7df188543e26 libfstools: enable f2fs overlay compression formatting
16718b6e3c0f libfstools: mount f2fs overlay with zstd compression
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 417df7debf)
1bf2d490484e libfstools: make get_var_from_file() reusable
0b6022439cad mount_root: add kernel parameter to specify the overlay storage name
e600d842ce81 mount_root: add kernel parameter to specify the overlay fileystem type
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 920a382cb6)
he_phy_cap and he_mac_cap in phy_capabilities are only populated inside
the iftype_data loop. On 6GHz-only radios (e.g. QCN9074/ath11k_pci),
when capability bytes are unavailable they remain null, causing null
dereferences in device_htmode_append():
Reference error: left-hand side expression is null
if (!(he_phy_cap[3] & 0x80))
Initialise both to [] before the loop and guard the consumer side with
?? [] so bitwise checks conservatively disable beamformer/beamformee/twt
features rather than crashing.
Link: https://github.com/openwrt/openwrt/issues/23488
Signed-off-by: dastarothx <darkastalier@gmail.com>
(cherry picked from commit feca0b4507b9175b95a59701462d550eb0b855c0)
Link: https://github.com/openwrt/openwrt/pull/23503
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Add a label to the spi node to allow device trees to reference it
(i.e. to mark status = "okay").
Signed-off-by: Dirk Buchwalder <buchwalder@posteo.de>
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 133e01b95e)
Link: https://github.com/openwrt/openwrt/pull/22294
Signed-off-by: Robert Marko <robimarko@gmail.com>
For the backport to U-boot 2025.10, the ethernet driver
(airoha_eth) supports an7581 however it is not declared
in the dtsi. Add the ethernet node for the built in
airoha ethernet controller.
Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me>
Link: https://github.com/openwrt/openwrt/pull/22294
Signed-off-by: Robert Marko <robimarko@gmail.com>
The vendor firmware checks for a bmt header in the last 528 erase blocks
of flash. The OpenWrt partition table did not respect that requirement,
and therefore the vendor and openwrt chainloader fight over those blocks
on every boot, potentially corrupting data stored in UBI blocks there.
This commit increases the size of the reserved_bmt partition to avoid
that fight.
Although the vendor bootloader only seems to touch the final 250 erase
blocks[1], the original vendor firmware system partition ended at
0x1be00000[2], so to be conservative, the consensus is to use that as
the end of mtd2 (ubi) partition and leave the last 528 blocks for mtd3
(reserved_bmt).
From https://openwrt.org/toh/gemtek/mxf-w1700k:
[1] OEM bootlog: [ 5.324337] bmt pool size: 250
[2] OEM bootlog: [ 5.478927] 0x000008600000-0x00001be00000 : "system"
For the backport to OpenWrt 25.12, the device support has not yet been
committed, so revising the compat_version in this commit is not needed;
and instead will be handled by revising the pending device support
commit.
Reported-by: Loïc Yhuel <loic.yhuel@gmail.com>
Signed-off-by: Russell Senior <russell@personaltelco.net>
Link: https://github.com/openwrt/openwrt/pull/23061
(cherry picked from commit ee771d3dd0)
Link: https://github.com/openwrt/openwrt/pull/22294
Signed-off-by: Robert Marko <robimarko@gmail.com>
Due to issues surrounding the implementation of the vendor BMT/BBT
on Airoha, upstream ATF + uboot has switched to UBI flash partitions.
However, some devices shipped on this platform are bootloader locked,
and thus it is impossible to replace ATF + uboot.
During testing for the Gemtek W1700K (#17869), sysupgrades from Linux
(which is unaware of the underlying BMT/BBT) would occasionally write
data into blocks which were remapped by the vendor uboot when it was
read on the following reboot, causing a soft brick.
An acceptable workaround [1],[2] was discussed where an intermediate
uboot would be written by the vendor uboot (which is aware of Airoha
BMT/BBT). This chainloader would then ignore the regions of flash
used by the vendor uboot, and store all relevant data inside of UBI.
UBI would then be used to handle bad block management. As the vendor
ATF + uboot do not read or interact with the UBI region, we would avoid
unwanted remaps from BMT/BBT.
This commit introduces support for building such a chainloader, by
packaging u-boot and DTS into a FIT image; to be flashed like a kernel.
Configuration for the Gemtek W1700K is provided as an example of how the
chainloader is used.
[1] https://github.com/openwrt/openwrt/pull/17869#discussion_r2836066746
[2] https://github.com/openwrt/openwrt/pull/17869#discussion_r2838395671
Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me>
[ move FIP_COMPRESS to Build/Compile, wrap some long lines ]
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 442e67d31f)
Link: https://github.com/openwrt/openwrt/pull/22294
Signed-off-by: Robert Marko <robimarko@gmail.com>
It is more accurate to describe the contents of the FIP as
compressed, instead of the FIP itself becoming compressed.
Update variable naming accordingly.
Signed-off-by: Kenneth Kasilag <kenneth@kasilag.me>
Link: https://github.com/openwrt/openwrt/pull/22151
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 97035a5e7f)
Link: https://github.com/openwrt/openwrt/pull/22294
Signed-off-by: Robert Marko <robimarko@gmail.com>
This contains many fixes from upstream Linux.
The code block from this patch was moved a bit in the function:
subsys/110-mac80211_keep_keys_on_stop_ap.patch
This patch was applied upstream:
subsys/330-mac80211-fix-crash-in-ieee80211_chan_bw_change-for-A.patch
Link: https://github.com/openwrt/openwrt/pull/23167
(cherry picked from commit bcaa6a8367)
Link: https://github.com/openwrt/openwrt/pull/23209
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000h-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
(cherry picked from commit eb6dd61a8d)
Link: https://github.com/openwrt/openwrt/pull/22625
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000e-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
(cherry picked from commit cfc17e81e1)
Link: https://github.com/openwrt/openwrt/pull/22625
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000s-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
(cherry picked from commit b7b4938303)
Link: https://github.com/openwrt/openwrt/pull/22625
Signed-off-by: Robert Marko <robimarko@gmail.com>
This allows us to use the full size of nand,
which extends ubi size from 64Mb to 122.25Mb.
1. Log in to the device and backup all the partitions,
especially unique "Factory" and "bdata" partitions
from System -> Backup / Flash Firmware -> Save mtdblock contents.
2. Install kmod-mtd-rw to unlock mtd partitions for writing
apk update && apk add kmod-mtd-rw && insmod mtd-rw i_want_a_brick=1
3. Write new OpenWrt (U-Boot Layout) "BL2" and "FIP":
mtd -e BL2 write openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-preloader.bin BL2
mtd -e FIP write openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-bl31-uboot.fip FIP
4. Set static IP on your PC: "192.168.1.254", gateway "192.168.1.1"
5. Serve openwrt-mediatek-filogic-cudy_wr3000p-v1-ubootmod-initramfs-recovery.itb
using TFTP server.
6. Connect Router LAN with PC LAN.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt initramfs recovery has booted,
clean "/dev/mtd5" ubi partition to utilize maximum of free space:
ubidetach -p /dev/mtd5; ubiformat /dev/mtd5 -y; ubiattach -p /dev/mtd5
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Perform sysupgrade.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
(cherry picked from commit 6b3b7c7dc1)
Link: https://github.com/openwrt/openwrt/pull/22625
Signed-off-by: Robert Marko <robimarko@gmail.com>
Since there are some similar devices from Cudy (only WR3000P now)
this will allow to create OpenWrt U-Boot layout for all of them
using same DDR4 target.
Signed-off-by: Dmitry Mostovoy <stavultras@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21943
(cherry picked from commit 1bf57600cf)
Link: https://github.com/openwrt/openwrt/pull/22625
Signed-off-by: Robert Marko <robimarko@gmail.com>
rebuilding x86 did fail in an existing build directory
mkdir fails if the folder exists already
Signed-off-by: Sander Schutten <schutten@hotmail.com>
Signed-off-by: Florian Maurer <fmaurer@disroot.org>
(cherry picked from commit 472c325fb8)
The ucode migration wrote "basic_rate" into the wpa_supplicant network
block, but that is not a valid wpa_supplicant network field, causing:
Line 15: unknown network field 'basic_rate'.
failed to parse network block.
Map UCI basic_rate to the correct wpa_supplicant fields, matching the
behavior of the legacy shell script (hostapd.sh):
- mesh mode: mesh_basic_rates (space-separated, 100 kb/s units)
- sta/adhoc: rates (comma-separated Mbps)
Link: a854d833ea
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
[fix commit message link]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 8810ecd5ed)
Debian changelog:
* Update Mozilla certificate authority bundle to version 2.82
The following certificate authorities were added (+):
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
+ SwissSign RSA TLS Root CA 2022 - 1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
The following certificate authorities were removed (-):
- GlobalSign Root CA
- Entrust.net Premium 2048 Secure Server CA
- Baltimore CyberTrust Root (closes: #1121936)
- Comodo AAA Services root
- XRamp Global CA Root
- Go Daddy Class 2 CA
- Starfield Class 2 CA
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
* Use dh_usrlocal to create /usr/local/share/ca-certificates
(closes: #1127100)
Signed-off-by: Fengyu Wu <saldry@proton.me>
Link: https://github.com/openwrt/openwrt/pull/23155
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 403c52db37)
Changes:
update regulatory database based on preceding
Update regulatory rules for India (IN) on 6GHz
Replace M2Crypto with cryptography package
Fix regulatory.bin signing with new
Signed-off-by: xiao bo <peterwillcn@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/23101
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce7bc7ac22)
Specification:
The device is similar to the M30 but has only one LAN port and no WAN port.
- MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
- 512MB RAM
- 128MB NAND flash with two UBI partitions with identical size
- 1 multi color LED (red, green, blue, white) connected via GCA230718
- 2 buttons (WPS, reset, LED)
- 1 1Gbit LAN port
Disassembly:
- There are two screws at the power connector which must be removed. Afterwards the top case can be removed (it is clipped on, so some tools are required).
Serial Interface:
- The serial interface can be connected to the 4 pin holes on the board. Do NOT connect VCC.
- The pins are labelled on the PCB (RX, TX, GND)
- Settings: 115200, 8N1
MAC addresses:
- LAN MAC is stored in partition "Odm" at offset 0x8f
- WLAN MAC (2.4 GHz and 5GHz) is LAN MAC + 1
Reverting back to OEM firmware:
- There is currently no easy way to revert back to the OEM image
- The methods from M30 and M60 doesn't seem to work anymore
- If you plan to revert back to OEM firmware later, do the following steps before flashing OpenWrt:
- Boot from initramfs as described in "Flashing via U-Boot" but don't flash anything
- Instead, make a backup of UBI and UBI1 partition
- The created dumps must be written to the initial partitions to revert back to OEM
Flashing via Recovery Web Interface:
- Set your IP address to 192.168.200.10, subnetmask 255.255.255.0
- Press the reset button while powering on the device
- Keep the reset button pressed until the LED blinks red
- Open a Chromium based and goto http://192.168.200.50/ (recovery web interface)
- Download openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-squashfs-recovery.bin
- Note: The recovery web interface always reports successful flashing, even if it fails
- After flashing, the recovery web interface will try to forward the browser to 192.168.0.1 (can be ignored)
- If flashing was successful, OpenWrt is accessible via 192.168.1.1
- The recovery image boots an initramfs image, flash the sys upgrade image to get to „normal“ OpenWrt mode
Flashing via U-Boot:
- Open the case, connect to the UART console
- Set your IP address to 192.168.200.2, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-initramfs-kernel.bin
- Supply the board with 12V
- Select "7. Load image" in the U-Boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Perform a sysupgrade using openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Flashing via OEM web interface is not possible, as it will change the active partition and OpenWrt is only running on the first UBI partition.
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22776
(cherry picked from commit 145bc7e52f)
Link: https://github.com/openwrt/openwrt/pull/22958
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
EDUP EP-RT2983 comes with a factory installed version of OpenWrt 23.05
with device name "netis,n6".
Specification
--------------
- SoC : MediaTek MT7621AT, MIPS, 880 MHz
- RAM : 256 MiB
- Flash : NAND 128 MiB (Toshiba)
- WLAN : MT7905DAN + MT7975DN
- 2.4 GHz : b/g/n/ax, 574 Mbps, MIMO 2x2
- 5 GHz : a/n/ac/ax, 1201 Mbps, MIMO 2x2
- Ethernet : 10/100/1000 Mbps x4 (1x WAN, 3x LAN)
- UART : 3.3V, 115200n8
- Buttons : 1x Reset
1x WPS
- LEDs : 1x Power (green)
1x WiFi (green)
1x Mesh/WPS (green); flashing green during boot
3x LAN (green)
1x WAN (green); flashing red during upgrade and failsafe
- Power : 12 VDC 1A
Installation
-------------
1. Log in to LuCI
2. Go to System, Backup / Flash Firmware
3. If desired, backup the current system by saving (all) the mtdblock
contents.
4. Flash new firmware image, select Flash image.
5. Browse and select the sysupgrade file
"openwrt-*-ramips-mt7621-edup_ep-rt2983-squashfs-sysupgrade.bin"
and then Upload.
6. Unselect "Keep settings and retain the current configuration"
Note: All settings will be reset to default. WiFi is not enabled by
default so a connection via Ethernet is necessary to log in and set up.
7. Allow "Force upgrade" (tick the box if there is one), or press Continue
if there is no box to tick. This is because the name is now
"edup,ep-rt2983" as it should have been from the start.
8. Proceed to flash. Wait for reboot and keep power connected.
9. After reboot, default address to access LuCI is 192.168.1.1 with
no password
Recovery (UART)
----------------
1. Remove the 4 screws on the bottom and pry open the cover.
2. Connect serial adapter to the unpopulated serial header pins
TX, RX, GND near the WPS button. Do not connect VCC.
3. Start serial terminal (e.g. minicom, screen, etc) on the computer and
turn on the router.
4. As prompted, hit any key to stop autoboot.
5. Enter 2 to select "2. Upgrade firmware"
6. Enter 0 to select "0 - TFTP client (Default)"
7. Accept the defaults by pressing Enter for
"Input U-Boot's IP address: 192.168.1.1",
"TFTP server's IP address: 192.168.1.2",
"Input IP netmask: 255.255.255.0"
8. Assign your PC's Ethernet port a static IP 192.168.1.2 with netmask
255.255.255.0 and connect to a LAN port on the router using the
Ethernet cable. Disconnect all other network connections (e.g. WiFi) on
the computer.
9. Serve the factory image
"openwrt-*-ramips-mt7621-edup_ep-rt2983-squashfs-factory.bin" using
a TFTP server, e.g. tftpd64. For convenience, the filename can be renamed
to something shorter.
10. In the serial terminal, when prompted "Input file name:", enter the
filename from the previous step and press Enter.
11. The factory image will be flashed as indicated. Wait for reboot.
MAC addresses prototype
------------------------
+---------+---------------------+
| | MAC example |
+---------+---------------------+
| LAN | CC:D8:1F:47:xx:yy |
| WAN | CC:D8:1F:47:xx:yy+1 |
| WLAN 2G | CC:D8:1F:17:xx:yy+2 |
| WLAN 5G | CC:D8:1F:77:xx:yy+2 |
+---------+---------------------+
Signed-off-by: Ryan Leung <untilscour@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/22197
(cherry picked from commit 6a8f9fa54d)
Link: https://github.com/openwrt/openwrt/pull/22906
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The sama5d4_xplained_nandflash target incorrectly references microchip_sama5d3-xplained as its BUILD_DEVICES value.
This appears to be a copy-paste error, as all other SAMA5D4 Xplained targets (e.g. mmc and spiflash) correctly use microchip_sama5d4-xplained. The target name itself also clearly refers to the SAMA5D4 platform.
In addition, the SAMA5D3 Xplained and SAMA5D4 Xplained boards use different NAND flash hardware and configurations, so pointing the nandflash target to a SAMA5D3 device is incorrect and may lead to invalid builds or runtime issues.
Fix the inconsistency by updating BUILD_DEVICES to microchip_sama5d4-xplained, aligning the nandflash target with the rest of the SAMA5D4 definitions and ensuring the correct device mapping.
Signed-off-by: Cerrone Diamant <cerrone@tutamail.com>
Link: https://github.com/openwrt/openwrt/pull/23022
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 39f528e440)
Add patches to fix build failures on musl-based toolchains:
0002-xdpsock-fix-struct-ethhdr-redefinition-on-musl.patch:
xdpsock.c included <net/ethernet.h> and <netinet/ether.h> alongside
<linux/if_ether.h>, triggering a struct ethhdr redefinition on musl.
Replace BSD-style ether_header/ether_addr with struct ethhdr and drop
the conflicting includes.
0003-build-use-gnu2x-to-avoid-stdbool.h-dependency.patch:
Switch CFLAGS and BPF_CFLAGS from -std=gnu11 to -std=gnu2x. In C23,
bool is a native keyword, fixing "stdbool.h: No such file or directory"
errors with a clang lacking its resource directory (e.g. llvm-bpf built
with LLVM_INSTALL_TOOLCHAIN_ONLY=ON on musl targets).
Link: https://github.com/openwrt/openwrt/pull/22983
(cherry picked from commit d16758d2d3)
Link: https://github.com/openwrt/openwrt/pull/23015
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add a patch that avoids including <stddef.h> in BPF headers, fixing
build failures on OpenWrt toolchains where the header is unavailable:
In file included from xdpfilt_dny_udp.c:10:
In file included from ./xdpfilt_prog.h:24:
../lib/../headers/xdp/parsing_helpers.h:18:10: fatal error: 'stddef.h' file not found
18 | #include <stddef.h>
| ^~~~~~~~~~
1 error generated.
make[5]: *** [../lib/common.mk:111: xdpfilt_dny_udp.o] Error 1
make[4]: *** [Makefile:40: xdp-filter] Error 2
Link: https://github.com/openwrt/openwrt/pull/21972
(cherry picked from commit c752525511)
Link: https://github.com/openwrt/openwrt/pull/23015
Signed-off-by: Nick Hainke <vincent@systemli.org>
This device has a redundant configuration. Important when writing to it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22882
Signed-off-by: Robert Marko <robimarko@gmail.com>
The check of files from packages was only checking opkg files.
Check for apk as well and fail if both are missing.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17847
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 37c5aade23)
The list of files excluded from backup was outdated.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17847
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2c146f29e8)
Without this, max_oper_chwidth is set incorrectly,
thus ibss_mesh_select_80_160mhz fails to set the correct channel width
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22644
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6abfd98c4e)
This release incorporates the following bug fixes and mitigations:
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
No need refresh patches
Signed-off-by: Jack Sun <sunjiazheng321521@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22847
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 62ea6aad47)
This version fixes some security problems:
* Client impersonation while resuming a TLS 1.3 session
(CVE-2026-34873)
* Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)
* PSA random generator cloning (CVE-2026-25835)
* Compiler-induced constant-time violations (CVE-2025-66442)
* Null pointer dereference when setting a distinguished name
(CVE-2026-34874)
* Buffer overflow in FFDH public key export (CVE-2026-34875)
* FFDH: lack of contributory behaviour due to improper input validation
(CVE-2026-34872)
* Signature Algorithm Injection (CVE-2026-25834)
* CCM multipart finish tag-length validation bypass (CVE-2026-34876)
* Risk of insufficient protection of serialized session or context data
leading to potential memory safety issues (CVE-2026-34877)
* Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6
Size increases by 470 bytes on aarch64:
343995 bin/packages/aarch64_generic/base/libmbedtls21-3.6.5-r1.apk
344465 bin/packages/aarch64_generic/base/libmbedtls21-3.6.6-r1.apk
Link: https://github.com/openwrt/openwrt/pull/22787
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f48ef0040b)
The ucode path generates different erp_domain and fils_cache_id
values than the legacy shell path due to three mismatches:
1. erp_domain md5 input missing trailing newline (echo adds \n)
2. erp_domain output truncated to 4 chars instead of 8 (shell
uses head -c 8)
3. fils_cache_id md5 input missing trailing newline
4. erp_domain missing fallback to mobility_domain
Same bug pattern as mobility_domain fixed in commit b1dc2736db.
Fixes: #21768
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22677
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b178e05d9b)
Export the unique, monotonic DISKSEQ sequence drive number instead of its
major/minor numbers to identify the boot disk and directly match the partition
in export_partdevice with PARTN.
The MINOR blockdevice numbers are not guaranteed sequential across disks, it
can happen that disks enumerate before their partitions are probed, resulting
in interleaved MINOR numbers breaking the partition offset calculation:
major minor #blocks name
259 0 250059096 nvme0n1
259 2 8192 nvme0n1p1
259 3 491520 nvme0n1p2
259 4 239 nvme0n1p128
259 1 250059096 nvme1n1
259 5 250057728 nvme1n1p1
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Link: https://github.com/openwrt/openwrt/pull/18962
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 63d0b5c243)
