OpenWrt v25.12.0-rc3: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

feeds.conf.default

@@ -1,8 +1,5 @@
-src-git packages https://git.openwrt.org/feed/packages.git
-src-git luci https://git.openwrt.org/project/luci.git
-src-git routing https://git.openwrt.org/feed/routing.git
-src-git telephony https://git.openwrt.org/feed/telephony.git
-src-git video https://github.com/openwrt/video.git
-#src-git targets https://github.com/openwrt/targets.git
-#src-git oldpackages http://git.openwrt.org/packages.git
-#src-link custom /usr/src/openwrt/custom-feed
+src-git packages https://git.openwrt.org/feed/packages.git^594c3c8c8c5b7e98fd9d4d0cce7905324f18384a
+src-git luci https://git.openwrt.org/project/luci.git^8d9defc6a2b0a283f3595503e4aae597e6f684d0
+src-git routing https://git.openwrt.org/feed/routing.git^b43e4ac560ccbafba21dc3ab0dbe57afc07e7b88
+src-git telephony https://git.openwrt.org/feed/telephony.git^2618106d5846a4a542fdf5809f0d3ed228ce439b
+src-git video https://github.com/openwrt/video.git^094bf58da6682f895255a35a84349a79dab4bf95

include/image.mk

@@ -41,6 +41,9 @@ KDIR=$(KERNEL_BUILD_DIR)
 KDIR_TMP=$(KDIR)/tmp
 DTS_DIR:=$(LINUX_DIR)/arch/$(LINUX_KARCH)/boot/dts
 
+ifeq ($(EXTRA_IMAGE_NAME),)
+EXTRA_IMAGE_NAME:=$(call qstrip,$(CONFIG_EXTRA_IMAGE_NAME))
+endif
 IMG_PREFIX_EXTRA:=$(if $(EXTRA_IMAGE_NAME),$(call sanitize,$(EXTRA_IMAGE_NAME))-)
 IMG_PREFIX_VERNUM:=$(if $(CONFIG_VERSION_FILENAMES),$(call sanitize,$(VERSION_NUMBER))-)
 IMG_PREFIX_VERCODE:=$(if $(CONFIG_VERSION_CODE_FILENAMES),$(call sanitize,$(VERSION_CODE))-)

include/kernel.mk

@@ -306,4 +306,3 @@ kernel_patchver_ge=$(call kernel_version_cmp,-ge,$(KERNEL_PATCHVER),$(1))
 kernel_patchver_eq=$(call kernel_version_cmp,-eq,$(KERNEL_PATCHVER),$(1))
 kernel_patchver_le=$(call kernel_version_cmp,-le,$(KERNEL_PATCHVER),$(1))
 kernel_patchver_lt=$(call kernel_version_cmp,-lt,$(KERNEL_PATCHVER),$(1))
-

include/package-pack.mk

@@ -78,6 +78,196 @@ define FixupDependencies
   $(call AddDependency,$(1),$$(DEPS))
 endef
 
+# Format dependencies and extra dependencies
+#
+# ABI-version EXTRA_DEPENDS so dependencies can be correctly looked up using the
+# existing semantics without the ABI specified. This is needed since ABI-
+# versioned libraries don't provide `${package_name}=${package_version}`, so
+# that same library but with different ABI versions can be installed side by
+# side.
+#
+# Remove duplicate dependencies when EXTRA_DEPENDS specifies a versioned one
+# that is already in DEPENDS.
+#
+# 1: list of dependencies
+# 2: list of extra dependencies
+define FormatDepends
+$(strip
+  $(eval _COMMA_SEP := __COMMA_SEP__)
+  $(eval _SPACE_SEP := __SPACE_SEP__)
+  $(eval _DEPENDS := $(1))
+  $(eval _EXTRA_DEPENDS_ABI := )
+  $(eval _DEP_ITEMS := $(subst $(_COMMA_SEP),$(space),$(subst $(space),$(_SPACE_SEP),$(subst $(comma),$(_COMMA_SEP),$(2)))))
+
+  $(foreach dep,$(_DEP_ITEMS),
+    $(eval _EXTRA_DEP := )
+    $(eval _CUR_DEP := $(subst $(_SPACE_SEP),$(space),$(strip $(dep))))
+    $(eval _PKG_NAME := $(word 1,$(_CUR_DEP)))
+    $(if $(findstring $(paren_left), $(_PKG_NAME)),
+      $(error "Unsupported extra dependency format: no space before '(': $(_CUR_DEP)"))
+    )
+    $(eval _ABI_SUFFIX := $(call GetABISuffix,$(_PKG_NAME)))
+    $(eval _PKG_NAME_ABI := $(_PKG_NAME)$(_ABI_SUFFIX))
+    $(eval _VERSION_CONSTRAINT := $(word 2,$(_CUR_DEP)))
+    $(if $(_VERSION_CONSTRAINT),
+      $(eval _EXTRA_DEP := $(_PKG_NAME_ABI) $(_VERSION_CONSTRAINT)),
+      $(error "Extra dependencies must have version constraints. $(_PKG_NAME) seems to be unversioned.")
+    )
+    $(if $(and $(_EXTRA_DEPENDS_ABI),$(_EXTRA_DEP)),
+      $(eval _EXTRA_DEPENDS_ABI := $(_EXTRA_DEPENDS_ABI)$(comma)$(_EXTRA_DEP)),
+      $(eval _EXTRA_DEPENDS_ABI := $(_EXTRA_DEP))
+    )
+    $(if $(_DEPENDS),
+      $(eval _DEPENDS := $(filter-out $(_PKG_NAME_ABI),$(_DEPENDS)))
+    )
+  )
+
+  $(eval _DEPENDS := $(call mergelist,$(_DEPENDS)))
+  $(_EXTRA_DEPENDS_ABI)$(if $(_DEPENDS),$(comma) $(_DEPENDS))
+)
+endef
+
+# Format provide and add ABI and version if it's not a virtual provide marked
+# with an @.
+#
+# Same as for the base package name, if ABI version is set, provide both
+# unversioned provide and one with ABI version and version.
+#
+# 1: provide name
+# 2: provide version
+# 3: (optional) ABI version
+define AddProvide
+$(strip
+  $(if $(filter @%,$(1)),
+    $(patsubst @%,%,$(1)),
+    $(if $(3),
+      $(1) $(1)$(call FormatABISuffix,$(1),$(3))=$(2),
+      $(1)=$(2)
+    )
+  )
+)
+endef
+
+# Remove virtual provides prefix and self. apk doesn't like it when packages
+# specify a redundant provide pointing to self.
+#
+# 1: package name
+# 2: list of provides
+define SanitizeProvides
+$(filter-out $(1),$(patsubst @%,%,$(2)))
+endef
+
+# Format provides both for apk and control
+#
+# - If ABI version is defined:
+#   - package is named `${package_name}${ABI_version}`
+#     if a `package_name` ends in a number, the `ABI_version` will be prefixed
+#     with a - sign, e.g.: libsqlite3-0
+#   - package implicitly provides
+#     `${package_name}${ABI_version}=${package_version}`
+#     this implies that only one version of a package per ABI can be installed
+#     at the same time
+#   - additionally provide `${package_name}` so multiple packages can be looked
+#     up by its base name
+#   - for each `provides`:
+#     - provide `${provide}${ABI_version}=${package_version}`
+#       this implies that only one version of a provide can be installed at the
+#       same time
+#     - if a `provide` ends in a number, the `ABI_version` will be prefixed with
+#       a - sign, e.g.: provide1-0
+#     - additionally provide `${provide}` so multiple packages can be looked up
+#       by its base name
+#
+# - else if ABI version is _not_ defined
+#   - package is named `${package_name}`
+#   - package implicitly provides `${package_name}=${package_version}`
+#     this implies that only one version of a package can be installed at the
+#     same time
+#   - for each `provides`, provide `${provide}=${package_version}` this implies
+#     that only one version of a provide can be installed at the same time
+#
+# - Both with and without an ABI, if a provide starts with an @, treat it as a
+#   virtual provide, that doesn't own the name by not appending version.
+#   Multiple packages with the same virtual provides can be installed
+#   side-by-side.
+#
+# - apk doesn't like it when packages specify a redundant provide pointing to
+#   self. Filter it out, but keep virtual self provides, in the form of
+#   @(kmod-)?${package_name}-any.
+#
+# - Packages implicitly add a virtual @${package_name}-any provide in Package,
+#   which implies that kmods, which are also packages, will have a virtual
+#   @kmod-${package_name}-any provide.
+#
+# - Aside from the two aforementioned implicit provides, packages are expected
+#   to manage their provides themselves.
+#
+# - When multiple variants inside the same package have the same provide, a
+#   default variant must be set using DEFAULT_VARIANT:=1.
+#
+# - Cross-package provides must be virtual and a default variant must be set. If
+#   different packages provide the same versioned (i.e. non-virtual) provide the
+#   package with a higher version will be preferred, which results in unintended
+#   behavior, because the order might change with package updates.
+#
+#   Example:
+#   - both uclient-fetch and wget provide wget
+#   - wget doesn't have a default variant called wget that would provide an
+#     implicit @wget-any
+#     - add wget to PROVIDES for both wget-ssl and wget-nossl variants so they
+#       can't be installed at the same time
+#     - add @wget-any to both packages so packages outside of wget can provide
+#       it
+#   - uclient-fetch has only one variant
+#     - add @wget-any to PROVIDES
+#     - mark uclient-fetch as the default variant using DEFAULT_VARIANT:=1
+#   - switch wget consumer that don't depend on a specific version like apk to
+#     depend on @wget-any
+#
+# - Alternatives don't affect the packaging.
+#
+# 1: package name
+# 2: package version
+# 3: ABI version
+# 4: list of provides
+define FormatProvides
+$(strip
+  $(if $(call FormatABISuffix,$(1),$(3)),
+    $(1) $(foreach provide,
+      $(filter-out $(1),$(4)),
+      $(call AddProvide,$(provide),$(2),$(3))
+    ),
+    $(foreach provide,
+      $(filter-out $(1),$(4)),
+      $(call AddProvide,$(provide),$(2))
+    )
+  )
+)
+endef
+
+# Get apk provider priority
+#
+# - if a package is marked as a default variant, set it to 100.
+#
+# - if a package has an ABI version defined, set it to 10.
+#   The enables packages with an ABI version to be installed by their base name
+#   instead of a name and an ABI version, e.g.:
+#   libfoo3, where 3 is the ABI version can be installed by just libfoo.
+#   This affects manual installation only, as the dependency resolution takes
+#   care of ABI versions.
+#
+# - otherwise return nothing, i.e. package will have the default priority 0.
+#
+# 1: Default variant
+# 2: ABI version
+define GetProviderPriority
+$(strip
+  $(if $(1),100,
+    $(if $(2),10)
+  )
+)
+endef
+
 ifneq ($(PKG_NAME),toolchain)
   define CheckDependencies
 	@( \
@@ -191,17 +381,33 @@ endif
     $(STAGING_DIR_ROOT)/stamp/.$(1)_installed: $(PKG_BUILD_DIR)/.pkgdir/$(1).installed
 	mkdir -p $(STAGING_DIR_ROOT)/stamp
 	$(if $(ABI_VERSION),echo '$(ABI_VERSION)' | cmp -s - $(PKG_INFO_DIR)/$(1).version || { \
+		mkdir -p $(PKG_INFO_DIR); \
 		echo '$(ABI_VERSION)' > $(PKG_INFO_DIR)/$(1).version; \
-		$(foreach pkg,$(filter-out $(1),$(PROVIDES)), \
+		$(foreach pkg,$(call SanitizeProvides,$(1),$(PROVIDES)), \
 			cp $(PKG_INFO_DIR)/$(1).version $(PKG_INFO_DIR)/$(pkg).version; \
 		) \
 	} )
 	$(call locked,$(CP) $(PKG_BUILD_DIR)/.pkgdir/$(1)/. $(STAGING_DIR_ROOT)/,root-copy)
 	touch $$@
 
-    Package/$(1)/DEPENDS := $$(call mergelist,$$(foreach dep,$$(filter-out @%,$$(IDEPEND_$(1))),$$(dep)$$(call GetABISuffix,$$(dep))))
+    Package/$(1)/DEPENDS := $$(foreach dep,$$(filter-out @%,$$(IDEPEND_$(1))),$$(dep)$$(call GetABISuffix,$$(dep)))
     ifneq ($$(EXTRA_DEPENDS),)
-      Package/$(1)/DEPENDS := $$(EXTRA_DEPENDS)$$(if $$(Package/$(1)/DEPENDS),$$(comma) $$(Package/$(1)/DEPENDS))
+      ifeq ($(CONFIG_USE_APK),)
+        Package/$(1)/DEPENDS := $$(call mergelist,$$(Package/$(1)/DEPENDS))
+        Package/$(1)/DEPENDS := $$(EXTRA_DEPENDS)$$(if $$(Package/$(1)/DEPENDS),$$(comma) $$(Package/$(1)/DEPENDS))
+      else
+        Package/$(1)/DEPENDS := $$(call FormatDepends,$$(Package/$(1)/DEPENDS),$$(EXTRA_DEPENDS))
+      endif
+    else
+      Package/$(1)/DEPENDS := $$(call mergelist,$$(Package/$(1)/DEPENDS))
+    endif
+
+    ifeq ($(CONFIG_USE_APK),)
+      Package/$(1)/PROVIDES := $$(patsubst @%,%,$(PROVIDES))
+      Package/$(1)/PROVIDES := $$(filter-out $(1)$$(ABIV_$(1)),$$(Package/$(1)/PROVIDES)$$(if $$(ABIV_$(1)), $(1) $$(foreach provide,$$(Package/$(1)/PROVIDES),$$(provide)$$(ABIV_$(1)))))
+    else
+      Package/$(1)/PROVIDES := $$(call FormatProvides,$(1),$(VERSION),$(ABI_VERSION),$(PROVIDES))
+      Package/$(1)/PRIORITY := $$(call GetProviderPriority,$(DEFAULT_VARIANT),$(ABI_VERSION))
     endif
 
 $(_define) Package/$(1)/CONTROL
@@ -209,7 +415,7 @@ Package: $(1)$$(ABIV_$(1))
 Version: $(VERSION)
 $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,Conflicts,$$(call mergelist,$(CONFLICTS))
-)$$(call addfield,Provides,$$(call mergelist,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), $(1) $(foreach provide,$(PROVIDES),$(provide)$$(ABIV_$(1))))))
+)$$(call addfield,Provides,$$(call mergelist,$$(Package/$(1)/PROVIDES))
 )$$(call addfield,Alternatives,$$(call mergelist,$(ALTERNATIVES))
 )$$(call addfield,Source,$(SOURCE)
 )$$(call addfield,SourceName,$(PKG_NAME)
@@ -253,7 +459,7 @@ endif
 			fi; \
 		done; $(Package/$(1)/extra_provides) \
 	) | sort -u > $(PKG_INFO_DIR)/$(1).provides
-	$(if $(PROVIDES),@for pkg in $(filter-out $(1),$(PROVIDES)); do cp $(PKG_INFO_DIR)/$(1).provides $(PKG_INFO_DIR)/$$$$pkg.provides; done)
+	$(if $(PROVIDES),@for pkg in $(call SanitizeProvides,$(1),$(PROVIDES)); do cp $(PKG_INFO_DIR)/$(1).provides $(PKG_INFO_DIR)/$$$$pkg.provides; done)
 	$(CheckDependencies)
 
 	$(RSTRIP) $$(IDIR_$(1))
@@ -320,24 +526,24 @@ else
 		echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
 		echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \
 		echo 'export root="$$$${IPKG_INSTROOT}"'; \
-		echo 'export pkgname="$(1)"'; \
+		echo 'export pkgname="$(1)$$(ABIV_$(1))"'; \
 		echo "add_group_and_user"; \
 		echo "default_postinst"; \
-		[ ! -f $$(ADIR_$(1))/postinst-pkg ] || sed -z 's/^\s*#!/#!/' "$$(ADIR_$(1))/postinst-pkg"; \
+		[ ! -f $$(ADIR_$(1))/postinst-pkg ] || sed '/^\s*#!/d' "$$(ADIR_$(1))/postinst-pkg"; \
 	) > $$(ADIR_$(1))/post-install;
 
     ifdef Package/$(1)/preinst
 	( \
 		echo "#!/bin/sh"; \
 		echo 'export PKG_UPGRADE=1'; \
-		[ ! -f $$(ADIR_$(1))/preinst ] || sed -z 's/^\s*#!/#!/' "$$(ADIR_$(1))/preinst"; \
+		[ ! -f $$(ADIR_$(1))/preinst ] || sed '/^\s*#!/d' "$$(ADIR_$(1))/preinst"; \
 	) > $$(ADIR_$(1))/pre-upgrade;
     endif
 
 	( \
 		echo "#!/bin/sh"; \
 		echo 'export PKG_UPGRADE=1'; \
-		[ ! -f $$(ADIR_$(1))/post-install ] || sed -z 's/^\s*#!/#!/' "$$(ADIR_$(1))/post-install"; \
+		[ ! -f $$(ADIR_$(1))/post-install ] || sed '/^\s*#!/d' "$$(ADIR_$(1))/post-install"; \
 	) > $$(ADIR_$(1))/post-upgrade;
 
 	( \
@@ -345,34 +551,34 @@ else
 		echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
 		echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \
 		echo 'export root="$$$${IPKG_INSTROOT}"'; \
-		echo 'export pkgname="$(1)"'; \
+		echo 'export pkgname="$(1)$$(ABIV_$(1))"'; \
 		echo "default_prerm"; \
-		[ ! -f $$(ADIR_$(1))/prerm-pkg ] || sed -z 's/^\s*#!/#!/' "$$(ADIR_$(1))/prerm-pkg"; \
+		[ ! -f $$(ADIR_$(1))/prerm-pkg ] || sed '/^\s*#!/d' "$$(ADIR_$(1))/prerm-pkg"; \
 	) > $$(ADIR_$(1))/pre-deinstall;
 
 	[ ! -f $$(ADIR_$(1))/postrm ] || sed -zi 's/^\s*#!/#!/' "$$(ADIR_$(1))/postrm";
 
-	if [ -n "$(USERID)" ]; then echo $(USERID) > $$(IDIR_$(1))/lib/apk/packages/$(1).rusers; fi;
-	if [ -n "$(ALTERNATIVES)" ]; then echo $(ALTERNATIVES) > $$(IDIR_$(1))/lib/apk/packages/$(1).alternatives; fi;
-	(cd $$(IDIR_$(1)) && find . -type f,l -printf "/%P\n" | sort > $(TMP_DIR)/$(1).list && mv $(TMP_DIR)/$(1).list $$(IDIR_$(1))/lib/apk/packages/$(1).list)
+	if [ -n "$(USERID)" ]; then echo $(USERID) > $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).rusers; fi;
+	if [ -n "$(ALTERNATIVES)" ]; then echo $(ALTERNATIVES) > $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).alternatives; fi;
+	(cd $$(IDIR_$(1)) && find . -type f,l -printf "/%P\n" | sort > $(TMP_DIR)/$(1).list && mv $(TMP_DIR)/$(1).list $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).list)
 	# Move conffiles to IDIR and build conffiles_static with csums
 	if [ -f $$(ADIR_$(1))/conffiles ]; then \
-		mv -f $$(ADIR_$(1))/conffiles $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles; \
-		for file in $$$$(cat $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles); do \
+		mv -f $$(ADIR_$(1))/conffiles $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).conffiles; \
+		for file in $$$$(cat $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).conffiles); do \
 			[ -f $$(IDIR_$(1))/$$$$file ] || continue; \
 			csum=$$$$($(MKHASH) sha256 $$(IDIR_$(1))/$$$$file); \
-			echo $$$$file $$$$csum >> $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles_static; \
+			echo $$$$file $$$$csum >> $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).conffiles_static; \
 		done; \
 	fi
 
 	# Some package (base-files) manually append stuff to conffiles
 	# Append stuff from it and delete the CONTROL directory since everything else should be migrated
 	if [ -f $$(IDIR_$(1))/CONTROL/conffiles ]; then \
-		echo $$$$(IDIR_$(1))/CONTROL/conffiles >> $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles; \
+		echo $$$$(IDIR_$(1))/CONTROL/conffiles >> $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).conffiles; \
 		for file in $$$$(cat $$(IDIR_$(1))/CONTROL/conffiles); do \
 			[ -f $$(IDIR_$(1))/$$$$file ] || continue; \
 			csum=$$$$($(MKHASH) sha256 $$(IDIR_$(1))/$$$$file); \
-			echo $$$$file $$$$csum >> $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles_static; \
+			echo $$$$file $$$$csum >> $$(IDIR_$(1))/lib/apk/packages/$(1)$$(ABIV_$(1)).conffiles_static; \
 		done; \
 		rm -rf $$(IDIR_$(1))/CONTROL/conffiles; \
 	fi
@@ -394,17 +600,8 @@ else
 	  --info "origin:$(SOURCE)" \
 	  --info "url:$(URL)" \
 	  --info "maintainer:$(MAINTAINER)" \
-	  --info "provides:$$(foreach prov,\
-			$$(filter-out $(1)$$(ABIV_$(1)), \
-			$(PROVIDES)$$(if $$(ABIV_$(1)), \
-				$(1)=$(VERSION) $(foreach provide, \
-					$(PROVIDES), \
-					$(provide)$$(ABIV_$(1))=$(VERSION) \
-				) \
-			) \
-		), \
-		$$(prov) )" \
-	  $(if $(DEFAULT_VARIANT),--info "provider-priority:100",$(if $(PROVIDES),--info "provider-priority:1")) \
+	  $$(if $$(Package/$(1)/PROVIDES),--info "provides:$$(Package/$(1)/PROVIDES)") \
+	  $$(if $$(Package/$(1)/PRIORITY),--info "provider-priority:$$(Package/$(1)/PRIORITY)") \
 	  $$(APK_SCRIPTS_$(1)) \
 	  --info "depends:$$(foreach depends,$$(subst $$(comma),$$(space),$$(subst $$(space),,$$(subst $$(paren_right),,$$(subst $$(paren_left),,$$(Package/$(1)/DEPENDS))))),$$(depends))" \
 	  --files "$$(IDIR_$(1))" \

include/package.mk

@@ -332,6 +332,13 @@ define BuildPackage
   $(eval $(Package/Default))
   $(eval $(Package/$(1)))
 
+  # Add an implicit self-provide. apk can't handle self provides, be it
+  # versioned or virtual, so opt for a suffix instead. This allows several
+  # variants to provide the same virtual package without adding extra provides
+  # to the default one, e.g. wget implicitly provides wget-any and is marked as
+  # default, so wget-ssl can explicitly provide @wget-any as well.
+  $(eval PROVIDES:=$(strip @$(1)-any $(PROVIDES)))
+
 ifdef DESCRIPTION
 $$(error DESCRIPTION:= is obsolete, use Package/PKG_NAME/description)
 endif

include/version.mk

@@ -27,13 +27,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),SNAPSHOT)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),25.12.0-rc3)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION))
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r32486-30527a4c34)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/25.12.0-rc3)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/files/etc/uci-defaults/14_network-generate-duid

@@ -1,4 +1,4 @@
-[ "$(uci -q get network.globals.dhcp_default_duid)" != "auto" ] && exit 0
+[ "$(uci -q get network.globals.dhcp_default_duid || echo "auto")" != "auto" ] && exit 0
 
 uci -q batch <<-EOF >/dev/null
 	# DUID-UUID - RFC6355

package/base-files/files/etc/uci-defaults/15_migrate-time-zonename

@@ -0,0 +1,6 @@
+zonename="$(uci -q get system.@system[0].zonename)"
+case "$zonename" in
+        *[[:space:]]*) uci set system.@system[0].zonename="${zonename// /_}" ;;
+esac
+
+exit 0

package/base-files/files/lib/functions.sh

@@ -382,7 +382,7 @@ default_postinst() {
 			uci commit
 		fi
 
-		rm -f /tmp/luci-indexcache
+		rm -f /tmp/luci-indexcache.*
 	fi
 
 	if [ -f "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ]; then

package/base-files/files/lib/functions/network.sh

@@ -24,6 +24,17 @@ __network_ifstatus() {
 	eval "$__tmp"
 }
 
+# determine the IAID of the given logical interface
+# 1: destination variable
+# 2: interface
+network_generate_iface_iaid() {
+	local __iaid
+
+	__iaid=$(printf '%s' "$2" | md5sum | cut -c 1-8)
+
+	export "$1=$__iaid"
+}
+
 # determine first IPv4 address of given logical interface
 # 1: destination variable
 # 2: interface

package/base-files/image-config.in

@@ -5,6 +5,14 @@
 # See /LICENSE for more information.
 #
 
+config EXTRA_IMAGE_NAME
+	string
+	prompt "Extra image filename" if IMAGEOPT
+	default ""
+	help
+		Add this to the output image filenames, to distinguish between
+		different builds for the same hardware type.
+
 config TARGET_DEFAULT_LAN_IP_FROM_PREINIT
 	bool "Use preinit IP configuration as default LAN IP" if IMAGEOPT
 	default n
@@ -190,7 +198,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/snapshots"
+		default "https://downloads.openwrt.org/releases/25.12.0-rc3"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:
@@ -272,7 +280,7 @@ if VERSIONOPT
 	config VERSION_CODE_FILENAMES
 		bool
 		prompt "Revision code in filenames"
-		default y
+		default n
 		help
 			Enable this to include the revision identifier or the configured
 			version code into the firmware image, SDK- and Image Builder archive

package/boot/arm-trusted-firmware-mediatek/Makefile

@@ -30,6 +30,7 @@ define Trusted-Firmware-A/Default
   BOOT_DEVICE:=
   DDR3_FLYBY:=
   DDR3_FREQ_1866:=
+  DDR4_4BG_MODE:=
   DDR_TYPE:=
   NAND_TYPE:=
   BOARD_QFN:=
@@ -139,6 +140,14 @@ define Trusted-Firmware-A/mt7622-sdmmc-2ddr
   DDR3_FLYBY:=1
 endef
 
+define Trusted-Firmware-A/mt7981-nor-ddr4
+  NAME:=MediaTek MT7981 (SPI-NOR, DDR4)
+  BOOT_DEVICE:=nor
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+endef
+
 define Trusted-Firmware-A/mt7981-ram-ddr4
   NAME:=MediaTek MT7981 (RAM, DDR4)
   BOOT_DEVICE:=ram
@@ -158,6 +167,14 @@ define Trusted-Firmware-A/mt7981-emmc-ddr4
   DDR_TYPE:=ddr4
 endef
 
+define Trusted-Firmware-A/mt7981-sdmmc-ddr4
+  NAME:=MediaTek MT7981 (SD card, DDR4)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+endef
+
 define Trusted-Firmware-A/mt7981-spim-nand-ddr4
   NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR4)
   BOOT_DEVICE:=spim-nand
@@ -186,14 +203,6 @@ define Trusted-Firmware-A/mt7981-ram-ddr3
   DEFAULT:=TARGET_mediatek_filogic
 endef
 
-define Trusted-Firmware-A/mt7981-nor-ddr4
-  NAME:=MediaTek MT7981 (SPI-NOR, DDR4)
-  BOOT_DEVICE:=nor
-  BUILD_SUBTARGET:=filogic
-  PLAT:=mt7981
-  DDR_TYPE:=ddr4
-endef
-
 define Trusted-Firmware-A/mt7981-emmc-ddr3
   NAME:=MediaTek MT7981 (eMMC, DDR3)
   BOOT_DEVICE:=emmc
@@ -244,8 +253,17 @@ define Trusted-Firmware-A/mt7981-spim-nand-ddr3-1866mhz
   DDR3_FREQ_1866:=1
 endef
 
-define Trusted-Firmware-A/mt7981-cudy-tr3000-v1
-  NAME:=Cudy TR3000 v1 (SPI-NAND via SPIM, DDR3)
+define Trusted-Firmware-A/mt7981-spim-nand-ubi-ddr4
+  NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR4)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7981
+  DDR_TYPE:=ddr4
+  USE_UBI:=1
+endef
+
+define Trusted-Firmware-A/mt7981-cudy-ddr3
+  NAME:=Cudy (SPI-NAND via SPIM, DDR3)
   BOOT_DEVICE:=spim-nand
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7981
@@ -265,15 +283,6 @@ define Trusted-Firmware-A/mt7986-ram-ddr4
   DEFAULT:=TARGET_mediatek_filogic
 endef
 
-define Trusted-Firmware-A/mt7981-spim-nand-ubi-ddr4
-  NAME:=MediaTek MT7981 (SPI-NAND via SPIM, DDR4)
-  BOOT_DEVICE:=spim-nand
-  BUILD_SUBTARGET:=filogic
-  PLAT:=mt7981
-  DDR_TYPE:=ddr4
-  USE_UBI:=1
-endef
-
 define Trusted-Firmware-A/mt7986-nor-ddr4
   NAME:=MediaTek MT7986 (SPI-NOR, DDR4)
   BOOT_DEVICE:=nor
@@ -399,7 +408,14 @@ define Trusted-Firmware-A/mt7987-emmc-comb
   BOOT_DEVICE:=emmc
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7987-emmc-ddr4-4bg
+  NAME:=MediaTek MT7987 (eMMC, DDR4 4GB)
+  BOOT_DEVICE:=emmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7987
+  DDR4_4BG_MODE:=1
 endef
 
 define Trusted-Firmware-A/mt7987-nor-comb
@@ -407,7 +423,6 @@ define Trusted-Firmware-A/mt7987-nor-comb
   BOOT_DEVICE:=nor
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
 endef
 
 define Trusted-Firmware-A/mt7987-sdmmc-comb
@@ -415,7 +430,22 @@ define Trusted-Firmware-A/mt7987-sdmmc-comb
   BOOT_DEVICE:=sdmmc
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
+endef
+
+define Trusted-Firmware-A/mt7987-sdmmc-ddr4-4bg
+  NAME:=MediaTek MT7987 (SD card, DDR4 4GB)
+  BOOT_DEVICE:=sdmmc
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7987
+  DDR4_4BG_MODE:=1
+endef
+
+define Trusted-Firmware-A/mt7987-spim-nand0
+  NAME:=MediaTek MT7987 (SPI-NAND via SPIM)
+  BOOT_DEVICE:=spim-nand
+  BUILD_SUBTARGET:=filogic
+  PLAT:=mt7987
+  SPIM_CTRL:=0
 endef
 
 define Trusted-Firmware-A/mt7987-spim-nand0-ubi-comb
@@ -423,7 +453,6 @@ define Trusted-Firmware-A/mt7987-spim-nand0-ubi-comb
   BOOT_DEVICE:=spim-nand
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
   USE_UBI:=1
   SPIM_CTRL:=0
 endef
@@ -433,7 +462,6 @@ define Trusted-Firmware-A/mt7987-spim-nand2-ubi-comb
   BOOT_DEVICE:=spim-nand
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
   USE_UBI:=1
   SPIM_CTRL:=2
 endef
@@ -443,7 +471,6 @@ define Trusted-Firmware-A/mt7987-ram-comb
   BOOT_DEVICE:=ram
   BUILD_SUBTARGET:=filogic
   PLAT:=mt7987
-  DRAM_USE_COMB:=1
   RAM_BOOT_UART_DL:=1
   HIDDEN:=
   DEFAULT:=TARGET_mediatek_filogic
@@ -643,8 +670,9 @@ TFA_TARGETS:= \
 	mt7981-spim-nand-ubi-ddr4 \
 	mt7981-ram-ddr4 \
 	mt7981-emmc-ddr4 \
+	mt7981-sdmmc-ddr4 \
 	mt7981-spim-nand-ddr4 \
-	mt7981-cudy-tr3000-v1 \
+	mt7981-cudy-ddr3 \
 	mt7986-ram-ddr3 \
 	mt7986-emmc-ddr3 \
 	mt7986-nor-ddr3 \
@@ -661,8 +689,11 @@ TFA_TARGETS:= \
 	mt7986-spim-nand-ubi-ddr4 \
 	mt7986-spim-nand-4k-ddr4 \
 	mt7987-emmc-comb \
+	mt7987-emmc-ddr4-4bg \
 	mt7987-nor-comb \
 	mt7987-sdmmc-comb \
+	mt7987-sdmmc-ddr4-4bg \
+	mt7987-spim-nand0 \
 	mt7987-spim-nand0-ubi-comb \
 	mt7987-spim-nand2-ubi-comb \
 	mt7987-ram-comb \
@@ -696,6 +727,7 @@ TFA_MAKE_FLAGS += \
 	HAVE_DRAM_OBJ_FILE=yes \
 	$(if $(DDR3_FLYBY),DDR3_FLYBY=1) \
 	$(if $(DDR3_FREQ_1866),DDR3_FREQ_1866=1) \
+	$(if $(DDR4_4BG_MODE),DDR4_4BG_MODE=1) \
 	$(if $(DRAM_USE_COMB),DRAM_USE_COMB=1) \
 	$(if $(RAM_BOOT_UART_DL),RAM_BOOT_UART_DL=1) \
 	$(if $(USE_UBI),UBI=1 $(if $(findstring mt7622,$(PLAT)),OVERRIDE_UBI_START_ADDR=0x80000)) \

package/boot/arm-trusted-firmware-microchipsw/Makefile

@@ -5,10 +5,11 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=https://github.com/microchip-ung/arm-trusted-firmware.git
-PKG_SOURCE_DATE:=2024-08-13
-PKG_SOURCE_VERSION:=67fcfcab71f78ac7d4af834c37b29f8c98dd5ff1
-PKG_MIRROR_HASH:=777c68273e84028de77750f3fe8a1219b02f01d43ce35948893ac642d8eb10d7
+PKG_SOURCE_DATE:=2026-01-07
+PKG_SOURCE_VERSION:=7696c9aaaae7c677f4c373a61a1289cba7f824aa
+PKG_MIRROR_HASH:=331548d7c73896bd5e4438c0ec9c71bbe58d3bf9a29350496ad94c382e922b9c
 
+PKG_BUILD_DEPENDS:=ruby/host
 PKG_MAINTAINER:=Robert Marko <robert.marko@sartura.hr>
 
 include $(INCLUDE_DIR)/kernel.mk
@@ -28,7 +29,17 @@ define Trusted-Firmware-A/ev23x71a
   DEPENDS:=+u-boot-ev23x71a
 endef
 
-TFA_TARGETS:= ev23x71a
+define Trusted-Firmware-A/tactical-1000
+  NAME:=Novarq Tactical 1000
+  BUILD_SUBTARGET:=lan969x
+  BUILD_DEVICES:=novarq_tactical-1000
+  PLAT:=novarq_tactical_1000_v3
+  DEPENDS:=+u-boot-tactical-1000
+endef
+
+TFA_TARGETS:= \
+	ev23x71a \
+	tactical-1000
 
 MBEDTLS_NAME:=mbedtls
 MBEDTLS_RELEASE:=2.28.10
@@ -52,17 +63,6 @@ define Build/Prepare
 	$(TAR) -C $(PKG_BUILD_DIR) -xf $(DL_DIR)/$(MBEDTLS_SOURCE)
 endef
 
-# We must not pass OPENSSL_DIR as locally built mbedtls is used
-define Build/Compile
-	+unset CC; \
-	$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
-		CROSS_COMPILE=$(TARGET_CROSS) \
-		$(if $(DTC),DTC="$(DTC)") \
-		PLAT=$(PLAT) \
-		BUILD_STRING="OpenWrt $(PKG_VERSION_PREFIX)$(PKG_VERSION)-$(PKG_RELEASE) ($(VARIANT))" \
-		$(TFA_MAKE_FLAGS)
-endef
-
 TFA_MAKE_FLAGS += \
 	MBEDTLS_DIR=$(PKG_BUILD_DIR)/$(MBEDTLS_NAME) \
 	BL33=$(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-u-boot.bin \

package/boot/arm-trusted-firmware-microchipsw/patches/0001-microchip-lan969x-add-Novarq-Tactical-1000-v3.patch

@@ -0,0 +1,171 @@
+From 190202583edb9dcab5ca49638169d08a332f0fdf Mon Sep 17 00:00:00 2001
+From: Robert Marko <robert.marko@sartura.hr>
+Date: Sun, 2 Nov 2025 16:57:45 +0100
+Subject: [PATCH] microchip: lan969x: add Novarq Tactical 1000 v3
+
+Add support for Novarq Tactical 1000 v3 board as a separate platform since
+it uses 2GB of RAM and requires a different RAM configuration.
+
+Signed-off-by: Robert Marko <robert.marko@sartura.hr>
+---
+ .../fdts/lan969x-tactical-1000-v3-ddr.dtsi    | 90 +++++++++++++++++++
+ .../novarq_tactical_1000_v3_tb_fw_config.dts  | 30 +++++++
+ .../novarq_tactical_1000_v3/platform.mk       | 12 +++
+ scripts/fwu/fwu.js                            |  2 +-
+ 4 files changed, 133 insertions(+), 1 deletion(-)
+ create mode 100644 plat/microchip/lan969x/fdts/lan969x-tactical-1000-v3-ddr.dtsi
+ create mode 100644 plat/microchip/lan969x/novarq_tactical_1000_v3/fdts/novarq_tactical_1000_v3_tb_fw_config.dts
+ create mode 100644 plat/microchip/lan969x/novarq_tactical_1000_v3/platform.mk
+
+--- /dev/null
++++ b/plat/microchip/lan969x/fdts/lan969x-tactical-1000-v3-ddr.dtsi
+@@ -0,0 +1,90 @@
++// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
++/*
++ * Copyright (C) 2022 Microchip Technology Inc. and its subsidiaries.
++ *
++ */
++
++&ddr {
++	microchip,mem-name = "lan969x_tactical_1000_2gb 2025-11-02-13:03:23 7391dfb-dirty";
++	microchip,mem-speed = <2400>;
++	microchip,mem-size = <0x80000000>;
++	microchip,mem-bus-width = <16>;
++
++	microchip,main-reg = <
++		0x00001091	/* crcparctl1 */
++		0x00000001	/* dbictl */
++		0x00000040	/* dfimisc */
++		0x0391820f	/* dfitmg0 */
++		0x00040201	/* dfitmg1 */
++		0x40400003	/* dfiupd0 */
++		0x004000ff	/* dfiupd1 */
++		0x003f7f40	/* ecccfg0 */
++		0x00020248	/* init0 */
++		0x00e80000	/* init1 */
++		0x0c340101	/* init3 */
++		0x10180200	/* init4 */
++		0x00110000	/* init5 */
++		0x00000402	/* init6 */
++		0x00000c19	/* init7 */
++		0x81040010	/* mstr */
++		0x00000000	/* pccfg */
++		0x00000000	/* pwrctl */
++		0x00210020	/* rfshctl0 */
++		0x00000000	/* rfshctl3 */
++	>;
++
++	microchip,timing-reg = <
++		0x17131413	/* dramtmg0 */
++		0x0007051b	/* dramtmg1 */
++		0x1a000010	/* dramtmg12 */
++		0x090b0512	/* dramtmg2 */
++		0x0000400c	/* dramtmg3 */
++		0x08040409	/* dramtmg4 */
++		0x07070404	/* dramtmg5 */
++		0x07060c0b	/* dramtmg8 */
++		0x0003040d	/* dramtmg9 */
++		0x07000610	/* odtcfg */
++		0x0049014b	/* rfshtmg */
++	>;
++
++	microchip,mapping-reg = <
++		0x0000001f	/* addrmap0 */
++		0x003f0909	/* addrmap1 */
++		0x00000700	/* addrmap2 */
++		0x00000000	/* addrmap3 */
++		0x00001f1f	/* addrmap4 */
++		0x07070707	/* addrmap5 */
++		0x07070707	/* addrmap6 */
++		0x00000f07	/* addrmap7 */
++		0x00003f01	/* addrmap8 */
++	>;
++
++	microchip,phy-reg = <
++		0x0000040c	/* dcr */
++		0x0064401b	/* dsgcr */
++		0x8000b0cf	/* dtcr0 */
++		0x00010a37	/* dtcr1 */
++		0x00c01884	/* dxccr */
++		0x000010ba	/* pgcr2 */
++		0x00000000	/* schcr1 */
++		0x00079900	/* zq0pr */
++		0x10077900	/* zq1pr */
++		0x00000000	/* zq2pr */
++		0x00058f00	/* zqcr */
++	>;
++
++	microchip,phy_timing-reg = <
++		0x0827100a	/* dtpr0 */
++		0x28250018	/* dtpr1 */
++		0x000702a1	/* dtpr2 */
++		0x03000101	/* dtpr3 */
++		0x02950808	/* dtpr4 */
++		0x00361009	/* dtpr5 */
++		0x4ae25710	/* ptr0 */
++		0x74f4950e	/* ptr1 */
++		0x00083def	/* ptr2 */
++		0x2a192000	/* ptr3 */
++		0x1003a000	/* ptr4 */
++	>;
++
++};
+--- /dev/null
++++ b/plat/microchip/lan969x/novarq_tactical_1000_v3/fdts/novarq_tactical_1000_v3_tb_fw_config.dts
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (c) 2022, Microchip Technology Inc. and its subsidiaries.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++/dts-v1/;
++
++#include "lan969x.dtsi"
++#include "lan969x-tactical-1000-v3-ddr.dtsi"
++
++&emmc_clk {
++	clock-frequency = <100000000>;
++};
++
++&sdmmc0 {
++	status = "okay";
++	bus-width = <8>;
++};
++
++&qspi0 {
++	status = "okay";
++	spi-flash@0 {
++		compatible = "jedec,spi-nor";
++		reg = <0>;
++		spi-max-frequency = <100000000>;
++		spi-tx-bus-width = <4>;
++		spi-rx-bus-width = <4>;
++	};
++};
+--- /dev/null
++++ b/plat/microchip/lan969x/novarq_tactical_1000_v3/platform.mk
+@@ -0,0 +1,12 @@
++#
++# Copyright (c) 2021, Microchip Technology Inc. and its subsidiaries.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++
++include plat/microchip/lan969x/common/common.mk
++
++# This is used in lan969x code
++$(eval $(call add_define,LAN969X_ASIC))
++# This is used in common drivers
++$(eval $(call add_define,LAN966X_ASIC))
+--- a/scripts/fwu/fwu.js
++++ b/scripts/fwu/fwu.js
+@@ -91,7 +91,7 @@ const platforms = [
+ 	"ddr_diag":	ddr_diag_regs_lan969x,
+ 	"ddr_regs":	ddr_regs_lan969x,
+ 	"ddr_speed":	lan969x_speeds,
+-	"bl2u_compat":	["lan969x_a0", "lan969x_svb"],
++	"bl2u_compat":	["lan969x_a0", "lan969x_svb", "novarq_tactical_1000_v3"],
+     },
+ ];
+ 

package/boot/arm-trusted-firmware-microchipsw/patches/0002-cert_create-add-LibreSSL-3.9-compatibility.patch

@@ -0,0 +1,95 @@
+From 40166fd8d88f33c621d3cca0b936f31816f3fe2e Mon Sep 17 00:00:00 2001
+From: Robert Marko <robert.marko@sartura.hr>
+Date: Mon, 12 Jan 2026 14:40:23 +0100
+Subject: [PATCH] cert_create: add LibreSSL 3.9+ compatibility
+
+LibreSSL 3.9+ has dropped the whole support for X509V3 extensions.
+
+Generated by Gemini 3 Pro.
+
+Signed-off-by: Robert Marko <robert.marko@sartura.hr>
+---
+ tools/cert_create/src/ext.c | 26 ++++++++++++++++++++++----
+ 1 file changed, 22 insertions(+), 4 deletions(-)
+
+--- a/tools/cert_create/src/ext.c
++++ b/tools/cert_create/src/ext.c
+@@ -51,15 +51,18 @@ int ext_init(void)
+ {
+ 	cmd_opt_t cmd_opt;
+ 	ext_t *ext;
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x40200000L
+ 	X509V3_EXT_METHOD *m;
+-	int nid, ret;
++	int ret, nid;
++#endif
+ 	unsigned int i;
+ 
+ 	extensions = malloc((num_def_extensions * sizeof(def_extensions[0]))
+ #ifdef PDEF_EXTS
+ 			    + (num_pdef_extensions * sizeof(pdef_extensions[0]))
+ #endif
+-			    );
++		);
++
+ 	if (extensions == NULL) {
+ 		ERROR("%s:%d Failed to allocate memory.\n", __func__, __LINE__);
+ 		return 1;
+@@ -69,7 +72,7 @@ int ext_init(void)
+ 	       (num_def_extensions * sizeof(def_extensions[0])));
+ #ifdef PDEF_EXTS
+ 	memcpy(&extensions[num_def_extensions], &pdef_extensions[0],
+-		(num_pdef_extensions * sizeof(pdef_extensions[0])));
++	       (num_pdef_extensions * sizeof(pdef_extensions[0])));
+ 	num_extensions = num_def_extensions + num_pdef_extensions;
+ #else
+ 	num_extensions = num_def_extensions;
+@@ -86,11 +89,15 @@ int ext_init(void)
+ 			cmd_opt.help_msg = ext->help_msg;
+ 			cmd_opt_add(&cmd_opt);
+ 		}
++
+ 		/* Register the extension OID in OpenSSL */
+ 		if (ext->oid == NULL) {
+ 			continue;
+ 		}
++
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x40200000L
+ 		nid = OBJ_create(ext->oid, ext->sn, ext->ln);
++
+ 		if (ext->alias) {
+ 			X509V3_EXT_add_alias(nid, ext->alias);
+ 		} else {
+@@ -117,7 +124,16 @@ int ext_init(void)
+ 				return 1;
+ 			}
+ 		}
++#else
++		/*
++		 * LibreSSL 4.2.0+ removed X509V3_EXT_add/alias.
++		 * We still register the OID, but ignore the returned NID
++		 * as we skip method registration.
++		 */
++		OBJ_create(ext->oid, ext->sn, ext->ln);
++#endif
+ 	}
++
+ 	return 0;
+ }
+ 
+@@ -323,12 +339,14 @@ void ext_cleanup(void)
+ 	for (i = 0; i < num_extensions; i++) {
+ 		if (extensions[i].arg != NULL) {
+ 			void *ptr = (void *)extensions[i].arg;
+-
+ 			extensions[i].arg = NULL;
+ 			free(ptr);
+ 		}
+ 	}
+ 	free(extensions);
++
++#if !defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x40200000L
+ 	X509V3_EXT_cleanup();
++#endif
+ }
+ 

package/boot/arm-trusted-firmware-microchipsw/patches/0003-cert_create-pass-pthread-in-LDFLAGS.patch

@@ -0,0 +1,36 @@
+From 11ff8b5e67830d5a09f39e8c1f000b0ddcf8e88f Mon Sep 17 00:00:00 2001
+From: Robert Marko <robert.marko@sartura.hr>
+Date: Mon, 12 Jan 2026 15:16:07 +0100
+Subject: [PATCH] cert_create: pass pthread in LDFLAGS
+
+OpenWrt-s LibreSSL is linked against pthread, so we have to make sure to
+pass -lpthread in LDFLAGS to avoid:
+/usr/bin/ld: /openwrt/staging_dir/host/lib/libcrypto.a(libcrypto_la-crypto_init.o): in function `OPENSSL_init_crypto':
+crypto_init.c:(.text+0x67): undefined reference to `pthread_once'
+/usr/bin/ld: /openwrt/staging_dir/host/lib/libcrypto.a(libcrypto_la-err.o): in function `ERR_load_ERR_strings':
+err.c:(.text+0x812): undefined reference to `pthread_once'
+/usr/bin/ld: /openwrt/staging_dir/host/lib/libcrypto.a(libcrypto_la-conf_sap.o): in function `OpenSSL_config':
+conf_sap.c:(.text+0xc0): undefined reference to `pthread_once'
+/usr/bin/ld: /openwrt/staging_dir/host/lib/libcrypto.a(libcrypto_la-conf_sap.o): in function `OpenSSL_no_config':
+conf_sap.c:(.text+0x107): undefined reference to `pthread_once'
+/usr/bin/ld: /openwrt/staging_dir/host/lib/libcrypto.a(libcrypto_la-err_all.o): in function `ERR_load_crypto_strings':
+err_all.c:(.text+0xa3): undefined reference to `pthread_once'
+collect2: error: ld returned 1 exit status
+make[4]: *** [Makefile:93: cert_create] Error 1
+
+Signed-off-by: Robert Marko <robert.marko@sartura.hr>
+---
+ tools/cert_create/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/cert_create/Makefile
++++ b/tools/cert_create/Makefile
+@@ -79,7 +79,7 @@ INC_DIR += -I ./include -I ${PLAT_INCLUD
+ # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+ # ${OPENSSL_DIR}/lib/).
+ LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
+-LIB := -lssl -lcrypto
++LIB := -lssl -lcrypto -pthread
+ 
+ HOSTCC ?= gcc
+ 

package/boot/arm-trusted-firmware-microchipsw/patches/0004-microchip-lan969x-do-not-rely-on-Ruby-shebang.patch

@@ -0,0 +1,29 @@
+From f78f934710394822a36bd74043ed93a812c1c690 Mon Sep 17 00:00:00 2001
+From: Robert Marko <robert.marko@sartura.hr>
+Date: Mon, 12 Jan 2026 15:36:35 +0100
+Subject: [PATCH] microchip: lan969x: do not rely on Ruby shebang
+
+Host Ruby build in the staging dir must be used, so we cannot rely on the
+shebang as that will fail.
+
+So, call the script via Ruby executable instead.
+
+Signed-off-by: Robert Marko <robert.marko@sartura.hr>
+---
+ plat/microchip/lan969x/common/common.mk | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/plat/microchip/lan969x/common/common.mk
++++ b/plat/microchip/lan969x/common/common.mk
+@@ -218,9 +218,9 @@ FWU_HTML := ${BUILD_PLAT}/fwu.html
+ FWU_JS   := ${BUILD_PLAT}/fwu_app.js
+ 
+ ${FWU_JS}: ${BUILD_PLAT}/${FWU_FIP_NAME}
+-	./plat/microchip/scripts/mkjs.rb -p ${PLAT} -o ${FWU_JS} $<
++	$(Q)ruby ./plat/microchip/scripts/mkjs.rb -p ${PLAT} -o ${FWU_JS} $<
+ 
+ ${FWU_HTML}: ${FWU_JS}
+-	./plat/microchip/scripts/html_inline.rb -i ${BUILD_PLAT} ./scripts/fwu/serial.html > ${FWU_HTML}
++	$(Q)ruby ./plat/microchip/scripts/html_inline.rb -i ${BUILD_PLAT} ./scripts/fwu/serial.html > ${FWU_HTML}
+ 
+ all: ${FWU_HTML}

package/boot/uboot-mediatek/Makefile

@@ -309,9 +309,20 @@ define U-Boot/mt7981_cudy_tr3000-v1
   BUILD_DEVICES:=cudy_tr3000-v1-ubootmod
   UBOOT_CONFIG:=mt7981_cudy_tr3000-v1
   UBOOT_IMAGE:=u-boot.fip
-  BL2_BOOTDEV:=cudy-tr3000-v1
+  BL2_BOOTDEV:=cudy-ddr3
   BL2_SOC:=mt7981
-  DEPENDS:=+trusted-firmware-a-mt7981-cudy-tr3000-v1
+  DEPENDS:=+trusted-firmware-a-mt7981-cudy-ddr3
+endef
+
+define U-Boot/mt7981_cudy_wbr3000uax-v1
+  NAME:=Cudy WBR3000UAX v1
+  BUILD_SUBTARGET:=filogic
+  BUILD_DEVICES:=cudy_wbr3000uax-v1-ubootmod
+  UBOOT_CONFIG:=mt7981_cudy_wbr3000uax-v1
+  UBOOT_IMAGE:=u-boot.fip
+  BL2_BOOTDEV:=cudy-ddr3
+  BL2_SOC:=mt7981
+  DEPENDS:=+trusted-firmware-a-mt7981-cudy-ddr3
 endef
 
 define U-Boot/mt7981_glinet_gl-mt2500
@@ -870,6 +881,17 @@ define U-Boot/mt7987_bananapi_bpi-r4-lite-nor
   FIP_COMPRESS:=1
 endef
 
+define U-Boot/mt7987_routerich_be7200
+  NAME:=Routerich BE7200
+  BUILD_SUBTARGET:=filogic
+  BUILD_DEVICES:=routerich_be7200
+  UBOOT_CONFIG:=mt7987a_routerich_be7200
+  UBOOT_IMAGE:=u-boot.fip
+  BL2_BOOTDEV:=spim-nand0
+  BL2_SOC:=mt7987
+  DEPENDS:=+trusted-firmware-a-mt7987-spim-nand0
+endef
+
 define U-Boot/mt7988_arcadyan_mozart
   NAME:=Arcadyan Mozart
   BUILD_SUBTARGET:=filogic
@@ -1091,6 +1113,7 @@ UBOOT_TARGETS := \
 	mt7981_cmcc_rax3000m-nand-ddr4 \
 	mt7981_comfast_cf-wr632ax \
 	mt7981_cudy_tr3000-v1 \
+	mt7981_cudy_wbr3000uax-v1 \
 	mt7981_gatonetworks_gdsp \
 	mt7981_glinet_gl-mt2500 \
 	mt7981_glinet_gl-x3000 \
@@ -1140,6 +1163,7 @@ UBOOT_TARGETS := \
 	mt7987_rfb-emmc \
 	mt7987_rfb-sd \
 	mt7987_rfb-spim-nand \
+	mt7987_routerich_be7200 \
 	mt7988_arcadyan_mozart \
 	mt7988_asus_zenwifi-bt8 \
 	mt7988_bananapi_bpi-r4-emmc \

package/boot/uboot-mediatek/patches/448-add-comfast_cf-wr632ax.patch

@@ -283,7 +283,7 @@
 +bootmenu_confirm_return=askenv - Press ENTER to return to menu ; bootmenu 60
 +bootmenu_default=0
 +bootmenu_delay=0
-+bootmenu_title=      [0;34m( ( ( [1;39mOpenWrt[0;34m ) ) )
++bootmenu_title=      ( ( ( OpenWrt ) ) )
 +bootmenu_0=Initialize environment.=run _firstboot
 +bootmenu_0d=Run default boot command.=run boot_default
 +bootmenu_1=Boot system via TFTP.=run boot_tftp ; run bootmenu_confirm_return
@@ -291,8 +291,8 @@
 +bootmenu_3=Boot recovery system from NAND.=run boot_recovery ; run bootmenu_confirm_return
 +bootmenu_4=Load production system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_production ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
 +bootmenu_5=Load recovery system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_recovery ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
-+bootmenu_6=[31mLoad BL31+U-Boot FIP via TFTP then write to NAND.[0m=run boot_tftp_write_fip ; run bootmenu_confirm_return
-+bootmenu_7=[31mLoad BL2 preloader via TFTP then write to NAND.[0m=run boot_tftp_write_bl2 ; run bootmenu_confirm_return
++bootmenu_6=Load BL31+U-Boot FIP via TFTP then write to NAND.=run boot_tftp_write_fip ; run bootmenu_confirm_return
++bootmenu_7=Load BL2 preloader via TFTP then write to NAND.=run boot_tftp_write_bl2 ; run bootmenu_confirm_return
 +bootmenu_8=Reboot.=reset
 +bootmenu_9=Reset all settings to factory defaults.=run reset_factory ; reset
 +boot_first=if button reset ; then led $bootled_rec on ; run boot_tftp_recovery ; setenv flag_recover 1 ; run boot_default ; fi ; bootmenu
@@ -320,4 +320,4 @@
 +_init_env=setenv _init_env ; run ubi_create_env ; saveenv ; saveenv
 +_firstboot=setenv _firstboot ; run _switch_to_menu ; run _init_env ; run boot_first
 +_switch_to_menu=setenv _switch_to_menu ; setenv bootdelay 3 ; setenv bootmenu_delay 3 ; setenv bootmenu_0 $bootmenu_0d ; setenv bootmenu_0d ; run _bootmenu_update_title
-+_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title       [33m$ver[0m"
++_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title       $ver"

package/boot/uboot-mediatek/patches/449-add-cudy_wbr3000uax-v1.patch

@@ -0,0 +1,355 @@
+--- /dev/null
++++ b/configs/mt7981_cudy_wbr3000uax-v1_defconfig
+@@ -0,0 +1,108 @@
++CONFIG_ARM=y
++CONFIG_SYS_HAS_NONCACHED_MEMORY=y
++CONFIG_POSITION_INDEPENDENT=y
++CONFIG_ARCH_MEDIATEK=y
++CONFIG_TEXT_BASE=0x41e00000
++CONFIG_SYS_MALLOC_F_LEN=0x4000
++CONFIG_NR_DRAM_BANKS=1
++CONFIG_DEFAULT_DEVICE_TREE="mt7981-cudy-wbr3000uax-v1"
++CONFIG_OF_LIBFDT_OVERLAY=y
++CONFIG_TARGET_MT7981=y
++CONFIG_SYS_LOAD_ADDR=0x46000000
++CONFIG_PRE_CON_BUF_ADDR=0x4007EF00
++CONFIG_DEBUG_UART_BASE=0x11002000
++CONFIG_DEBUG_UART_CLOCK=40000000
++CONFIG_DEBUG_UART=y
++CONFIG_FIT=y
++CONFIG_BOOTDELAY=30
++CONFIG_AUTOBOOT_KEYED=y
++CONFIG_AUTOBOOT_MENU_SHOW=y
++CONFIG_DEFAULT_FDT_FILE="mediatek/mt7981-cudy-wbr3000uax-v1.dtb"
++CONFIG_LOGLEVEL=7
++CONFIG_PRE_CONSOLE_BUFFER=y
++CONFIG_LOG=y
++# CONFIG_BOARD_INIT is not set
++CONFIG_BOARD_LATE_INIT=y
++CONFIG_HUSH_PARSER=y
++CONFIG_SYS_PROMPT="MT7981> "
++CONFIG_CMD_CPU=y
++CONFIG_CMD_LICENSE=y
++CONFIG_CMD_BOOTMENU=y
++CONFIG_CMD_ASKENV=y
++CONFIG_CMD_ERASEENV=y
++CONFIG_CMD_ENV_FLAGS=y
++CONFIG_CMD_STRINGS=y
++CONFIG_CMD_DM=y
++CONFIG_CMD_GPIO=y
++CONFIG_CMD_GPT=y
++CONFIG_CMD_MTD=y
++CONFIG_CMD_PART=y
++CONFIG_CMD_TFTPSRV=y
++CONFIG_CMD_RARP=y
++CONFIG_CMD_CDP=y
++CONFIG_CMD_SNTP=y
++CONFIG_CMD_LINK_LOCAL=y
++CONFIG_CMD_DHCP=y
++CONFIG_CMD_DNS=y
++CONFIG_CMD_PING=y
++CONFIG_CMD_PXE=y
++CONFIG_CMD_CACHE=y
++CONFIG_CMD_PSTORE=y
++CONFIG_CMD_PSTORE_MEM_ADDR=0x42ff0000
++CONFIG_CMD_UUID=y
++CONFIG_CMD_HASH=y
++CONFIG_CMD_SMC=y
++CONFIG_CMD_UBI=y
++CONFIG_CMD_UBI_RENAME=y
++CONFIG_OF_EMBED=y
++CONFIG_ENV_OVERWRITE=y
++CONFIG_ENV_IS_IN_UBI=y
++CONFIG_ENV_REDUNDANT=y
++CONFIG_ENV_UBI_PART="ubi"
++CONFIG_ENV_UBI_VOLUME="ubootenv"
++CONFIG_ENV_UBI_VOLUME_REDUND="ubootenv2"
++CONFIG_ENV_RELOC_GD_ENV_ADDR=y
++CONFIG_ENV_USE_DEFAULT_ENV_TEXT_FILE=y
++CONFIG_ENV_DEFAULT_ENV_TEXT_FILE="defenvs/cudy_wbr3000uax-v1_env"
++CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y
++CONFIG_VERSION_VARIABLE=y
++CONFIG_NETCONSOLE=y
++CONFIG_USE_IPADDR=y
++CONFIG_IPADDR="192.168.1.1"
++CONFIG_USE_SERVERIP=y
++CONFIG_SERVERIP="192.168.1.254"
++CONFIG_NET_RANDOM_ETHADDR=y
++CONFIG_REGMAP=y
++CONFIG_SYSCON=y
++CONFIG_BUTTON=y
++CONFIG_BUTTON_GPIO=y
++CONFIG_CLK=y
++CONFIG_GPIO_HOG=y
++CONFIG_LED=y
++CONFIG_LED_BLINK=y
++CONFIG_LED_GPIO=y
++# CONFIG_MMC is not set
++CONFIG_MTD=y
++CONFIG_DM_MTD=y
++CONFIG_MTD_SPI_NAND=y
++CONFIG_MTD_UBI_FASTMAP=y
++CONFIG_PHY_FIXED=y
++CONFIG_MEDIATEK_ETH=y
++CONFIG_PHY=y
++CONFIG_PINCTRL=y
++CONFIG_PINCONF=y
++CONFIG_PINCTRL_MT7981=y
++CONFIG_POWER_DOMAIN=y
++CONFIG_MTK_POWER_DOMAIN=y
++CONFIG_DM_REGULATOR=y
++CONFIG_DM_REGULATOR_FIXED=y
++CONFIG_DM_REGULATOR_GPIO=y
++CONFIG_RAM=y
++CONFIG_DM_SERIAL=y
++CONFIG_SERIAL_RX_BUFFER=y
++CONFIG_MTK_SERIAL=y
++CONFIG_SPI=y
++CONFIG_DM_SPI=y
++CONFIG_MTK_SPIM=y
++CONFIG_ZSTD=y
++CONFIG_HEXDUMP=y
+--- /dev/null
++++ b/arch/arm/dts/mt7981-cudy-wbr3000uax-v1.dts
+@@ -0,0 +1,184 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++
++/dts-v1/;
++#include "mt7981.dtsi"
++#include <dt-bindings/gpio/gpio.h>
++#include <dt-bindings/input/linux-event-codes.h>
++
++/ {
++	#address-cells = <1>;
++	#size-cells = <1>;
++	model = "Cudy WBR3000UAX v1";
++	compatible = "mediatek,mt7981", "mediatek,mt7981-rfb";
++
++	chosen {
++		stdout-path = &uart0;
++		tick-timer = &timer0;
++	};
++
++	memory@40000000 {
++		device_type = "memory";
++		reg = <0x40000000 0x20000000>;
++	};
++
++	gpio-keys {
++		compatible = "gpio-keys";
++
++		button-reset {
++			label = "reset";
++			linux,code = <KEY_RESTART>;
++			gpios = <&pio 1 GPIO_ACTIVE_LOW>;
++		};
++
++		button-wps {
++			label = "wps";
++			linux,code = <KEY_WPS_BUTTON>;
++			gpios = <&pio 0 GPIO_ACTIVE_LOW>;
++		};
++	};
++
++	gpio-leds {
++		compatible = "gpio-leds";
++
++		led_status: led_power {
++			label = "blue:power";
++			gpios = <&pio 8 GPIO_ACTIVE_LOW>;
++		};
++
++		led_wan_blue {
++			label = "blue:wan";
++			gpios = <&pio 10 GPIO_ACTIVE_LOW>;
++		};
++		
++		led_wan_red {
++			label = "red:wan";
++			gpios = <&pio 4 GPIO_ACTIVE_LOW>;
++		};
++
++		led_lan {
++			label = "blue:lan";
++			gpios = <&pio 11 GPIO_ACTIVE_LOW>;
++		};
++
++		led_wps_blue {
++			label = "blue:wps";
++			gpios = <&pio 9 GPIO_ACTIVE_LOW>;
++		};
++
++		led_wps_red {
++			label = "red:wps";
++			gpios = <&pio 5 GPIO_ACTIVE_LOW>;
++		};
++
++		led_wifi2g {
++			label = "blue:wifi2g";
++			gpios = <&pio 6 GPIO_ACTIVE_LOW>;
++		};
++
++		led_wifi5g {
++			label = "blue:wifi5g";
++			gpios = <&pio 7 GPIO_ACTIVE_LOW>;
++		};
++	};
++};
++
++&eth {
++	status = "okay";
++	mediatek,gmac-id = <0>;
++	phy-mode = "2500base-x";
++	mediatek,switch = "mt7531";
++	reset-gpios = <&pio 39 GPIO_ACTIVE_HIGH>;
++
++	fixed-link {
++		speed = <2500>;
++		full-duplex;
++	};
++};
++
++&pio {
++	spi_flash_pins: spi0-pins-func-1 {
++		mux {
++			function = "flash";
++			groups = "spi0", "spi0_wp_hold";
++		};
++
++		conf-pu {
++			pins = "SPI0_CS", "SPI0_HOLD", "SPI0_WP";
++			drive-strength = <MTK_DRIVE_8mA>;
++			bias-pull-up = <MTK_PUPD_SET_R1R0_11>;
++		};
++
++		conf-pd {
++			pins = "SPI0_CLK", "SPI0_MOSI", "SPI0_MISO";
++			drive-strength = <MTK_DRIVE_8mA>;
++			bias-pull-down = <MTK_PUPD_SET_R1R0_11>;
++		};
++	};
++};
++
++&spi0 {
++	#address-cells = <1>;
++	#size-cells = <0>;
++	pinctrl-names = "default";
++	pinctrl-0 = <&spi_flash_pins>;
++	status = "okay";
++	must_tx;
++	enhance_timing;
++	dma_ext;
++	ipm_design;
++	support_quad;
++	tick_dly = <2>;
++	sample_sel = <0>;
++
++	spi_nand@0 {
++		compatible = "spi-nand";
++		reg = <0>;
++		spi-max-frequency = <52000000>;
++
++		partitions {
++			compatible = "fixed-partitions";
++			#address-cells = <1>;
++			#size-cells = <1>;
++
++			partition@0 {
++				label = "bl2";
++				reg = <0x0 0x100000>;
++			};
++
++			partition@100000 {
++				label = "u-boot-env";
++				reg = <0x100000 0x80000>;
++			};
++
++			partition@180000 {
++				label = "factory";
++				reg = <0x180000 0x200000>;
++			};
++
++			partition@380000 {
++				label = "bdinfo";
++				reg = <0x380000 0x40000>;
++			};
++
++			partition@3c0000 {
++				label = "fip";
++				reg = <0x3c0000 0x200000>;
++			};
++
++			partition@5c0000 {
++				label = "ubi";
++				reg = <0x5c0000 0x7a40000>;
++				compatible = "linux,ubi";
++			};
++		};
++	};
++};
++
++&uart0 {
++	mediatek,force-highspeed;
++	status = "okay";
++};
++
++&watchdog {
++	status = "disabled";
++};
+--- /dev/null
++++ b/defenvs/cudy_wbr3000uax-v1_env
+@@ -0,0 +1,54 @@
++ipaddr=192.168.1.1
++serverip=192.168.1.254
++loadaddr=0x46000000
++console=earlycon=uart8250,mmio32,0x11002000 console=ttyS0
++bootcmd=if pstore check ; then run boot_recovery ; else run boot_ubi ; fi
++bootconf=config-1
++bootdelay=0
++bootfile=openwrt-mediatek-filogic-cudy_wbr3000uax-v1-ubootmod-initramfs-recovery.itb
++bootfile_bl2=openwrt-mediatek-filogic-cudy_wbr3000uax-v1-ubootmod-preloader.bin
++bootfile_fip=openwrt-mediatek-filogic-cudy_wbr3000uax-v1-ubootmod-bl31-uboot.fip
++bootfile_upg=openwrt-mediatek-filogic-cudy_wbr3000uax-v1-ubootmod-squashfs-sysupgrade.itb
++bootled_pwr=blue:power
++bootled_rec=red:wan
++bootmenu_confirm_return=askenv - Press ENTER to return to menu ; bootmenu 60
++bootmenu_default=0
++bootmenu_delay=0
++bootmenu_title=      ( ( ( OpenWrt ) ) )
++bootmenu_0=Initialize environment.=run _firstboot
++bootmenu_0d=Run default boot command.=run boot_default
++bootmenu_1=Boot system via TFTP.=run boot_tftp ; run bootmenu_confirm_return
++bootmenu_2=Boot production system from NAND.=run boot_production ; run bootmenu_confirm_return
++bootmenu_3=Boot recovery system from NAND.=run boot_recovery ; run bootmenu_confirm_return
++bootmenu_4=Load production system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_production ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
++bootmenu_5=Load recovery system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_recovery ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
++bootmenu_6=Load BL31+U-Boot FIP via TFTP then write to NAND.=run boot_tftp_write_fip ; run bootmenu_confirm_return
++bootmenu_7=Load BL2 preloader via TFTP then write to NAND.=run boot_tftp_write_bl2 ; run bootmenu_confirm_return
++bootmenu_8=Reboot.=reset
++bootmenu_9=Reset all settings to factory defaults.=run reset_factory ; reset
++boot_first=if button reset ; then led $bootled_rec on ; run boot_tftp_recovery ; setenv flag_recover 1 ; run boot_default ; fi ; bootmenu
++boot_default=if env exists flag_recover ; then else run bootcmd ; fi ; run boot_recovery ; setenv replacevol 1 ; run boot_tftp_forever
++boot_production=led $bootled_pwr on ; run ubi_read_production && bootm $loadaddr#$bootconf ; led $bootled_pwr off
++boot_recovery=led $bootled_rec on ; run ubi_read_recovery && bootm $loadaddr#$bootconf ; led $bootled_rec off
++boot_ubi=run boot_production ; run boot_recovery ; run boot_tftp_forever
++boot_tftp_forever=led $bootled_rec on ; while true ; do run boot_tftp_recovery ; sleep 1 ; done
++boot_tftp_production=tftpboot $loadaddr $bootfile_upg && env exists replacevol && iminfo $loadaddr && run ubi_write_production ; if env exists noboot ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp_recovery=tftpboot $loadaddr $bootfile && env exists replacevol && iminfo $loadaddr && run ubi_write_recovery ; if env exists noboot ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp=tftpboot $loadaddr $bootfile && bootm $loadaddr#$bootconf
++boot_tftp_write_fip=tftpboot $loadaddr $bootfile_fip && run mtd_write_fip && run reset_factory
++boot_tftp_write_bl2=tftpboot $loadaddr $bootfile_bl2 && run mtd_write_bl2
++reset_factory=ubi part ubi ; mw $loadaddr 0x0 0x800 ; ubi write $loadaddr ubootenv 0x800 ; ubi write $loadaddr ubootenv2 0x800
++mtd_write_fip=mtd erase fip && mtd write fip $loadaddr
++mtd_write_bl2=mtd erase bl2 && mtd write bl2 $loadaddr
++ubi_create_env=ubi check ubootenv || ubi create ubootenv 0x100000 dynamic || run ubi_format ; ubi check ubootenv2 || ubi create ubootenv2 0x100000 dynamic || run ubi_format
++ubi_format=ubi detach ; mtd erase ubi && ubi part ubi ; reset
++ubi_prepare_rootfs=if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
++ubi_read_production=ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs
++ubi_read_recovery=ubi check recovery && ubi read $loadaddr recovery
++ubi_remove_rootfs=ubi check rootfs_data && ubi remove rootfs_data
++ubi_write_production=ubi check fit && ubi remove fit ; run ubi_remove_rootfs ; ubi create fit $filesize dynamic && ubi write $loadaddr fit $filesize
++ubi_write_recovery=ubi check recovery && ubi remove recovery ; run ubi_remove_rootfs ; ubi create recovery $filesize dynamic && ubi write $loadaddr recovery $filesize
++_init_env=setenv _init_env ; run ubi_create_env ; saveenv ; saveenv
++_firstboot=setenv _firstboot ; run _switch_to_menu ; run _init_env ; run boot_first
++_switch_to_menu=setenv _switch_to_menu ; setenv bootdelay 3 ; setenv bootmenu_delay 3 ; setenv bootmenu_0 $bootmenu_0d ; setenv bootmenu_0d ; run _bootmenu_update_title
++_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title       $ver"

package/boot/uboot-mediatek/patches/467-add-routerich-be7200.patch

@@ -0,0 +1,373 @@
+--- /dev/null
++++ b/configs/mt7987a_routerich_be7200_defconfig
+@@ -0,0 +1,133 @@
++CONFIG_ARM=y
++CONFIG_SYS_HAS_NONCACHED_MEMORY=y
++CONFIG_POSITION_INDEPENDENT=y
++CONFIG_ARCH_MEDIATEK=y
++CONFIG_TEXT_BASE=0x41e00000
++CONFIG_SYS_MALLOC_F_LEN=0x4000
++CONFIG_NR_DRAM_BANKS=1
++CONFIG_DEFAULT_DEVICE_TREE="mt7987a-routerich_be7200"
++CONFIG_OF_LIBFDT_OVERLAY=y
++CONFIG_TARGET_MT7987=y
++CONFIG_CPU_ARMV8=y
++CONFIG_SYS_BOOTM_LEN=0x6000000
++CONFIG_SYS_LOAD_ADDR=0x48000000
++CONFIG_PRE_CON_BUF_ADDR=0x4007ef00
++CONFIG_DEBUG_UART_BASE=0x11000000
++CONFIG_DEBUG_UART_CLOCK=40000000
++CONFIG_DEBUG_UART=y
++CONFIG_FIT=y
++CONFIG_AUTOBOOT_MENU_SHOW=y
++CONFIG_DEFAULT_FDT_FILE="mt7987a-routerich_be7200"
++CONFIG_SYS_CBSIZE=512
++CONFIG_SYS_PBSIZE=1049
++CONFIG_LOGLEVEL=7
++CONFIG_PRE_CONSOLE_BUFFER=y
++CONFIG_LOG=y
++# CONFIG_BOARD_INIT is not set
++CONFIG_BOARD_LATE_INIT=y
++CONFIG_HUSH_PARSER=y
++CONFIG_SYS_PROMPT="MT7987> "
++# CONFIG_BOOTM_NETBSD is not set
++# CONFIG_BOOTM_PLAN9 is not set
++# CONFIG_BOOTM_RTEMS is not set
++# CONFIG_BOOTM_VXWORKS is not set
++# CONFIG_CMD_BOOTEFI_BOOTMGR is not set
++CONFIG_CMD_LICENSE=y
++CONFIG_CMD_BOOTMENU=y
++CONFIG_CMD_ASKENV=y
++CONFIG_CMD_ERASEENV=y
++CONFIG_CMD_ENV_FLAGS=y
++CONFIG_CMD_STRINGS=y
++CONFIG_CMD_CPU=y
++CONFIG_CMD_DM=y
++CONFIG_CMD_GPIO=y
++CONFIG_CMD_PWM=y
++CONFIG_CMD_GPT=y
++CONFIG_CMD_I2C=y
++CONFIG_CMD_MMC=y
++CONFIG_CMD_MTD=y
++CONFIG_CMD_PART=y
++CONFIG_CMD_PCI=y
++CONFIG_CMD_USB=y
++CONFIG_CMD_TFTPSRV=y
++CONFIG_CMD_RARP=y
++CONFIG_CMD_CDP=y
++CONFIG_CMD_SNTP=y
++CONFIG_CMD_LINK_LOCAL=y
++CONFIG_CMD_DHCP=y
++CONFIG_CMD_DNS=y
++CONFIG_CMD_PING=y
++CONFIG_CMD_PXE=y
++CONFIG_CMD_CACHE=y
++CONFIG_CMD_PSTORE=y
++CONFIG_CMD_PSTORE_MEM_ADDR=0x42ff0000
++CONFIG_CMD_UUID=y
++CONFIG_CMD_HASH=y
++CONFIG_CMD_SMC=y
++CONFIG_CMD_EXT4=y
++CONFIG_CMD_FAT=y
++CONFIG_CMD_FS_GENERIC=y
++CONFIG_CMD_FS_UUID=y
++CONFIG_CMD_SF_TEST=y
++CONFIG_CMD_UBI=y
++CONFIG_CMD_UBI_RENAME=y
++# CONFIG_CMD_XIMG is not set
++CONFIG_ENV_OVERWRITE=y
++CONFIG_ENV_IS_IN_UBI=y
++CONFIG_ENV_REDUNDANT=y
++CONFIG_ENV_UBI_PART="ubi"
++CONFIG_ENV_UBI_VOLUME="ubootenv"
++CONFIG_ENV_UBI_VOLUME_REDUND="ubootenv2"
++CONFIG_ENV_USE_DEFAULT_ENV_TEXT_FILE=y
++CONFIG_ENV_DEFAULT_ENV_TEXT_FILE="defenvs/routerich_be7200_env"
++CONFIG_ENV_VARS_UBOOT_RUNTIME_CONFIG=y
++CONFIG_VERSION_VARIABLE=y
++CONFIG_NETCONSOLE=y
++CONFIG_USE_IPADDR=y
++CONFIG_IPADDR="192.168.1.1"
++CONFIG_USE_NETMASK=y
++CONFIG_NETMASK="255.255.255.0"
++CONFIG_USE_SERVERIP=y
++CONFIG_SERVERIP="192.168.1.254"
++CONFIG_NET_RANDOM_ETHADDR=y
++CONFIG_BUTTON=y
++CONFIG_BUTTON_GPIO=y
++CONFIG_CLK=y
++CONFIG_DM_I2C=y
++CONFIG_SYS_I2C_MTK=y
++CONFIG_LED=y
++CONFIG_LED_BLINK=y
++CONFIG_LED_GPIO=y
++# CONFIG_MMC is not set
++CONFIG_MTD=y
++CONFIG_DM_MTD=y
++CONFIG_MTD_SPI_NAND=y
++CONFIG_MTD_UBI_FASTMAP=y
++CONFIG_PHY_ETHERNET_ID=y
++CONFIG_PHY_FIXED=y
++CONFIG_MEDIATEK_ETH=y
++CONFIG_PHY=y
++CONFIG_PHY_MTK_TPHY=y
++CONFIG_PINCTRL=y
++CONFIG_PINCONF=y
++CONFIG_PINCTRL_MT7987=y
++CONFIG_POWER_DOMAIN=y
++CONFIG_MTK_POWER_DOMAIN=y
++CONFIG_DM_REGULATOR=y
++CONFIG_DM_REGULATOR_FIXED=y
++CONFIG_DM_REGULATOR_GPIO=y
++CONFIG_DM_PWM=y
++CONFIG_PWM_MTK=y
++CONFIG_SCSI=y
++CONFIG_DM_SERIAL=y
++CONFIG_SERIAL_RX_BUFFER=y
++CONFIG_MTK_SERIAL=y
++CONFIG_SPI=y
++CONFIG_DM_SPI=y
++CONFIG_MTK_SPIM=y
++CONFIG_USB=y
++CONFIG_USB_XHCI_HCD=y
++CONFIG_USB_XHCI_MTK=y
++CONFIG_USB_STORAGE=y
++CONFIG_ZSTD=y
++CONFIG_HEXDUMP=y
+--- /dev/null
++++ b/defenvs/routerich_be7200_env
+@@ -0,0 +1,57 @@
++ipaddr=192.168.1.1
++serverip=192.168.1.254
++loadaddr=0x48000000
++console=earlycon=uart8250,mmio32,0x11002000 console=ttyS0
++bootcmd=run check_buttons ; if pstore check ; then run boot_recovery ; else run boot_ubi ; fi
++bootconf=config-1
++bootdelay=0
++bootfile=openwrt-mediatek-filogic-routerich_be7200-initramfs-recovery.itb
++bootfile_bl2=openwrt-mediatek-filogic-routerich_be7200-preloader.bin
++bootfile_fip=openwrt-mediatek-filogic-routerich_be7200-bl31-uboot.fip
++bootfile_upg=openwrt-mediatek-filogic-routerich_be7200-squashfs-sysupgrade.itb
++bootled_status=blue:status
++bootmenu_confirm_return=askenv - Press ENTER to return to menu ; bootmenu 60
++bootmenu_default=0
++bootmenu_delay=0
++bootmenu_title=      ( ( ( OpenWrt ) ) )
++bootmenu_0=Initialize environment.=run _firstboot
++bootmenu_0d=Run default boot command.=run boot_default
++bootmenu_1=Boot system via TFTP.=run boot_tftp ; run bootmenu_confirm_return
++bootmenu_2=Boot production system from NAND.=run boot_production ; run bootmenu_confirm_return
++bootmenu_3=Boot recovery system from NAND.=run boot_recovery ; run bootmenu_confirm_return
++bootmenu_4=Load production system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_production ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
++bootmenu_5=Load recovery system via TFTP then write to NAND.=setenv noboot 1 ; setenv replacevol 1 ; run boot_tftp_recovery ; setenv noboot ; setenv replacevol ; run bootmenu_confirm_return
++bootmenu_6=Load BL31+U-Boot FIP via TFTP then write to NAND.=run boot_tftp_write_fip ; run bootmenu_confirm_return
++bootmenu_7=Load BL2 preloader via TFTP then write to NAND.=run boot_tftp_write_bl2 ; run bootmenu_confirm_return
++bootmenu_8=Reboot.=reset
++bootmenu_9=Reset all settings to factory defaults.=run reset_factory ; reset
++boot_first=if button reset ; then led $bootled_status on ; run boot_default ; fi ; bootmenu
++boot_default=if env exists flag_recover ; then else run bootcmd ; fi ; run boot_recovery ; setenv replacevol 1 ; run boot_tftp_forever
++boot_production=led $bootled_status on ; run ubi_read_production && bootm $loadaddr#$bootconf ; led bootled_status off
++boot_recovery=led $bootled_status on ; run ubi_read_recovery && bootm $loadaddr#$bootconf ; led bootled_status off
++boot_ubi=run boot_production ; run boot_recovery ; run boot_tftp_forever
++boot_tftp_forever=led $bootled_status on ; while true ; do run boot_tftp ; sleep 1 ; done
++boot_tftp_production=tftpboot $loadaddr $bootfile_upg && env exists replacevol && iminfo $loadaddr && run ubi_write_production ; if env exists noboot ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp_recovery=tftpboot $loadaddr $bootfile && env exists replacevol && iminfo $loadaddr && run ubi_write_recovery ; if env exists noboot ; then else bootm $loadaddr#$bootconf ; fi
++boot_tftp=tftpboot $loadaddr $bootfile && bootm $loadaddr#$bootconf
++boot_tftp_write_fip=tftpboot $loadaddr $bootfile_fip && run mtd_write_fip && run reset_factory
++boot_tftp_write_bl2=tftpboot $loadaddr $bootfile_bl2 && run mtd_write_bl2
++check_buttons=if button reset ; then run boot_tftp ; fi
++ethaddr_factory=mtd read Factory 0x40080000 0x0 0x20000 && env readmem -b ethaddr 0x40080004 0x6 ; setenv ethaddr_factory
++part_default=production
++part_recovery=recovery
++reset_factory=ubi part ubi ; mw $loadaddr 0x0 0x800 ; ubi write $loadaddr ubootenv 0x800 ; ubi write $loadaddr ubootenv2 0x800
++mtd_write_fip=mtd erase FIP && mtd write FIP $loadaddr
++mtd_write_bl2=mtd erase BL2 && mtd write BL2 $loadaddr
++ubi_create_env=ubi check ubootenv || ubi create ubootenv 0x100000 dynamic || run ubi_format ; ubi check ubootenv2 || ubi create ubootenv2 0x100000 dynamic || run ubi_format
++ubi_format=ubi detach ; mtd erase ubi && ubi part ubi ; reset
++ubi_prepare_rootfs=if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
++ubi_read_production=ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs
++ubi_read_recovery=ubi check recovery && ubi read $loadaddr recovery
++ubi_remove_rootfs=ubi check rootfs_data && ubi remove rootfs_data
++ubi_write_production=ubi check fit && ubi remove fit ; run ubi_remove_rootfs ; ubi create fit $filesize dynamic && ubi write $loadaddr fit $filesize
++ubi_write_recovery=ubi check recovery && ubi remove recovery ; run ubi_remove_rootfs ; ubi create recovery $filesize dynamic && ubi write $loadaddr recovery $filesize
++_init_env=setenv _init_env ; run ubi_create_env ; saveenv ; saveenv
++_firstboot=setenv _firstboot ; run ethaddr_factory ; run _switch_to_menu ; run _init_env ; run boot_first
++_switch_to_menu=setenv _switch_to_menu ; setenv bootdelay 3 ; setenv bootmenu_delay 3 ; setenv bootmenu_0 $bootmenu_0d ; setenv bootmenu_0d ; run _bootmenu_update_title
++_bootmenu_update_title=setenv _bootmenu_update_title ; setenv bootmenu_title "$bootmenu_title       $ver"
+--- /dev/null
++++ b/arch/arm/dts/mt7987a-routerich_be7200.dts
+@@ -0,0 +1,77 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Copyright (c) 2025
++ * Author: Mikhail Zhilkin <csharper2005@gmail.com>
++ */
++
++/dts-v1/;
++#include "mt7987a.dtsi"
++#include <dt-bindings/input/input.h>
++
++/ {
++	model = "Routerich BE7200";
++	compatible = "routerich,be7200",
++		     "mediatek,mt7987";
++
++	gpio-keys {
++		compatible = "gpio-keys";
++
++		button-0 {
++			label = "mesh";
++			linux,code = <KEY_WPS_BUTTON>;
++			gpios = <&pio 0 GPIO_ACTIVE_LOW>;
++			debounce-interval = <10>;
++		};
++
++		button-1 {
++			label = "reset";
++			linux,code = <KEY_RESTART>;
++			gpios = <&pio 1 GPIO_ACTIVE_LOW>;
++			debounce-interval = <10>;
++		};
++	};
++
++	leds {
++		compatible = "gpio-leds";
++
++		led-0 {
++			label = "blue:status";
++			gpios = <&pio 4 GPIO_ACTIVE_LOW>;
++		};
++
++		led-1 {
++			label = "blue:wlan5g";
++			gpios = <&pio 5 GPIO_ACTIVE_LOW>;
++		};
++
++		led-2 {
++			label = "blue:mesh";
++			gpios = <&pio 7 GPIO_ACTIVE_LOW>;
++		};
++
++		led-3 {
++			label = "red:wan";
++			gpios = <&pio 8 GPIO_ACTIVE_LOW>;
++		};
++
++		led-4 {
++			label = "blue:wan";
++			gpios = <&pio 9 GPIO_ACTIVE_LOW>;
++		};
++
++		led-5 {
++			label = "blue:lan3";
++			gpios = <&pio 10 GPIO_ACTIVE_LOW>;
++		};
++
++		led-6 {
++			label = "blue:lan2";
++			gpios = <&pio 11 GPIO_ACTIVE_LOW>;
++		};
++
++		led-7 {
++			label = "blue:lan1";
++			gpios = <&pio 12 GPIO_ACTIVE_LOW>;
++		};
++	};
++};
+--- a/arch/arm/dts/Makefile
++++ b/arch/arm/dts/Makefile
+@@ -1138,6 +1138,7 @@ dtb-$(CONFIG_ARCH_MEDIATEK) += \
+ 	mt7986b-emmc-rfb.dtb \
+ 	mt7987a-emmc-rfb.dtb \
+ 	mt7987a-rfb.dtb \
++	mt7987a-routerich_be7200.dtb \
+ 	mt7987a-sd-rfb.dtb \
+ 	mt7988-rfb.dtb \
+ 	mt7988-sd-rfb.dtb \
+--- /dev/null
++++ b/arch/arm/dts/mt7987a-routerich_be7200-u-boot.dtsi
+@@ -0,0 +1,84 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Copyright (c) 2025
++ * Author: Mikhail Zhilkin <csharper2005@gmail.com>
++ */
++
++#include "mt7987a-u-boot.dtsi"
++#include "mt7987-netsys-u-boot.dtsi"
++
++/ {
++	model = "Routerich BE7200";
++	compatible = "routerich,be7200",
++		     "mediatek,mt7987";
++};
++
++&eth0 {
++	status = "okay";
++	pinctrl-names = "default";
++	pinctrl-0 = <&mdio0_pins>;
++	phy-mode = "2500base-x";
++	mediatek,switch = "auto";
++	reset-gpios = <&pio 42 GPIO_ACTIVE_HIGH>;
++
++	fixed-link {
++		speed = <2500>;
++		full-duplex;
++		pause;
++	};
++};
++
++&spi0 {
++	pinctrl-names = "default";
++	pinctrl-0 = <&spi0_flash_pins>;
++	#address-cells = <1>;
++	#size-cells = <0>;
++	status = "okay";
++	must_tx;
++	enhance_timing;
++	dma_ext;
++	ipm_design;
++	support_quad;
++	tick_dly = <2>;
++	sample_sel = <0>;
++
++	spi_nand@0 {
++		compatible = "spi-nand";
++		reg = <0>;
++		spi-max-frequency = <52000000>;
++		spi-rx-bus-width = <4>;
++		spi-tx-bus-width = <4>;
++
++		partitions {
++			compatible = "fixed-partitions";
++			#address-cells = <1>;
++			#size-cells = <1>;
++
++			partition@0 {
++				label = "BL2";
++				reg = <0x0 0x100000>;
++			};
++
++			partition@100000 {
++				label = "u-boot-env (unused)";
++				reg = <0x100000 0x80000>;
++			};
++
++			partition@180000 {
++				label = "Factory";
++				reg = <0x180000 0x400000>;
++			};
++
++			partition@580000 {
++				label = "FIP";
++				reg = <0x580000 0x200000>;
++			};
++
++			partition@780000 {
++				label = "ubi";
++				reg = <0x780000 0x1f880000>;
++				compatible = "linux,ubi";
++			};
++		};
++	};
++};

package/boot/uboot-microchipsw/Makefile

@@ -27,7 +27,16 @@ define U-Boot/ev23x71a
   UBOOT_CONFIG:=mchp_lan969x
 endef
 
-UBOOT_TARGETS:= ev23x71a
+define U-Boot/tactical-1000
+  NAME:=Novarq Tactical 1000
+  BUILD_DEVICES:=novarq_tactical-1000
+  BUILD_SUBTARGET:=lan969x
+  UBOOT_CONFIG:=mchp_lan969x
+endef
+
+UBOOT_TARGETS:= \
+	ev23x71a \
+	tactical-1000
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)

package/boot/uboot-sunxi/Makefile

@@ -137,14 +137,14 @@ endef
 define U-Boot/OLIMEX_A13_SOM
   BUILD_SUBTARGET:=cortexa8
   NAME:=Olimex A13 SOM
-  BUILD_DEVICES:=olimex_a13-olimex-som
+  BUILD_DEVICES:=olimex_a13-olinuxino
 endef
 
 define U-Boot/licheepi_nano
   BUILD_SUBTARGET:=arm926ejs
   NAME:=LicheePi Nano
   UENV:=f1c
-  BUILD_DEVICES:=licheepi-nano
+  BUILD_DEVICES:=licheepi_licheepi-nano
 endef
 
 define U-Boot/Linksprite_pcDuino
@@ -268,7 +268,7 @@ define U-Boot/popstick
   BUILD_SUBTARGET:=arm926ejs
   NAME:=PopStick
   UENV:=f1c
-  BUILD_DEVICES:=popstick-v1.1
+  BUILD_DEVICES:=sourceparts_popstick-v1.1
 endef
 
 define U-Boot/libretech_all_h3_cc_h5
@@ -319,13 +319,13 @@ endef
 define U-Boot/bananapi_m2_plus_h3
   BUILD_SUBTARGET:=cortexa7
   NAME:=Bananapi M2 Plus H3
-  BUILD_DEVICES:=sinovoip_bananapi-m2-plus
+  BUILD_DEVICES:=sinovoip_bpi-m2-plus
 endef
 
 define U-Boot/Sinovoip_BPI_M3
   BUILD_SUBTARGET:=cortexa7
   NAME:=Bananapi M3
-  BUILD_DEVICES:=sinovoip_bananapi-m3
+  BUILD_DEVICES:=sinovoip_bpi-m3
 endef
 
 define U-Boot/sopine_baseboard
@@ -385,19 +385,19 @@ endef
 define U-Boot/Bananapi_M2_Ultra
   BUILD_SUBTARGET:=cortexa7
   NAME:=Bananapi M2 Ultra
-  BUILD_DEVICES:=sinovoip_bananapi-m2-ultra
+  BUILD_DEVICES:=sinovoip_bpi-m2-ultra
 endef
 
 define U-Boot/bananapi_m2_berry
   BUILD_SUBTARGET:=cortexa7
   NAME:=Bananapi M2 Berry
-  BUILD_DEVICES:=sinovoip_bananapi-m2-berry
+  BUILD_DEVICES:=sinovoip_bpi-m2-berry
 endef
 
 define U-Boot/bananapi_p2_zero
   BUILD_SUBTARGET:=cortexa7
   NAME:=Bananapi P2 Zero
-  BUILD_DEVICES:=sinovoip_bananapi-p2-zero
+  BUILD_DEVICES:=sinovoip_bpi-p2-zero
 endef
 
 

package/boot/uboot-tools/uboot-envtools/files/mediatek_filogic

@@ -28,6 +28,7 @@ asus,zenwifi-bt8-ubootmod|\
 cmcc,a10-ubootmod|\
 comfast,cf-wr632ax-ubootmod|\
 cudy,tr3000-v1-ubootmod|\
+cudy,wbr3000uax-v1-ubootmod|\
 h3c,magic-nx30-pro|\
 imou,hx21|\
 jcg,q30-pro|\
@@ -41,6 +42,7 @@ nokia,ea0326gmp|\
 openwrt,one|\
 qihoo,360t7|\
 routerich,ax3000-ubootmod|\
+routerich,be7200|\
 snr,snr-cpe-ax2|\
 tplink,tl-xdr4288|\
 tplink,tl-xdr6086|\
@@ -134,6 +136,7 @@ teltonika,rutc50)
 	ubootenv_add_mtd "u-boot-env" "0x0" "0x10000" "0x10000"
 	;;
 tplink,archer-ax80-v1|\
+tplink,archer-ax80-v1-eu|\
 tplink,be450)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000" "8"
 	;;

package/boot/uboot-tools/uboot-envtools/files/mpc85xx

@@ -20,9 +20,13 @@ ocedo,panda)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
 	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000"
 	;;
-watchguard,firebox-t10)
+watchguard,firebox-t10|\
+watchguard,firebox-t15)
 	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000"
 	;;
+watchguard,xtm330)
+	ubootenv_add_uci_config "/dev/mtd4" "0x0" "0x10000" "0x10000"
+	;;
 aerohive,hiveap-330)
 	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x20000" "0x10000"
 	;;

package/boot/uboot-tools/uboot-envtools/files/qualcommax_ipq50xx

@@ -19,6 +19,7 @@ glinet,gl-b3000)
 linksys,mr5500|\
 linksys,mx2000|\
 linksys,mx5500|\
+linksys,mx6200|\
 linksys,spnmx56)
 	ubootenv_add_mtd "u_env" "0x0" "0x40000" "0x20000"
 	;;

package/firmware/ipq-wifi/Makefile

@@ -6,9 +6,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firmware/qca-wireless.git
-PKG_SOURCE_DATE:=2025-11-15
-PKG_SOURCE_VERSION:=7c6b7545f69a3ef3ddaaff68fc97e9e172117e2e
-PKG_MIRROR_HASH:=ac77840bafd111b3cc3d6cfc7a3b770fdaabb929209c38cd2109be2efd575dae
+PKG_SOURCE_DATE:=2025-12-16
+PKG_SOURCE_VERSION:=10eddd6f1cbabd1972a71526d979033325f958c6
+PKG_MIRROR_HASH:=1fd55a5cf582f131a371d70de5919b7e54c6ecdc078991dd8a2d21469976c12f
 PKG_FLAGS:=nonshared
 
 include $(INCLUDE_DIR)/package.mk
@@ -55,6 +55,7 @@ ALLWIFIBOARDS:= \
 	linksys_mx4200 \
 	linksys_mx5300 \
 	linksys_mx5500 \
+	linksys_mx6200 \
 	linksys_mx8500 \
 	linksys_spnmx56 \
 	linksys_whw03 \
@@ -63,6 +64,7 @@ ALLWIFIBOARDS:= \
 	netgear_lbr20 \
 	netgear_rax120v2 \
 	netgear_rbk20 \
+	netgear_rbk40 \
 	netgear_sxk80 \
 	netgear_wax214 \
 	netgear_wax218 \
@@ -79,7 +81,7 @@ ALLWIFIBOARDS:= \
 	tplink_deco-x80-5g \
 	tplink_eap610-outdoor \
 	tplink_eap620hd-v1 \
-	tplink_eap623od-hd-v1 \
+	tplink_eap623-outdoor-hd-v1 \
 	tplink_eap625-outdoor-hd-v1 \
 	tplink_eap660hd-v1 \
 	tplink_archer-c59-v1 \
@@ -234,6 +236,7 @@ $(eval $(call generate-ipq-wifi-package,linksys_mx2000,Linksys MX2000))
 $(eval $(call generate-ipq-wifi-package,linksys_mx4200,Linksys MX4200))
 $(eval $(call generate-ipq-wifi-package,linksys_mx5300,Linksys MX5300))
 $(eval $(call generate-ipq-wifi-package,linksys_mx5500,Linksys MX5500))
+$(eval $(call generate-ipq-wifi-package,linksys_mx6200,Linksys MX6200))
 $(eval $(call generate-ipq-wifi-package,linksys_mx8500,Linksys MX8500))
 $(eval $(call generate-ipq-wifi-package,linksys_spnmx56,Linksys SPNMX56))
 $(eval $(call generate-ipq-wifi-package,linksys_whw03,Linksys WHW03))
@@ -242,6 +245,7 @@ $(eval $(call generate-ipq-wifi-package,meraki_z3,Meraki Z3))
 $(eval $(call generate-ipq-wifi-package,netgear_lbr20,Netgear LBR20))
 $(eval $(call generate-ipq-wifi-package,netgear_rax120v2,Netgear RAX120v2))
 $(eval $(call generate-ipq-wifi-package,netgear_rbk20,Netgear RBK20))
+$(eval $(call generate-ipq-wifi-package,netgear_rbk40,Netgear RBK40))
 $(eval $(call generate-ipq-wifi-package,netgear_sxk80,Netgear SXK80))
 $(eval $(call generate-ipq-wifi-package,netgear_wax214,Netgear WAX214))
 $(eval $(call generate-ipq-wifi-package,netgear_wax218,Netgear WAX218))
@@ -258,7 +262,7 @@ $(eval $(call generate-ipq-wifi-package,spectrum_sax1v1k,Spectrum SAX1V1K))
 $(eval $(call generate-ipq-wifi-package,tplink_deco-x80-5g,TP-Link Deco X80-5G))
 $(eval $(call generate-ipq-wifi-package,tplink_eap610-outdoor,TPLink EAP610-Outdoor))
 $(eval $(call generate-ipq-wifi-package,tplink_eap620hd-v1,TP-Link EAP620 HD v1))
-$(eval $(call generate-ipq-wifi-package,tplink_eap623od-hd-v1,TP-Link EAP623-Outdoor HD v1))
+$(eval $(call generate-ipq-wifi-package,tplink_eap623-outdoor-hd-v1,TP-Link EAP623-Outdoor HD v1))
 $(eval $(call generate-ipq-wifi-package,tplink_eap625-outdoor-hd-v1,TP-Link EAP625-Outdoor HD v1))
 $(eval $(call generate-ipq-wifi-package,tplink_eap660hd-v1,TP-Link EAP660 HD v1))
 $(eval $(call generate-ipq-wifi-package,tplink_archer-c59-v1,TP-Link Archer C59 V1))

package/firmware/linux-firmware/intel.mk

@@ -219,7 +219,7 @@ $(eval $(call BuildPackage,iwlwifi-firmware-ax411))
 Package/iwlwifi-firmware-be200 = $(call Package/firmware-default,Intel BE200 firmware)
 define Package/iwlwifi-firmware-be200/install
 	$(INSTALL_DIR) $(1)/lib/firmware
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel/iwlwifi/iwlwifi-gl-c0-fm-c0-98.ucode $(1)/lib/firmware
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel/iwlwifi/iwlwifi-gl-c0-fm-c0-101.ucode $(1)/lib/firmware
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel/iwlwifi/iwlwifi-gl-c0-fm-c0.pnvm $(1)/lib/firmware
 endef
 $(eval $(call BuildPackage,iwlwifi-firmware-be200))

package/kernel/ath10k-ct/Makefile

@@ -34,7 +34,7 @@ define KernelPackage/ath10k-ct
 	$(PKG_BUILD_DIR)/ath10k$(CT_KVER)/ath10k_pci.ko \
 	$(PKG_BUILD_DIR)/ath10k$(CT_KVER)/ath10k_core.ko
   AUTOLOAD:=$(call AutoProbe,ath10k_pci)
-  PROVIDES:=kmod-ath10k
+  PROVIDES:=@kmod-ath10k-any
   VARIANT:=regular
 endef
 

package/kernel/lantiq/vrx518_tc/patches/208-dcdp-ptm_tc-fix-rx_len_adj.patch

@@ -0,0 +1,14 @@
+Fixes leaking the ethernet FCS into the frame payload on the RX
+path.
+
+--- a/dcdp/ptm_tc.c
++++ b/dcdp/ptm_tc.c
+@@ -923,7 +923,7 @@ static void ptm_fw_init(struct ptm_ep_pr
+ 	rx_gitf_cfg.rx_inserted_bytes_1h = 0;
+ 	rx_gitf_cfg.rx_inserted_bytes_2l = 0;
+ 	rx_gitf_cfg.rx_inserted_bytes_2h = 0;
+-	rx_gitf_cfg.rx_len_adj		= -2;
++	rx_gitf_cfg.rx_len_adj		= is_bonding ? -2 : -6;
+ 	for (i = 0; i < 4; i++) {
+ 		dst_addr = __RX_GIF0_CFG_STATS_CFG +
+ 			(i * DW_SZ(rx_gitf_cfg));

package/kernel/linux/modules/crypto.mk

@@ -624,11 +624,7 @@ define KernelPackage/crypto-lib-curve25519
   FILES:= \
 	$(LINUX_DIR)/lib/crypto/libcurve25519.ko \
 	$(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
-  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
-endef
-
-define KernelPackage/crypto-lib-curve25519/config
-  imply PACKAGE_kmod-crypto-kpp
+  $(call AddDepends/crypto,+kmod-crypto-kpp)
 endef
 
 ifndef CONFIG_TARGET_uml
@@ -661,11 +657,7 @@ define KernelPackage/crypto-lib-poly1305
   KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
   HIDDEN:=1
   FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
-  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
-endef
-
-define KernelPackage/crypto-lib-poly1305/config
-  imply PACKAGE_kmod-crypto-hash
+  $(call AddDepends/crypto,+kmod-crypto-hash)
 endef
 
 ifndef CONFIG_TARGET_uml

package/kernel/linux/modules/hwmon.mk

@@ -493,6 +493,25 @@ endef
 $(eval $(call KernelPackage,pmbus-core))
 
 
+define KernelPackage/pmbus-sensors
+  TITLE:=Generic PMBus devices monitoring support
+  KCONFIG:=CONFIG_SENSORS_PMBUS
+  FILES:=$(LINUX_DIR)/drivers/hwmon/pmbus/pmbus.ko
+  AUTOLOAD:=$(call AutoProbe,pmbus)
+  $(call AddDepends/hwmon,+kmod-pmbus-core)
+endef
+
+define KernelPackage/pmbus-sensors/description
+ Kernel modules for generic PMBus devices,
+including but not limited to ADP4000, BMR310, BMR453,
+BMR454, BMR456, BMR457, BMR458, BMR480, BMR490, BMR491, BMR492,
+MAX20796, MDT040, NCP4200, NCP4208, PDT003, PDT006, PDT012,
+TPS40400, TPS544B20, TPS544B25, TPS544C20, TPS544C25, and UDT020.
+endef
+
+$(eval $(call KernelPackage,pmbus-sensors))
+
+
 define KernelPackage/pmbus-zl6100
   TITLE:=Intersil / Zilker Labs ZL6100 hardware monitoring
   KCONFIG:=CONFIG_SENSORS_ZL6100

package/kernel/linux/modules/netdevices.mk

@@ -621,6 +621,23 @@ endef
 
 $(eval $(call KernelPackage,phy-aquantia))
 
+
+define KernelPackage/phy-motorcomm
+  SUBMENU:=$(NETWORK_DEVICES_MENU)
+  TITLE:=Motorcomm Ethernet PHYs
+  DEPENDS:=+kmod-libphy
+  KCONFIG:=CONFIG_MOTORCOMM_PHY
+  FILES:=$(LINUX_DIR)/drivers/net/phy/motorcomm.ko
+  AUTOLOAD:=$(call AutoLoad,18,motorcomm,1)
+endef
+
+define KernelPackage/phy-motorcomm/description
+  Supports the Motorcomm 8511/8521/8531/8531S/8821 Ethernet PHYs
+endef
+
+$(eval $(call KernelPackage,phy-motorcomm))
+
+
 define KernelPackage/dsa
   SUBMENU:=$(NETWORK_DEVICES_MENU)
   TITLE:=Distributed Switch Architecture support
@@ -1207,6 +1224,7 @@ define KernelPackage/r8169
     CONFIG_R8169_LEDS=y
   FILES:=$(LINUX_DIR)/drivers/net/ethernet/realtek/r8169.ko
   AUTOLOAD:=$(call AutoProbe,r8169,1)
+  DEFAULT_VARIANT:=1
 endef
 
 define KernelPackage/r8169/description

package/kernel/linux/modules/netsupport.mk

@@ -1654,3 +1654,68 @@ define KernelPackage/packet-diag
 endef
 
 $(eval $(call KernelPackage,packet-diag))
+
+define KernelPackage/team
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Ethernet team driver
+  KCONFIG:=CONFIG_NET_TEAM
+  FILES:=$(LINUX_DIR)/drivers/net/team/team.ko
+  AUTOLOAD:=$(call AutoProbe,team)
+endef
+
+$(eval $(call KernelPackage,team))
+
+define KernelPackage/team-mode-broadcast
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Broadcast mode support
+  DEPENDS:=kmod-team
+  KCONFIG:=CONFIG_NET_TEAM_MODE_BROADCAST
+  FILES:=$(LINUX_DIR)/drivers/net/team/team_mode_broadcast.ko
+  AUTOLOAD:=$(call AutoProbe,team_mode_broadcast)
+endef
+
+$(eval $(call KernelPackage,team-mode-broadcast))
+
+define KernelPackage/team-mode-roundrobin
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Round-robin mode support
+  DEPENDS:=kmod-team
+  KCONFIG:=CONFIG_NET_TEAM_MODE_ROUNDROBIN
+  FILES:=$(LINUX_DIR)/drivers/net/team/team_mode_roundrobin.ko
+  AUTOLOAD:=$(call AutoProbe,team_mode_roundrobin)
+endef
+
+$(eval $(call KernelPackage,team-mode-roundrobin))
+
+define KernelPackage/team-mode-random
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Random mode support
+  DEPENDS:=kmod-team
+  KCONFIG:=CONFIG_NET_TEAM_MODE_RANDOM
+  FILES:=$(LINUX_DIR)/drivers/net/team/team_mode_random.ko
+  AUTOLOAD:=$(call AutoProbe,team_mode_random)
+endef
+
+$(eval $(call KernelPackage,team-mode-random))
+
+define KernelPackage/team-mode-activebackup
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Active-backup mode support
+  DEPENDS:=kmod-team
+  KCONFIG:=CONFIG_NET_TEAM_MODE_ACTIVEBACKUP
+  FILES:=$(LINUX_DIR)/drivers/net/team/team_mode_activebackup.ko
+  AUTOLOAD:=$(call AutoProbe,team_mode_activebackup)
+endef
+
+$(eval $(call KernelPackage,team-mode-activebackup))
+
+define KernelPackage/team-mode-loadbalance
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=Load-balance mode support
+  DEPENDS:=kmod-team
+  KCONFIG:=CONFIG_NET_TEAM_MODE_LOADBALANCE
+  FILES:=$(LINUX_DIR)/drivers/net/team/team_mode_loadbalance.ko
+  AUTOLOAD:=$(call AutoProbe,team_mode_loadbalance)
+endef
+
+$(eval $(call KernelPackage,team-mode-loadbalance))

package/kernel/linux/modules/usb.mk

@@ -154,6 +154,24 @@ endef
 
 $(eval $(call KernelPackage,usb-gadget-hid))
 
+define KernelPackage/usb-gadget-fs
+  TITLE:=USB FunctionFS Gadget Support
+  KCONFIG:=CONFIG_USB_FUNCTIONFS \
+    CONFIG_USB_FUNCTIONFS_ETH=n \
+    CONFIG_USB_FUNCTIONFS_RNDIS=n
+  FILES:= \
+	  $(LINUX_DIR)/drivers/usb/gadget/legacy/g_ffs.ko \
+	  $(LINUX_DIR)/drivers/usb/gadget/function/usb_f_fs.ko
+  AUTOLOAD:=$(call AutoLoad,52,usb_f_fs)
+  $(call AddDepends/usbgadget,+kmod-usb-lib-composite +kmod-dma-buf)
+endef
+
+define KernelPackage/usb-gadget-fs/description
+  Kernel support for USB FunctionFS Gadget.
+endef
+
+$(eval $(call KernelPackage,usb-gadget-fs))
+
 define KernelPackage/usb-gadget-ehci-debug
   TITLE:=USB EHCI debug port Gadget support
   KCONFIG:=\

package/kernel/mac80211/ath.mk

@@ -265,7 +265,7 @@ This module adds support for wireless adapters based on
 Atheros USB AR9271 and AR7010 family of chipsets.
 endef
 
-define KernelPackage/ath10k
+define KernelPackage/ath10k/Default
   $(call KernelPackage/mac80211/Default)
   TITLE:=Atheros 802.11ac wireless cards support
   URL:=https://wireless.wiki.kernel.org/en/users/drivers/ath10k
@@ -276,7 +276,12 @@ define KernelPackage/ath10k
 	$(PKG_BUILD_DIR)/drivers/net/wireless/ath/ath10k/ath10k_pci.ko
   AUTOLOAD:=$(call AutoProbe,ath10k_core ath10k_pci)
   MODPARAMS.ath10k_core:=frame_mode=2
+endef
+
+define KernelPackage/ath10k
+  $(call KernelPackage/ath10k/Default)
   VARIANT:=regular
+  DEFAULT_VARIANT:=1
 endef
 
 define KernelPackage/ath10k/description
@@ -299,9 +304,10 @@ define KernelPackage/ath10k/config
 endef
 
 define KernelPackage/ath10k-smallbuffers
-  $(call KernelPackage/ath10k)
+  $(call KernelPackage/ath10k/Default)
   TITLE+= (small buffers for low-RAM devices)
   VARIANT:=smallbuffers
+  PROVIDES:=@kmod-ath10k-any
 endef
 
 define KernelPackage/ath11k

package/kernel/mac80211/patches/ath11k/932-wifi-ath11k-poll-reo-status-ipq5018.patch

@@ -1,164 +0,0 @@
-From d890c6d602307c9297df12c7d0287f9ffd26208b Mon Sep 17 00:00:00 2001
-From: Sriram R <srirrama@codeaurora.org>
-Date: Wed, 12 May 2021 19:21:09 +0530
-Subject: [PATCH] ath11k: poll reo status ring for IPQ5018
-
-Currently reo status interrupts are not received
-due to wrong mapping of the reo status interrupt
-line in IPQ5018.
-
-Hence, until the mapping is resolved in HW, use
-polling to reap the reo status ring. Rather than
-a period timer to reap the ring, the timer is
-triggered only on sending a reo command with
-status request.
-
-Without proper reaping of the ring, backpressure
-and ring full issues are seen in multi client test
-setups which leads to flooding the console with
-error messages reporting failure to send reo cmds.
-
-Can be reverted once HW solution is available.
-
-Signed-off-by: Sriram R <srirrama@codeaurora.org>
----
---- a/drivers/net/wireless/ath/ath11k/core.c
-+++ b/drivers/net/wireless/ath/ath11k/core.c
-@@ -729,6 +729,7 @@ static struct ath11k_hw_params ath11k_hw
- 		.support_fw_mac_sequence = false,
- 		.support_dual_stations = false,
- 		.pdev_suspend = false,
-+		.reo_status_poll = true,
- 	},
- 	{
- 		.name = "qca2066 hw2.1",
---- a/drivers/net/wireless/ath/ath11k/dp.c
-+++ b/drivers/net/wireless/ath/ath11k/dp.c
-@@ -350,12 +350,66 @@ void ath11k_dp_stop_shadow_timers(struct
- 	ath11k_dp_shadow_stop_timer(ab, &ab->dp.reo_cmd_timer);
- }
- 
-+static void ath11k_dp_handle_reo_status_timer(struct timer_list *timer)
-+{
-+	struct ath11k_dp *dp = from_timer(dp, timer, reo_status_timer);
-+	struct ath11k_base *ab = dp->ab;
-+
-+	spin_lock_bh(&dp->reo_cmd_lock);
-+	dp->reo_status_timer_running = false;
-+	spin_unlock_bh(&dp->reo_cmd_lock);
-+
-+	ath11k_dp_process_reo_status(ab);
-+}
-+
-+void ath11k_dp_start_reo_status_timer(struct ath11k_base *ab)
-+{
-+	struct ath11k_dp *dp = &ab->dp;
-+
-+	if (!ab->hw_params.reo_status_poll)
-+		return;
-+
-+	spin_lock_bh(&dp->reo_cmd_lock);
-+	if (dp->reo_status_timer_running) {
-+		spin_unlock_bh(&dp->reo_cmd_lock);
-+		return;
-+	}
-+	dp->reo_status_timer_running = true;
-+	spin_unlock_bh(&dp->reo_cmd_lock);
-+
-+	mod_timer(&dp->reo_status_timer, jiffies +
-+		  msecs_to_jiffies(ATH11K_REO_STATUS_POLL_TIMEOUT_MS));
-+}
-+
-+static void ath11k_dp_stop_reo_status_timer(struct ath11k_base *ab)
-+{
-+	struct ath11k_dp *dp = &ab->dp;
-+
-+	if (!ab->hw_params.reo_status_poll)
-+		return;
-+
-+	del_timer_sync(&dp->reo_status_timer);
-+	dp->reo_status_timer_running = false;
-+}
-+
-+static void ath11k_dp_init_reo_status_timer(struct ath11k_base *ab)
-+{
-+	struct ath11k_dp *dp = &ab->dp;
-+
-+	if (!ab->hw_params.reo_status_poll)
-+		return;
-+
-+	timer_setup(&dp->reo_status_timer,
-+		    ath11k_dp_handle_reo_status_timer, 0);
-+}
-+
- static void ath11k_dp_srng_common_cleanup(struct ath11k_base *ab)
- {
- 	struct ath11k_dp *dp = &ab->dp;
- 	int i;
- 
- 	ath11k_dp_stop_shadow_timers(ab);
-+	ath11k_dp_stop_reo_status_timer(ab);
- 	ath11k_dp_srng_cleanup(ab, &dp->wbm_desc_rel_ring);
- 	ath11k_dp_srng_cleanup(ab, &dp->tcl_cmd_ring);
- 	ath11k_dp_srng_cleanup(ab, &dp->tcl_status_ring);
-@@ -377,6 +431,8 @@ static int ath11k_dp_srng_common_setup(s
- 	int i, ret;
- 	u8 tcl_num, wbm_num;
- 
-+	ath11k_dp_init_reo_status_timer(ab);
-+
- 	ret = ath11k_dp_srng_setup(ab, &dp->wbm_desc_rel_ring,
- 				   HAL_SW2WBM_RELEASE, 0, 0,
- 				   DP_WBM_RELEASE_RING_SIZE);
---- a/drivers/net/wireless/ath/ath11k/dp.h
-+++ b/drivers/net/wireless/ath/ath11k/dp.h
-@@ -46,6 +46,8 @@ struct dp_rx_tid {
- #define DP_MON_PURGE_TIMEOUT_MS     100
- #define DP_MON_SERVICE_BUDGET       128
- 
-+#define ATH11K_REO_STATUS_POLL_TIMEOUT_MS 10
-+
- struct dp_reo_cache_flush_elem {
- 	struct list_head list;
- 	struct dp_rx_tid data;
-@@ -287,6 +289,10 @@ struct ath11k_dp {
- 	spinlock_t reo_cmd_lock;
- 	struct ath11k_hp_update_timer reo_cmd_timer;
- 	struct ath11k_hp_update_timer tx_ring_timer[DP_TCL_NUM_RING_MAX];
-+
-+	/* reo status timer and flags */
-+	struct timer_list reo_status_timer;
-+	bool reo_status_timer_running;
- };
- 
- /* HTT definitions */
-@@ -1690,5 +1696,6 @@ void ath11k_dp_shadow_init_timer(struct
- 				 struct ath11k_hp_update_timer *update_timer,
- 				 u32 interval, u32 ring_id);
- void ath11k_dp_stop_shadow_timers(struct ath11k_base *ab);
-+void ath11k_dp_start_reo_status_timer(struct ath11k_base *ab);
- 
- #endif
---- a/drivers/net/wireless/ath/ath11k/dp_tx.c
-+++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
-@@ -788,6 +788,10 @@ int ath11k_dp_tx_send_reo_cmd(struct ath
- 	if (cmd_num == 0)
- 		return -EINVAL;
- 
-+	/* Trigger reo status polling if required */
-+	if (cmd->flag & HAL_REO_CMD_FLG_NEED_STATUS)
-+		ath11k_dp_start_reo_status_timer(ab);
-+
- 	if (!cb)
- 		return 0;
- 
---- a/drivers/net/wireless/ath/ath11k/hw.h
-+++ b/drivers/net/wireless/ath/ath11k/hw.h
-@@ -233,6 +233,7 @@ struct ath11k_hw_params {
- 	bool support_fw_mac_sequence;
- 	bool support_dual_stations;
- 	bool pdev_suspend;
-+	bool reo_status_poll;
- };
- 
- struct ath11k_hw_ops {

package/kernel/mac80211/patches/build/999-kernel-6.12.64.patch

@@ -0,0 +1,19 @@
+diff --git a/backport-include/linux/hrtimer.h b/backport-include/linux/hrtimer.h
+index 3c351922c81d..d865dbf42e9b 100644
+--- a/backport-include/linux/hrtimer.h
++++ b/backport-include/linux/hrtimer.h
+@@ -17,12 +17,14 @@ static inline enum hrtimer_restart hrtimer_dummy_timeout(struct hrtimer *unused)
+ 	return HRTIMER_NORESTART;
+ }
+ 
++#if LINUX_VERSION_IS_LESS(6,12,64)
+ static inline void
+ hrtimer_update_function(struct hrtimer *timer,
+ 			enum hrtimer_restart (*function)(struct hrtimer *))
+ {
+ 	timer->function = function;
+ }
++#endif /* < 6.12.64 */
+ 
+ static inline void
+ hrtimer_setup(struct hrtimer *timer, enum hrtimer_restart (*function)(struct hrtimer *),

package/kernel/r8101/Makefile

@@ -21,7 +21,7 @@ define KernelPackage/r8101
   DEPENDS:=@PCI_SUPPORT +kmod-libphy
   FILES:=$(PKG_BUILD_DIR)/src/r8101.ko
   AUTOLOAD:=$(call AutoProbe,r8101,1)
-  PROVIDES:=kmod-r8169
+  PROVIDES:=@kmod-r8169-any
 endef
 
 define Build/Compile

package/kernel/r8125/Makefile

@@ -21,7 +21,7 @@ define KernelPackage/r8125
   DEPENDS:=@PCI_SUPPORT +kmod-libphy
   FILES:=$(PKG_BUILD_DIR)/src/r8125.ko
   AUTOLOAD:=$(call AutoProbe,r8125,1)
-  PROVIDES:=kmod-r8169
+  PROVIDES:=@kmod-r8169-any
   VARIANT:=regular
   PKG_MAKE_FLAGS += CONFIG_ASPM=n
 endef

package/kernel/r8126/Makefile

@@ -21,7 +21,7 @@ define KernelPackage/r8126
   DEPENDS:=@PCI_SUPPORT +kmod-libphy
   FILES:=$(PKG_BUILD_DIR)/src/r8126.ko
   AUTOLOAD:=$(call AutoProbe,r8126,1)
-  PROVIDES:=kmod-r8169
+  PROVIDES:=@kmod-r8169-any
   VARIANT:=regular
 endef
 

package/kernel/r8127/Makefile

@@ -21,7 +21,7 @@ define KernelPackage/r8127
   DEPENDS:=@PCI_SUPPORT +kmod-libphy
   FILES:=$(PKG_BUILD_DIR)/src/r8127.ko
   AUTOLOAD:=$(call AutoProbe,r8127,1)
-  PROVIDES:=kmod-r8169
+  PROVIDES:=@kmod-r8169-any
   VARIANT:=regular
 endef
 

package/kernel/r8168/Makefile

@@ -21,7 +21,7 @@ define KernelPackage/r8168
   DEPENDS:=@PCI_SUPPORT +kmod-libphy
   FILES:=$(PKG_BUILD_DIR)/src/r8168.ko
   AUTOLOAD:=$(call AutoProbe,r8168,1)
-  PROVIDES:=kmod-r8169
+  PROVIDES:=@kmod-r8169-any
   VARIANT:=regular
 endef
 

package/kernel/rtl8812au-ct/Makefile

@@ -28,7 +28,7 @@ define KernelPackage/rtl8812au-ct
   FILES:=\
 	$(PKG_BUILD_DIR)/rtl8812au.ko
   AUTOLOAD:=$(call AutoProbe,rtl8812au)
-  PROVIDES:=kmod-rtl8812au
+  PROVIDES:=@kmod-rtl8812au-any
 endef
 
 NOSTDINC_FLAGS := \

package/libs/elfutils/Makefile

@@ -51,7 +51,6 @@ define Package/libelf
   $(call Package/elfutils/Default)
   DEPENDS:=$(INTL_DEPENDS) +zlib
   TITLE+= (libelf)
-  PROVIDES:=libelf1
 endef
 
 ifeq ($(CONFIG_BUILD_NLS),y)

package/libs/libcap/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libcap
-PKG_VERSION:=2.77
+PKG_VERSION:=2.69
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/libs/security/linux-privs/libcap2
-PKG_HASH:=897bc18b44afc26c70e78cead3dbb31e154acc24bee085a5a09079a88dbf6f52
+PKG_HASH:=f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb
 
 PKG_MAINTAINER:=Paul Wassi <p.wassi@gmx.at>
 PKG_LICENSE:=GPL-2.0-only

package/libs/libcap/patches/003-Revert-libcap-Add-build-ldflags-to-_makenames-rule.patch

@@ -1,27 +0,0 @@
-From 542d7d86ecd2129dd5fe7e5b31ba307304f5b319 Mon Sep 17 00:00:00 2001
-From: "Andrew G. Morgan" <morgan@kernel.org>
-Date: Mon, 10 Nov 2025 18:26:34 -0800
-Subject: [PATCH] Revert "libcap: Add build ldflags to _makenames rule"
-
-This reverts commit c3ddf45d9afaab85d3b7db0dc7bfd1aafb8fde50.
-
-The details of what this broke are here:
-
-  https://bugzilla.kernel.org/show_bug.cgi?id=220691#c2
-
-Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
----
- libcap/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/libcap/Makefile
-+++ b/libcap/Makefile
-@@ -80,7 +80,7 @@ $(PSXTITLE).pc: $(PSXTITLE).pc.in
- 		$< >$@
- 
- _makenames: _makenames.c cap_names.list.h
--	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $< -o $@ $(BUILD_LDFLAGS)
-+	$(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_CPPFLAGS) $< -o $@
- 
- cap_names.h: _makenames
- 	./_makenames > cap_names.h

package/libs/readline/Makefile

@@ -57,7 +57,10 @@ CONFIGURE_VARS += \
 	bash_cv_termcap_lib=libncursesw
 
 TARGET_CFLAGS += $(FPIC)
-HOST_CFLAGS += $(FPIC)
+TARGET_LDFLAGS += $(FPIC)
+
+HOST_CFLAGS += $(HOST_FPIC)
+HOST_LDFLAGS += $(HOST_FPIC)
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include

package/libs/toolchain/Makefile

@@ -781,8 +781,9 @@ else
 
 endif
 
-$(eval $(call BuildPackage,libc))
 $(eval $(call BuildPackage,libgcc))
+# libc depends on knowing libgcc's ABI, so it needs to be evaluated first
+$(eval $(call BuildPackage,libc))
 $(eval $(call BuildPackage,libatomic))
 $(eval $(call BuildPackage,libquadmath))
 $(eval $(call BuildPackage,libstdcpp))

package/libs/uclient/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uclient
-PKG_RELEASE=1
+PKG_RELEASE=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uclient.git
@@ -34,7 +34,8 @@ define Package/uclient-fetch
   CATEGORY:=Network
   TITLE:=Tiny wget replacement using libuclient
   ALTERNATIVES:=200:/usr/bin/wget:/bin/uclient-fetch
-  PROVIDES:=wget
+  DEFAULT_VARIANT:=1
+  PROVIDES:=@wget-any
   DEPENDS:=+libuclient
 endef
 

package/network/config/netifd/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=netifd
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git

package/network/config/netifd/files/lib/netifd/proto/dhcp.sh

@@ -3,6 +3,7 @@
 [ -x /sbin/udhcpc ] || exit 0
 
 . /lib/functions.sh
+. /lib/functions/network.sh
 . ../netifd-proto.sh
 . /lib/config/uci.sh
 init_proto "$@"
@@ -37,11 +38,11 @@ proto_dhcp_get_default_clientid() {
 
 	local iface="$1"
 	local duid
-	local iaid="0"
+	local iaid
 
-        [ -e "/sys/class/net/$iface/ifindex" ] && iaid="$(cat "/sys/class/net/$iface/ifindex")"
-        duid="$(uci_get network @globals[0] dhcp_default_duid)"
-        [ -n "$duid" ] && printf "ff%08x%s" "$iaid" "$duid"
+	network_generate_iface_iaid iaid "$iface"
+	duid="$(uci_get network @globals[0] dhcp_default_duid)"
+	[ -n "$duid" ] && printf "ff%s%s" "$iaid" "$duid"
 }
 
 proto_dhcp_setup() {
@@ -66,6 +67,7 @@ proto_dhcp_setup() {
 	[ "$norelease" = 1 ] && norelease="" || norelease="-R"
 	[ -z "$clientid" ] && clientid="$(proto_dhcp_get_default_clientid "$iface")"
 	[ -n "$clientid" ] && clientid="-x 0x3d:${clientid//:/}"
+	[ -n "$vendorid" ] && append dhcpopts "-x 0x3c:$(echo -n "$vendorid" | hexdump -ve '1/1 "%02x"')"
 	[ -n "$iface6rd" ] && proto_export "IFACE6RD=$iface6rd"
 	[ "$iface6rd" != 0 -a -f /lib/netifd/proto/6rd.sh ] && append dhcpopts "-O 212"
 	[ -n "$zone6rd" ] && proto_export "ZONE6RD=$zone6rd"
@@ -76,6 +78,16 @@ proto_dhcp_setup() {
 	# Request classless route option (see RFC 3442) by default
 	[ "$classlessroute" = "0" ] || append dhcpopts "-O 121"
 
+	# Avoid sending duplicate Option 60 values
+	local emptyvendorid
+	case "$dhcpopts" in
+		*"-x 0"[xX]*"3"[cC]":"* |\
+		*"-x 60:"* |\
+		*"-x vendor:"*)
+			emptyvendorid=1
+			;;
+	esac
+
 	proto_export "INTERFACE=$config"
 	proto_run_command "$config" udhcpc \
 		-p /var/run/udhcpc-$iface.pid \
@@ -83,7 +95,7 @@ proto_dhcp_setup() {
 		-f -t 0 -i "$iface" \
 		${ipaddr:+-r ${ipaddr/\/*/}} \
 		${hostname:+-x "hostname:$hostname"} \
-		${vendorid:+-V "$vendorid"} \
+		${emptyvendorid:+-V ""} \
 		$clientid $defaultreqopts $broadcast $norelease $dhcpopts
 }
 

package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh

@@ -288,14 +288,22 @@ function setup() {
 		wdev_data[v.config.ifname] = config;
 	}
 
+	for (let ifname in active_ifnames) {
+		if (!wdev_data[ifname])
+			continue;
+
+		let if_config = {
+			[ifname]: wdev_data[ifname]
+		};
+		system(`ucode /usr/share/hostap/wdev.uc ${data.phy}${data.phy_suffix} set_config '${if_config}'`);
+	}
+
 	if (fs.access('/usr/sbin/wpa_supplicant', 'x'))
 		supplicant.setup(supplicant_data, data);
 
 	if (fs.access('/usr/sbin/hostapd', 'x'))
 		hostapd.setup(data);
 
-	system(`ucode /usr/share/hostap/wdev.uc ${data.phy}${data.phy_suffix} set_config '${printf("%J", wdev_data)}' ${join(' ', active_ifnames)}`);
-
 	if (length(supplicant_data) > 0)
 		supplicant.start(data);
 

package/network/config/wifi-scripts/files-ucode/usr/bin/iwinfo

@@ -25,7 +25,8 @@ function print_assoclist(stations) {
 				printf(', %s', flags);
 			printf('%10d Pkts.\n', bitrate.packets);
 		}
-		printf(`\texpected throughput: ${station.expected_throughput}\n\n`);
+		let expected_throughput = station.expected_throughput;
+		printf(`\texpected throughput: ${expected_throughput == 'unknown' ? 'unknown' : expected_throughput + ' MBit/s'}\n\n`);
 	}
 }
 

package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json

@@ -534,10 +534,6 @@
 			"type": "number",
 			"default": 1
 		},
-		"no_probe_resp_if_max_sta": {
-			"description": "Do not answer probe requests if iface_max_num_sta was reached",
-			"type": "boolean"
-		},
 		"noscan": {
 			"description": "Do not scan for overlapping BSSs in HT40+/- mode.",
 			"type": "boolean",

package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-iface.json

@@ -424,8 +424,7 @@
 		},
 		"ieee80211k": {
 			"description": "Enables Radio Resource Measurement (802.11k) support",
-			"type": "boolean",
-			"default": true
+			"type": "boolean"
 		},
 		"ieee80211r": {
 			"description": "Enables fast BSS transition (802.11r) support.",
@@ -605,11 +604,8 @@
 			"type": "boolean"
 		},
 		"mcast_rate": {
-			"description": "Allowed multicast rates",
-			"type": "array",
-			"items": {
-				"type": "number"
-			}
+			"description": "Allowed multicast rate",
+			"type": "number"
 		},
 		"mesh_auto_open_plinks": {
 			"type": "boolean"
@@ -765,6 +761,10 @@
 			"description": "Network Authentication Type",
 			"type": "string"
 		},
+		"no_probe_resp_if_max_sta": {
+			"description": "Do not answer probe requests if iface_max_num_sta was reached",
+			"type": "boolean"
+		},
 		"ocv": {
 			"description": "Operating Channel Validation",
 			"type": "number",
@@ -932,18 +932,15 @@
 		},
 		"rrm_beacon_report": {
 			"description": "Enable beacon report via radio measurements",
-			"type": "boolean",
-			"default": true
+			"type": "boolean"
 		},
 		"rrm_neighbor_report": {
 			"description": "Enable neighbor report via radio measurements",
-			"type": "boolean",
-			"default": true
+			"type": "boolean"
 		},
 		"rnr": {
 			"description": "Enable reduced neighbor reporting",
-			"type": "boolean",
-			"default": true
+			"type": "boolean"
 		},
 		"roaming_consortium": {
 			"description": "Roaming Consortium List",

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/iwinfo.uc

@@ -169,6 +169,10 @@ function format_rate(rate) {
 	return rate ? sprintf('%.01f', rate / 10.0) : 'unknown';
 }
 
+function format_expected_throughput(rate) {
+	return rate ? sprintf('%.01f', rate / 1000.0) : 'unknown';
+}
+
 function format_mgmt_key(key) {
 	switch(+key) {
 	case 1:
@@ -312,7 +316,7 @@ function dbm2quality(dbm) {
 }
 
 function hwmodelist(name) {
-	const mode = { 'HT*': 'n', 'VHT*': 'ac', 'HE*': 'ax' };
+	const mode = { 'HT*': 'n', 'VHT*': 'ac', 'HE*': 'ax', 'EHT*': 'be' };
 	let iface = ifaces[name];
 	let phy = board_data.wlan?.['phy' + iface.wiphy];
 	if (!phy || !iface.radio?.band)
@@ -352,7 +356,7 @@ export function assoclist(dev) {
 				packets: station.sta_info.tx_packets ?? 0,
 				flags: assoc_flags(station.sta_info.tx_bitrate ?? {}),
 			},
-			expected_throughput: station.sta_info.expected_throughput ?? 'unknown',
+			expected_throughput: format_expected_throughput(station.sta_info.expected_throughput ?? 0),
 		};
 		ret[sta.mac] = sta;
 	}

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc

@@ -59,7 +59,7 @@ function iface_setup(config) {
 		'wds_sta', 'wds_bridge', 'snoop_iface', 'vendor_elements', 'nas_identifier', 'radius_acct_interim_interval',
 		'ocv', 'beacon_prot', 'spp_amsdu', 'multicast_to_unicast', 'preamble', 'proxy_arp', 'per_sta_vif', 'mbo',
 		'bss_transition', 'wnm_sleep_mode', 'wnm_sleep_mode_no_keys', 'qos_map_set', 'max_listen_int',
-		'dtim_period', 'wmm_enabled', 'start_disabled', 'na_mcast_to_ucast',
+		'dtim_period', 'wmm_enabled', 'start_disabled', 'na_mcast_to_ucast', 'no_probe_resp_if_max_sta',
 	]);
 }
 
@@ -166,7 +166,7 @@ function iface_auth_type(config) {
 
 		if (config.radius_das_client && config.radius_das_secret) {
 			set_default(config, 'radius_das_port', 3799);
-			set_default(config, 'radius_das_client', `${config.radius_das_client} ${config.radius_das_secret}`);
+			config.radius_das_client = config.radius_das_client + ' ' + config.radius_das_secret;
 		}
 
 		set_default(config, 'eapol_version', config.wpa & 1);

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc

@@ -489,7 +489,7 @@ function generate(config) {
 		append_vars(config, [ 'airtime_mode' ]);
 
 	/* assoc/thresholds */
-	append_vars(config, [ 'rssi_reject_assoc_rssi', 'rssi_reject_assoc_timeout', 'rssi_ignore_probe_request', 'iface_max_num_sta', 'no_probe_resp_if_max_sta' ]);
+	append_vars(config, [ 'rssi_reject_assoc_rssi', 'rssi_reject_assoc_timeout', 'rssi_ignore_probe_request', 'iface_max_num_sta' ]);
 
 	/* ACS / Radar*/
 	if (!phy_features.radar_background || config.band != '5g')

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc

@@ -4,6 +4,9 @@ import { append_value, log } from 'wifi.common';
 import * as fs from 'fs';
 
 export function parse_encryption(config, dev_config) {
+	if (!config.encryption)
+		return;
+
 	let encryption = split(config.encryption, '+', 2);
 
 	config.wpa = 0;
@@ -13,10 +16,11 @@ export function parse_encryption(config, dev_config) {
 			config.wpa = v;
 			break;
 		}
-	if (!config.wpa)
-		config.wpa_pairwise = null;
 
-	config.wpa_pairwise = (config.hw_mode == 'ad') ? 'GCMP' : 'CCMP';
+	config.wpa_pairwise = null;
+	if (config.wpa)
+		config.wpa_pairwise = (config.hw_mode == 'ad') ? 'GCMP' : 'CCMP';
+
 	config.auth_type = encryption[0] ?? 'none';
 
 	let wpa3_pairwise = config.wpa_pairwise;

package/network/config/wifi-scripts/files/lib/netifd/wireless-device.uc

@@ -488,7 +488,11 @@ function wdev_set_data(wdev, vif, vlan, data)
 		cur_type = "vlan";
 	}
 
-	wdev.handler_data[cur.name] = {
+	let key = cur.name;
+	if (cur_type == "vlan")
+		key = vif.name + "/" + vlan.name;
+
+	wdev.handler_data[key] = {
 		...cur,
 		...data,
 		type: cur_type,
@@ -545,9 +549,13 @@ function hotplug(name, add)
 	}
 }
 
-function get_status_data(wdev, vif)
+function get_status_data(wdev, vif, parent_vif)
 {
-	let hdata = wdev.handler_data[vif.name];
+	let key = vif.name;
+	if (parent_vif)
+		key = parent_vif.name + "/" + vif.name;
+
+	let hdata = wdev.handler_data[key];
 	let data = {
 		section: vif.name,
 		config: vif.config
@@ -561,7 +569,7 @@ function get_status_vlans(wdev, vif)
 {
 	let vlans = [];
 	for (let vlan in vif.vlan)
-		push(vlans, get_status_data(wdev, vlan));
+		push(vlans, get_status_data(wdev, vlan, vif));
 	return vlans;
 }
 

package/network/config/wifi-scripts/files/lib/netifd/wireless.uc

@@ -192,8 +192,9 @@ function config_init(uci)
 	}
 
 	for (let name, data in sections.vlan) {
+		let ifaces = parse_array(data.iface);
 		for (let iface, iface_vifs in vifs) {
-			if (data.iface && data.iface != iface)
+			if (length(ifaces) && index(ifaces, iface) < 0)
 				continue;
 
 			for (let vif in iface_vifs) {
@@ -214,8 +215,9 @@ function config_init(uci)
 	}
 
 	for (let name, data in sections.station) {
+		let ifaces = parse_array(data.iface);
 		for (let iface, iface_vifs in vifs) {
-			if (data.iface && data.iface != iface)
+			if (length(ifaces) && index(ifaces, iface) < 0)
 				continue;
 
 			for (let vif in iface_vifs) {

package/network/config/wifi-scripts/files/lib/wifi/mac80211.uc

@@ -78,7 +78,13 @@ for (let phy_name, phy in board.wlan) {
 
 		band_name = lc(band_name);
 
-		let country, defaults, num_global_macaddr;
+		let country, encryption, defaults, num_global_macaddr;
+		if (band_name == '6g') {
+			country = '00';
+			encryption = 'owe';
+		} else {
+			encryption = 'open';
+		}
 		if (board.wlan.defaults) {
 			defaults = board.wlan.defaults.ssids?.[band_name]?.ssid ? board.wlan.defaults.ssids?.[band_name] : board.wlan.defaults.ssids?.all;
 			country = board.wlan.defaults.country;
@@ -105,7 +111,7 @@ set ${si}.device='${name}'
 set ${si}.network='lan'
 set ${si}.mode='ap'
 set ${si}.ssid='${defaults?.ssid || "OpenWrt"}'
-set ${si}.encryption='${defaults?.encryption || "none"}'
+set ${si}.encryption='${defaults?.encryption || encryption}'
 set ${si}.key='${defaults?.key || ""}'
 
 `);

package/network/config/wifi-scripts/files/usr/share/hostap/wdev.uc

@@ -44,7 +44,12 @@ function iface_start(wdev)
 				push(cmd, key, wdev[key]);
 		system(cmd);
 	} else if (wdev.mode == "mesh") {
-		let cmd = [ "iw", "dev", ifname, "mesh", "join", wdev.ssid, "freq", wdev.freq, htmode ];
+		let cmd = [ "iw", "dev", ifname, "mesh", "join", wdev.ssid ];
+		if (wdev.freq) {
+			push(cmd, "freq", wdev.freq);
+			if (htmode && htmode != "NOHT")
+				push(cmd, htmode);
+		}
 		for (let key in [ "basic-rates", "mcast-rate", "beacon-interval" ])
 			if (wdev[key])
 				push(cmd, key, wdev[key]);

package/network/config/wifi-scripts/files/usr/share/ucode/wifi/utils.uc

@@ -57,6 +57,11 @@ function rename_phy_by_name(phys, name, rename) {
 		wiphy: idx,
 		wiphy_name: name
 	});
+
+	let prev_idx = index(phys, prev_name);
+	if (prev_idx >= 0)
+		phys[prev_idx] = name;
+
 	return true;
 }
 

package/network/ipv6/odhcp6c/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcp6c.git
-PKG_SOURCE_DATE:=2025-12-09
-PKG_SOURCE_VERSION:=5212a1019d75db47a03c95c12e385e4625dda3d0
-PKG_MIRROR_HASH:=9c6501ea995c685e4e1b65ae74cbaecb6f787a493fdd5f8d3d095aeb0466b418
+PKG_SOURCE_DATE:=2025-12-29
+PKG_SOURCE_VERSION:=699cc61568b6816783d17d57dda4ef7851198528
+PKG_MIRROR_HASH:=e8a42c429ed83660ccc04d69e3bcbf0056d8e96e08caff0f14518150b89ec352
 
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
 PKG_LICENSE:=GPL-2.0

package/network/ipv6/odhcp6c/files/dhcpv6.sh

@@ -42,7 +42,7 @@ proto_dhcpv6_init_config() {
 	proto_config_add_boolean sourcefilter
 	proto_config_add_boolean keep_ra_dnslifetime
 	proto_config_add_int "ra_holdoff"
-	proto_config_add_boolean verbose
+	proto_config_add_int 'verbose:range(0, 7)'
 	proto_config_add_boolean dynamic
 }
 
@@ -116,7 +116,7 @@ proto_dhcpv6_setup() {
 
 	[ -n "$ra_holdoff" ] && append opts "-m$ra_holdoff"
 
-	[ "$verbose" = "1" ] && append opts "-v"
+	[ -n "$verbose" ] && append opts "-l$verbose"
 
 	json_for_each_item proto_dhcpv6_add_sendopts sendopts opts
 

package/network/services/dnsmasq/Makefile

@@ -51,6 +51,7 @@ endef
 define Package/dnsmasq
 $(call Package/dnsmasq/Default)
   VARIANT:=nodhcpv6
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/dnsmasq-dhcpv6

package/network/services/dropbear/Makefile

@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
-PKG_VERSION:=2025.88
-PKG_RELEASE:=4
+PKG_VERSION:=2025.89
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
 	https://matt.ucc.asn.au/dropbear/releases/ \
 	https://dropbear.nl/mirror/releases/
-PKG_HASH:=783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4
+PKG_HASH:=0d1f7ca711cfc336dc8a85e672cab9cfd8223a02fe2da0a4a7aeb58c9e113634
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE

package/network/services/dropbear/patches/050-dropbear-multihop-fix.patch

@@ -1,70 +0,0 @@
-From 5cc0127000db5f7567b54d0495fb91a8e452fe09 Mon Sep 17 00:00:00 2001
-From: Konstantin Demin <rockdrilla@gmail.com>
-Date: Fri, 9 May 2025 22:39:35 +0300
-Subject: Fix proxycmd without netcat
-
-fixes e5a0ef27c2 "Execute multihop commands directly, no shell"
-
-Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
-Forwarded: https://github.com/mkj/dropbear/pull/363
----
- src/cli-main.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/src/cli-main.c
-+++ b/src/cli-main.c
-@@ -77,7 +77,11 @@ int main(int argc, char ** argv) {
- 	}
- 
- #if DROPBEAR_CLI_PROXYCMD
--	if (cli_opts.proxycmd || cli_opts.proxyexec) {
-+	if (cli_opts.proxycmd
-+#if DROPBEAR_CLI_MULTIHOP
-+		|| cli_opts.proxyexec
-+#endif
-+	) {
- 		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
- 		if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR ||
- 			signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR ||
-@@ -110,11 +114,13 @@ static void shell_proxy_cmd(const void *
- 	dropbear_exit("Failed to run '%s'\n", cmd);
- }
- 
-+#if DROPBEAR_CLI_MULTIHOP
- static void exec_proxy_cmd(const void *unused) {
- 	(void)unused;
- 	run_command(cli_opts.proxyexec[0], cli_opts.proxyexec, ses.maxfd);
- 	dropbear_exit("Failed to run '%s'\n", cli_opts.proxyexec[0]);
- }
-+#endif
- 
- static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
- 	char * cmd_arg = NULL;
-@@ -145,9 +151,11 @@ static void cli_proxy_cmd(int *sock_in,
- 		cmd_arg = m_malloc(shell_cmdlen);
- 		snprintf(cmd_arg, shell_cmdlen, "exec %s", cli_opts.proxycmd);
- 		exec_fn = shell_proxy_cmd;
-+#if DROPBEAR_CLI_MULTIHOP
- 	} else {
- 		/* No shell */
- 		exec_fn = exec_proxy_cmd;
-+#endif
- 	}
- 
- 	ret = spawn_command(exec_fn, cmd_arg, sock_out, sock_in, NULL, pid_out);
-@@ -159,6 +167,7 @@ static void cli_proxy_cmd(int *sock_in,
- cleanup:
- 	m_free(cli_opts.proxycmd);
- 	m_free(cmd_arg);
-+#if DROPBEAR_CLI_MULTIHOP
- 	if (cli_opts.proxyexec) {
- 		char **a = NULL;
- 		for (a = cli_opts.proxyexec; *a; a++) {
-@@ -166,6 +175,7 @@ cleanup:
- 		}
- 		m_free(cli_opts.proxyexec);
- 	}
-+#endif
- }
- 
- static void kill_proxy_sighandler(int UNUSED(signo)) {

package/network/services/dropbear/patches/051-fix-pubkey-options.patch

@@ -1,47 +0,0 @@
-From 91877a0337f432fd29bb1041be5599ea706e5de6 Mon Sep 17 00:00:00 2001
-From: Konstantin Demin <rockdrilla@gmail.com>
-Date: Thu, 31 Jul 2025 14:13:35 +0300
-Subject: fix build without pubkey options
-
-fixes:
-- 98ef42a856 "Don't set pubkey_info directly in checkpubkey_line"
-- 62ea53c1e5 "Implement no-touch-required and verify-requred for authorized_keys file"
-
-Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
-Forwarded: https://github.com/mkj/dropbear/pull/374
----
- src/svr-authpubkey.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
---- a/src/svr-authpubkey.c
-+++ b/src/svr-authpubkey.c
-@@ -186,12 +186,14 @@ void svr_auth_pubkey(int valid_user) {
- 
- #if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
- 	key->sk_flags_mask = SSH_SK_USER_PRESENCE_REQD;
-+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
- 	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->no_touch_required_flag) {
- 		key->sk_flags_mask &= ~SSH_SK_USER_PRESENCE_REQD;
- 	}
- 	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->verify_required_flag) {
- 		key->sk_flags_mask |= SSH_SK_USER_VERIFICATION_REQD;
- 	}
-+#endif /* DROPBEAR_SVR_PUBKEY_OPTIONS */
- #endif
- 
- 	/* create the data which has been signed - this a string containing
-@@ -513,7 +515,13 @@ static int checkpubkey(const char* keyal
- 		line_num++;
- 
- 		ret = checkpubkey_line(line, line_num, filename, keyalgo, keyalgolen,
--			keyblob, keybloblen, &ses.authstate.pubkey_info);
-+			keyblob, keybloblen,
-+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
-+			&ses.authstate.pubkey_info
-+#else
-+			NULL
-+#endif
-+		);
- 		if (ret == DROPBEAR_SUCCESS) {
- 			break;
- 		}

package/network/services/dropbear/patches/052-fix-missing-depends-for-sntrup761x25519-sha512.patch

@@ -1,24 +0,0 @@
-From 4bc1e18948d0918bcb1338a5f1e7856478abf985 Mon Sep 17 00:00:00 2001
-From: Konstantin Demin <rockdrilla@gmail.com>
-Date: Fri, 8 Aug 2025 10:02:44 +0300
-Subject: fix missing depends for sntrup761x25519-sha512
-
-fixes 440b7b5c4f "Add sntrup761x25519-sha512 post-quantum key exchange"
-
-Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
-Forwarded: https://github.com/mkj/dropbear/pull/375
----
- src/sysoptions.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/sysoptions.h
-+++ b/src/sysoptions.h
-@@ -207,7 +207,7 @@
- /* LTC SHA384 depends on SHA512 */
- #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \
- 			|| (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \
--			|| (DROPBEAR_ED25519))
-+			|| (DROPBEAR_ED25519) || (DROPBEAR_SNTRUP761))
- 
- #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))
- 

package/network/services/dropbear/patches/053-Don-t-limit-channel-window-to-500MB.patch

@@ -1,65 +0,0 @@
-From a8610f7b98ad4b33ab723602863d60d462fa5af2 Mon Sep 17 00:00:00 2001
-From: Matt Johnston <matt@ucc.asn.au>
-Date: Sun, 10 Aug 2025 19:46:01 +0800
-Subject: Don't limit channel window to 500MB
-
-Previously the channel window and increments were limited to 500MB.
-That is incorrect and causes stuck connections if peers advertise
-a large window, then don't send an increment within the first 500MB.
-
-That's seen with SSH.NET https://github.com/sshnet/SSH.NET/issues/1671
----
- src/common-channel.c | 17 ++++++++++-------
- src/sysoptions.h     |  3 ---
- 2 files changed, 10 insertions(+), 10 deletions(-)
-
---- a/src/common-channel.c
-+++ b/src/common-channel.c
-@@ -858,17 +858,21 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
- void recv_msg_channel_window_adjust() {
- 
- 	struct Channel * channel;
--	unsigned int incr;
-+	unsigned int incr, newwin;
- 	
- 	channel = getchannel();
- 	
- 	incr = buf_getint(ses.payload);
--	TRACE(("received window increment %d", incr))
--	incr = MIN(incr, TRANS_MAX_WIN_INCR);
-+	TRACE(("received window increment %u", incr))
- 	
--	channel->transwindow += incr;
--	channel->transwindow = MIN(channel->transwindow, TRANS_MAX_WINDOW);
--
-+	newwin = channel->transwindow + incr;
-+	if (newwin < channel->transwindow) {
-+		/* Integer overflow, clamp it at maximum.
-+		 * Behaviour may be unexpected, senders MUST NOT overflow per rfc4254. */
-+		TRACE(("overflow window, prev %u", channel->transwindow));
-+		newwin = 0xffffffff;
-+	}
-+	channel->transwindow = newwin;
- }
- 
- /* Increment the incoming data window for a channel, and let the remote
-@@ -906,7 +910,6 @@ void recv_msg_channel_open() {
- 
- 	remotechan = buf_getint(ses.payload);
- 	transwindow = buf_getint(ses.payload);
--	transwindow = MIN(transwindow, TRANS_MAX_WINDOW);
- 	transmaxpacket = buf_getint(ses.payload);
- 	transmaxpacket = MIN(transmaxpacket, TRANS_MAX_PAYLOAD_LEN);
- 
---- a/src/sysoptions.h
-+++ b/src/sysoptions.h
-@@ -243,9 +243,6 @@
- #define RECV_MAX_PACKET_LEN (MAX(35000, ((RECV_MAX_PAYLOAD_LEN)+100)))
- 
- /* for channel code */
--#define TRANS_MAX_WINDOW 500000000 /* 500MB is sufficient, stopping overflow */
--#define TRANS_MAX_WIN_INCR 500000000 /* overflow prevention */
--
- #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every
- 								RECV_WINDOWEXTEND bytes */
- #define MAX_RECV_WINDOW (10*1024*1024) /* 10 MB should be enough */

package/network/services/dropbear/patches/110-change_user.patch

@@ -1,6 +1,6 @@
---- a/src/svr-chansession.c
-+++ b/src/svr-chansession.c
-@@ -984,12 +984,12 @@ static void execchild(const void *user_d
+--- a/src/svr-auth.c
++++ b/src/svr-auth.c
+@@ -510,9 +510,9 @@ void svr_switch_user(void) {
  	/* We can only change uid/gid as root ... */
  	if (getuid() == 0) {
  
@@ -11,6 +11,11 @@
 +						ses.authstate.pw_gid) < 0))) {
  			dropbear_exit("Error changing user group");
  		}
+ 
+@@ -534,7 +534,7 @@ void svr_switch_user(void) {
+ 		}
+ #endif
+ 
 -		if (setuid(ses.authstate.pw_uid) < 0) {
 +		if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
  			dropbear_exit("Error changing user");

package/network/services/dropbear/patches/900-configure-hardening.patch

@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -86,54 +86,6 @@ AC_ARG_ENABLE(harden,
+@@ -80,54 +80,6 @@ AC_ARG_ENABLE(harden,
  
  if test "$hardenbuild" -eq 1; then
  	AC_MSG_NOTICE(Checking for available hardened build flags:)

package/network/services/dropbear/patches/901-bundled-libs-cflags.patch

@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -44,11 +44,8 @@ fi
+@@ -38,11 +38,8 @@ fi
  # LTM_CFLAGS is given to ./configure by the user, 
  # DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in
  DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS"

package/network/services/hostapd/Makefile

@@ -248,6 +248,7 @@ $(call Package/hostapd/Default,$(1))
   TITLE+= (WPA-PSK, 11r and 11w)
   VARIANT:=basic-mbedtls
   DEPENDS+=+PACKAGE_hostapd-basic-mbedtls:libmbedtls
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/hostapd-basic-mbedtls/description
@@ -543,6 +544,7 @@ define Package/eapol-test
   $(call Package/eapol-test/Default,$(1))
   TITLE+= (built-in full)
   VARIANT:=supplicant-full-internal
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/eapol-test-openssl

package/network/services/odhcpd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcpd.git
-PKG_MIRROR_HASH:=cce1d4f3c88f4eec0cf8b19429f12e6fc2f47dca9b4d643a31569c1209f8fabc
-PKG_SOURCE_DATE:=2025-12-10
-PKG_SOURCE_VERSION:=ca00527e5fc3d8d2b8c1a60fbeb6a25e2bf68674
+PKG_MIRROR_HASH:=e91eb780beb2f6e501ed35fd03d7b529400d72eba766f16f901103e44b1b6a35
+PKG_SOURCE_DATE:=2025-12-18
+PKG_SOURCE_VERSION:=0779ee287db5ddb209ae057295a8db0e0a3da4fb
 
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
 PKG_LICENSE:=GPL-2.0

package/network/services/odhcpd/files/odhcpd.defaults

@@ -89,8 +89,6 @@ fi
 
 touch /etc/config/dhcp
 
-. /usr/share/libubox/jshn.sh
-
 json_load "$(cat /etc/board.json)"
 json_select network
 json_select lan

package/network/services/ppp/Makefile

@@ -20,7 +20,7 @@ PKG_SOURCE_VERSION:=9f612dc02c34509f062ed63b60bcc7e937e25178
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-4-Clause
-PKG_CPE_ID:=cpe:/a:samba:ppp
+PKG_CPE_ID:=cpe:/a:point-to-point_protocol_project:point-to-point_protocol
 
 PKG_ASLR_PIE_REGULAR:=1
 PKG_BUILD_DEPENDS:=libpcap

package/network/services/unetmsg/files/usr/share/ucode/unetmsg/unetmsgd-remote.uc

@@ -49,10 +49,10 @@ function network_socket_close(data)
 
 function network_rx_cleanup_state(name)
 {
-	for (let name, sub in core.remote_subscribe)
+	for (let cur, sub in core.remote_subscribe)
 		delete sub[name];
 
-	for (let name, sub in core.remote_publish)
+	for (let cur, sub in core.remote_publish)
 		delete sub[name];
 }
 

package/network/utils/comgt/files/ncm.sh

@@ -22,6 +22,7 @@ proto_ncm_init_config() {
 	proto_config_add_boolean sourcefilter
 	proto_config_add_boolean delegate
 	proto_config_add_int profile
+	proto_config_add_int mtu
 	proto_config_add_defaults
 }
 
@@ -30,8 +31,8 @@ proto_ncm_setup() {
 
 	local connect context_type devname devpath finalize ifpath initialize manufacturer setmode
 
-	local delegate sourcefilter $PROTO_DEFAULT_OPTIONS
-	json_get_vars delegate sourcefilter $PROTO_DEFAULT_OPTIONS
+	local delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
+	json_get_vars delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
 
 	local apn auth delay device ifname mode password pdptype pincode profile username
 	json_get_vars apn auth delay device ifname mode password pdptype pincode profile username
@@ -192,9 +193,9 @@ proto_ncm_setup() {
 		json_add_string ifname "@$interface"
 		json_add_string proto "dhcp"
 		proto_add_dynamic_defaults
-		[ -n "$zone" ] && {
-			json_add_string zone "$zone"
-		}
+		[ -n "$zone" ] && json_add_string zone "$zone"
+		[ -n "$ip4table" ] && json_add_string ip4table "$ip4table"
+
 		json_close_object
 		ubus call network add_dynamic "$(json_dump)"
 	}
@@ -208,13 +209,18 @@ proto_ncm_setup() {
 		[ "$delegate" = "0" ] && json_add_boolean delegate "0"
 		[ "$sourcefilter" = "0" ] && json_add_boolean sourcefilter "0"
 		proto_add_dynamic_defaults
-		[ -n "$zone" ] && {
-			json_add_string zone "$zone"
-		}
+		[ -n "$zone" ] && json_add_string zone "$zone"
+		[ -n "$ip6table" ] && json_add_string ip6table "$ip6table"
+
 		json_close_object
 		ubus call network add_dynamic "$(json_dump)"
 	}
 
+	[ -n "$mtu" -a "$mtu" != 0 ] && {
+		echo "Setting MTU of $ifname to $mtu"
+		/sbin/ip link set dev $ifname mtu $mtu
+	}
+
 	[ -n "$finalize" ] && {
 		eval COMMAND="$finalize" gcom -d "$device" -s /etc/gcom/runcommand.gcom || {
 			echo "Failed to configure modem"

package/network/utils/ethtool/Makefile

@@ -26,22 +26,26 @@ PKG_BUILD_PARALLEL:=1
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/ethtool
+define Package/ethtool/Default
   SECTION:=net
   CATEGORY:=Network
   TITLE:=Display or change ethernet card settings
   URL:=http://www.kernel.org/pub/software/network/ethtool/
+endef
+
+define Package/ethtool
+$(call Package/ethtool/Default)
   VARIANT:=tiny
   CONFLICTS:=ethtool-full
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/ethtool-full
-  $(Package/ethtool)
+$(call Package/ethtool/Default)
   TITLE += (full)
   VARIANT:=full
   PROVIDES:=ethtool
   DEPENDS:=+libmnl
-  CONFLICTS:=
 endef
 
 define Package/ethtool/description

package/network/utils/iw/Makefile

@@ -23,17 +23,22 @@ PKG_BUILD_FLAGS:=gc-sections lto
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/iw
+define Package/iw/Default
   SECTION:=net
   CATEGORY:=Network
   TITLE:=cfg80211 interface configuration utility
   URL:=http://wireless.kernel.org/en/users/Documentation/iw
   DEPENDS:= +libnl-tiny
+endef
+
+define Package/iw
+$(call Package/iw/Default)
   VARIANT:=tiny
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/iw-full
-  $(Package/iw)
+$(call Package/iw/Default)
   TITLE += (full version)
   VARIANT:=full
   PROVIDES:=iw

package/network/utils/iwinfo/Makefile

@@ -11,9 +11,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
-PKG_SOURCE_DATE:=2025-11-07
-PKG_SOURCE_VERSION:=5f4c213fc59f1a82d9f0140642d668ae2969531b
-PKG_MIRROR_HASH:=363e245821d9bc6ffe2cf20f4b51670f1f91928df22a2ffe73a06767f737fb6d
+PKG_SOURCE_DATE:=2026-01-14
+PKG_SOURCE_VERSION:=f5dd57a84cc31a403a1383dd14944fa2e2b5824a
+PKG_MIRROR_HASH:=a9ed29ea9f222d222fc554238e9c79675e1784293685198f759785da9940571f
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 

package/system/apk/Makefile

@@ -1,15 +1,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=apk
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL=https://gitlab.alpinelinux.org/alpine/apk-tools.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-12-03
-PKG_SOURCE_VERSION:=982c9961ad9e71b4068911329c9d8121cedfd9f7
-PKG_MIRROR_HASH:=4fc89e2bbbe10edfaa199b1ca9ace139aa39b43d3de6236e8be8b421d81b334b
+PKG_SOURCE_VERSION:=d093f7c198a64bff0cd58afeaf638909fda24ca8
+PKG_MIRROR_HASH:=596dffa2fa019be2755433ed210e30593a6a8708346cf31486d6ad8008e47556
 
-PKG_VERSION=3.0.1
+PKG_VERSION=3.0.2
 
 PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
 PKG_LICENSE:=GPL-2.0-only
@@ -27,7 +26,7 @@ define Package/apk/default
   SECTION:=base
   CATEGORY:=Base system
   TITLE:=apk package manager
-  DEPENDS:=+zlib +wget
+  DEPENDS:=+zlib +wget-any
   URL:=$(PKG_SOURCE_URL)
   PROVIDES:=apk
 endef

package/system/apk/patches/0020-apk-fix-compile-when-using-C89.patch

@@ -1,56 +0,0 @@
-From 54385e6dc02ada9ec827b6b79b9359951197fee5 Mon Sep 17 00:00:00 2001
-From: Paul Donald <newtwen+gitlab@gmail.com>
-Date: Tue, 9 Dec 2025 00:31:27 +0100
-Subject: [PATCH] apk: fix compile when using C89
-
-The older standard is more strict, and gives rise to errors:
-
-../src/apk.c: In function 'parse_options':
-../src/apk.c:584:4: error: a label can only be part of a statement and a declaration is not a statement
-  584 |    char *arg = opt_parse_arg(&st);
-      |    ^~~~
-
-So move the *arg declaration to function start.
-
-../src/app_mkpkg.c: In function 'mkpkg_setup_compat':
-../src/app_mkpkg.c:423:2: error: label at end of compound statement
-  423 |  default:
-      |  ^~~~~~~
-
-add break;
-
-Signed-off-by: Paul Donald <newtwen+gitlab@gmail.com>
----
- src/apk.c       | 3 ++-
- src/app_mkpkg.c | 1 +
- 2 files changed, 3 insertions(+), 1 deletion(-)
-
---- a/src/apk.c
-+++ b/src/apk.c
-@@ -556,6 +556,7 @@ static int parse_options(int argc, char
- 	struct apk_opt_match m;
- 	bool applet_arg_pending = false;
- 	int r;
-+	char *arg;
- 
- 	applet = applet_from_arg0(argv[0]);
- 	if (!applet) {
-@@ -581,7 +582,7 @@ static int parse_options(int argc, char
- 		case 0:
- 			break;
- 		case OPT_MATCH_NON_OPTION:
--			char *arg = opt_parse_arg(&st);
-+			arg = opt_parse_arg(&st);
- 			if (applet_arg_pending && strcmp(arg, applet->name) == 0)
- 				applet_arg_pending = false;
- 			else if (arg[0] || !applet || !applet->remove_empty_arguments)
---- a/src/app_mkpkg.c
-+++ b/src/app_mkpkg.c
-@@ -421,6 +421,7 @@ static void mkpkg_setup_compat(struct mk
- 	case 0: ctx->compat_rootnode = 1; // fallthrough
- 	case 1: ctx->compat_dirnode = 1;  // fallthrough
- 	default:
-+		break;
- 	}
- }
- 

package/system/ca-certificates/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ca-certificates
 PKG_VERSION:=20250419
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_MAINTAINER:=
 
 PKG_LICENSE:=GPL-2.0-or-later MPL-2.0
@@ -24,12 +24,14 @@ include $(INCLUDE_DIR)/package.mk
 TAR_OPTIONS+= --strip-components 1
 TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
 
+# ca-certs is deprecated and new packages should use ca-certificates-any if
+# they don't need a specific package
 define Package/ca-certificates
   SECTION:=base
   CATEGORY:=Base system
   TITLE:=System CA certificates
   PKGARCH:=all
-  PROVIDES:=ca-certs
+  PROVIDES:=@ca-certs
 endef
 
 define Package/ca-bundle
@@ -37,7 +39,7 @@ define Package/ca-bundle
   CATEGORY:=Base system
   TITLE:=System CA certificates as a bundle
   PKGARCH:=all
-  PROVIDES:=ca-certs
+  PROVIDES:=@ca-certs @ca-certificates-any
 endef
 
 define Build/Install

package/system/openwrt-keyring/Makefile

@@ -33,7 +33,7 @@ Build/Compile=
 ifneq ($(CONFIG_USE_APK),)
 define Package/openwrt-keyring/install
 	$(INSTALL_DIR) $(1)/etc/apk/keys/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/apk/openwrt-snapshots.pem $(1)/etc/apk/keys/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/apk/openwrt-25.12.pem $(1)/etc/apk/keys/
 endef
 else
 define Package/openwrt-keyring/install

package/system/procd/Makefile

@@ -50,6 +50,7 @@ define Package/procd
   $(call Package/procd/Default)
   VARIANT:=default
   CONFLICTS:=procd-selinux
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/procd-selinux

package/system/ucert/Makefile

@@ -31,23 +31,25 @@ HOST_BUILD_DEPENDS:=libubox/host libjson-c/host usign/host
 HOST_BUILD_PREFIX:=$(STAGING_DIR_HOST)
 PKG_BUILD_DEPENDS:=ucert/host
 
-define Package/ucert-full
-  SECTION:=base
-  CATEGORY:=Base system
-  DEPENDS:=+usign +libubox +libjson-c +libblobmsg-json
-  TITLE:=OpenWrt certificate generation and verification utility
-  PROVIDES:=ucert
-  VARIANT:=full
-endef
-
-define Package/ucert
+define Package/ucert/Default
   SECTION:=base
   CATEGORY:=Base system
   DEPENDS:=+usign +libubox
+endef
+
+define Package/ucert
+$(call Package/ucert/Default)
   TITLE:=OpenWrt certificate verification utility
-  PROVIDES:=ucert
-  CONFLICTS:=ucert-full
   VARIANT:=tiny
+  DEFAULT_VARIANT:=1
+endef
+
+define Package/ucert-full
+$(call Package/ucert/Default)
+  TITLE:=OpenWrt certificate generation and verification utility
+  DEPENDS+=+libjson-c +libblobmsg-json
+  VARIANT:=full
+  PROVIDES:=ucert
 endef
 
 ifeq ($(BUILD_VARIANT),full)

package/utils/busybox/Makefile

@@ -56,6 +56,7 @@ define Package/busybox
   $(call Package/busybox/Default)
   CONFLICTS:=busybox-selinux
   VARIANT:=default
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/busybox-selinux

package/utils/cli/files/usr/share/ucode/cli/context-call.uc

@@ -98,7 +98,7 @@ export const callctx_error_proto = {
 		return this.error("NOT_FOUND", msg ?? "Not found", ...args);
 	},
 	command_failed: function(msg, ...args) {
-		return this.error("COMMAND_FAILEDu", msg ?? "Command failed", ...args);
+		return this.error("COMMAND_FAILED", msg ?? "Command failed", ...args);
 	},
 };
 

package/utils/f2fs-tools/Makefile

@@ -48,6 +48,7 @@ define Package/mkf2fs
   $(Package/f2fs-tools/Default)
   TITLE:=Utility for creating a Flash-Friendly File System (F2FS)
   CONFLICTS:=mkf2fs-selinux
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/mkf2fs-selinux
@@ -87,6 +88,7 @@ define Package/libf2fs
   ABI_VERSION:=6
   CONFLICTS:=libf2fs-selinux
   VARIANT:=default
+  DEFAULT_VARIANT:=1
 endef
 
 define Package/libf2fs-selinux

package/utils/ucode/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=https://github.com/jow-/ucode.git
-PKG_SOURCE_DATE:=2025-11-19
-PKG_SOURCE_VERSION:=48ed18d2532e9197212c34473ab926c7b5e8ac73
-PKG_MIRROR_HASH:=34529706bcb413dffb3d73e78fe97971bd2b518c097c86470edadc1ca79a480c
+PKG_SOURCE_DATE:=2025-12-01
+PKG_SOURCE_VERSION:=f7c2b97a82e8b505bf4b2c0d8883b5116e1960f9
+PKG_MIRROR_HASH:=7de6a6d5b3c7392624bccefdc03e2dc61f097b414989eeced29ecc3e020bbd0b
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 
@@ -53,6 +53,7 @@ CMAKE_HOST_OPTIONS += \
 	-DULOOP_SUPPORT=OFF \
 	-DDEBUG_SUPPORT=ON \
 	-DLOG_SUPPORT=OFF \
+	-DZLIB_SUPPORT=ON \
 	-DDIGEST_SUPPORT=OFF
 
 
@@ -184,6 +185,14 @@ $(eval $(call UcodeModule, \
 	digest, DIGEST_SUPPORT, , \
 	The digest module allows ucode scripts to use libmd digests.))
 
+$(eval $(call UcodeModule, \
+	io, IO_SUPPORT, , \
+	The io module allows direct file descriptor read/write (including non-blocking).))
+
+$(eval $(call UcodeModule, \
+	zlib, ZLIB_SUPPORT, +zlib, \
+	The zlib module allows ucode scripts to de/compress gzip and zlib formats.))
+
 $(eval $(call BuildPackage,libucode))
 $(eval $(call BuildPackage,ucode))
 

package/utils/ucode/patches/100-add-include-for-older-kernels.patch

@@ -0,0 +1,20 @@
+From 165d395ffa2a22e293160b24d4791302a156eab8 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 8 Dec 2025 12:48:01 -0800
+Subject: add include for older kernels
+
+in6.h is needed for some macros. Seems newer kernels include this implicitly.
+---
+ lib/socket.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/lib/socket.c
++++ b/lib/socket.c
+@@ -77,6 +77,7 @@
+ #include "ucode/platform.h"
+ 
+ #if defined(__linux__)
++# include <linux/in6.h>
+ # include <linux/if_packet.h>
+ # include <linux/filter.h>
+ 

package/utils/util-linux/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2007-2018 OpenWrt.org
+# Copyright (C) 2007-2025 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,15 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=util-linux
-PKG_VERSION:=2.41.2
+PKG_VERSION:=2.41.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/utils/$(PKG_NAME)/v2.41
-PKG_HASH:=6062a1d89b571a61932e6fc0211f36060c4183568b81ee866cf363bce9f6583e
+PKG_HASH:=3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b
 PKG_CPE_ID:=cpe:/a:kernel:util-linux
 
-
 PKG_INSTALL:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -26,7 +25,7 @@ define Package/util-linux/Default
   SECTION:=utils
   CATEGORY:=Utilities
   DEPENDS:= +librt
-  URL:=http://www.kernel.org/pub/linux/utils/util-linux/
+  URL:=https://www.kernel.org/pub/linux/utils/util-linux/
 endef
 
 define Package/libblkid

scripts/ipkg-build

@@ -45,7 +45,7 @@ pkg_appears_sane() {
 	arch="$(required_field Architecture)"
 
 	if echo "$pkg" | grep '[^a-zA-Z0-9_.+-]'; then
-		echo "*** Error: Package name $name contains illegal characters, (other than [a-z0-9.+-])" >&2
+		echo "*** Error: Package name '$pkg' contains illegal characters, (other than [a-z0-9.+-])" >&2
 		PKG_ERROR=1;
 	fi
 

scripts/metadata.pm

@@ -263,6 +263,9 @@ sub parse_package_metadata($) {
 		/^Default: \s*(.+)\s*$/ and $pkg->{default} = $1;
 		/^Provides: \s*(.+)\s*$/ and do {
 			my @vpkg = split /\s+/, $1;
+			foreach (@vpkg) {
+				s/^@//;
+			}
 			@{$pkg->{provides}} = ($pkg->{name}, @vpkg);
 			foreach my $vpkg (@vpkg) {
 				next if ($vpkg eq $pkg->{name});

target/imagebuilder/files/Makefile

@@ -145,6 +145,32 @@ BUILD_PACKAGES:=$(sort $(DEFAULT_PACKAGES) $($(USER_PROFILE)_PACKAGES) kernel)
 BUILD_PACKAGES:=$(filter-out $(filter -%,$(BUILD_PACKAGES)) $(patsubst -%,%,$(filter -%,$(BUILD_PACKAGES))),$(BUILD_PACKAGES))
 BUILD_PACKAGES:=$(USER_PACKAGES) $(BUILD_PACKAGES)
 BUILD_PACKAGES:=$(filter-out $(filter -%,$(BUILD_PACKAGES)) $(patsubst -%,%,$(filter -%,$(BUILD_PACKAGES))),$(BUILD_PACKAGES))
+
+ifneq ($(CONFIG_USE_APK),)
+BUILD_PACKAGES+= \
+  "base-files=$(BASE_FILES_VERSION)" \
+  "libc=$(LIBC_VERSION)" \
+  "kernel=$(KERNEL_VERSION)"
+endif
+
+# Get ABI version suffix for a package from an apk index
+#
+# 1: package name
+define GetABISuffix
+$(shell $(APK) query --fields tags --match provides $(1) | grep openwrt:abiversion | awk -F= '{print $$2; exit}')
+endef
+
+# Format packages by adding an ABI version suffix if found
+#
+# 1: list of packages
+define FormatPackages
+$(strip $(foreach pkg,$(strip $(subst ",,$(1))),
+  $(eval pkg_name:=$(firstword $(subst =, ,$(pkg))))
+  $(if $(findstring =,$(pkg)),$(eval pkg_ver:==$(lastword $(subst =, ,$(pkg)))))
+  $(pkg_name)$(call GetABISuffix,$(pkg_name))$(pkg_ver)
+))
+endef
+
 PACKAGES:=
 
 _call_image: staging_dir/host/.prereq-build
@@ -229,10 +255,8 @@ ifeq ($(CONFIG_USE_APK),)
 	$(OPKG) install $(wildcard $(PACKAGE_DIR)/kernel_*.ipk)
 	$(OPKG) install $(BUILD_PACKAGES)
 else
-	$(APK) add --arch $(ARCH_PACKAGES) --no-scripts $(BUILD_PACKAGES) \
-        "base-files=$(BASE_FILES_VERSION)" \
-        "libc=$(LIBC_VERSION)" \
-        "kernel=$(KERNEL_VERSION)"
+	$(eval BUILD_PACKAGES:=$(call FormatPackages,$(BUILD_PACKAGES)))
+	$(APK) add --arch $(ARCH_PACKAGES) --no-scripts $(BUILD_PACKAGES)
 endif
 
 prepare_rootfs: FORCE