glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.39 has removed libcrypt completely.
solution: link against libxcrypt built with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19293
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
It's hard or even impossible to track affected sources
so it's safe to remove all built objects (if any).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This allows to fine-tune dropbear build options.
This change is heavily based on similar work done by Marius Dinu earlier
so I'd like to say many thanks to original author.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
- update dropbear to latest stable 2025.88;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- rewrite 100-pubkey_path.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Correctly load the list of basic_rates from UCI. basic-rates shall be
stored as a option-list. The current code did not retrieve this list
correctly.
wpa_supplicant uses a different config option to set basic-rates
when operating in mesh-mode.
Use the correct config key and calculation for mesh-interfaces.
Signed-off-by: David Bauer <mail@david-bauer.net>
The upstream submission for this mandates the node to be named wifi
instead of wmac. Change all ath79 entries to match the new names and
remove the compatibility patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19328
Signed-off-by: Robert Marko <robimarko@gmail.com>
nl80211 events were propagated to the wrong interfaces
Fixes: 2ac791e87d ("hostapd: update to version 2025-06-27")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Manually refreshed:
140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
601-ucode_support.patch
Fixed in upstream:
804-hostapd-revert-ACS-Validate-6-GHz-AP-criteria-before.patch [1]
Automatically rebased all other patches.
[1] https://w1.fi/cgit/hostap/commit/?id=0b60826a66885bffa2fd709ed5e48cd5fe241b6b
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
802.11be capable platforms are big enough to not need the mini variant,
and removing it here saves space for other other devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes status information and scanning on extra BSS interfaces when operating
on multi-radio devices.
Reported-by: Chad Monroe <chad.monroe@adtran.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that hapd->own_addr is set properly, since hostapd_setup_bss
only handles it for secondary BSS interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Glibc since 2.41 tries to include linux/sched/types.h from sched.h, and
pointing KERNEL_INCLUDE to the kernel headers makes it use
linux/sched/types.h from the kernel headers instead of the installed
one.
This then breaks the configure (test) compile for setns() and the test:
mips-openwrt-linux-gnu-gcc -I/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi -o config.HaAJYe/setnstest config.HaAJYe/setnstest.c
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/sched/types.h:5,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/bits/sched.h:63,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/sched.h:43,
from config.HaAJYe/setnstest.c:2:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:10:2: warning: #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders" [-Wcpp]
10 | #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders"
| ^~~~~~~
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/posix_types.h:5,
from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:14:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/stddef.h:5:10: fatal error: linux/compiler_types.h: No such file or directory
5 | #include <linux/compiler_types.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Fix this by pointing KERNEL_INCLUDE to the toolchain headers, which
include the installed kernel headers.
Tested with musl, glibc, and SDK.
Fixes: 60738feded ("iproute2: Fix KERNEL_INCLUDE in SDK")
Reported-by: Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Add a patch in order to fix it.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18600
Signed-off-by: Robert Marko <robimarko@gmail.com>
Backport two patches in order to fix it.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18600
Signed-off-by: Robert Marko <robimarko@gmail.com>
The plumbing is there in the ucode files to set the parameter using
nl80211. However, the option is never forwarded because it was missing
in mac80211.sh. Add it there and in the schema file.
Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Link: https://github.com/openwrt/openwrt/pull/19030
Signed-off-by: Robert Marko <robimarko@gmail.com>
61ae5732adea iprule: amend ipproto netlink nla_put_u32 to nla_put_u8
d610d68c71b8 device: add support for configuring vrf
a1b6386a20a6 device: fix bonding primary port selection
e8bbf246ce2e system-linux: fix sysfs name for all_ports_active flag
723c699e84f4 Restore disable_ipv6 sysctl after removing a device from bridge or bond
d476e18e8d43 iprule: resolve ipproto by name
7901e66c5f27 netifd: iprule add sport and dport
Signed-off-by: Robert Marko <robimarko@gmail.com>
Inverted condition caused wrong value for eht_oper_centr_freq_seg0_idx
get selected in ETH320 mode, causing AP fail to start.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18998
Signed-off-by: Robert Marko <robimarko@gmail.com>
Request Softwire46 (S46) [RFC 7598] options when the map and/or ds-lite
packages are installed. This is required as the behaviour of odhcp6c has
changed to not include these OROs by default.
See openwrt/odhcp6c#89
Signed-off-by: Richard Patterson <richard@helix.net.nz>
Signed-off-by: Shengyu Qu <wiagn233@outlook.com>
When running ACS on multi-radio devices, ACS on one band can block another.
Increase the number of retries and prevent bouncing interfaces between AP
and STA mode during attempts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Some modems and SIM cards take a bit longer to initialize after UIM has been
powered off. Waiting too little time can cause the qmi protocol to end up
in a loop repeatedly power-cycling the SIM card.
Avoid that by
a) increasing the time we unconditionally sleep after --uim-power-on
b) increasing the time we allow uqmi to wait for response for --uim-get-sim-state
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18772
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the uci 'dhcp' configuration for the dhcp leases is incorrect then
the call to 'ipclac' fails. However, the problem is that the dnsmasq
configuration option 'dhcp-range' is still written for this uci section
even though the information generated by ipcalc is incorrect or not set.
Due to the incorrectly generated configuration for dnsmasq, the service
cannot start.
To prevent an incorrect configuration from being written to the configuration,
a check is now made beforehand to ensure that the required variables are
present and valid. If the configuration is incorrect, a message is emitted
to the log that this configuration section is incorrect and this uci
configuration section is omitted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/18641
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ucode-based wifi interface validation is based on `hostapd.conf`
specific options, which means it's missing the OpenWrt-specific
'network' property.
This causes schema validation warnings like:
```
daemon.notice netifd: radio1 (1340): wifi-scripts: network is not present in the schema
```
The description is taken from the OpenWrt wiki:
https://openwrt.org/docs/guide-user/network/wifi/basic#common_options1
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/18946
Signed-off-by: Robert Marko <robimarko@gmail.com>
263a0cb87b50 udebug: use proper libudebug API
ca9b8765aea3 dns: rework packet API
ea40cfdf7eb0 cache: send multiple queries in a single packet
d62813727e53 cache: add explicit lookup for host addresses
0ce73d80dc0c dns: add cache/queue for outgoing queries
083be33749b1 cache: improve service refresh behavior
55d0c1bc1ac5 interface: ask for unicast responses by default
ce508467a533 service: add support for setting service specific hostname
632953a1582d interface: when interface properties change, reinitialise
695ac3708aa0 ubus: fix ubus announcements txt fields
cecbe1c0caae Make mdns responder case-insensitive.
2b28094d31ca dns: add support for reverse address mapping queries
Signed-off-by: Felix Fietkau <nbd@nbd.name>
By OpenWrt's design, hostapd runs in a single global instance for all radios supported by the device, rather than one instance per radio like hostapd usually does.
Signed-off-by: Agustin Lorenzo <agustin.lorenzo@thinco.es>
Link: https://github.com/openwrt/openwrt/pull/18426
Signed-off-by: Robert Marko <robimarko@gmail.com>
