fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge Official Source

Browse Source 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
Tianling Shen 2023-04-12 03:14:32 +08:00
commit 25d299f916
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
16 changed files with 268 additions and 221 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/base-files/files/lib/upgrade/nand.sh
View File

@ -261,10 +261,12 @@ nand_upgrade_ubinized() {
local ubi_file="$1"
local gz="$2"
local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)
nand_detach_ubi "$CI_UBIPART" || return 1
local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -y -f - && ubiattach -m "$mtdnum"
${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
}
# Write the UBIFS image to UBI rootfs volume

4
package/boot/uboot-envtools/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=uboot-envtools
PKG_DISTNAME:=u-boot
PKG_VERSION:=2023.01
PKG_VERSION:=2023.04
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.bz2
@ -17,7 +17,7 @@ PKG_SOURCE_URL:= \
https://ftp.denx.de/pub/u-boot \
https://mirror.cyberbits.eu/u-boot \
ftp://ftp.denx.de/pub/u-boot
PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f
PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341
PKG_SOURCE_SUBDIR:=$(PKG_DISTNAME)-$(PKG_VERSION)
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_DISTNAME)-$(PKG_VERSION)

148
package/boot/uboot-sunxi/patches/250-sun8i-h3-add-support-for-zeropi.patch Normal file
View File

@ -0,0 +1,148 @@
From 2527b24f39d8f27ba2fd922ca27a1f14119cfa1b Mon Sep 17 00:00:00 2001
From: Yu-Tung Chang <mtwget@gmail.com>
Date: Sat, 19 Jun 2021 16:16:45 +0800
Subject: [PATCH] sunxi: h3: Add initial ZeroPi support
ZeroPi is a new board of high performance with low cost
designed by FriendlyElec., using the Allwinner H3 SOC.
ZeroPi features
- Allwinner H3, Quad-core Cortex-A7@1.2GHz
- 256MB/512MB DDR3 RAM
- microsd slot
- 10/100/1000Mbps Ethernet
- Debug Serial Port
- DC 5V/2A power-supply
Signed-off-by: Yu-Tung Chang <mtwget@gmail.com>
Reviewed-by: Andre Przywara <andre.przywara@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
--- a/arch/arm/dts/Makefile
+++ b/arch/arm/dts/Makefile
@@ -560,7 +560,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \
sun8i-h3-orangepi-plus.dtb \
sun8i-h3-orangepi-plus2e.dtb \
sun8i-h3-orangepi-zero-plus2.dtb \
- sun8i-h3-rervision-dvk.dtb
+ sun8i-h3-rervision-dvk.dtb \
+ sun8i-h3-zeropi.dtb
dtb-$(CONFIG_MACH_SUN8I_R40) += \
sun8i-r40-bananapi-m2-ultra.dtb \
sun8i-v40-bananapi-m2-berry.dtb
--- /dev/null
+++ b/arch/arm/dts/sun8i-h3-zeropi.dts
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2020 Yu-Tung Chang <mtwget@gmail.com>
+ *
+ * This file is dual-licensed: you can use it either under the terms
+ * of the GPL or the X11 license, at your option. Note that this dual
+ * licensing only applies to this file, and not this project as a
+ * whole.
+ *
+ * a) This file is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * Or, alternatively,
+ *
+ * b) Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use,
+ * copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following
+ * conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#include "sun8i-h3-nanopi.dtsi"
+
+/ {
+ model = "FriendlyARM ZeroPi";
+ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3";
+
+ aliases {
+ ethernet0 = &emac;
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <100000>;
+ enable-active-high;
+ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>; /* PD6 */
+ };
+};
+
+&external_mdio {
+ ext_rgmii_phy: ethernet-phy@7 {
+ compatible = "ethernet-phy-ieee802.3-c22";
+ reg = <7>;
+ };
+};
+
+&emac {
+ pinctrl-names = "default";
+ pinctrl-0 = <&emac_rgmii_pins>;
+ phy-supply = <&reg_gmac_3v3>;
+ phy-handle = <&ext_rgmii_phy>;
+ phy-mode = "rgmii-id";
+
+ allwinner,leds-active-low;
+ status = "okay";
+};
+
+&usb_otg {
+ status = "okay";
+ dr_mode = "host";
+};
--- a/board/sunxi/MAINTAINERS
+++ b/board/sunxi/MAINTAINERS
@@ -508,3 +508,9 @@ YONES TOPTECH BS1078 V2 BOARD
M: Peter Korsgaard <peter@korsgaard.com>
S: Maintained
F: configs/Yones_Toptech_BS1078_V2_defconfig
+
+ZEROPI BOARD
+M: Yu-Tung Chang <mtwget@gmail.com>
+S: Maintained
+F: configs/zeropi_defconfig
+F: arch/arm/dts/sun8i-h3-zeropi.dts
--- /dev/null
+++ b/configs/zeropi_defconfig
@@ -0,0 +1,13 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi"
+CONFIG_SPL=y
+CONFIG_MACH_SUN8I_H3=y
+CONFIG_DRAM_CLK=408
+CONFIG_MACPWR="PD6"
+# CONFIG_VIDEO_DE2 is not set
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_CONSOLE_MUX=y
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_OHCI_HCD=y

81
package/boot/uboot-sunxi/patches/250-sun8i-h3-zeropi-add-device-tree.patch
View File

@ -1,81 +0,0 @@
--- a/arch/arm/dts/Makefile
+++ b/arch/arm/dts/Makefile
@@ -559,7 +559,8 @@ dtb-$(CONFIG_MACH_SUN8I_H3) += \
sun8i-h3-orangepi-plus.dtb \
sun8i-h3-orangepi-plus2e.dtb \
sun8i-h3-orangepi-zero-plus2.dtb \
- sun8i-h3-rervision-dvk.dtb
+ sun8i-h3-rervision-dvk.dtb \
+ sun8i-h3-zeropi.dtb
dtb-$(CONFIG_MACH_SUN8I_R40) += \
sun8i-r40-bananapi-m2-ultra.dtb \
sun8i-v40-bananapi-m2-berry.dtb
--- /dev/null
+++ b/arch/arm/dts/sun8i-h3-zeropi.dts
@@ -0,0 +1,66 @@
+// SPDX-License-Identifier: GPL-2.0-or-later OR MIT
+
+#include "sun8i-h3-nanopi.dtsi"
+
+/ {
+ model = "FriendlyElec ZeroPi";
+ compatible = "friendlyarm,zeropi", "allwinner,sun8i-h3";
+
+ aliases {
+ ethernet0 = &emac;
+ };
+
+ reg_gmac_3v3: gmac-3v3 {
+ compatible = "regulator-fixed";
+ pinctrl-names = "default";
+ pinctrl-0 = <&gmac_power_pin_nanopi>;
+ regulator-name = "gmac-3v3";
+ regulator-min-microvolt = <3300000>;
+ regulator-max-microvolt = <3300000>;
+ startup-delay-us = <100000>;
+ enable-active-high;
+ gpio = <&pio 3 6 GPIO_ACTIVE_HIGH>;
+ };
+};
+
+&ehci0 {
+ status = "okay";
+};
+
+&ohci0 {
+ status = "okay";
+};
+
+&pio {
+ gmac_power_pin_nanopi: gmac_power_pin@0 {
+ pins = "PD6";
+ function = "gpio_out";
+ };
+};
+
+&external_mdio {
+ ext_rgmii_phy: ethernet-phy@1 {
+ compatible = "ethernet-phy-ieee802.3-c22";
+ reg = <7>;
+ };
+};
+
+&emac {
+ pinctrl-names = "default";
+ pinctrl-0 = <&emac_rgmii_pins>;
+ phy-supply = <&reg_gmac_3v3>;
+ phy-handle = <&ext_rgmii_phy>;
+ phy-mode = "rgmii";
+
+ allwinner,leds-active-low;
+ status = "okay";
+};
+
+&usb_otg {
+ status = "okay";
+ dr_mode = "peripheral";
+};
+
+&usbphy {
+ usb0_id_det-gpios = <&pio 6 12 GPIO_ACTIVE_HIGH>; /* PG12 */
+};

24
package/boot/uboot-sunxi/patches/251-sun8i-h3-zeropi-add-defconfig.patch
View File

@ -1,24 +0,0 @@
--- /dev/null
+++ b/configs/zeropi_defconfig
@@ -0,0 +1,21 @@
+CONFIG_ARM=y
+CONFIG_ARCH_SUNXI=y
+CONFIG_MACH_SUN8I_H3=y
+CONFIG_DRAM_CLK=408
+CONFIG_DRAM_ZQ=3881979
+CONFIG_DRAM_ODT_EN=y
+CONFIG_MACPWR="PD6"
+# CONFIG_VIDEO_DE2 is not set
+CONFIG_NR_DRAM_BANKS=1
+CONFIG_DEFAULT_DEVICE_TREE="sun8i-h3-zeropi"
+# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
+CONFIG_CONSOLE_MUX=y
+CONFIG_SPL=y
+CONFIG_SYS_CLK_FREQ=480000000
+# CONFIG_CMD_IMLS is not set
+# CONFIG_CMD_FLASH is not set
+# CONFIG_CMD_FPGA is not set
+CONFIG_SUN8I_EMAC=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_USB_EHCI_HCD=y
+CONFIG_SYS_USB_EVENT_POLL_VIA_INT_QUEUE=y

6
package/libs/mbedtls/Makefile
View File

@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
PKG_VERSION:=2.28.2
PKG_RELEASE:=2
PKG_VERSION:=2.28.3
PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0
PKG_HASH:=bdf7c5bbdc338da3edad89b2885d4f8668f9a6fffeba6ec17a60333e36dade6f
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE_FILES:=gpl-2.0.txt

22
package/libs/mbedtls/patches/100-fix-compile.patch
View File

@ -1,22 +0,0 @@
Fix a compile problem introduced in commit 331c3421d1f0 ("Address review comments")
Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] )
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
- }
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opt.key_opaque != 0 )
@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_CERTS_C */
+ }
mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

146
package/libs/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch
View File

@ -1,17 +1,17 @@
From 272d48fe7a2ff00285d4ee166d3a9beca1d5122f Mon Sep 17 00:00:00 2001
From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sun, 23 Oct 2022 19:48:18 -0400
Subject: [PATCH 1/4] x509 crt verify SAN iPAddress
Subject: [PATCH] x509 crt verify SAN iPAddress
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
---
include/mbedtls/x509_crt.h | 2 +-
library/x509_crt.c | 115 +++++++++++++++++++++++++++++--------
2 files changed, 93 insertions(+), 24 deletions(-)
library/x509_crt.c | 126 ++++++++++++++++++++++++++++++-------
2 files changed, 103 insertions(+), 25 deletions(-)
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -597,7 +597,7 @@ int mbedtls_x509_crt_verify_info( char *
@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b
* \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its
@ -22,12 +22,30 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* If the verification couldn't be completed, the flag value is
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2986,6 +2986,54 @@ find_parent:
@@ -57,6 +57,10 @@
#if defined(MBEDTLS_HAVE_TIME)
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+#define WIN32_LEAN_AND_MEAN
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0600
+#endif
#include <windows.h>
#else
#include <time.h>
@@ -2995,6 +2999,61 @@ find_parent:
}
}
+#ifdef _WIN32
+/* ??? */
+#ifdef _MSC_VER
+#pragma comment(lib, "ws2_32.lib")
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#endif
+#elif defined(__sun)
+/* Solaris requires -lsocket -lnsl for inet_pton() */
+#elif defined(__has_include)
@ -51,79 +69,77 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+ * provided by headers included (or not) via __has_include() above. */
+#ifndef AF_INET6
+
+#define x509_cn_inet_pton( cn, dst ) ( 0 )
+#define x509_cn_inet_pton(cn, dst) (0)
+
+#else
+
+static int x509_inet_pton_ipv6( const char *src, void *dst )
+static int x509_inet_pton_ipv6(const char *src, void *dst)
+{
+ return( inet_pton( AF_INET6, src, dst ) == 1 ? 0 : -1 );
+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1;
+}
+
+static int x509_inet_pton_ipv4( const char *src, void *dst )
+static int x509_inet_pton_ipv4(const char *src, void *dst)
+{
+ return( inet_pton( AF_INET, src, dst ) == 1 ? 0 : -1 );
+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1;
+}
+
+#endif /* AF_INET6 */
+
+static size_t x509_cn_inet_pton( const char *cn, void *dst )
+static size_t x509_cn_inet_pton(const char *cn, void *dst)
+{
+ return( strchr( cn, ':' ) == NULL
+ ? x509_inet_pton_ipv4( cn, dst ) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6( cn, dst ) == 0 ? 16 : 0 );
+ return strchr(cn, ':') == NULL
+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0
+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0;
+}
+
/*
* Check for CN match
*/
@@ -3008,23 +3056,51 @@ static int x509_crt_check_cn( const mbed
return( -1 );
@@ -3015,24 +3074,51 @@ static int x509_crt_check_cn(const mbedt
return -1;
}
+static int x509_crt_check_san_ip( const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len )
+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len)
+{
+ uint32_t ip[4];
+ cn_len = x509_cn_inet_pton( cn, ip );
+ if( cn_len == 0 )
+ return( -1 );
+
+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next )
+ {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if( san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp( cur->buf.p, ip, cn_len ) == 0 )
+ return( 0 );
+ cn_len = x509_cn_inet_pton(cn, ip);
+ if (cn_len == 0) {
+ return -1;
+ }
+
+ return( -1 );
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS &&
+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) {
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
-static int x509_crt_check_san( const mbedtls_x509_buf *name,
+static int x509_crt_check_san( const mbedtls_x509_sequence *san,
const char *cn, size_t cn_len )
-static int x509_crt_check_san(const mbedtls_x509_buf *name,
+static int x509_crt_check_san(const mbedtls_x509_sequence *san,
const char *cn, size_t cn_len)
{
- const unsigned char san_type = (unsigned char) name->tag &
- MBEDTLS_ASN1_TAG_VALUE_MASK;
-
- /* dNSName */
- if( san_type == MBEDTLS_X509_SAN_DNS_NAME )
- return( x509_crt_check_cn( name, cn, cn_len ) );
-
- /* (We may handle other types here later.) */
- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) {
- return x509_crt_check_cn(name, cn, cn_len);
+ int san_ip = 0;
+ for( const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next )
+ {
+ switch( (unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK )
+ {
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
+ return( 0 );
+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
+ return 0;
+ }
+ break;
+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ san_ip = 1;
@ -132,47 +148,47 @@ Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
+ default: /* Unrecognized type */
+ break;
+ }
+ }
}
- /* (We may handle other types here later.) */
-
- /* Unrecognized type */
- return( -1 );
+ return( san_ip ? x509_crt_check_san_ip( san, cn, cn_len ) : -1 );
- return -1;
+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
}
/*
@@ -3035,19 +3111,12 @@ static void x509_crt_verify_name( const
uint32_t *flags )
@@ -3043,31 +3129,23 @@ static void x509_crt_verify_name(const m
uint32_t *flags)
{
const mbedtls_x509_name *name;
- const mbedtls_x509_sequence *cur;
size_t cn_len = strlen( cn );
size_t cn_len = strlen(cn);
if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{
- for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
- {
- if( x509_crt_check_san( &cur->buf, cn, cn_len ) == 0 )
if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) {
- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) {
- break;
- }
- }
-
- if( cur == NULL )
- if (cur == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
+ if( x509_crt_check_san( &crt->subject_alt_names, cn, cn_len ) == 0 )
+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) {
+ return;
}
else
{
@@ -3056,13 +3125,13 @@ static void x509_crt_verify_name( const
if( MBEDTLS_OID_CMP( MBEDTLS_OID_AT_CN, &name->oid ) == 0 &&
x509_crt_check_cn( &name->val, cn, cn_len ) == 0 )
{
} else {
for (name = &crt->subject; name != NULL; name = name->next) {
if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 &&
x509_crt_check_cn(&name->val, cn, cn_len) == 0) {
- break;
+ return;
}
}
- if( name == NULL )
- if (name == NULL) {
- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
- }
}
+
+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;

3
target/linux/bcm4908/Makefile
View File

@ -9,8 +9,7 @@ FEATURES:=squashfs nand usb gpio
CPU_TYPE:=cortex-a53
SUBTARGETS:=generic
KERNEL_PATCHVER:=5.10
KERNEL_TESTING_PATCHVER:=5.15
KERNEL_PATCHVER:=5.15
define Target/Description
Build firmware images for Broadcom BCM4908 SoC family routers.

3
target/linux/bcm53xx/Makefile
View File

@ -11,8 +11,7 @@ FEATURES:=squashfs nand usb pci pcie gpio pwm
CPU_TYPE:=cortex-a9
SUBTARGETS:=generic
KERNEL_PATCHVER:=5.10
KERNEL_TESTING_PATCHVER:=5.15
KERNEL_PATCHVER:=5.15
define Target/Description
Build firmware images for Broadcom based BCM47xx/53xx routers with ARM CPU, *not* MIPS.

2
target/linux/ipq40xx/base-files/lib/upgrade/linksys.sh
View File

@ -103,7 +103,7 @@ platform_do_upgrade_linksys() {
if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failure
nand_do_upgrade_failed
fi
}

2
target/linux/ipq806x/base-files/lib/upgrade/linksys.sh
View File

@ -97,7 +97,7 @@ platform_do_upgrade_linksys() {
if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failure
nand_do_upgrade_failed
fi
}

7
target/linux/kirkwood/base-files/lib/upgrade/linksys.sh
View File

@ -68,7 +68,12 @@ platform_do_upgrade_linksys() {
CI_UBIPART="rootfs2"
fi
nand_upgrade_tar "$1"
if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failed
fi
}
[ "$magic_long" = "27051956" ] && {
get_image "$1" | mtd write - $part_label

7
target/linux/mvebu/cortexa9/base-files/lib/upgrade/linksys.sh
View File

@ -68,7 +68,12 @@ platform_do_upgrade_linksys() {
CI_UBIPART="rootfs2"
fi
nand_upgrade_tar "$1"
if nand_upgrade_tar "$1" ; then
nand_do_upgrade_success
else
nand_do_upgrade_failed
fi
}
[ "$magic_long" = "27051956" -o "$magic_long" = "0000a0e1" ] && {
get_image "$1" | mtd write - $part_label

4
tools/mkimage/Makefile
View File

@ -7,14 +7,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mkimage
PKG_VERSION:=2023.01
PKG_VERSION:=2023.04
PKG_SOURCE:=u-boot-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
https://mirror.cyberbits.eu/u-boot \
https://ftp.denx.de/pub/u-boot \
ftp://ftp.denx.de/pub/u-boot
PKG_HASH:=69423bad380f89a0916636e89e6dcbd2e4512d584308d922d1039d1e4331950f
PKG_HASH:=e31cac91545ff41b71cec5d8c22afd695645cd6e2a442ccdacacd60534069341
HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/u-boot-$(PKG_VERSION)

8
tools/mkimage/patches/030-allow-to-use-different-magic.patch
View File

@ -33,7 +33,7 @@ This patch makes it possible to set a custom image magic.
static const struct option longopts[] = {
{ "load-address", required_argument, NULL, 'a' },
@@ -298,6 +300,14 @@ static void process_args(int argc, char
@@ -302,6 +304,14 @@ static void process_args(int argc, char
case 'l':
params.lflag = 1;
break;
@ -50,7 +50,7 @@ This patch makes it possible to set a custom image magic.
break;
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -56,7 +56,7 @@ static int image_verify_header(unsigned
@@ -63,7 +63,7 @@ static int image_verify_header(unsigned
*/
memcpy(hdr, ptr, sizeof(struct legacy_img_hdr));
@ -59,7 +59,7 @@ This patch makes it possible to set a custom image magic.
debug("%s: Bad Magic Number: \"%s\" is no valid image\n",
params->cmdname, params->imagefile);
return -FDT_ERR_BADMAGIC;
@@ -119,7 +119,7 @@ static void image_set_header(void *ptr,
@@ -142,7 +142,7 @@ static void image_set_header(void *ptr,
}
/* Build new header */
@ -70,7 +70,7 @@ This patch makes it possible to set a custom image magic.
image_set_load(hdr, addr);
--- a/tools/imagetool.h
+++ b/tools/imagetool.h
@@ -59,6 +59,7 @@ struct image_tool_params {
@@ -67,6 +67,7 @@ struct image_tool_params {
int arch;
int type;
int comp;