Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
It's hard or even impossible to track affected sources
so it's safe to remove all built objects (if any).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This allows to fine-tune dropbear build options.
This change is heavily based on similar work done by Marius Dinu earlier
so I'd like to say many thanks to original author.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Correctly load the list of basic_rates from UCI. basic-rates shall be
stored as a option-list. The current code did not retrieve this list
correctly.
wpa_supplicant uses a different config option to set basic-rates
when operating in mesh-mode.
Use the correct config key and calculation for mesh-interfaces.
Signed-off-by: David Bauer <mail@david-bauer.net>
nl80211 events were propagated to the wrong interfaces
Fixes: 2ac791e87d ("hostapd: update to version 2025-06-27")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
802.11be capable platforms are big enough to not need the mini variant,
and removing it here saves space for other other devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes status information and scanning on extra BSS interfaces when operating
on multi-radio devices.
Reported-by: Chad Monroe <chad.monroe@adtran.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Ensure that hapd->own_addr is set properly, since hostapd_setup_bss
only handles it for secondary BSS interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Glibc since 2.41 tries to include linux/sched/types.h from sched.h, and
pointing KERNEL_INCLUDE to the kernel headers makes it use
linux/sched/types.h from the kernel headers instead of the installed
one.
This then breaks the configure (test) compile for setns() and the test:
mips-openwrt-linux-gnu-gcc -I/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi -o config.HaAJYe/setnstest config.HaAJYe/setnstest.c
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/sched/types.h:5,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/bits/sched.h:63,
from /fork.openwrt/staging_dir/toolchain-mips_24kc_gcc-14.3.0_glibc/include/sched.h:43,
from config.HaAJYe/setnstest.c:2:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:10:2: warning: #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders" [-Wcpp]
10 | #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders"
| ^~~~~~~
In file included from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/posix_types.h:5,
from /fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/types.h:14:
/fork.openwrt/build_dir/target-mips_24kc_glibc/linux-ath79_generic/linux-6.6.93/include/uapi/linux/stddef.h:5:10: fatal error: linux/compiler_types.h: No such file or directory
5 | #include <linux/compiler_types.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
Fix this by pointing KERNEL_INCLUDE to the toolchain headers, which
include the installed kernel headers.
Tested with musl, glibc, and SDK.
Fixes: 60738feded ("iproute2: Fix KERNEL_INCLUDE in SDK")
Reported-by: Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
61ae5732adea iprule: amend ipproto netlink nla_put_u32 to nla_put_u8
d610d68c71b8 device: add support for configuring vrf
a1b6386a20a6 device: fix bonding primary port selection
e8bbf246ce2e system-linux: fix sysfs name for all_ports_active flag
723c699e84f4 Restore disable_ipv6 sysctl after removing a device from bridge or bond
d476e18e8d43 iprule: resolve ipproto by name
7901e66c5f27 netifd: iprule add sport and dport
Signed-off-by: Robert Marko <robimarko@gmail.com>
Request Softwire46 (S46) [RFC 7598] options when the map and/or ds-lite
packages are installed. This is required as the behaviour of odhcp6c has
changed to not include these OROs by default.
See openwrt/odhcp6c#89
Signed-off-by: Richard Patterson <richard@helix.net.nz>
Signed-off-by: Shengyu Qu <wiagn233@outlook.com>
When running ACS on multi-radio devices, ACS on one band can block another.
Increase the number of retries and prevent bouncing interfaces between AP
and STA mode during attempts.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
