This is a safer way to operate the .config file.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22845
Signed-off-by: Nick Hainke <vincent@systemli.org>
Update to the latest stable version. Also add PKG_CONFIG_SYSROOT_DIR
make flag to fix dtc tools build without yaml[1-2].
Patches manually refreshed:
* 003-tools-dumpimage-fix-tools-compile.patch
[1] 0535e46d55
[2] 807bcd844a
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22845
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add support for the Zyxel GS1900-48HP A1 managed PoE switch based on
RTL8393 SoC with 48 copper ports (6x RTL8218B), 2 SFP slots and PoE
(170W budget). Includes DTS, image definition, network config and
u-boot-env support.
The device has 48 copper ports but only ports 1-24 are powered by
the PoE PSE controller.
PoE support requires the realtek-poe package from the packages feed
with an additional configuration for PSE ID 7 to address the MCU on
this device.
Signed-off-by: Klaus Rubenstein <klaus.rubenstein@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Bump the bundled software pieces to their current version too.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22863
Signed-off-by: Robert Marko <robimarko@gmail.com>
This release incorporates the following bug fixes and mitigations:
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
No need refresh patches
Signed-off-by: Jack Sun <sunjiazheng321521@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22847
Signed-off-by: Robert Marko <robimarko@gmail.com>
The rss-input-xfrm workaround for Linux 6.6 is no longer needed with
current kernel versions. Remove the patch and the associated
--enable-rss-input-xfrm configure flag.
Link: https://github.com/openwrt/openwrt/pull/22841
Signed-off-by: Nick Hainke <vincent@systemli.org>
The highlight of this version is that the bl2 size will be reduced
by 60+ KB. The MT7987 SPI interface selection hack was replaced by
upstream implementation with the new symbol SPIM_NAND_PREFER_SPI2.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Migrate timer handling (removed in 6.13) and netdev dummy initialization
(removed in 6.16) to new methods with guards to not break older kernels.
This resolves compilation errors due to missing del_timer_sync(),
from_timer() and init_dummy_netdev().
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Link: https://github.com/openwrt/openwrt/pull/22775
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version fixes some security problems:
* Client impersonation while resuming a TLS 1.3 session
(CVE-2026-34873)
* Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)
* PSA random generator cloning (CVE-2026-25835)
* Compiler-induced constant-time violations (CVE-2025-66442)
* Null pointer dereference when setting a distinguished name
(CVE-2026-34874)
* Buffer overflow in FFDH public key export (CVE-2026-34875)
* FFDH: lack of contributory behaviour due to improper input validation
(CVE-2026-34872)
* Signature Algorithm Injection (CVE-2026-25834)
* CCM multipart finish tag-length validation bypass (CVE-2026-34876)
* Risk of insufficient protection of serialized session or context data
leading to potential memory safety issues (CVE-2026-34877)
* Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6
Size increases by 470 bytes on aarch64:
343995 bin/packages/aarch64_generic/base/libmbedtls21-3.6.5-r1.apk
344465 bin/packages/aarch64_generic/base/libmbedtls21-3.6.6-r1.apk
Link: https://github.com/openwrt/openwrt/pull/22787
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Include the column utility to allow simple formatting of columnar
output.
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22782
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Version 6.19 - Feb 14, 2026
* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
* Feature: display HW timestamp source (-T)
* Feature: support PLCA notifications (--get/set-plca-cfg)
* Feature: add PSE priority management support (--show/set-pse)
* Feature: support PSE notifications (--show/set-pse)
* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
* Feature: support FEC bit error histograms (--show-fec)
* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
* Fix: fix missing headers in text output
* Fix: fix print_string when the value is NULL (-Werror=format-security)
* Fix: fix JSON output of SFP diagnostics
* Fix: fix duplicated JSON keys in module info
* Misc: clarify that symmetric RSS may be on by default (-x/-X)
* Misc: add AppStream metainfo file to %files section
Link: https://github.com/openwrt/openwrt/pull/22780
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add missing dependency kmod-ptp to fix the build error. We also
add symbol CONFIG_PTP_1588_CLOCK_OPTIONAL explicitly for kmod-ptp
because it is selected by CONFIG_PTP_1588_CLOCK. Fix:
Package kmod-iavf is missing dependencies for the following libraries:
ptp.ko
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cryptd has been decoupled from crypto-misc in the 6.18 kernel. Fix:
ERROR: module '/home/runner/work/Actions_/Actions_/openwrt/build_dir/target-i386_pentium4_musl/linux-x86_generic/linux-6.18.20/crypto/cryptd.ko' is missing.
make[3]: *** [modules/crypto.mk:873: /home/runner/work/Actions_/Actions_/openwrt/bin/targets/x86/generic/packages/kmod-crypto-misc-6.18.20-r1.apk] Error 1
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
MediaTek T-PHY controller supports multiple usb2.0, usb3.0 ports,
PCIe and SATA. ARM mediatek and ramips/mt7621 targets require this
package to make the XHCI work properly.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22094
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This was replaced upstream with a proper rng device that feeds into
/dev/random. No need for this anymore.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22766
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ucode path generates different erp_domain and fils_cache_id
values than the legacy shell path due to three mismatches:
1. erp_domain md5 input missing trailing newline (echo adds \n)
2. erp_domain output truncated to 4 chars instead of 8 (shell
uses head -c 8)
3. fils_cache_id md5 input missing trailing newline
4. erp_domain missing fallback to mobility_domain
Same bug pattern as mobility_domain fixed in commit b1dc2736db.
Fixes: #21768
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22677
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Export the unique, monotonic DISKSEQ sequence drive number instead of its
major/minor numbers to identify the boot disk and directly match the partition
in export_partdevice with PARTN.
The MINOR blockdevice numbers are not guaranteed sequential across disks, it
can happen that disks enumerate before their partitions are probed, resulting
in interleaved MINOR numbers breaking the partition offset calculation:
major minor #blocks name
259 0 250059096 nvme0n1
259 2 8192 nvme0n1p1
259 3 491520 nvme0n1p2
259 4 239 nvme0n1p128
259 1 250059096 nvme1n1
259 5 250057728 nvme1n1p1
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Link: https://github.com/openwrt/openwrt/pull/18962
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add some of the more current 4G and 5G modems.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Link: https://github.com/openwrt/openwrt/pull/13426
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The conditional runtime dependency on the ip package was originally
intended to only pull in the ip package when busybox ip is not
configured. However, in APK-based builds the BUSYBOX_CONFIG_*
variables may not be resolvable at package metadata generation
time, causing the ip dependency to be unconditionally baked into
the .apk package. This forces users to install ip-tiny or ip-full
even though busybox already provides the ip command.
Revert to the previous +@BUSYBOX_CONFIG_IP / +@BUSYBOX_CONFIG_FEATURE_IP_LINK
kconfig-level dependencies. These ensure busybox ip support is
enabled at config time without creating a runtime package dependency.
Both options default to y, and wireguard.uc only uses basic
ip link commands that busybox fully supports.
Fixes: openwrt#22637
Signed-off-by: Anand Kumar <anandvtu16158@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22652
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add ability to read u-boot-env partition as sys env
for Zyxel EX5601 and WX5600 with custom partitions.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22670
Signed-off-by: Robert Marko <robimarko@gmail.com>
libunwind solves these in different ways.
ppc-musl is still pending upstream.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21057
Signed-off-by: Robert Marko <robimarko@gmail.com>
The rtl8812au-ct driver is obsolete and replaced by rtw88. It will need
tons of work to compile against 6.18 so for now limit it to 6.12.
Co-authored-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update module files for kernel 6.18
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update module files for kernel 6.18
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Replace the two-step hrtimer initialization pattern with a single
consolidated call to hrtimer_setup().
The legacy approach of calling hrtimer_init() followed by manual
assignment to timer.function is deprecated. The new hrtimer_setup()
helper atomically initializes the timer and assigns the callback
function in one operation, eliminating the race-prone intermediate
state where the timer is initialized but lacks a handler.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Reintroduce old-style debugfs file_operations for kernels < 6.14 and
switch the drivers to use debugfs_short_fops + debugfs_create_file_aux
on >= 6.14. This restores compatibility with older kernels while keeping
the new debugfs API working on 6.14+.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
This patch set introduces support for using the in-tree (mainline)
EIP93 crypto driver for kernel 6.18 and later, along with additional
improvements and fixes:
- Conditional Kconfig/Makefile handling for crypto-hw-eip93 to enable use of the mainline driver with kernel 6.18+.
- Patch 926: Use software AES fallback for small requests in the EIP93 driver.
- Patch 927: Add `mediatek,mtk-eip93` compatible string for upstream kernel device trees.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add a config option for the 6.18 series of kernels
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
Change GPIOF_ACTIVE_LOW to gpiod_toggle_active_low
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/21078
Signed-off-by: Robert Marko <robimarko@gmail.com>
