Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
(CVE-2025-9231)
Fix Out-of-bounds read in HTTP client no_proxy handling.
(CVE-2025-9232)
Reverted the synthesised OPENSSL_VERSION_NUMBER change for the release
builds, as it broke some exiting applications that relied on the previous
3.x semantics, as documented in OpenSSL_version(3).
realtek: rtl931x: Add support for Plasma Cloud ESX28 Switch
The Plasma Cloud ESX28 Switch is a 24 + 4 port multi-GBit switch with
24x 10/100/1000/2500BaseT Ethernet ports and 4x SFP+ module slot.
Hardware:
- RTL9312C SoC
- Macronix MX25L25645G (32MB flash)
- 512MB DDR3 SDRAM
- RTL8231 GPIO extender to control the port LEDs
- 6x RTL8224 4x 10m/100m/1/2.5 Gigabit PHY
- SFP+ 4x 10GBit slot
The switch is powered directly via AC.
The external RS232 serial connector (RJ45, Cisco pinout) can be used to
access the terminal. Serial connection is via 115200 baud, 8N1.
A reset button is accessible through a hole in the front panel.
Installation
------------
* The device can be flashed by using sysupgrade command. Either from the
original vendor firmware or using an initramfs (see "Debug")
* Connect serial on front panel. Connection parameters: 115200 8N1
* The image must be copied using scp to /tmp of the device
scp openwrt-realtek-rtl931x-plasmacloud_esx28-squashfs-sysupgrade.bin root@[IP address of the device]:/tmp/
* start sysupgrade without saving the original vendor configuration
* Connect serial on front panel. Connection parameters: 115200 8N1.
* A tftp server is required, tftpd-hpa works well.
* Power the device, at U-Boot start rapidly hit Esc key to stop autoboot
* Enter passwords: "1234" or "plasmapsx"
* Enable network:
realtek: rtl931x: Add support for Plasma Cloud PSX28 Switch
The Plasma Cloud PSX28 Switch is a 24 + 4 port multi-GBit switch with
24x 10/100/1000/2500BaseT Ethernet ports and 4x SFP+ module slot.
Hardware:
- RTL9312C SoC
- Macronix MX25L25645G (32MB flash)
- 512MB DDR3 SDRAM
- RTL8231 GPIO extender to control the port LEDs
- 6x RTL8224 4x 10m/100m/1/2.5 Gigabit PHY
- SFP+ 4x 10GBit slot
- RTL8239 POE++ PSE controller with frontend MCU
The switch is powered directly via AC.
The external RS232 serial connector (RJ45, Cisco pinout) can be used to
access the terminal. Serial connection is via 115200 baud, 8N1.
A reset button is accessible through a hole in the front panel.
Installation
------------
* The device can be flashed by using sysupgrade command. Either from the
original vendor firmware or using an initramfs (see "Debug")
* Connect serial on front panel. Connection parameters: 115200 8N1
* The image must be copied using scp to /tmp of the device
scp openwrt-realtek-rtl931x-plasmacloud_psx28-squashfs-sysupgrade.bin root@[IP address of the device]:/tmp/
* start sysupgrade without saving the original vendor configuration
* Connect serial on front panel. Connection parameters: 115200 8N1.
* A tftp server is required, tftpd-hpa works well.
* Power the device, at U-Boot start rapidly hit Esc key to stop autoboot
* Enter passwords: "1234" or "plasmapsx"
* Enable network:
Sven Eckelmann [Mon, 14 Apr 2025 13:16:47 +0000 (13:16 +0000)]
realtek: rtl931x: Enable parsing of u-boot nvmem layouts
To be able to read out the ethaddr from the u-boot environment for MAC
address configuration, it is required to also enable the NVMEM layout
parsing code for the U-Boot env layout.
Tianling Shen [Fri, 3 Oct 2025 08:02:10 +0000 (16:02 +0800)]
rockchip: make use of OpenWrt compiled dtbs
OpenWrt buildroot will compile all dtbs defined in target to
$(KDIR)/image-$(DEVICE_DTS).dtb, so make use of it to allow us
debug and use external dtbs easier without patching kernel Makefile.
This also fixes commit 5c724939c396 which forgot to update DTS_DIR
in KERNEL variable.
Hauke Mehrtens [Sat, 4 Oct 2025 10:22:52 +0000 (12:22 +0200)]
firmware-utils: update to Git HEAD (2025-10-01)
4b7638925d3e iptime-crc32: add support for ipTIME AX3000M 12c0b42231be nosimg-enc: add new tool for XikeStor SKS8300 series 2051fe5bc2a1 mktplinkfw2: Add 16MLmtk layout 5d1446bf57d6 tplink-safeloader: Add more special_id's for MR70X 075cdc0c4dd4 iptime-crc32: add support for ipTIME AX3000Q 48ababab6b08 iptime-crc32: add support for ipTIME AX3000SM f29de74ecd7d iptime-crc32: Add device support for ipTIME AX6000M 3346d7711c9a build: add mkqdimg 950f83405a93 iptime-crc32: add support for ipTIME AX7800M-6E 0725c3d4aa1b build: require CMake >= 3.5 due to dropped legacy support 996dc482a7e8 ptgen: fix misprint and simplify calculation a bit febfef7a09b1 ptgen: use long long instead of long for sizes 6ea8b6dd44d0 ptgen: fix protective MBR partition size f1f98b0b8456 ptgen: do not create stub partition to fill a gap if gap caused by alignment 3f2d14829150 ptgen: allow non-default placement of gpt entry table 78d8084c7376 ptgen: allow image generation for a specified disk size 9fa340db640e ptgen: create separate images for gpt data structure d3f8b6ed940a zynsig: add new tool for creating images for the ZyXEL GS1920 series 7e6f69b444c3 npk_pack_kernel: add tool for creating MikroTik NPK kernel packages 0782d243d23e Revert "ptgen: do not create stub partition to fill a gap if gap caused by alignment"
Andy Chiang [Thu, 2 Oct 2025 21:12:12 +0000 (04:12 +0700)]
iptables: fix breaking packing
after change include/package-pack.mk in 16416782f194d1850a9d9accf02f04832a7fcea4, must use ALTERNATIVES to create soft link, otherwise the packing will be messed up.
Fixes: openwrt#20270 Fixes: openwrt#20291 Fixes: 16416782f194d1850a9d9accf02f04832a7fcea4 (include: make APK packing mtime reproducible) Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com> Link: https://github.com/openwrt/openwrt/pull/20283 Signed-off-by: Robert Marko <robimarko@gmail.com>
Andreas Gnau [Fri, 3 Oct 2025 08:59:42 +0000 (10:59 +0200)]
tools/ccache: same behaviour for local and CI builds
If the environment variable `CI` is set, ccache will enable the CMake
option CCACHE_DEV_MODE by default. This leads to differing behaviour
between local and CI builds which takes quite some time to debug. 🤯
Achieve consistent behaviour between local builds and CI builds by
setting CCACHE_DEV_MODE. Set it to OFF, because CCACHE_DEV_MODE amongst
other settings like linker choice, enables -Werror, which will lead to
potential compilation failures when the host compiler is updated. Using
-Werror for host utils is not desirable, because the compiler version
used is not controlled by the OpenWrt build system and host utils should
compile successfully on an as wide range of host OSes as possible.
Reported-by: Roman Azarenko <roman.azarenko@iopsys.eu> Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu> Link: https://github.com/openwrt/openwrt/pull/20290 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
d3be5474f6e6 udebug-cli: ignore zero-length messages in logstream c79f02d899df ucode: fix skipping lines where the timestamp cannot be parsed 5327524e7153 cmake: bump minimum required version to 3.13
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
If transmissions are done outside of the DSA switch (directly from the CPU
port), the STP state must not block the transmission. Otherwise, STP frames
are not correctly submitted and the STP frames cannot correctly detect
loops before switching a port in the forwarding state.
The same applies for the LLDP frames. These must be submitted independent
of the STP state to identify neighbors or configure POE limits.
It is not necessary to filter specific destination mac addresses because
the transmission was done outside the bridge/switch in the first place. The
transmission is therefore forced.
Signed-off-by: Issam Hamdi <ih@simonwunderlich.de> Co-developed-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Sven Eckelmann <sven@narfation.org> Link: https://github.com/openwrt/openwrt/pull/20184 Signed-off-by: Robert Marko <robimarko@gmail.com>
realtek: rtl93xx: dsa: Add support for port based mirroring
The RTL930X and RTL931X SoCs support port-based, flow-based, and
RSPAN-based mirroring. Like for other SoCs from the realtek target, only
the port based port mirroring can be exposed using Linux's tc subsystem.
The port_mirror_add() implementation was updated with the following
considerations for RTL93xx SoCs:
* mirrored packets must pass through the TX pipeline of the mirroring
port, so they are subject to configuration such as VLAN tagging,
remarking, and EVC
* when a packet hits both source ports (SPM) and destination port (DPM) of
a mirror group, the egress port traffic will be mirrored
The port_mirror_del() function doesn't require any modifications.
Signed-off-by: Sharadanand Karanjkar <sk@simonwunderlich.de> Co-developed-by: Sven Eckelmann <se@simonwunderlich.de> Signed-off-by: Sven Eckelmann <se@simonwunderlich.de> Link: https://github.com/openwrt/openwrt/pull/20264 Signed-off-by: Robert Marko <robimarko@gmail.com>
Sven Eckelmann [Tue, 15 Jul 2025 17:48:05 +0000 (19:48 +0200)]
realtek: dsa: Keep HW specific mirror code in SoC helper
Instead of using a lot of if-else blocks in the port mirror code, provide
SoC specific function which calculates the SoC specific portions. The
generic part of the port mirroring code can then simply operate on the
calculated register addresses and values.
Suggested-by: Markus Stockhausen <markus.stockhausen@gmx.de> Signed-off-by: Sven Eckelmann <se@simonwunderlich.de> Link: https://github.com/openwrt/openwrt/pull/20264 Signed-off-by: Robert Marko <robimarko@gmail.com>
Paul Spooren [Wed, 1 Oct 2025 13:22:38 +0000 (15:22 +0200)]
package: generate sha256sums by default
Right now the sha256sums are only created for the targets/ folder (i.e.
firmware images) and only the buildbot generates those sha256sums. Instead, let
the build system create the sha256sums directly.
Til Kaiser [Thu, 2 Oct 2025 13:01:35 +0000 (15:01 +0200)]
kernel: modules: fix mlxreg dependency to avoid deferred probe
The mlxreg-hotplug platform driver was failing to probe due to a missing
I²C multiplexer dependency. Previously, only kmod-i2c-mux-mlxcpld was
declared, but mlxreg also requires kmod-i2c-mux-reg to initialize its
I²C mux functionality.
Without this dependency, the driver probe was deferred:
The FIT loadaddr on RK3308/RK3566/RK3568/RK358x is 0x02000000
instead of 0x02080000, while on RK3576 it's 0x42000000, which is
quite different from the former SoCs and incompatible with current
kernel loadaddr value.
Jonas Jelonek [Fri, 12 Sep 2025 19:33:18 +0000 (19:33 +0000)]
realtek: rtl93xx: replace pending I2C patches with upstreamed patches
Replace the pending I2C backport patches for RTL93XX added in 44655c97bb with the upstreamed variants. The patches have been accepted
upstream in the meantime and are included in v6.17 or v6.18.
As shown above, the SPI master controller shares its pin with GPIO 8, 9,
10, 11, 12. In some upcoming devices (like the Plasma Cloud PSX28/ESX28),
they will be used for SFP cage signaling. These pins must therefore be
switched manually to the GPIO mode.
The SPI_CTRL0 register provides all necessary configuration to enforce the
GPIO mode of the pins. And until more requirements (and a correct driver)
for the SPI master controller arise, it is therefore possible to use
pinctrl-single to configure it using the devicetree.
Previously the ethernet driver did configure the SPI master controller for
31.25 MHz. It is unknown for which kind of device this was originally made
and what was actually connected there. But this manual write to the
register conflicts potentially with the write of the pinctrl driver to the
same register. Luckily, we don't need this SPI speed configuration in the
ethernet driver. Still, to allow this device an easy migration, the
`spi0-31mhz` configuration was already prepared.
mac80211: ath: improve ath10k "failed to flush transmit queue" errors
Currently, in busy environments, ath10k logs "failed to flush transmit
queue" errors and have a spiking CPU usage, making the wireless barely
usable.
With this patch, taken from https://patchwork.kernel.org/project/linux-wireless/patch/20250806070005.1429-1-hujy652@gmail.com/
this does not occur in normal operation and the wifi is much more stable
Felix Fietkau [Wed, 1 Oct 2025 08:08:44 +0000 (10:08 +0200)]
netifd: update to Git HEAD (2025-09-30)
c3bf8fd913a4 interface: fix reload for devices that point to vlan aliases 22216cac7c94 bridge: fix reload when ports refer to aliased vlans on another bridge ecca21ca07dd system: add logging wrappers for basic system functions
Sven Eckelmann [Tue, 30 Sep 2025 07:06:57 +0000 (09:06 +0200)]
realtek: Work around missing 10g-qxgmii PHY mode
The current SerDes implementation for RTL931x handles 10G-QXGMII via the
"usxgmii" PHY mode. This is not 100% correct because it is not a single
port with 10G (max) but 4 ports with 2.5G each.
To allow setting of the "10g-qxgmii" phy mode, just change the code for now
to use the same codepaths as USXGMII. This has to be cleaned up further
during the SerDes driver rewrites.
Suggested-by: Markus Stockhausen <markus.stockhausen@gmx.de> Signed-off-by: Sven Eckelmann <se@simonwunderlich.de> Link: https://github.com/openwrt/openwrt/pull/20239 Signed-off-by: Robert Marko <robimarko@gmail.com>
Sven Eckelmann [Wed, 30 Jul 2025 05:39:32 +0000 (07:39 +0200)]
realtek: rtl931x: Enable REALTEK_PHY for RTL8224 support
The Plasma Cloud PSX28 and ESX28 are using RTL8224 as ethernet PHY. This
phy works perfectly fine on PSX8/PSX10 (RTL930x) but failed to establish a link
on rtl931x because the upstream realtek phy driver was not enabled.
uboot-mediatek: rax3000m: use ddr3-1866mhz built in the dependency
The u-boot of cmcc_rax3000m_*-ddr3 declares a dependency on
trusted-firmware-a-mt7981-*-ddr3-1866mhz, while actually packages
the normal BL2. This causes build failure if the the non-1866m
variant isn't built.
According to the previous commit, it's intended to use the lower
frequency variant to fix device stability issues. Correct
BL2_DDRTYPE as intended.
Paul Spooren [Tue, 30 Sep 2025 12:17:11 +0000 (14:17 +0200)]
include: make APK packing mtime reproducible
APK kindly stores the mtime of each containing file in created packages,
breaking reproducibility. As a fix, touch all files of the package with the
timestamp of PKGSOURCE_DATE_EPOCH, which contains the timestamp based on the
last package modification.
Over at OPKG, something similar is done by setting mtime in the tar command,
see the `ipkg-build` script.
To tackle this in APK directly, some changes are suggested. However until this
is merged, we should fix it downstream.
https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/348
realtek: rtl931x: set hash_msb based on VLAN ID when adding a new L2 entry
During testing, we discovered that when adding a new offload FDB rule
on certain VLANs and then delete it, does not work as expected.
Steps to Reproduce:
* Create VLAN 4094 on the port lan1:
bridge vlan add vid 4094 dev lan1 pvid
* Add a new FDB entry on port lan1 for VLAN 4094:
bridge fdb add 00:01:02:22:33:44 dev lan1 vlan 4094 master permanent
* Delete the new FDB entry on port lan1 for VLAN4094
bridge fdb del 00:01:02:22:33:44 dev lan1 vlan 4094 master permanent
Root Cause:
The failure occurs because the hash_msb flag is not set correctly
based on the VLAN ID when adding a new L2 entry.
Signed-off-by: Issam Hamdi <ih@simonwunderlich.de> Signed-off-by: Sven Eckelmann <se@simonwunderlich.de> Link: https://github.com/openwrt/openwrt/pull/20183 Signed-off-by: Robert Marko <robimarko@gmail.com>
Sven Eckelmann [Fri, 26 Sep 2025 09:57:20 +0000 (11:57 +0200)]
realtek: Switch booleans in rtl838x_l2_entry to single bits
In upstream kernel, it is not well received to use a lot of simple booleans
in structs. It is preferred to use 1-bit bitfields [1] and consolidate the
booleans together.
John Thomson [Thu, 16 May 2024 00:16:53 +0000 (10:16 +1000)]
image: adapt mikrotik yafut to allow switch to bootimage YAFFS path
Adjust the YAFFS file path written depending on the sysupgrade
filename.
Default to kernel (for ELF), switch to bootimage (for NPK) if image name
has v7.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
John Thomson [Sun, 22 Jan 2023 11:34:43 +0000 (21:34 +1000)]
build: add Mikrotik NOR RouterBOOT v7 image build
Add build step 'kernel-pack-npk' which uses 'npk_pack_kernel' which is now
part of firmware-utils to enable wrapping the kernel inside a MikroTik NPK
package.
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 23 Sep 2025 22:30:03 +0000 (23:30 +0100)]
firmware-utils: update to git HEAD
7e6f69b npk_pack_kernel: add tool for creating MikroTik NPK kernel packages d3f8b6e zynsig: add new tool for creating images for the ZyXEL GS1920 series 9fa340d ptgen: create separate images for gpt data structure 78d8084 ptgen: allow image generation for a specified disk size 3f2d148 ptgen: allow non-default placement of gpt entry table f1f98b0 ptgen: do not create stub partition to fill a gap if gap caused by alignment 6ea8b6d ptgen: fix protective MBR partition size febfef7 ptgen: use long long instead of long for sizes 996dc48 ptgen: fix misprint and simplify calculation a bit 0725c3d build: require CMake >= 3.5 due to dropped legacy support
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
projects / thirdparty / openwrt.git / log
