fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge Official Source

Browse Source 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
Tianling Shen 2023-04-12 03:14:32 +08:00
commit 25d299f916
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
16 changed files with 268 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/base-files/files/lib/upgrade/nand.sh
View File

@ -261,10 +261,12 @@ nand_upgrade_ubinized() {
local ubi_file="$1" local ubi_file="$1"
local gz="$2" local gz="$2"
local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)
nand_detach_ubi "$CI_UBIPART" || return 1 nand_detach_ubi "$CI_UBIPART" || return 1
local mtdnum="$( find_mtd_index "$CI_UBIPART" )" local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -y -f - && ubiattach -m "$mtdnum" ${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
} }
# Write the UBIFS image to UBI rootfs volume # Write the UBIFS image to UBI rootfs volume

4
package/boot/uboot-envtools/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=uboot-envtools PKG_NAME:=uboot-envtools
PKG_DISTNAME:=u-boot PKG_DISTNAME:=u-boot
PKG_VERSION:=2023.01 PKG_VERSION:=2023.04
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2
@ -17,7 +17,7 @@ PKG_SOURCE_URL:= \
https://ftp.denx.de/pub/u-boot \ https://ftp.denx.de/pub/u-boot \
https://mirror.cyberbits.eu/u-boot \ https://mirror.cyberbits.eu/u-boot \
ftp://ftp.denx.de/pub/u-boot ftp://ftp.denx.de/pub/u-boot
PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341
PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION) PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_DISTNAME)-$(PKG_VERSION) PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_DISTNAME)-$(PKG_VERSION)

148
package/boot/uboot-sunxi/patches/250-sun8i-h3-add-support-for-zeropi.patch Normal file
View File

@ -0,0 +1,148 @@
From 2527b24f39d8f27ba2fd922ca27a1f14119cfa1b Mon Sep 17 00:00:00 2001
From: Yu-Tung Chang <mtwget@gmail.com>
Date: Sat, 19 Jun 2021 16:16:45 +0800
Subject: [PATCH] sunxi: h3: Add initial ZeroPi support
ZeroPi is a new board of high performance with low cost
designed by FriendlyElec., using the Allwinner H3 SOC.
ZeroPi features
- Allwinner H3, Quad-core Cortex-A7@1.2GHz
- 256MB/512MB DDR3 RAM
- microsd slot
- 10/100/1000Mbps Ethernet
- Debug Serial Port
- DC 5V/2A power-supply
Signed-off-by: Yu-Tung Chang <mtwget@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
--- a/arch/arm/dts/Makefile
+++ b/arch/arm/dts/Makefile
@@ -560,7 +560,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \
sun8i-h3-orangepi-plus.dtb \
sun8i-h3-orangepi-plus2e.dtb \
sun8i-h3-orangepi-zero-plus2.dtb \
- sun8i-h3-rervision-dvk.dtb
+ sun8i-h3-rervision-dvk.dtb \
+ sun8i-h3-zeropi.dtb
dtb-$(CONFIG_MACH_SUN8I_R40) += \
sun8i-r40-bananapi-m2-ultra.dtb \
sun8i-v40-bananapi-m2-berry.dtb
--- /dev/null
+++ b/arch/arm/dts/sun8i-h3-zeropi.dts
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2020 Yu-Tung Chang <mtwget@gmail.com>
+ *
+ * This file is dual-licensed: you can use it either under the terms
+ * of the GPL or the X11 license, at your option. Note that this dual
+ * licensing only applies to this file, and not this project as a
+ * whole.
+ *
+ * a) This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * Or, alternatively,
+ *
+ * b) Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include "sun8i-h3-nanopi.dtsi"
+
+/ {
+ model = "FriendlyARM ZeroPi";
+ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3";
+
+ aliases {
+ ethernet0 = &emac;
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <100000>;
+ enable-active-high;
+ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>; /* PD6 */
+ };
+};
+
+&external_mdio {
+ ext_rgmii_phy: ethernet-phy@7 {
+ compatible = "ethernet-phy-ieee802.3-c22";
+ reg = <7>;
+ };
+};
+
+&emac {
+ pinctrl-names = "default";
+ pinctrl-0 = <&emac_rgmii_pins>;
+ phy-supply = <&reg_gmac_3v3>;
+ phy-handle = <&ext_rgmii_phy>;
+ phy-mode = "rgmii-id";
+
+ allwinner,leds-active-low;
+ status = "okay";
+};
+
+&usb_otg {
+ status = "okay";
+ dr_mode = "host";
+};
--- a/board/sunxi/MAINTAINERS
+++ b/board/sunxi/MAINTAINERS
@@ -508,3 +508,9 @@ YONES TOPTECH BS1078 V2 BOARD
M: Peter Korsgaard <peter@korsgaard.com>
S: Maintained
F: configs/Yones_Toptech_BS1078_V2_defconfig
+
+ZEROPI BOARD
+M: Yu-Tung Chang <mtwget@gmail.com>
+S: Maintained
+F: configs/zeropi_defconfig
+F: arch/arm/dts/sun8i-h3-zeropi.dts
--- /dev/null
+++ b/configs/zeropi_defconfig
@@ -0,0 +1,13 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi"
+CONFIG_SPL=y
+CONFIG_MACH_SUN8I_H3=y
+CONFIG_DRAM_CLK=408
+CONFIG_MACPWR="PD6"
+# CONFIG_VIDEO_DE2 is not set
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_CONSOLE_MUX=y
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_OHCI_HCD=y

81
package/boot/uboot-sunxi/patches/250-sun8i-h3-zeropi-add-device-tree.patch
View File

@ -1,81 +0,0 @@
--- a/arch/arm/dts/Makefile
+++ b/arch/arm/dts/Makefile
@@ -559,7 +559,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \
sun8i-h3-orangepi-plus.dtb \
sun8i-h3-orangepi-plus2e.dtb \
sun8i-h3-orangepi-zero-plus2.dtb \
- sun8i-h3-rervision-dvk.dtb
+ sun8i-h3-rervision-dvk.dtb \
+ sun8i-h3-zeropi.dtb
dtb-$(CONFIG_MACH_SUN8I_R40) += \
sun8i-r40-bananapi-m2-ultra.dtb \
sun8i-v40-bananapi-m2-berry.dtb
--- /dev/null
+++ b/arch/arm/dts/sun8i-h3-zeropi.dts
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "sun8i-h3-nanopi.dtsi"
+
+/ {
+ model = "FriendlyElec ZeroPi";
+ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3";
+
+ aliases {
+ ethernet0 = &emac;
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_power_pin_nanopi>;
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <100000>;
+ enable-active-high;
+ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>;
+ };
+};
+
+&ehci0 {
+ status = "okay";
+};
+
+&ohci0 {
+ status = "okay";
+};
+
+&pio {
+ gmac_power_pin_nanopi: gmac_power_pin@0 {
+ pins = "PD6";
+ function = "gpio_out";
+ };
+};
+
+&external_mdio {
+ ext_rgmii_phy: ethernet-phy@1 {
+ compatible = "ethernet-phy-ieee802.3-c22";
+ reg = <7>;
+ };
+};
+
+&emac {
+ pinctrl-names = "default";
+ pinctrl-0 = <&emac_rgmii_pins>;
+ phy-supply = <&reg_gmac_3v3>;
+ phy-handle = <&ext_rgmii_phy>;
+ phy-mode = "rgmii";
+
+ allwinner,leds-active-low;
+ status = "okay";
+};
+
+&usb_otg {
+ status = "okay";
+ dr_mode = "peripheral";
+};
+
+&usbphy {
+ usb0_id_det-gpios = <&pio 6 12 GPIO_ACTIVE_HIGH>; /* PG12 */
+};

24
package/boot/uboot-sunxi/patches/251-sun8i-h3-zeropi-add-defconfig.patch
View File

@ -1,24 +0,0 @@
--- /dev/null
+++ b/configs/zeropi_defconfig
@@ -0,0 +1,21 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_MACH_SUN8I_H3=y
+CONFIG_DRAM_CLK=408
+CONFIG_DRAM_ZQ=3881979
+CONFIG_DRAM_ODT_EN=y
+CONFIG_MACPWR="PD6"
+# CONFIG_VIDEO_DE2 is not set
+CONFIG_NR_DRAM_BANKS=1
+CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi"
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_CONSOLE_MUX=y
+CONFIG_SPL=y
+CONFIG_SYS_CLK_FREQ=480000000
+# CONFIG_CMD_IMLS is not set
+# CONFIG_CMD_FLASH is not set
+# CONFIG_CMD_FPGA is not set
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_SYS_USB_EVENT_POLL_VIA_INT_QUEUE=y

6
package/libs/mbedtls/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls PKG_NAME:=mbedtls
PKG_VERSION:=2.28.2 PKG_VERSION:=2.28.3
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0 PKG_HASH:=bdf7c5bbdc338da3edad89b2885d4f8668f9a6fffeba6ec17a60333e36dade6f
PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=gpl-2.0.txt PKG_LICENSE_FILES:=gpl-2.0.txt

22
package/libs/mbedtls/patches/100-fix-compile.patch
View File

@ -1,22 +0,0 @@
Fix a compile problem introduced in commit 331c3421d1f0 ("Address review comments")
Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] )
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
- }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_CERTS_C */
+ }
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

110
package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
View File

@ -1,17 +1,17 @@
From 272d48fe7a2ff00285d4ee166d3a9beca1d5122f Mon Sep 17 00:00:00 2001 From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com> From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 23 Oct 2022 19:48:18 -0400 Date: Sun, 23 Oct 2022 19:48:18 -0400
Subject: [PATCH 1/4] x509 crt verify SAN iPAddress Subject: [PATCH] x509 crt verify SAN iPAddress
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
--- ---
include/mbedtls/x509_crt.h | 2 +- include/mbedtls/x509_crt.h | 2 +-
library/x509_crt.c | 115 +++++++++++++++++++++++++++++-------- library/x509_crt.c | 126 ++++++++++++++++++++++++++++++-------
2 files changed, 93 insertions(+), 24 deletions(-) 2 files changed, 103 insertions(+), 25 deletions(-)
--- a/include/mbedtls/x509_crt.h --- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h
@@ -597,7 +597,7 @@ int mbedtls_x509_crt_verify_info( char * @@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b
* \param cn The expected Common Name. This will be checked to be * \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or, * present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its * if this extension is absent, as a CN component in its
@ -22,12 +22,30 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* If the verification couldn't be completed, the flag value is * If the verification couldn't be completed, the flag value is
--- a/library/x509_crt.c --- a/library/x509_crt.c
+++ b/library/x509_crt.c +++ b/library/x509_crt.c
@@ -2986,6 +2986,54 @@ find_parent: @@ -57,6 +57,10 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#define WIN32_LEAN_AND_MEAN
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
#include <windows.h>
#else
#include <time.h>
@@ -2995,6 +2999,61 @@ find_parent:
} }
} }
+#ifdef _WIN32 +#ifdef _WIN32
+/* ??? */ +#ifdef _MSC_VER
+#pragma comment(lib, "ws2_32.lib")
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#elif defined(__sun) +#elif defined(__sun)
+/* Solaris requires -lsocket -lnsl for inet_pton() */ +/* Solaris requires -lsocket -lnsl for inet_pton() */
+#elif defined(__has_include) +#elif defined(__has_include)
@ -57,28 +75,28 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+ +
+static int x509_inet_pton_ipv6(const char *src, void *dst) +static int x509_inet_pton_ipv6(const char *src, void *dst)
+{ +{
+ return( inet_pton( AF_INET6, src, dst ) == 1 ? 0 : -1 ); + return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
+} +}
+ +
+static int x509_inet_pton_ipv4(const char *src, void *dst) +static int x509_inet_pton_ipv4(const char *src, void *dst)
+{ +{
+ return( inet_pton( AF_INET, src, dst ) == 1 ? 0 : -1 ); + return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
+} +}
+ +
+#endif /* AF_INET6 */ +#endif /* AF_INET6 */
+ +
+static size_t x509_cn_inet_pton(const char *cn, void *dst) +static size_t x509_cn_inet_pton(const char *cn, void *dst)
+{ +{
+ return( strchr( cn, ':' ) == NULL + return strchr(cn, ':') == NULL
+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 + ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6( cn, dst ) == 0 ? 16 : 0 ); + : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
+} +}
+ +
/* /*
* Check for CN match * Check for CN match
*/ */
@@ -3008,23 +3056,51 @@ static int x509_crt_check_cn( const mbed @@ -3015,24 +3074,51 @@ static int x509_crt_check_cn(const mbedt
return( -1 ); return -1;
} }
+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, +static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
@ -86,19 +104,20 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+{ +{
+ uint32_t ip[4]; + uint32_t ip[4];
+ cn_len = x509_cn_inet_pton(cn, ip); + cn_len = x509_cn_inet_pton(cn, ip);
+ if( cn_len == 0 ) + if (cn_len == 0) {
+ return( -1 ); + return -1;
+ }
+ +
+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next ) + for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ {
+ const unsigned char san_type = (unsigned char) cur->buf.tag & + const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK; + MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && + if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp( cur->buf.p, ip, cn_len ) == 0 ) + cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
+ return( 0 ); + return 0;
+ }
+ } + }
+ +
+ return( -1 ); + return -1;
+} +}
+ +
/* /*
@ -112,18 +131,15 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
- MBEDTLS_ASN1_TAG_VALUE_MASK; - MBEDTLS_ASN1_TAG_VALUE_MASK;
- -
- /* dNSName */ - /* dNSName */
- if( san_type == MBEDTLS_X509_SAN_DNS_NAME ) - if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
- return( x509_crt_check_cn( name, cn, cn_len ) ); - return x509_crt_check_cn(name, cn, cn_len);
-
- /* (We may handle other types here later.) */
+ int san_ip = 0; + int san_ip = 0;
+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next ) + for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ { + switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
+ switch( (unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK )
+ {
+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ + case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 ) + if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
+ return( 0 ); + return 0;
+ }
+ break; + break;
+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ + case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ san_ip = 1; + san_ip = 1;
@ -132,47 +148,47 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+ default: /* Unrecognized type */ + default: /* Unrecognized type */
+ break; + break;
+ } + }
+ } }
- /* (We may handle other types here later.) */
-
- /* Unrecognized type */ - /* Unrecognized type */
- return( -1 ); - return -1;
+ return( san_ip ? x509_crt_check_san_ip( san, cn, cn_len ) : -1 ); + return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
} }
/* /*
@@ -3035,19 +3111,12 @@ static void x509_crt_verify_name( const @@ -3043,31 +3129,23 @@ static void x509_crt_verify_name(const m
uint32_t *flags) uint32_t *flags)
{ {
const mbedtls_x509_name *name; const mbedtls_x509_name *name;
- const mbedtls_x509_sequence *cur; - const mbedtls_x509_sequence *cur;
size_t cn_len = strlen(cn); size_t cn_len = strlen(cn);
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME ) if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
{ - for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
- for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next ) - if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
- {
- if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
- break; - break;
- } - }
- }
- -
- if( cur == NULL ) - if (cur == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ if( x509_crt_check_san( &crt->subject_alt_names, cn, cn_len ) == 0 ) + if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
+ return; + return;
} }
else } else {
{ for (name = &crt->subject; name != NULL; name = name->next) {
@@ -3056,13 +3125,13 @@ static void x509_crt_verify_name( const
if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
x509_crt_check_cn( &name->val, cn, cn_len ) == 0 ) x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
{
- break; - break;
+ return; + return;
} }
} }
- if( name == NULL ) - if (name == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
} }
+ +
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; + *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;

3
target/linux/bcm4908/Makefile
View File

@ -9,8 +9,7 @@ FEATURES:=squashfs nand usb gpio
CPU_TYPE:=cortex-a53 CPU_TYPE:=cortex-a53
SUBTARGETS:=generic SUBTARGETS:=generic
KERNEL_PATCHVER:=5.10 KERNEL_PATCHVER:=5.15
KERNEL_TESTING_PATCHVER:=5.15
define Target/Description define Target/Description
Build firmware images for Broadcom BCM4908 SoC family routers. Build firmware images for Broadcom BCM4908 SoC family routers.

3
target/linux/bcm53xx/Makefile
View File

@ -11,8 +11,7 @@ FEATURES:=squashfs nand usb pci pcie gpio pwm
CPU_TYPE:=cortex-a9 CPU_TYPE:=cortex-a9
SUBTARGETS:=generic SUBTARGETS:=generic
KERNEL_PATCHVER:=5.10 KERNEL_PATCHVER:=5.15
KERNEL_TESTING_PATCHVER:=5.15
define Target/Description define Target/Description
Build firmware images for Broadcom based BCM47xx/53xx routers with ARM CPU, *not* MIPS. Build firmware images for Broadcom based BCM47xx/53xx routers with ARM CPU, *not* MIPS.

2
target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh
View File

@ -103,7 +103,7 @@ platform_do_upgrade_linksys() {
if nand_upgrade_tar "$1" ; then if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success nand_do_upgrade_success
else else
nand_do_upgrade_failure nand_do_upgrade_failed
fi fi
} }

2
target/linux/ipq806x/base-files/lib/upgrade/linksys.sh
View File

@ -97,7 +97,7 @@ platform_do_upgrade_linksys() {
if nand_upgrade_tar "$1" ; then if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success nand_do_upgrade_success
else else
nand_do_upgrade_failure nand_do_upgrade_failed
fi fi
} }

7
target/linux/kirkwood/base-files/lib/upgrade/linksys.sh
View File

@ -68,7 +68,12 @@ platform_do_upgrade_linksys() {
CI_UBIPART="rootfs2" CI_UBIPART="rootfs2"
fi fi
nand_upgrade_tar "$1" if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failed
fi
} }
[ "$magic_long" = "27051956" ] && { [ "$magic_long" = "27051956" ] && {
get_image "$1" | mtd write - $part_label get_image "$1" | mtd write - $part_label

7
target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh
View File

@ -68,7 +68,12 @@ platform_do_upgrade_linksys() {
CI_UBIPART="rootfs2" CI_UBIPART="rootfs2"
fi fi
nand_upgrade_tar "$1" if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failed
fi
} }
[ "$magic_long" = "27051956" -o "$magic_long" = "0000a0e1" ] && { [ "$magic_long" = "27051956" -o "$magic_long" = "0000a0e1" ] && {
get_image "$1" | mtd write - $part_label get_image "$1" | mtd write - $part_label

4
tools/mkimage/Makefile
View File

@ -7,14 +7,14 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mkimage PKG_NAME:=mkimage
PKG_VERSION:=2023.01 PKG_VERSION:=2023.04
PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \ PKG_SOURCE_URL:= \
https://mirror.cyberbits.eu/u-boot \ https://mirror.cyberbits.eu/u-boot \
https://ftp.denx.de/pub/u-boot \ https://ftp.denx.de/pub/u-boot \
ftp://ftp.denx.de/pub/u-boot ftp://ftp.denx.de/pub/u-boot
PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION) HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION)

8
tools/mkimage/patches/030-allow-to-use-different-magic.patch
View File

@ -33,7 +33,7 @@ This patch makes it possible to set a custom image magic.
static const struct option longopts[] = { static const struct option longopts[] = {
{ "load-address", required_argument, NULL, 'a' }, { "load-address", required_argument, NULL, 'a' },
@@ -298,6 +300,14 @@ static void process_args(int argc, char @@ -302,6 +304,14 @@ static void process_args(int argc, char
case 'l': case 'l':
params.lflag = 1; params.lflag = 1;
break; break;
@ -50,7 +50,7 @@ This patch makes it possible to set a custom image magic.
break; break;
--- a/tools/default_image.c --- a/tools/default_image.c
+++ b/tools/default_image.c +++ b/tools/default_image.c
@@ -56,7 +56,7 @@ static int image_verify_header(unsigned @@ -63,7 +63,7 @@ static int image_verify_header(unsigned
*/ */
memcpy(hdr, ptr, sizeof(struct legacy_img_hdr)); memcpy(hdr, ptr, sizeof(struct legacy_img_hdr));
@ -59,7 +59,7 @@ This patch makes it possible to set a custom image magic.
debug("%s: Bad Magic Number: \"%s\" is no valid image\n", debug("%s: Bad Magic Number: \"%s\" is no valid image\n",
params->cmdname, params->imagefile); params->cmdname, params->imagefile);
return -FDT_ERR_BADMAGIC; return -FDT_ERR_BADMAGIC;
@@ -119,7 +119,7 @@ static void image_set_header(void *ptr, @@ -142,7 +142,7 @@ static void image_set_header(void *ptr,
} }
/* Build new header */ /* Build new header */
@ -70,7 +70,7 @@ This patch makes it possible to set a custom image magic.
image_set_load(hdr, addr); image_set_load(hdr, addr);
--- a/tools/imagetool.h --- a/tools/imagetool.h
+++ b/tools/imagetool.h +++ b/tools/imagetool.h
@@ -59,6 +59,7 @@ struct image_tool_params { @@ -67,6 +67,7 @@ struct image_tool_params {
int arch; int arch;
int type; int type;
int comp; int comp;