diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh index 907945b349..fa29d575a8 100644 --- a/package/base-files/files/lib/upgrade/nand.sh +++ b/package/base-files/files/lib/upgrade/nand.sh @@ -261,10 +261,12 @@ nand_upgrade_ubinized() { local ubi_file="$1" local gz="$2" + local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null) + nand_detach_ubi "$CI_UBIPART" || return 1 local mtdnum="$( find_mtd_index "$CI_UBIPART" )" - ${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -y -f - && ubiattach -m "$mtdnum" + ${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum" } # Write the UBIFS image to UBI rootfs volume diff --git a/package/boot/uboot-envtools/Makefile b/package/boot/uboot-envtools/Makefile index 9ed39cbf55..2e4c1ac39e 100644 --- a/package/boot/uboot-envtools/Makefile +++ b/package/boot/uboot-envtools/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uboot-envtools PKG_DISTNAME:=u-boot -PKG_VERSION:=2023.01 +PKG_VERSION:=2023.04 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2 @@ -17,7 +17,7 @@ PKG_SOURCE_URL:= \ https://ftp.denx.de/pub/u-boot \ https://mirror.cyberbits.eu/u-boot \ ftp://ftp.denx.de/pub/u-boot -PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f +PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341 PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION) PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_DISTNAME)-$(PKG_VERSION) diff --git a/package/boot/uboot-sunxi/patches/250-sun8i-h3-add-support-for-zeropi.patch b/package/boot/uboot-sunxi/patches/250-sun8i-h3-add-support-for-zeropi.patch new file mode 100644 index 0000000000..838d90a7b0 --- /dev/null +++ b/package/boot/uboot-sunxi/patches/250-sun8i-h3-add-support-for-zeropi.patch @@ -0,0 +1,148 @@ +From 2527b24f39d8f27ba2fd922ca27a1f14119cfa1b Mon Sep 17 00:00:00 2001 +From: Yu-Tung Chang +Date: Sat, 19 Jun 2021 16:16:45 +0800 +Subject: [PATCH] sunxi: h3: Add initial ZeroPi support + +ZeroPi is a new board of high performance with low cost +designed by FriendlyElec., using the Allwinner H3 SOC. + +ZeroPi features +- Allwinner H3, Quad-core Cortex-A7@1.2GHz +- 256MB/512MB DDR3 RAM +- microsd slot +- 10/100/1000Mbps Ethernet +- Debug Serial Port +- DC 5V/2A power-supply + +Signed-off-by: Yu-Tung Chang +Reviewed-by: Andre Przywara +Signed-off-by: Andre Przywara +--- +--- a/arch/arm/dts/Makefile ++++ b/arch/arm/dts/Makefile +@@ -560,7 +560,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \ + sun8i-h3-orangepi-plus.dtb \ + sun8i-h3-orangepi-plus2e.dtb \ + sun8i-h3-orangepi-zero-plus2.dtb \ +- sun8i-h3-rervision-dvk.dtb ++ sun8i-h3-rervision-dvk.dtb \ ++ sun8i-h3-zeropi.dtb + dtb-$(CONFIG_MACH_SUN8I_R40) += \ + sun8i-r40-bananapi-m2-ultra.dtb \ + sun8i-v40-bananapi-m2-berry.dtb +--- /dev/null ++++ b/arch/arm/dts/sun8i-h3-zeropi.dts +@@ -0,0 +1,85 @@ ++/* ++ * Copyright (C) 2020 Yu-Tung Chang ++ * ++ * This file is dual-licensed: you can use it either under the terms ++ * of the GPL or the X11 license, at your option. Note that this dual ++ * licensing only applies to this file, and not this project as a ++ * whole. ++ * ++ * a) This file is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License as ++ * published by the Free Software Foundation; either version 2 of the ++ * License, or (at your option) any later version. ++ * ++ * This file is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * Or, alternatively, ++ * ++ * b) Permission is hereby granted, free of charge, to any person ++ * obtaining a copy of this software and associated documentation ++ * files (the "Software"), to deal in the Software without ++ * restriction, including without limitation the rights to use, ++ * copy, modify, merge, publish, distribute, sublicense, and/or ++ * sell copies of the Software, and to permit persons to whom the ++ * Software is furnished to do so, subject to the following ++ * conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES ++ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT ++ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, ++ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING ++ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR ++ * OTHER DEALINGS IN THE SOFTWARE. ++ */ ++ ++#include "sun8i-h3-nanopi.dtsi" ++ ++/ { ++ model = "FriendlyARM ZeroPi"; ++ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3"; ++ ++ aliases { ++ ethernet0 = &emac; ++ }; ++ ++ reg_gmac_3v3: gmac-3v3 { ++ compatible = "regulator-fixed"; ++ regulator-name = "gmac-3v3"; ++ regulator-min-microvolt = <3300000>; ++ regulator-max-microvolt = <3300000>; ++ startup-delay-us = <100000>; ++ enable-active-high; ++ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>; /* PD6 */ ++ }; ++}; ++ ++&external_mdio { ++ ext_rgmii_phy: ethernet-phy@7 { ++ compatible = "ethernet-phy-ieee802.3-c22"; ++ reg = <7>; ++ }; ++}; ++ ++&emac { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&emac_rgmii_pins>; ++ phy-supply = <®_gmac_3v3>; ++ phy-handle = <&ext_rgmii_phy>; ++ phy-mode = "rgmii-id"; ++ ++ allwinner,leds-active-low; ++ status = "okay"; ++}; ++ ++&usb_otg { ++ status = "okay"; ++ dr_mode = "host"; ++}; +--- a/board/sunxi/MAINTAINERS ++++ b/board/sunxi/MAINTAINERS +@@ -508,3 +508,9 @@ YONES TOPTECH BS1078 V2 BOARD + M: Peter Korsgaard + S: Maintained + F: configs/Yones_Toptech_BS1078_V2_defconfig ++ ++ZEROPI BOARD ++M: Yu-Tung Chang ++S: Maintained ++F: configs/zeropi_defconfig ++F: arch/arm/dts/sun8i-h3-zeropi.dts +--- /dev/null ++++ b/configs/zeropi_defconfig +@@ -0,0 +1,13 @@ ++CONFIG_ARM=y ++CONFIG_ARCH_SUNXI=y ++CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi" ++CONFIG_SPL=y ++CONFIG_MACH_SUN8I_H3=y ++CONFIG_DRAM_CLK=408 ++CONFIG_MACPWR="PD6" ++# CONFIG_VIDEO_DE2 is not set ++# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set ++CONFIG_CONSOLE_MUX=y ++CONFIG_SUN8I_EMAC=y ++CONFIG_USB_EHCI_HCD=y ++CONFIG_USB_OHCI_HCD=y diff --git a/package/boot/uboot-sunxi/patches/250-sun8i-h3-zeropi-add-device-tree.patch b/package/boot/uboot-sunxi/patches/250-sun8i-h3-zeropi-add-device-tree.patch deleted file mode 100644 index 152e608951..0000000000 --- a/package/boot/uboot-sunxi/patches/250-sun8i-h3-zeropi-add-device-tree.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/arch/arm/dts/Makefile -+++ b/arch/arm/dts/Makefile -@@ -559,7 +559,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \ - sun8i-h3-orangepi-plus.dtb \ - sun8i-h3-orangepi-plus2e.dtb \ - sun8i-h3-orangepi-zero-plus2.dtb \ -- sun8i-h3-rervision-dvk.dtb -+ sun8i-h3-rervision-dvk.dtb \ -+ sun8i-h3-zeropi.dtb - dtb-$(CONFIG_MACH_SUN8I_R40) += \ - sun8i-r40-bananapi-m2-ultra.dtb \ - sun8i-v40-bananapi-m2-berry.dtb ---- /dev/null -+++ b/arch/arm/dts/sun8i-h3-zeropi.dts -@@ -0,0 +1,66 @@ -+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT -+ -+#include "sun8i-h3-nanopi.dtsi" -+ -+/ { -+ model = "FriendlyElec ZeroPi"; -+ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3"; -+ -+ aliases { -+ ethernet0 = &emac; -+ }; -+ -+ reg_gmac_3v3: gmac-3v3 { -+ compatible = "regulator-fixed"; -+ pinctrl-names = "default"; -+ pinctrl-0 = <&gmac_power_pin_nanopi>; -+ regulator-name = "gmac-3v3"; -+ regulator-min-microvolt = <3300000>; -+ regulator-max-microvolt = <3300000>; -+ startup-delay-us = <100000>; -+ enable-active-high; -+ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>; -+ }; -+}; -+ -+&ehci0 { -+ status = "okay"; -+}; -+ -+&ohci0 { -+ status = "okay"; -+}; -+ -+&pio { -+ gmac_power_pin_nanopi: gmac_power_pin@0 { -+ pins = "PD6"; -+ function = "gpio_out"; -+ }; -+}; -+ -+&external_mdio { -+ ext_rgmii_phy: ethernet-phy@1 { -+ compatible = "ethernet-phy-ieee802.3-c22"; -+ reg = <7>; -+ }; -+}; -+ -+&emac { -+ pinctrl-names = "default"; -+ pinctrl-0 = <&emac_rgmii_pins>; -+ phy-supply = <®_gmac_3v3>; -+ phy-handle = <&ext_rgmii_phy>; -+ phy-mode = "rgmii"; -+ -+ allwinner,leds-active-low; -+ status = "okay"; -+}; -+ -+&usb_otg { -+ status = "okay"; -+ dr_mode = "peripheral"; -+}; -+ -+&usbphy { -+ usb0_id_det-gpios = <&pio 6 12 GPIO_ACTIVE_HIGH>; /* PG12 */ -+}; diff --git a/package/boot/uboot-sunxi/patches/251-sun8i-h3-zeropi-add-defconfig.patch b/package/boot/uboot-sunxi/patches/251-sun8i-h3-zeropi-add-defconfig.patch deleted file mode 100644 index 76e333298e..0000000000 --- a/package/boot/uboot-sunxi/patches/251-sun8i-h3-zeropi-add-defconfig.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- /dev/null -+++ b/configs/zeropi_defconfig -@@ -0,0 +1,21 @@ -+CONFIG_ARM=y -+CONFIG_ARCH_SUNXI=y -+CONFIG_MACH_SUN8I_H3=y -+CONFIG_DRAM_CLK=408 -+CONFIG_DRAM_ZQ=3881979 -+CONFIG_DRAM_ODT_EN=y -+CONFIG_MACPWR="PD6" -+# CONFIG_VIDEO_DE2 is not set -+CONFIG_NR_DRAM_BANKS=1 -+CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi" -+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set -+CONFIG_CONSOLE_MUX=y -+CONFIG_SPL=y -+CONFIG_SYS_CLK_FREQ=480000000 -+# CONFIG_CMD_IMLS is not set -+# CONFIG_CMD_FLASH is not set -+# CONFIG_CMD_FPGA is not set -+CONFIG_SUN8I_EMAC=y -+CONFIG_USB_EHCI_HCD=y -+CONFIG_USB_EHCI_HCD=y -+CONFIG_SYS_USB_EVENT_POLL_VIA_INT_QUEUE=y diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 4eda497477..ade7c6e28d 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.28.2 -PKG_RELEASE:=2 +PKG_VERSION:=2.28.3 +PKG_RELEASE:=1 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0 +PKG_HASH:=bdf7c5bbdc338da3edad89b2885d4f8668f9a6fffeba6ec17a60333e36dade6f PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt diff --git a/package/libs/mbedtls/patches/100-fix-compile.patch b/package/libs/mbedtls/patches/100-fix-compile.patch deleted file mode 100644 index 411d371699..0000000000 --- a/package/libs/mbedtls/patches/100-fix-compile.patch +++ /dev/null @@ -1,22 +0,0 @@ -Fix a compile problem introduced in commit 331c3421d1f0 ("Address review comments") - -Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243 - ---- a/programs/ssl/ssl_server2.c -+++ b/programs/ssl/ssl_server2.c -@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] ) - } - key_cert_init2 = 2; - #endif /* MBEDTLS_ECDSA_C */ -- } - - #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( opt.key_opaque != 0 ) -@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] ) - } - #endif /* MBEDTLS_USE_PSA_CRYPTO */ - #endif /* MBEDTLS_CERTS_C */ -+ } - - mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) ); - #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ diff --git a/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch b/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch index 357ec44649..c9802eac19 100644 --- a/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch +++ b/package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch @@ -1,17 +1,17 @@ -From 272d48fe7a2ff00285d4ee166d3a9beca1d5122f Mon Sep 17 00:00:00 2001 +From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Sun, 23 Oct 2022 19:48:18 -0400 -Subject: [PATCH 1/4] x509 crt verify SAN iPAddress +Subject: [PATCH] x509 crt verify SAN iPAddress Signed-off-by: Glenn Strauss --- include/mbedtls/x509_crt.h | 2 +- - library/x509_crt.c | 115 +++++++++++++++++++++++++++++-------- - 2 files changed, 93 insertions(+), 24 deletions(-) + library/x509_crt.c | 126 ++++++++++++++++++++++++++++++------- + 2 files changed, 103 insertions(+), 25 deletions(-) --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h -@@ -597,7 +597,7 @@ int mbedtls_x509_crt_verify_info( char * +@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b * \param cn The expected Common Name. This will be checked to be * present in the certificate's subjectAltNames extension or, * if this extension is absent, as a CN component in its @@ -22,12 +22,30 @@ Signed-off-by: Glenn Strauss * If the verification couldn't be completed, the flag value is --- a/library/x509_crt.c +++ b/library/x509_crt.c -@@ -2986,6 +2986,54 @@ find_parent: +@@ -57,6 +57,10 @@ + + #if defined(MBEDTLS_HAVE_TIME) + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) ++#define WIN32_LEAN_AND_MEAN ++#ifndef _WIN32_WINNT ++#define _WIN32_WINNT 0x0600 ++#endif + #include + #else + #include +@@ -2995,6 +2999,61 @@ find_parent: } } +#ifdef _WIN32 -+/* ??? */ ++#ifdef _MSC_VER ++#pragma comment(lib, "ws2_32.lib") ++#include ++#include ++#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 ++#include ++#include ++#endif +#elif defined(__sun) +/* Solaris requires -lsocket -lnsl for inet_pton() */ +#elif defined(__has_include) @@ -51,128 +69,126 @@ Signed-off-by: Glenn Strauss + * provided by headers included (or not) via __has_include() above. */ +#ifndef AF_INET6 + -+#define x509_cn_inet_pton( cn, dst ) ( 0 ) ++#define x509_cn_inet_pton(cn, dst) (0) + +#else + -+static int x509_inet_pton_ipv6( const char *src, void *dst ) ++static int x509_inet_pton_ipv6(const char *src, void *dst) +{ -+ return( inet_pton( AF_INET6, src, dst ) == 1 ? 0 : -1 ); ++ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; +} + -+static int x509_inet_pton_ipv4( const char *src, void *dst ) ++static int x509_inet_pton_ipv4(const char *src, void *dst) +{ -+ return( inet_pton( AF_INET, src, dst ) == 1 ? 0 : -1 ); ++ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; +} + +#endif /* AF_INET6 */ + -+static size_t x509_cn_inet_pton( const char *cn, void *dst ) ++static size_t x509_cn_inet_pton(const char *cn, void *dst) +{ -+ return( strchr( cn, ':' ) == NULL -+ ? x509_inet_pton_ipv4( cn, dst ) == 0 ? 4 : 0 -+ : x509_inet_pton_ipv6( cn, dst ) == 0 ? 16 : 0 ); ++ return strchr(cn, ':') == NULL ++ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 ++ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; +} + /* * Check for CN match */ -@@ -3008,23 +3056,51 @@ static int x509_crt_check_cn( const mbed - return( -1 ); +@@ -3015,24 +3074,51 @@ static int x509_crt_check_cn(const mbedt + return -1; } -+static int x509_crt_check_san_ip( const mbedtls_x509_sequence *san, -+ const char *cn, size_t cn_len ) ++static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, ++ const char *cn, size_t cn_len) +{ + uint32_t ip[4]; -+ cn_len = x509_cn_inet_pton( cn, ip ); -+ if( cn_len == 0 ) -+ return( -1 ); -+ -+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next ) -+ { -+ const unsigned char san_type = (unsigned char) cur->buf.tag & -+ MBEDTLS_ASN1_TAG_VALUE_MASK; -+ if( san_type == MBEDTLS_X509_SAN_IP_ADDRESS && -+ cur->buf.len == cn_len && memcmp( cur->buf.p, ip, cn_len ) == 0 ) -+ return( 0 ); ++ cn_len = x509_cn_inet_pton(cn, ip); ++ if (cn_len == 0) { ++ return -1; + } + -+ return( -1 ); ++ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { ++ const unsigned char san_type = (unsigned char) cur->buf.tag & ++ MBEDTLS_ASN1_TAG_VALUE_MASK; ++ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && ++ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { ++ return 0; ++ } ++ } ++ ++ return -1; +} + /* * Check for SAN match, see RFC 5280 Section 4.2.1.6 */ --static int x509_crt_check_san( const mbedtls_x509_buf *name, -+static int x509_crt_check_san( const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len ) +-static int x509_crt_check_san(const mbedtls_x509_buf *name, ++static int x509_crt_check_san(const mbedtls_x509_sequence *san, + const char *cn, size_t cn_len) { - const unsigned char san_type = (unsigned char) name->tag & - MBEDTLS_ASN1_TAG_VALUE_MASK; - - /* dNSName */ -- if( san_type == MBEDTLS_X509_SAN_DNS_NAME ) -- return( x509_crt_check_cn( name, cn, cn_len ) ); -- -- /* (We may handle other types here later.) */ +- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) { +- return x509_crt_check_cn(name, cn, cn_len); + int san_ip = 0; -+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next ) -+ { -+ switch( (unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK ) -+ { -+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ -+ if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) -+ return( 0 ); -+ break; -+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ -+ san_ip = 1; -+ break; -+ /* (We may handle other types here later.) */ -+ default: /* Unrecognized type */ -+ break; ++ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { ++ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { ++ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ ++ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { ++ return 0; ++ } ++ break; ++ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ ++ san_ip = 1; ++ break; ++ /* (We may handle other types here later.) */ ++ default: /* Unrecognized type */ ++ break; + } -+ } + } +- /* (We may handle other types here later.) */ +- - /* Unrecognized type */ -- return( -1 ); -+ return( san_ip ? x509_crt_check_san_ip( san, cn, cn_len ) : -1 ); +- return -1; ++ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1; } /* -@@ -3035,19 +3111,12 @@ static void x509_crt_verify_name( const - uint32_t *flags ) +@@ -3043,31 +3129,23 @@ static void x509_crt_verify_name(const m + uint32_t *flags) { const mbedtls_x509_name *name; - const mbedtls_x509_sequence *cur; - size_t cn_len = strlen( cn ); + size_t cn_len = strlen(cn); - if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) - { -- for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) -- { -- if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 ) + if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { +- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) { +- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) { - break; +- } - } - -- if( cur == NULL ) +- if (cur == NULL) { - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -+ if( x509_crt_check_san( &crt->subject_alt_names, cn, cn_len ) == 0 ) ++ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { + return; - } - else - { -@@ -3056,13 +3125,13 @@ static void x509_crt_verify_name( const - if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 && - x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) - { + } + } else { + for (name = &crt->subject; name != NULL; name = name->next) { + if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && + x509_crt_check_cn(&name->val, cn, cn_len) == 0) { - break; + return; } } -- if( name == NULL ) +- if (name == NULL) { - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; +- } } + + *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; diff --git a/target/linux/bcm4908/Makefile b/target/linux/bcm4908/Makefile index 943aeb58a3..2d848b50c6 100644 --- a/target/linux/bcm4908/Makefile +++ b/target/linux/bcm4908/Makefile @@ -9,8 +9,7 @@ FEATURES:=squashfs nand usb gpio CPU_TYPE:=cortex-a53 SUBTARGETS:=generic -KERNEL_PATCHVER:=5.10 -KERNEL_TESTING_PATCHVER:=5.15 +KERNEL_PATCHVER:=5.15 define Target/Description Build firmware images for Broadcom BCM4908 SoC family routers. diff --git a/target/linux/bcm53xx/Makefile b/target/linux/bcm53xx/Makefile index 605baeac35..49d179c34c 100644 --- a/target/linux/bcm53xx/Makefile +++ b/target/linux/bcm53xx/Makefile @@ -11,8 +11,7 @@ FEATURES:=squashfs nand usb pci pcie gpio pwm CPU_TYPE:=cortex-a9 SUBTARGETS:=generic -KERNEL_PATCHVER:=5.10 -KERNEL_TESTING_PATCHVER:=5.15 +KERNEL_PATCHVER:=5.15 define Target/Description Build firmware images for Broadcom based BCM47xx/53xx routers with ARM CPU, *not* MIPS. diff --git a/target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh b/target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh index 696f653eb9..18366fc622 100644 --- a/target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh +++ b/target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh @@ -103,7 +103,7 @@ platform_do_upgrade_linksys() { if nand_upgrade_tar "$1" ; then nand_do_upgrade_success else - nand_do_upgrade_failure + nand_do_upgrade_failed fi } diff --git a/target/linux/ipq806x/base-files/lib/upgrade/linksys.sh b/target/linux/ipq806x/base-files/lib/upgrade/linksys.sh index b0ad1b43be..21d22c6f1b 100644 --- a/target/linux/ipq806x/base-files/lib/upgrade/linksys.sh +++ b/target/linux/ipq806x/base-files/lib/upgrade/linksys.sh @@ -97,7 +97,7 @@ platform_do_upgrade_linksys() { if nand_upgrade_tar "$1" ; then nand_do_upgrade_success else - nand_do_upgrade_failure + nand_do_upgrade_failed fi } diff --git a/target/linux/kirkwood/base-files/lib/upgrade/linksys.sh b/target/linux/kirkwood/base-files/lib/upgrade/linksys.sh index 9067f00e1a..207a65d713 100644 --- a/target/linux/kirkwood/base-files/lib/upgrade/linksys.sh +++ b/target/linux/kirkwood/base-files/lib/upgrade/linksys.sh @@ -68,7 +68,12 @@ platform_do_upgrade_linksys() { CI_UBIPART="rootfs2" fi - nand_upgrade_tar "$1" + if nand_upgrade_tar "$1" ; then + nand_do_upgrade_success + else + nand_do_upgrade_failed + fi + } [ "$magic_long" = "27051956" ] && { get_image "$1" | mtd write - $part_label diff --git a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh index 1a23a9bbc2..d4222a3f31 100644 --- a/target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh +++ b/target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh @@ -68,7 +68,12 @@ platform_do_upgrade_linksys() { CI_UBIPART="rootfs2" fi - nand_upgrade_tar "$1" + if nand_upgrade_tar "$1" ; then + nand_do_upgrade_success + else + nand_do_upgrade_failed + fi + } [ "$magic_long" = "27051956" -o "$magic_long" = "0000a0e1" ] && { get_image "$1" | mtd write - $part_label diff --git a/tools/mkimage/Makefile b/tools/mkimage/Makefile index 022ac21974..a6d54f5eff 100644 --- a/tools/mkimage/Makefile +++ b/tools/mkimage/Makefile @@ -7,14 +7,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mkimage -PKG_VERSION:=2023.01 +PKG_VERSION:=2023.04 PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ https://mirror.cyberbits.eu/u-boot \ https://ftp.denx.de/pub/u-boot \ ftp://ftp.denx.de/pub/u-boot -PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f +PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341 HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION) diff --git a/tools/mkimage/patches/030-allow-to-use-different-magic.patch b/tools/mkimage/patches/030-allow-to-use-different-magic.patch index d88f1cf949..c33b0f4327 100644 --- a/tools/mkimage/patches/030-allow-to-use-different-magic.patch +++ b/tools/mkimage/patches/030-allow-to-use-different-magic.patch @@ -33,7 +33,7 @@ This patch makes it possible to set a custom image magic. static const struct option longopts[] = { { "load-address", required_argument, NULL, 'a' }, -@@ -298,6 +300,14 @@ static void process_args(int argc, char +@@ -302,6 +304,14 @@ static void process_args(int argc, char case 'l': params.lflag = 1; break; @@ -50,7 +50,7 @@ This patch makes it possible to set a custom image magic. break; --- a/tools/default_image.c +++ b/tools/default_image.c -@@ -56,7 +56,7 @@ static int image_verify_header(unsigned +@@ -63,7 +63,7 @@ static int image_verify_header(unsigned */ memcpy(hdr, ptr, sizeof(struct legacy_img_hdr)); @@ -59,7 +59,7 @@ This patch makes it possible to set a custom image magic. debug("%s: Bad Magic Number: \"%s\" is no valid image\n", params->cmdname, params->imagefile); return -FDT_ERR_BADMAGIC; -@@ -119,7 +119,7 @@ static void image_set_header(void *ptr, +@@ -142,7 +142,7 @@ static void image_set_header(void *ptr, } /* Build new header */ @@ -70,7 +70,7 @@ This patch makes it possible to set a custom image magic. image_set_load(hdr, addr); --- a/tools/imagetool.h +++ b/tools/imagetool.h -@@ -59,6 +59,7 @@ struct image_tool_params { +@@ -67,6 +67,7 @@ struct image_tool_params { int arch; int type; int comp;