OpenWrt v22.03.6: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

.github/workflows/build.yml

@@ -167,7 +167,7 @@ jobs:
           fi
 
           if [ -n "$major_ver" ]; then
-            git fetch --tags
+            git fetch --tags -f
             latest_tag="$(git tag --sort=-creatordate -l $major_ver* | head -n1)"
             if [ -n "$latest_tag" ]; then
               TOOLCHAIN_PATH=releases/$(echo $latest_tag | sed 's/^v//')

config/Config-images.in

@@ -286,6 +286,7 @@ menu "Target Images"
 	comment "Image Options"
 
 	source "target/linux/*/image/Config.in"
+	source "target/linux/*/*/image/Config.in"
 
 	config TARGET_KERNEL_PARTSIZE
 		int "Kernel partition size (in MiB)"

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git-full packages https://git.openwrt.org/feed/packages.git^2048c5bbf6c482e45b080eef4c1c531936f7f41b
-src-git-full luci https://git.openwrt.org/project/luci.git^396f4048bd1f4cae7cb6f085d360081d81ad2d9a
-src-git-full routing https://git.openwrt.org/feed/routing.git^1a87333f268bcf0a11e3a665a357cb0d4ec2d680
-src-git-full telephony https://git.openwrt.org/feed/telephony.git^49abbb97e113ce7a35fe632acf6a8fff48dba5ec
+src-git-full packages https://git.openwrt.org/feed/packages.git^e34369a41b522a49dec9fb1d81b4ee6b32b731d8
+src-git-full luci https://git.openwrt.org/project/luci.git^74dd23bdb1c2ba00c68e3abf4d00233bb4f939cd
+src-git-full routing https://git.openwrt.org/feed/routing.git^777c115b0a6336d6582c5992d25b631b6d6d21fd
+src-git-full telephony https://git.openwrt.org/feed/telephony.git^33f2ae757b96bf32b0202b211973a246ca2c919b

include/bpf.mk

@@ -63,13 +63,15 @@ BPF_CFLAGS := \
 	-Wno-unused-label \
 	-O2 -emit-llvm -Xclang -disable-llvm-passes
 
-ifeq ($(DUMP),)
+ifneq ($(CONFIG_HAS_BPF_TOOLCHAIN),)
+ifeq ($(DUMP)$(filter download refresh,$(MAKECMDGOALS)),)
   CLANG_VER:=$(shell $(CLANG) -dM -E - < /dev/null | grep __clang_major__ | cut -d' ' -f3)
   CLANG_VER_VALID:=$(shell [ "$(CLANG_VER)" -ge "$(CLANG_MIN_VER)" ] && echo 1 )
   ifeq ($(CLANG_VER_VALID),)
     $(error ERROR: LLVM/clang version too old. Minimum required: $(CLANG_MIN_VER), found: $(CLANG_VER))
   endif
 endif
+endif
 
 define CompileBPF
 	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \

include/host-build.mk

@@ -130,6 +130,7 @@ define Host/Exports/Default
   $(1) : export STAGING_PREFIX=$$(HOST_BUILD_PREFIX)
   $(1) : export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig:$$(HOST_BUILD_PREFIX)/lib/pkgconfig
   $(1) : export PKG_CONFIG_LIBDIR=$$(HOST_BUILD_PREFIX)/lib/pkgconfig
+  $(1) : export GIT_CEILING_DIRECTORIES=$$(BUILD_DIR_HOST)
   $(if $(HOST_CONFIG_SITE),$(1) : export CONFIG_SITE:=$(HOST_CONFIG_SITE))
   $(if $(IS_PACKAGE_BUILD),$(1) : export PATH=$$(TARGET_PATH_PKG))
 endef

include/image-commands.mk

@@ -378,7 +378,7 @@ endef
 
 define Build/netgear-dni
 	$(STAGING_DIR_HOST)/bin/mkdniimg \
-		-B $(NETGEAR_BOARD_ID) -v $(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		-B $(NETGEAR_BOARD_ID) -v $(shell cat $(VERSION_DIST)| sed -e 's/[[:space:]]/-/g').$(firstword $(subst -, ,$(REVISION))) \
 		$(if $(NETGEAR_HW_ID),-H $(NETGEAR_HW_ID)) \
 		-r "$(1)" \
 		-i $@ -o $@.new
@@ -391,7 +391,7 @@ define Build/netgear-encrypted-factory
 		--output-file $@ \
 		--model $(NETGEAR_ENC_MODEL) \
 		--region $(NETGEAR_ENC_REGION) \
-		--version V1.0.0.0.$(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		--version V1.0.0.0.$(shell cat $(VERSION_DIST)| sed -e 's/[[:space:]]/-/g').$(firstword $(subst -, ,$(REVISION))) \
 		--encryption-block-size 0x20000 \
 		--openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
 		--key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \

include/image.mk

@@ -40,8 +40,10 @@ IMG_PREFIX_VERCODE:=$(if $(CONFIG_VERSION_CODE_FILENAMES),$(call sanitize,$(VERS
 IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$(IMG_PREFIX_EXTRA)$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
 IMG_ROOTFS:=$(IMG_PREFIX)-rootfs
 IMG_COMBINED:=$(IMG_PREFIX)-combined
+ifeq ($(DUMP),)
 IMG_PART_SIGNATURE:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | cut -b1-8)
 IMG_PART_DISKGUID:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | sed -E 's/(.{8})(.{4})(.{4})(.{4})(.{10})../\1-\2-\3-\4-\500/')
+endif
 
 MKFS_DEVTABLE_OPT := -D $(INCLUDE_DIR)/device_table.txt
 
@@ -172,7 +174,9 @@ define Image/pad-to
 	mv $(1).new $(1)
 endef
 
+ifeq ($(DUMP),)
 ROOTFS_PARTSIZE=$(shell echo $$(($(CONFIG_TARGET_ROOTFS_PARTSIZE)*1024*1024)))
+endif
 
 define Image/pad-root-squashfs
 	$(call Image/pad-to,$(KDIR)/root.squashfs,$(if $(1),$(1),$(ROOTFS_PARTSIZE)))

include/kernel-5.10

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.10 = .161
-LINUX_KERNEL_HASH-5.10.161 = 7aaaf6d0bcd8a2cfa14ad75f02ca62bb2de08aad3bee3eff198de49ea5254079
+LINUX_VERSION-5.10 = .201
+LINUX_KERNEL_HASH-5.10.201 = 6afc06598fa8e3bc907cff75f995f372df51d40a284e260de78a3421b1f18218

include/kernel-defaults.mk

@@ -171,7 +171,7 @@ define Kernel/CompileImage/Initramfs
 	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR) $(TARGET_DIR)/init)
 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
 ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
-ifneq ($(qstrip $(CONFIG_EXTERNAL_CPIO)),)
+ifneq ($(call qstrip,$(CONFIG_EXTERNAL_CPIO)),)
 	$(CP) $(CONFIG_EXTERNAL_CPIO) $(KERNEL_BUILD_DIR)/initrd.cpio
 else
 	( cd $(TARGET_DIR); find . | LC_ALL=C sort | $(STAGING_DIR_HOST)/bin/cpio --reproducible -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )

include/package.mk

@@ -173,6 +173,7 @@ define Build/Exports/Default
   $(1) : export CONFIG_SITE:=$$(CONFIG_SITE)
   $(1) : export PKG_CONFIG_PATH:=$$(PKG_CONFIG_PATH)
   $(1) : export PKG_CONFIG_LIBDIR:=$$(PKG_CONFIG_PATH)
+  $(1) : export GIT_CEILING_DIRECTORIES:=$$(BUILD_DIR)
 endef
 Build/Exports=$(Build/Exports/Default)
 

include/scan.mk

@@ -49,7 +49,8 @@ define PackageDir
 		$$(call progress,Collecting $(SCAN_NAME) info: $(SCAN_DIR)/$(2)) \
 		echo Source-Makefile: $(SCAN_DIR)/$(2)/Makefile; \
 		$(if $(3),echo Override: $(3),true); \
-		$(NO_TRACE_MAKE) --no-print-dir -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) 2>/dev/null || { \
+		$(if $(findstring c,$(OPENWRT_VERBOSE)),$(MAKE),$(NO_TRACE_MAKE) --no-print-dir) -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) \
+			$(if $(findstring c,$(OPENWRT_VERBOSE)),,2>/dev/null) || { \
 			mkdir -p "$(TOPDIR)/logs/$(SCAN_DIR)/$(2)"; \
 			$(NO_TRACE_MAKE) --no-print-dir -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) > $(TOPDIR)/logs/$(SCAN_DIR)/$(2)/dump.txt 2>&1; \
 			$$(call progress,ERROR: please fix $(SCAN_DIR)/$(2)/Makefile - see logs/$(SCAN_DIR)/$(2)/dump.txt for details\n) \

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),22.03.3)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),22.03.6)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r20028-43d71ad93e)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r20265-f85a79bcb4)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/22.03.3)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/22.03.6)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/Makefile

@@ -92,6 +92,10 @@ $(curdir)/index: FORCE
 			$(call ERROR_MESSAGE,WARNING: Applying padding in $$d/Packages to workaround usign SHA-512 bug!); \
 			{ echo ""; echo ""; } >> Packages;; \
 		esac; \
+		echo -n '{"architecture": "$(ARCH_PACKAGES)", "packages":{' > index.json; \
+		sed -n -e 's/^Package: \(.*\)$$/"\1":/p' -e 's/^Version: \(.*\)$$/"\1",/p' Packages | tr '\n' ' ' >> index.json; \
+		echo '}}' >> index.json; \
+		sed -i 's/, }}/}}/' index.json; \
 		gzip -9nc Packages > Packages.gz; \
 	); done
 ifdef CONFIG_SIGNED_PACKAGES

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/releases/22.03.3"
+		default "https://downloads.openwrt.org/releases/22.03.6"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/at91bootstrap/Makefile

@@ -13,6 +13,7 @@ PKG_VERSION:=v4.0.3
 PKG_MIRROR_HASH:=1ecdc31a13350fcdcaa3f77ed8ad73906f79fc668dbb2f337e1d5dd877bf9882
 PKG_SOURCE_VERSION:=1d9e673698d9db4a4f2301559f481274de2e75ae
 BINARIES_DIR:=build/binaries
+PKG_CPE_ID:=cpe:/a:linux4sam:at91bootstrap
 
 AT91BOOTSTRAP_V4=y
 ifdef CONFIG_PACKAGE_at91bootstrap-sama5d4_xplaineddf_uboot_secure

package/boot/uboot-bcm4908/Makefile

@@ -7,9 +7,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.openwrt.org/project/bcm63xx/u-boot.git
-PKG_SOURCE_DATE:=2022-03-15
-PKG_SOURCE_VERSION:=0625aad74d1f5b6f9c068955ad3fd7f6df635e50
-PKG_MIRROR_HASH:=0602e0e4f101ead206940eccca832b75191905c1e81290340a89b07dbee7a6ce
+PKG_SOURCE_DATE:=2022-12-08
+PKG_SOURCE_VERSION:=4435700d18a791dca0d8d767e5414dfac9df4451
+PKG_MIRROR_HASH:=6062ce611d7222eb3b9768bb4944ff1c7bcf26b997280adf5ea8d7afe83f28a8
 
 include $(INCLUDE_DIR)/u-boot.mk
 include $(INCLUDE_DIR)/package.mk

package/boot/uboot-envtools/files/mpc85xx

@@ -16,6 +16,9 @@ ocedo,panda)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
 	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000"
 	;;
+watchguard,firebox-t10)
+	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000"
+	;;
 aerohive,hiveap-330)
 	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x20000" "0x10000"
 	;;

package/boot/uboot-envtools/files/ramips

@@ -18,7 +18,8 @@ alfa-network,quad-e4g|\
 alfa-network,r36m-e4g|\
 alfa-network,tube-e4g|\
 engenius,esr600h|\
-sitecom,wlr-4100-v1-002)
+sitecom,wlr-4100-v1-002|\
+zyxel,keenetic-lite-iii-a)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x1000"
 	;;
 allnet,all0256n-4m|\
@@ -47,6 +48,7 @@ ravpower,rp-wd03)
 	[ -n "$idx" ] && \
 		ubootenv_add_uci_config "/dev/mtd$idx" "0x4000" "0x1000" "0x1000"
 	;;
+asus,rt-ax53u|\
 jcg,q20|\
 netgear,wax202)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
@@ -61,6 +63,11 @@ linksys,ea8100-v2|\
 mts,wg430223)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
 	;;
+snr,cpe-w4n-mt)
+	idx="$(find_mtd_index uboot-env)"
+	[ -n "$idx" ] && \
+		ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x1000" "0x1000"
+	;;
 xiaomi,mi-router-3g-v2|\
 xiaomi,mi-router-4a-gigabit|\
 xiaomi,miwifi-3c)

package/firmware/intel-microcode/Makefile

@@ -8,13 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20220809
+PKG_VERSION:=20230808
 PKG_RELEASE:=1
 
 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz
-PKG_SOURCE_URL:=@DEBIAN/pool/non-free/i/intel-microcode/
-PKG_HASH:=4cf6c3638bb52d9d45c1916af866fd0929628a6f459daac3edfd369149e9c665
+PKG_SOURCE_URL:=@DEBIAN/pool/non-free-firmware/i/intel-microcode/
+PKG_HASH:=29e77c275b3f60a691832c0844f70effbd94a4594d04af21e0c2e6e0c1ac1894
 PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1
+PKG_CPE_ID:=cpe:/a:intel:microcode
 
 PKG_BUILD_DEPENDS:=iucode-tool/host
 

package/firmware/ipq-wifi/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/version.mk
 
 PKG_NAME:=ipq-wifi
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_FLAGS:=nonshared
 
 include $(INCLUDE_DIR)/package.mk
@@ -25,36 +25,6 @@ endef
 # <https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles>
 
 ALLWIFIBOARDS:= \
-	8dev_habanero-dvk \
-	aruba_ap-303 \
-	aruba_ap-365 \
-	asus_rt-ac42u \
-	avm_fritzrepeater-1200 \
-	buffalo_wtr-m2133hp \
-	cellc_rtl30vw \
-	devolo_magic-2-wifi-next \
-	dlink_dap2610 \
-	edgecore_ecw5410 \
-	edgecore_oap100 \
-	engenius_eap2200 \
-	engenius_emd1 \
-	engenius_emr3500 \
-	ezviz_cs-w3-wd1200g-eup \
-	glinet_gl-ap1300 \
-	glinet_gl-b2200 \
-	glinet_gl-s1300 \
-	linksys_ea8300 \
-	linksys_mr8300-v0 \
-	luma_wrtq-329acn \
-	mobipromo_cm520-79f \
-	nec_wg2600hp3 \
-	p2w_r619ac \
-	plasmacloud_pa1200 \
-	plasmacloud_pa2200 \
-	qxwlan_e2600ac-c1 \
-	qxwlan_e2600ac-c2 \
-	teltonika_rutx \
-	zte_mf286d \
 	zte_mf289f
 
 ALLWIFIPACKAGES:=$(foreach BOARD,$(ALLWIFIBOARDS),ipq-wifi-$(BOARD))
@@ -116,36 +86,6 @@ endef
 # Place files in this directory as board-<devicename>.<qca4019|qca9888|qca9984>
 # Add $(eval $(call generate-ipq-wifi-package,<devicename>,<display name>))
 
-$(eval $(call generate-ipq-wifi-package,8dev_habanero-dvk,8devices Habanero DVK))
-$(eval $(call generate-ipq-wifi-package,aruba_ap-303,Aruba AP-303))
-$(eval $(call generate-ipq-wifi-package,aruba_ap-365,Aruba AP-365))
-$(eval $(call generate-ipq-wifi-package,asus_rt-ac42u,ASUS RT-AC42U))
-$(eval $(call generate-ipq-wifi-package,avm_fritzrepeater-1200,AVM FRITZRepeater 1200))
-$(eval $(call generate-ipq-wifi-package,buffalo_wtr-m2133hp,Buffalo WTR-M2133HP))
-$(eval $(call generate-ipq-wifi-package,cellc_rtl30vw, Cell C RTL30VW))
-$(eval $(call generate-ipq-wifi-package,devolo_magic-2-wifi-next,devolo Magic 2 WiFi next))
-$(eval $(call generate-ipq-wifi-package,dlink_dap2610,D-Link DAP-2610))
-$(eval $(call generate-ipq-wifi-package,edgecore_ecw5410,Edgecore ECW5410))
-$(eval $(call generate-ipq-wifi-package,edgecore_oap100,Edgecore OAP100))
-$(eval $(call generate-ipq-wifi-package,engenius_eap2200,EnGenius EAP2200))
-$(eval $(call generate-ipq-wifi-package,engenius_emd1,EnGenius EMD1))
-$(eval $(call generate-ipq-wifi-package,engenius_emr3500,EnGenius EMR3500))
-$(eval $(call generate-ipq-wifi-package,ezviz_cs-w3-wd1200g-eup,EZVIZ CS-W3-WD1200G EUP))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-ap1300,GL.iNet GL-AP1300))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-b2200,GL.iNet GL-B2200))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-s1300,GL.iNet GL-S1300))
-$(eval $(call generate-ipq-wifi-package,linksys_ea8300,Linksys EA8300))
-$(eval $(call generate-ipq-wifi-package,linksys_mr8300-v0,Linksys MR8300))
-$(eval $(call generate-ipq-wifi-package,luma_wrtq-329acn,Luma WRTQ-329ACN))
-$(eval $(call generate-ipq-wifi-package,mobipromo_cm520-79f,MobiPromo CM520-79F))
-$(eval $(call generate-ipq-wifi-package,nec_wg2600hp3,NEC Platforms WG2600HP3))
-$(eval $(call generate-ipq-wifi-package,p2w_r619ac,P&W R619AC))
-$(eval $(call generate-ipq-wifi-package,plasmacloud_pa1200,Plasma Cloud PA1200))
-$(eval $(call generate-ipq-wifi-package,plasmacloud_pa2200,Plasma Cloud PA2200))
-$(eval $(call generate-ipq-wifi-package,qxwlan_e2600ac-c1,Qxwlan E2600AC C1))
-$(eval $(call generate-ipq-wifi-package,qxwlan_e2600ac-c2,Qxwlan E2600AC C2))
-$(eval $(call generate-ipq-wifi-package,teltonika_rutx,Teltonika RUTX))
-$(eval $(call generate-ipq-wifi-package,zte_mf286d,ZTE MF286D))
 $(eval $(call generate-ipq-wifi-package,zte_mf289f,ZTE MF289F))
 
 $(foreach PACKAGE,$(ALLWIFIPACKAGES),$(eval $(call BuildPackage,$(PACKAGE))))

package/firmware/layerscape/ls-dpl/Makefile

@@ -12,7 +12,7 @@ PKG_VERSION:=21.08
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/mc-utils
+PKG_SOURCE_URL:=https://github.com/nxp-qoriq/mc-utils
 PKG_SOURCE_VERSION:=LSDK-21.08
 PKG_MIRROR_HASH:=372498ff4b5c8a1ac64ead5856d03ee021332f57771989ed6fe066745372b242
 

package/firmware/linux-firmware/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=linux-firmware
-PKG_VERSION:=20220411
+PKG_VERSION:=20230804
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=@KERNEL/linux/kernel/firmware
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=020b11f6412f4956f5a6f98de7d41867d2b30ea0ce81b1e2d206ec9840363849
+PKG_HASH:=88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
@@ -21,6 +21,9 @@ SCAN_DEPS = *.mk
 
 include $(INCLUDE_DIR)/package.mk
 
+RSTRIP:=:
+STRIP:=:
+
 define Package/firmware-default
   SECTION:=firmware
   CATEGORY:=Firmware

package/firmware/linux-firmware/mediatek.mk

@@ -1,9 +1,9 @@
 Package/mt7601u-firmware = $(call Package/firmware-default,MediaTek MT7601U firmware)
 define Package/mt7601u-firmware/install
-	$(INSTALL_DIR) $(1)/lib/firmware
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek
 	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/mt7601u.bin \
-		$(1)/lib/firmware
+		$(PKG_BUILD_DIR)/mediatek/mt7601u.bin \
+		$(1)/lib/firmware/mediatek
 endef
 $(eval $(call BuildPackage,mt7601u-firmware))
 

package/firmware/linux-firmware/qca_ath10k.mk

@@ -1,14 +1,3 @@
-QCA99X0_BOARD_REV:=e404444dfc0baf7d0fcde21ab8ec333608c9960c
-QCA99X0_BOARD_FILE:=board-2.bin.$(QCA99X0_BOARD_REV)
-
-define Download/qca99x0-board
-  URL:=https://github.com/kvalo/ath10k-firmware/raw/master/QCA99X0/hw2.0/
-  URL_FILE:=board-2.bin
-  FILE:=$(QCA99X0_BOARD_FILE)
-  HASH:=f91975dca2435fa6f8570146e6b255c2a70b9ffbdf5ef16a29d67bec7374c11a
-endef
-$(eval $(call Download,qca99x0-board))
-
 Package/ath10k-board-qca4019 = $(call Package/firmware-default,ath10k qca4019 board firmware)
 define Package/ath10k-board-qca4019/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA4019/hw1.0
@@ -117,7 +106,7 @@ Package/ath10k-board-qca99x0 = $(call Package/firmware-default,ath10k qca99x0 bo
 define Package/ath10k-board-qca99x0/install
 	$(INSTALL_DIR) $(1)/lib/firmware/ath10k/QCA99X0/hw2.0
 	$(INSTALL_DATA) \
-		$(DL_DIR)/$(QCA99X0_BOARD_FILE) \
+		$(PKG_BUILD_DIR)/ath10k/QCA99X0/hw2.0/board-2.bin \
 		$(1)/lib/firmware/ath10k/QCA99X0/hw2.0/board-2.bin
 endef
 $(eval $(call BuildPackage,ath10k-board-qca99x0))

package/firmware/wireless-regdb/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wireless-regdb
-PKG_VERSION:=2022.08.12
+PKG_VERSION:=2023.09.01
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
-PKG_HASH:=59c8f7d17966db71b27f90e735ee8f5b42ca3527694a8c5e6e9b56bd379c3b84
+PKG_HASH:=26d4c2a727cc59239b84735aad856b7c7d0b04e30aa5c235c4f7f47f5f053491
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 

package/kernel/bpf-headers/Makefile

@@ -39,7 +39,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/bpf-headers
   SECTION:=kernel
-  CATEGORY:=Kernel
+  CATEGORY:=Kernel modules
   TITLE:=eBPF kernel headers
   BUILDONLY:=1
   HIDDEN:=1
@@ -53,7 +53,7 @@ KERNEL_MAKE := \
 	$(MAKE) -C $(PKG_BUILD_DIR) \
 		ARCH=$(BPF_KARCH) \
 		CROSS_COMPILE=$(BPF_ARCH)-linux- \
-		LLVM=1 CC="$(CLANG)" LD="$(TARGET_CROSS)ld" \
+		LLVM=1 LLVM_IAS=1 CC="$(CLANG)" LD="$(TARGET_CROSS)ld" \
 		HOSTCC="$(HOSTCC)" \
 		HOSTCXX="$(HOSTCXX)" \
 		HOST_LOADLIBES="-L$(STAGING_DIR_HOST)/lib" \

package/kernel/ksmbd/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ksmbd
-PKG_VERSION:=3.4.5
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=3.4.7
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/cifsd-team/cifsd/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=2873c8ba1027fc5b04c5f5344804ef1469ad7019a033456c16ca4aa3f2c161f0
+PKG_SOURCE_URL:=https://github.com/cifsd-team/ksmbd/releases/download/$(PKG_VERSION)
+PKG_HASH:=ed9ecb2232046054bf0c1fef41690890f99d93b1d72b7e7d158746ac9be18c7f
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING

package/kernel/ksmbd/patches/02-fix_zdi_22_1690.patch

@@ -1,53 +0,0 @@
-From 1f9d85a340b0d8ff14cf47573417fe84efef9731 Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Wed, 27 Jul 2022 23:11:47 +0900
-Subject: [PATCH] ksmbd: fix use-after-free bug in smb2_tree_disconect
-
-smb2_tree_disconnect() freed the struct ksmbd_tree_connect,
-but it left the dangling pointer. It can be accessed
-again under compound requests.
-
-This bug can lead an oops looking something link:
-
-[ 1685.468014 ] BUG: KASAN: use-after-free in ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd]
-[ 1685.468068 ] Read of size 4 at addr ffff888102172180 by task kworker/1:2/4807
-...
-[ 1685.468130 ] Call Trace:
-[ 1685.468132 ]  <TASK>
-[ 1685.468135 ]  dump_stack_lvl+0x49/0x5f
-[ 1685.468141 ]  print_report.cold+0x5e/0x5cf
-[ 1685.468145 ]  ? ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd]
-[ 1685.468157 ]  kasan_report+0xaa/0x120
-[ 1685.468194 ]  ? ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd]
-[ 1685.468206 ]  __asan_report_load4_noabort+0x14/0x20
-[ 1685.468210 ]  ksmbd_tree_conn_disconnect+0x131/0x160 [ksmbd]
-[ 1685.468222 ]  smb2_tree_disconnect+0x175/0x250 [ksmbd]
-[ 1685.468235 ]  handle_ksmbd_work+0x30e/0x1020 [ksmbd]
-[ 1685.468247 ]  process_one_work+0x778/0x11c0
-[ 1685.468251 ]  ? _raw_spin_lock_irq+0x8e/0xe0
-[ 1685.468289 ]  worker_thread+0x544/0x1180
-[ 1685.468293 ]  ? __cpuidle_text_end+0x4/0x4
-[ 1685.468297 ]  kthread+0x282/0x320
-[ 1685.468301 ]  ? process_one_work+0x11c0/0x11c0
-[ 1685.468305 ]  ? kthread_complete_and_exit+0x30/0x30
-[ 1685.468309 ]  ret_from_fork+0x1f/0x30
-
-Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-17816
-Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
----
- smb2pdu.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/smb2pdu.c b/smb2pdu.c
-index 15bded43..1396ec49 100644
---- a/smb2pdu.c
-+++ b/smb2pdu.c
-@@ -2059,6 +2059,7 @@ int smb2_tree_disconnect(struct ksmbd_work *work)
- 
- 	ksmbd_close_tree_conn_fds(work);
- 	ksmbd_tree_conn_disconnect(sess, tcon);
-+	work->tcon = NULL;
- 	return 0;
- }
- 

package/kernel/linux/modules/can.mk

@@ -152,7 +152,7 @@ define KernelPackage/can-mcp251x
 	CONFIG_SPI=y \
 	CONFIG_CAN_MCP251X
   FILES:=$(LINUX_DIR)/drivers/net/can/spi/mcp251x.ko
-  AUTOLOAD:=$(call AutoProbe,can-mcp251x)
+  AUTOLOAD:=$(call AutoProbe,mcp251x)
   $(call AddDepends/can)
 endef
 

package/kernel/linux/modules/netfilter.mk

@@ -188,7 +188,7 @@ $(eval $(call KernelPackage,nf-flow))
 define KernelPackage/nf-socket
   SUBMENU:=$(NF_MENU)
   TITLE:=Netfilter socket lookup support
-  KCONFIG:= $(KCOFNIG_NF_SOCKET)
+  KCONFIG:= $(KCONFIG_NF_SOCKET)
   FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
 endef
@@ -199,7 +199,7 @@ $(eval $(call KernelPackage,nf-socket))
 define KernelPackage/nf-tproxy
   SUBMENU:=$(NF_MENU)
   TITLE:=Netfilter tproxy support
-  KCONFIG:= $(KCOFNIG_NF_TPROXY)
+  KCONFIG:= $(KCONFIG_NF_TPROXY)
   FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
 endef

package/kernel/linux/modules/netsupport.mk

@@ -91,7 +91,7 @@ define KernelPackage/vxlan
 	+kmod-udptunnel4 \
 	+IPV6:kmod-udptunnel6
   KCONFIG:=CONFIG_VXLAN
-  FILES:=$(LINUX_DIR)/drivers/net/vxlan.ko
+  FILES:=$(LINUX_DIR)/drivers/net/vxlan/vxlan.ko
   AUTOLOAD:=$(call AutoLoad,13,vxlan)
 endef
 
@@ -690,7 +690,7 @@ endef
 $(eval $(call KernelPackage,mppe))
 
 
-SCHED_MODULES_CORE = sch_ingress sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_tcindex cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
+SCHED_MODULES_CORE = sch_ingress sch_hfsc sch_htb sch_tbf cls_basic cls_fw cls_route cls_flow cls_u32 em_u32 act_gact act_mirred act_skbedit cls_matchall
 SCHED_FILES_CORE = $(foreach mod,$(SCHED_MODULES_CORE),$(LINUX_DIR)/net/sched/$(mod).ko)
 
 define KernelPackage/sched-core
@@ -708,7 +708,6 @@ define KernelPackage/sched-core
 	CONFIG_NET_CLS_FLOW \
 	CONFIG_NET_CLS_FW \
 	CONFIG_NET_CLS_ROUTE4 \
-	CONFIG_NET_CLS_TCINDEX \
 	CONFIG_NET_CLS_U32 \
 	CONFIG_NET_ACT_GACT \
 	CONFIG_NET_ACT_MIRRED \

package/kernel/mac80211/Makefile

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mac80211
 
-PKG_VERSION:=5.15.81-1
+PKG_VERSION:=5.15.92-1
 PKG_RELEASE:=1
-PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.15.81/
-PKG_HASH:=5227d3c35ccebacfaee6b8180b3a87b9910f3c94ee768ebc5c0fef3c86b6146d
+PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v5.15.92/
+PKG_HASH:=d518e3614a0a8b635e7b7febf2a3ee1645a95d953fd353920ceee22f159f26f1
 
 PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

@@ -753,7 +753,7 @@ mac80211_setup_supplicant() {
 	if [ "$mode" = "sta" ]; then
 		wpa_supplicant_add_network "$ifname"
 	else
-		wpa_supplicant_add_network "$ifname" "$freq" "$htmode" "$noscan"
+		wpa_supplicant_add_network "$ifname" "$freq" "$htmode" "$hostapd_noscan"
 	fi
 
 	NEWSPLIST="${NEWSPLIST}$ifname "
@@ -783,7 +783,7 @@ mac80211_setup_supplicant_noctl() {
 		return 1
 	}
 
-	wpa_supplicant_add_network "$ifname" "$freq" "$htmode" "$noscan"
+	wpa_supplicant_add_network "$ifname" "$freq" "$htmode" "$hostapd_noscan"
 
 	NEWSPLIST="${NEWSPLIST}$ifname "
 	[ "$enable" = 0 ] && {
@@ -800,8 +800,8 @@ mac80211_setup_supplicant_noctl() {
 
 mac80211_prepare_iw_htmode() {
 	case "$htmode" in
-		VHT20|HT20) iw_htmode=HT20;;
-		HT40*|VHT40|VHT160)
+		VHT20|HT20|HE20) iw_htmode=HT20;;
+		HT40*|VHT40|VHT160|HE40)
 			case "$band" in
 				2g)
 					case "$htmode" in
@@ -825,7 +825,7 @@ mac80211_prepare_iw_htmode() {
 			esac
 			[ "$auto_channel" -gt 0 ] && iw_htmode="HT40+"
 		;;
-		VHT80)
+		VHT80|HE80)
 			iw_htmode="80MHZ"
 		;;
 		NONE|NOHT)

package/kernel/mac80211/patches/subsys/347-wifi-ieee80211-correctly-mark-FTM-frames-non-buffera.patch

@@ -0,0 +1,134 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Wed, 29 Mar 2023 16:46:26 +0200
+Subject: [PATCH] wifi: ieee80211: correctly mark FTM frames non-bufferable
+
+The checks of whether or not a frame is bufferable were not
+taking into account that some action frames aren't, such as
+FTM. Check this, which requires some changes to the function
+ieee80211_is_bufferable_mmpdu() since we need the whole skb
+for the checks now.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
+Reviewed-by: Peer, Ilan <ilan.peer@intel.com>
+---
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/tx.c
+@@ -551,8 +551,9 @@ static void iwl_mvm_skb_prepare_status(s
+ 
+ static int iwl_mvm_get_ctrl_vif_queue(struct iwl_mvm *mvm,
+ 				      struct ieee80211_tx_info *info,
+-				      struct ieee80211_hdr *hdr)
++				      struct sk_buff *skb)
+ {
++	struct ieee80211_hdr *hdr = (void *)skb->data;
+ 	struct iwl_mvm_vif *mvmvif =
+ 		iwl_mvm_vif_from_mac80211(info->control.vif);
+ 	__le16 fc = hdr->frame_control;
+@@ -571,7 +572,7 @@ static int iwl_mvm_get_ctrl_vif_queue(st
+ 		 * reason 7 ("Class 3 frame received from nonassociated STA").
+ 		 */
+ 		if (ieee80211_is_mgmt(fc) &&
+-		    (!ieee80211_is_bufferable_mmpdu(fc) ||
++		    (!ieee80211_is_bufferable_mmpdu(skb) ||
+ 		     ieee80211_is_deauth(fc) || ieee80211_is_disassoc(fc)))
+ 			return mvm->probe_queue;
+ 
+@@ -689,7 +690,7 @@ int iwl_mvm_tx_skb_non_sta(struct iwl_mv
+ 			else
+ 				sta_id = mvmvif->mcast_sta.sta_id;
+ 
+-			queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info, hdr);
++			queue = iwl_mvm_get_ctrl_vif_queue(mvm, &info, skb);
+ 		} else if (info.control.vif->type == NL80211_IFTYPE_MONITOR) {
+ 			queue = mvm->snif_queue;
+ 			sta_id = mvm->snif_sta.sta_id;
+--- a/include/linux/ieee80211.h
++++ b/include/linux/ieee80211.h
+@@ -738,20 +738,6 @@ static inline bool ieee80211_is_any_null
+ }
+ 
+ /**
+- * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
+- * @fc: frame control field in little-endian byteorder
+- */
+-static inline bool ieee80211_is_bufferable_mmpdu(__le16 fc)
+-{
+-	/* IEEE 802.11-2012, definition of "bufferable management frame";
+-	 * note that this ignores the IBSS special case. */
+-	return ieee80211_is_mgmt(fc) &&
+-	       (ieee80211_is_action(fc) ||
+-		ieee80211_is_disassoc(fc) ||
+-		ieee80211_is_deauth(fc));
+-}
+-
+-/**
+  * ieee80211_is_first_frag - check if IEEE80211_SCTL_FRAG is not set
+  * @seq_ctrl: frame sequence control bytes in little-endian byteorder
+  */
+@@ -3672,6 +3658,44 @@ static inline u8 *ieee80211_get_DA(struc
+ }
+ 
+ /**
++ * ieee80211_is_bufferable_mmpdu - check if frame is bufferable MMPDU
++ * @skb: the skb to check, starting with the 802.11 header
++ */
++static inline bool ieee80211_is_bufferable_mmpdu(struct sk_buff *skb)
++{
++	struct ieee80211_mgmt *mgmt = (void *)skb->data;
++	__le16 fc = mgmt->frame_control;
++
++	/*
++	 * IEEE 802.11 REVme D2.0 definition of bufferable MMPDU;
++	 * note that this ignores the IBSS special case.
++	 */
++	if (!ieee80211_is_mgmt(fc))
++		return false;
++
++	if (ieee80211_is_disassoc(fc) || ieee80211_is_deauth(fc))
++		return true;
++
++	if (!ieee80211_is_action(fc))
++		return false;
++
++	if (skb->len < offsetofend(typeof(*mgmt), u.action.u.ftm.action_code))
++		return true;
++
++	/* action frame - additionally check for non-bufferable FTM */
++
++	if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC &&
++	    mgmt->u.action.category != WLAN_CATEGORY_PROTECTED_DUAL_OF_ACTION)
++		return true;
++
++	if (mgmt->u.action.u.ftm.action_code == WLAN_PUB_ACTION_FTM_REQUEST ||
++	    mgmt->u.action.u.ftm.action_code == WLAN_PUB_ACTION_FTM)
++		return false;
++
++	return true;
++}
++
++/**
+  * _ieee80211_is_robust_mgmt_frame - check if frame is a robust management frame
+  * @hdr: the frame (buffer must include at least the first octet of payload)
+  */
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -487,7 +487,7 @@ ieee80211_tx_h_unicast_ps_buf(struct iee
+ 		int ac = skb_get_queue_mapping(tx->skb);
+ 
+ 		if (ieee80211_is_mgmt(hdr->frame_control) &&
+-		    !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
++		    !ieee80211_is_bufferable_mmpdu(tx->skb)) {
+ 			info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
+ 			return TX_CONTINUE;
+ 		}
+@@ -1282,7 +1282,7 @@ static struct txq_info *ieee80211_get_tx
+ 	if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
+ 	    unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
+ 		if ((!ieee80211_is_mgmt(hdr->frame_control) ||
+-		     ieee80211_is_bufferable_mmpdu(hdr->frame_control) ||
++		     ieee80211_is_bufferable_mmpdu(skb) ||
+ 		     vif->type == NL80211_IFTYPE_STATION) &&
+ 		    sta && sta->uploaded) {
+ 			/*

package/kernel/mac80211/patches/subsys/348-wifi-mac80211-flush-queues-on-STA-removal.patch

@@ -0,0 +1,36 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Mon, 13 Mar 2023 11:42:12 +0100
+Subject: [PATCH] wifi: mac80211: flush queues on STA removal
+
+When we remove a station, we first make it unreachable,
+then we (must) remove its keys, and then remove the
+station itself. Depending on the hardware design, if
+we have hardware crypto at all, frames still sitting
+on hardware queues may then be transmitted without a
+valid key, possibly unencrypted or with a fixed key.
+
+Fix this by flushing the queues when removing stations
+so this cannot happen.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1070,6 +1070,14 @@ static void __sta_info_destroy_part2(str
+ 		WARN_ON_ONCE(ret);
+ 	}
+ 
++	/* Flush queues before removing keys, as that might remove them
++	 * from hardware, and then depending on the offload method, any
++	 * frames sitting on hardware queues might be sent out without
++	 * any encryption at all.
++	 */
++	if (local->ops->set_key)
++		ieee80211_flush_queues(local, sta->sdata, false);
++
+ 	/* now keys can no longer be reached */
+ 	ieee80211_free_sta_keys(local, sta);
+ 

package/kernel/mac80211/patches/subsys/349-wifi-iwlwifi-mvm-support-flush-on-AP-interfaces.patch

@@ -0,0 +1,34 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Mon, 13 Mar 2023 12:02:58 +0100
+Subject: [PATCH] wifi: iwlwifi: mvm: support flush on AP interfaces
+
+Support TX flush on AP interfaces so that we will do a
+proper flush for frames on the queue before keys are
+removed.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
+---
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+@@ -4817,9 +4817,6 @@ static void iwl_mvm_mac_flush(struct iee
+ 		return;
+ 	}
+ 
+-	if (vif->type != NL80211_IFTYPE_STATION)
+-		return;
+-
+ 	/* Make sure we're done with the deferred traffic before flushing */
+ 	flush_work(&mvm->add_stream_wk);
+ 
+@@ -4837,9 +4834,6 @@ static void iwl_mvm_mac_flush(struct iee
+ 		if (mvmsta->vif != vif)
+ 			continue;
+ 
+-		/* make sure only TDLS peers or the AP are flushed */
+-		WARN_ON(i != mvmvif->ap_sta_id && !sta->tdls);
+-
+ 		if (drop) {
+ 			if (iwl_mvm_flush_sta(mvm, mvmsta, false))
+ 				IWL_ERR(mvm, "flush request fail\n");

package/kernel/mac80211/patches/subsys/350-wifi-mac80211-add-flush_sta-method.patch

@@ -0,0 +1,91 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Mon, 13 Mar 2023 11:53:51 +0100
+Subject: [PATCH] wifi: mac80211: add flush_sta method
+
+Some drivers like iwlwifi might have per-STA queues, so we
+may want to flush/drop just those queues rather than all
+when removing a station. Add a separate method for that.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -3688,6 +3688,10 @@ struct ieee80211_prep_tx_info {
+  *	Note that vif can be NULL.
+  *	The callback can sleep.
+  *
++ * @flush_sta: Flush or drop all pending frames from the hardware queue(s) for
++ *	the given station, as it's about to be removed.
++ *	The callback can sleep.
++ *
+  * @channel_switch: Drivers that need (or want) to offload the channel
+  *	switch operation for CSAs received from the AP may implement this
+  *	callback. They must then call ieee80211_chswitch_done() to indicate
+@@ -4116,6 +4120,8 @@ struct ieee80211_ops {
+ #endif
+ 	void (*flush)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
+ 		      u32 queues, bool drop);
++	void (*flush_sta)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
++			  struct ieee80211_sta *sta);
+ 	void (*channel_switch)(struct ieee80211_hw *hw,
+ 			       struct ieee80211_vif *vif,
+ 			       struct ieee80211_channel_switch *ch_switch);
+--- a/net/mac80211/driver-ops.h
++++ b/net/mac80211/driver-ops.h
+@@ -639,6 +639,21 @@ static inline void drv_flush(struct ieee
+ 	trace_drv_return_void(local);
+ }
+ 
++static inline void drv_flush_sta(struct ieee80211_local *local,
++				 struct ieee80211_sub_if_data *sdata,
++				 struct sta_info *sta)
++{
++	might_sleep();
++
++	if (sdata && !check_sdata_in_driver(sdata))
++		return;
++
++	trace_drv_flush_sta(local, sdata, &sta->sta);
++	if (local->ops->flush_sta)
++		local->ops->flush_sta(&local->hw, &sdata->vif, &sta->sta);
++	trace_drv_return_void(local);
++}
++
+ static inline void drv_channel_switch(struct ieee80211_local *local,
+ 				      struct ieee80211_sub_if_data *sdata,
+ 				      struct ieee80211_channel_switch *ch_switch)
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1075,8 +1075,12 @@ static void __sta_info_destroy_part2(str
+ 	 * frames sitting on hardware queues might be sent out without
+ 	 * any encryption at all.
+ 	 */
+-	if (local->ops->set_key)
+-		ieee80211_flush_queues(local, sta->sdata, false);
++	if (local->ops->set_key) {
++		if (local->ops->flush_sta)
++			drv_flush_sta(local, sta->sdata, sta);
++		else
++			ieee80211_flush_queues(local, sta->sdata, false);
++	}
+ 
+ 	/* now keys can no longer be reached */
+ 	ieee80211_free_sta_keys(local, sta);
+--- a/net/mac80211/trace.h
++++ b/net/mac80211/trace.h
+@@ -1140,6 +1140,13 @@ TRACE_EVENT(drv_flush,
+ 	)
+ );
+ 
++DEFINE_EVENT(sta_event, drv_flush_sta,
++	TP_PROTO(struct ieee80211_local *local,
++		 struct ieee80211_sub_if_data *sdata,
++		 struct ieee80211_sta *sta),
++	TP_ARGS(local, sdata, sta)
++);
++
+ TRACE_EVENT(drv_channel_switch,
+ 	TP_PROTO(struct ieee80211_local *local,
+ 		 struct ieee80211_sub_if_data *sdata,

package/kernel/mac80211/patches/subsys/351-wifi-iwlwifi-mvm-support-new-flush_sta-method.patch

@@ -0,0 +1,53 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Mon, 13 Mar 2023 12:05:35 +0100
+Subject: [PATCH] wifi: iwlwifi: mvm: support new flush_sta method
+
+For iwlwifi this is simple to implement, and on newer hardware
+it's an improvement since we have per-station queues.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Reviewed-by: Greenman, Gregory <gregory.greenman@intel.com>
+---
+
+--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
++++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+@@ -4853,6 +4853,31 @@ static void iwl_mvm_mac_flush(struct iee
+ 		iwl_trans_wait_tx_queues_empty(mvm->trans, msk);
+ }
+ 
++static void iwl_mvm_mac_flush_sta(struct ieee80211_hw *hw,
++				  struct ieee80211_vif *vif,
++				  struct ieee80211_sta *sta)
++{
++	struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw);
++	int i;
++
++	mutex_lock(&mvm->mutex);
++	for (i = 0; i < mvm->fw->ucode_capa.num_stations; i++) {
++		struct iwl_mvm_sta *mvmsta;
++		struct ieee80211_sta *tmp;
++
++		tmp = rcu_dereference_protected(mvm->fw_id_to_mac_id[i],
++						lockdep_is_held(&mvm->mutex));
++		if (tmp != sta)
++			continue;
++
++		mvmsta = iwl_mvm_sta_from_mac80211(sta);
++
++		if (iwl_mvm_flush_sta(mvm, mvmsta, false))
++			IWL_ERR(mvm, "flush request fail\n");
++	}
++	mutex_unlock(&mvm->mutex);
++}
++
+ static int iwl_mvm_mac_get_survey(struct ieee80211_hw *hw, int idx,
+ 				  struct survey_info *survey)
+ {
+@@ -5366,6 +5391,7 @@ const struct ieee80211_ops iwl_mvm_hw_op
+ 	.mgd_prepare_tx = iwl_mvm_mac_mgd_prepare_tx,
+ 	.mgd_protect_tdls_discover = iwl_mvm_mac_mgd_protect_tdls_discover,
+ 	.flush = iwl_mvm_mac_flush,
++	.flush_sta = iwl_mvm_mac_flush_sta,
+ 	.sched_scan_start = iwl_mvm_mac_sched_scan_start,
+ 	.sched_scan_stop = iwl_mvm_mac_sched_scan_stop,
+ 	.set_key = iwl_mvm_mac_set_key,

package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch

@@ -0,0 +1,25 @@
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 24 Mar 2023 13:04:17 +0100
+Subject: [PATCH] wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
+ non-uploaded sta
+
+Avoid potential data corruption issues caused by uninitialized driver
+private data structures.
+
+Reported-by: Brian Coverstone <brian@mainsequence.net>
+Fixes: 6a9d1b91f34d ("mac80211: add pre-RCU-sync sta removal driver operation")
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+---
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -1041,7 +1041,8 @@ static int __must_check __sta_info_destr
+ 	list_del_rcu(&sta->list);
+ 	sta->removed = true;
+ 
+-	drv_sta_pre_rcu_remove(local, sta->sdata, sta);
++	if (sta->uploaded)
++		drv_sta_pre_rcu_remove(local, sta->sdata, sta);
+ 
+ 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
+ 	    rcu_access_pointer(sdata->u.vlan.sta) == sta)

package/kernel/mt76/Makefile

@@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2022-09-06
-PKG_SOURCE_VERSION:=d70546462b7b51ebc2bcdd5c534fdf3465be62a4
-PKG_MIRROR_HASH:=3d6b68d70a78c0072ed10ab2548344b6b3a70ad99e4edc258fafa16886f4abf9
+PKG_SOURCE_DATE:=2023-09-11
+PKG_SOURCE_VERSION:=bdf8ea71700746c634c064d6477aa143f821d6f6
+PKG_MIRROR_HASH:=a080a83068abc204d1f563022391625875ef77deda14be49888c179ff78fa8c8
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_USE_NINJA:=0

package/kernel/mt76/patches/100-aggregation-definitions.patch

@@ -1,13 +0,0 @@
---- a/mt7915/init.c
-+++ b/mt7915/init.c
-@@ -327,8 +327,8 @@ mt7915_init_wiphy(struct ieee80211_hw *h
- 	struct mt7915_dev *dev = phy->dev;
- 
- 	hw->queues = 4;
--	hw->max_rx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF;
--	hw->max_tx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF;
-+	hw->max_rx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF_HE;
-+	hw->max_tx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF_HE;
- 	hw->netdev_features = NETIF_F_RXCSUM;
- 
- 	hw->radiotap_timestamp.units_pos =

package/libs/gmp/Makefile

@@ -19,6 +19,7 @@ PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 PKG_FIXUP:=autoreconf
 PKG_LICENSE:=GPL-2.0-or-later
+PKG_CPE_ID:=cpe:/a:gmplib:gmp
 
 PKG_USE_MIPS16:=0
 

package/libs/libbsd/Makefile

@@ -10,6 +10,7 @@ PKG_HASH:=34b8adc726883d0e85b3118fa13605e179a62b31ba51f676136ecb2d0bc1a887
 
 PKG_LICENSE:=BSD-4-Clause
 PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:freedesktop:libbsd
 
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1

package/libs/libnetfilter-conntrack/Makefile

@@ -18,6 +18,7 @@ PKG_HASH:=67bd9df49fe34e8b82144f6dfb93b320f384a8ea59727e92ff8d18b5f4b579a8
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=COPYING
+PKG_CPE_ID:=cpe:/a:netfilter:libnetfilter_conntrack
 
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1

package/libs/libpcap/Makefile

@@ -18,6 +18,7 @@ PKG_HASH:=ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
+PKG_CPE_ID:=cpe:/a:tcpdump:libpcap
 
 PKG_ASLR_PIE_REGULAR:=1
 

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.28.2
+PKG_VERSION:=2.28.5
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=bc55232bf71fd66045122ba9050a29ea7cb2e8f99b064a9e6334a82f715881a0
+PKG_HASH:=849e86b626e42ded6bf67197b64aa771daa54e2a7e2868dc67e1e4711959e5e3
 
 PKG_LICENSE:=GPL-2.0-or-later
 PKG_LICENSE_FILES:=gpl-2.0.txt
@@ -111,9 +111,6 @@ define Build/Configure
 	     END { exit(rc) }' $(PKG_BUILD_DIR)/include/mbedtls/config.h \
 	     >$(PKG_BUILD_DIR)/include/mbedtls/config.h.new && \
 	mv $(PKG_BUILD_DIR)/include/mbedtls/config.h.new $(PKG_BUILD_DIR)/include/mbedtls/config.h
-
-	sed -i '/fuzz/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt
-	sed -i '/test/d' $(PKG_BUILD_DIR)/programs/CMakeLists.txt
 endef
 
 define Build/InstallDev

package/libs/mbedtls/patches/100-fix-compile.patch

@@ -1,22 +0,0 @@
-Fix a compile problem introduced in commit 331c3421d1f0 ("Address review comments")
-
-Bug report: https://github.com/Mbed-TLS/mbedtls/issues/6243
-
---- a/programs/ssl/ssl_server2.c
-+++ b/programs/ssl/ssl_server2.c
-@@ -2529,7 +2529,6 @@ int main( int argc, char *argv[] )
-         }
-         key_cert_init2 = 2;
- #endif /* MBEDTLS_ECDSA_C */
--    }
- 
- #if defined(MBEDTLS_USE_PSA_CRYPTO)
-     if( opt.key_opaque != 0 )
-@@ -2558,6 +2557,7 @@ int main( int argc, char *argv[] )
-     }
- #endif /* MBEDTLS_USE_PSA_CRYPTO */
- #endif /* MBEDTLS_CERTS_C */
-+    }
- 
-     mbedtls_printf( " ok (key types: %s - %s)\n", mbedtls_pk_get_name( &pkey ), mbedtls_pk_get_name( &pkey2 ) );
- #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */

package/libs/mbedtls/patches/101-remove-test.patch

@@ -0,0 +1,15 @@
+--- a/programs/CMakeLists.txt
++++ b/programs/CMakeLists.txt
+@@ -1,12 +1,8 @@
+ add_subdirectory(aes)
+-if (NOT WIN32)
+-    add_subdirectory(fuzz)
+-endif()
+ add_subdirectory(hash)
+ add_subdirectory(pkey)
+ add_subdirectory(psa)
+ add_subdirectory(random)
+ add_subdirectory(ssl)
+-add_subdirectory(test)
+ add_subdirectory(util)
+ add_subdirectory(x509)

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=s
+PKG_BUGFIX:=w
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
-PKG_HASH:=c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa
+PKG_HASH:=cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
@@ -128,8 +128,8 @@ endef
 
 define Package/libopenssl-conf/conffiles
 /etc/ssl/openssl.cnf
-$(if CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO,/etc/ssl/engines.cnf.d/devcrypto.cnf)
-$(if CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK,/etc/ssl/engines.cnf.d/padlock.cnf)
+$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),/etc/ssl/engines.cnf.d/devcrypto.cnf)
+$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),/etc/ssl/engines.cnf.d/padlock.cnf)
 endef
 
 define Package/libopenssl-conf/description
@@ -332,6 +332,7 @@ define Build/Configure
 			--libdir=lib \
 			--openssldir=/etc/ssl \
 			--cross-compile-prefix="$(TARGET_CROSS)" \
+			$(TARGET_CFLAGS) \
 			$(TARGET_CPPFLAGS) \
 			$(TARGET_LDFLAGS) \
 			$(OPENSSL_OPTIONS) && \

package/libs/popt/Makefile

@@ -18,6 +18,7 @@ PKG_SOURCE_URL:= \
 	http://rpm5.org/files/popt/
 PKG_HASH:=e728ed296fe9f069a0e005003c3d6b2dde3d9cad453422a10d6558616d304cc8
 PKG_LICENSE:=MIT
+PKG_CPE_ID:=cpe:/a:popt_project:popt
 
 PKG_FIXUP:=autoreconf
 PKG_REMOVE_FILES:=autogen.sh aclocal.m4

package/libs/sysfsutils/Makefile

@@ -15,6 +15,7 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/linux-diag
 PKG_HASH:=e865de2c1f559fff0d3fc936e660c0efaf7afe662064f2fb97ccad1ec28d208a
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
+PKG_CPE_ID:=cpe:/a:sysfsutils_project:sysfsutils
 
 PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=COPYING cmd/GPL lib/LGPL

package/libs/uclient/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uclient.git
-PKG_MIRROR_HASH:=7c443cac02a734dd312c65618f4de17248d188317f30a9fac192c1503b3d5c05
-PKG_SOURCE_DATE:=2021-05-14
-PKG_SOURCE_VERSION:=6a6011df3429ffa5958d12b1327eeda4fd9daa47
+PKG_MIRROR_HASH:=16c6c97f45d9737fb40628ea22ae347541a1e37d8d1576e04ffbaa5fc92f3b6d
+PKG_SOURCE_DATE:=2023-04-13
+PKG_SOURCE_VERSION:=007d945467499f43656b141171d31f5643b83a6c
 CMAKE_INSTALL:=1
 
 PKG_BUILD_DEPENDS:=ustream-ssl

package/libs/wolfssl/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=5.5.4-stable
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_VERSION:=5.6.4-stable
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=b7ee150e49def77c765bc02aac92ddeb0bebefd4cb12aa263d8f95e405221fb8
+PKG_HASH:=031691906794ff45e1e792561cf31759f5d29ac74936bc8dffb8b14f16d820b4
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1

package/libs/wolfssl/patches/100-disable-hardening-check.patch

@@ -1,10 +1,10 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2496,7 +2496,7 @@ extern void uITRON4_free(void *p) ;
- #endif
+@@ -2630,7 +2630,7 @@ extern void uITRON4_free(void *p) ;
  
  /* warning for not using harden build options (default with ./configure) */
--#ifndef WC_NO_HARDEN
+ /* do not warn if big integer support is disabled */
+-#if !defined(WC_NO_HARDEN) && !defined(NO_BIG_INT)
 +#if 0
      #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
          (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \

package/network/config/netifd/files/lib/netifd/proto/dhcp.sh

@@ -67,7 +67,7 @@ proto_dhcp_setup() {
 		-p /var/run/udhcpc-$iface.pid \
 		-s /lib/netifd/dhcp.script \
 		-f -t 0 -i "$iface" \
-		${ipaddr:+-r $ipaddr} \
+		${ipaddr:+-r ${ipaddr/\/*/}} \
 		${hostname:+-x "hostname:$hostname"} \
 		${vendorid:+-V "$vendorid"} \
 		$clientid $defaultreqopts $broadcast $norelease $dhcpopts

package/network/services/dnsmasq/files/dnsmasq.init

@@ -1178,6 +1178,7 @@ dnsmasq_start()
 		[ ! -e "$logfacility" ] && touch "$logfacility"
 		procd_add_jail_mount_rw "$logfacility"
 	esac
+	[ -e "$hostsfile" ] && procd_add_jail_mount $hostsfile
 
 	procd_close_instance
 }

package/network/services/dropbear/files/dropbear.failsafe

@@ -1,8 +1,9 @@
 #!/bin/sh
 
 failsafe_dropbear () {
-	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
-	dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
+	dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
+	dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
+	dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
 }
 
 boot_hook_add failsafe failsafe_dropbear

package/network/services/hostapd/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=$(AUTORELEASE).2
+PKG_RELEASE:=$(AUTORELEASE).3
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git

package/network/services/hostapd/patches/301-mesh-noscan.patch

@@ -24,8 +24,8 @@
  			   frequency);
  		goto out_free;
  	}
-+	if (ssid->noscan)
-+		conf->noscan = 1;
++	if (conf->noscan)
++		ssid->noscan = 1;
  
  	if (ssid->mesh_basic_rates == NULL) {
  		/*
@@ -36,7 +36,7 @@
  	enum hostapd_hw_mode hw_mode;
  	struct hostapd_hw_modes *mode = NULL;
 -	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
-+	int ht40plus[] = { 1, 2, 3, 4, 5, 6, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
++	int ht40plus[] = { 1, 2, 3, 4, 5, 6, 7, 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
  			   184, 192 };
  	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
  		       6035, 6115, 6195, 6275, 6355, 6435, 6515,

package/network/services/hostapd/src/src/ap/ubus.c

@@ -1097,6 +1097,8 @@ hostapd_bss_mgmt_enable(struct ubus_context *ctx, struct ubus_object *obj,
 	}
 
 	__hostapd_bss_mgmt_enable(hapd, flags);
+
+	return 0;
 }
 
 

package/network/services/uhttpd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git
-PKG_SOURCE_DATE:=2022-10-31
-PKG_SOURCE_VERSION:=23977554d9694d025eada50a5547e99ee1be7838
-PKG_MIRROR_HASH:=e546fd57d0d0be6a51e2aeb5797febe8c89d2bba61b26c930ecb0616d5f6ace9
+PKG_SOURCE_DATE:=2023-06-25
+PKG_SOURCE_VERSION:=34a8a74dbdec3c0de38abc1b08f6a73c51263792
+PKG_MIRROR_HASH:=8206885eebed5d1827763bcc5bcf9ca3510ae22b0ad1f6432114f1136c32dde2
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=ISC