The upstream submission for this mandates the node to be named wifi
instead of wmac. Change all ath79 entries to match the new names and
remove the compatibility patch.
Felix Fietkau [Sun, 6 Jul 2025 17:23:59 +0000 (19:23 +0200)]
ath9k: add back previous DT compatible strings for ahb
The ath9k ahb patch was updated to match the latest upstream version,
however the openwrt DT files still use the older names.
Add those as extra entries in order to remain compatible until DT files
are fixed.
Fixes: 88f4c32060f7 ("mac80211: update to version 6.14.11") Signed-off-by: Felix Fietkau <nbd@nbd.name>
airoha: backport upstream patch for Flow Offload support for AN7581
Backpot upstream patch for Flow Offload support for AN7581 and refresh
all affected patch. To correctly work a dedicated firmware is needed to
use the dedicated Network Coprocessor (NPU).
This also introduce good cleanup and moves the driver in a dedicated
Airoha directory. While currently not totally usable (due to lack of
firmware blob) this is needed to backport support for external PHY/SFP
support.
Refresh all affected patch.
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl> # tested on Quantum W1700k Tested-by: Andrew LaMarche <andrewjlamarche@gmail.com> Link: https://github.com/openwrt/openwrt/pull/18166 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport some upstream patch for Airoha ethernet driver in preparation
for Flow Offload support.
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl> # tested on Quantum W1700k Tested-by: Andrew LaMarche <andrewjlamarche@gmail.com> Link: https://github.com/openwrt/openwrt/pull/18166 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Replace PCIe patch with upstream version and update DTS with new PBUS
CSR property now required.
Tested-by: Aleksander Jan Bajkowski <olek2@wp.pl> # tested on Quantum W1700k Tested-by: Andrew LaMarche <andrewjlamarche@gmail.com> Link: https://github.com/openwrt/openwrt/pull/18166 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Harrison Boyd [Tue, 1 Jul 2025 22:59:05 +0000 (22:59 +0000)]
config: drop kernel config symbols removed before v6.6
Since we don't support any kernel versions below v6.6, Kconfig options
that were removed upstream before 6.6 are no longer relevant and should be
dropped.
This commit removes the following obsolete kernel config options:
- KERNEL_UBSAN_NULL: Removed in v4.18 (3ca17b1f3628)
- KERNEL_DEBUG_LL_UART_NONE: Removed in v4.0 (6f5194553c84)
- KERNEL_SLABINFO: Removed in v4.15 (5b36577109be)
- KERNEL_RESOURCE_COUNTERS: Removed in v3.18 (5b1efc027c0b)
- KERNEL_MM_OWNER: Removed in v3.16 (f98bafa06a28)
- KERNEL_MEMCG_SWAP: Removed in v6.1 (e55b9f96860f)
- KERNEL_MEMCG_SWAP_ENABLED: Removed in v5.7 (2d1c498072de)
- KERNEL_DEVPTS_MULTIPLE_INSTANCES: Removed in v4.7 (eedf265aa003)
- KERNEL_DEVKMEM: Removed in v5.13 (bbcd53c96071)
- KERNEL_SECURITY_SELINUX_DISABLE: Removed in v6.4 (f22f9aaf6c3d)
Ian Ladd [Wed, 2 Jul 2025 14:54:47 +0000 (10:54 -0400)]
libnetfilter-conntrack: bump to 1.1.0
Updates libnetfilter-conntrack to version 1.1.0.
Removes patches which should no longer be needed according to changelog for
libnetfilter-conntrack 1.1.0
Mbed TLS 3.6 is a long-term support (LTS) branch. It will be supported with bug-fixes and security fixes until at least March 2027.
Security Advisories
For full details, please see the following links:
Race condition in AESNI support detection [1]
Heap buffer under-read when parsing PEM-encrypted material [2]
Unchecked return value in LMS verification allows signature bypass [3]
Out-of-bounds read in mbedtls_lms_import_public_key() [4]
Timing side-channel in block cipher decryption with PKCS#7 padding [5]
NULL pointer dereference after using mbedtls_asn1_store_named_data() [6]
Misleading memory management in mbedtls_x509_string_to_names() [7]
Changes between 3.5.0 and 3.5.1:
Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application
adds a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected
for a particular use it will be instead marked as trusted for that use.
(CVE-2025-4575)
Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation.
We have now restored the original behaviour and brought DTLS back into line
with TLS.
Eric Fahlgren [Tue, 1 Jul 2025 21:02:41 +0000 (14:02 -0700)]
imagebuilder: implement STRIP_ABI option for manifest target
When using apk as the package manager, imagebuilder make command
make manifest STRIP_ABI=1
does not strip package names of their ABI-version suffix. The ASU
server relies on this to validate builds, so many snapshot build
requests are failing.
Fix this by using the already existing package data parser in
make-index-json.py and augment it to write the result in manifest
format.
Fixes: https://github.com/openwrt/openwrt/issues/19274 Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com> Link: https://github.com/openwrt/openwrt/pull/19278 Signed-off-by: Robert Marko <robimarko@gmail.com>
Felix Fietkau [Tue, 1 Jul 2025 18:48:14 +0000 (20:48 +0200)]
ubus: update to Git HEAD (2025-07-01)
27839f854a58 ubusd: make txq_len field signed b35b2bc63e8e ubusd: treat EACCES on write like EAGAIN 713e9d19b2b6 ubusd: retry write on EINTR 8bb523ab20e0 ubusd: fix txq_len accounting b1b783c74742 ubusd: add another tx attempt on enqueueing the first message for a client
qualcommax: ipq50xx: Add support for Yuncore AX830
Specifications:
SOC: Qualcomm IPQ5018 (64-bit dual-core ARM Cortex-A53 @ 1.0Ghz)
Memory: 512MB DDR3L
Standard: 802.11ax/ac/b/g/n
Flash: SPI NOR 8MB (Winbond W25Q64DW) + NAND 128MB (Winbond W25N01GWZEIG)
2.4G Frequency: 2.4GHz - 2.484GHz
2.4G Wi-Fi standard: 802.11b/g/n/ax
5.8G Frequency: 4.9~5.9G
5.8G Wi-Fi Standard: 802.11 a/n/ac/ax
Interface:
Optional 1(Without 8081):
1 * 10/100 /1000Mbps RJ45 WAN Port and PoE port;
1* Gigabit Console port;
Optional 2(With 8081):
1 * 10/100/1000/2500Mbps RJ45 WAN port and PoE port,
1*10/100/1000Mbps LAN port
Buttons: 1 * Reset button, press 10 seconds to revert to default setting
Antenna: Build in 4*4dBi dual band MIMO Antenna
Data Rate: 3000Mbps (2.4G 600Mbps, 5.8G 2400Mbps)
End Users: 128+
2.4G RF Power: ≤ 23dBm
5.8G RF Power: ≤ 23dBm
DC: 12V----2A
PoE: 48V (IEEE 802.3at)
LED Light: Sys, WAN, LAN
Power Consumption: ≤ 20W
BACKUP YOUR STOCK FIRMWARE:
- Put openwrt-*-initramfs-uImage.itb to your
TFTP server and rename it to initramfs.bin
- Enable serial console and enter to u-boot cli
and exec these commands:
```
tftpboot <your_tftp_server_ip>:initramfs.bin
bootm
```
- Once boot completed and you get the openwrt shell
execute below commands:
```
device=ax830
mkdir -p /tmp/fw_backup; cd /tmp/fw_backup
rootfs=$(cat /proc/mtd | grep \"rootfs\" | cut -d: -f1)
rootfs_1=$(cat /proc/mtd | grep \"rootfs_1\" | cut -d: -f1)
dd if=/dev/${rootfs} of=rootfs_${rootfs} bs=1M
dd if=/dev/${rootfs_1} of=rootfs_1_${rootfs_1} bs=1M
cp /sys/firmware/fdt fdt.dtb
md5sum * > md5sum
tar -cvzf /tmp/${device}.tar.gz .
sum=$(md5sum /tmp/${device}.tar.gz | cut -d' ' -f1)
mv /tmp/${device}.tar.gz /tmp/${device}_${sum}.tar.gz
echo "stock fw backup saved to: /tmp/${device}_${sum}.tar.gz"
```
- Upload/save your backup to a safe place.
STOCK FIRMWARE RECOVERY:
- Boot initramfs image
- Upload your backed-up stock fw tarball to the device
using scp or download it from the device using wget.
- Enter device ssh cli or tty and exec:
```
cd /tmp && wget <your_web_server_ip>/${stock_fw_backup}.tar.gz`
tar -xpzf ${stock_fw_backup}.tar.gz
rootfs=$(cat /proc/mtd | grep \"rootfs\" | cut -d: -f1)
rootfs_1=$(cat /proc/mtd | grep \"rootfs_1\" | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f /tmp/rootfs_${rootfs}
ubiformat /dev/${rootfs_1} -y -f /tmp/rootfs_1_${rootfs_1}
reboot
```
INSTALLATION:
1. initramfs method
- Put openwrt-*-initramfs-uImage.itb to your
TFTP server and rename it to initramfs.bin
- Enable serial console and enter to u-boot cli
and exec these commands:
```
tftpboot <your_tftp_server_ip>:initramfs.bin
bootm
```
- Once boot completed and you get the openwrt shell
execute below commands:
```
cd /tmp && wget <your_web_server_ip>/factory.ubi`
export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f factory.ubi
ubiformat /dev/${rootfs_1} -y -f factory.ubi
reboot
```
2. u-boot factory.ubi image method
- Put factory.ubi to your TFTP server and
enter u-boot cli and exec these commands:
```
tftpboot <your_tftp_server_ip>:factory.ubi
#After downloading is finished:
flash rootfs
flash rootfs_1
reset
```
Ondrej Cierny [Fri, 27 Jun 2025 02:39:37 +0000 (19:39 -0700)]
download: improve rawgit tar reliability
Packages that depend on rawgit can fail on systems with the tar UID
issue (https://bugzilla.redhat.com/show_bug.cgi?id=913406).
Fix this by adding tar flags to overwrite UID/GID, as in the
dl_tar_pack method.
Until now the rt-loader only works on U-Boot driven devices where the
environment (e.g. coprocessor) is usually setup properly. Devices like
the ZyXEL GS1920 series use BootBase as start environment and skip
some of the basic initialization steps. rt-loader will fail in these
cases. Take care about the CP0 registers.
Additionally enhance the documentation of the printf implementation.
It was optimized during the different revisions of the initial PR.
Kazuhiro Ito [Sun, 29 Jun 2025 07:47:31 +0000 (16:47 +0900)]
x86: 64: Enable PCI MMCONFIG
Some devices can't boot since kernel 6.6 without PCI MMCONFIG.
Fixes: https://github.com/openwrt/openwrt/issues/18228 Fixes: https://forum.openwrt.org/t/openwrt-24-10-x86-64-boot-hangs-after-pci-nvme-initialization/229086 Signed-off-by: Kazuhiro Ito <kzhr@d1.dion.ne.jp> Link: https://github.com/openwrt/openwrt/pull/19256 Signed-off-by: Robert Marko <robimarko@gmail.com>
The bootloader of many Realtek switches only supports gzipped kernel images.
With limited flash space that might get critical in future versions. For better
compression allow support for compressed images. For this a new loader was
developed. Several ideas have been taken over from the existing lzma loader
but this has been enhanced to make integration simpler. What is new:
- Loader is position independent. No need to define load addresses
- Loader identifies device memory on its own
- Loader uses "official" upstream kernel lzma uncompress
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/decompress_unlzma.c
- Loader uses "official" UNMODIFIED nanoprintg that is used by several
bare metal projects. https://github.com/charlesnicholson/nanoprintf
Compiled the loader ist just under 12KiB and during boot it will show:
rt-loader
Found RTL8380M (chip id 6275C) with 256MB
Relocate 2924240 bytes from 0x80100000 to 0x8fce0000
Extract kernel with 2900144 bytes from 0x8fce521c to 0x80100000...
Extracted kernel size is 9814907 bytes
Booting kernel from 0x80100000 ...
[ 0.000000] Linux version 6.12.33 ...
[ 0.000000] RTL838X model is 83806800
...
Eric Fahlgren [Sat, 1 Feb 2025 16:12:07 +0000 (08:12 -0800)]
scripts: getver.sh: approximate version from date
When doing package support and management it is often the case that
knowing the corresponding openwrt repo's release version is useful.
For example, when adding package changes to the ASU server, the
openwrt revision is used as the cutoff for applying those changes.
Knowing a package change's hash in its remote feed repo allows us
to look up its change date, which we can now use with getver.sh
to approximate the revision in openwrt at which it was made.
Daniel Golle [Wed, 25 Jun 2025 23:44:38 +0000 (00:44 +0100)]
mediatek: 6.12: mt7988a-rfb: complete conversion to all-UBI fitblk
Restore the conversion to an all-UBI NAND layout and use of fitblk on
SPI-NAND connected via the mt65xx SPI controller.
Apply the same also for SPI-NAND connected via the SNFI controller, and
use fitblk also for boot from SPI-NOR, eMMC and SD.
Fixes: f9206d1111 ("kernel/mediatek: 6.12: replace downstream files by patches") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Wed, 25 Jun 2025 23:22:42 +0000 (00:22 +0100)]
mediatek: 6.12: fix wrong SoC compatible of MT7988A RFB
The MediaTek MT7988A RFB currently hangs on boot as CCI fails to probe.
This is due to the wrong SoC compatible string "mediatek,mt7988" instead of
"mediatek,mt7988a". Fix that.
Fixes: f9206d1111 ("kernel/mediatek: 6.12: replace downstream files by patches") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
uboot-envtools: set nonshared flag correctly per-subpackage
Currently, uboot-envtools is being built for a (shared) instruction
set (phase2 in buildbots) instead of target-specific (phase1 in builbots).
So the package does not contain the uci-defaults file specific for each
target_subtarget. (Only the fortunate target with coincidentally the same
instruction set and target as the SDK chosen by the buildbot will have the
uci-defaults file.)
This commit sets the nonshared flag correctly in the Makefile so that
uboot-envtools is built for the target-specific (phase 1).
This is done by using the PKGFLAGS variable which is intended for
per-binary flags (instead of PKG_FLAGS which has a global scope), as
stated in some old commits 349e7b635e[1], 2d7eaf2e15[2], 064e7c8f00[3] and 2cb75cd8b9[4].
While at here, use PKG_URL, instead of URL, which is intended for global
scope. As stated in commit e32edf712b[5].
Fixes: #19040 Fixes: 46e376c ("uboot-tools: migrate uboot-envtools to uboot-tools") Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com> Link: https://github.com/openwrt/openwrt/pull/19180 Signed-off-by: Robert Marko <robimarko@gmail.com>
realtek: overwrite c22 polling unconditionally on RTL930x
During setup the mdio driver decides the polling mode of the 4 smi
busses depending on the DTS phy settings. This works as follows:
- set polling to c45 if at least one phy is ethernet-phy-ieee802.3-c45
- set polling to c22 if all phys are ethernet-phy-ieee802.3-c22
On RTL930x it is not possible to switch to c22 if uboot has set c45
before. Fix this by overwriting the bitfield properly. While we are
here:
- Sort variables according to kernel style (inverse christmas tree)
- Initialize fields properly with = { 0 }
- Use GENMASK() for better readability
- Make use of RTMDIO_MAX_SMI_BUS
qualcommbe: v6.12: update PCS patches to use .pcs_validate()
The original PCS driver did not use the .pcs_validate() in
phylink_pcs_ops. The patches for 1000/2500base-x and 10g modes were
taken from this old driver, and thus did not bother with
.pcs_validate(). Thus, even though these modes are supported, phylink
would not enable them.
To fix these, list these modes in .pcs_validate(). Also list them in
ipq_pcs_clk_rate_get(). While the latter does not appear to change
behavior, it does change the clock rates listed under
/sys/kernel/debug/clk
Co-developed-by: Mantas Pucka <mantas@8devices.com> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Link: https://github.com/openwrt/openwrt/pull/18435 Signed-off-by: Robert Marko <robimarko@gmail.com>
Daniel Golle [Wed, 11 Jun 2025 10:14:41 +0000 (12:14 +0200)]
uboot-tools: envtools: ipq806x: ignore case of partition name
The qcomsmem MTD partition parser converts all partition names to
lower case while the vendor solution uses upper case names, which
often made their way into OpenWrt as labels in 'fixed-partitions'
(probably due to contributors and reviewers being unaware of the
qcomsmem parsers).
Use case-insensitive matching of the 'APPSBLENV' name to make
ubootenv_mtdinfo() work in both cases.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 10 Jun 2025 16:51:14 +0000 (18:51 +0200)]
ipq-wifi: add BDF for IgniteNet SS-W2-AC2600
The IgniteNet SunSpot AC Wave2 comes with 2x QCA9994 ath10k chips
connected to the IPQ8068 SoC via PCIe.
Add board-2.bin for both radios on this board.
3ac4a64 qca9984: add BDFs for IgniteNet SS-W2-AC2600
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Eric Fahlgren [Mon, 23 Jun 2025 22:50:23 +0000 (15:50 -0700)]
scripts: make-index-json: rework for old Python versions
The current code uses functions and features only found in newer
versions of Python, so rework to allow use on systems only supporting
older Python. Tested on Python 3.8 (released Oct 2019), but should
work on 3.7 also.
Suggested-by: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Paul Spooren [Tue, 24 Jun 2025 14:29:05 +0000 (16:29 +0200)]
ci: add missing permission to add comments
While this worked during testing, the repository of a organization requires
extra permissions. Add write access to pull requests, like we do over at
packages.git.
Paul Spooren [Tue, 24 Jun 2025 08:28:38 +0000 (10:28 +0200)]
ci: add bot to build on comment
This has been requested many times, so let's add this to speed up reviews. When
a member of the "reviewers" group comments the magic word written below, that
specific firmware is created and attached by a bot.
build <target>/<subtarget>/<profile>
Members of the "reviewers" group have no extra privileges, they can not commit
to the repository nor perform any action outside the `build-on-comment` action.
Motivation is to speedup reviews and have a better source for sharing compiled
firmware.
Felix Fietkau [Tue, 24 Jun 2025 13:04:17 +0000 (15:04 +0200)]
wifi-scripts: add support for RSN overide and use it for improved WPA3 compat
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Ondrej Cierny [Fri, 20 Jun 2025 21:43:00 +0000 (14:43 -0700)]
toolchain/wrapper: add missing qstrip to info.mk export
When using an external toolchain, the SetToolchainInfo function
is missing a qstrip call on GCC_VERSION, which results in quotes
making it to the toolchain info.mk file.
This leads to a failure to build the libgcc ipk package because
the quotes make it to its version and filename. For some reason,
it only fails on the first make invocation, but succeeds on
subsequent ones on my setup.
Fix this issue by adding the qstrip, making it consistent with
the internal toolchain approach.
Tim Harvey [Thu, 19 Jun 2025 21:32:11 +0000 (14:32 -0700)]
imx: venice: add dt overlay support
Enable DT overlay support:
- add dt-overlay to board features
- add DEVICE_DTS_OVERLAYS
- update the boot script to resize before applying each overlay
Tim Harvey [Thu, 19 Jun 2025 23:11:44 +0000 (16:11 -0700)]
imx: 6-12: add additional patches
Backport some additional upstream patches:
- 6.13-arm64-dts-imx8mm-venice-gw73xx-remove-compatible-in-overlay-files.patch
(this resolves some issues when using dt overlays on gw73xx-0x)
- 6.16-PCI-imx6-Skip-link-up-workaround-for-newer-platforms.patch
- pending-PCI-imx6-Remove-apps_reset-toggle-in-_core_reset-function
(these resolve enumeration issues on imx8mm/imx8mp with a pcie switch)
base-files: handle packages alternatives when apk removes packages
On commit 3010ab8 ("base-files: add update_alternatives function") was
implemented the function to handle ALTERNATIVES when using APK (OPKG
handle it internally) but in commit bcc6415 ("base-files: add
compatibility for APK and OPKG") was only called when adding a package,
so call it also when removing packages.
While we are here, check for a more specific *.alternatives files instead
of *.list, and remove redundant "filelist" variable definition.
Fixes: bcc6415 ("base-files: add compatibility for APK and OPKG") Fixes: https://github.com/openwrt/openwrt/issues/19090 Fixes: https://github.com/openwrt/openwrt/issues/16991 Reported-and-tested-by: Eric Fahlgren <ericfahlgren@gmail.com> Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com> Link: https://github.com/openwrt/openwrt/pull/19093 Signed-off-by: Robert Marko <robimarko@gmail.com>
Disassembly:
At the bottom, under the LEDs, there are 2 screws hidden by rubber feet. After removing the screws, pry the gray plastic part around (it is secured with latches) and remove it.
Serial Interface:
The serial interface can be connected to the 5 pin dots located on the right between the operating mode switch and the antenna.
Pins (from antenna to operating mode switch):
VCC
TX
RX
NC
GND
Settings: 115200, 8N1
Flashing via OEM recovery software:
1. Download the OEM recovery software from the manufacturer's website
2. Download the firmware image (for OpenWRT it is *-squashfs-factory.bin), rename it to KN-1212_recovery.bin
3. Replace the file in the fw folder OEM recovery software with the file from step 2.
4. Run the OEM recovery software and follow the instructions.
Flashing via TFTP:
1. Connect your PC and router to port 1-3, configure PC interface using IP 192.168.1.2, mask 255.255.255.252
2. Serve the firmware image (for OpenWRT it is *-squashfs-factory.bin) renamed to KN-1212_recovery.bin via TFTP
3. Power up the router while pressing Reset button on the back
4. Release Restart button when Power LED starts blinking
To revert back to OEM firmware:
The return to the OEM firmware is carried out by using the methods described above with the help of the appropriate firmware image.
When using OEM bootloader, the firmware image size cannot exceed the size of one OEM «Firmware_x» partition or Kernel + rootFS size.
Until now the timer management on the RTL931x devices depends
on the MIPS default timer. Looking at the clock progress on
these devices one can see that it is totally off. It is running
at half the required speed (e.g. if 1 minute passes the date
command shows that according to the timers only 30 seconds have
elapsed). This is a mix from wrong DTS and bad startup code.
This is not only a cosmetic issue but has effects on every
delay operation inside the kernel. Switch RTL931x to the proven
Otto timer.
Upstream has gained support for forced affinity settings in the MIPS
GIC interrupt controller. This is needed to enable the Otto timer on
the RTL931x platform. See
projects / thirdparty / openwrt.git / log
