Thomas Richard [Fri, 17 Apr 2026 18:55:39 +0000 (20:55 +0200)]
kernel/stm32: restore files for v6.12
This is an automatically generated commit which aids following Kernel patch
history, as git will see the move and copy as a rename thus defeating the
purpose.
For the original discussion see:
https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
Hauke Mehrtens [Sun, 7 Jun 2026 11:31:36 +0000 (13:31 +0200)]
uclient: update to Git HEAD (2026-06-07)
f227ab4f1285 uclient: fix memory leak of url when backend alloc fails 645236607a3d uclient: free proxy_url in uclient_free 53d2d11fb00d uclient-http: fix NULL deref when digest WWW-Authenticate lacks params 0ba1b8718be5 ucode: check calloc return in uc_uclient_new 5cb19466d076 uclient-fetch: reset redirect counter per request 568c447950c1 uclient-fetch: retry short writes and surface errors 4c4a61a69ac3 uclient-fetch: use strtoull to parse Content-Length 440ca260622d uclient-http: validate Content-Length and chunk sizes from the server 8658324bd234 uclient: cast to unsigned char before ctype classifications bf403fa0f8e5 uclient-fetch: reject CR in --header values ec47f4176b1e uclient-fetch: always allocate auth_str and free it on exit 391dacd10d31 uclient-http: fail digest auth when the cnonce cannot be randomized ba1f4311b099 ucode: clamp read length to the size of the static buffer 0ba47f319b09 uclient-fetch: advance to the next URL between requests 9dd0055d527d uclient: initialize *port for unknown address families f816506651d5 uclient-http: start digest nonce count at 1 9b9b2da40835 uclient-http: fix 2-byte buffer undercount in digest add_field 80fb1e5ee68b ucode: avoid double-free of SSL context on ssl_init error d44fb561bbcf ucode: don't clear an unrelated registry slot on free 02562403d2a3 uclient-fetch: close the output file before fetching the next URL 4a63561d0012 uclient-http: initialize fd to -1 so a failed connect can't close stdin 428ae8342118 uclient: cancel pending timers in uclient_free() ffd8db308289 uclient-fetch: guard SSL debug setup against a missing SSL context 9f4db039a263 ucode: release callback argument references d2af92b0aad9 uclient-http: resolve redirects against the proxy target URL 5dddda023267 uclient-utils: avoid out-of-bounds pointer in get_url_filename 8507588e7ce7 uclient-http: use the proxy target URL for HTTP authentication 322c89c6ca0a uclient-http: retry 401 auth for all body-less request methods db3bb00ddda7 uclient-http: accept unquoted digest auth parameter values 5ce9983b2a11 uclient-http: follow 303 and 308 redirects 070c868486dc uclient-fetch: finalize request on invalid 206 Content-Range 83659a5a9bc1 uclient-fetch: concatenate multiple URLs into a single -O file 43bed2753998 ucode: don't leak string references in status()/get_headers() 03b17e4fc793 uclient-fetch: attach credentials to the proxy target, not the proxy 74c07b12f7ab uclient-fetch: don't run the progress meter in spider mode daad21fa2c17 uclient-fetch: handle init_request failure on the 204 resume retry
Anna Kiri [Mon, 8 Jun 2026 09:07:05 +0000 (11:07 +0200)]
mtd: fix buffer leak and fd leak in mtd_dump()
Two leaks in mtd_dump():
- The buffer allocated with malloc(erasesize) is never freed before
returning, leaking erasesize bytes on every call.
- The pre-existing malloc-NULL early return path also leaked the just-
opened fd by returning directly instead of going through cleanup.
Initialize buf to NULL, route the malloc-NULL case through the
existing 'out:' label, and add free(buf) on the cleanup path so both
fd and buf are released consistently on every exit.
Anna Kiri [Mon, 8 Jun 2026 09:06:32 +0000 (11:06 +0200)]
mtd: check malloc() return value in mtd_check()
After malloc(erasesize) in mtd_check(), the result was never checked
for NULL. On allocation failure, the buf pointer remained NULL and
would later be used in image_check() via read(imagefd, buf + buflen,
...), causing a NULL pointer dereference.
Add a NULL check after the allocation and return early. The early
return path also closes the just-opened fd and frees the strdup'd
colon-separated device-list copy to avoid leaks.
Anna Kiri [Mon, 8 Jun 2026 09:05:55 +0000 (11:05 +0200)]
mtd: check return values of lseek() and write() in mtd_write_buffer()
Two ignored return values in mtd_write_buffer() caused silent failures:
- lseek() return value was ignored. A failed seek (e.g. EBADF, ESPIPE)
followed by write() would silently write at the wrong offset.
- write() return value was ignored, silently discarding write errors.
This could lead to data corruption on the MTD device without any
indication.
Check both return values, report errors to stderr and return -1 on
failure.
Improve some descriptions so that they make the purpose of the
particular firmware package clearer to the user (e.g. as viewed in
verbose package listings).
Grische [Sun, 3 May 2026 14:34:46 +0000 (16:34 +0200)]
ipq806x: ap3935: disable hibernation on LAN1
The Extreme Networks AP3935's LAN1 port (gmac0/RGMII to AR8035 at MDIO
addr 1) fails to acquire a link if no Ethernet cable is connected at
power-on; the port stays dead even after a cable is later inserted, and
only a network restart recovers it.
The AR803x family enables hibernation mode by default, this setting
overrides it.
Jonas Jelonek [Tue, 2 Jun 2026 21:44:22 +0000 (21:44 +0000)]
realtek: pcs: replace __free() auto-cleanup stuff
Upstream netdev maintainers disregard both variable declarations
mid-function and usage of __free() for auto-cleanup [1]. To avoid any
pain when trying to upstream the PCS driver at some point, adjust that
now before forgetting it.
John Audia [Sat, 6 Jun 2026 12:17:46 +0000 (08:17 -0400)]
x86/64: config-6.18 remove obsolete options from config
Remove some dead weight from the config due to changes in the CRYPTO API
in 6.18. These are now internal library optimizations rather than selectable
algorithms, the corresponding Kconfig options were removed.
Andre Heider [Wed, 1 Apr 2026 13:13:40 +0000 (15:13 +0200)]
kernel/omap: restore files for v6.12
This is an automatically generated commit which aids following Kernel patch
history, as git will see the move and copy as a rename thus defeating the
purpose.
For the original discussion see:
https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
ramips: enable fw_printenv for D-Link COVR-X1860 A1
Vendor U-Boot stores its environment at offset 0x2000 inside the
"config" partition (size 0x4000). The offset is not erase-block
aligned, so the fw_env tool's alignment check rejects the natural
secsize=0x20000. Declaring secsize=0x2000 passes the check, lets
fw_printenv read the real env (factory_mac, hw_version,
bundle_number, ...), and causes fw_setenv to fail cleanly on erase
rather than corrupting anything (the kernel rejects sub-erase-block
MEMERASE).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Signed-off-by: Florian Maurer <fmaurer@disroot.org> Link: https://github.com/openwrt/openwrt/pull/23192 Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
Fabian Groffen [Fri, 6 Mar 2026 15:27:03 +0000 (16:27 +0100)]
ramips: expand storage space on U6 lite
While still sufficient for the base image, space runs out quickly with
the ~15MiB available in kernel0. The identical space in kernel1 is
unused, and standard installation instructions flash to both areas so it
isn't an easy fallback to stock either.
Merge the regions for kernel0 and kernel1 so there's more space
available to the user to install packages and some data.
* Remove ca-certificates-local example (closes: #988912, #1127101).
* Update Mozilla certificate authority bundle to version 2.86
The following certificate authority was added (+):
+ e-Szigno TLS Root CA 2023
The following certificate authorities were removed (-):
- QuoVadis Root CA 2
- QuoVadis Root CA 3
- DigiCert Assured ID Root CA
- DigiCert Global Root CA
- DigiCert High Assurance EV Root CA
- SwissSign Gold CA - G2
- SecureTrust CA
- Secure Global CA
- COMODO Certification Authority
- Certigna
- certSIGN ROOT CA
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- TeliaSonera Root CA v1
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- Trustwave Global Certification Authority
- Trustwave Global ECC P256 Certification Authority
- Trustwave Global ECC P384 Certification Authority
- GLOBALTRUST 2020
- GTS Root R2
- FIRMAPROFESIONAL CA ROOT-A WEB
The following certificate authority was renamed (~):
~ "OISTE Server Root RSA G1" (removed leading space)
Ryan Leung [Sun, 7 Jun 2026 02:22:33 +0000 (10:22 +0800)]
ramips: yuncore 1200f: fix label-mac-device alias and remove comments
Fix label-mac-device alias (from "label-mac") and remove MAC address comments.
Fixes: 1ba7b38cfc82 ("ramips: add support for Yuncore 1200F") Signed-off-by: Ryan Leung <untilscour@protonmail.com> Link: https://github.com/openwrt/openwrt/pull/23691 Signed-off-by: Jonas Jelonek <jelonek.jonas@gmail.com>
A network interface card (NIC) hardware ring of the Realtek Otto switch
SoCs is nothing more than a list of pointers to the ring headers. I.E.
address | content | comment
--------+-----------+------------------------
x + 0 | pointer 0 | points to ring header 0
x + 4 | pointer 1 | points to ring header 1
...
x + 4*n | pointer n | points to ring header n
Headers must be 4 byte aligend. So the lower two bits of the pointers
are unused. Hardware designers desided to give them special meanings.
- Bit 0: Owner of this ring entry, 1 = hardware, 0 = software
- Bit 1: Wrap, 1 = last ring pointer, 0 = normal ring pointer
The driver uses constant defines with slightly confusing naming. Replace
OWN_CPU with OWN_HW to make clear what it is about. Align prefix and
make the defines bitmasks for better readability.
The Yuncore 1200F is an outdoor 802.11ac access point based on the
MediaTek MT7628AN SoC with an MT7663E PCIe 5 GHz radio. The device is
also sold under the KuWFi AP1200F name.
Network:
- LAN: eth0.1, switch port 4
- WAN: eth0.2, switch port 3
Installation:
- Build the sysupgrade image:
openwrt-ramips-mt76x8-yuncore_1200f-squashfs-sysupgrade.bin
- The stock firmware provides a U-Boot recovery web interface. It can be
entered by holding the reset button while powering on the device. Connect to
http://192.168.0.100/ and upload openwrt-sysupgrade.bin file.
Recovery:
- Reverting to stock firmware has not been tested.
The 5 GHz radio is detected as PCI ID 14c3:7663 and uses mt7615e
together with the MT7663 AP firmware. kmod-mt76x2 is explicitly
excluded because this board uses MT7663E, not MT76x2.
Tested:
- Build succeeds for ramips/mt76x8
- Sysupgrade image boots
- Ethernet LAN/WAN work
- 2.4 GHz AP starts on phy0
- 5 GHz AP starts on phy1
- Stable MAC addresses are assigned to Ethernet, phy0 and phy1
Jonas Jelonek [Fri, 5 Jun 2026 22:15:13 +0000 (22:15 +0000)]
realtek: pcs: rtl931x: enable XSGMII setup
The setup path has been adjusted before to at least not break a working
XSGMII setup. On the currently single affected device, the U-boot
pre-init runs unconditionally anyway. Thus, we can drop the top-level
gate and let our driver "setup" this mode. This enables further
structural changes.
Jonas Jelonek [Fri, 5 Jun 2026 22:09:07 +0000 (22:09 +0000)]
realtek: pcs: rtl931x: fix media config for XSGMII
While this doesn't claim to be a standalone setup for XSGMII, at least
it doesn't break the working XSGMII setup from U-boot on Linksys
LGS352C, the currently only supported device using this mode. Later
during further refactoring, this should be improved to make sure
everything is properly set.
Jonas Jelonek [Thu, 4 Jun 2026 22:32:07 +0000 (22:32 +0000)]
realtek: pcs: rtl931x: release IP mode force-lock for XSGMII
rtpcs_931x_sds_deactivate() forces the SerDes IP mode register to OFF
(force-bit set, mode OFF) via apply_ip_mode(OFF). For IP-driven modes a
subsequent bring-up re-asserts the force-bit with the target mode, so the
lock is released. XSGMII, however, is MAC-driven: rtpcs_931x_sds_set_mode
only wrote the MAC mode and never released the IP force-lock, leaving the
IP block pinned OFF. XSGMII therefore only worked when the bootloader had
already configured the SerDes before deactivate ran.
Route the XSGMII branch through rtpcs_93xx_sds_set_mac_driven_mode(),
which unforces the IP mode (page 0x1f reg 0x09 bit 6) before writing the
MAC mode -- the same fix applied to RTL930x in 383c4469e4fd.
The MAC-driven set_mode path on RTL930x performs three steps: release the
IP mode force-lock so the MAC side takes over (deactivate forces IP=OFF),
write the MAC mode, then apply the USXGMII submode for modes that need
one. Pull these into a shared rtpcs_93xx_sds_set_mac_driven_mode() helper.
No functional change: rtpcs_930x_sds_set_mode now calls the helper instead
of open-coding the sequence. This prepares the helper for reuse by the
RTL931x XSGMII path, which currently lacks the IP force-unlock and so is
left pinned OFF by a preceding deactivate.
Jonas Jelonek [Thu, 4 Jun 2026 17:59:04 +0000 (17:59 +0000)]
generic: mips: add pending patch to fix reboot
Add a pending hotfix to fix reboot functionality on MIPS platforms, at
least the Realtek target being affected.
The kernel bump from 6.18.33 to 6.18.34 introduced a backported commit
intending to fix a use-after-free issue [1]. As a side effect, it also
causes RCU to wait for CPUs which are already dead but RCU doesn't know
of.
The mutex file via '/tmp/.config_pending' should prevent the command
'/sbin/wifi config' from being called in the ieee80211 hotplug when loading
the kernel modules [1]. Since the file '/etc/board.json' does not yet exist
and could be incomplete.
The '/etc/board.json' file is modified in the '/sbin/wifi config' script.
This is only generated during the first boot when '/bin/config_generate' is
called.
This whole handling is unclean. Therefore the creation of the default
configuration '/etc/config/network', '/etc/config/system' and
'/etc/board.json' via '/sbin/config_generate' is moved to the preinint
after the rootfile system has been mounted
The advantage now is that on an ieee80211 hotplug event, the
'/etc/board.json' is already present which simplifies the whole thing.
- Aggregated per-family (lan/wan/wlan).
- Family and flags are taken from device tree properties:
- "family" : simple family string "lan" | "wan" | "wlan"
- "mode" : any combination of "link", "tx", "rx" flags
Priority/combination:
* If "mode" present: flags come from "mode" and take precedence.
Family is taken from "family" if present, otherwise from the LED name.
* If only "family" present: use its family and default flags = link+tx+rx.
* If neither present: fall back to LED device name parsing.
- Suffix "-online" is valid ONLY in the LED name (label),
e.g. "green:wlan-online". It indicates the online variant but is applied
only when DT "mode" is absent.
Behaviour:
- wlan (normal): blink/solid driven by throughput table
- lan/wan (normal): one-shot blink on TX/RX packet change
- *-online variants: steady ON while any interface of the family has carrier
Interfaces are auto-tracked by name match (lan0, wan1, wlan2, phy0, wl1,
ath0, ra0...). Up to MAX_IFACES (16) interfaces per family
This trigger is intended for board/device authors and drivers to provide simple
network-activity LED behaviour without per-interface wiring in userspace.
Refresh bcm27xx patches in the same commit to account for line shifts in
drivers/leds/trigger/Kconfig and Makefile, ensuring clean applies for
bisectability.
Hafiz Zafran [Sat, 30 May 2026 22:31:08 +0000 (06:31 +0800)]
wireless-regdb: update to version 2026.05.30
Change-log since version 2026.03.18, retrieved from the wireless-regdb mailing lists:
wireless-regdb: update regulatory database based on preceding changes
wireless-regdb: Update regulatory info for Brunei Darussalam (BN) for 2022
wireless-regdb: allow 320MHz channel width for Russia
wireless-regdb: Update 6 GHz rules for Hong Kong (HK)
wireless-regdb: Update 5/6 GHz power rules for Russia (RU)
wireless-regdb: Fix 60 GHz power unit for Ukraine (UA)
wireless-regdb: Update 6 GHz rules for South Africa (ZA)
wireless-regdb: Update 6 GHz rules for South Korea (KR)
wireless-regdb: Update regulatory rules for Sri Lanka (LK)
wireless-regdb: Add regulatory info for CEPT countries FO, GI, IM, SM and VA listed by WiFi Alliance
Hauke Mehrtens [Wed, 3 Jun 2026 23:40:29 +0000 (01:40 +0200)]
odhcp6c: update to Git HEAD (2026-06-04)
08bd058e0246 ra: skip malformed options instead of aborting RA processing 2550a1dd276e dhcpv6: fix inverted Authentication option validation in Reply 496e55d43de6 dhcpv6: use host-order option length in Authentication validation b6f0c70f5fc2 dhcpv6: fix out-of-bounds end pointer when parsing IA in Advertise 92fd11cd9547 dhcpv6: fix OOB read and 1-byte heap overflow on captive-portal option 0dab8feec55a ra: fix OOB read on captive-portal option comparison a4d6a3232c24 script: fix string_to_env writing garbage and reading past input 2521bf732b9f script: avoid kill(0) when SIGCHLD races script_call 56cec7a15816 odhcp6c: drop stale hash_ifname() declaration 49d9c0112bb8 odhcp6c: propagate allocation failure from insert_state 4bd976fd60c0 dhcpv6: ensure hostname buffer is NUL-terminated for dn_comp 6d12865fb89c ubus: validate element type when parsing reconfigure_dhcp opt_send 01130f80338a script: handle allocation failures in env helpers 0a19052dc9fb odhcp6c: refuse to follow symlinks when writing pidfile d6c2fbdc255c odhcp6c: skip malformed /proc/net/if_inet6 entries b6add6c0e30e dhcpv6: avoid signed-shift undefined behaviour in IAID derivation ce52fe118b13 ubus: clear cached object type id on disconnect 91f88c694f6f config: stop mutating caller-supplied buffers in send-options parser c938c168cbef script: handle fork() failure when launching state script 1546a48255b2 ubus: avoid out-of-bounds read when serializing captive-portal URI 3270f081039d all: fix inverted captive-portal URI equality check (RFC 8910 §3) e9a9e9d45f38 odhcp6c: bound the address length when parsing the -P argument 5ad94c86e864 script: walk entries with odhcp6c_next_entry in entry_to_env df4f199c02fc ubus: walk entries correctly and don't leak an open table in entry_to_blob 6c1c4c48d4a2 ubus: don't leak an open table on malformed S46 rule/bind in s46_to_blob 1797d2bca3c0 odhcp6c: remove pidfile on exit 86a6665e4bb0 ra: clear captive-portal state when router signals unrestricted URI 0a4e51db30d5 dhcpv6: require known SERVERID when validating Reconfigure afc3c8534864 dhcpv6: reject Reconfigure with malformed or duplicate Message option df27a49c98d8 dhcpv6: enforce monotonic replay counter on Reconfigure RKAP 9177f236c2d7 odhcp6c: do not treat DHCPv6 option type 0 as end-of-list daf4ec3054e7 example: write all DNS servers to resolv.conf
Hauke Mehrtens [Wed, 3 Jun 2026 23:41:05 +0000 (01:41 +0200)]
rpcd: update to Git HEAD (2026-06-04)
69b62b1990bc rpc-sys: packagelist: increase input buffer size e655a0d69492 exec: defer async reply teardown to avoid use-after-free 5b078674a592 optimize by reusing timeout member d005c885dbe4 session: clamp uloop timeout to avoid int overflow a545f008da91 ucode: add request.defer() for async method handling ab6549a99c7c file: avoid sending uninitialized stack memory for broken symlinks 7af2dd81cd53 main: prevent integer overflow when parsing -t timeout argument 680705e4b76d plugin: use snprintf in ubus lookup callback to prevent buffer overflow fb0302dc0e51 session: detect short read of /dev/urandom in rpc_random() dc091afa5860 rpc-sys: packagelist: check calloc() result for world array 4fbd48515d6a rpc-sys: packagelist: avoid size_t underflow when stripping ABI version 46fce7d5efc9 ucode: fix off-by-one truncation of generated ubus object type name 26dba5206e17 exec: prevent double close() of exec pipe descriptors af5d6f431186 uci: prevent integer overflow of client supplied apply timeout d06d2a81dc29 rc: fix memory leak of list request context 0de666811559 rc: copy list "name" filter to avoid use-after-free 75470f4b5124 rc: use a per-request blob_buf for the list reply 3037a0e36856 treat exec failures in forked children with _exit() instead of return f5ffec54d7c7 rc: reap killed child on list "running" check timeout fd4fcdeb186b rpc-sys: packagelist: close status file on world parsing error paths e22aea1a51df rpc-sys: packagelist: read world file instead of mmap to avoid SIGBUS 79c8087c8e8e file: avoid zero-length b64_decode() on empty write data cd1d9588da63 ucode: bound recursion when converting blob arguments to ucode values 2decaec3ef1b iwinfo: fix error handling and backend leak in survey 28faf6403792 cast char arguments to unsigned char for ctype.h functions
Dixiao-L [Tue, 2 Jun 2026 13:17:54 +0000 (21:17 +0800)]
ramips: fix Phicomm K2G WAN by enabling rgmii1
The K2G's WAN port is an external RTL8211F gigabit PHY on switch
port 5, reached over the SoC's rgmii1 pins. The device tree only
requests rgmii2_pins though, so nothing ever claims rgmii1 and the
pins keep whatever the bootloader left them as.
When rgmii1 is muxed to GPIO the WAN port comes up but receives
nothing: port 5 RxGPC stays at 0 and wan never gets a DHCP lease.
rgmii1 vs GPIO is GPIOMODE (SYSC + 0x60) bit 9. Requesting
rgmii1_pins makes the pinmux driver clear it, which is enough to
get the WAN RX path working again. The rgmii1 pads (GPIO 24-35)
aren't used for anything else on this board.
Tested on a K2G: WAN gets a DHCP lease and passes traffic.
Shine [Thu, 19 Mar 2026 07:53:44 +0000 (08:53 +0100)]
mpc85xx: p1010: TL-WDR4900v1: DTS update for RFKILL switch
The TL-WDR4900v1, like many other similarly-aged TP-Link devices, is
using a flipswitch for toggling WiFi, not a pushbutton. Update the DTS
to reflect that. The debounce time used here has been chosen based on
other supported (but different target) TP-Link devices that are using
such a flipswitch.
Requires usage of the gpio-button-hotplug driver to work.
Fixes: #13552 Signed-off-by: Shine <4c.fce2@proton.me> Tested-by: Edward Chow <equu@openmail.cc> Link: https://github.com/openwrt/openwrt/pull/22494 Signed-off-by: Robert Marko <robimarko@gmail.com>
Shine [Thu, 19 Mar 2026 07:38:40 +0000 (08:38 +0100)]
mpc85xx: use gpio-button-hotplug as input subsystem
This replaces the standard Linux input subsystem with the
gpio-button-hotplug driver, which is already used with most other
targets for over a decade. While reducing overhead and resource
pressure especially for resource-constrained devices, this will
also allow for configuring things like flip-switches, in addition
to standard pushbuttons.
Will be required for a following commit.
Signed-off-by: Shine <4c.fce2@proton.me> Tested-by: Edward Chow <equu@openmail.cc> Link: https://github.com/openwrt/openwrt/pull/22494 Signed-off-by: Robert Marko <robimarko@gmail.com>
Disable Ampere cpu core errata. According to the documentation[1],
AC03_CPU_38 applies only to AmpereOne and AmpereOne AC4 cores.
1. https://github.com/torvalds/linux/blob/master/Documentation/arch/arm64/silicon-errata.rst Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl> Link: https://github.com/openwrt/openwrt/pull/23665 Signed-off-by: Robert Marko <robimarko@gmail.com>
Kenneth Kasilag [Wed, 3 Jun 2026 08:04:02 +0000 (08:04 +0000)]
airoha: use kernel 6.18 by default and drop 6.12
Switch the airoha target to use kernel 6.18 and drop 6.12.
This removes a large amount of patches that have since been
merged to upstream; and removes the build system hack used
to support building 6.12 and 6.18 with a slightly different
DTS and package configuration.
Roland Reinl [Thu, 16 Apr 2026 19:11:46 +0000 (21:11 +0200)]
ipq40xx: add support for Linksys MR9000
This pull request is based on
- the discussions in https://forum.openwrt.org/t/support-for-the-linksys-mr9000
Device Specs:
- Router is similar to EA8300 but with 512MB RAM and changed GPIOs
- IPQ4019
- Quad Core CPU
- 512 MB RAM
- 256 MB FLASH
- 4 LAN ports, 1 WAN port
- 1x2.4GHz (802.11n) and 2x5GHz (802.11c) wifi
- 3 LEDs (Red, blue, green) which are routed to one indicator at the top of the case
- 2 buttons (Reset, WPS)
Disassembling the device:
- There are 4 T10 screws at the bottom of the device which must be removed
- All 4 screws are located under the rubber feet
Serial interface:
- The serial interface is already populated on the device with a 5-pin header
- Pinout from front to back: 1:GND, 2: unknown, 3: RX, 4: TX, 5: VCC
- Settings: 115200, 8N1
MAC address layout:
- Same as on MR8300
- MAC address is stored in the "devinfo" partition (entry "hw_mac_addr")
- The MAC address on the label is identical with the one in the devinfo partition
- The MAC address on the label is the WAN MAC address
- LAN MAC address is the one from the label + 1
- Wifi (2.4GHz) MAC is the one from the label + 2
- Wifi (1st 5GHz) MAC is the one from the label + 3
- Wifi (2nd 5GHz) MAC is the one from the label + 4
Migrating to OpenWrt requires multiple steps:
- Load and boot the initramfs image
- Adapt U-Boot settings to support bigger kernels
- Flash the sysupgrade image
Load and boot initramfs:
- Connect serial interface
- Set up a TFTP server on IP 192.168.1.254
- Copy openwrt-ipq40xx-generic-linksys_mr9000-initramfs-zImage.itb to TFTP server
- Rename file to C0A80101.img
- Boot up the device and stop in U-Boot
- Run the following U-Boot commands after a link has been established:
tftp
bootm
- Initramfs image is started now.
Adapt U-Boot settings to support bigger kernels:
- Run "fw_printenv" in the initramfs image after booting
- There should be an entry kernsize=300000 which indicates the maximum size for the kernel is 3MB
- Execute "fw_setenv kernsize 500000" to increase the max kernel size to 5MB
- Check that the change are applied with "fw_printenv"
Flash the sysupgrade image:
- Default sysupgrade routine either with a initramfs image containing LuCI or via command line.
Revert back to OEM firmware:
- Flash the OEM firmware via sysupgrade
- Forced update is required
Signed-off-by: Karsten Rehn <rekados@posteo.de> Signed-off-by: Roland Reinl <reinlroland+github@gmail.com> Link: https://github.com/openwrt/openwrt/pull/22744 Signed-off-by: Robert Marko <robimarko@gmail.com>
Mateusz Jończyk [Fri, 20 Mar 2026 22:37:44 +0000 (23:37 +0100)]
ramips: mt7621: build .trx image for ASUS RT-AX53U
Build an initramfs-factory.trx image suitable for flashing directly via
the vendor firmware WebGUI, without using TFTP or SSH.
To use:
1. Flash the initramfs-factory.trx file with the vendor firmware
administrative interface.
2. Wait until the router restarts, login to OpenWRT via LuCI (or SSH)
and upgrade firmware using the sysupgrade-squashfs.bin image file.
It is necessary to use TRX version 2, which has a kernel size limit of
16MB (TRX version 3 is rejected by vendor firmware). To avoid stopping
the whole build when the input file turns out larger, check in the
Build/asus-trx macro if check-size removed the input file and don't
error out in this case.
Note: It should be possible to prepare an image to flash the router in
one step, but this will be more complicated, because vendor firmware and
OpenWRT use a slightly different partition layout.
Qingfang Deng [Mon, 1 Jun 2026 05:32:17 +0000 (13:32 +0800)]
kernel: fix WED offloaded flow timeout refresh
Add a pending patch to fix the WED flow timeout.
OpenWrt has recently migrated many platforms to kernel 6.18. On the
MediaTek platform, which supports hardware network offloading, WiFi
connections accelerated via the WED path were observed to drop after
roughly 300 seconds.
After several debugging sessions, assisted by the Claude LLM, the
problem was narrowed down as follows:
nf_flow_table_extend_ct_timeout() extends ct->timeout for offloaded
flows using:
cmpxchg(&ct->timeout, expires, new_timeout);
'expires' comes from nf_ct_expires(ct) and is a relative value, while
ct->timeout holds an absolute timestamp. The two are never equal, so
the cmpxchg always fails and the timeout is never extended.
This goes unnoticed for most flows, but a long-lived hardware (WED)
offloaded flow on MediaTek MT7986 eventually has ct->timeout decay to
zero, the conntrack entry is reaped and the connection breaks.
Open-code the relative value from a single READ_ONCE(ct->timeout)
snapshot and compare against that same absolute snapshot in the
cmpxchg, so the timeout extension actually takes effect while the
datapath remains authoritative if it updates ct->timeout concurrently.
Move the $(eval $(call Download,ath11k-legacy-firmware)) from inside
Build/Prepare to the top level, right after the Download definition.
When the eval is inside Build/Prepare, it only runs at recipe execution
time (during compilation). This makes the legacy firmware source
invisible to 'make download', which only evaluates Download definitions
at Makefile parse time. As a result, offline builds fail because the
source was never fetched during the download phase.
This is consistent with how ath10k-ct-firmware handles multiple
Download definitions (all at top level).
The AHB reset quirk was added to the ESS switch driver to work around an
issue a fixed link wasn't setup properly. However, this workaround is no
longer needed as the actual issue was in the QCA8K DSA switch driver on
the other end which has been fixed.
This reverts commit 273bd3463c74 ("qualcommax: ipq50xx: prepare for UNIPHY reset fix")
qualcommax: ipq50xx: Add force mode support for qca8k switch
Force mode is required to support fixed links between the SoC's MAC and
the qca8k switch. As such, add support for force mode in the qca8k DSA
driver and remove the workaround patch that always enables SGMII
auto-negotiation.
build: fix recipe line break in wrap_mirror fallback path
Commit 042996b46b ("build: stricter hash validation on download")
refactored the $(if) in wrap_mirror from a single line to multiple lines.
The else branch (used when MIRROR is empty) was moved to a new line without
a trailing backslash on the preceding line. This causes download methods
that use wrap_mirror (e.g. git) to fail when PKG_SOURCE_MIRROR is 0:
SHELL= flock ...flock -c ' ...
bash: -c: line 1: unexpected EOF while looking for matching `''
The fix is to add the missing \ to the else branch.
toolchain/gcc: backport libsanitizer struct termio fix for glibc 2.43
glibc 2.43 no longer exposes struct termio (the old UNIX System V
terminal struct) through <termios.h>. This breaks the GCC 14
libsanitizer build which uses sizeof(struct termio) and registers
ioctl interceptors for the legacy TCGETA/TCSETA/TCSETAF/TCSETAW
ioctls that operated on struct termio.
GCC 15 already dropped these references. Backport that removal to
the GCC 14 patch series.
Mark Mentovai [Mon, 1 Jun 2026 14:30:17 +0000 (10:30 -0400)]
kernel: don't disable stack validation in cross builds
c3e31b6a9b04 (2019-07-03), 5f8e5872406d (2019-10-02), and 802bfe080678
(2022-10-20) disabled kernel stack validation when the build host was
not running Linux, as the objtool kernel build tool required for stack
validation was not portable to other build host environments. This is no
longer true, and it is not necessary to attempt to disable kernel stack
validation any longer.
Mark Mentovai [Fri, 29 May 2026 16:56:42 +0000 (12:56 -0400)]
kernel: fix gen_init_cpio build on macOS hosts
Kernel ae18b94099b0 (2025-08-20, in 6.18) introduced a dependency on the
Linux-specific O_LARGEFILE, and kernel 97169cd6d95b (2025-08-20, in
6.18) introduced a dependency on the Linux-specific copy_file_range.
Both of these commits were a part of the
https://lore.kernel.org/all/20250819032607.28727-1-ddiss@suse.de/
series. These new dependencies may not be available on non-Linux
systems, although it is possible to cross-build Linux on non-Linux build
hosts, and it is appropriate to run tools like gen_init_cpio on such
build hosts. It is straightforward to avoid these Linux-specific
features when not building on Linux.
This fixes:
HOSTCC usr/gen_init_cpio
usr/gen_init_cpio.c:460:16: error: call to undeclared
function 'copy_file_range'; ISO C99 and later do not support implicit
function declarations [-Wimplicit-function-declaration]
460 | this_read = copy_file_range(file, NULL, outfd, N...
| ^
usr/gen_init_cpio.c:677:31: error: use of undeclared
identifier 'O_LARGEFILE'
677 | O_WRONLY | O_CREAT | O_LARGEFILE | O_TRUNC,
| ^~~~~~~~~~~
2 errors generated.
gmake[7]: *** [scripts/Makefile.host:114: usr/gen_init_cpio] Error 1
Mark Mentovai [Mon, 1 Jun 2026 13:16:59 +0000 (09:16 -0400)]
kernel: fix objtool build on macOS hosts
Since kernel 5a406031d0719 (2025-03-17, in 6.15), objtool calls
sendfile, but sendfile is Linux-specific and a sendfile with the
requisite capabilities is not available on other operating systems.
Provide a more portable fallback implementation to be used when
cross-building on non-Linux hosts.
This fixes:
CC …/linux-6.18.33/tools/objtool/builtin-check.o
builtin-check.c:13:10: fatal error: 'sys/sendfile.h' file
not found
13 | #include <sys/sendfile.h>
| ^~~~~~~~~~~~~~~~
1 error generated.
gmake[8]: *** […/linux-6.18.33/tools/build/Makefile.build:86: …/linux-6.18.33/tools/objtool/builtin-check.o] Error 1
Fixes: https://github.com/openwrt/openwrt/issues/23356 Signed-off-by: Mark Mentovai <mark@mentovai.com> Link: https://github.com/openwrt/openwrt/pull/23612 Signed-off-by: Robert Marko <robimarko@gmail.com>
Seo Suchan [Wed, 3 Jun 2026 11:00:40 +0000 (20:00 +0900)]
libxml2: update to 2.15.3
Update to latest release. new maintainer upstream didn't make changelog, so see https://gitlab.gnome.org/GNOME/libxml2/-/commits/2.15?ref_type=heads for commits betwwen 2.15.1 and 2.15.3
John Crispin [Mon, 25 May 2026 09:35:10 +0000 (11:35 +0200)]
unetd: cli: convey network name from inviter to joiner
The unet CLI's join handler used the joiner's --network value as the
local network name, so an unspecified --network fell back to the
literal 'unet'. The inviter typically uses a different name (e.g.
ucoord_<venue>), so the two sides ended up keyed differently and any
upper layer subscribing to the network-named unetmsg channel never
saw each other.
The inviter now passes enroll_info={ network } to enroll_start so
the inviter's network name rides along in enroll_meta. The joiner
prefers data.enroll_meta?.network when present, falling back to its
own --network value for backwards compatibility with older inviters.
Felix Fietkau [Fri, 22 May 2026 17:25:35 +0000 (17:25 +0000)]
procd: update to Git HEAD (2026-05-22)
ac5cc72f6cfa jail: mount ucode related bits into netifd jail 81119d3f249d instance: disable console logging 8013c0cd2755 jail: mount tools used by dhcp.sh in the netifd jail 876981d0516d jail: fix reading the oci device gid value c92dbcd460d7 jail: make /dev/tty accessible by others 74bfbee8adb8 service: fix calloc_a argument
Between the upgrade from 6.12 to 6.18, the airoha-cpufreq driver
now has a `-Wincompatible-pointer-types` error while building due
to the `802-OPP-Provide-old-opp-to-config_clks-on-_set_opp` patch.
This patch revises the driver with the proper signature.
Due to hardware bugs, the PCIE Gen3 IP in Airoha AN7581 requires a
special reset procedure:
> MAC reset asserted thru the SCU block
> PERST asserted thru the SCU for the desired PCIE lane
> PHY initialization runs, clocks enabled
> MAC reset deasserted
> EQ config (if needed) written
> PERST deasserted
The existing code currently toggles PERST for all three PCIE
ports every time mtk_pcie_en7581_power_up is called, resulting
in PCIE link down issues.
This issue was discovered during porting of the 6.18 kernel to
AN7581. It is not entirely clear how the hardware seemed to
function under kernel 6.12 with similar driver code, it is
presumed that differences in assert/deassert times for PERST in
6.18 changed which exposed the bug.
Kenneth Kasilag [Wed, 3 Jun 2026 00:25:28 +0000 (00:25 +0000)]
kernel/airoha: restore files for v6.12
This is an automatically generated commit which aids following Kernel patch
history, as git will see the move and copy as a rename thus defeating the
purpose.
For the original discussion see:
https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
Anna Kiri [Tue, 26 May 2026 17:10:36 +0000 (19:10 +0200)]
mtd: imagetag: remove unused imagestart variable
The imagestart variable was assigned sizeof(tag) (which incorrectly
computed the pointer size rather than the struct size), but was never
actually read after the assignment in either trx_fixup() or
mtd_fixtrx(). The CRC calculations that follow use
offsetof(struct bcm_tag, header_crc) directly.
Remove the dead variable and its assignments entirely rather than fixing
the sizeof expression. No functional change.
see https://github.com/openwrt/openwrt/pull/17107 for updating config
Config refresh:
Refresh commands, run after busybox is first built once, slash or lack of slash at end of path matters!:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.38.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.38.0/.config > Config-defaults.in
Manual edits needed after config refresh:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
* Config-defaults.in: correct the default ports that get reset
BUSYBOX_DEFAULT_FEATURE_HTTPD_PORT_DEFAULT 80
BUSYBOX_DEFAULT_FEATURE_TELNETD_PORT_DEFAULT 23
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in: change at "Options common to all shells" the conditional symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit a few Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)
Paul Spooren [Sat, 30 May 2026 09:16:08 +0000 (11:16 +0200)]
build: derive PKG_SOURCE_DATE_EPOCH from the unpacked source tree
Previously PKG_SOURCE_DATE_EPOCH came from a git log on the OpenWrt
package directory. That fails in shallow feed clones and in the SDK
(no .git), collapsing to the script's mtime and breaking .apk
reproducibility across SDK rebuilds and between buildbot and SDK.
With this comment, PKG_UNPACK generates a version.date file, later used to
determine a reproducible SOURCE_DATE_EPOCH. Since unpack happens after
download, the evaluation of SOURCE_DATE_EPOCH is now lazy, invoking the
`get_source_date_epoch.sh` script on every use.
While at it, drop export of PKG_SOURCE_DATE_EPOCH and clean it from the
ipkg-build script.
Rustam Adilov [Sun, 3 May 2026 09:45:17 +0000 (14:45 +0500)]
realtek: clk: change to __raw reads and writes
The clk driver uses the ioread32 and iowrite32 for register access to
switchcore and SoC bases. This works but if at some point the target
wants to enable CONFIG_SWAP_IO_SPACE, the register access breaks as
ioread32/iowrite32 would be operating in little endian as opposed
to the intended native endian.
Fix it by replacing the ioread32/iowrite32 used in register access macros
to a __raw variant which aligns with what upstream use for native endian
access to registers.
Rustam Adilov [Sun, 3 May 2026 09:35:25 +0000 (14:35 +0500)]
realtek: arch: rtl-otto: change to __raw reads and writes
The realtek target uses the readl and writel for register access to
switchcore and SoC bases. This works but if at some point the target
wants to enable CONFIG_SWAP_IO_SPACE, the register access breaks as
readl/writel would be operating in little endian as opposed to native.
Fix it by replacing the readl/writel used in register access macros to
a __raw variant which aligns with what upstream use for native endian
access to registers.
There is currently a difference how upstream and downstream define
the switch in the dts. Downstream holds the switch as a member
node below a root switchcore parent. Upstream uses the switch as
the parent.
Align downstream to upstream and merge the ethernet-switch into
the parent node. For this to work adapt the port lookup in the MDIO
and PCS driver.
Remark! With this commit the boot process will give the spurious
error message "rtl838x_eth 1b000000.ethernet-switch:ethernet eth0:
Failed to create a device link to DSA switch 1b000000.ethernet-switch"
This comes from the fact that the switch is the parent of the ethernet
device. Thus a link back from ethernet device to the switch is no
longer possible. Testing shows that the error is just cosmetic.
Martin Schiller [Wed, 1 Apr 2026 07:41:12 +0000 (09:41 +0200)]
imx: add support for Kontron OSM-S/BL i.MX8MP
This adds support for the Kontron i.MX8MP OSM-S size system-on-module +
eval board.
CPU: NXP i.MX8MP @ 1600MHz (quad-core A53)
Memory: 4 (up to 8) GByte LPDDR4-RAM
Storage: 32 (up to 128) GByte eMMC + microSD slot
Ethernet: 2x 1 Gbit/s IEEE (1x with TSN)
UART: 1x UART console output on the Mini-B USB Debug Port
(signals are really UART on this Mini-B USB port!!!, there is
an adapter with ftdi available from Kontron)
1x RS232, 1x RS485
USB: 2x USB 2.0 Type-A, 1x USB 3.0 Type-C DRP
Misc: 8 (up to 128) kByte EEPROM (at24), RTC, 2x CAN, HDMI, 1x PCIe
This will create an SD card image for the board.
To use this image you have to bring the board to the recovery boot mode
(normal boot mode is eMMC). At the time of writing, the SoM (or the SoC)
has a bug that the FORCE_RECOVERY signal (switch S1 on the eval board)
doesn't work as long as the eMMC boot0 partition contains data.
Therefore you have to wipe this boot0 partition to be able to boot from
SD card. To do this call the following commands at uboot:
mmc dev 0 1
mmc erase 0 0x2000
After that, the system will try to boot from SD card.
Martin Schiller [Tue, 31 Mar 2026 11:46:30 +0000 (13:46 +0200)]
arm-trusted-firmware-imx: add new package
Build ATF images for i.MX8MP. Tested on Kontron OSM-S/BL i.MX8MP.
The default IMX_BOOT_UART_BASE for imx8mp platforms is 0x30890000, which
would be UART2. The Kontron board however uses UART3 as serial debug
console. As a result, after loading BL31 the system hangs.
Jonas Jelonek [Sun, 31 May 2026 20:38:00 +0000 (20:38 +0000)]
realtek: pcs: reject SerDes modes unsupported by the instance
Add a per-SerDes supported_modes bitmap, filled at probe by each
variant from the SerDes id or type, and reject unsupported modes in
determine_hw_mode() via test_bit().
This replaces the rtl838x is_hw_mode_supported() switch and adds the
same gating to rtl839x/rtl93xx, which previously relied only on the
per-variant mode-value table. Unlike that table, the bitmap is per
SerDes instance, so it also rejects modes the table can encode but that
a given SerDes cannot actually use. Rejection uses the uapi -EOPNOTSUPP
instead of the internal -ENOTSUPP.
Jonas Jelonek [Sun, 31 May 2026 19:14:43 +0000 (19:14 +0000)]
realtek: pcs: drop dead SerDes modes
SerDes modes HISGMII and QHSGMII are practically dead but were added/kept
for documentation purposes. However, these modes will likely never be
used and we have other documentation than in the code. Drop them to
reduce the modes to what we actually use.
Han Sol Jin [Fri, 20 Mar 2026 08:42:30 +0000 (01:42 -0700)]
mediatek: mt7622: enable CONFIG_MTD_VIRT_CONCAT
Some devices have a ton of unused space found in other partitions that
can be used to expand rootfs_data.
In particular, the D-Link DIR-X3260 device can squeeze another ~24MiB
from its backup partition, with a few tricks, allowing for ~48MiB of
usable space rather than ~24MiB by itself.
As of v25.12.1, with the official release build config, this gives us
~35MiB of rootfs_data, where without it there would only be ~11MiB.
Anna Kiri [Tue, 26 May 2026 17:25:14 +0000 (19:25 +0200)]
mtd: jffs2: add missing malloc NULL check
In mtd_replace_jffs2(), the return value of malloc(erasesize) is never
checked. If the allocation fails, buf remains NULL and the subsequent
memcpy(buf + ofs, ...) in add_data() will dereference NULL, causing a
segfault.
Add a NULL check and return -1 on allocation failure. Match the
diagnostic message used by the sibling mtd_write_jffs2() so the
out-of-memory cause is visible at the call site.
projects / thirdparty / openwrt.git / log
