From f5f6cbc9398f212d42593f2cb5be94eeb74f59d3 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Mon, 16 Dec 2024 10:43:53 +0100
Subject: [PATCH 1/7] Add customized cfgs

---
 ledger_device_sdk/Cargo.toml     | 4 ++++
 ledger_secure_sdk_sys/Cargo.toml | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/ledger_device_sdk/Cargo.toml b/ledger_device_sdk/Cargo.toml
index 52e9d0d..2ba8c97 100644
--- a/ledger_device_sdk/Cargo.toml
+++ b/ledger_device_sdk/Cargo.toml
@@ -30,3 +30,7 @@ ccid = []
 heap = [ "ledger_secure_sdk_sys/heap" ]
 
 default = [ "heap" ]
+
+[lints.rust.unexpected_cfgs]
+level = "warn" 
+check-cfg = ['cfg(target_os, values("stax", "flex", "nanos", "nanox", "nanosplus"))']
diff --git a/ledger_secure_sdk_sys/Cargo.toml b/ledger_secure_sdk_sys/Cargo.toml
index f9bf21c..690cd69 100644
--- a/ledger_secure_sdk_sys/Cargo.toml
+++ b/ledger_secure_sdk_sys/Cargo.toml
@@ -18,3 +18,7 @@ critical-section = { version = "1.1.2", optional = true }
 
 [features]
 heap = ["dep:embedded-alloc", "dep:critical-section"]
+
+[lints.rust.unexpected_cfgs]
+level = "warn"
+check-cfg = ['cfg(target_os, values("stax", "flex", "nanos", "nanox", "nanosplus"))']
\ No newline at end of file

From 69c011a9c1f564a4a7bee4afb933aed16bab9121 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 12:03:34 +0100
Subject: [PATCH 2/7] Disallow references to static mut

---
 ledger_device_sdk/src/nbgl.rs                 |  2 +-
 .../src/nbgl/nbgl_home_and_settings.rs        | 12 +++----
 ledger_device_sdk/src/seph.rs                 | 36 ++++++++++---------
 ledger_secure_sdk_sys/Cargo.toml              |  1 +
 ledger_secure_sdk_sys/src/lib.rs              |  2 +-
 5 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/ledger_device_sdk/src/nbgl.rs b/ledger_device_sdk/src/nbgl.rs
index 4445170..85bc461 100644
--- a/ledger_device_sdk/src/nbgl.rs
+++ b/ledger_device_sdk/src/nbgl.rs
@@ -79,7 +79,7 @@ trait SyncNBGL: Sized {
 
     fn ux_sync_wait(&self, exit_on_apdu: bool) -> SyncNbgl {
         unsafe {
-            if let Some(comm) = COMM_REF.as_mut() {
+            if let Some(comm) = (*(&raw mut COMM_REF)).as_mut() {
                 while !G_ENDED {
                     let apdu_received = comm.next_event_ahead::<ApduHeader>();
                     if exit_on_apdu && apdu_received {
diff --git a/ledger_device_sdk/src/nbgl/nbgl_home_and_settings.rs b/ledger_device_sdk/src/nbgl/nbgl_home_and_settings.rs
index 623217f..af9eb71 100644
--- a/ledger_device_sdk/src/nbgl/nbgl_home_and_settings.rs
+++ b/ledger_device_sdk/src/nbgl/nbgl_home_and_settings.rs
@@ -20,7 +20,7 @@ unsafe extern "C" fn settings_callback(token: c_int, _index: u8, _page: c_int) {
         _ => panic!("Invalid state."),
     }
 
-    if let Some(data) = NVM_REF.as_mut() {
+    if let Some(data) = (*(&raw mut NVM_REF)).as_mut() {
         let mut switch_values: [u8; SETTINGS_SIZE] = *data.get_ref();
         if switch_values[setting_idx] == OFF_STATE {
             switch_values[setting_idx] = ON_STATE;
@@ -166,7 +166,7 @@ impl<'a> NbglHomeAndSettings {
                 for (i, setting) in self.setting_contents.iter().enumerate() {
                     SWITCH_ARRAY[i].text = setting[0].as_ptr();
                     SWITCH_ARRAY[i].subText = setting[1].as_ptr();
-                    let state = if let Some(data) = NVM_REF.as_mut() {
+                    let state = if let Some(data) = (*(&raw mut NVM_REF)).as_mut() {
                         data.get_ref()[i]
                     } else {
                         OFF_STATE
@@ -179,7 +179,7 @@ impl<'a> NbglHomeAndSettings {
                 self.content = nbgl_content_t {
                     content: nbgl_content_u {
                         switchesList: nbgl_pageSwitchesList_s {
-                            switches: &SWITCH_ARRAY as *const nbgl_contentSwitch_t,
+                            switches: &raw const SWITCH_ARRAY as *const nbgl_contentSwitch_t,
                             nbSwitches: self.nb_settings,
                         },
                     },
@@ -211,7 +211,7 @@ impl<'a> NbglHomeAndSettings {
                 );
                 match self.ux_sync_wait(true) {
                     SyncNbgl::UxSyncRetApduReceived => {
-                        if let Some(comm) = COMM_REF.as_mut() {
+                        if let Some(comm) = (*(&raw mut COMM_REF)).as_mut() {
                             if let Some(value) = comm.check_event() {
                                 return value;
                             }
@@ -250,7 +250,7 @@ impl<'a> NbglHomeAndSettings {
             for (i, setting) in self.setting_contents.iter().enumerate() {
                 SWITCH_ARRAY[i].text = setting[0].as_ptr();
                 SWITCH_ARRAY[i].subText = setting[1].as_ptr();
-                let state = if let Some(data) = NVM_REF.as_mut() {
+                let state = if let Some(data) = (*(&raw mut NVM_REF)).as_mut() {
                     data.get_ref()[i]
                 } else {
                     OFF_STATE
@@ -263,7 +263,7 @@ impl<'a> NbglHomeAndSettings {
             self.content = nbgl_content_t {
                 content: nbgl_content_u {
                     switchesList: nbgl_pageSwitchesList_s {
-                        switches: &SWITCH_ARRAY as *const nbgl_contentSwitch_t,
+                        switches: &raw const SWITCH_ARRAY as *const nbgl_contentSwitch_t,
                         nbSwitches: self.nb_settings,
                     },
                 },
diff --git a/ledger_device_sdk/src/seph.rs b/ledger_device_sdk/src/seph.rs
index 666776c..fe6258c 100644
--- a/ledger_device_sdk/src/seph.rs
+++ b/ledger_device_sdk/src/seph.rs
@@ -112,8 +112,8 @@ pub fn handle_usb_event(event: u8) {
     match Events::from(event) {
         Events::USBEventReset => {
             unsafe {
-                USBD_LL_SetSpeed(&mut USBD_Device, 1 /*USBD_SPEED_FULL*/);
-                USBD_LL_Reset(&mut USBD_Device);
+                USBD_LL_SetSpeed(&raw mut USBD_Device, 1 /*USBD_SPEED_FULL*/);
+                USBD_LL_Reset(&raw mut USBD_Device);
 
                 if G_io_app.apdu_media != IO_APDU_MEDIA_NONE {
                     return;
@@ -124,13 +124,13 @@ pub fn handle_usb_event(event: u8) {
             }
         }
         Events::USBEventSOF => unsafe {
-            USBD_LL_SOF(&mut USBD_Device);
+            USBD_LL_SOF(&raw mut USBD_Device);
         },
         Events::USBEventSuspend => unsafe {
-            USBD_LL_Suspend(&mut USBD_Device);
+            USBD_LL_Suspend(&raw mut USBD_Device);
         },
         Events::USBEventResume => unsafe {
-            USBD_LL_Resume(&mut USBD_Device);
+            USBD_LL_Resume(&raw mut USBD_Device);
         },
         _ => (),
     }
@@ -140,13 +140,13 @@ pub fn handle_usb_ep_xfer_event(apdu_buffer: &mut [u8], buffer: &[u8]) {
     let endpoint = buffer[3] & 0x7f;
     match UsbEp::from(buffer[4]) {
         UsbEp::USBEpXFERSetup => unsafe {
-            USBD_LL_SetupStage(&mut USBD_Device, &buffer[6]);
+            USBD_LL_SetupStage(&raw mut USBD_Device, &buffer[6]);
         },
         UsbEp::USBEpXFERIn => {
             if (endpoint as u32) < IO_USB_MAX_ENDPOINTS {
                 unsafe {
                     G_io_app.usb_ep_timeouts[endpoint as usize].timeout = 0;
-                    USBD_LL_DataInStage(&mut USBD_Device, endpoint, &buffer[6]);
+                    USBD_LL_DataInStage(&raw mut USBD_Device, endpoint, &buffer[6]);
                 }
             }
         }
@@ -158,7 +158,7 @@ pub fn handle_usb_ep_xfer_event(apdu_buffer: &mut [u8], buffer: &[u8]) {
                         buf: apdu_buffer.as_mut_ptr(),
                         len: 260,
                     };
-                    USBD_LL_DataOutStage(&mut USBD_Device, endpoint, &buffer[6], &mut apdu_buf);
+                    USBD_LL_DataOutStage(&raw mut USBD_Device, endpoint, &buffer[6], &mut apdu_buf);
                 }
             }
         }
@@ -167,19 +167,21 @@ pub fn handle_usb_ep_xfer_event(apdu_buffer: &mut [u8], buffer: &[u8]) {
 }
 
 pub fn handle_capdu_event(apdu_buffer: &mut [u8], buffer: &[u8]) {
-    let io_app = unsafe { &mut G_io_app };
-    if io_app.apdu_state == APDU_IDLE {
-        let max = (apdu_buffer.len() - 3).min(buffer.len() - 3);
-        let size = u16::from_be_bytes([buffer[1], buffer[2]]) as usize;
+    let io_app = &raw mut G_io_app;
+    unsafe {
+        if (*io_app).apdu_state == APDU_IDLE {
+            let max = (apdu_buffer.len() - 3).min(buffer.len() - 3);
+            let size = u16::from_be_bytes([buffer[1], buffer[2]]) as usize;
 
-        io_app.apdu_media = IO_APDU_MEDIA_RAW;
-        io_app.apdu_state = APDU_RAW;
+            (*io_app).apdu_media = IO_APDU_MEDIA_RAW;
+            (*io_app).apdu_state = APDU_RAW;
 
-        let len = size.min(max);
+            let len = size.min(max);
 
-        io_app.apdu_length = len as u16;
+            (*io_app).apdu_length = len as u16;
 
-        apdu_buffer[..len].copy_from_slice(&buffer[3..len + 3]);
+            apdu_buffer[..len].copy_from_slice(&buffer[3..len + 3]);
+        }
     }
 }
 
diff --git a/ledger_secure_sdk_sys/Cargo.toml b/ledger_secure_sdk_sys/Cargo.toml
index 690cd69..ff5aefc 100644
--- a/ledger_secure_sdk_sys/Cargo.toml
+++ b/ledger_secure_sdk_sys/Cargo.toml
@@ -18,6 +18,7 @@ critical-section = { version = "1.1.2", optional = true }
 
 [features]
 heap = ["dep:embedded-alloc", "dep:critical-section"]
+ccid = []
 
 [lints.rust.unexpected_cfgs]
 level = "warn"
diff --git a/ledger_secure_sdk_sys/src/lib.rs b/ledger_secure_sdk_sys/src/lib.rs
index 3039f88..e05c3e8 100644
--- a/ledger_secure_sdk_sys/src/lib.rs
+++ b/ledger_secure_sdk_sys/src/lib.rs
@@ -65,7 +65,7 @@ unsafe impl critical_section::Impl for CriticalSection {
 extern "C" fn heap_init() {
     // HEAP_SIZE comes from heap_size.rs, which is defined via env var and build.rs
     static mut HEAP_MEM: [MaybeUninit<u8>; HEAP_SIZE] = [MaybeUninit::uninit(); HEAP_SIZE];
-    unsafe { HEAP.init(HEAP_MEM.as_ptr() as usize, HEAP_SIZE) }
+    unsafe { HEAP.init(&raw mut HEAP_MEM as usize, HEAP_SIZE) }
 }
 
 #[no_mangle]

From 857c6d3d067b1bc4131236c86059ae4571d73cdb Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 14:54:58 +0100
Subject: [PATCH 3/7] Update API_LEVEL when cloning C SDK locally

---
 ledger_secure_sdk_sys/build.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ledger_secure_sdk_sys/build.rs b/ledger_secure_sdk_sys/build.rs
index 47c5cf0..c7393a7 100644
--- a/ledger_secure_sdk_sys/build.rs
+++ b/ledger_secure_sdk_sys/build.rs
@@ -216,19 +216,19 @@ fn clone_sdk(device: &Device) -> PathBuf {
         ),
         Device::NanoX => (
             Path::new("https://github.com/LedgerHQ/ledger-secure-sdk"),
-            "API_LEVEL_5",
+            "API_LEVEL_22",
         ),
         Device::NanoSPlus => (
             Path::new("https://github.com/LedgerHQ/ledger-secure-sdk"),
-            "API_LEVEL_5",
+            "API_LEVEL_22",
         ),
         Device::Stax => (
             Path::new("https://github.com/LedgerHQ/ledger-secure-sdk"),
-            "API_LEVEL_21",
+            "API_LEVEL_22",
         ),
         Device::Flex => (
             Path::new("https://github.com/LedgerHQ/ledger-secure-sdk"),
-            "API_LEVEL_21",
+            "API_LEVEL_22",
         ),
     };
 

From 8ae0f4d556788b8da3431051aeb2bd57e74e12d2 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 14:56:58 +0100
Subject: [PATCH 4/7] Remove workaround for managing both API_LEVEL_5 and
 API_LEVEL > 5

---
 ledger_secure_sdk_sys/build.rs | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/ledger_secure_sdk_sys/build.rs b/ledger_secure_sdk_sys/build.rs
index c7393a7..b2f2eb6 100644
--- a/ledger_secure_sdk_sys/build.rs
+++ b/ledger_secure_sdk_sys/build.rs
@@ -408,13 +408,6 @@ impl SDKBuilder {
             // Let cc::Build determine CC from the environment variable
         }
 
-        // Test if the file  lib_cxng/src/cx_exported_functions.c exists
-        // If it does, add it to the list of files to compile
-        let cxng_src = self.bolos_sdk.join("lib_cxng/src/cx_exported_functions.c");
-        if cxng_src.exists() {
-            command.file(cxng_src);
-        }
-
         command
             .files(&AUX_C_FILES)
             .files(str2path(&self.bolos_sdk, &SDK_C_FILES))

From 467b4903f3b7b59ddcf50686b5738b6b92a9bb54 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 17:11:38 +0100
Subject: [PATCH 5/7] Add Near app

---
 .github/workflows/build_all_apps.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build_all_apps.yml b/.github/workflows/build_all_apps.yml
index a03f14d..c9f50f6 100644
--- a/.github/workflows/build_all_apps.yml
+++ b/.github/workflows/build_all_apps.yml
@@ -29,6 +29,8 @@ jobs:
                       branch: 'develop'
                     - repo: 'app-boilerplate-rust'
                       branch: 'main'
+                    - repo: 'app-near'
+                      branch: 'y333_241015/add_swap_support'
 
         runs-on: ubuntu-latest
         container:

From 42666d11480b2c745fc1bad37160cc1e92c8b324 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 17:18:33 +0100
Subject: [PATCH 6/7] Fix Near app branch: use develop

---
 .github/workflows/build_all_apps.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build_all_apps.yml b/.github/workflows/build_all_apps.yml
index c9f50f6..6307356 100644
--- a/.github/workflows/build_all_apps.yml
+++ b/.github/workflows/build_all_apps.yml
@@ -30,7 +30,7 @@ jobs:
                     - repo: 'app-boilerplate-rust'
                       branch: 'main'
                     - repo: 'app-near'
-                      branch: 'y333_241015/add_swap_support'
+                      branch: 'develop'
 
         runs-on: ubuntu-latest
         container:

From 5e7bd184e437c5fd85880588f6fa8c07f68d90f0 Mon Sep 17 00:00:00 2001
From: GroM <jerome.caporossi@ledger.fr>
Date: Tue, 17 Dec 2024 17:20:40 +0100
Subject: [PATCH 7/7] Bump versions

---
 Cargo.lock                       | 6 +++---
 ledger_device_sdk/Cargo.toml     | 4 ++--
 ledger_secure_sdk_sys/Cargo.toml | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f71651f..ecf9d80 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "adler"
@@ -474,7 +474,7 @@ checksum = "03087c2bad5e1034e8cace5926dec053fb3790248370865f5117a7d0213354c8"
 
 [[package]]
 name = "ledger_device_sdk"
-version = "1.19.0"
+version = "1.19.1"
 dependencies = [
  "const-zero",
  "include_gif",
@@ -489,7 +489,7 @@ dependencies = [
 
 [[package]]
 name = "ledger_secure_sdk_sys"
-version = "1.6.0"
+version = "1.6.1"
 dependencies = [
  "bindgen",
  "cc",
diff --git a/ledger_device_sdk/Cargo.toml b/ledger_device_sdk/Cargo.toml
index 2ba8c97..afe8fef 100644
--- a/ledger_device_sdk/Cargo.toml
+++ b/ledger_device_sdk/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ledger_device_sdk"
-version = "1.19.0"
+version = "1.19.1"
 authors = ["yhql", "yogh333", "agrojean-ledger", "kingofpayne"]
 edition = "2021"
 license.workspace = true
@@ -21,7 +21,7 @@ rand_core = { version = "0.6.3", default-features = false }
 zeroize = { version = "1.6.0", default-features = false }
 numtoa = "0.2.4"
 const-zero = "0.1.1"
-ledger_secure_sdk_sys = { path = "../ledger_secure_sdk_sys", version = "1.6.0" }
+ledger_secure_sdk_sys = { path = "../ledger_secure_sdk_sys", version = "1.6.1" }
 
 [features]
 debug = []
diff --git a/ledger_secure_sdk_sys/Cargo.toml b/ledger_secure_sdk_sys/Cargo.toml
index ff5aefc..378e37a 100644
--- a/ledger_secure_sdk_sys/Cargo.toml
+++ b/ledger_secure_sdk_sys/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "ledger_secure_sdk_sys"
-version = "1.6.0"
+version = "1.6.1"
 authors = ["yhql", "agrojean-ledger", "yogh333"]
 edition = "2021"
 license.workspace = true