glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add uboot-envtools support for Gateworks venice boards based on i.MX8M
SoC's (imx_cortexa53) which boot from and store their U-Boot env on
eMMC boot0 hardware partition.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/19347
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
It's hard or even impossible to track affected sources
so it's safe to remove all built objects (if any).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This allows to fine-tune dropbear build options.
This change is heavily based on similar work done by Marius Dinu earlier
so I'd like to say many thanks to original author.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2025.88;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- rewrite 100-pubkey_path.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Correctly load the list of basic_rates from UCI. basic-rates shall be
stored as a option-list. The current code did not retrieve this list
correctly.
wpa_supplicant uses a different config option to set basic-rates
when operating in mesh-mode.
Use the correct config key and calculation for mesh-interfaces.
Signed-off-by: David Bauer <mail@david-bauer.net>
Since upstream commit:
b809fc656e763296f227b9b31e8f225e5977a8af ("perf build: Shellcheck support
for OUTPUT directory")
perf will attempt to run shellcheck on the test shell scripts, however
there is no point in doing this in OpenWrt and while perf checks for
shellcheck presence on your host it can fail to build in some cases.
So, simply disable it for now.
Link: https://github.com/openwrt/openwrt/pull/19361
Signed-off-by: Robert Marko <robimarko@gmail.com>
BUILD_BPF_SKEL was set to 1 by default in upstream commit:
9925495d96efc14d885ba66c5696f664fe0e663c ("perf build: Default
BUILD_BPF_SKEL, warn/disable for missing deps")
Prior to that, it was disabled by default and you had to enable it to
build BPF skeleton support.
So in order to fix perf compilation with kernel 6.12, lets disable
BUILD_BPF_SKEL.
Fixes: #19310
Link: https://github.com/openwrt/openwrt/pull/19361
Signed-off-by: Robert Marko <robimarko@gmail.com>
Update to 6.5.
Removed patch from pre-2012: 101-ncurses-5.6-20080628-kbs.patch
Build system: x86/64
Build-tested: x86/64-glibc
Run-tested: x86/64-glibc
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19335
Signed-off-by: Robert Marko <robimarko@gmail.com>
Without the newly introduced flag, building with libc ends in errors such the below.
There is an upstream fix[1], but backporting it is not straight forward.
/scratch/union/staging_dir/toolchain-x86_64_gcc-15.1.0_glibc/x86_64-openwrt-linux-gnu/include/c++/15.1.0/cstddef:81:21: error: redefinition of 'struct std::__byte_operand<unsigned char>'
81 | template<> struct __byte_operand<unsigned char> { using __type = byte; };
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/scratch/union/staging_dir/toolchain-x86_64_gcc-15.1.0_glibc/x86_64-openwrt-linux-gnu/include/c++/15.1.0/cstddef:78:21: note: previous definition of 'struct std::__byte_operand<unsigned char>'
78 | template<> struct __byte_operand<bool> { using __type = byte; };
| ^~~~~~~~~~~~~~~~~~~~
make[4]: *** [Makefile:438: ../obj_s/cursesp.o] Error 1
1. https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=394a1a6cf317912584592e33184ef550e738a4b9
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19335
Signed-off-by: Robert Marko <robimarko@gmail.com>
Split the xcrypt package build into two Makefiles and a common part for
the version definition in order to work-around build problems when
combining VARIANT with BUILDONLY and scoped InstallDev.
This is done in order to skip build of libcrypt-compat in case we are
not building against glibc in order to prevent libcrypt.so shared
library being present in staging_dir and by that breaking multiple
packages which then will link against it.
Fixes: e3cf7088f1 ("libcrypt-compat: introduce package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Link: https://github.com/openwrt/openwrt/pull/19353
Signed-off-by: Robert Marko <robimarko@gmail.com>
6df761e0e6c7 mt76: fix signature of platform_driver remove funtions for newer kernels
5724be1a6b12 wifi: mt76: Replace strlcpy() with strscpy()
c4a114e2b8c9 wifi: mt76: fix queue assignment for deauth packets
243e572d89fc wifi: mt76: add a wrapper for wcid access with validation
e41c7785589f wifi: mac80211: get tx power per link
d70f62b8f1c7 wifi: mt76: fix vif link allocation
7b3cd3274a24 wifi: mt76: mt7996: Fix secondary link lookup in mt7996_mcu_sta_mld_setup_tlv()
cf89b6218043 wifi: mt76: mt7996: Rely on for_each_sta_active_link() in mt7996_mcu_sta_mld_setup_tlv()
d71108eedab1 wifi: mt76: mt7996: Do not set wcid.sta to 1 in mt7996_mac_sta_event()
32f8c5849ed1 wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb
ffff9f71e29d wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx()
afe63e758196 wifi: mt76: mt7996: Fix valid_links bitmask in mt7996_mac_sta_{add,remove}
68dd28b99dad wifi: mt76: mt7996: Add MLO support to mt7996_tx_check_aggr()
293778652452 wifi: mt76: mt7996: Move num_sta accounting in mt7996_mac_sta_{add,remove}_links
a94166b21e20 wifi: mt76: Get rid of dma_sync_single_for_device() for MMIO devices
87873d854e51 wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init()
06ba3d5e91f4 wifi: mt76: mt792x: Limit the concurrent STA and SoftAP to operate on the same channel
b9f4e0df317d wifi: mt76: mt792x: improve monitor interface handling
ec95319fd3fb wifi: mt76: mt7921s: Introduce SDIO WiFi/BT combo module card reset
dd2d862251cb firmware: add missing mt7990 eeprom files
05eaa56bc7a4 firmware: update mt7992 firmware to 20250328
32ca2b6db354 firmware: update mt7996 firmware to 20250328
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The upstream submission for this mandates the node to be named wifi
instead of wmac. Change all ath79 entries to match the new names and
remove the compatibility patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19328
Signed-off-by: Robert Marko <robimarko@gmail.com>
The ath9k ahb patch was updated to match the latest upstream version,
however the openwrt DT files still use the older names.
Add those as extra entries in order to remain compatible until DT files
are fixed.
Fixes: 88f4c32060 ("mac80211: update to version 6.14.11")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nl80211 events were propagated to the wrong interfaces
Fixes: 2ac791e87d ("hostapd: update to version 2025-06-27")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Manually refreshed:
140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
601-ucode_support.patch
Fixed in upstream:
804-hostapd-revert-ACS-Validate-6-GHz-AP-criteria-before.patch [1]
Automatically rebased all other patches.
[1] https://w1.fi/cgit/hostap/commit/?id=0b60826a66885bffa2fd709ed5e48cd5fe241b6b
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
802.11be capable platforms are big enough to not need the mini variant,
and removing it here saves space for other other devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Updates libnetfilter-conntrack to version 1.1.0.
Removes patches which should no longer be needed according to changelog for
libnetfilter-conntrack 1.1.0
Signed-off-by: Ian Ladd <ianwladd@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19282
Signed-off-by: Robert Marko <robimarko@gmail.com>
Force update_cache_variantsvariants to use reset for Foresee NAND with bad blocks.
Tested on Xiaomi AX3000T + F35SQA001G with bad blocks and without bad blocks
Signed-off-by: Dim Fish <dimfish@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17963
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Add OS descriptors support. Configuring OS descriptors allows Microsoft
Windows to bind the right drivers without any additional configuration.
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/19237
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Automatically rebased: 100-Configure-afalg-support.patch
Changes between 3.5.0 and 3.5.1:
Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application
adds a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected
for a particular use it will be instead marked as trusted for that use.
(CVE-2025-4575)
Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation.
We have now restored the original behaviour and brought DTLS back into line
with TLS.
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19283
Signed-off-by: Robert Marko <robimarko@gmail.com>
