Fixes:
ifxmips_aes.c: In function 'gcm_aes_decrypt':
ifxmips_aes.c:1803:14: error: assignment discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
1803 | temp = walk.src.virt.addr;
| ^
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22921
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fixes:
ltq_atm.c: In function 'ltq_atm_probe':
ltq_atm.c:1840:36: error: passing argument 2 of 'platform_set_drvdata' discards 'const' qualifier from pointer target type [-Werror=discarded-qualifiers]
1840 | platform_set_drvdata(pdev, ops);
| ^~~
In file included from ltq_atm.c:40:
/workspaces/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/linux-6.18.21/include/linux/platform_device.h:276:47: note: expected 'void *' but argument is of type 'const struct ltq_atm_ops *'
276 | void *data)
| ~~~~~~^~~~
Fixes: c1fa85f659 ("treewide: use of_device_get_match_data")
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22921
Signed-off-by: Robert Marko <robimarko@gmail.com>
Specification:
The device is similar to the M30 but has only one LAN port and no WAN port.
- MT7981 CPU using 2.4GHz and 5GHz WiFi (both AX)
- 512MB RAM
- 128MB NAND flash with two UBI partitions with identical size
- 1 multi color LED (red, green, blue, white) connected via GCA230718
- 2 buttons (WPS, reset, LED)
- 1 1Gbit LAN port
Disassembly:
- There are two screws at the power connector which must be removed. Afterwards the top case can be removed (it is clipped on, so some tools are required).
Serial Interface:
- The serial interface can be connected to the 4 pin holes on the board. Do NOT connect VCC.
- The pins are labelled on the PCB (RX, TX, GND)
- Settings: 115200, 8N1
MAC addresses:
- LAN MAC is stored in partition "Odm" at offset 0x8f
- WLAN MAC (2.4 GHz and 5GHz) is LAN MAC + 1
Reverting back to OEM firmware:
- There is currently no easy way to revert back to the OEM image
- The methods from M30 and M60 doesn't seem to work anymore
- If you plan to revert back to OEM firmware later, do the following steps before flashing OpenWrt:
- Boot from initramfs as described in "Flashing via U-Boot" but don't flash anything
- Instead, make a backup of UBI and UBI1 partition
- The created dumps must be written to the initial partitions to revert back to OEM
Flashing via Recovery Web Interface:
- Set your IP address to 192.168.200.10, subnetmask 255.255.255.0
- Press the reset button while powering on the device
- Keep the reset button pressed until the LED blinks red
- Open a Chromium based and goto http://192.168.200.50/ (recovery web interface)
- Download openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-squashfs-recovery.bin
- Note: The recovery web interface always reports successful flashing, even if it fails
- After flashing, the recovery web interface will try to forward the browser to 192.168.0.1 (can be ignored)
- If flashing was successful, OpenWrt is accessible via 192.168.1.1
- The recovery image boots an initramfs image, flash the sys upgrade image to get to „normal“ OpenWrt mode
Flashing via U-Boot:
- Open the case, connect to the UART console
- Set your IP address to 192.168.200.2, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router
- Run a tftp server which provides openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-initramfs-kernel.bin
- Supply the board with 12V
- Select "7. Load image" in the U-Boot menu
- Enter image file, tftp server IP and device IP (if they differ from the default).
- TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start
- The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface)
- Perform a sysupgrade using openwrt-mediatek-filogic-dlink_aquila-pro-ai-e30-a1-squashfs-sysupgrade.bin
- Reboot the device. OpenWrt should start from flash now
Flashing via OEM web interface is not possible, as it will change the active partition and OpenWrt is only running on the first UBI partition.
Signed-off-by: Roland Reinl <reinlroland+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22776
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Replace conditional "LINUX_6_12:mod" / "!LINUX_6_12:mod" AUTOLOAD entries
with version-filtered module names using @lt6.18 / @ge6.18. This makes
version_filter emit plain module names into /etc/modules.d(e.g. "crc32c_generic"),
allowing kmodloader to find and load the correct module for the running kernel.
Fixes crc32c (and related crypto modules) not being autoloaded on 6.12 kernels.
Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com>
Link: https://github.com/openwrt/openwrt/pull/22798
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
EDUP EP-RT2983 comes with a factory installed version of OpenWrt 23.05
with device name "netis,n6".
Specification
--------------
- SoC : MediaTek MT7621AT, MIPS, 880 MHz
- RAM : 256 MiB
- Flash : NAND 128 MiB (Toshiba)
- WLAN : MT7905DAN + MT7975DN
- 2.4 GHz : b/g/n/ax, 574 Mbps, MIMO 2x2
- 5 GHz : a/n/ac/ax, 1201 Mbps, MIMO 2x2
- Ethernet : 10/100/1000 Mbps x4 (1x WAN, 3x LAN)
- UART : 3.3V, 115200n8
- Buttons : 1x Reset
1x WPS
- LEDs : 1x Power (green)
1x WiFi (green)
1x Mesh/WPS (green); flashing green during boot
3x LAN (green)
1x WAN (green); flashing red during upgrade and failsafe
- Power : 12 VDC 1A
Installation
-------------
1. Log in to LuCI
2. Go to System, Backup / Flash Firmware
3. If desired, backup the current system by saving (all) the mtdblock
contents.
4. Flash new firmware image, select Flash image.
5. Browse and select the sysupgrade file
"openwrt-*-ramips-mt7621-edup_ep-rt2983-squashfs-sysupgrade.bin"
and then Upload.
6. Unselect "Keep settings and retain the current configuration"
Note: All settings will be reset to default. WiFi is not enabled by
default so a connection via Ethernet is necessary to log in and set up.
7. Allow "Force upgrade" (tick the box if there is one), or press Continue
if there is no box to tick. This is because the name is now
"edup,ep-rt2983" as it should have been from the start.
8. Proceed to flash. Wait for reboot and keep power connected.
9. After reboot, default address to access LuCI is 192.168.1.1 with
no password
Recovery (UART)
----------------
1. Remove the 4 screws on the bottom and pry open the cover.
2. Connect serial adapter to the unpopulated serial header pins
TX, RX, GND near the WPS button. Do not connect VCC.
3. Start serial terminal (e.g. minicom, screen, etc) on the computer and
turn on the router.
4. As prompted, hit any key to stop autoboot.
5. Enter 2 to select "2. Upgrade firmware"
6. Enter 0 to select "0 - TFTP client (Default)"
7. Accept the defaults by pressing Enter for
"Input U-Boot's IP address: 192.168.1.1",
"TFTP server's IP address: 192.168.1.2",
"Input IP netmask: 255.255.255.0"
8. Assign your PC's Ethernet port a static IP 192.168.1.2 with netmask
255.255.255.0 and connect to a LAN port on the router using the
Ethernet cable. Disconnect all other network connections (e.g. WiFi) on
the computer.
9. Serve the factory image
"openwrt-*-ramips-mt7621-edup_ep-rt2983-squashfs-factory.bin" using
a TFTP server, e.g. tftpd64. For convenience, the filename can be renamed
to something shorter.
10. In the serial terminal, when prompted "Input file name:", enter the
filename from the previous step and press Enter.
11. The factory image will be flashed as indicated. Wait for reboot.
MAC addresses prototype
------------------------
+---------+---------------------+
| | MAC example |
+---------+---------------------+
| LAN | CC:D8:1F:47:xx:yy |
| WAN | CC:D8:1F:47:xx:yy+1 |
| WLAN 2G | CC:D8:1F:17:xx:yy+2 |
| WLAN 5G | CC:D8:1F:77:xx:yy+2 |
+---------+---------------------+
Signed-off-by: Ryan Leung <untilscour@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/22197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for the Zyxel GS1900-48HP A1 managed PoE switch based on
RTL8393 SoC with 48 copper ports (6x RTL8218B), 2 SFP slots and PoE
(170W budget). Includes DTS, image definition, network config and
u-boot-env support.
The device has 48 copper ports but only ports 1-24 are powered by
the PoE PSE controller.
PoE support requires the realtek-poe package from the packages feed
with an additional configuration for PSE ID 7 to address the MCU on
this device.
Signed-off-by: Klaus Rubenstein <klaus.rubenstein@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
This release incorporates the following bug fixes and mitigations:
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
No need refresh patches
Signed-off-by: Jack Sun <sunjiazheng321521@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22847
Signed-off-by: Robert Marko <robimarko@gmail.com>
The rss-input-xfrm workaround for Linux 6.6 is no longer needed with
current kernel versions. Remove the patch and the associated
--enable-rss-input-xfrm configure flag.
Link: https://github.com/openwrt/openwrt/pull/22841
Signed-off-by: Nick Hainke <vincent@systemli.org>
The highlight of this version is that the bl2 size will be reduced
by 60+ KB. The MT7987 SPI interface selection hack was replaced by
upstream implementation with the new symbol SPIM_NAND_PREFER_SPI2.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Migrate timer handling (removed in 6.13) and netdev dummy initialization
(removed in 6.16) to new methods with guards to not break older kernels.
This resolves compilation errors due to missing del_timer_sync(),
from_timer() and init_dummy_netdev().
Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
Link: https://github.com/openwrt/openwrt/pull/22775
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version fixes some security problems:
* Client impersonation while resuming a TLS 1.3 session
(CVE-2026-34873)
* Entropy on Linux can fall back to /dev/urandom (CVE-2026-34871)
* PSA random generator cloning (CVE-2026-25835)
* Compiler-induced constant-time violations (CVE-2025-66442)
* Null pointer dereference when setting a distinguished name
(CVE-2026-34874)
* Buffer overflow in FFDH public key export (CVE-2026-34875)
* FFDH: lack of contributory behaviour due to improper input validation
(CVE-2026-34872)
* Signature Algorithm Injection (CVE-2026-25834)
* CCM multipart finish tag-length validation bypass (CVE-2026-34876)
* Risk of insufficient protection of serialized session or context data
leading to potential memory safety issues (CVE-2026-34877)
* Buffer underflow in x509_inet_pton_ipv6() (CVE-2026-25833)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6
Size increases by 470 bytes on aarch64:
343995 bin/packages/aarch64_generic/base/libmbedtls21-3.6.5-r1.apk
344465 bin/packages/aarch64_generic/base/libmbedtls21-3.6.6-r1.apk
Link: https://github.com/openwrt/openwrt/pull/22787
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Version 6.19 - Feb 14, 2026
* Feature: support HW timestamp configuration (--set-hwtimestamp-cfg)
* Feature: display HW timestamp source (-T)
* Feature: support PLCA notifications (--get/set-plca-cfg)
* Feature: add PSE priority management support (--show/set-pse)
* Feature: support PSE notifications (--show/set-pse)
* Feature: support configuring RSS on IPv6 Flow Label (-n/-N)
* Feature: support FEC bit error histograms (--show-fec)
* Feature: register dump decoding for TI K3 CPSW and its ALE table (-d)
* Fix: fix missing headers in text output
* Fix: fix print_string when the value is NULL (-Werror=format-security)
* Fix: fix JSON output of SFP diagnostics
* Fix: fix duplicated JSON keys in module info
* Misc: clarify that symmetric RSS may be on by default (-x/-X)
* Misc: add AppStream metainfo file to %files section
Link: https://github.com/openwrt/openwrt/pull/22780
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add missing dependency kmod-ptp to fix the build error. We also
add symbol CONFIG_PTP_1588_CLOCK_OPTIONAL explicitly for kmod-ptp
because it is selected by CONFIG_PTP_1588_CLOCK. Fix:
Package kmod-iavf is missing dependencies for the following libraries:
ptp.ko
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cryptd has been decoupled from crypto-misc in the 6.18 kernel. Fix:
ERROR: module '/home/runner/work/Actions_/Actions_/openwrt/build_dir/target-i386_pentium4_musl/linux-x86_generic/linux-6.18.20/crypto/cryptd.ko' is missing.
make[3]: *** [modules/crypto.mk:873: /home/runner/work/Actions_/Actions_/openwrt/bin/targets/x86/generic/packages/kmod-crypto-misc-6.18.20-r1.apk] Error 1
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/22730
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ucode path generates different erp_domain and fils_cache_id
values than the legacy shell path due to three mismatches:
1. erp_domain md5 input missing trailing newline (echo adds \n)
2. erp_domain output truncated to 4 chars instead of 8 (shell
uses head -c 8)
3. fils_cache_id md5 input missing trailing newline
4. erp_domain missing fallback to mobility_domain
Same bug pattern as mobility_domain fixed in commit b1dc2736db.
Fixes: #21768
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Joshua Klinesmith <joshuaklinesmith@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22677
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Export the unique, monotonic DISKSEQ sequence drive number instead of its
major/minor numbers to identify the boot disk and directly match the partition
in export_partdevice with PARTN.
The MINOR blockdevice numbers are not guaranteed sequential across disks, it
can happen that disks enumerate before their partitions are probed, resulting
in interleaved MINOR numbers breaking the partition offset calculation:
major minor #blocks name
259 0 250059096 nvme0n1
259 2 8192 nvme0n1p1
259 3 491520 nvme0n1p2
259 4 239 nvme0n1p128
259 1 250059096 nvme1n1
259 5 250057728 nvme1n1p1
Signed-off-by: Clemens Hopfer <openwrt@wireloss.net>
Link: https://github.com/openwrt/openwrt/pull/18962
Signed-off-by: Robert Marko <robimarko@gmail.com>
The conditional runtime dependency on the ip package was originally
intended to only pull in the ip package when busybox ip is not
configured. However, in APK-based builds the BUSYBOX_CONFIG_*
variables may not be resolvable at package metadata generation
time, causing the ip dependency to be unconditionally baked into
the .apk package. This forces users to install ip-tiny or ip-full
even though busybox already provides the ip command.
Revert to the previous +@BUSYBOX_CONFIG_IP / +@BUSYBOX_CONFIG_FEATURE_IP_LINK
kconfig-level dependencies. These ensure busybox ip support is
enabled at config time without creating a runtime package dependency.
Both options default to y, and wireguard.uc only uses basic
ip link commands that busybox fully supports.
Fixes: openwrt#22637
Signed-off-by: Anand Kumar <anandvtu16158@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/22652
Signed-off-by: Robert Marko <robimarko@gmail.com>
Shiji Yang
Rosen Penev
Paul Spooren
Roland Reinl
Qingfang Deng
Luiz Angelo Daros de Luca
Mieczyslaw Nalewaj
Ryan Leung
Richard Huynh
John Audia
Klaus Rubenstein
Andre Heider
Jack Sun
Nick Hainke
Janusz Dziedzic
Tan Zien
Stefan Kalscheuer
Hauke Mehrtens
Eric Fahlgren
Felix Fietkau
Joshua Klinesmith
Clemens Hopfer
Philip Prindeville
Anand Kumar
Paweł Owoc
Zoltan HERPAI