diff --git a/openwrt-23.05/patches/kernel-5.10/0002-kernel-crypto.addon b/openwrt-23.05/patches/kernel-5.10/0002-kernel-crypto.addon deleted file mode 100644 index d18ce4f..0000000 --- a/openwrt-23.05/patches/kernel-5.10/0002-kernel-crypto.addon +++ /dev/null @@ -1,23 +0,0 @@ -CONFIG_CRYPTO_AES_ARM64_CE_BLK=y -CONFIG_CRYPTO_AES_ARM64_CE_CCM=y -CONFIG_CRYPTO_SHA512_ARM64=y -CONFIG_CRYPTO_SHA512_ARM64_CE=y -CONFIG_CRYPTO_SHA3_ARM64=y -CONFIG_CRYPTO_SM3_ARM64_CE=y -CONFIG_CRYPTO_SM4_ARM64_CE=y -CONFIG_CRYPTO_CRCT10DIF_ARM64_CE=y -CONFIG_CRYPTO_AES_ARM64_NEON_BLK=y -CONFIG_CRYPTO_AES_ARM64_BS=y -CONFIG_CRYPTO_ANSI_CPRNG=y -CONFIG_CRYPTO_CMAC=y -CONFIG_CRYPTO_ECB=y -CONFIG_CRYPTO_GHASH_ARM64_CE=y -CONFIG_CRYPTO_MD5=y -CONFIG_CRYPTO_SHA1=y -CONFIG_CRYPTO_SHA1_ARM64_CE=y -CONFIG_CRYPTO_SHA2_ARM64_CE=y -CONFIG_CRYPTO_SHA512=y -CONFIG_CRYPTO_TWOFISH=y -CONFIG_CRYPTO_USER_API_HASH=y -CONFIG_CRYPTO_USER_API_SKCIPHER=y -CONFIG_CRYPTO_DEV_ROCKCHIP=y \ No newline at end of file diff --git a/openwrt-23.05/patches/package/adguardhome/Makefile b/openwrt-23.05/patches/package/adguardhome/Makefile index 4ab77a6..f6d9dc6 100644 --- a/openwrt-23.05/patches/package/adguardhome/Makefile +++ b/openwrt-23.05/patches/package/adguardhome/Makefile @@ -6,13 +6,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=adguardhome -PKG_VERSION:=0.107.36 +PKG_VERSION:=0.107.41 PKG_RELEASE:=1 # WARNING : need rework for other arch PKG_SOURCE:=AdGuardHome_linux_arm64.tar.gz PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome/releases/download/v$(PKG_VERSION)/ -PKG_HASH:=ad449fa35b8919bc71d67fd570bcaae73aa20e8e20d1c682a5570bdae6544a41 +PKG_HASH:=e23f5164a832c8647e0035b03189dc9c72821e9216ee5a5f8057739b8d072539 PKG_LICENSE:=GPL-3.0-only PKG_LICENSE_FILES:=LICENSE.txt diff --git a/openwrt-23.05/patches/package/haproxy/Makefile b/openwrt-23.05/patches/package/haproxy/Makefile deleted file mode 100644 index f790564..0000000 --- a/openwrt-23.05/patches/package/haproxy/Makefile +++ /dev/null @@ -1,146 +0,0 @@ -# -# Copyright (C) 2010-2016 OpenWrt.org -# Copyright (C) 2009-2016 Thomas Heil -# Copyright (C) 2018 Christian Lachner -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=haproxy -PKG_VERSION:=2.8.2 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://www.haproxy.org/download/2.8/src -PKG_HASH:=698d6906d170946a869769964e57816ba3da3adf61ff75e89972b137f4658db0 - -PKG_MAINTAINER:=Thomas Heil , \ - Christian Lachner -PKG_LICENSE:=GPL-2.0-only -PKG_LICENSE_FILES:=LICENSE -PKG_CPE_ID:=cpe:/a:haproxy:haproxy - -include $(INCLUDE_DIR)/package.mk - -define Package/haproxy/Default - SUBMENU:=Web Servers/Proxies - SECTION:=net - CATEGORY:=Network - TITLE:=TCP/HTTP Load Balancer - URL:=https://www.haproxy.org/ -endef - -define Package/haproxy/conffiles -/etc/haproxy.cfg -endef - -Package/haproxy-nossl/conffiles = $(Package/haproxy/conffiles) - -define Package/haproxy/Default/description - Open source Reliable, High Performance TCP/HTTP Load Balancer. -endef - -define Package/haproxy - $(call Package/haproxy/Default) - TITLE+=with SSL support - DEPENDS+= +libpcre +libltdl +zlib +libpthread +liblua5.3 +libopenssl +libncurses +libreadline +libatomic - VARIANT:=ssl -endef - -define Package/haproxy/description -$(call Package/haproxy/Default/description) - This package is built with SSL and LUA support. -endef - -define Package/haproxy-nossl - $(call Package/haproxy/Default) - TITLE+=without SSL support - VARIANT:=nossl - DEPENDS+= +libpcre +libltdl +zlib +libpthread +liblua5.3 +libatomic - CONFLICTS:=haproxy -endef - -define Package/haproxy-nossl/description - $(call Package/haproxy/Default/description) - This package is built without SSL support. -endef - -TARGET=linux-glibc -ENABLE_LUA:=y - -ifeq ($(CONFIG_USE_UCLIBC),y) - ADDON+=USE_BACKTRACE= - ADDON+=USE_LIBCRYPT= -endif - -ifeq ($(CONFIG_USE_MUSL),y) - TARGET=linux-musl -endif - -ifeq ($(BUILD_VARIANT),ssl) - ADDON+=USE_OPENSSL=1 - ADDON+=ADDLIB="-lcrypto -lm" -endif - -define Build/Compile - $(MAKE) TARGET=$(TARGET) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - CC="$(TARGET_CC)" \ - PCREDIR="$(STAGING_DIR)/usr/" \ - USE_LUA=1 LUA_LIB_NAME="lua5.3" LUA_INC="$(STAGING_DIR)/usr/include/lua5.3" LUA_LIB="$(STAGING_DIR)/usr/lib" \ - SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530" \ - USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_PTHREAD_PSHARED=1 USE_LIBATOMIC=1 USE_PROMEX=1 \ - VERSION="$(PKG_VERSION)" SUBVERS="-$(PKG_RELEASE)" \ - VERDATE="$(shell date -d @$(SOURCE_DATE_EPOCH) '+%Y/%m/%d')" IGNOREGIT=1 \ - $(ADDON) \ - CFLAGS="$(TARGET_CFLAGS) -fno-strict-aliasing -Wdeclaration-after-statement -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-address-of-packed-member -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference -fwrapv -fasynchronous-unwind-tables -Wno-null-dereference" \ - LD="$(TARGET_CC)" \ - LDFLAGS="$(TARGET_LDFLAGS)" - - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - LD="$(TARGET_CC)" \ - LDFLAGS="$(TARGET_LDFLAGS)" \ - $(MAKE_FLAGS) \ - install - - $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \ - DESTDIR="$(PKG_INSTALL_DIR)" \ - CC="$(TARGET_CC)" \ - CFLAGS="$(TARGET_CFLAGS) -Wno-address-of-packed-member" \ - LDFLAGS="$(TARGET_LDFLAGS)" \ - admin/halog/halog -endef - -define Package/haproxy/install - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/haproxy $(1)/usr/sbin/ - $(INSTALL_DIR) $(1)/etc - $(INSTALL_CONF) ./files/haproxy.cfg $(1)/etc/ - $(INSTALL_DIR) $(1)/etc/init.d - $(INSTALL_BIN) ./files/haproxy.init $(1)/etc/init.d/haproxy -endef - -Package/haproxy-nossl/install = $(Package/haproxy/install) - -define Package/halog - $(call Package/haproxy) - TITLE+=halog - DEPENDS:=haproxy -endef - -define Package/halog/description - HAProxy Log Analyzer -endef - -define Package/halog/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/admin/halog/halog $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,haproxy)) -$(eval $(call BuildPackage,halog)) -$(eval $(call BuildPackage,haproxy-nossl)) diff --git a/openwrt-23.05/patches/package/haproxy/files/haproxy.cfg b/openwrt-23.05/patches/package/haproxy/files/haproxy.cfg deleted file mode 100644 index ffe5949..0000000 --- a/openwrt-23.05/patches/package/haproxy/files/haproxy.cfg +++ /dev/null @@ -1,107 +0,0 @@ -# Example configuration file for HAProxy 2.0, refer to the url below for -# a full documentation and examples for configuration: -# https://cbonte.github.io/haproxy-dconv/2.0/configuration.html - - -# Global parameters -global - - # Log events to a remote syslog server at given address using the - # specified facility and verbosity level. Multiple log options - # are allowed. - #log 10.0.0.1 daemon info - - # Specifiy the maximum number of allowed connections. - maxconn 32000 - - # Raise the ulimit for the maximum allowed number of open socket - # descriptors per process. This is usually at least twice the - # number of allowed connections (maxconn * 2 + nb_servers + 1) . - ulimit-n 65535 - - # Drop privileges (setuid, setgid), default is "root" on OpenWrt. - uid 0 - gid 0 - - # Perform chroot into the specified directory. - #chroot /var/run/haproxy/ - - # Daemonize on startup - daemon - - nosplice - # Enable debugging - #debug - - # Spawn given number of processes and distribute load among them, - # used for multi-core environments or to circumvent per-process - # limits like number of open file descriptors. Default is 1. - #nbproc 2 - -# Default parameters -defaults - # Default timeouts - timeout connect 5000ms - timeout client 50000ms - timeout server 50000ms - - -# Example HTTP proxy listener -listen my_http_proxy - - # Bind to port 81 and 444 on all interfaces (0.0.0.0) - bind :81,:444 - - # We're proxying HTTP here... - mode http - - # Simple HTTP round robin over two servers using the specified - # source ip 192.168.1.1 . - balance roundrobin - server server01 192.168.1.10:80 source 192.168.1.1 - server server02 192.168.1.20:80 source 192.168.1.1 - - # Serve an internal statistics page on /stats: - stats enable - stats uri /stats - - # Enable HTTP basic auth for the statistics: - stats realm HA_Stats - stats auth username:password - - -# Example SMTP proxy listener -listen my_smtp_proxy - - # Disable this instance without commenting out the section. - disabled - - # Bind to port 26 and 588 on localhost - bind 127.0.0.1:26,127.0.0.1:588 - - # This is a TCP proxy - mode tcp - - # Round robin load balancing over two servers on port 123 forcing - # the address 192.168.1.1 and port 25 as source. - balance roundrobin - #use next line for transparent proxy, so the servers can see the - #original ip-address and remove source keyword in server definition - #source 0.0.0.0 usesrc clientip - server server01 192.168.1.10:123 source 192.168.1.1:25 - server server02 192.168.1.20:123 source 192.168.1.1:25 - - -# Special health check listener for integration with external load -# balancers. -listen local_health_check - - # Listen on port 60000 - bind :60000 - - # This is a health check - mode health - - # Enable HTTP-style responses: "HTTP/1.0 200 OK" - # else just print "OK". - #option httpchk diff --git a/openwrt-23.05/patches/package/haproxy/files/haproxy.init b/openwrt-23.05/patches/package/haproxy/files/haproxy.init deleted file mode 100644 index 51c0ebb..0000000 --- a/openwrt-23.05/patches/package/haproxy/files/haproxy.init +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2009-2019 OpenWrt.org - -START=99 -STOP=80 - -USE_PROCD=1 - -HAPROXY_BIN="/usr/sbin/haproxy" -HAPROXY_CONFIG="/etc/haproxy.cfg" - -start_service() { - procd_open_instance - procd_set_param respawn - procd_set_param file "$HAPROXY_CONFIG" - procd_set_param reload_signal USR2 - procd_set_param command $HAPROXY_BIN -q -W -db -f "$HAPROXY_CONFIG" - procd_close_instance -} - -service_triggers() { - procd_add_raw_trigger acme.renew 5000 /etc/init.d/haproxy reload -} - -extra_command "check" "Check haproxy config" -check() { - $HAPROXY_BIN -c -q -V -f $HAPROXY_CONFIG -} diff --git a/openwrt-23.05/patches/package/haproxy/get-latest-patches.sh b/openwrt-23.05/patches/package/haproxy/get-latest-patches.sh deleted file mode 100755 index b7d1748..0000000 --- a/openwrt-23.05/patches/package/haproxy/get-latest-patches.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -CLONEURL=https://git.haproxy.org/git/haproxy-2.8.git -BASE_TAG=v2.8.2 -TMP_REPODIR=tmprepo -PATCHESDIR=patches - -if test -d "${TMP_REPODIR}"; then rm -rf "${TMP_REPODIR}"; fi - -git clone "${CLONEURL}" "${TMP_REPODIR}" - -printf "Cleaning patches\n" -find ${PATCHESDIR} -type f -name "*.patch" -exec rm -f "{}" \; - -i=0 -for cid in $(git -C "${TMP_REPODIR}" rev-list ${BASE_TAG}..HEAD | tac); do - filename="$(printf "%03d" $i)-$(git -C "${TMP_REPODIR}" log --format=%s -n 1 "$cid" | sed -e"s/[()']//g" -e's/[^_a-zA-Z0-9+-]\+/-/g' -e's/-$//').patch" - printf "Creating %s\n" "${filename}" - git -C "${TMP_REPODIR}" show "$cid" > "${PATCHESDIR}/$filename" - git add "${PATCHESDIR}/$filename" - i=$((i+1)) -done - -rm -rf "${TMP_REPODIR}" - -printf "finished\n" - diff --git a/openwrt-23.05/patches/package/haproxy/patches/100-fix-arm-optim-compil.patch b/openwrt-23.05/patches/package/haproxy/patches/100-fix-arm-optim-compil.patch deleted file mode 100644 index 0d7aa2e..0000000 --- a/openwrt-23.05/patches/package/haproxy/patches/100-fix-arm-optim-compil.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: haproxy-2.6.12/include/haproxy/atomic.h -=================================================================== ---- haproxy-2.6.12.orig/include/haproxy/atomic.h -+++ haproxy-2.6.12/include/haproxy/atomic.h -@@ -23,6 +23,8 @@ - #ifndef _HAPROXY_ATOMIC_H - #define _HAPROXY_ATOMIC_H - -+#include -+ - /* A few notes for the macros and functions here: - * - this file is painful to edit, most operations exist in 3 variants, - * no-thread, threads with gcc<4.7, threads with gcc>=4.7. Be careful when diff --git a/openwrt-23.05/patches/package/mbedtls/Config.in b/openwrt-23.05/patches/package/mbedtls/Config.in deleted file mode 100644 index 92d7180..0000000 --- a/openwrt-23.05/patches/package/mbedtls/Config.in +++ /dev/null @@ -1,203 +0,0 @@ -if PACKAGE_libmbedtls - -comment "Option details in source code: include/mbedtls/mbedtls_config.h" - -comment "Ciphers - unselect old or less-used ciphers to reduce binary size" - -config MBEDTLS_AES_C - bool "MBEDTLS_AES_C" - default y - -config MBEDTLS_CAMELLIA_C - bool "MBEDTLS_CAMELLIA_C" - default n - -config MBEDTLS_CCM_C - bool "MBEDTLS_CCM_C" - default n - -config MBEDTLS_CMAC_C - bool "MBEDTLS_CMAC_C (old but used by hostapd)" - default y - -config MBEDTLS_DES_C - bool "MBEDTLS_DES_C (old but used by hostapd)" - default y - -config MBEDTLS_GCM_C - bool "MBEDTLS_GCM_C" - default y - -config MBEDTLS_NIST_KW_C - bool "MBEDTLS_NIST_KW_C (old but used by hostapd)" - default y - -config MBEDTLS_RIPEMD160_C - bool "MBEDTLS_RIPEMD160_C" - default n - -config MBEDTLS_XTEA_C - bool "MBEDTLS_XTEA_C" - default n - -config MBEDTLS_RSA_NO_CRT - bool "MBEDTLS_RSA_NO_CRT" - default y - -config MBEDTLS_KEY_EXCHANGE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" - default y - -config MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" - default n - -config MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - bool "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED" - default n - -comment "Curves - unselect old or less-used curves to reduce binary size" - -config MBEDTLS_ECP_DP_SECP192R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP192R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP224R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP224R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP256R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP256R1_ENABLED" - default y - -config MBEDTLS_ECP_DP_SECP384R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP384R1_ENABLED" - default y - -config MBEDTLS_ECP_DP_SECP521R1_ENABLED - bool "MBEDTLS_ECP_DP_SECP521R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP192K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP192K1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP224K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP224K1_ENABLED" - default n - -config MBEDTLS_ECP_DP_SECP256K1_ENABLED - bool "MBEDTLS_ECP_DP_SECP256K1_ENABLED" - default y - -config MBEDTLS_ECP_DP_BP256R1_ENABLED - bool "MBEDTLS_ECP_DP_BP256R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_BP384R1_ENABLED - bool "MBEDTLS_ECP_DP_BP384R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_BP512R1_ENABLED - bool "MBEDTLS_ECP_DP_BP512R1_ENABLED" - default n - -config MBEDTLS_ECP_DP_CURVE25519_ENABLED - bool "MBEDTLS_ECP_DP_CURVE25519_ENABLED" - default y - -config MBEDTLS_ECP_DP_CURVE448_ENABLED - bool "MBEDTLS_ECP_DP_CURVE448_ENABLED" - default n - -comment "Build Options - unselect features to reduce binary size" - -config MBEDTLS_ARMV8CE_AES_C - bool "MBEDTLS_ARMV8CE_AES_C" - default y - depends on aarch64 && !TARGET_bcm27xx - -config MBEDTLS_CERTS_C - bool "MBEDTLS_CERTS_C" - default n - -config MBEDTLS_CIPHER_MODE_OFB - bool "MBEDTLS_CIPHER_MODE_OFB" - default n - -config MBEDTLS_CIPHER_MODE_XTS - bool "MBEDTLS_CIPHER_MODE_XTS" - default n - -config MBEDTLS_DEBUG_C - bool "MBEDTLS_DEBUG_C" - default n - -config MBEDTLS_HAVE_SSE2 - bool "MBEDTLS_HAVE_SSE2" - default y - depends on TARGET_x86_generic || TARGET_x86_64 - -config MBEDTLS_HKDF_C - bool "MBEDTLS_HKDF_C" - default n - -config MBEDTLS_PLATFORM_C - bool "MBEDTLS_PLATFORM_C" - default n - -config MBEDTLS_SELF_TEST - bool "MBEDTLS_SELF_TEST" - default n - -config MBEDTLS_SSL_TRUNCATED_HMAC - bool "MBEDTLS_SSL_TRUNCATED_HMAC" - default n - -config MBEDTLS_VERSION_C - bool "MBEDTLS_VERSION_C" - default n - -config MBEDTLS_VERSION_FEATURES - bool "MBEDTLS_VERSION_FEATURES" - default n - -comment "Build Options" - -config MBEDTLS_ENTROPY_FORCE_SHA256 - bool "MBEDTLS_ENTROPY_FORCE_SHA256" - default y - -config MBEDTLS_SSL_RENEGOTIATION - bool "MBEDTLS_SSL_RENEGOTIATION" - default n - -endif diff --git a/openwrt-23.05/patches/package/mbedtls/Makefile b/openwrt-23.05/patches/package/mbedtls/Makefile deleted file mode 100644 index e1640b5..0000000 --- a/openwrt-23.05/patches/package/mbedtls/Makefile +++ /dev/null @@ -1,164 +0,0 @@ -# -# Copyright (C) 2011-2015 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=mbedtls -PKG_VERSION:=2.28.3 -PKG_RELEASE:=1 -PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=bdf7c5bbdc338da3edad89b2885d4f8668f9a6fffeba6ec17a60333e36dade6f - -PKG_LICENSE:=GPL-2.0-or-later -PKG_LICENSE_FILES:=gpl-2.0.txt -PKG_CPE_ID:=cpe:/a:arm:mbed_tls - -MBEDTLS_BUILD_OPTS_CURVES= \ - CONFIG_MBEDTLS_ECP_DP_SECP192R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP224R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP384R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP521R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP192K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP224K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_SECP256K1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP256R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP384R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_BP512R1_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_CURVE25519_ENABLED \ - CONFIG_MBEDTLS_ECP_DP_CURVE448_ENABLED - -MBEDTLS_BUILD_OPTS_CIPHERS= \ - CONFIG_MBEDTLS_AES_C \ - CONFIG_MBEDTLS_CAMELLIA_C \ - CONFIG_MBEDTLS_CCM_C \ - CONFIG_MBEDTLS_CMAC_C \ - CONFIG_MBEDTLS_DES_C \ - CONFIG_MBEDTLS_GCM_C \ - CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED \ - CONFIG_MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ - CONFIG_MBEDTLS_NIST_KW_C \ - CONFIG_MBEDTLS_RIPEMD160_C \ - CONFIG_MBEDTLS_RSA_NO_CRT \ - CONFIG_MBEDTLS_XTEA_C - -MBEDTLS_BUILD_OPTS= \ - $(MBEDTLS_BUILD_OPTS_CURVES) \ - $(MBEDTLS_BUILD_OPTS_CIPHERS) \ - CONFIG_MBEDTLS_ARMV8CE_AES_C \ - CONFIG_MBEDTLS_CERTS_C \ - CONFIG_MBEDTLS_CIPHER_MODE_OFB \ - CONFIG_MBEDTLS_CIPHER_MODE_XTS \ - CONFIG_MBEDTLS_DEBUG_C \ - CONFIG_MBEDTLS_ENTROPY_FORCE_SHA256 \ - CONFIG_MBEDTLS_HAVE_SSE2 \ - CONFIG_MBEDTLS_HKDF_C \ - CONFIG_MBEDTLS_PLATFORM_C \ - CONFIG_MBEDTLS_SELF_TEST \ - CONFIG_MBEDTLS_SSL_RENEGOTIATION \ - CONFIG_MBEDTLS_SSL_TRUNCATED_HMAC \ - CONFIG_MBEDTLS_VERSION_C \ - CONFIG_MBEDTLS_VERSION_FEATURES - -PKG_CONFIG_DEPENDS := $(MBEDTLS_BUILD_OPTS) - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/mbedtls/Default - TITLE:=Embedded SSL - URL:=https://tls.mbed.org -endef - -define Package/mbedtls/Default/description -The aim of the mbedtls project is to provide a quality, open-source -cryptographic library written in C and targeted at embedded systems. -endef - -define Package/libmbedtls -$(call Package/mbedtls/Default) - SECTION:=libs - CATEGORY:=Libraries - SUBMENU:=SSL - TITLE+= (library) - ABI_VERSION:=12 - MENU:=1 -endef - -define Package/libmbedtls/config - source "$(SOURCE)/Config.in" -endef - -define Package/mbedtls-util -$(call Package/mbedtls/Default) - SECTION:=utils - CATEGORY:=Utilities - TITLE+= (utilities) - DEPENDS:=+libmbedtls -endef - -define Package/libmbedtls/description -$(call Package/mbedtls/Default/description) -This package contains the mbedtls library. -endef - -define Package/mbedtls-util/description -$(call Package/mbedtls/Default/description) -This package contains mbedtls helper programs for private key and -CSR generation (gen_key, cert_req) -endef - -TARGET_CFLAGS := $(filter-out -O%,$(TARGET_CFLAGS)) - -CMAKE_OPTIONS += \ - -DCMAKE_POSITION_INDEPENDENT_CODE=ON \ - -DUSE_SHARED_MBEDTLS_LIBRARY:Bool=ON \ - -DENABLE_TESTING:Bool=OFF \ - -DENABLE_PROGRAMS:Bool=ON - -define Build/Prepare - $(call Build/Prepare/Default) - - $(if $(strip $(foreach opt,$(MBEDTLS_BUILD_OPTS),$($(opt)))), - $(foreach opt,$(MBEDTLS_BUILD_OPTS), - $(PKG_BUILD_DIR)/scripts/config.py \ - -f $(PKG_BUILD_DIR)/include/mbedtls/config.h \ - $(if $($(opt)),set,unset) $(patsubst CONFIG_%,%,$(opt))),) -endef - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include - $(CP) $(PKG_INSTALL_DIR)/usr/include/mbedtls $(1)/usr/include/ - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so* $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.a $(1)/usr/lib/ -endef - -define Package/libmbedtls/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/lib*.so.* $(1)/usr/lib/ -endef - -define Package/mbedtls-util/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/gen_key $(1)/usr/bin/ - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/cert_req $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,libmbedtls)) -$(eval $(call BuildPackage,mbedtls-util)) diff --git a/openwrt-23.05/patches/package/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch b/openwrt-23.05/patches/package/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch deleted file mode 100644 index c9802ea..0000000 --- a/openwrt-23.05/patches/package/mbedtls/patches/100-x509-crt-verify-SAN-iPAddress.patch +++ /dev/null @@ -1,197 +0,0 @@ -From eb9d4fdf1846e688d51d86a9a50f0312aca2af25 Mon Sep 17 00:00:00 2001 -From: Glenn Strauss -Date: Sun, 23 Oct 2022 19:48:18 -0400 -Subject: [PATCH] x509 crt verify SAN iPAddress - -Signed-off-by: Glenn Strauss ---- - include/mbedtls/x509_crt.h | 2 +- - library/x509_crt.c | 126 ++++++++++++++++++++++++++++++------- - 2 files changed, 103 insertions(+), 25 deletions(-) - ---- a/include/mbedtls/x509_crt.h -+++ b/include/mbedtls/x509_crt.h -@@ -608,7 +608,7 @@ int mbedtls_x509_crt_verify_info(char *b - * \param cn The expected Common Name. This will be checked to be - * present in the certificate's subjectAltNames extension or, - * if this extension is absent, as a CN component in its -- * Subject name. Currently only DNS names are supported. This -+ * Subject name. DNS names and IP addresses are supported. This - * may be \c NULL if the CN need not be verified. - * \param flags The address at which to store the result of the verification. - * If the verification couldn't be completed, the flag value is ---- a/library/x509_crt.c -+++ b/library/x509_crt.c -@@ -57,6 +57,10 @@ - - #if defined(MBEDTLS_HAVE_TIME) - #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) -+#define WIN32_LEAN_AND_MEAN -+#ifndef _WIN32_WINNT -+#define _WIN32_WINNT 0x0600 -+#endif - #include - #else - #include -@@ -2995,6 +2999,61 @@ find_parent: - } - } - -+#ifdef _WIN32 -+#ifdef _MSC_VER -+#pragma comment(lib, "ws2_32.lib") -+#include -+#include -+#elif (defined(__MINGW32__) || defined(__MINGW64__)) && _WIN32_WINNT >= 0x0600 -+#include -+#include -+#endif -+#elif defined(__sun) -+/* Solaris requires -lsocket -lnsl for inet_pton() */ -+#elif defined(__has_include) -+#if __has_include() -+#include -+#endif -+#if __has_include() -+#include -+#endif -+#endif -+ -+/* Use whether or not AF_INET6 is defined to indicate whether or not to use -+ * the platform inet_pton() or a local implementation (below). The local -+ * implementation may be used even in cases where the platform provides -+ * inet_pton(), e.g. when there are different includes required and/or the -+ * platform implementation requires dependencies on additional libraries. -+ * Specifically, Windows requires custom includes and additional link -+ * dependencies, and Solaris requires additional link dependencies. -+ * Also, as a coarse heuristic, use the local implementation if the compiler -+ * does not support __has_include(), or if the definition of AF_INET6 is not -+ * provided by headers included (or not) via __has_include() above. */ -+#ifndef AF_INET6 -+ -+#define x509_cn_inet_pton(cn, dst) (0) -+ -+#else -+ -+static int x509_inet_pton_ipv6(const char *src, void *dst) -+{ -+ return inet_pton(AF_INET6, src, dst) == 1 ? 0 : -1; -+} -+ -+static int x509_inet_pton_ipv4(const char *src, void *dst) -+{ -+ return inet_pton(AF_INET, src, dst) == 1 ? 0 : -1; -+} -+ -+#endif /* AF_INET6 */ -+ -+static size_t x509_cn_inet_pton(const char *cn, void *dst) -+{ -+ return strchr(cn, ':') == NULL -+ ? x509_inet_pton_ipv4(cn, dst) == 0 ? 4 : 0 -+ : x509_inet_pton_ipv6(cn, dst) == 0 ? 16 : 0; -+} -+ - /* - * Check for CN match - */ -@@ -3015,24 +3074,51 @@ static int x509_crt_check_cn(const mbedt - return -1; - } - -+static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, -+ const char *cn, size_t cn_len) -+{ -+ uint32_t ip[4]; -+ cn_len = x509_cn_inet_pton(cn, ip); -+ if (cn_len == 0) { -+ return -1; -+ } -+ -+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { -+ const unsigned char san_type = (unsigned char) cur->buf.tag & -+ MBEDTLS_ASN1_TAG_VALUE_MASK; -+ if (san_type == MBEDTLS_X509_SAN_IP_ADDRESS && -+ cur->buf.len == cn_len && memcmp(cur->buf.p, ip, cn_len) == 0) { -+ return 0; -+ } -+ } -+ -+ return -1; -+} -+ - /* - * Check for SAN match, see RFC 5280 Section 4.2.1.6 - */ --static int x509_crt_check_san(const mbedtls_x509_buf *name, -+static int x509_crt_check_san(const mbedtls_x509_sequence *san, - const char *cn, size_t cn_len) - { -- const unsigned char san_type = (unsigned char) name->tag & -- MBEDTLS_ASN1_TAG_VALUE_MASK; -- -- /* dNSName */ -- if (san_type == MBEDTLS_X509_SAN_DNS_NAME) { -- return x509_crt_check_cn(name, cn, cn_len); -+ int san_ip = 0; -+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { -+ switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { -+ case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ -+ if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { -+ return 0; -+ } -+ break; -+ case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ -+ san_ip = 1; -+ break; -+ /* (We may handle other types here later.) */ -+ default: /* Unrecognized type */ -+ break; -+ } - } - -- /* (We may handle other types here later.) */ -- -- /* Unrecognized type */ -- return -1; -+ return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1; - } - - /* -@@ -3043,31 +3129,23 @@ static void x509_crt_verify_name(const m - uint32_t *flags) - { - const mbedtls_x509_name *name; -- const mbedtls_x509_sequence *cur; - size_t cn_len = strlen(cn); - - if (crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) { -- for (cur = &crt->subject_alt_names; cur != NULL; cur = cur->next) { -- if (x509_crt_check_san(&cur->buf, cn, cn_len) == 0) { -- break; -- } -- } -- -- if (cur == NULL) { -- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -+ if (x509_crt_check_san(&crt->subject_alt_names, cn, cn_len) == 0) { -+ return; - } - } else { - for (name = &crt->subject; name != NULL; name = name->next) { - if (MBEDTLS_OID_CMP(MBEDTLS_OID_AT_CN, &name->oid) == 0 && - x509_crt_check_cn(&name->val, cn, cn_len) == 0) { -- break; -+ return; - } - } - -- if (name == NULL) { -- *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; -- } - } -+ -+ *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH; - } - - /* diff --git a/openwrt-23.05/patches/package/mbedtls/patches/101-remove-test.patch b/openwrt-23.05/patches/package/mbedtls/patches/101-remove-test.patch deleted file mode 100644 index e43f875..0000000 --- a/openwrt-23.05/patches/package/mbedtls/patches/101-remove-test.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- a/programs/CMakeLists.txt -+++ b/programs/CMakeLists.txt -@@ -1,12 +1,8 @@ - add_subdirectory(aes) --if (NOT WIN32) -- add_subdirectory(fuzz) --endif() - add_subdirectory(hash) - add_subdirectory(pkey) - add_subdirectory(psa) - add_subdirectory(random) - add_subdirectory(ssl) --add_subdirectory(test) - add_subdirectory(util) - add_subdirectory(x509) diff --git a/openwrt-23.05/patches/package/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch b/openwrt-23.05/patches/package/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch index 3633b35..4b0106d 100644 --- a/openwrt-23.05/patches/package/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch +++ b/openwrt-23.05/patches/package/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch @@ -126,7 +126,7 @@ Then run normal make or cmake etc. * library/aria.c * library/timing.c * include/mbedtls/bn_mul.h -@@ -2374,6 +2375,21 @@ +@@ -2471,6 +2472,21 @@ #define MBEDTLS_AESNI_C /** @@ -161,7 +161,7 @@ Then run normal make or cmake etc. #include "mbedtls/platform.h" #if !defined(MBEDTLS_AES_ALT) -@@ -1040,6 +1042,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_co +@@ -1076,6 +1078,11 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_co } #endif @@ -170,7 +170,7 @@ Then run normal make or cmake etc. + return mbedtls_armv8ce_aes_crypt_ecb( ctx, mode, input, output ); +#endif + - #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) + #if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) if (aes_padlock_ace) { return mbedtls_padlock_xcryptecb(ctx, mode, input, output); --- /dev/null @@ -330,7 +330,7 @@ Then run normal make or cmake etc. base64.c --- a/library/gcm.c +++ b/library/gcm.c -@@ -42,6 +42,10 @@ +@@ -43,6 +43,10 @@ #include "mbedtls/aesni.h" #endif @@ -341,7 +341,7 @@ Then run normal make or cmake etc. #if !defined(MBEDTLS_GCM_ALT) /* Parameter validation macros */ -@@ -80,6 +84,12 @@ static int gcm_gen_table(mbedtls_gcm_con +@@ -81,6 +85,12 @@ static int gcm_gen_table(mbedtls_gcm_con return ret; } @@ -354,7 +354,7 @@ Then run normal make or cmake etc. /* pack h as two 64-bits ints, big-endian */ hi = MBEDTLS_GET_UINT32_BE(h, 0); lo = MBEDTLS_GET_UINT32_BE(h, 4); -@@ -190,6 +200,11 @@ static void gcm_mult(mbedtls_gcm_context +@@ -191,6 +201,11 @@ static void gcm_mult(mbedtls_gcm_context unsigned char lo, hi, rem; uint64_t zh, zl; @@ -378,7 +378,7 @@ Then run normal make or cmake etc. blowfish.o \ --- a/library/version_features.c +++ b/library/version_features.c -@@ -624,6 +624,9 @@ static const char * const features[] = { +@@ -636,6 +636,9 @@ static const char * const features[] = { #if defined(MBEDTLS_AESNI_C) "MBEDTLS_AESNI_C", #endif /* MBEDTLS_AESNI_C */ diff --git a/openwrt-23.05/release-info.md b/openwrt-23.05/release-info.md index 7de11bc..c0c413b 100644 --- a/openwrt-23.05/release-info.md +++ b/openwrt-23.05/release-info.md @@ -1,7 +1,7 @@ -## OpenWrt 23.05 (beta) +## OpenWrt 23.05 ### General Info -- Based of openwrt 23.05.0 +- Based of openwrt 23.05.2 ### Configuration - OpenWRT 23.05 Vanilla / Kernel 5.15 @@ -17,6 +17,7 @@ - pbr latest version from https://github.com/stangri/source.openwrt.melmac.net ### Changelog +- [2023-11-15] OpenWrt 23.05.2 - [2023-10-13] Freeze to 23.05.0 - [2023-10-03] Freeze to 23.05.0-rc4 - [2023-06-28] Freeze to 23.05.0-rc2 / Update packages diff --git a/openwrt-23.05/steps/02_prepare_openwrt_folder.sh b/openwrt-23.05/steps/02_prepare_openwrt_folder.sh index b655498..0818e2c 100755 --- a/openwrt-23.05/steps/02_prepare_openwrt_folder.sh +++ b/openwrt-23.05/steps/02_prepare_openwrt_folder.sh @@ -10,9 +10,9 @@ cd "$ROOTDIR/build" cp -R openwrt-fresh-23.05 openwrt -# freeze revision to 23.05.0 +# freeze revision to 23.05.2 cd openwrt -git reset --hard bd4f415efacfc03bbe5b79ae1d39c1451f5f7385 +git reset --hard 1c26bcb10819f072964a658e2cc29bb87613a6f5 echo "Current OpenWRT commit" git log -1 diff --git a/openwrt-23.05/steps/03_patch_openwrt.sh b/openwrt-23.05/steps/03_patch_openwrt.sh index 0226b72..95c0df7 100755 --- a/openwrt-23.05/steps/03_patch_openwrt.sh +++ b/openwrt-23.05/steps/03_patch_openwrt.sh @@ -39,10 +39,8 @@ cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/target/linux/rockchip target/linu cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/r8125 package/kernel/ # enable armv8 crypto for mbedtls -#cp $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/mbedtls/patches/100-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch \ -# package/libs/mbedtls/patches/ -rm -rf package/libs/mbedtls -cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/mbedtls package/libs/ +cp $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/mbedtls/patches/200-Implements-AES-and-GCM-with-ARMv8-Crypto-Extensions.patch \ + package/libs/mbedtls/patches/ # video modules rm -rf package/kernel/linux/modules/video.mk diff --git a/openwrt-23.05/steps/04-prepare_package.sh b/openwrt-23.05/steps/04-prepare_package.sh index 6ff772d..01aa2a8 100755 --- a/openwrt-23.05/steps/04-prepare_package.sh +++ b/openwrt-23.05/steps/04-prepare_package.sh @@ -29,8 +29,8 @@ cp -R ../stangri_repo/luci-app-pbr feeds/luci/applications/ #cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/acme* feeds/packages/net/ # replace haproxy with package with fix for optimized arm compilation -rm -rf feeds/packages/net/haproxy -cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/haproxy* feeds/packages/net/ +#rm -rf feeds/packages/net/haproxy +#cp -R $ROOTDIR/openwrt-$OPENWRT_BRANCH/patches/package/haproxy* feeds/packages/net/ # replace adguardhome with prebuilt latest version rm -rf feeds/packages/net/adguardhome