Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
It's hard or even impossible to track affected sources
so it's safe to remove all built objects (if any).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This allows to fine-tune dropbear build options.
This change is heavily based on similar work done by Marius Dinu earlier
so I'd like to say many thanks to original author.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Correctly load the list of basic_rates from UCI. basic-rates shall be
stored as a option-list. The current code did not retrieve this list
correctly.
wpa_supplicant uses a different config option to set basic-rates
when operating in mesh-mode.
Use the correct config key and calculation for mesh-interfaces.
Signed-off-by: David Bauer <mail@david-bauer.net>
nl80211 events were propagated to the wrong interfaces
Fixes: 2ac791e87d ("hostapd: update to version 2025-06-27")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
802.11be capable platforms are big enough to not need the mini variant,
and removing it here saves space for other other devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes status information and scanning on extra BSS interfaces when operating
on multi-radio devices.
Reported-by: Chad Monroe <chad.monroe@adtran.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that hapd->own_addr is set properly, since hostapd_setup_bss
only handles it for secondary BSS interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Glibc since 2.41 tries to include linux/sched/types.h from sched.h, and
pointing KERNEL_INCLUDE to the kernel headers makes it use
linux/sched/types.h from the kernel headers instead of the installed
one.
This then breaks the configure (test) compile for setns() and the test:
mips-openwrt-linux-gnu-gcc -I/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi -o config.HaAJYe/setnstest config.HaAJYe/setnstest.c
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/sched/types.h:5,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/bits/sched.h:63,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/sched.h:43,
from config.HaAJYe/setnstest.c:2:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:10:2: warning: #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders" [-Wcpp]
10 | #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders"
| ^~~~~~~
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/posix_types.h:5,
from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:14:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/stddef.h:5:10: fatal error: linux/compiler_types.h: No such file or directory
5 | #include <linux/compiler_types.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Fix this by pointing KERNEL_INCLUDE to the toolchain headers, which
include the installed kernel headers.
Tested with musl, glibc, and SDK.
Fixes: 60738feded ("iproute2: Fix KERNEL_INCLUDE in SDK")
Reported-by: Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
61ae5732adea iprule: amend ipproto netlink nla_put_u32 to nla_put_u8
d610d68c71b8 device: add support for configuring vrf
a1b6386a20a6 device: fix bonding primary port selection
e8bbf246ce2e system-linux: fix sysfs name for all_ports_active flag
723c699e84f4 Restore disable_ipv6 sysctl after removing a device from bridge or bond
d476e18e8d43 iprule: resolve ipproto by name
7901e66c5f27 netifd: iprule add sport and dport
Signed-off-by: Robert Marko <robimarko@gmail.com>
Request Softwire46 (S46) [RFC 7598] options when the map and/or ds-lite
packages are installed. This is required as the behaviour of odhcp6c has
changed to not include these OROs by default.
See openwrt/odhcp6c#89
Signed-off-by: Richard Patterson <richard@helix.net.nz>
Signed-off-by: Shengyu Qu <wiagn233@outlook.com>
When running ACS on multi-radio devices, ACS on one band can block another.
Increase the number of retries and prevent bouncing interfaces between AP
and STA mode during attempts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Some modems and SIM cards take a bit longer to initialize after UIM has been
powered off. Waiting too little time can cause the qmi protocol to end up
in a loop repeatedly power-cycling the SIM card.
Avoid that by
a) increasing the time we unconditionally sleep after --uim-power-on
b) increasing the time we allow uqmi to wait for response for --uim-get-sim-state
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18772
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If the uci 'dhcp' configuration for the dhcp leases is incorrect then
the call to 'ipclac' fails. However, the problem is that the dnsmasq
configuration option 'dhcp-range' is still written for this uci section
even though the information generated by ipcalc is incorrect or not set.
Due to the incorrectly generated configuration for dnsmasq, the service
cannot start.
To prevent an incorrect configuration from being written to the configuration,
a check is now made beforehand to ensure that the required variables are
present and valid. If the configuration is incorrect, a message is emitted
to the log that this configuration section is incorrect and this uci
configuration section is omitted.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Link: https://github.com/openwrt/openwrt/pull/18641
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
