Flash instructions:
* For using the default ext4 layout, boot into a live system using
tftpboot in u-boot and flash an OpenWrt SD image onto /dev/mmcblk0.
* For the Turris layout, put the new rootfs into subvolume '@', not
forgetting to add Image, device tree, and boot.scr to /boot.
Misc:
* USB connection is only for power. For UART access use the pin header:
1: GND
2: +1.8V
5: TX
6: RX
* Flashing the image onto Turris Shield won't work. Use Turris MOX image
instead.
Felix Fietkau [Tue, 6 Jan 2026 17:46:46 +0000 (18:46 +0100)]
wifi-scripts: move the "disabled" option to the wifi-iface section
This helps for setups where the wifi interfaces are added dynamically
via procd data by avoiding automatically bringing up interfaces with
the default config. Internally, they are treated pretty much the same
by netifd.
Felix Fietkau [Wed, 4 Feb 2026 10:34:55 +0000 (10:34 +0000)]
wifi-scripts: fix nested config accumulation in wdev_set_data
When storing device-level data, wdev_set_data() spread the entire wdev
object into handler_data. Since handler_config.data is set from the
previous handler_data[wdev.name] before each setup, this created
exponentially growing nesting with each reload, eventually causing
"nesting too deep" JSON parse errors.
Fix by initializing cur to a simple object containing only the device
name instead of the entire wdev object.
John Crispin [Fri, 19 Sep 2025 15:05:30 +0000 (17:05 +0200)]
wifi-scripts: refactor iwinfo.uc to support dynamic data updates
Moved interface discovery and data population into an exported update()
function that can be called on-demand to refresh wireless interface
information. This allows using iwinfo.uc as a library inside daemons.
Felix Fietkau [Fri, 13 Feb 2026 09:09:09 +0000 (09:09 +0000)]
uclient: update to Git HEAD (2026-02-13)
63413daa8760 uclient-http: fix HTTP authentication after deferred header processing 4fa6fae02f74 uclient-fetch: Extract opt_post variable 8df3120639a4 uclient-fetch: Use HEAD for --spider 0392dfc8e8c4 uclient-fetch: Support of --method, --body-data and --body-file 115c92824b6d uclient-fetch: add OPTIONS request type a1531e89f6c2 uclient-fetch: support for WebDAV methods
Fixes: https://github.com/openwrt/uclient/issues/14 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 88f3c0eeb0cd3335cd117accf09a2c3fd0470f4a)
Felix Fietkau [Sat, 31 Jan 2026 14:03:05 +0000 (14:03 +0000)]
uclient: update to Git HEAD (2026-01-31)
b3ee1209a3d0 uclient-http: reset fd to -1 after close in disconnect 9c2ad269c42b uclient-http: fix seq field check to use correct field 80c9bd29c233 uclient-http: fix hang on HTTP to HTTPS redirect 931bbfeb2c92 ucode: fix memory leak when using ssl context
Fixes: https://github.com/openwrt/uclient/issues/11 Fixes: https://github.com/openwrt/uclient/issues/13 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9d496dfb984dc645560bb86e5012de29e5efcc6f)
Felix Fietkau [Fri, 13 Feb 2026 09:09:06 +0000 (09:09 +0000)]
libubox: update to Git HEAD (2026-02-13)
d324c0503040 libubox: send warnings to stderr 5a65cb5a79b7 libubox: document positional arguments 8c7b489daa02 libubox: add anonymous strings, ints, et al in arrays 5ec7ff2effb3 uloop: use volatile sig_atomic_t for do_sigchld flag 0efa2cd3b74c usock: check SO_ERROR after poll in usock_inet_timeout() 1a73ded9f738 usock: fix timeout handling in usock_inet_timeout() 1aa36ee774c8 usock: implement RFC 8305 Happy Eyeballs for usock_inet_timeout()
Fixes: https://github.com/openwrt/uclient/issues/8 Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7bc8aa492f5d3a918c7890645ffd992eadf4c234)
John Crispin [Fri, 6 Feb 2026 07:41:49 +0000 (08:41 +0100)]
unetmsg: notify subscribers when remote peer connection drops
When a remote peer's connection drops (device powered off, unetmsgd
crash, network failure), network_rx_cleanup_state silently removed
the remote publish/subscribe handles without notifying local
subscribers. This meant local clients had no way to detect that a
remote peer had disappeared.
Call handle_publish for each channel where a remote publish handle
is removed during connection cleanup, so local subscribers receive
the publisher change notification and can react accordingly.
Felix Fietkau [Sat, 7 Feb 2026 08:02:24 +0000 (08:02 +0000)]
unetmsg: only send publish notifications for remote publisher changes
handle_publish() notifies local subscribers about publisher state
changes. The publish/subscribe handler in network_socket_handle_request()
was calling it for both remote publish and subscribe changes, but
subscriber changes are not relevant to local subscribers.
Guard the handle_publish() calls with a msgtype == "publish" check,
matching the local client paths in unetmsgd-client.uc which already
have this guard.
Felix Fietkau [Fri, 6 Feb 2026 10:12:31 +0000 (10:12 +0000)]
unetmsg: fix reconnect loop when RX authenticates before TX
When both peers connect simultaneously, the RX side can authenticate
before the TX handshake completes. network_check_auth() was sending a
ping on the unauthenticated TX channel, which gets rejected by the
remote's pre-auth handler as "Auth failed", killing the connection and
triggering an endless reconnect cycle.
Check chan.auth before interacting with the TX channel. If TX auth
hasn't completed yet, just schedule a reconnect timer - auth_data_cb
already handles state sync when TX auth completes.
Felix Fietkau [Fri, 6 Feb 2026 09:30:49 +0000 (09:30 +0000)]
unetmsg: close all channels on network removal
network_close() only closed the listening socket without shutting down
established RX/TX connections. This left remote state in
core.remote_publish/core.remote_subscribe for hosts on the removed
network, causing stale entries in channel listings and failed routing
attempts.
Close all RX and TX channels before removing the network, which also
triggers remote state cleanup via network_rx_socket_close().
Felix Fietkau [Fri, 6 Feb 2026 09:30:26 +0000 (09:30 +0000)]
unetmsg: fix inverted condition in network_rx_socket_close()
The cleanup condition checked != instead of ==, inverting the logic.
This caused two problems:
When an authenticated RX connection disconnected, remote state for that
host was never cleaned up since the stored entry matched the one being
closed.
When a stale unauthenticated connection from a peer closed, any existing
authenticated connection from the same peer was incorrectly deleted and
its remote state wiped.
Felix Fietkau [Fri, 6 Feb 2026 09:22:30 +0000 (09:22 +0000)]
unetmsg: fix publish notification timing around remote auth
When a remote peer's publish registrations arrive via RX before the
local TX connection is authenticated, handle_publish fires but the
subscriber can't reach the remote publisher yet since the TX channel
isn't ready.
Suppress publish notifications on the RX side when no authenticated TX
channel exists for the remote host. After TX authentication completes,
re-trigger handle_publish only for topics that the specific peer
publishes and that have local subscribers.
Felix Fietkau [Fri, 6 Feb 2026 09:17:50 +0000 (09:17 +0000)]
unetmsg: fix stale network cleanup in unetd_network_update()
The condition checked !data.networks instead of !data.networks[name],
making it always false since data.networks was already validated earlier
in the function. Networks removed from unetd were never closed.
Felix Fietkau [Sun, 4 Jan 2026 10:07:33 +0000 (10:07 +0000)]
unetmsg: add timeout for outgoing auth requests
Add a 10-second timeout for outgoing auth requests to prevent
connections from getting stuck when the remote peer goes silent
after the hello handshake but before responding to auth.
Rany Hany [Sun, 15 Feb 2026 16:29:17 +0000 (16:29 +0000)]
wifi-scripts: ucode: fix ieee80211w default
This should not be defaulted to anything in the schema.
What seemed like a minor cleanup actually broke this
as the schema defines a default value already. I did
not notice as I had this explictly set in my config.
A backport commit was missing which was backported upstream with
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.12.71&id=4ce768ac429ec1c2d4ba63a408fed454ed12b248
Rany Hany [Sat, 14 Feb 2026 09:12:19 +0000 (11:12 +0200)]
6in4: improve HE tunnel update procedure
- uclient-fetch timeout bumped from 5s to 15s. If we do not do this
we get flagged by HE as the update request is expensive and takes
more than 5s to execute. Currently 5s timeout causes uclient-fetch
to be killed prematurely as can be seen by the following log:
Installation
------------
1. Connect to the router using ssh (user: admin, pass: web interface
password)
2. Backup:
```
cat /dev/mtd0 | gzip -1 -c > /tmp/mtd0_spi0.0.bin.gz
cat /dev/mtd1 | gzip -1 -c > /tmp/mtd1_BL2.bin.gz
cat /dev/mtd2 | gzip -1 -c > /tmp/mtd2_u-boot-env.bin.gz
cat /dev/mtd3 | gzip -1 -c > /tmp/mtd3_Factory.bin.gz
cat /dev/mtd4 | gzip -1 -c > /tmp/mtd4_FIP.bin.gz
cat /dev/mtd5 | gzip -1 -c > /tmp/mtd5_ubi.bin.gz
```
3. Download mtd backup from the /tmp dir of the router to your PC using
scp protocol
4. Upload OpenWrt 'bl31-uboot.fip', 'preloader.bin' images to the /tmp
dir of the router using scp protocol
5. Write FIP and BL2 (replace bootloader):
```
mtd write /tmp/openwrt-mediatek-filogic-netis_nx32u-bl31-uboot.fip FIP
mtd write /tmp/openwrt-mediatek-filogic-netis_nx32u-preloader.bin BL2
```
6. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx32u-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
7. Erase 'ubi' partition and reboot the router:
mtd erase ubi
reboot
8. U-Boot automatically boot OpenWrt recovery image from tftp server to
the RAM
9. Upload OpenWrt 'sysupgrade.itb' image to the /tmp dir of the router
(IP: 192.168.1.1) using scp protocol
10. Connect to the router using ssh and run:
```
ubidetach -p /dev/mtd4; ubiformat /dev/mtd4 -y; ubiattach -p /dev/mtd4
ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
sysupgrade -n openwrt-mediatek-filogic-netis_nx32u-squashfs-sysupgrade.itb
```
Recovery
--------
1. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx32u-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
2. Press “Reset” button and power on the router. After ~10 sec release
the button.
3. Use OpenWrt initramfs system for recovery
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| LAN | dc:xx:xx:d1:xx:18 | label |
| WAN | dc:xx:xx:d1:xx:1a | label+2 |
| WLAN 2g | de:xx:xx:11:xx:19 | |
| WLAN 5g | de:xx:xx:71:xx:19 | |
+---------+-------------------+-----------+
The LAN MAC was found in 'Factory', 0x1fef20
The WAN MAC was found in 'Factory', 0x1fef26
The WLAN 2g/5g MAC prototype was found in 'Factory', 0x4
UART: internal test points, 3V3 115200 8N1 (RX, TX, GND)
Interface MAC Algorithm
LAN (label) 1c:bf:ce:xx:xx:x1 0x4
WAN 1c:bf:ce:xx:xx:x2 0xa
WLAN 2.4G 1c:bf:ce:xx:xx:x3 0x2a
WLAN 5G 1c:bf:ce:xx:xx:x4 0x24
At the moment installation is possible via UART only since SSH root
is password protected.
Set a static ip on the ethernet interface of your PC:
(ip address: 192.168.1.2, subnet mask:255.255.255.0).
Boot into initramfs via TFTP:
```
setenv serverip 192.168.1.2
tftpboot 0x46000000 openwrt-mediatek-filogic-bazis_ax3000wm-initramfs-recovery.itb
bootm 0x46000000
```
Install kmod-mtd-rw and activate it:
```
apk update && apk add kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
```
Upload to the router and write OpenWrt BL2 and FIP bootloader:
```
mtd write openwrt-mediatek-filogic-bazis_ax3000wm-preloader.bin BL2
mtd write openwrt-mediatek-filogic-bazis_ax3000wm-bl31-uboot.fip FIP
```
Prepare ubi partition:
```
ubidetach -p /dev/mtd4
ubiformat /dev/mtd4 -y
ubiattach -p /dev/mtd4
```
This commit adds the sysupgrade and factory images for T4240RDB board in
both variants:
- nor: for booting and read whole system from NOR memory
- sdboot: for booting and read whole system from SD card
SD Card images install:
- Burn image to sdcard. E.g:
gunzip -c gunzip -c openwrt-qoriq-generic-fsl_T4240RDB-squashfs-sdcard.img.gz | \
sudo dd of=/dev/mmcblk0 conv=fsync,notrunc status=progress bs=4M && sync
- Download lastest Cortina PHY firmware from NXP github [1], if you accept their
EULA [2].
- Install Cortina PHY on image, E.g:
dd if=cs4315-cs4340-PHY-ucode.txt of=/dev/mmcblk0 bs=1 seek=2M
- Insert SD-Card to SD slot
- Switch SW3.4 to OFF
- Configre mac addresses from sticker in u-boot. E.g:
setenv ethaddr 00:10:f3:3a:a8:66
setenv eth1addr 00:10:f3:3a:a8:67
setenv eth2addr 00:10:f3:3a:a8:68
setenv eth3addr 00:10:f3:3a:a8:69
setenv eth4addr 00:10:f3:3a:a8:6a
setenv eth5addr 00:10:f3:3a:a8:6b
setenv eth6addr 00:10:f3:3a:a8:6c
setenv eth7addr 00:10:f3:3a:a8:6d
setenv eth8addr 00:10:f3:3a:a8:6e
setenv eth9addr 00:10:f3:3a:a8:6f
setenv eth10addr 00:10:f3:3a:a8:70
setenv eth11addr 00:10:f3:3a:a8:71
saveenv
- reset and boot
NOR images install:
- download and extract factory image on tftp server root
- boot device and stop in u-boot (from nor or sd card u-boot)
- configure server and ip address. E.g:
setenv ipaddr 192.168.1.2
setenv serverip 192.168.1.1
- Download image and run flashing:
tftpboot $loadaddr openwrt-qoriq-generic-fsl_T4240RDB-squashfs-factory-nor.bin
protect off all
erase $fwaddr +$filesize
cp.b $loadaddr $fwaddr $filesize
- Switch SW3.4 to ON
- Switch SW3.1-3 to OFF
- reboot
- Do postprocessing (see bellow)
NOR images post processing:
- Configre mac addresses from sticker in u-boot. E.g:
setenv ethaddr 00:10:f3:3a:a8:66
setenv eth1addr 00:10:f3:3a:a8:67
setenv eth2addr 00:10:f3:3a:a8:68
setenv eth3addr 00:10:f3:3a:a8:69
setenv eth4addr 00:10:f3:3a:a8:6a
setenv eth5addr 00:10:f3:3a:a8:6b
setenv eth6addr 00:10:f3:3a:a8:6c
setenv eth7addr 00:10:f3:3a:a8:6d
setenv eth8addr 00:10:f3:3a:a8:6e
setenv eth9addr 00:10:f3:3a:a8:6f
setenv eth10addr 00:10:f3:3a:a8:70
setenv eth11addr 00:10:f3:3a:a8:71
saveenv
- boot
- Download and refresh RCW stored in eeprom:
tr '\0' '\377' < /dev/zero | dd bs=256 of=/sys/bus/i2c/devices/0-0050/eeprom
cat /tmp/openwrt-qoriq-generic-fsl_T4240RDB-squashfs-rcw.bin > /sys/bus/i2c/devices/0-0050/eeprom
- Download lastest Cortina PHY firmware from NXP github [1], if you accept their
EULA [2].
- Install Cortina PHY on image, E.g:
mtd write cs4315-cs4340-PHY-ucode.txt /dev/mtd4
- reset and boot
Pawel Dembicki [Fri, 7 Oct 2022 12:25:20 +0000 (14:25 +0200)]
package: u-boot: initial support for qoriq arch
This package adds initial u-boot support for qoriq target.
U-boot for qoriq devices must be compiled with 32-bit compiler and
linked with 32-bit linker. It's part of mpc 85xx target. But qoriq
target is 64-bit. As workaround, mpc85xx binary toolchain is downloaded
only for this u-boot.
Matt Merhar [Wed, 11 Feb 2026 19:33:15 +0000 (14:33 -0500)]
build: propagate errors when generating apk indexes
The build would continue even if the some of the intermediate commands
failed, as long as the last command in the final iteration of the loop
was successful.
Add 'set -e' to the subshell so that we immediately exit. Previously,
only the exit status of the final make-index-json.py mattered.
Raylynn Knight [Sun, 8 Feb 2026 09:23:08 +0000 (04:23 -0500)]
x86: base-files add support for Sophos 210r3 and 230r2
This fixes a previous commit for Sophos XG 210r3 which was missing
board_name mapping and adds support for the SG related version and the
XG/SG 230r2 which is the same hardware with a faster processor.
Sophos board_name mapping was modified to support all Sophos
SG/XG devices.
Sophos SG/XG 210r3 and SG/XG 230r2 are rackmounted x86 based firewall
with 6 RJ-45 gigabit ethernet ports (eth0-5) and 2 SFP gigabit ethernet
ports (eth6, eth7) all running Intel NICs supported by igb driver. The 210r3
and 230r2 only differ in the processor used. This board update maps
eth1 (marked as WAN) as wan and eth0 and eth2-5 as lan. Leaving the
two SFP ports unmapped.
Matt Merhar [Wed, 11 Feb 2026 22:30:53 +0000 (17:30 -0500)]
apk: handle edge case when parsing .apk files
This was a regression introduced in the recent alignment changes and led
to failures when reading (i.e. 'mkndx') certain packages like follows:
ERROR: python3-botocore-1.31.7-r1.apk: unexpected end of file
It affected packages with a header size greater than the read buffer
size of 128KB but less than 160KB (128KB + (128KB / 4)).
In those cases, we'd attempt a 0 byte read, leading to APKE_EOF.
Based on some tests of files across multiple archs and feeds, it seems
the only packages meeting those criteria were python3-botocore and
golang-github-jedisct1-dnscrypt-proxy2-dev.
Robert Marko [Mon, 9 Feb 2026 11:33:20 +0000 (12:33 +0100)]
mvebu: cortex-a53: respect DEVICE_packages for Methode devices
Use the added support for generating per device targz rootfs so that images
generated for Methode devices when CONFIG_TARGET_MULTI_PROFILE and
CONFIG_TARGET_PER_DEVICE_ROOTFS are set, we actually get the targz rootfs
that respects DEVICE_PACKAGES.
Currently, buildbot generated images have no networking, LM75 nor I2C
working, as the generated images do not include required kmods that are
listed in DEVICE_PACKAGES.
While at it, there is no need for tar to run in verbose mode.
Fixes: 7dff6a8c89e3 ("mvebu: uDPU: add sysupgrade support") Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit ef922657724957c9ba8926c4a2472de20efdd8b5)
Robert Marko [Mon, 9 Feb 2026 11:25:56 +0000 (12:25 +0100)]
image: support generating per device targz rootfs
Currently, for targets that use the CONFIG_TARGET_ROOTFS_TARGZ a single
rootfs tarball is generated for the subtarget based of $(TARGET_DIR).
However, this means that it does not respect DEVICE_PACKAGES like other
rootfs images.
So, lets augment CONFIG_TARGET_ROOTFS_TARGZ by adding a proper targz fstype
so that per device rootfs is generated under lock.
This is required so that devices that use custom sysupgrade archives like
Methode devices, can actually include a per device rootfs so when building
for multiple devices and with CONFIG_TARGET_PER_DEVICE_ROOTFS set the built
image actually includes the listed DEVICE_PACKAGES.
Linus Walleij [Mon, 26 Jan 2026 07:21:29 +0000 (08:21 +0100)]
gemini: override IB-4220-B partitions for firmware
To optimize the flash usage and to make firmware upgrades
simpler, catenate the three firmware partitions "Kern",
"Ramdisk" and "Application" into one, and use all of this
for the combined MTD-splitted kernel+rootfs.
This works fine as long as the kernel is placed in the
beginning of this firmware partition and we leave the
RedBoot partition as is, so the boot loader still can load
the kernel from the first two RedBoot partitions.
Using the RedBoot partitions "as is" can be considered
harmful, because when you flash to a RedBoot partition the
file size is used for downsizing of the partition and make
firmware upgrades fail if they are larger than the RedBoot
partition size after flashing, despite there is actually
flash there. So overriding with fixed partitions is just
generally a good idea.
The problem is the following: we have three fixed partitions
in a RedBoot partition for kernel, initrd and rootfs. On the
surface this looks good.
But we have little flash and want to use it efficiently. We want
to use the OpenWrt "firmware" partition scheme where the kernel,
initramfs and sqashfs+jffs2 rootfs is appended, leaving maximum
space for a writeable rootfs.
To do this we will override the existing RedBoot partition table
with one that merges the three separate partitions into one
"firmware" partition.
RedBoot is still booting the system. It still needs to read the
first two parts "as if" these were the kernel and initrd. This
works fine, because the kernel still comes first.
We already have hacks in place to merge the two kernel and initrd
into one binary image and execute it. This is done by prepending
a "prolog" to the kernel that does the necessary copying in
memory and then jumps to execute the kernel.
Since this "prolog" copying routine is just 92 bytes but has 512
bytes allocated, we can trivially create a firmware format that
can be used for splitting the image into kernel and rootfs
using a tagging scheme that can be done directly by scripting
so we don't need any special binary programs.
This splitter implements that idea.
This will be used on the Gemini platform and was tested on the
Raidsonic IB-4220-B.
Linus Walleij [Thu, 29 Jan 2026 22:40:50 +0000 (23:40 +0100)]
gemini: use tar stream to write firmware
The firmware update file can get big, so instead of extracting
the whole file into the tmp folder potentially running out of space
and make the upgrade fail, stream from tar xvf -O directly to the
mtd write command.
Refactor the checking of partitions and the actual upgrade into
two steps when we are at it.
Linus Walleij [Sun, 25 Jan 2026 18:01:45 +0000 (19:01 +0100)]
gemini: Fix up sysupgrade platform.sh script
The Storlink reference designs sometimes fail upgrade because
not the entire partition is used, so the size isn't equal to
the actual flash space available for the partition.
Fix this by calculating the actual partition sizes by measuring
across the partition offsets instead.
Linus Walleij [Tue, 27 Jan 2026 19:52:37 +0000 (20:52 +0100)]
gemini: select CONFIG_BLK_DEV_LOOP
The gemini is using split squashfs/jffs2 root filesystems on
all devices, so without CONFIG_BLK_DEV_LOOP the device does
not gain a writeable root filesystem with these boot messages:
mount_root: unable to create loop device
mount_root: jffs2 not ready yet, using temporary tmpfs overlay
and then it never gets out of that. Fix this so we get writeable
rootfs again.
Linus Walleij [Sat, 24 Jan 2026 17:13:24 +0000 (18:13 +0100)]
gemini: create a copy-kernel for 3072k kernels
The Raidsonic devices do not use a 2048k kernel "Kern"
partition like the Storlink reference designs. Instead
it uses a 3072k partition to fit a slightly
larger kernel.
Sadly the current OpenWrt Gemini kernel is still bigger
than 3072k so we need to make use of the Ramdisk
partition as well.
Create a special "copy-kernel" version that can deal
with the Raidsonic 3072k kernels. Tested on the
Raidsonic IB-4220-B booting kernel v6.12.66.
Fix a copy/paste error in the image generation makefile
while we are at it.
Linus Walleij [Wed, 21 Jan 2026 21:24:46 +0000 (22:24 +0100)]
gemini: support upgrade on reference designs
The Gemini reference design-derived devices uses a partition
format which is predictable and we can exploit this to offer
some proper upgrade path.
The kernel for these contains a hack to use this partition
format unaltered by combining the partitions "Kern" and "Ramdisk"
to one image with all of the kernel+ramdisk in memory.
Then the "Application" which is used for the rootfs go into its
own partition.
Following the pattern of the factory image we create three
images named zImage, rd.gz and hddapp.tgz (these filenames
are misleading! They are just required by the old firmware.)
and flash each individually with "mtd" during upgrades.
Since the IB-4220-V has a different layout with a bigger kernel
space we parameterize this so we can handle this too. (More
fixes are needed for that device though.)
A way to upgrade older OpenWrt on these platforms to the latest
and greatest will be to copy the file
target/linux/gemini/base-files/lib/upgrade/platform.sh
to /lib/upgrade/platform.sh
on your running system and then run sysupgrade from the image
produced after this patch.
The script is picky to sanity check the partitions before
commencing upgrade.
This was tested with a full sysupgrade on the iTian SQ201.
These devices share the same "compatible" in device tree causing some
incompatibilities (sysupgrades, ASU profile identification), assign a
unique "compatible" and "model" to each variant.
Context:
Commit [1] added each variant's dts compatible to the SUPPORTED_DEVICES
field of the other variant to make easy sysupgrades between these
physically indistinguishable devices variants possible.
But there were found three issues which does not allow this:
- the sysupgrade's stricter check still used in some sysupgrade
paths(this check is being replaced(and redundant) with the newer fwtool's
SUPPORTED_DEVICES check using the info in images METADATA), this check
will fail when sysupgrading from a different board_name(compatible dts)
that the image was created for (image profile name).[2]
- ASU needs unique "dts compatible" to identify the devices profile.
- and an ASU's profile identification limitation when several devices from
a common target share SUPPORTED_DEVICES entries.[3]
There is a proposal for these issues but not yet implemented [4][3].
Until these issues are fixed we won't allow "easy" sysupgrades between
these two device variants.
Commit [5] avoided the ASU profile identification limitation but
missed the required two unique dts compatibles in order to make the two
variants fully work, although not allowing easy sysupgrade between them.
[1]: https://github.com/openwrt/openwrt/commit/8d30e07180367cdeb4affd79adead6e1025355c9
[2]: sysupgrade stricter check https://github.com/openwrt/openwrt/issues/20566#issuecomment-3583555482
[3]: ASU proposal https://github.com/openwrt/asu/pull/1533
[4]: allow easy sysupgrade proposal https://github.com/openwrt/openwrt/pull/20947
[5]: https://github.com/openwrt/openwrt/commit/b71f4665cda10c284c9460409ae30fb9b0beecf8 Fixes: b71f466 ("mediatek: filogic: fix supported_devices list for gl-mt2500") Fixes: 8d30e07 ("mediatek: filogic: fix for new GL.iNet GL-MT2500/GL-MT2500A hardware revision") Fixes: https://github.com/openwrt/openwrt/issues/20566 Fixes: https://github.com/openwrt/asu/issues/1525 Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com> Link: https://github.com/openwrt/openwrt/pull/21842 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7aa1f7e814dea0627e905ef1ad92954cae51d301)
Matt Merhar [Mon, 9 Feb 2026 23:20:39 +0000 (18:20 -0500)]
apk: backport upstream fixes for unaligned access
On the kirkwood target, packages would frequently fail to install with
APKE_ADB_SCHEMA, APKE_ADB_BLOCK, and/or segfaults. The culprit was
unaligned access leading to bogus values being read out of memory on
these particular ARMv5 CPUs.
Pull in the relevant upstream fixes to address this.
Felix Fietkau [Sun, 8 Feb 2026 18:46:07 +0000 (18:46 +0000)]
wifi-scripts: fix spurious teardown on config_change during setup
When config_change is set during an active setup (e.g. by a concurrent
reconf call), wdev_mark_up() attempted to call setup() while still in
"setup" state. Since setup() requires state "up" or "down", it silently
returned, leaving the state as "setup". The subsequent wdev_setup_cb()
then treated this as a setup failure, triggering an unnecessary
teardown+restart cycle.
Fix this by removing the config_change handling from wdev_mark_up() and
moving it to wdev_setup_cb() instead. wdev_mark_up() now always
transitions to "up" state. When wdev_setup_cb() runs afterwards and
finds the device already "up" with config_change set, it initiates a
clean re-setup from the "up" state where setup() can run.
Also fix an issue when joining peer IPv4 and IPv6 AllowedIPs
(${peer_a_ips/ /, } replaces only the first space, while
${peer_a_ips// /, } replaces all the spaces).
Burak Aydos [Tue, 3 Feb 2026 20:38:01 +0000 (23:38 +0300)]
lantiq: xrx200: handle EPROBE_DEFER for MAC address
The xrx200 ethernet driver falls back to a random MAC address on any
error from of_get_ethdev_address(), including -EPROBE_DEFER. When the
MAC address comes from an nvmem layout driver (such as u-boot-env on
NAND), the nvmem cell may not be available yet at first probe attempt.
Fix this by propagating EPROBE_DEFER so the driver probe is deferred
until the nvmem cell becomes available.
Tested on Zyxel P-2812HNU-F1 (NAND, u-boot-env nvmem layout).
Bjørn Mork [Thu, 5 Feb 2026 13:08:51 +0000 (14:08 +0100)]
realtek: dsa: remove storm control
Commit 78bf3a5f44bf ("realtek: dsa: Fix rate control initialization") enabled
code setting up the "storm control" feature. This casued a speed regression
on rtl838x, reducing the effective max speed per port from line rate to around
500 Mbits/s.
Storm control is a policy feature with a number of input parameters depending
on use case and environment. It is not possible to define a meaningful static
policy in the driver. The problem isn't just the arbitrary limits in the
current code. Such features require userspace interfaces.
Drop this code for now. It wasn't missed while it was disabled.
realtek: dsa: rtl839x: fix uninitialized global access
Setup for DSA QOS on RTL839x accesses unitialized memory. For some
reason the handover of the priv structure was realized via global
intermediate variable switch_priv. During refactoring for adbb9a6
("realtek: dsa: rtl83xx: fix init section mismatch") this was not
noticed. Since then RTL839x devices crash during startup.
Fix this by using standard handover via function parameters.
That means that we have a "normal" function caller (can be
called during the whole uptime) and a "initialization" function
callee (only available during init.
Fix this and directly fix the unwanted family checks.
The realtek target uses some functions marked __init for initialization.
However, that means they can only be called once when compiled in and
afterwards the memory occupied by them is freed and potentially reused.
Some "impossible" (code at a given location can't crash in the way it
does) crashes can be caused by this because upon re-execution of those
functions, garbage gets executed. Such re-execution can happen for
deferred probes or repeated probes.
Shine [Sun, 8 Feb 2026 09:41:45 +0000 (10:41 +0100)]
wifi-scripts: fix encryption setting of default OpenWrt SSID
Commit 01a87f4bd0cdbfc84bbc172920e865c1600f7a45 changed the encryption
setting of the default SSID "OpenWrt" from "none" to "open". The correct
setting as per the documentation [1] is "none", though.
While this invalid setting won't cause a wrong hostapd setup, it will
at least cause malfunction in LuCI.
Change the default encryption setting back to "none".
ext-toolchain: fix wrapper for gcc-ar, gcc-nm, gcc-ranlib
The pattern '*-*cc-*' incorrectly matches these tools because their names
contain 'cc-'. This causes them to receive compiler CFLAGS, breaking
builds with 'ar: two different operation options specified'.
The stock firmware is a customized variant of OpenWrt, which implements
a signature check that only allows flashing official firmware. Cudy offers
intermediate OpenWrt firmware images on their website [1][2] which do not
implement the signature check. After flashing the intermediate image the
upstream official OpenWrt image can be installed.
The stock firmware can be recovered via TFTP using the U-Boot based boot
loader[3]. Set up a TFTP server on your computer with IP 192.168.1.88/24
serving the stock firmware from Cudy's website renamed to "recovery.bin".
Press and hold the reset button while powering on the device, wait for the
TFTP server to send the recovery.bin file, then release the reset button.
The router will take a couple of minutes to reboot and set up the stock
firmware.
Ziyang Huang [Sun, 19 Oct 2025 09:34:53 +0000 (17:34 +0800)]
airoha: an7581: correct the pinctrl-name of phy leds
address the following issues:
[ 3.542844] mdio_bus mt7530-0: Failed to setup PHY LED pinctrl
[ 3.552550] mdio_bus mt7530-0: Failed to setup PHY LED pinctrl
[ 3.562449] mdio_bus mt7530-0: Failed to setup PHY LED pinctrl
[ 3.574350] mdio_bus mt7530-0: Failed to setup PHY LED pinctrl
projects / thirdparty / openwrt.git / log
