) do { -+ dist = s->sym_buf[sx++] & 0xff; -+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8; -+ lc = s->sym_buf[sx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); -@@ -1100,11 +1079,10 @@ local void compress_block(s, ltree, dtree) - } - } /* literal or match pair ? */ - -- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ -- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx, -- "pendingBuf overflow"); -+ /* Check that the overlay between pending_buf and sym_buf is ok: */ -+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow"); - -- } while (lx < s->last_lit); -+ } while (sx < s->sym_next); - - send_code(s, END_BLOCK, ltree); - } From 2edc017a6e0cb92b72b768aaa46c6d336ad84eff Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 28 Mar 2022 00:25:56 -0400 Subject: [PATCH 4/8] urandom-seed: use seedrng for seeding the random number generator MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenWRT and tweaked as needed: . This commit imports it into the urandom-seed package and wires up the init scripts to call it. This also is a significant improvement over the current init script, which does not robustly handle cleaning up of seeds and syncing to prevent reuse. Additionally, the existing script creates a new seed immediately after writing an old one, which means that the amount of entropy might actually regress, due to failing to credit the old seed. Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld Signed-off-by: Petr Štetiar [fixed missing INSTALL_DIR] --- package/system/urandom-seed/Makefile | 5 +- .../files/etc/init.d/urandom_seed | 2 +- .../files/lib/preinit/81_urandom_seed | 16 +- .../urandom-seed/files/sbin/urandom_seed | 20 - package/system/urandom-seed/seedrng.c | 434 ++++++++++++++++++ 5 files changed, 442 insertions(+), 35 deletions(-) delete mode 100755 package/system/urandom-seed/files/sbin/urandom_seed create mode 100644 package/system/urandom-seed/seedrng.c diff --git a/package/system/urandom-seed/Makefile b/package/system/urandom-seed/Makefile index 7c5524a9db..0c8d77f445 100644 --- a/package/system/urandom-seed/Makefile +++ b/package/system/urandom-seed/Makefile @@ -9,7 +9,6 @@ include $(INCLUDE_DIR)/package.mk define Package/urandom-seed SECTION:=base CATEGORY:=Base system - DEPENDS:=+getrandom TITLE:=/etc/urandom.seed handling for OpenWrt URL:=https://openwrt.org/ endef @@ -19,11 +18,15 @@ define Build/Prepare endef define Build/Compile/Default + $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_CPPFLAGS) $(TARGET_LDFLAGS) \ + -std=gnu99 -o $(PKG_BUILD_DIR)/seedrng seedrng.c endef Build/Compile = $(Build/Compile/Default) define Package/urandom-seed/install $(CP) ./files/* $(1)/ + $(INSTALL_DIR) $(1)/sbin + $(CP) $(PKG_BUILD_DIR)/seedrng $(1)/sbin/ endef $(eval $(call BuildPackage,urandom-seed)) diff --git a/package/system/urandom-seed/files/etc/init.d/urandom_seed b/package/system/urandom-seed/files/etc/init.d/urandom_seed index 17d9c13400..d6e81c6079 100755 --- a/package/system/urandom-seed/files/etc/init.d/urandom_seed +++ b/package/system/urandom-seed/files/etc/init.d/urandom_seed @@ -5,7 +5,7 @@ USE_PROCD=1 start_service() { procd_open_instance "urandom_seed" - procd_set_param command "/sbin/urandom_seed" + procd_set_param command "/sbin/seedrng" procd_set_param stdout 1 procd_set_param stderr 1 procd_close_instance diff --git a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed index 2adc6c47f0..b3014daeaf 100644 --- a/package/system/urandom-seed/files/lib/preinit/81_urandom_seed +++ b/package/system/urandom-seed/files/lib/preinit/81_urandom_seed @@ -2,21 +2,11 @@ log_urandom_seed() { echo "urandom-seed: $1" > /dev/kmsg } -_do_urandom_seed() { - [ -f "$1" ] || { log_urandom_seed "Seed file not found ($1)"; return; } - [ -O "$1" -a -G "$1" -a ! -x "$1" ] || { log_urandom_seed "Wrong owner / permissions for $1"; return; } - - log_urandom_seed "Seeding with $1" - cat "$1" > /dev/urandom -} - do_urandom_seed() { [ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; } - - _do_urandom_seed "/etc/urandom.seed" - - SEED="$(uci -q get system.@system[0].urandom_seed)" - [ "${SEED:0:1}" = "/" -a "$SEED" != "/etc/urandom.seed" ] && _do_urandom_seed "$SEED" + seedrng 2>&1 | while read -r line; do + log_urandom_seed "$line" + done } boot_hook_add preinit_main do_urandom_seed diff --git a/package/system/urandom-seed/files/sbin/urandom_seed b/package/system/urandom-seed/files/sbin/urandom_seed deleted file mode 100755 index 7043e8af4e..0000000000 --- a/package/system/urandom-seed/files/sbin/urandom_seed +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -set -e - -trap '[ "$?" -eq 0 ] || echo "An error occured" >&2' EXIT - -save() { - touch "$1.tmp" - chown root:root "$1.tmp" - chmod 600 "$1.tmp" - getrandom 512 > "$1.tmp" - mv "$1.tmp" "$1" - echo "Seed saved ($1)" -} - -SEED="$(uci -q get system.@system[0].urandom_seed || true)" -[ "${SEED:0:1}" = "/" ] && save "$SEED" - -SEED=/etc/urandom.seed -[ ! -f $SEED ] && save "$SEED" -true diff --git a/package/system/urandom-seed/seedrng.c b/package/system/urandom-seed/seedrng.c new file mode 100644 index 0000000000..9a2cb10f55 --- /dev/null +++ b/package/system/urandom-seed/seedrng.c @@ -0,0 +1,434 @@ +// SPDX-License-Identifier: (GPL-2.0 OR MIT OR Apache-2.0) +/* + * Copyright (C) 2022 Jason A. Donenfeld . All Rights Reserved. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SEED_DIR "/etc/seedrng" +#define CREDITABLE_SEED SEED_DIR "/seed.credit" +#define NON_CREDITABLE_SEED SEED_DIR "/seed.no-credit" +#define LOCK_FILE "/tmp/run/seedrng.lock" + +enum blake2s_lengths { + BLAKE2S_BLOCK_LEN = 64, + BLAKE2S_HASH_LEN = 32, + BLAKE2S_KEY_LEN = 32 +}; + +enum seedrng_lengths { + MAX_SEED_LEN = 512, + MIN_SEED_LEN = BLAKE2S_HASH_LEN +}; + +struct blake2s_state { + uint32_t h[8]; + uint32_t t[2]; + uint32_t f[2]; + uint8_t buf[BLAKE2S_BLOCK_LEN]; + unsigned int buflen; + unsigned int outlen; +}; + +#define le32_to_cpup(a) le32toh(*(a)) +#define cpu_to_le32(a) htole32(a) +#ifndef ARRAY_SIZE +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +#endif +#ifndef DIV_ROUND_UP +#define DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d)) +#endif + +static inline void cpu_to_le32_array(uint32_t *buf, unsigned int words) +{ + while (words--) { + *buf = cpu_to_le32(*buf); + ++buf; + } +} + +static inline void le32_to_cpu_array(uint32_t *buf, unsigned int words) +{ + while (words--) { + *buf = le32_to_cpup(buf); + ++buf; + } +} + +static inline uint32_t ror32(uint32_t word, unsigned int shift) +{ + return (word >> (shift & 31)) | (word << ((-shift) & 31)); +} + +static const uint32_t blake2s_iv[8] = { + 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, + 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL +}; + +static const uint8_t blake2s_sigma[10][16] = { + { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, + { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, + { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, + { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, + { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, + { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, + { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, + { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, + { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, + { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, +}; + +static void blake2s_set_lastblock(struct blake2s_state *state) +{ + state->f[0] = -1; +} + +static void blake2s_increment_counter(struct blake2s_state *state, const uint32_t inc) +{ + state->t[0] += inc; + state->t[1] += (state->t[0] < inc); +} + +static void blake2s_init_param(struct blake2s_state *state, const uint32_t param) +{ + int i; + + memset(state, 0, sizeof(*state)); + for (i = 0; i < 8; ++i) + state->h[i] = blake2s_iv[i]; + state->h[0] ^= param; +} + +static void blake2s_init(struct blake2s_state *state, const size_t outlen) +{ + blake2s_init_param(state, 0x01010000 | outlen); + state->outlen = outlen; +} + +static void blake2s_compress(struct blake2s_state *state, const uint8_t *block, size_t nblocks, const uint32_t inc) +{ + uint32_t m[16]; + uint32_t v[16]; + int i; + + while (nblocks > 0) { + blake2s_increment_counter(state, inc); + memcpy(m, block, BLAKE2S_BLOCK_LEN); + le32_to_cpu_array(m, ARRAY_SIZE(m)); + memcpy(v, state->h, 32); + v[ 8] = blake2s_iv[0]; + v[ 9] = blake2s_iv[1]; + v[10] = blake2s_iv[2]; + v[11] = blake2s_iv[3]; + v[12] = blake2s_iv[4] ^ state->t[0]; + v[13] = blake2s_iv[5] ^ state->t[1]; + v[14] = blake2s_iv[6] ^ state->f[0]; + v[15] = blake2s_iv[7] ^ state->f[1]; + +#define G(r, i, a, b, c, d) do { \ + a += b + m[blake2s_sigma[r][2 * i + 0]]; \ + d = ror32(d ^ a, 16); \ + c += d; \ + b = ror32(b ^ c, 12); \ + a += b + m[blake2s_sigma[r][2 * i + 1]]; \ + d = ror32(d ^ a, 8); \ + c += d; \ + b = ror32(b ^ c, 7); \ +} while (0) + +#define ROUND(r) do { \ + G(r, 0, v[0], v[ 4], v[ 8], v[12]); \ + G(r, 1, v[1], v[ 5], v[ 9], v[13]); \ + G(r, 2, v[2], v[ 6], v[10], v[14]); \ + G(r, 3, v[3], v[ 7], v[11], v[15]); \ + G(r, 4, v[0], v[ 5], v[10], v[15]); \ + G(r, 5, v[1], v[ 6], v[11], v[12]); \ + G(r, 6, v[2], v[ 7], v[ 8], v[13]); \ + G(r, 7, v[3], v[ 4], v[ 9], v[14]); \ +} while (0) + ROUND(0); + ROUND(1); + ROUND(2); + ROUND(3); + ROUND(4); + ROUND(5); + ROUND(6); + ROUND(7); + ROUND(8); + ROUND(9); + +#undef G +#undef ROUND + + for (i = 0; i < 8; ++i) + state->h[i] ^= v[i] ^ v[i + 8]; + + block += BLAKE2S_BLOCK_LEN; + --nblocks; + } +} + +static void blake2s_update(struct blake2s_state *state, const void *inp, size_t inlen) +{ + const size_t fill = BLAKE2S_BLOCK_LEN - state->buflen; + const uint8_t *in = inp; + + if (!inlen) + return; + if (inlen > fill) { + memcpy(state->buf + state->buflen, in, fill); + blake2s_compress(state, state->buf, 1, BLAKE2S_BLOCK_LEN); + state->buflen = 0; + in += fill; + inlen -= fill; + } + if (inlen > BLAKE2S_BLOCK_LEN) { + const size_t nblocks = DIV_ROUND_UP(inlen, BLAKE2S_BLOCK_LEN); + blake2s_compress(state, in, nblocks - 1, BLAKE2S_BLOCK_LEN); + in += BLAKE2S_BLOCK_LEN * (nblocks - 1); + inlen -= BLAKE2S_BLOCK_LEN * (nblocks - 1); + } + memcpy(state->buf + state->buflen, in, inlen); + state->buflen += inlen; +} + +static void blake2s_final(struct blake2s_state *state, uint8_t *out) +{ + blake2s_set_lastblock(state); + memset(state->buf + state->buflen, 0, BLAKE2S_BLOCK_LEN - state->buflen); + blake2s_compress(state, state->buf, 1, state->buflen); + cpu_to_le32_array(state->h, ARRAY_SIZE(state->h)); + memcpy(out, state->h, state->outlen); +} + +static size_t determine_optimal_seed_len(void) +{ + size_t ret = 0; + char poolsize_str[11] = { 0 }; + int fd = open("/proc/sys/kernel/random/poolsize", O_RDONLY); + + if (fd < 0 || read(fd, poolsize_str, sizeof(poolsize_str) - 1) < 0) { + fprintf(stderr, "WARNING: Unable to determine pool size, falling back to %u bits: %s\n", MIN_SEED_LEN * 8, strerror(errno)); + ret = MIN_SEED_LEN; + } else + ret = DIV_ROUND_UP(strtoul(poolsize_str, NULL, 10), 8); + if (fd >= 0) + close(fd); + if (ret < MIN_SEED_LEN) + ret = MIN_SEED_LEN; + else if (ret > MAX_SEED_LEN) + ret = MAX_SEED_LEN; + return ret; +} + +static int read_new_seed(uint8_t *seed, size_t len, bool *is_creditable) +{ + ssize_t ret; + int urandom_fd; + + *is_creditable = false; + ret = getrandom(seed, len, GRND_NONBLOCK); + if (ret == (ssize_t)len) { + *is_creditable = true; + return 0; + } else if (ret < 0 && errno == ENOSYS) { + struct pollfd random_fd = { + .fd = open("/dev/random", O_RDONLY), + .events = POLLIN + }; + if (random_fd.fd < 0) + return -errno; + *is_creditable = poll(&random_fd, 1, 0) == 1; + close(random_fd.fd); + } else if (getrandom(seed, len, GRND_INSECURE) == (ssize_t)len) + return 0; + urandom_fd = open("/dev/urandom", O_RDONLY); + if (urandom_fd < 0) + return -errno; + ret = read(urandom_fd, seed, len); + if (ret == (ssize_t)len) + ret = 0; + else + ret = -errno ? -errno : -EIO; + close(urandom_fd); + return ret; +} + +static int seed_rng(uint8_t *seed, size_t len, bool credit) +{ + struct { + int entropy_count; + int buf_size; + uint8_t buffer[MAX_SEED_LEN]; + } req = { + .entropy_count = credit ? len * 8 : 0, + .buf_size = len + }; + int random_fd, ret; + + if (len > sizeof(req.buffer)) + return -EFBIG; + memcpy(req.buffer, seed, len); + + random_fd = open("/dev/random", O_RDWR); + if (random_fd < 0) + return -errno; + ret = ioctl(random_fd, RNDADDENTROPY, &req); + if (ret) + ret = -errno ? -errno : -EIO; + close(random_fd); + return ret; +} + +static int seed_from_file_if_exists(const char *filename, bool credit, struct blake2s_state *hash) +{ + uint8_t seed[MAX_SEED_LEN]; + ssize_t seed_len; + int fd, dfd, ret = 0; + + fd = open(filename, O_RDONLY); + if (fd < 0 && errno == ENOENT) + return 0; + else if (fd < 0) { + ret = -errno; + fprintf(stderr, "ERROR: Unable to open seed file: %s\n", strerror(errno)); + return ret; + } + dfd = open(SEED_DIR, O_DIRECTORY | O_RDONLY); + if (dfd < 0) { + ret = -errno; + close(fd); + fprintf(stderr, "ERROR: Unable to open seed directory: %s\n", strerror(errno)); + return ret; + } + seed_len = read(fd, seed, sizeof(seed)); + if (seed_len < 0) { + ret = -errno; + fprintf(stderr, "ERROR: Unable to read seed file: %s\n", strerror(errno)); + } + close(fd); + if (ret) { + close(dfd); + return ret; + } + if ((unlink(filename) < 0 || fsync(dfd) < 0) && seed_len) { + ret = -errno; + fprintf(stderr, "ERROR: Unable to remove seed after reading, so not seeding: %s\n", strerror(errno)); + } + close(dfd); + if (ret) + return ret; + if (!seed_len) + return 0; + + blake2s_update(hash, &seed_len, sizeof(seed_len)); + blake2s_update(hash, seed, seed_len); + + fprintf(stdout, "Seeding %zd bits %s crediting\n", seed_len * 8, credit ? "and" : "without"); + ret = seed_rng(seed, seed_len, credit); + if (ret < 0) + fprintf(stderr, "ERROR: Unable to seed: %s\n", strerror(-ret)); + return ret; +} + +static bool skip_credit(void) +{ + const char *skip = getenv("SEEDRNG_SKIP_CREDIT"); + return skip && (!strcmp(skip, "1") || !strcasecmp(skip, "true") || + !strcasecmp(skip, "yes") || !strcasecmp(skip, "y")); +} + +int main(int argc __attribute__((unused)), char *argv[] __attribute__((unused))) +{ + static const char seedrng_prefix[] = "SeedRNG v1 Old+New Prefix"; + static const char seedrng_failure[] = "SeedRNG v1 No New Seed Failure"; + int ret, fd = -1, lock, program_ret = 0; + uint8_t new_seed[MAX_SEED_LEN]; + size_t new_seed_len; + bool new_seed_creditable; + struct timespec realtime = { 0 }, boottime = { 0 }; + struct blake2s_state hash; + + umask(0077); + if (getuid()) { + fprintf(stderr, "ERROR: This program requires root\n"); + return 1; + } + + blake2s_init(&hash, BLAKE2S_HASH_LEN); + blake2s_update(&hash, seedrng_prefix, strlen(seedrng_prefix)); + clock_gettime(CLOCK_REALTIME, &realtime); + clock_gettime(CLOCK_BOOTTIME, &boottime); + blake2s_update(&hash, &realtime, sizeof(realtime)); + blake2s_update(&hash, &boottime, sizeof(boottime)); + + if (mkdir(SEED_DIR, 0700) < 0 && errno != EEXIST) { + fprintf(stderr, "ERROR: Unable to create \"%s\" directory: %s\n", SEED_DIR, strerror(errno)); + return 1; + } + + lock = open(LOCK_FILE, O_WRONLY | O_CREAT, 0000); + if (lock < 0 || flock(lock, LOCK_EX) < 0) { + fprintf(stderr, "ERROR: Unable to open lock file: %s\n", strerror(errno)); + program_ret = 1; + goto out; + } + + ret = seed_from_file_if_exists(NON_CREDITABLE_SEED, false, &hash); + if (ret < 0) + program_ret |= 1 << 1; + ret = seed_from_file_if_exists(CREDITABLE_SEED, !skip_credit(), &hash); + if (ret < 0) + program_ret |= 1 << 2; + + new_seed_len = determine_optimal_seed_len(); + ret = read_new_seed(new_seed, new_seed_len, &new_seed_creditable); + if (ret < 0) { + fprintf(stderr, "ERROR: Unable to read new seed: %s\n", strerror(-ret)); + new_seed_len = BLAKE2S_HASH_LEN; + strncpy((char *)new_seed, seedrng_failure, new_seed_len); + program_ret |= 1 << 3; + } + blake2s_update(&hash, &new_seed_len, sizeof(new_seed_len)); + blake2s_update(&hash, new_seed, new_seed_len); + blake2s_final(&hash, new_seed + new_seed_len - BLAKE2S_HASH_LEN); + + fprintf(stdout, "Saving %zu bits of %s seed for next boot\n", new_seed_len * 8, new_seed_creditable ? "creditable" : "non-creditable"); + fd = open(NON_CREDITABLE_SEED, O_WRONLY | O_CREAT | O_TRUNC, 0400); + if (fd < 0) { + fprintf(stderr, "ERROR: Unable to open seed file for writing: %s\n", strerror(errno)); + program_ret |= 1 << 4; + goto out; + } + if (write(fd, new_seed, new_seed_len) != (ssize_t)new_seed_len || fsync(fd) < 0) { + fprintf(stderr, "ERROR: Unable to write seed file: %s\n", strerror(errno)); + program_ret |= 1 << 5; + goto out; + } + if (new_seed_creditable && rename(NON_CREDITABLE_SEED, CREDITABLE_SEED) < 0) { + fprintf(stderr, "WARNING: Unable to make new seed creditable: %s\n", strerror(errno)); + program_ret |= 1 << 6; + } +out: + if (fd >= 0) + close(fd); + if (lock >= 0) + close(lock); + return program_ret; +} From 92081f9a34e6ebefcc03e4abdecdf85423e9c739 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 28 Mar 2022 10:42:41 +0200 Subject: [PATCH 5/8] ramips: fix kernel module build errors on linux 5.15 Signed-off-by: Felix Fietkau --- target/linux/ramips/files/drivers/mmc/host/mtk-mmc/sd.c | 1 + .../linux/ramips/patches-5.15/835-asoc-add-mt7620-support.patch | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/target/linux/ramips/files/drivers/mmc/host/mtk-mmc/sd.c b/target/linux/ramips/files/drivers/mmc/host/mtk-mmc/sd.c index 188e015572..756a1c5b57 100644 --- a/target/linux/ramips/files/drivers/mmc/host/mtk-mmc/sd.c +++ b/target/linux/ramips/files/drivers/mmc/host/mtk-mmc/sd.c @@ -39,6 +39,7 @@ #include #include #include +#include #include #include diff --git a/target/linux/ramips/patches-5.15/835-asoc-add-mt7620-support.patch b/target/linux/ramips/patches-5.15/835-asoc-add-mt7620-support.patch index bacce79e30..633c5120e0 100644 --- a/target/linux/ramips/patches-5.15/835-asoc-add-mt7620-support.patch +++ b/target/linux/ramips/patches-5.15/835-asoc-add-mt7620-support.patch @@ -572,7 +572,7 @@ Signed-off-by: John Crispin + .rates = SNDRV_PCM_RATE_CONTINUOUS, + .formats = SNDRV_PCM_FMTBIT_S16_LE, + }, -+ .symmetric_rates = 1, ++ .symmetric_rate = 1, +}; + +static struct snd_pcm_hardware ralink_pcm_hardware = { From 3f8ea009d0321a3a4b5d891210e7942824a5714c Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 28 Mar 2022 10:58:40 +0200 Subject: [PATCH 6/8] kernel: add missing nls dependency for kmod-fs-ntfs3 This showed up on a linux 5.15 build Signed-off-by: Felix Fietkau --- package/kernel/linux/modules/fs.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/kernel/linux/modules/fs.mk b/package/kernel/linux/modules/fs.mk index a6f808a86a..06c609b754 100644 --- a/package/kernel/linux/modules/fs.mk +++ b/package/kernel/linux/modules/fs.mk @@ -648,6 +648,7 @@ define KernelPackage/fs-ntfs3 TITLE:=Ntfs3 support KCONFIG:= CONFIG_NTFS3_FS CONFIG_NTFS3_FS_POSIX_ACL=y FILES:=$(LINUX_DIR)/fs/ntfs3/ntfs3.ko + $(call AddDepends/nls) AUTOLOAD:=$(call AutoLoad,80,ntfs3) endef From f65596e8a9c34973ec2635cd37e77e7cf875424e Mon Sep 17 00:00:00 2001 From: John Thomson Date: Mon, 28 Mar 2022 11:50:44 +1000 Subject: [PATCH 7/8] kernel: 5.15: fix mediatek usb module change The mediatek USB kernel module xhci-mtk was restructed. The module after kernel 5.13 is named xhci-mtk-hcd. Link: https://lore.kernel.org/all/0b62e21ddfacc1c2874726dd27ccab80c993f303.1615170625.git.chunfeng.yun@mediatek.com/ Linux 14295a150050 ("usb: xhci-mtk: support to build xhci-mtk-hcd.ko") Signed-off-by: John Thomson --- package/kernel/linux/modules/usb.mk | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/package/kernel/linux/modules/usb.mk b/package/kernel/linux/modules/usb.mk index c12150fc5c..a52ba745ef 100644 --- a/package/kernel/linux/modules/usb.mk +++ b/package/kernel/linux/modules/usb.mk @@ -1787,8 +1787,10 @@ define KernelPackage/usb-xhci-mtk DEPENDS:=+kmod-usb-xhci-hcd KCONFIG:=CONFIG_USB_XHCI_MTK HIDDEN:=1 - FILES:=$(LINUX_DIR)/drivers/usb/host/xhci-mtk.ko - AUTOLOAD:=$(call AutoLoad,54,xhci-mtk,1) + FILES:= \ + $(LINUX_DIR)/drivers/usb/host/xhci-mtk.ko@lt5.13 \ + $(LINUX_DIR)/drivers/usb/host/xhci-mtk-hcd.ko@ge5.13 + AUTOLOAD:=$(call AutoLoad,54,xhci-mtk@lt5.13 xhci-mtk-hcd@gt5.13,1) $(call AddDepends/usb) endef From 103ad908c286049b0a7c68b793f2194b0c4d5711 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Mon, 28 Mar 2022 13:24:26 +0200 Subject: [PATCH 8/8] mt76: update to the latest version 65042bfd759c mt76: mt7915: introduce 802.11ax multi-bss support e756ea3bd069 mt76: fix wrong HE data rate in sniffer tool 47b64131e820 mt76: mt7921: don't enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set 7a05f4628e76 mt76: fix monitor rx FCS error in DFS channel 104dd5cb0a40 mt76: mt7915: fix DBDC default band selection on MT7915D a7805e4e1d58 mt76: reduce tx queue lock hold time 0b1deb9292cd mt76: dma: use kzalloc instead of devm_kzalloc for txwi 2e51013b38c9 mt76: dma: reduce lock contention in mt76_dma_tx_cleanup c96fbb86f7e5 mt76: mt7915: rework hardware/phy initialization c2bb44cab51e mt76: mt7915: accept rx frames with non-standard VHT MCS10-11 36c23a4a8422 mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 5b7dd093c8f0 mt76: fix use-after-free by removing a non-RCU wcid pointer c692aacb9bde mt76: fix MBSS index condition in DBDC mode fd6541905aa4 mt76: mt7921u: add suspend/resume support 201b33cf42c2 mt76: mt7921: rely on mt76_dev rxfilter in mt7921_configure_filter 9666c08228e7 mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter 1442710d7936 mt76: mt7915: always call mt7915_wfsys_reset() during init ec4d9b9e8b70 mt76: mt7915: fix unbounded shift in mt7915_mcu_beacon_mbss 6b1efcd72946 mt76: mt7915: fix wfsys reset regression 376ea8152b2b mt76: mt7915: add missing chunk from wfsys reset fix Signed-off-by: Felix Fietkau --- package/kernel/mt76/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile index d68305944a..0ccf067d3e 100644 --- a/package/kernel/mt76/Makefile +++ b/package/kernel/mt76/Makefile @@ -8,9 +8,9 @@ PKG_LICENSE_FILES:= PKG_SOURCE_URL:=https://github.com/openwrt/mt76 PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2022-03-15 -PKG_SOURCE_VERSION:=053668acdaf83d0350ce3e21720e20eac9fbbcd7 -PKG_MIRROR_HASH:=0102bc20ec385fcdb336dec97a1a345d4c37c2c6be2f3f428938c2ec1fa5d49a +PKG_SOURCE_DATE:=2022-03-28 +PKG_SOURCE_VERSION:=376ea8152b2bdd84fd43137cf02da383edf20462 +PKG_MIRROR_HASH:=900a1f42015f099b575ae94553b63043e530748909ca30fe51fe61986f96d854 PKG_MAINTAINER:=Felix Fietkau PKG_USE_NINJA:=0