- Security: Avoid privilege escalation via unix stream forwarding in Dropbear
server. Other programs on a system may authenticate unix sockets via
SO_PEERCRED, which would be root user for Dropbear forwarded connections,
allowing root privilege escalation.
Reported by Turistu, and thanks for advice on the fix.
This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88.
It is fixed by dropping privileges of the dropbear process after
authentication. Unix stream sockets are now disallowed when a
forced command is used, either with authorized_key restrictions or
"dropbear -c command".
In previous affected releases running with "dropbear -j" (will also disable
TCP fowarding) or building with localoptions.h/distrooptions.h
"#define DROPBEAR_SVR_LOCALSTREAMFWD 0" is a mitigation.
- Security: Include scp fix for CVE-2019-6111. This allowed
a malicious server to overwrite arbitrary local files.
The missing fix was reported by Ashish Kunwar.
- Server dropping privileges post-auth is enabled by default. This requires
setresgid() support, so some platforms such as netbsd or macos will have to
disable DROPBEAR_SVR_DROP_PRIVS in localoptions.h. Unix stream forwarding is
not available if DROPBEAR_SVR_DROP_PRIVS is disabled.
Remote server TCP socket forwarding will now use OS privileged port
restrictions rather than having a fixed "allow >=1024 for non-root" rule.
A future release may implement privilege dropping for netbsd/macos.
- Fix a regression in 2025.87 when RSA and DSS are not built. This would lead
to a crash at startup with bad_bufptr().
Reported by Dani Schmitt and Sebastian Priebe.
- Don't limit channel window to 500MB. That is could cause stuck connections
if peers advise a large window and don't send an increment within 500MB.
Affects SSH.NET https://github.com/sshnet/SSH.NET/issues/1671
Reported by Rob Hague.
- Ignore -g -s when passwords arent enabled. Patch from Norbert Lange.
Ignore -m (disable MOTD), -j/-k (tcp forwarding) when not enabled.
- Report SIGBUS and SIGTRAP signals. Patch from Loïc Mangeonjean.
- Fix incorrect server auth delay. Was meant to be 250-350ms, it was actually
150-350ms or possibly negative (zero). Reported by pickaxprograms.
- Fix building without public key options. Thanks to Konstantin Demin
- Fix building with proxycmd but without netcat. Thanks to Konstantin Demin
- Fix incorrect path documentation for distrooptions, thanks to Todd Zullinger
- Fix SO_REUSEADDR for TCP tests, reported by vt-alt.
Dropped:
* 050-dropbear-multihop-fix.patch as its included in the release 5cc0127000db5f
* 051-fix-pubkey-options.patch as its included in the release 1d4c4a542cd5df
* 052-fix-missing-depends-for-sntrup761x25519-sha512.patch as its included
in the release 1a2c1e649a1824
* 053-Don-t-limit-channel-window-to-500MB.patch as its included in the release a8610f7b98ad
Manually rebased:
* 110-change_user.patch
Fixes: CVE-2025-14282, CVE-2019-6111
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Konstantin Demin <rockdrilla@gmail.com>
Tested-by: Konstantin Demin <rockdrilla@gmail.com> [mediatek/filogic (GL.iNet GL-MT6000)]
Link: https://github.com/openwrt/openwrt/pull/21186
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 70a4da1ceb)
The u-boot target name has to match the u-boot configuration. Switch
this back to the old names.
Fixes: d871e95e7f ("sunxi: image: sync target profiles names with DT compatible")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 86996634f0)
This fixes a failed bring up of the radio on bootup
if the model defines a rename of phy in its /etc/board.json.
This specifically impacts Redmi AX6S and any router that does so
in its /etc/board.json. The fix fortunately is simple, just update
phy name in phys after rename.
The entry that specifically causes this issue is the following:
{
<omitted>
"wlan": {
"wl0": {
"path": "platform/18000000.wmac",
"info": {
"antenna_rx": 15,
"antenna_tx": 15,
"bands": {
"2G": {
"ht": true,
"max_width": 40,
"modes": [
"NOHT",
"HT20",
"HT40"
],
"default_channel": 1
}
},
"radios": [
]
}
},
...
}
The issue is that after rename, referenced phy in config is going to be
wl0 but in phys array it is still phy0; and so it fails to find phy
and does not bring up radio.
Fixes: https://github.com/openwrt/openwrt/issues/20250
Fixes: https://github.com/openwrt/openwrt/issues/20339
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/21175
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit e4d5e76af0)
Add boardfile override packages for Netgear RBK40 devices.
Signed-off-by: Christoph Krapp <achterin@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/20877
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit e9d6015bef)
Following up with errors reported in the ASU repo, these bananapi cases
do not match the DT compatible "bpi", sync with dts sources.
Also some profiles were overwriting SUPPORTED_DEVICES.
Sysupgrade would be failing in SUPPORTED_DEVICES check since
the DT compatible(/tmp/sysinfo/board_name) is not in SUPPORTED_DEVICES.
This should also fix errors when using ASU sysupgrade clients.
- Sync profile makefile target names with DT compatibles.
- Fix overwrites of SUPPORTED_DEVICES instead of appending.
- Adapt the uboot-sunxi profiles accordingly.
*bpi-p2-zero dts is still not upstream.
V2:
- Include fixes for arm926ejs(ARM926EJ-S) subtarget (LicheePi Nano and
PopStick v1.1) (profile rename for correct default SUPPORTED_DEVICES)
Fixes: https://forum.openwrt.org/t/luci-attended-sysupgrade-support-thread/230552/246
Fixes: https://github.com/openwrt/asu/issues/486
Fixes: https://github.com/openwrt/asu/issues/524
Fixes: 9aa66b8ce7 "sunxi: add support for Banana Pi M2 Berry"
Fixes: d5f615bf2a "sunxi: add support for Sinovoip Banana Pi M2 Plus"
Fixes: 3819c1638a "sunxi: Add support for Banana Pi M2 Ultra"
Fixes: 6bf8193b25 "sunxi: add support for Bananapi P2 Zero"
Fixes: 80edfaf675 "sunxi: add support for Banana Pi M3"
Fixes: 3c24a1d423 "sunxi: add support for NanoPi NEO Plus2 board"
Fixes: a689307c97 "sunxi: build image/uboot for the NanoPi NEO2"
Fixes: fde68cb809 "sunxi: add support for FriendlyARM NanoPi R1S H5"
Fixes: 3ec468ff4f "sunxi: add F1C100 (arm926ej-s) support"
Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21095
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d871e95e7f)
This reverts commit c25265953b.
Linking of libpsx.so from libcap 2.77 fails on powerpc 464fp. Revert
back to the older version which works.
Bug report: https://bugzilla.kernel.org/show_bug.cgi?id=220860
Fixes: c25265953b ("libcap: update to 2.77")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5b0617ae1f)
Convert to MBit/s like all other fields and specify the unit.
Most users probably aren't aware that this is in kilobits/s.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20567
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 36da03a6c1)
This is a trivial change to allow users to use 'list' on iface.
Old wifi-scripts already implements this, so this just ensures
that shell-based and ucode wifi-scripts are on-par with each other.
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20977
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 1ead4e6e16)
When iface is omitted, wifi-vlan will apply to all interfaces.
However, netifd.set_vlan call is not successful as it assumes
that every wifi-vlan section corresponds to one VIF.
For this reason in the wifi-vlan case (cur_type == "vlan")
we create a composite key in the form `${vif.name}/${vlan.name}`
allowing the same vlan section to correspond to multiple VAPs.
`/` was decided as a delimiter as it is an invalid character
for a network interface name and UCI identifier; so it is
impossible for it to cause conflicts.
It was verified that the `ubus call network.wireless status`
works as expected with this change. Moreover, wifi-station
is not susceptible to this problem.
This also means that it is now possible for wifi-vlan
to support `list` iface similar to old shell-based wifi-scripts.
This will be done in a follow-up commit.
Fixes: 98435a37a7 ("wifi-scripts: iface should be optional in wifi-vlan definition")
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/20977
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 211b11a56e)
c6202981872e ipq5018: use correct board for GL-iNet B3000 IPQ5018 radio
ec72376cadf1 qca4019: Add Meraki Underdog
059b7114c77b ipq6018: add tp-link eap620hd v2
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4bc9ed318)
This allows an optional tag to be put in the .config file which is
included in the filename of the resulting images, so it's easier to
build images with different functionality for the same target hardware.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Link: https://github.com/openwrt/openwrt/pull/20984
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 24b8db118b)
We drop patch 0020-apk-fix-compile: integrated at source.
Compressed help now functions normally.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21127
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b15628ec80)
The previous logic was copied from 12_network-generate-ula, but fails to
account for upgrades where the "auto" value isn't set (it is set by
base-files/files/bin/config_generate). Fix this to always set the
default duid if it isn't set.
Also, rename the file to better reflect what it does.
Closes: #21029
Fixes: a660a076db ("base-files: generate a global DHCP DUID")
Link: https://github.com/openwrt/openwrt/pull/21118
Signed-off-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixes,closes tag]
(cherry picked from commit 52fa3728e5)
The DRAM_USE_COMB option is only valid for the MT7988. There
is no DRAM type selection for the MT7987, so remove it.
Fixes: de8fc8b ("arm-trusted-firmware-mediatek: add builds for MT7987")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/21000
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bb2d9c1a65)
Add the DDR4_4BG_MODE option, which supports 4GB DDR4 RAM
for the MT7987 and 8GB DDR4 RAM for the MT7988. If this mode
is not enabled, bl2 can only recognize half the size of RAM.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Link: https://github.com/openwrt/openwrt/pull/21000
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f037a2e8bb)
Teaming is a link aggregation implementation similar to bonding, but
it's configured by a userspace program.
Signed-off-by: Qingfang Deng <dqfext@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21120
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8b05db405b)
This commit adds support for the Watchguard Firebox models
T10-W, T15 and T15-W.
CPU: Freescale P1010
RAM: 512MB (T10) / 1024MB (T15)
Flash: 1MB SPI-NOR, 512MB NAND (T10) / 1024MB NAND (T15)
WiFi: 802.11abgn 2T2R AR9582 based Mini-PCIe card (-W models only)
Ethernet: 3x GBE (via AR8033 PHY)
LEDs: 7x hard-wired (6x LAN, 1x Power)
4x GPIO single-colored (Attn/Status/Mode/Failover)
1x GPIO dual-colored (2.4/5G WiFi, -W models only)
Serial: RJ45, Cisco pinout, 115200/8N1
Other: Battery backed RTC
Atmel TPM 1.2 chip (unsupported)
Based on 35f6d79, which introduced Watchguard Firebox T10 support.
The T10 and T15 are identical hardware, with the exception of the T15
having twice the flash and RAM size.
The T10-W and T15-W models have their Mini-PCIe slot populated with an ath9
(AR9582) based WiFi card. The slot is either unpopulated or empty for
non-WiFi models. All required drivers are present by default on the mpc85xx
target, so T10/T10-W resp. T15/T15-W can use the same OpenWrt image.
This commit also introduces the zImage loader from 7d768a9 to boot the
kernel. This is required, since the U-Boot version used in these devices
appears to have a hard limit of 16MB for the kernel size it can handle. The
current kernel size is around 17MB, though, due to kernel page alignment
required for memory protection.
Installation (replaces previous instructions for T10):
1. If the U-Boot password is known, proceed with step 2.
If the U-Boot password is unknown, dump the NOR flash using a SPI
programmer and patch the unknown password to a known one. You can use
blocktrron's Python script:
https://github.com/blocktrron/t10-uboot-patcher/
This script will patch the password to '1234' (without quotes).
Alternatively, you can search for the hashed password in the NOR dump
yourself and overwrite it with a known one. The SHA1 hash is:
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
Write the patched NOR dump back to the device.
2. Connect the device via serial cable, power it on and interrupt
the boot process by pressing Ctrl+C. Enter the U-Boot password to access
the CLI.
3. (Optional) Populate the uboot-env partition by entering:
saveenv
This will allow you to use uboot-envtools from within OpenWrt later,
e.g. to increase the loadable kernel size.
The default loadable kernel size is 5MB, the compressed kernel size at
the time of this commit is 3.1MB.
4. Serve the initramfs OpenWrt image from a TFTP server at 10.0.1.13/24,
connected to eth0 (WAN) of the device. File name must be 'uImage'. Boot
with:
tftpboot; bootm;
Make sure to use the correct image for your device (T10 resp. T15)!
5. After booting, connect to OpenWrt on eth1 (LAN) via SSH. Verify
that the UBI partiton is mtd7, format it and install the sysupgrade
image.
$ cat /proc/mtd
$ ubiformat /dev/mtd7 -y
$ sysupgrade -n <path to sysupgrade.bin>
6. The device should now boot OpenWrt from NAND flash. Enjoy.
Back to stock:
Use the vendor recovery procedure.
Stock recovery might also be necessary in case you have accidentally used
the fw_setenv command from within OpenWrt without using saveenv in U-Boot
first.
In order to use the vendor firmware recovery procedure, the NAND partitions
mtd3 to mtd6 must remain intact. Make sure not to overwrite them, or keep
dumps of them for later recovery.
Signed-off-by: Shine <4c.fce2@proton.me>
Link: https://github.com/openwrt/openwrt/pull/16776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit be7aa5bda4)
Update to latest release.
Add patch `003-Revert-libcap-Add-build-ldflags-to-_makenames-rule.patch`
to fix errors in the form of:
```
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stack_chk_fail.o): relocation R_X86_64_32 against symbol `__stack_chk_guard' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(strerror.o): relocation R_X86_64_32 against `.rodata.errmsgstr' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(realloc.o): relocation R_X86_64_32S against hidden symbol `__malloc_size_classes' can not be used when making a PIE object
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(__stdout_write.o): relocation R_X86_64_32S against hidden symbol `__stdio_write' can not be used when making a PIE object
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(ofl.o): relocation R_X86_64_32 against `.bss.ofl_lock' can not be used when making a PIE object; recompile with -fPIE
/usr/bin/ld.bfd: /external-toolchain/openwrt-toolchain-x86-64_gcc-14.3.0_musl.Linux-x86_64/toolchain-x86_64_gcc-14.3.0_musl/lib/libc.a(stderr.o): warning: relocation against `__stderr_FILE' in read-only section `.rodata.stderr'
/usr/bin/ld.bfd: /usr/lib/gcc/x86_64-linux-gnu/10/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x12): undefined reference to `__libc_csu_fini'
/usr/bin/ld.bfd: (.text+0x19): undefined reference to `__libc_csu_init'
collect2: error: ld returned 1 exit status
```
Changes: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/diff/?id=v1.2.77&id2=v1.2.69&dt=2
The apk size did not increase much:
Old size for armsr/armv8:
16245 libcap-2.69-r1.apk
new size for armsr/armv8:
16315 libcap-2.77-r1.apk
Signed-off-by: Nick Hainke <vincent@systemli.org>
Link: https://github.com/openwrt/openwrt/pull/20881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport patch fixing support for GCC15 caused by __counted_by.
This macro was moved to a different header in recent kernel version and
caused wrong detection on the #ifndef condition.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
ca00527e5fc3 statefiles: don't write empty hosts files
24b70c5c2ff0 Revert "statefiles: fix escape sequence for broken hostname output"
5203ad13954c statefiles: fix stale pio handling for !ubus
a64760b30f67 odhcpd: rename piofolder to piodir
6779344a8c8a statefiles: use tmpfile functions for pio files
9f8abcc662d0 statefiles: rename prefix information functions
cb65b83e524e config: move pio json handling to statefiles.c
5b01849cc42c statefiles: add a dirfd helper function
eadde3d7dd74 statefiles: add tmp helper functions
c29aa7091498 statefiles: fix escape sequence for broken hostname output
00f2d7a4dbe5 dhcpv4: don't send zero IPv6-only preferred option
c86d29bb83d6 Revert "dhcpv6-ia: add some noise to the T1 and T2 periods"
b062769ab85f Revert "do not delegate ULA prefixes"
fd4714bb2dfe do not delegate ULA prefixes
81ea5bfef775 dhcpv6-ia: add some noise to the T1 and T2 periods
79252ed0c0...ca00527e5f
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Correct the order of the arguments.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21109
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following build error:
```
../src/apk.c: In function 'parse_options':
../src/apk.c:584:4: error: a label can only be part of a statement and a declaration is not a statement
584 | char *arg = opt_parse_arg(&st);
| ^~~~
```
Upstream MR: https://gitlab.alpinelinux.org/alpine/apk-tools/-/merge_requests/376
Fixes: b91ebdabbb ("apk: bump to 3.0.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware specification:
SoC: MediaTek MT7981B
Flash: ESMT F50L1G41LB 128MB
RAM: ESMT M15T2G16128A DDR3 256MB
Ethernet: 3x 1G
Button: Reset, WPS
MAC addresses
LAN: Label MAC (stored in Factory partition offset 0x1fef20)
WAN: LAN + 1
WiFi: LAN
Official LED layout, from left to right:
[power] [internet] [wps] [wifi] [lan3/2/1] [wan]
Redefinition for OpenWrt:
[power]: used for led-boot, led-failsafe, and led-running
[internet]: used for WAN RX/TX indication
[wps]: used for led-upgrade
[wifi] and [lan3/2/1]: unchanged
[wan]: used for WAN link indication
Installing OpenWrt:
- Setup a tftp server on your PC. Copy
xxx-preloader.bin, xxx-bl31-uboot.fip and
xxx-initramfs.itb to tftp root directory.
- Connect to the router via ssh or telnet,
username: useradmin, password is the web
login password of the router.
- Backup all critical flash partitions with
the following commands where x.x.x.x is
the IP of your PC.
IP=x.x.x.x
cd /dev
for d in /sys/class/mtd/mtd?; do
if [ "$(cat $d/name)" = "BL2" ]; then
tftp -l $(basename $d) -r bl2.img -p $IP
elif [ "$(cat $d/name)" = "FIP" ]; then
tftp -l $(basename $d) -r fip.bin -p $IP
elif [ "$(cat $d/name)" = "Factory" ]; then
tftp -l $(basename $d) -r factory.bin -p $IP
fi
done
for d in /sys/devices/virtual/ubi/ubi0/ubi0_*; do
[ "$(cat $d/name)" != "customer" ] && continue
tftp -l $(basename $d) -r customer -p $IP
break
done
- Flash with the following commands:
cd /tmp
tftp -r xxx-preloader.bin -g x.x.x.x
tftp -r xxx-bl31-uboot.fip -g x.x.x.x
mtd write xxx-preloader.bin spi0.0
mtd write xxx-bl31-uboot.fip FIP
mtd erase ubi
- Set a static ip(192.168.1.254) for your PC.
And then reboot the router. It will run
initramfs image automatically.
- After openwrt boots up, perform sysupgrade
via web UI.
Reverting to the vendor firmware:
- Setup a tftp server on your PC with ip
address 192.168.1.254. And make sure
bl2.img, fip.bin, factory.bin and customer
are located in tftp root directory.
- Power off the router.
- Press and hold WPS key, then power on
the router.
- Release WPS key, when internet/wifi/wps
leds are blinking.
- Wait until internet/wifi/wps leds light
up, power off the router.
- Press and hold reset key, power up the
router, release reset key 15s later.
- Connect to http://192.168.1.1, now you
can upload vendor .bin firmware.
Uboot netconsole:
Uboot netconsole can be enabled by WPS
or reset key.
- Setup a linux PC with ip 192.168.1.254.
Open a new terminal and execute
'stty -isig -echo cbreak; nc -lup 6666'
- Press and hold WPS(or reset) key, then
power on the router.
- Release key once internet/wifi/wps leds
are all on.
NOTE: don't hold the key more than 5s
after internet/wifi/wps leds on, or it
will try to revert to vendor firmware.
- 5s later, uboot bootmenu will show on
the terminal.
Signed-off-by: Zhiwei Cao <bfdeh@126.com>
Link: https://github.com/openwrt/openwrt/pull/18631
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reorder device names alphabetically and group together the same configs.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21052
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This function is defined but unused. There is no reason to keep it.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21052
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add pending fix for wrong resource_size() usage that cause firmware
crash on load on ath11k.
Refresh all affected patch by this.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Recently finalized 3 branch bumped to 3.0.1
dropped patches
-010-libressl4.patch; integrated at source
-999-small-scripts-tar.patch; integrated at source
refreshed remaining patches
DEPRECATION: Option 'compressed-help' is deprecated - removed.
DEPRECATION: Option 'zstd' value 'false' is replaced by 'disabled'
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21093
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Choose the minimal release build which excludes a number of
unused applets, not used on user devices.
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21093
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently its only possible to disable port forwarding only for specific
keys, via the OpenSSH-style restriction in `authorized_keys` file.
In some use cases it might be feasible to disable such features globally
on service level, so lets add new LocalPortForward and RemotePortForward
config knobs.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/21071
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The issue described in the patch can not be reproduced in the latest
6.18 ath10k-ct driver. It should have been fixed by the upstream.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/21089
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
