OpenWrt v22.03.7: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

.github/labeler.yml

@@ -0,0 +1,103 @@
+# target/*
+"target/airoha":
+  - "target/linux/airoha/**"
+"target/apm821xx":
+  - "target/linux/apm821xx/**"
+"target/archs38":
+  - "target/linux/archs38/**"
+"target/armvirt":
+  - "target/linux/armvirt/**"
+"target/at91":
+  - "target/linux/at91/**"
+"target/ath25":
+  - "target/linux/ath25/**"
+"target/ath79":
+  - "target/linux/ath79/**"
+"target/bcm27xx":
+  - "target/linux/bcm27xx/**"
+"target/bcm47xx":
+  - "target/linux/bcm47xx/**"
+"target/bcm4908":
+  - "target/linux/bcm4908/**"
+"target/bcm53xx":
+  - "target/linux/bcm53xx/**"
+"target/bcm63xx":
+  - "target/linux/bcm63xx/**"
+"target/bmips":
+  - "target/linux/bmips/**"
+"target/gemini":
+  - "target/linux/gemini/**"
+"target/imx":
+  - "target/linux/imx/**"
+"target/ipq40xx":
+  - "target/linux/ipq40xx/**"
+"target/ipq806x":
+  - "target/linux/ipq806x/**"
+"target/kirkwood":
+  - "target/linux/kirkwood/**"
+"target/lantiq":
+  - "target/linux/lantiq/**"
+"target/layerscape":
+  - "target/linux/layerscape/**"
+"target/malta":
+  - "target/linux/malta/**"
+"target/mediatek":
+  - "target/linux/mediatek/**"
+"target/mpc85xx":
+  - "target/linux/mpc85xx/**"
+"target/mvebu":
+  - "target/linux/mvebu/**"
+"target/mxs":
+  - "target/linux/mxs/**"
+"target/octeon":
+  - "target/linux/octeon/**"
+"target/octeontx":
+  - "target/linux/octeontx/**"
+"target/omap":
+  - "target/linux/omap/**"
+"target/oxnas":
+  - "target/linux/oxnas/**"
+"target/pistachio":
+  - "target/linux/pistachio/**"
+"target/qoriq":
+  - "target/linux/qoriq/**"
+"target/ramips":
+  - "target/linux/ramips/**"
+"target/realtek":
+  - "target/linux/realtek/**"
+"target/rockchip":
+  - "target/linux/rockchip/**"
+"target/sunxi":
+  - "target/linux/sunxi/**"
+"target/tegra":
+  - "target/linux/tegra/**"
+"target/uml":
+  - "target/linux/uml/**"
+"target/x86":
+  - "target/linux/x86/**"
+"target/zynq":
+  - "target/linux/zynq/**"
+# target/imagebuilder
+"target/imagebuilder":
+  - "target/imagebuilder/**"
+# kernel
+"kernel":
+  - "target/linux/generic/**"
+  - "target/linux/**/config-*"
+  - "target/linux/**/patches-*"
+  - "target/linux/**/files/**"
+  - "package/kernel/linux/**"
+# core packages
+"core packages":
+  - "package/**"
+# build/scripts/tools
+"build/scripts/tools":
+  - "include/**"
+  - "scripts/**"
+  - "tools/**"
+# toolchain
+"toolchain":
+  - "toolchain/**"
+# GitHub/CI
+"GitHub/CI":
+  - ".github/**"

.github/workflows/Dockerfile.tools

@@ -0,0 +1,3 @@
+FROM registry.gitlab.com/openwrt/buildbot/buildworker-3.4.1
+
+COPY --chown=buildbot:buildbot tools.tar /tools.tar

.github/workflows/build.yml

@@ -0,0 +1,361 @@
+name: Build sub target
+
+on:
+  workflow_call:
+    inputs:
+      target:
+        required: true
+        type: string
+      testing:
+        type: boolean
+      build_toolchain:
+        type: boolean
+      include_feeds:
+        type: boolean
+      build_full:
+        type: boolean
+      build_all_modules:
+        type: boolean
+      build_all_kmods:
+        type: boolean
+      build_all_boards:
+        type: boolean
+
+permissions:
+  contents: read
+
+jobs:
+  setup_build:
+    name: Setup build
+    runs-on: ubuntu-latest
+    outputs:
+      owner_lc: ${{ steps.lower_owner.outputs.owner_lc }}
+      ccache_hash: ${{ steps.ccache_hash.outputs.ccache_hash }}
+      container_tag: ${{ steps.determine_tools_container.outputs.container_tag }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set lower case owner name
+        id: lower_owner
+        run: |
+          OWNER_LC=$(echo "${{ github.repository_owner }}" \
+            | tr '[:upper:]' '[:lower:]')
+          echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
+
+      - name: Generate ccache hash
+        id: ccache_hash
+        run: |
+          CCACHE_HASH=$(md5sum include/kernel-* | awk '{ print $1 }' \
+           | md5sum | awk '{ print $1 }')
+          echo "ccache_hash=$CCACHE_HASH" >> $GITHUB_OUTPUT
+
+      # Per branch tools container tag
+      # By default stick to latest
+      # For official test targetting openwrt stable branch
+      # Get the branch or parse the tag and push dedicated tools containers
+      # For local test to use the correct container for stable release testing
+      # you need to use for the branch name a prefix of openwrt-[0-9][0-9].[0-9][0-9]-
+      - name: Determine tools container tag
+        id: determine_tools_container
+        run: |
+          CONTAINER_TAG=latest
+          if [ -n "${{ github.base_ref }}" ]; then
+            if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              CONTAINER_TAG="${{ github.base_ref }}"
+            fi
+          elif [ ${{ github.ref_type }} == "branch" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              CONTAINER_TAG=${{ github.ref_name }}
+            elif echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]-'; then
+              CONTAINER_TAG="$(echo ${{ github.ref_name }} | sed 's/^\(openwrt-[0-9][0-9]\.[0-9][0-9]\)-.*/\1/')"
+            fi
+          elif [ ${{ github.ref_type }} == "tag" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^v[0-9][0-9]\.[0-9][0-9]\..+'; then
+              CONTAINER_TAG=openwrt-"$(echo ${{ github.ref_name }} | sed 's/^v\([0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
+            fi
+          fi
+          echo "Tools container to use tools:$CONTAINER_TAG"
+          echo "container_tag=$CONTAINER_TAG" >> $GITHUB_OUTPUT
+
+  build:
+    name: Build with external toolchain
+    needs: setup_build
+    runs-on: ubuntu-latest
+
+    container: ghcr.io/${{ needs.setup_build.outputs.owner_lc }}/tools:${{ needs.setup_build.outputs.container_tag }}
+
+    permissions:
+      contents: read
+      packages: read
+
+    steps:
+      - name: Checkout master directory
+        uses: actions/checkout@v3
+        with:
+          path: openwrt
+
+      - name: Checkout packages feed
+        if: inputs.include_feeds == true
+        uses: actions/checkout@v3
+        with:
+          repository: openwrt/packages
+          path: openwrt/feeds/packages
+
+      - name: Checkout luci feed
+        if: inputs.include_feeds == true
+        uses: actions/checkout@v3
+        with:
+          repository: openwrt/luci
+          path: openwrt/feeds/luci
+
+      - name: Checkout routing feed
+        if: inputs.include_feeds == true
+        uses: actions/checkout@v3
+        with:
+          repository: openwrt/routing
+          path: openwrt/feeds/routing
+
+      - name: Checkout telephony feed
+        if: inputs.include_feeds == true
+        uses: actions/checkout@v3
+        with:
+          repository: openwrt/telephony
+          path: openwrt/feeds/telephony
+
+      - name: Fix permission
+        run: |
+          chown -R buildbot:buildbot openwrt
+
+      - name: Initialization environment
+        run: |
+          TARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 1)
+          SUBTARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 2)
+          echo "TARGET=$TARGET" >> "$GITHUB_ENV"
+          echo "SUBTARGET=$SUBTARGET" >> "$GITHUB_ENV"
+
+      - name: Update & Install feeds
+        if: inputs.include_feeds == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          ./scripts/feeds update -a
+          ./scripts/feeds install -a
+
+      - name: Parse toolchain file
+        if: inputs.build_toolchain == false
+        id: parse-toolchain
+        working-directory: openwrt
+        run: |
+          TOOLCHAIN_PATH=snapshots
+
+          if [ -n "${{ github.base_ref }}" ]; then
+            if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              major_ver="$(echo ${{ github.base_ref }} | sed 's/^openwrt-/v/')"
+            fi
+          elif [ "${{ github.ref_type }}" = "branch" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              major_ver="$(echo ${{ github.ref_name }} | sed 's/^openwrt-/v/')"
+            elif echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]-'; then
+              major_ver="$(echo ${{ github.ref_name }} | sed 's/^openwrt-\([0-9][0-9]\.[0-9][0-9]\)-.*/v\1/')"
+            fi
+          elif [ "${{ github.ref_type }}" = "tag" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^v[0-9][0-9]\.[0-9][0-9]\..+'; then
+              major_ver="$(echo ${{ github.ref_name }} | sed 's/^\(v[0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
+            fi
+          fi
+
+          if [ -n "$major_ver" ]; then
+            git fetch --tags -f
+            latest_tag="$(git tag --sort=-creatordate -l $major_ver* | head -n1)"
+            if [ -n "$latest_tag" ]; then
+              TOOLCHAIN_PATH=releases/$(echo $latest_tag | sed 's/^v//')
+            fi
+          fi
+
+          SUMS_FILE="https://downloads.cdn.openwrt.org/$TOOLCHAIN_PATH/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/sha256sums"
+          if curl $SUMS_FILE | grep -q ".*openwrt-toolchain.*tar.xz"; then
+            TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-toolchain.*tar.xz")"
+            TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-toolchain.*\).tar.xz/\1/p')
+            TOOLCHAIN_SHA256=$(echo "$TOOLCHAIN_STRING" | cut -d ' ' -f 1)
+            
+            echo "toolchain-type=external_toolchain" >> $GITHUB_OUTPUT
+          elif curl $SUMS_FILE | grep -q ".*openwrt-sdk.*tar.xz"; then
+            TOOLCHAIN_STRING="$( curl $SUMS_FILE | grep ".*openwrt-sdk.*tar.xz")"
+            TOOLCHAIN_FILE=$(echo "$TOOLCHAIN_STRING" | sed -n -e 's/.*\(openwrt-sdk.*\).tar.xz/\1/p')
+            TOOLCHAIN_SHA256=$(echo "$TOOLCHAIN_STRING" | cut -d ' ' -f 1)
+
+            echo "toolchain-type=external_sdk" >> $GITHUB_OUTPUT
+          fi
+
+          echo "TOOLCHAIN_FILE=$TOOLCHAIN_FILE" >> "$GITHUB_ENV"
+          echo "TOOLCHAIN_SHA256=$TOOLCHAIN_SHA256" >> "$GITHUB_ENV"
+          echo "TOOLCHAIN_PATH=$TOOLCHAIN_PATH" >> "$GITHUB_ENV"
+
+      - name: Cache external toolchain/sdk
+        if: inputs.build_toolchain == false
+        id: cache-external-toolchain
+        uses: actions/cache@v3
+        with:
+          path: openwrt/${{ env.TOOLCHAIN_FILE }}
+          key: ${{ env.TOOLCHAIN_FILE }}-${{ steps.parse-toolchain.outputs.toolchain-type }}-${{ env.TOOLCHAIN_SHA256 }}
+
+      - name: Cache ccache
+        uses: actions/cache@v3
+        with:
+          path: openwrt/.ccache
+          key: ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-${{ needs.setup_build.outputs.ccache_hash }}
+          restore-keys: |
+            ccache-kernel-${{ env.TARGET }}/${{ env.SUBTARGET }}-
+
+      - name: Download external toolchain/sdk
+        if: inputs.build_toolchain == false && steps.cache-external-toolchain.outputs.cache-hit != 'true'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          wget -O - https://downloads.cdn.openwrt.org/${{ env.TOOLCHAIN_PATH }}/targets/${{ env.TARGET }}/${{ env.SUBTARGET }}/${{ env.TOOLCHAIN_FILE }}.tar.xz \
+            | tar --xz -xf -
+
+      - name: Extract prebuilt tools
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: ./scripts/ext-tools.sh --tools /tools.tar
+
+      - name: Configure testing kernel
+        if: inputs.testing == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_TESTING_KERNEL=y >> .config
+
+      - name: Configure all kernel modules
+        if: inputs.build_all_kmods == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_ALL_KMODS=y >> .config
+
+      - name: Configure all modules
+        if: inputs.build_all_modules == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_ALL=y >> .config
+
+      - name: Configure all boards
+        if: inputs.build_all_boards == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_TARGET_MULTI_PROFILE=y >> .config
+          echo CONFIG_TARGET_PER_DEVICE_ROOTFS=y >> .config
+          echo CONFIG_TARGET_ALL_PROFILES=y >> .config
+
+      - name: Configure external toolchain
+        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_toolchain'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_DEVEL=y >> .config
+          echo CONFIG_AUTOREMOVE=y >> .config
+          echo CONFIG_CCACHE=y >> .config
+
+          ./scripts/ext-toolchain.sh \
+            --toolchain ${{ env.TOOLCHAIN_FILE }}/toolchain-* \
+            --overwrite-config \
+            --config ${{ env.TARGET }}/${{ env.SUBTARGET }}
+
+      - name: Adapt external sdk to external toolchain format
+        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk' && steps.cache-external-toolchain.outputs.cache-hit != 'true'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          TOOLCHAIN_DIR=${{ env.TOOLCHAIN_FILE }}/staging_dir/$(ls ${{ env.TOOLCHAIN_FILE }}/staging_dir | grep toolchain)
+          TOOLCHAIN_BIN=$TOOLCHAIN_DIR/bin
+          OPENWRT_DIR=$(pwd)
+
+          # Find target name from toolchain info.mk
+          GNU_TARGET_NAME=$(cat $TOOLCHAIN_DIR/info.mk | grep TARGET_CROSS | sed 's/^TARGET_CROSS=\(.*\)-$/\1/')
+
+          cd $TOOLCHAIN_BIN
+
+          # Revert sdk wrapper scripts applied to all the bins
+          for app in $(find . -name "*.bin"); do
+            TARGET_APP=$(echo $app | sed 's/\.\/\.\(.*\)\.bin/\1/')
+            rm $TARGET_APP
+            mv .$TARGET_APP.bin $TARGET_APP
+          done
+
+          # Setup the wrapper script in the sdk toolchain dir simulating an external toolchain build
+          cp $OPENWRT_DIR/target/toolchain/files/wrapper.sh $GNU_TARGET_NAME-wrapper.sh
+          for app in cc gcc g++ c++ cpp ld as ; do
+            [ -f $GNU_TARGET_NAME-$app ] && mv $GNU_TARGET_NAME-$app $GNU_TARGET_NAME-$app.bin
+            ln -sf $GNU_TARGET_NAME-wrapper.sh $GNU_TARGET_NAME-$app
+          done
+
+      - name: Configure external toolchain with sdk
+        if: inputs.build_toolchain == false && steps.parse-toolchain.outputs.toolchain-type == 'external_sdk'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_DEVEL=y >> .config
+          echo CONFIG_AUTOREMOVE=y >> .config
+          echo CONFIG_CCACHE=y >> .config
+
+          ./scripts/ext-toolchain.sh \
+            --toolchain ${{ env.TOOLCHAIN_FILE }}/staging_dir/toolchain-* \
+            --overwrite-config \
+            --config ${{ env.TARGET }}/${{ env.SUBTARGET }}
+
+      - name: Configure internal toolchain
+        if: inputs.build_toolchain == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_DEVEL=y >> .config
+          echo CONFIG_AUTOREMOVE=y >> .config
+          echo CONFIG_CCACHE=y >> .config
+
+          echo "CONFIG_TARGET_${{ env.TARGET }}=y" >> .config
+          echo "CONFIG_TARGET_${{ env.TARGET }}_${{ env.SUBTARGET }}=y" >> .config
+
+          make defconfig
+
+      - name: Show configuration
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: ./scripts/diffconfig.sh
+
+      - name: Build tools
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make tools/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Build toolchain
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make toolchain/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Build Kernel
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make target/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Build Kernel Kmods
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make package/linux/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Build everything
+        if: inputs.build_full == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Upload logs
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ env.TARGET }}-${{ env.SUBTARGET }}-logs
+          path: "openwrt/logs"

.github/workflows/check-kernel-patches.yml

@@ -0,0 +1,131 @@
+name: Refresh kernel for target
+
+on:
+  workflow_call:
+    inputs:
+      target:
+        required: true
+        type: string
+      testing:
+        type: boolean
+
+permissions:
+  contents: read
+
+jobs:
+  setup_build:
+    name: Setup build
+    runs-on: ubuntu-latest
+    outputs:
+      owner_lc: ${{ steps.lower_owner.outputs.owner_lc }}
+      container_tag: ${{ steps.determine_tools_container.outputs.container_tag }}
+
+    steps:
+      - name: Set lower case owner name
+        id: lower_owner
+        run: |
+          OWNER_LC=$(echo "${{ github.repository_owner }}" \
+            | tr '[:upper:]' '[:lower:]')
+          echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
+
+      # Per branch tools container tag
+      # By default stick to latest
+      # For official test targetting openwrt stable branch
+      # Get the branch or parse the tag and push dedicated tools containers
+      # For local test to use the correct container for stable release testing
+      # you need to use for the branch name a prefix of openwrt-[0-9][0-9].[0-9][0-9]-
+      - name: Determine tools container tag
+        id: determine_tools_container
+        run: |
+          CONTAINER_TAG=latest
+          if [ -n "${{ github.base_ref }}" ]; then
+            if echo "${{ github.base_ref }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              CONTAINER_TAG="${{ github.base_ref }}"
+            fi
+          elif [ ${{ github.ref_type }} == "branch" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]$'; then
+              CONTAINER_TAG=${{ github.ref_name }}
+            elif echo "${{ github.ref_name }}" | grep -q -E '^openwrt-[0-9][0-9]\.[0-9][0-9]-'; then
+              CONTAINER_TAG="$(echo ${{ github.ref_name }} | sed 's/^\(openwrt-[0-9][0-9]\.[0-9][0-9]\)-.*/\1/')"
+            fi
+          elif [ ${{ github.ref_type }} == "tag" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E '^v[0-9][0-9]\.[0-9][0-9]\..+'; then
+              CONTAINER_TAG=openwrt-"$(echo ${{ github.ref_name }} | sed 's/^v\([0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
+            fi
+          fi
+          echo "Tools container to use tools:$CONTAINER_TAG"
+          echo "container_tag=$CONTAINER_TAG" >> $GITHUB_OUTPUT
+
+  check-patch:
+    name: Check Kernel patches
+    needs: setup_build
+    runs-on: ubuntu-latest
+
+    container: ghcr.io/${{ needs.setup_build.outputs.owner_lc }}/tools:${{ needs.setup_build.outputs.container_tag }}
+
+    permissions:
+      contents: read
+      packages: read
+
+    steps:
+      - name: Checkout master directory
+        uses: actions/checkout@v3
+        with:
+          path: openwrt
+
+      - name: Fix permission
+        run: |
+          chown -R buildbot:buildbot openwrt
+
+      - name: Initialization environment
+        run: |
+          TARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 1)
+          SUBTARGET=$(echo ${{ inputs.target }} | cut -d "/" -f 2)
+          echo "TARGET=$TARGET" >> "$GITHUB_ENV"
+          echo "SUBTARGET=$SUBTARGET" >> "$GITHUB_ENV"
+
+      - name: Extract prebuilt tools
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: ./scripts/ext-tools.sh --tools /tools.tar
+
+      - name: Configure testing kernel
+        if: inputs.testing == true
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_TESTING_KERNEL=y >> .config
+
+      - name: Configure system
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          echo CONFIG_ALL_KMODS=y >> .config
+          echo CONFIG_DEVEL=y >> .config
+          echo CONFIG_AUTOREMOVE=y >> .config
+          echo CONFIG_CCACHE=y >> .config
+
+          echo "CONFIG_TARGET_${{ env.TARGET }}=y" >> .config
+          echo "CONFIG_TARGET_${{ env.TARGET }}_${{ env.SUBTARGET }}=y" >> .config
+
+          make defconfig
+
+      - name: Build tools
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make tools/quilt/compile -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Refresh Kernel patches
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          make target/linux/refresh V=s
+
+          . .github/workflows/scripts/ci_helpers.sh
+
+          if git diff --name-only --exit-code; then
+            success "Kernel patches for ${{ env.TARGET }}/${{ env.SUBTARGET }} seems ok"
+          else
+            err "Kernel patches for ${{ env.TARGET }}/${{ env.SUBTARGET }} require refresh. (run 'make target/linux/refresh' and force push this pr)"
+            exit 1
+          fi

.github/workflows/formal.yml

@@ -3,6 +3,9 @@ name: Test Formalities
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Test Formalities
@@ -11,7 +14,7 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
@@ -24,7 +27,7 @@ jobs:
 
       - name: Test formalities
         run: |
-          source .github/workflows/ci_helpers.sh
+          source .github/workflows/scripts/ci_helpers.sh
 
           RET=0
           for commit in $(git rev-list HEAD ^origin/$BRANCH); do

.github/workflows/kernel.yml

@@ -0,0 +1,85 @@
+name: Build Kernel
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/check-kernel-patches.yml'
+      - '.github/workflows/build.yml'
+      - '.github/workflows/kernel.yml'
+      - 'include/kernel*'
+      - 'package/kernel/**'
+      - 'target/linux/generic/**'
+  push:
+    paths:
+      - '.github/workflows/check-kernel-patches.yml'
+      - '.github/workflows/build.yml'
+      - '.github/workflows/kernel.yml'
+      - 'include/kernel*'
+      - 'package/kernel/**'
+      - 'target/linux/generic/**'
+
+permissions:
+  contents: read
+
+jobs:
+  determine_targets:
+    name: Set targets
+    runs-on: ubuntu-latest
+    outputs:
+      target: ${{ steps.find_targets.outputs.target }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set targets
+        id: find_targets
+        run: |
+          export TARGETS="$(perl ./scripts/dump-target-info.pl targets 2>/dev/null \
+            | sort -u -t '/' -k1,1 \
+            | awk '{ print $1 }')"
+
+          JSON='['
+          FIRST=1
+          for TARGET in $TARGETS; do
+            [[ $FIRST -ne 1 ]] && JSON="$JSON"','
+            JSON="$JSON"'"'"${TARGET}"'"'
+            FIRST=0
+          done
+          JSON="$JSON"']'
+
+           echo -e "\n---- targets ----\n"
+           echo "$JSON"
+           echo -e "\n---- targets ----\n"
+
+           echo "target=$JSON" >> $GITHUB_OUTPUT
+
+  build:
+    name: Build Kernel with external toolchain
+    needs: determine_targets
+    permissions:
+      contents: read
+      packages: read
+    strategy:
+       fail-fast: False
+       matrix:
+         target: ${{fromJson(needs.determine_targets.outputs.target)}}
+    uses: ./.github/workflows/build.yml
+    with:
+      target: ${{ matrix.target }}
+      build_all_kmods: true
+
+  check-kernel-patches:
+    name: Check Kernel patches
+    needs: determine_targets
+    permissions:
+      contents: read
+      packages: read
+    strategy:
+       fail-fast: False
+       matrix:
+         target: ${{fromJson(needs.determine_targets.outputs.target)}}
+    uses: ./.github/workflows/check-kernel-patches.yml
+    with:
+      target: ${{ matrix.target }}
+

.github/workflows/labeler.yml

@@ -0,0 +1,33 @@
+name: 'Pull Request Labeler'
+on:
+  - pull_request_target
+
+permissions:
+  contents: read
+
+jobs:
+  labeler:
+    permissions:
+      contents: read # to determine modified files (actions/labeler)
+      pull-requests: write # to add labels to PRs (actions/labeler)
+
+    name: Pull Request Labeler
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/labeler@v4
+        with:
+          repo-token: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Check Branch
+        id: check-branch
+        run: |
+          if echo "${{ github.base_ref }}" | grep -q -E 'openwrt-[0-9][0-9]\.[0-9][0-9]'; then
+              echo "release-tag=$(echo ${{ github.base_ref }} | sed 's/openwrt-/release\//')" >> $GITHUB_OUTPUT
+          fi
+
+      - uses: buildsville/add-remove-label@v2.0.0
+        if: ${{ steps.check-branch.outputs.release-tag }}
+        with:
+          token: ${{secrets.GITHUB_TOKEN}}
+          labels: ${{ steps.check-branch.outputs.release-tag }}
+          type: add

.github/workflows/packages.yml

@@ -0,0 +1,43 @@
+name: Build all core packages
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/build.yml'
+      - '.github/workflows/packages.yml'
+      - 'config/**'
+      - 'include/**'
+      - 'package/**'
+      - 'target/linux/generic/**'
+      - 'toolchain/**'
+  push:
+    paths:
+      - '.github/workflows/build.yml'
+      - '.github/workflows/packages.yml'
+      - 'config/**'
+      - 'include/**'
+      - 'package/**'
+      - 'target/linux/generic/**'
+      - 'toolchain/**'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: read
+    strategy:
+      fail-fast: False
+      matrix:
+        include:
+          - target: malta/be
+          - target: x86/64
+    uses: ./.github/workflows/build.yml
+    with:
+      target: ${{ matrix.target }}
+      build_all_kmods: true
+      build_all_modules: true
+      build_full: true
+

.github/workflows/scripts/show_build_failures.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+original_exit_code="${ret:-1}"
+log_dir_path="${1:-logs}"
+context="${2:-10}"
+
+show_make_build_errors() {
+	grep -slr 'make\[[[:digit:]]\].*Error [[:digit:]]$' "$log_dir_path" | while IFS= read -r log_file; do
+		printf "====== Make errors from %s ======\n" "$log_file";
+		grep -r -C"$context" 'make\[[[:digit:]]\].*Error [[:digit:]]$' "$log_file" ;
+	done
+}
+
+show_make_build_errors
+exit "$original_exit_code"

.github/workflows/tools.yml

@@ -4,131 +4,206 @@ on:
   pull_request:
     paths:
       - 'tools/**'
+      - '.github/workflows/tools.yml'
+  push:
+    paths:
+      - 'tools/**'
+      - '.github/workflows/tools.yml'
+
+permissions:
+  contents: read
 
 jobs:
-  build:
-    name: Build tools on ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: False
-      matrix:
-        os: 
-          - ubuntu-latest
-          - macos-latest
+  build-macos-latest:
+    if: github.event_name != 'push'
+    runs-on: macos-14
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
-          fetch-depth: 0
           path: openwrt
 
       - name: Setup MacOS
-        if: ${{ matrix.os == 'macos-latest' }}
         run: |
-          echo "WORKPATH=/Volumes/OpenWrt/openwrt/" >> "$GITHUB_ENV"
+          echo "WORKPATH=/Volumes/OpenWrt" >> "$GITHUB_ENV"
           hdiutil create -size 20g -type SPARSE -fs "Case-sensitive HFS+" -volname OpenWrt OpenWrt.sparseimage
           hdiutil attach OpenWrt.sparseimage
           mv "$GITHUB_WORKSPACE/openwrt" /Volumes/OpenWrt/
-          cd "$WORKPATH"
 
+      - name: Install required prereq on MacOS
+        working-directory: ${{ env.WORKPATH }}/openwrt
+        run: |
           brew install \
-            autoconf \
             automake \
             coreutils \
             diffutils \
             findutils \
             gawk \
-            gettext \
             git-extras \
-            gmp \
             gnu-getopt \
             gnu-sed \
-            gnu-tar \
             grep \
-            libidn2 \
-            libunistring \
-            m4 \
-            make \
-            mpfr \
-            ncurses \
-            openssl@1.1 \
-            pcre \
-            pkg-config \
-            quilt \
-            readline \
-            wget \
-            zstd
+            gpatch \
+            make
 
             echo "/bin" >> "$GITHUB_PATH"
             echo "/sbin/Library/Apple/usr/bin" >> "$GITHUB_PATH"
             echo "/usr/bin" >> "$GITHUB_PATH"
-            echo "/usr/local/bin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/coreutils/bin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/findutils/libexec/gnubin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/gettext/bin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/gnu-getopt/bin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/make/libexec/gnubin" >> "$GITHUB_PATH"
-            echo "/usr/local/opt/make/libexec/gnubin" >> "$GITHUB_PATH"
+            echo "/opt/homebrew/bin" >> "$GITHUB_PATH"
+            echo "/opt/homebrew/opt/coreutils/bin" >> "$GITHUB_PATH"
+            echo "/opt/homebrew/opt/findutils/libexec/gnubin" >> "$GITHUB_PATH"
+            echo "/opt/homebrew/opt/gnu-getopt/bin" >> "$GITHUB_PATH"
+            echo "/opt/homebrew/opt/make/libexec/gnubin" >> "$GITHUB_PATH"
             echo "/usr/sbin" >> "$GITHUB_PATH"
-            pwd
-
-      - name: Setup Ubuntu
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        env:
-          DEBIAN_FRONTEND: noninteractive
-        run: |
-          sudo apt-get update
-          sudo apt-get -y install \
-            build-essential \
-            ccache \
-            clang-12 \
-            ecj \
-            fastjar \
-            file \
-            g++ \
-            gawk \
-            gettext \
-            git \
-            java-propose-classpath \
-            libelf-dev \
-            libncurses-dev \
-            libssl-dev \
-            mkisofs \
-            python3 \
-            python3-dev \
-            python3-distutils \
-            python3-setuptools \
-            qemu-utils \
-            rsync \
-            subversion \
-            swig \
-            unzip \
-            wget \
-            xsltproc \
-            zlib1g-dev
-          echo "WORKPATH=$GITHUB_WORKSPACE/openwrt/" >> "$GITHUB_ENV"
-          cd "$WORKPATH"
-          pwd
 
       - name: Make prereq
-        run: |
-          cd "$WORKPATH"
-          pwd
-          make defconfig
+        working-directory: ${{ env.WORKPATH }}/openwrt
+        run: make defconfig
 
-      - name: Build tools
-        run: |
-          cd "$WORKPATH"
-          make tools/install -j$(nproc) BUILD_LOG=1
-
-      - name: Move logs to GITHUB_WORKSPACE
-        if: failure()
-        run: |
-          cp -r "$WORKPATH/logs" "$GITHUB_WORKSPACE"
+      - name: Build tools MacOS
+        working-directory: ${{ env.WORKPATH }}/openwrt
+        run: make tools/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
 
       - name: Upload logs
-        if: failure()
-        uses: actions/upload-artifact@v2
+        if: always()
+        uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.os }}-logs
-          path: "logs"
+          name: macos-latest-logs
+          path: ${{ env.WORKPATH }}/openwrt/logs
+
+      - name: Upload config
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: macos-latest-config
+          path: ${{ env.WORKPATH }}/openwrt/.config
+
+  build-linux-buildbot:
+    runs-on: ubuntu-latest
+    container: registry.gitlab.com/openwrt/buildbot/buildworker-3.4.1
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: 'openwrt'
+
+      - name: Fix permission
+        run: |
+          chown -R buildbot:buildbot openwrt
+
+      - name: Set configs for tools container
+        if: github.event_name == 'push'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: |
+          touch .config
+          echo CONFIG_DEVEL=y >> .config
+          echo CONFIG_AUTOREMOVE=y >> .config
+          echo CONFIG_CCACHE=y >> .config
+
+      - name: Make prereq
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make defconfig
+
+      - name: Build tools BuildBot Container
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: make tools/install -j$(nproc) BUILD_LOG=1 || ret=$? .github/workflows/scripts/show_build_failures.sh
+
+      - name: Upload logs
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: linux-buildbot-logs
+          path: openwrt/logs
+
+      - name: Upload config
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: linux-buildbot-config
+          path: openwrt/.config
+
+      - name: Archive prebuilt tools
+        if: github.event_name == 'push'
+        shell: su buildbot -c "sh -e {0}"
+        working-directory: openwrt
+        run: tar --mtime=now -cf tools.tar staging_dir/host build_dir/host dl
+
+      - name: Upload prebuilt tools
+        if: github.event_name == 'push'
+        uses: actions/upload-artifact@v3
+        with:
+          name: linux-buildbot-prebuilt-tools
+          path: openwrt/tools.tar
+          retention-days: 1
+
+  push-tools-container:
+    needs: build-linux-buildbot
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Set lower case owner name
+        env:
+          OWNER: ${{ github.repository_owner }}
+        run: |
+          echo "OWNER_LC=${OWNER,,}" >> "$GITHUB_ENV"
+
+      # Per branch tools container tag
+      # By default stick to latest
+      # For official test targetting openwrt stable branch
+      # Get the branch or parse the tag and push dedicated tools containers
+      # Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
+      # will refresh the tools container with the matching tag.
+      # (example branch openwrt-22.03 -> tools:openwrt-22.03)
+      # (example branch openwrt-22.03-test -> tools:openwrt-22.03)
+      - name: Determine tools container tag
+        run: |
+          CONTAINER_TAG=latest
+
+          if [ ${{ github.ref_type }} == "branch" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E 'openwrt-[0-9][0-9]\.[0-9][0-9]'; then
+              CONTAINER_TAG="$(echo ${{ github.ref_name }} | sed 's/^\(openwrt-[0-9][0-9]\.[0-9][0-9]\).*/\1/')"
+            fi
+          elif [ ${{ github.ref_type }} == "tag" ]; then
+            if echo "${{ github.ref_name }}" | grep -q -E 'v[0-9][0-9]\.[0-9][0-9]\..+'; then
+              CONTAINER_TAG=openwrt-"$(echo ${{ github.ref_name }} | sed 's/v\([0-9][0-9]\.[0-9][0-9]\)\..\+/\1/')"
+            fi
+          fi
+
+          echo "Tools container to push tools:$CONTAINER_TAG"
+          echo "CONTAINER_TAG=$CONTAINER_TAG" >> "$GITHUB_ENV"
+
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          path: 'openwrt'
+
+      - name: Download prebuilt tools from build job
+        uses: actions/download-artifact@v3
+        with:
+          name: linux-buildbot-prebuilt-tools
+          path: openwrt
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v3
+        with:
+          context: openwrt
+          push: true
+          tags: ghcr.io/${{ env.OWNER_LC }}/tools:${{ env.CONTAINER_TAG }}
+          file: openwrt/.github/workflows/Dockerfile.tools

.gitignore

@@ -14,6 +14,7 @@
 /feeds
 /feeds.conf
 /files
+/target/linux/feeds
 /overlay
 /package/feeds
 /package/openwrt-packages

Makefile

@@ -14,7 +14,7 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt dir
 
 world:
 
-DISTRO_PKG_CONFIG:=$(shell $(TOPDIR)/scripts/command_all.sh pkg-config | grep -E '\/usr' | head -n 1)
+DISTRO_PKG_CONFIG:=$(shell $(TOPDIR)/scripts/command_all.sh pkg-config | grep '/usr' | head -n 1)
 export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
 
 ifneq ($(OPENWRT_BUILD),1)
@@ -51,7 +51,7 @@ printdb:
 prepare: $(target/stamp-compile)
 
 _clean: FORCE
-	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(BUILD_LOG_DIR) $(TOPDIR)/staging_dir/packages
+	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(TOPDIR)/staging_dir/packages
 
 clean: _clean
 	rm -rf $(BUILD_LOG_DIR)

config/Config-build.in

@@ -58,6 +58,10 @@ menu "Global build settings"
 		bool "Enable signature checking in opkg"
 		default SIGNED_PACKAGES
 
+	config DOWNLOAD_CHECK_CERTIFICATE
+		bool "Enable TLS certificate verification during package download"
+		default y
+
 	comment "General build options"
 
 	config TESTING_KERNEL
@@ -160,7 +164,6 @@ menu "Global build settings"
 
 	choice
 		prompt "Binary stripping method"
-		default USE_STRIP   if EXTERNAL_TOOLCHAIN
 		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help

config/Config-devel.in

@@ -74,6 +74,11 @@ menuconfig DEVEL
 		  Store ccache in this directory.
 		  If not set, uses './.ccache'
 
+	config KERNEL_CFLAGS
+		string "Kernel extra CFLAGS" if DEVEL
+		default "-falign-functions=32" if TARGET_bcm53xx
+		default ""
+
 	config EXTERNAL_KERNEL_TREE
 		string "Use external kernel tree" if DEVEL
 		default ""

config/Config-images.in

@@ -286,6 +286,7 @@ menu "Target Images"
 	comment "Image Options"
 
 	source "target/linux/*/image/Config.in"
+	source "target/linux/*/*/image/Config.in"
 
 	config TARGET_KERNEL_PARTSIZE
 		int "Kernel partition size (in MiB)"

config/Config-kernel.in

@@ -81,6 +81,11 @@ config KERNEL_PROFILING
 	  Enable the extended profiling support mechanisms used by profilers such
 	  as OProfile.
 
+config KERNEL_RPI_AXIPERF
+	bool "Compile the kernel with RaspberryPi AXI Performance monitors"
+	default y
+	depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
+
 config KERNEL_UBSAN
 	bool "Compile the kernel with undefined behaviour sanity checker"
 	help
@@ -422,6 +427,11 @@ config KERNEL_KPROBE_EVENTS
 	bool
 	default y if KERNEL_KPROBES
 
+config KERNEL_BPF_KPROBE_OVERRIDE
+	bool
+	depends on KERNEL_KPROBES
+	default n
+
 config KERNEL_AIO
 	bool "Compile the kernel with asynchronous IO support"
 	default y if !SMALL_FLASH

feeds.conf.default

@@ -1,8 +1,4 @@
-src-git-full packages https://git.openwrt.org/feed/packages.git
-src-git-full luci https://git.openwrt.org/project/luci.git
-src-git-full routing https://git.openwrt.org/feed/routing.git
-src-git-full telephony https://git.openwrt.org/feed/telephony.git
-#src-git-full video https://github.com/openwrt/video.git
-#src-git-full targets https://github.com/openwrt/targets.git
-#src-git-full oldpackages http://git.openwrt.org/packages.git
-#src-link custom /usr/src/openwrt/custom-feed
+src-git-full packages https://git.openwrt.org/feed/packages.git;openwrt-22.03
+src-git-full luci https://git.openwrt.org/project/luci.git;openwrt-22.03
+src-git-full routing https://git.openwrt.org/feed/routing.git;openwrt-22.03
+src-git-full telephony https://git.openwrt.org/feed/telephony.git;openwrt-22.03

include/autotools.mk

@@ -35,7 +35,7 @@ define autoreconf
 		$(patsubst %,rm -f %;,$(2)) \
 		$(foreach p,$(3), \
 			if [ -f $(p)/configure.ac ] || [ -f $(p)/configure.in ]; then \
-				[ -d $(p)/autom4te.cache ] && rm -rf autom4te.cache; \
+				[ -d $(p)/autom4te.cache ] && rm -rf $(p)/autom4te.cache; \
 				[ -e $(p)/config.rpath ] || \
 						ln -s $(SCRIPT_DIR)/config.rpath $(p)/config.rpath; \
 				touch NEWS AUTHORS COPYING ABOUT-NLS ChangeLog; \

include/bpf.mk

@@ -63,13 +63,15 @@ BPF_CFLAGS := \
 	-Wno-unused-label \
 	-O2 -emit-llvm -Xclang -disable-llvm-passes
 
-ifeq ($(DUMP),)
+ifneq ($(CONFIG_HAS_BPF_TOOLCHAIN),)
+ifeq ($(DUMP)$(filter download refresh,$(MAKECMDGOALS)),)
   CLANG_VER:=$(shell $(CLANG) -dM -E - < /dev/null | grep __clang_major__ | cut -d' ' -f3)
   CLANG_VER_VALID:=$(shell [ "$(CLANG_VER)" -ge "$(CLANG_MIN_VER)" ] && echo 1 )
   ifeq ($(CLANG_VER_VALID),)
     $(error ERROR: LLVM/clang version too old. Minimum required: $(CLANG_MIN_VER), found: $(CLANG_VER))
   endif
 endif
+endif
 
 define CompileBPF
 	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \

include/depends.mk

@@ -12,6 +12,7 @@
 DEP_FINDPARAMS := -x "*/.svn*" -x ".*" -x "*:*" -x "*\!*" -x "* *" -x "*\\\#*" -x "*/.*_check" -x "*/.*.swp" -x "*/.pkgdir*"
 
 find_md5=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -printf "%p%T@\n" | sort | $(MKHASH) md5
+find_md5_reproducible=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -print0 | xargs -0 $(MKHASH) md5 | sort | $(MKHASH) md5
 
 define rdep
   .PRECIOUS: $(2)

include/host-build.mk

@@ -21,7 +21,7 @@ include $(INCLUDE_DIR)/depends.mk
 include $(INCLUDE_DIR)/quilt.mk
 
 BUILD_TYPES += host
-HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
+HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
 HOST_STAMP_CONFIGURED:=$(HOST_BUILD_DIR)/.configured
 HOST_STAMP_BUILT:=$(HOST_BUILD_DIR)/.built
 HOST_BUILD_PREFIX?=$(if $(IS_PACKAGE_BUILD),$(STAGING_DIR_HOSTPKG),$(STAGING_DIR_HOST))
@@ -130,6 +130,7 @@ define Host/Exports/Default
   $(1) : export STAGING_PREFIX=$$(HOST_BUILD_PREFIX)
   $(1) : export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig:$$(HOST_BUILD_PREFIX)/lib/pkgconfig
   $(1) : export PKG_CONFIG_LIBDIR=$$(HOST_BUILD_PREFIX)/lib/pkgconfig
+  $(1) : export GIT_CEILING_DIRECTORIES=$$(BUILD_DIR_HOST)
   $(if $(HOST_CONFIG_SITE),$(1) : export CONFIG_SITE:=$(HOST_CONFIG_SITE))
   $(if $(IS_PACKAGE_BUILD),$(1) : export PATH=$$(TARGET_PATH_PKG))
 endef
@@ -198,8 +199,8 @@ ifndef DUMP
 
     ifneq ($(CONFIG_AUTOREMOVE),)
       host-compile:
-		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' | \
-			$(XARGS) rm -rf
+		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -print0 | \
+			$(XARGS) -0 rm -rf
     endif
   endef
 endif

include/image-commands.mk

@@ -37,7 +37,11 @@ define Build/package-kernel-ubifs
 endef
 
 define Build/append-image
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 
 ifdef IB
@@ -46,8 +50,12 @@ define Build/append-image-stage
 endef
 else
 define Build/append-image-stage
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 endif
 
@@ -81,6 +89,7 @@ metadata_json = \
 
 define Build/append-metadata
 	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
+	sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
 	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
 		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
 		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
@@ -103,6 +112,15 @@ define Build/append-squashfs-fakeroot-be
 	cat $@.fakesquashfs >> $@
 endef
 
+define Build/append-squashfs4-fakeroot
+	rm -rf $@.fakefs $@.fakesquashfs
+	mkdir $@.fakefs
+	$(STAGING_DIR_HOST)/bin/mksquashfs4 \
+		$@.fakefs $@.fakesquashfs \
+		-nopad -noappend -root-owned
+	cat $@.fakesquashfs >> $@
+endef
+
 define Build/append-string
 	echo -n $(1) >> $@
 endef
@@ -360,13 +378,26 @@ endef
 
 define Build/netgear-dni
 	$(STAGING_DIR_HOST)/bin/mkdniimg \
-		-B $(NETGEAR_BOARD_ID) -v $(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		-B $(NETGEAR_BOARD_ID) -v $(shell cat $(VERSION_DIST)| sed -e 's/[[:space:]]/-/g').$(firstword $(subst -, ,$(REVISION))) \
 		$(if $(NETGEAR_HW_ID),-H $(NETGEAR_HW_ID)) \
 		-r "$(1)" \
 		-i $@ -o $@.new
 	mv $@.new $@
 endef
 
+define Build/netgear-encrypted-factory
+	$(TOPDIR)/scripts/netgear-encrypted-factory.py \
+		--input-file $@ \
+		--output-file $@ \
+		--model $(NETGEAR_ENC_MODEL) \
+		--region $(NETGEAR_ENC_REGION) \
+		--version V1.0.0.0.$(shell cat $(VERSION_DIST)| sed -e 's/[[:space:]]/-/g').$(firstword $(subst -, ,$(REVISION))) \
+		--encryption-block-size 0x20000 \
+		--openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
+		--key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \
+		--iv 4a253169516c38243d6c6d2d3b384145
+endef
+
 define Build/openmesh-image
 	$(TOPDIR)/scripts/om-fwupgradecfg-gen.sh \
 		"$(call param_get_default,ce_type,$(1),$(DEVICE_NAME))" \

include/image.mk

@@ -40,8 +40,10 @@ IMG_PREFIX_VERCODE:=$(if $(CONFIG_VERSION_CODE_FILENAMES),$(call sanitize,$(VERS
 IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$(IMG_PREFIX_EXTRA)$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
 IMG_ROOTFS:=$(IMG_PREFIX)-rootfs
 IMG_COMBINED:=$(IMG_PREFIX)-combined
+ifeq ($(DUMP),)
 IMG_PART_SIGNATURE:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | cut -b1-8)
 IMG_PART_DISKGUID:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | sed -E 's/(.{8})(.{4})(.{4})(.{4})(.{10})../\1-\2-\3-\4-\500/')
+endif
 
 MKFS_DEVTABLE_OPT := -D $(INCLUDE_DIR)/device_table.txt
 
@@ -172,7 +174,9 @@ define Image/pad-to
 	mv $(1).new $(1)
 endef
 
+ifeq ($(DUMP),)
 ROOTFS_PARTSIZE=$(shell echo $$(($(CONFIG_TARGET_ROOTFS_PARTSIZE)*1024*1024)))
+endif
 
 define Image/pad-root-squashfs
 	$(call Image/pad-to,$(KDIR)/root.squashfs,$(if $(1),$(1),$(ROOTFS_PARTSIZE)))
@@ -229,8 +233,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))
 define Image/mkfs/squashfs-common
 	$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
 		-nopad -noappend -root-owned \
-		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-		-processors 1
+		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
 endef
 
 ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
@@ -493,9 +496,9 @@ define Device/Build/initramfs
   $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(1)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 	FILE_NAME="$$(notdir $$^)" \
+	FILE_DIR="$(KDIR)/tmp" \
 	FILE_TYPE="kernel" \
 	FILE_FILESYSTEM="initramfs" \
 	DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \
@@ -525,7 +528,8 @@ endif
 define Device/Build/compile
   $$(_COMPILE_TARGET): $(KDIR)/$(1)
   $(eval $(call Device/Export,$(KDIR)/$(1)))
-  $(KDIR)/$(1):
+  $(KDIR)/$(1): FORCE
+	rm -f $(KDIR)/$(1)
 	$$(call concat_cmd,$(COMPILE/$(1)))
 
 endef
@@ -600,9 +604,9 @@ define Device/Build/image
   $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(DEVICE_NAME)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 	FILE_NAME="$(DEVICE_IMG_NAME)" \
+	FILE_DIR="$(KDIR)/tmp" \
 	FILE_TYPE=$(word 1,$(subst ., ,$(2))) \
 	FILE_FILESYSTEM="$(1)" \
 	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
@@ -646,9 +650,9 @@ define Device/Build/artifact
   $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(DEVICE_NAME)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
 	FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \
+	FILE_DIR="$(KDIR)/tmp" \
 	FILE_TYPE="$(1)" \
 	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
 	DEVICE_VENDOR="$(DEVICE_VENDOR)" \

include/kernel-5.10

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.10 = .107
-LINUX_KERNEL_HASH-5.10.107 = c467c3077946370fb26c9277313b601d6c48bb557abc889f4892caf627fcdfea
+LINUX_VERSION-5.10 = .221
+LINUX_KERNEL_HASH-5.10.221 = da1dd47febac4f7856654038a47703666da3afba348b8e96e39584e0972e2725

include/kernel-5.4

@@ -1,2 +0,0 @@
-LINUX_VERSION-5.4 = .175
-LINUX_KERNEL_HASH-5.4.175 = ac901bdffb1488d6c730ca7ab42322163dd331b240e2f06ad83d199e251a4840

include/kernel-build.mk

@@ -10,7 +10,7 @@ ifneq ($(DUMP),1)
 endif
 
 KERNEL_FILE_DEPENDS=$(GENERIC_BACKPORT_DIR) $(GENERIC_PATCH_DIR) $(GENERIC_HACK_DIR) $(PATCH_DIR) $(GENERIC_FILES_DIR) $(FILES_DIR)
-STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,$(KERNEL_FILE_DEPENDS),)))
+STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),$(KERNEL_FILE_DEPENDS),)))
 STAMP_CONFIGURED:=$(LINUX_DIR)/.configured
 include $(INCLUDE_DIR)/download.mk
 include $(INCLUDE_DIR)/quilt.mk

include/kernel-defaults.mk

@@ -168,19 +168,20 @@ ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),)
 define Kernel/CompileImage/Initramfs
 	$(call Kernel/Configure/Initramfs)
 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
-	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR) $(TARGET_DIR)/init)
 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
 ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
-ifneq ($(qstrip $(CONFIG_EXTERNAL_CPIO)),)
+ifneq ($(call qstrip,$(CONFIG_EXTERNAL_CPIO)),)
 	$(CP) $(CONFIG_EXTERNAL_CPIO) $(KERNEL_BUILD_DIR)/initrd.cpio
 else
-	( cd $(TARGET_DIR); find . | $(STAGING_DIR_HOST)/bin/cpio -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
+	( cd $(TARGET_DIR); find . | LC_ALL=C sort | $(STAGING_DIR_HOST)/bin/cpio --reproducible -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
 endif
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),bzip2 -9 -c < $(KERNEL_BUILD_DIR)/initrd.cpio > $(KERNEL_BUILD_DIR)/initrd.cpio.bzip2)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -n -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),$(STAGING_DIR_HOST)/bin/lzma e -lc1 -lp2 -pb2 $(KERNEL_BUILD_DIR)/initrd.cpio $(KERNEL_BUILD_DIR)/initrd.cpio.lzma)
 # ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -T$(if $(filter 1,$(NPROC)),2,0) -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
 # ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),$(STAGING_DIR_HOST)/bin/zstd -T0 -f -o $(KERNEL_BUILD_DIR)/initrd.cpio.zstd $(KERNEL_BUILD_DIR)/initrd.cpio)
 endif

include/kernel.mk

@@ -101,7 +101,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
 
 KERNEL_MAKE_FLAGS = \
-	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
+	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR))) $(filter-out -fno-plt,$(call qstrip,$(CONFIG_EXTRA_OPTIMIZATION))) $(call qstrip,$(CONFIG_KERNEL_CFLAGS))" \
 	HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes -Wstrict-prototypes" \
 	CROSS_COMPILE="$(KERNEL_CROSS)" \
 	ARCH="$(LINUX_KARCH)" \
@@ -126,7 +126,7 @@ ifeq ($(call qstrip,$(CONFIG_EXTERNAL_KERNEL_TREE))$(call qstrip,$(CONFIG_KERNEL
 	KERNELRELEASE=$(LINUX_VERSION)
 endif
 
-KERNEL_MAKEOPTS := -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
+KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
 
 ifdef CONFIG_USE_SPARSE
   KERNEL_MAKEOPTS += C=1 CHECK=$(STAGING_DIR_HOST)/bin/sparse

include/meson.mk

@@ -65,6 +65,7 @@ define Meson/CreateNativeFile
 		-e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
 		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \
@@ -82,6 +83,7 @@ define Meson/CreateCrossFile
 		-e "s|@NM@|$(TARGET_NM)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
 		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \

include/netfilter.mk

@@ -48,8 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme
 $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))
 
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
 $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
@@ -156,7 +154,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)
 
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
 
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
 
@@ -172,6 +169,12 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
 
+# log
+
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
+
 # nat
 
 # kernel only
@@ -220,11 +223,6 @@ $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_connt
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc))
 
 
-# ulog
-
-$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
-
-
 # nflog
 
 $(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
@@ -311,7 +309,6 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
 
 # watchers
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
-$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
 
@@ -337,12 +334,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ, $(P_XT)nft_masq),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ_IPV4, $(P_V4)nft_masq_ipv4),))
-
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_MASQ_IPV6, $(P_V6)nft_masq_ipv6),))
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB, $(P_XT)nft_fib),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_INET, $(P_XT)nft_fib_inet),))
@@ -357,6 +349,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tp
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
 
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_XFRM,CONFIG_NFT_XFRM, $(P_XT)nft_xfrm),))
+
 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
 IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
@@ -381,7 +375,6 @@ IPT_BUILTIN += $(IPT_NAT6-y)
 IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
 IPT_BUILTIN += $(NF_NATHELPER-y)
 IPT_BUILTIN += $(NF_NATHELPER_EXTRA-y)
-IPT_BUILTIN += $(IPT_ULOG-y)
 IPT_BUILTIN += $(IPT_TPROXY-y)
 IPT_BUILTIN += $(NFNETLINK-y)
 IPT_BUILTIN += $(NFNETLINK_LOG-y)

include/package.mk

@@ -85,7 +85,7 @@ ifneq ($(PREV_STAMP_PREPARED),)
   STAMP_PREPARED:=$(PREV_STAMP_PREPARED)
   CONFIG_AUTOREBUILD:=
 else
-  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
+  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
 endif
 STAMP_CONFIGURED=$(PKG_BUILD_DIR)/.configured$(if $(DUMP),,_$(call confvar,$(PKG_CONFIG_DEPENDS)))
 STAMP_CONFIGURED_WILDCARD=$(PKG_BUILD_DIR)/.configured_*
@@ -173,6 +173,7 @@ define Build/Exports/Default
   $(1) : export CONFIG_SITE:=$$(CONFIG_SITE)
   $(1) : export PKG_CONFIG_PATH:=$$(PKG_CONFIG_PATH)
   $(1) : export PKG_CONFIG_LIBDIR:=$$(PKG_CONFIG_PATH)
+  $(1) : export GIT_CEILING_DIRECTORIES:=$$(BUILD_DIR)
 endef
 Build/Exports=$(Build/Exports/Default)
 
@@ -259,8 +260,8 @@ define Build/CoreTargets
   ifneq ($(CONFIG_AUTOREMOVE),)
     compile:
 		-touch -r $(PKG_BUILD_DIR)/.built $(PKG_BUILD_DIR)/.autoremove 2>/dev/null >/dev/null
-		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir' | \
-			$(XARGS) rm -rf
+		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir'  -print0 | \
+			$(XARGS) -0 rm -rf
   endif
 endef
 

include/prereq-build.mk

@@ -130,7 +130,12 @@ $(eval $(call SetupHostCommand,getopt, \
 	Please install an extended getopt version that supports --long, \
 	gnugetopt -o t --long test -- --test | grep '^ *--test *--', \
 	getopt -o t --long test -- --test | grep '^ *--test *--', \
-	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--', \
+	/opt/local/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+
+$(eval $(call SetupHostCommand,realpath,Please install a 'realpath' utility, \
+	grealpath /, \
+	realpath /))
 
 $(eval $(call SetupHostCommand,stat,Cannot find a file stat utility, \
 	gnustat -c%s $(TOPDIR)/Makefile, \
@@ -157,27 +162,30 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 $(eval $(call CleanupPython2))
 
 $(eval $(call SetupHostCommand,python,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))
 
 $(eval $(call SetupHostCommand,python3,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))
 
 $(eval $(call TestHostCommand,python3-distutils, \
 	Please install the Python3 distutils module, \
 	$(STAGING_DIR_HOST)/bin/python3 -c 'import distutils'))
 
 $(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
-	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
+	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \
+	git submodule --help | grep -- --recursive))
 
 $(eval $(call SetupHostCommand,file,Please install the 'file' package, \
 	file --version 2>&1 | grep file))
@@ -194,7 +202,10 @@ $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<
 
-prereq: $(STAGING_DIR_HOST)/bin/mkhash
+$(STAGING_DIR_HOST)/bin/xxd: $(SCRIPT_DIR)/xxdi.pl
+	$(LN) $< $@
+
+prereq: $(STAGING_DIR_HOST)/bin/mkhash $(STAGING_DIR_HOST)/bin/xxd
 
 # Install ldconfig stub
 $(eval $(call TestHostCommand,ldconfig-stub,Failed to install stub, \

include/scan.mk

@@ -49,7 +49,8 @@ define PackageDir
 		$$(call progress,Collecting $(SCAN_NAME) info: $(SCAN_DIR)/$(2)) \
 		echo Source-Makefile: $(SCAN_DIR)/$(2)/Makefile; \
 		$(if $(3),echo Override: $(3),true); \
-		$(NO_TRACE_MAKE) --no-print-dir -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) 2>/dev/null || { \
+		$(if $(findstring c,$(OPENWRT_VERBOSE)),$(MAKE),$(NO_TRACE_MAKE) --no-print-dir) -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) \
+			$(if $(findstring c,$(OPENWRT_VERBOSE)),,2>/dev/null) || { \
 			mkdir -p "$(TOPDIR)/logs/$(SCAN_DIR)/$(2)"; \
 			$(NO_TRACE_MAKE) --no-print-dir -r DUMP=1 FEED="$(call feedname,$(2))" -C $(SCAN_DIR)/$(2) $(SCAN_MAKEOPTS) > $(TOPDIR)/logs/$(SCAN_DIR)/$(2)/dump.txt 2>&1; \
 			$$(call progress,ERROR: please fix $(SCAN_DIR)/$(2)/Makefile - see logs/$(SCAN_DIR)/$(2)/dump.txt for details\n) \
@@ -72,7 +73,7 @@ endif
 
 $(FILELIST): $(OVERRIDELIST)
 	rm -f $(TMP_DIR)/info/.files-$(SCAN_TARGET)-*
-	find -L $(SCAN_DIR) $(SCAN_EXTRA) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
+	find -L $(SCAN_DIR) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) $(SCAN_EXTRA) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
 
 $(TMP_DIR)/info/.files-$(SCAN_TARGET).mk: $(FILELIST)
 	( \

include/target.mk

@@ -68,7 +68,7 @@ endif
 
 target_conf=$(subst .,_,$(subst -,_,$(subst /,_,$(1))))
 ifeq ($(DUMP),)
-  PLATFORM_DIR:=$(TOPDIR)/target/linux/$(BOARD)
+  PLATFORM_DIR:=$(firstword $(wildcard $(TOPDIR)/target/linux/feeds/$(BOARD) $(TOPDIR)/target/linux/$(BOARD)))
   SUBTARGET:=$(strip $(foreach subdir,$(patsubst $(PLATFORM_DIR)/%/target.mk,%,$(wildcard $(PLATFORM_DIR)/*/target.mk)),$(if $(CONFIG_TARGET_$(call target_conf,$(BOARD)_$(subdir))),$(subdir))))
 else
   PLATFORM_DIR:=${CURDIR}
@@ -173,22 +173,30 @@ USE_SUBTARGET_CONFIG = $(if $(wildcard $(LINUX_TARGET_CONFIG)),,$(if $(LINUX_SUB
 LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG)))
 LINUX_RECONFIG_TARGET = $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG),$(LINUX_TARGET_CONFIG))
 
+CFG_TARGET = $(CONFIG_TARGET)
+ifeq ($(CFG_TARGET),platform)
+  CFG_TARGET = target
+  $(warning Deprecation warning: use CONFIG_TARGET=target instead.)
+else ifeq ($(CFG_TARGET),subtarget_platform)
+  CFG_TARGET = subtarget_target
+  $(warning Deprecation warning: use CONFIG_TARGET=subtarget_target instead.)
+endif
+
 # select the config file to be changed by kernel_menuconfig/kernel_oldconfig
-ifeq ($(CONFIG_TARGET),platform)
+ifeq ($(CFG_TARGET),target)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget)
+else ifeq ($(CFG_TARGET),subtarget)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(LINUX_SUBTARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_SUBTARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget_platform)
+else ifeq ($(CFG_TARGET),subtarget_target)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_SUBTARGET_CONFIG) $(LINUX_TARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),env)
+else ifeq ($(CFG_TARGET),env)
   LINUX_RECONFIG_LIST = $(LINUX_KCONFIG_LIST)
   LINUX_RECONFIG_TARGET = $(TOPDIR)/env/kernel-config
+else ifneq ($(strip $(CFG_TARGET)),)
+  $(error CONFIG_TARGET=$(CFG_TARGET) is invalid. Valid: target|subtarget|subtarget_target|env)
 endif
 
 __linux_confcmd = $(2) $(patsubst %,+,$(wordlist 2,9999,$(1))) $(1)

include/trusted-firmware-a.mk

@@ -1,5 +1,5 @@
 PKG_NAME ?= trusted-firmware-a
-PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware
+PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a
 
 ifndef PKG_SOURCE_PROTO
 PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
@@ -68,6 +68,9 @@ define Build/Trusted-Firmware-A/Target
   endef
 endef
 
+define Build/Configure/Trusted-Firmware-A
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/include
+endef
 
 define Build/Compile/Trusted-Firmware-A
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),SNAPSHOT)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),22.03-SNAPSHOT)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
 VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION))
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/22.03-SNAPSHOT)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/Makefile

@@ -92,6 +92,10 @@ $(curdir)/index: FORCE
 			$(call ERROR_MESSAGE,WARNING: Applying padding in $$d/Packages to workaround usign SHA-512 bug!); \
 			{ echo ""; echo ""; } >> Packages;; \
 		esac; \
+		echo -n '{"architecture": "$(ARCH_PACKAGES)", "packages":{' > index.json; \
+		sed -n -e 's/^Package: \(.*\)$$/"\1":/p' -e 's/^Version: \(.*\)$$/"\1",/p' Packages | tr '\n' ' ' >> index.json; \
+		echo '}}' >> index.json; \
+		sed -i 's/, }}/}}/' index.json; \
 		gzip -9nc Packages > Packages.gz; \
 	); done
 ifdef CONFIG_SIGNED_PACKAGES

package/base-files/files/bin/config_generate

@@ -96,7 +96,7 @@ generate_network() {
 
 	json_select network
 		json_select "$1"
-			json_get_vars device macaddr protocol ipaddr netmask vlan
+			json_get_vars device macaddr metric protocol ipaddr netmask vlan
 			json_get_values ports ports
 		json_select ..
 	json_select ..
@@ -154,6 +154,7 @@ generate_network() {
 		set network.$1='interface'
 		set network.$1.type='$type'
 		set network.$1.device='$device'
+		set network.$1.metric='$metric'
 		set network.$1.proto='none'
 	EOF
 

package/base-files/files/lib/functions.sh

@@ -386,6 +386,9 @@ group_add_user() {
 	echo "$grp" | grep -q ":$" && delim=""
 	[ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
 	sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
+	if [ -z "$IPKG_INSTROOT" ] && [ -x /usr/sbin/selinuxenabled ] && selinuxenabled; then
+		restorecon /etc/group
+	fi
 	[ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
 }
 

package/base-files/files/lib/functions/system.sh

@@ -79,6 +79,37 @@ mtd_get_mac_ascii() {
 	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
 }
 
+mtd_get_mac_encrypted_arcadyan() {
+	local iv="00000000000000000000000000000000"
+	local key="2A4B303D7644395C3B2B7053553C5200"
+	local mac_dirty
+	local mtdname="$1"
+	local part
+	local size
+
+	part=$(find_mtd_part "$mtdname")
+	if [ -z "$part" ]; then
+		echo "mtd_get_mac_encrypted_arcadyan: partition $mtdname not found!" >&2
+		return
+	fi
+
+	# Config decryption and getting mac. Trying uencrypt and openssl utils.
+	size=$((0x$(dd if=$part skip=9 bs=1 count=4 2>/dev/null | hexdump -v -e '1/4 "%08x"')))
+	if [[ -f  "/usr/bin/uencrypt" ]]; then
+		mac_dirty=$(dd if=$part bs=1 count=$size skip=$((0x100)) 2>/dev/null | \
+			uencrypt -d -n -k $key -i $iv | grep mac | cut -c 5-)
+	elif [[ -f  "/usr/bin/openssl" ]]; then
+		mac_dirty=$(dd if=$part bs=1 count=$size skip=$((0x100)) 2>/dev/null | \
+			openssl aes-128-cbc -d -nopad -K $key -iv $iv | grep mac | cut -c 5-)
+	else
+		echo "mtd_get_mac_encrypted_arcadyan: Neither uencrypt nor openssl was found!" >&2
+		return
+	fi
+
+	# "canonicalize" mac
+	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
+}
+
 mtd_get_mac_text() {
 	local mtdname=$1
 	local offset=$(($2))

package/base-files/files/lib/upgrade/fwtool.sh

@@ -71,6 +71,7 @@ fwtool_check_image() {
 
 			# minor compat version -> sysupgrade with -n required
 			if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [ "$SAVE_CONFIG" = "1" ]; then
+				[ "$IGNORE_MINOR_COMPAT" = 1 ] && return 0
 				v "The device is supported, but the config is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade without keeping config (sysupgrade -n)."
 				[ -n "$compatmessage" ] && v "$compatmessage"
 				return 1

package/base-files/files/lib/upgrade/nand.sh

@@ -143,6 +143,7 @@ nand_upgrade_prepare_ubi() {
 		ubiattach -m "$mtdnum"
 		sync
 		ubidev="$( nand_find_ubi "$CI_UBIPART" )"
+		[ ! "$ubidev" ] && return 1
 		[ "$has_env" -gt 0 ] && {
 			ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
 			ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
@@ -154,8 +155,13 @@ nand_upgrade_prepare_ubi() {
 	local data_ubivol="$( nand_find_volume $ubidev rootfs_data )"
 
 	local ubiblk ubiblkvol
-	for ubiblk in /dev/ubiblock*_? ; do
+	for ubiblk in /dev/ubiblock${ubidev:3}_* ; do
 		[ -e "$ubiblk" ] || continue
+		case "$ubiblk" in
+		/dev/ubiblock*_*p*)
+			continue
+			;;
+		esac
 		echo "removing ubiblock${ubiblk:13}"
 		ubiblkvol=ubi${ubiblk:13}
 		if ! ubiblock -r /dev/$ubiblkvol; then
@@ -165,9 +171,9 @@ nand_upgrade_prepare_ubi() {
 	done
 
 	# kill volumes
-	[ "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_KERNPART || true
-	[ "$root_ubivol" -a "$root_ubivol" != "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_ROOTPART || true
-	[ "$data_ubivol" ] && ubirmvol /dev/$ubidev -N rootfs_data || true
+	[ "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_KERNPART || :
+	[ "$root_ubivol" -a "$root_ubivol" != "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_ROOTPART || :
+	[ "$data_ubivol" ] && ubirmvol /dev/$ubidev -N rootfs_data || :
 
 	# update kernel
 	if [ -n "$kernel_length" ]; then

package/base-files/files/lib/upgrade/stage2

@@ -41,7 +41,7 @@ switch_to_ramfs() {
 		pivot_root mount_root reboot sync kill sleep		\
 		md5sum hexdump cat zcat dd tar				\
 		ls basename find cp mv rm mkdir rmdir mknod touch chmod \
-		'[' printf wc grep awk sed cut				\
+		'[' printf wc grep awk sed cut tail			\
 		mtd partx losetup mkfs.ext4 nandwrite flash_erase	\
 		ubiupdatevol ubiattach ubiblock ubiformat		\
 		ubidetach ubirsvol ubirmvol ubimkvol			\

package/base-files/files/sbin/sysupgrade

@@ -19,6 +19,7 @@ export CONF_IMAGE=
 export CONF_BACKUP_LIST=0
 export CONF_BACKUP=
 export CONF_RESTORE=
+export IGNORE_MINOR_COMPAT=0
 export NEED_IMAGE=
 export HELP=0
 export FORCE=0
@@ -44,6 +45,7 @@ while [ -n "$1" ]; do
 		-F|--force) export FORCE=1;;
 		-T|--test) export TEST=1;;
 		-h|--help) export HELP=1; break;;
+		--ignore-minor-compat-version) export IGNORE_MINOR_COMPAT=1;;
 		-*)
 			echo "Invalid option: $1" >&2
 			exit 1
@@ -80,6 +82,8 @@ upgrade-option:
 	             Verify image and config .tar.gz but do not actually flash.
 	-F | --force
 	             Flash image even if image checks fail, this is dangerous!
+	--ignore-minor-compat-version
+		     Flash image even if the minor compat version is incompatible.
 	-q           less verbose
 	-v           more verbose
 	-h | --help  display this help

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/snapshots"
+		default "https://downloads.openwrt.org/releases/22.03-SNAPSHOT"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/boot/arm-trusted-firmware-mediatek/Makefile

@@ -91,10 +91,6 @@ TFA_MAKE_FLAGS += \
 	$(if $(DDR3_FLYBY),DDR3_FLYBY=1) \
 	all
 
-define Build/Configure
-	$(call Build/Configure/Default)
-endef
-
 define Package/trusted-firmware-a/install
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/mt7622/release/bl2.img $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl2.img

package/boot/arm-trusted-firmware-mediatek/patches/120-mt7622-bl2_boot_snand-skip-bad-blocks.patch

@@ -0,0 +1,40 @@
+--- a/plat/mediatek/mt7622/bl2_boot_snand.c
++++ b/plat/mediatek/mt7622/bl2_boot_snand.c
+@@ -21,6 +21,10 @@
+ #define FIP_BASE			0x80000
+ #define FIP_SIZE			0x200000
+ 
++#ifndef NMBM
++#define SNAND_MAX_BAD_BLOCK		3
++#endif
++
+ struct snfi_gpio_mux_info {
+ 	const uint32_t *pins;
+ 	uint32_t count;
+@@ -45,12 +49,26 @@ static size_t snand_read_range(int lba,
+ 	size_t sizeremain = size, chunksize;
+ 	uint64_t off = lba * cinfo.pagesize;
+ 	uint8_t *ptr = (uint8_t *)buf;
++	struct mtk_snand_chip_info info;
++	unsigned int bad_blocks = 0;
+ 	int ret = 0;
+ 
+ 	if (!snf)
+ 		return 0;
+ 
++	ret = mtk_snand_get_chip_info(snf, &info);
++	if (ret)
++		return 0;
++
+ 	while (sizeremain) {
++		while (mtk_snand_block_isbad(snf, off)) {
++			if (bad_blocks > SNAND_MAX_BAD_BLOCK)
++				return size - sizeremain;
++
++			off += info.blocksize;
++			++bad_blocks;
++		}
++
+ 		chunksize = cinfo.pagesize;
+ 		if (chunksize > sizeremain)
+ 			chunksize = sizeremain;

package/boot/at91bootstrap/Makefile

@@ -9,10 +9,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=at91bootstrap
-PKG_VERSION:=v4.0.1
-PKG_MIRROR_HASH:=3d45a4bcb52162097d4cdf042b8fe1ccf53e88b512e7541f42a23f2a73692a69
-PKG_SOURCE_VERSION:=4d41296e9ae12379555fb46a941897e7264600a2
+PKG_VERSION:=v4.0.3
+PKG_MIRROR_HASH:=1ecdc31a13350fcdcaa3f77ed8ad73906f79fc668dbb2f337e1d5dd877bf9882
+PKG_SOURCE_VERSION:=1d9e673698d9db4a4f2301559f481274de2e75ae
 BINARIES_DIR:=build/binaries
+PKG_CPE_ID:=cpe:/a:linux4sam:at91bootstrap
 
 AT91BOOTSTRAP_V4=y
 ifdef CONFIG_PACKAGE_at91bootstrap-sama5d4_xplaineddf_uboot_secure
@@ -136,12 +137,6 @@ define AT91Bootstrap/sama5d27_som1_eksd_uboot
   BUILD_DEVICES:=microchip_sama5d27-som1-ek
 endef
 
-define AT91Bootstrap/sama5d27_som1_eksd1_uboot
-  TITLE:=AT91Bootstrap for SAMA5D27 SOM1 Ek (SDcard1)
-  BUILD_SUBTARGET:=sama5
-  BUILD_DEVICES:=microchip_sama5d27-som1-ek
-endef
-
 define AT91Bootstrap/sama5d27_som1_ekqspi_uboot
   TITLE:=AT91Bootstrap for SAMA5D27 SOM1 Ek (QSPI Flash)
   BUILD_SUBTARGET:=sama5
@@ -193,7 +188,7 @@ AT91BOOTSTRAP_TARGETS := \
 	sama5d4_xplainednf_uboot_secure \
 	sama5d4_xplaineddf_uboot_secure \
 	sama5d4_xplainedsd_uboot_secure \
-	sama5d27_som1_eksd1_uboot \
+	sama5d27_som1_eksd_uboot \
 	sama5d27_som1_ekqspi_uboot \
 	sama5d27_wlsom1_eksd_uboot \
 	sama5d27_wlsom1_ekdf_qspi_uboot \

package/boot/grub2/Makefile

@@ -6,7 +6,6 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=grub
-PKG_CPE_ID:=cpe:/a:gnu:grub2
 PKG_VERSION:=2.06
 PKG_RELEASE:=$(AUTORELEASE)
 
@@ -14,6 +13,9 @@ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/grub
 PKG_HASH:=b79ea44af91b93d17cd3fe80bdae6ed43770678a9a5ae192ccea803ebb657ee1
 
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_CPE_ID:=cpe:/a:gnu:grub2
+
 HOST_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=grub2/host
 

package/boot/tfa-layerscape/Makefile

@@ -14,7 +14,7 @@ PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/atf
 PKG_SOURCE_VERSION:=LSDK-21.08
-PKG_MIRROR_HASH:=500da1f5743255b2c301b89fba4df31d05a7dfbc731fbf137a88caf86f5568d0
+PKG_MIRROR_HASH:=893f2d28a77dcc9d4413a619b4719ca5f1f4dc78dd824a8488e7d543e66bcf95
 PKG_BUILD_DEPENDS:=tfa-layerscape/host
 
 include $(INCLUDE_DIR)/host-build.mk

package/boot/uboot-at91/Makefile

@@ -7,13 +7,13 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=linux4sam-2021.10
+PKG_VERSION:=linux4sam-2022.04
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/linux4sam/u-boot-at91.git
-PKG_MIRROR_HASH:=f1190062f2012b182b45b78263a4cce4ada9b7b8d6f5a66d68fa51437105fc8c
-PKG_SOURCE_VERSION:=39854ce82232cdc05c20158d0439bdbc40991e4a
+PKG_MIRROR_HASH:=56bbac45f71aaf39b365661db2a76c6c8415e27f7147b27bb58312b12756c8f3
+PKG_SOURCE_VERSION:=7b59654a486d39dc8e0343e2554699b8a79c7a54
 
 include $(INCLUDE_DIR)/u-boot.mk
 include $(INCLUDE_DIR)/package.mk
@@ -107,8 +107,8 @@ define U-Boot/sama5d4_xplained_nandflash
   BUILD_DEVICES:=microchip_sama5d3-xplained
 endef
 
-define U-Boot/sama5d27_som1_ek_mmc1
-  NAME:=SAMA5D27 SOM1 Ek (SDCard1)
+define U-Boot/sama5d27_som1_ek_mmc
+  NAME:=SAMA5D27 SOM1 Ek (SDCard0)
   BUILD_SUBTARGET:=sama5
   BUILD_DEVICES:=microchip_sama5d27-som1-ek
 endef
@@ -163,7 +163,7 @@ UBOOT_TARGETS := \
 	sama5d4_xplained_mmc \
 	sama5d4_xplained_spiflash \
 	sama5d4_xplained_nandflash\
-	sama5d27_som1_ek_mmc1 \
+	sama5d27_som1_ek_mmc \
 	sama5d27_som1_ek_qspiflash \
 	sama5d27_wlsom1_ek_mmc \
 	sama5d27_wlsom1_ek_qspiflash \
@@ -174,9 +174,9 @@ UBOOT_TARGETS := \
 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		CROSS_COMPILE=$(TARGET_CROSS) \
-		DTC=$(PKG_BUILD_DIR)/scripts/dtc/dtc \
 		KCFLAGS="$(filter-out -fstack-protector \
-		-mfloat-abi=hard, $(TARGET_CFLAGS)) -mfloat-abi=soft"
+		-mfloat-abi=hard, $(TARGET_CFLAGS)) -mfloat-abi=soft" \
+		$(UBOOT_MAKE_FLAGS)
 endef
 
 $(eval $(call BuildPackage/U-Boot))

package/boot/uboot-at91/patches/001-fix-Wformat-security.patch

@@ -10,11 +10,9 @@ Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
  drivers/pinctrl/pinctrl-uclass.c | 2 +-
  3 files changed, 3 insertions(+), 3 deletions(-)
 
-diff --git a/cmd/panic.c b/cmd/panic.c
-index f13b3f094fab..197e2d0870ff 100644
 --- a/cmd/panic.c
 +++ b/cmd/panic.c
-@@ -11,7 +11,7 @@ static int do_panic(struct cmd_tbl *cmdtp, int flag, int argc,
+@@ -11,7 +11,7 @@ static int do_panic(struct cmd_tbl *cmdt
  {
  	char *text = (argc < 2) ? "" : argv[1];
  
@@ -23,11 +21,9 @@ index f13b3f094fab..197e2d0870ff 100644
  
  	return CMD_RET_SUCCESS;
  }
-diff --git a/cmd/version.c b/cmd/version.c
-index 3686b8733249..35b52c48171d 100644
 --- a/cmd/version.c
 +++ b/cmd/version.c
-@@ -19,7 +19,7 @@ static int do_version(struct cmd_tbl *cmdtp, int flag, int argc,
+@@ -24,7 +24,7 @@ static int do_version(struct cmd_tbl *cm
  {
  	char buf[DISPLAY_OPTIONS_BANNER_LENGTH];
  
@@ -36,11 +32,9 @@ index 3686b8733249..35b52c48171d 100644
  #ifdef CC_VERSION_STRING
  	puts(CC_VERSION_STRING "\n");
  #endif
-diff --git a/drivers/pinctrl/pinctrl-uclass.c b/drivers/pinctrl/pinctrl-uclass.c
-index b0f30aa1f758..aa62a890609a 100644
 --- a/drivers/pinctrl/pinctrl-uclass.c
 +++ b/drivers/pinctrl/pinctrl-uclass.c
-@@ -371,7 +371,7 @@ int pinctrl_get_pin_name(struct udevice *dev, int selector, char *buf,
+@@ -375,7 +375,7 @@ int pinctrl_get_pin_name(struct udevice
  	if (!ops->get_pin_name)
  		return -ENOSYS;
  
@@ -49,6 +43,3 @@ index b0f30aa1f758..aa62a890609a 100644
  
  	return 0;
  }
--- 
-2.33.0
-

package/boot/uboot-bcm4908/Makefile

@@ -7,9 +7,9 @@ PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.openwrt.org/project/bcm63xx/u-boot.git
-PKG_SOURCE_DATE:=2022-03-15
-PKG_SOURCE_VERSION:=0625aad74d1f5b6f9c068955ad3fd7f6df635e50
-PKG_MIRROR_HASH:=0602e0e4f101ead206940eccca832b75191905c1e81290340a89b07dbee7a6ce
+PKG_SOURCE_DATE:=2022-12-08
+PKG_SOURCE_VERSION:=4435700d18a791dca0d8d767e5414dfac9df4451
+PKG_MIRROR_HASH:=6062ce611d7222eb3b9768bb4944ff1c7bcf26b997280adf5ea8d7afe83f28a8
 
 include $(INCLUDE_DIR)/u-boot.mk
 include $(INCLUDE_DIR)/package.mk
@@ -23,11 +23,13 @@ endef
 define U-Boot/bcm4908
   NAME:=Broadcom's BCM4908
   UBOOT_CONFIG:=bcm94908
+  SOC:=bcm4908
 endef
 
 define U-Boot/bcm4912
   NAME:=Broadcom's BCM4912
   UBOOT_CONFIG:=bcm94912
+  SOC:=bcm4912
 endef
 
 UBOOT_TARGETS := \
@@ -46,8 +48,8 @@ endef
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)/u-boot
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(UBOOT_IMAGE) $(STAGING_DIR_IMAGE)/u-boot/
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/u-boot.dtb $(STAGING_DIR_IMAGE)/u-boot/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(UBOOT_IMAGE) $(STAGING_DIR_IMAGE)/u-boot/u-boot-$(SOC).bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/u-boot.dtb $(STAGING_DIR_IMAGE)/u-boot/u-boot-$(SOC).dtb
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/arch/arm/dts/*.dtb $(STAGING_DIR_IMAGE)/u-boot/
 endef
 

package/boot/uboot-envtools/files/ath79

@@ -69,6 +69,8 @@ samsung,wam250|\
 ubnt,nanostation-m|\
 yuncore,a770|\
 yuncore,a782|\
+yuncore,a930|\
+yuncore,xd3200|\
 yuncore,xd4200|\
 ziking,cpe46b|\
 zyxel,nbg6616)
@@ -78,7 +80,8 @@ buffalo,wzr-hp-ag300h)
 	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x10000" "0x10000"
 	;;
 buffalo,wzr-hp-g300nh-rb|\
-buffalo,wzr-hp-g300nh-s)
+buffalo,wzr-hp-g300nh-s|\
+linksys,ea4500-v3)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
 	;;
 domywifi,dw33d)
@@ -123,6 +126,16 @@ plasmacloud,pa300e)
 qihoo,c301)
 	ubootenv_add_uci_config "/dev/mtd9" "0x0" "0x10000" "0x10000"
 	;;
+ruckus,zf7321|\
+ruckus,zf7372)
+	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x40000" "0x10000"
+	;;
+sophos,ap55|\
+sophos,ap55c|\
+sophos,ap100|\
+sophos,ap100c)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x10000"
+	;;
 wallys,dr531)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0xf800" "0x10000"
 	;;

package/boot/uboot-envtools/files/ipq40xx

@@ -26,6 +26,7 @@ ubootenv_mtdinfo () {
 	fi
 
 	sectors=$(( $ubootenv_size / $mtd_erase ))
+	sectors=$(printf "0x%x" $sectors )
 	echo /dev/$mtd_dev 0x0 $ubootenv_size $mtd_erase $sectors
 }
 

package/boot/uboot-envtools/files/ipq806x

@@ -26,10 +26,12 @@ ubootenv_mtdinfo () {
 	fi
 
 	sectors=$(( $ubootenv_size / $mtd_erase ))
+	sectors=$(printf "0x%x" $sectors )
 	echo /dev/$mtd_dev 0x0 $ubootenv_size $mtd_erase $sectors
 }
 
 case "$board" in
+arris,tr4400-v2|\
 askey,rt4230w-rev6)
 	ubootenv_add_uci_config "/dev/mtd9" "0x0" "0x40000" "0x20000"
 	;;

package/boot/uboot-envtools/files/mediatek_mt7622

@@ -39,7 +39,10 @@ ruijie,rg-ew3200gx-pro)
 	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x20000" "0x20000"
 	;;
 ubnt,unifi-6-lr-ubootmod)
-	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x4000" "0x10000"
+	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x4000" "0x1000"
+	;;
+xiaomi,redmi-router-ax6s)
+	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x10000" "0x40000"
 	;;
 esac
 

package/boot/uboot-envtools/files/mpc85xx

@@ -8,10 +8,17 @@ touch /etc/config/ubootenv
 board=$(board_name)
 
 case "$board" in
+extreme-networks,ws-ap3825i)
+	ubootenv_add_uci_config "$(find_mtd_part 'cfg1')" "0x0" "0x10000" "0x20000"
+	ubootenv_add_uci_config "$(find_mtd_part 'cfg2')" "0x0" "0x10000" "0x20000"
+	;;
 ocedo,panda)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
 	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000"
 	;;
+watchguard,firebox-t10)
+	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x2000" "0x10000"
+	;;
 aerohive,hiveap-330)
 	ubootenv_add_uci_config "$(find_mtd_part 'u-boot-env')" "0x0" "0x20000" "0x10000"
 	;;

package/boot/uboot-envtools/files/oxnas

@@ -14,7 +14,7 @@ board=$(board_name)
 case "$board" in
 "cloudengines,pogoplug"*|\
 "shuttle,kd20")
-	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x2000" "0x2000" "1"
+	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x2000" "0x20000" "1"
 	;;
 "mitrastar,stg-212")
 	ubootenv_add_uci_config "/dev/mtd2" "0x0" "0x20000" "0x20000" "1"

package/boot/uboot-envtools/files/ramips

@@ -18,12 +18,14 @@ alfa-network,quad-e4g|\
 alfa-network,r36m-e4g|\
 alfa-network,tube-e4g|\
 engenius,esr600h|\
-sitecom,wlr-4100-v1-002)
+sitecom,wlr-4100-v1-002|\
+zyxel,keenetic-lite-iii-a)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x1000"
 	;;
 allnet,all0256n-4m|\
 allnet,all0256n-8m|\
-allnet,all5002)
+allnet,all5002|\
+yuncore,ax820)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x10000" "0x10000"
 	;;
 ampedwireless,ally-00x19k|\
@@ -34,10 +36,7 @@ buffalo,wsr-1166dhp|\
 buffalo,wsr-600dhp|\
 mediatek,linkit-smart-7688|\
 samknows,whitebox-v8|\
-xiaomi,mi-router-3g-v2|\
-xiaomi,mi-router-4a-gigabit|\
 xiaomi,mi-router-4c|\
-xiaomi,miwifi-3c|\
 xiaomi,miwifi-nano|\
 zbtlink,zbt-wg2626|\
 zte,mf283plus)
@@ -49,7 +48,9 @@ ravpower,rp-wd03)
 	[ -n "$idx" ] && \
 		ubootenv_add_uci_config "/dev/mtd$idx" "0x4000" "0x1000" "0x1000"
 	;;
-jcg,q20)
+asus,rt-ax53u|\
+jcg,q20|\
+netgear,wax202)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x20000" "0x20000"
 	;;
 beeline,smartbox-flash|\
@@ -59,18 +60,34 @@ linksys,ea7300-v2|\
 linksys,ea7500-v2|\
 linksys,ea8100-v1|\
 linksys,ea8100-v2|\
+mts,wg430223)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
+	;;
+snr,cpe-w4n-mt)
+	idx="$(find_mtd_index uboot-env)"
+	[ -n "$idx" ] && \
+		ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x1000" "0x1000"
+	;;
+xiaomi,mi-router-3g-v2|\
+xiaomi,mi-router-4a-gigabit|\
+xiaomi,miwifi-3c)
+	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x10000"
+	ubootenv_add_uci_sys_config "/dev/mtd2" "0x0" "0x4000" "0x10000"
+	;;
 xiaomi,mi-router-3g|\
 xiaomi,mi-router-3-pro|\
 xiaomi,mi-router-4|\
 xiaomi,mi-router-ac2100|\
 xiaomi,redmi-router-ac2100)
 	ubootenv_add_uci_config "/dev/mtd1" "0x0" "0x1000" "0x20000"
+	ubootenv_add_uci_sys_config "/dev/mtd2" "0x0" "0x4000" "0x20000"
 	;;
 zyxel,nr7101)
 	idx="$(find_mtd_index Config)"
 	[ -n "$idx" ] && \
 		ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x1000" "0x80000"
 	;;
+bolt,arion|\
 xiaomi,mi-router-cr6606|\
 xiaomi,mi-router-cr6608|\
 xiaomi,mi-router-cr6609)
@@ -79,6 +96,6 @@ xiaomi,mi-router-cr6609)
 esac
 
 config_load ubootenv
-config_foreach ubootenv_add_app_config ubootenv
+config_foreach ubootenv_add_app_config
 
 exit 0

package/boot/uboot-envtools/files/realtek

@@ -15,7 +15,10 @@ zyxel,gs1900-8|\
 zyxel,gs1900-8hp-v1|\
 zyxel,gs1900-8hp-v2|\
 zyxel,gs1900-10hp|\
+zyxel,gs1900-16|\
 zyxel,gs1900-24-v1|\
+zyxel,gs1900-24e|\
+zyxel,gs1900-24hp-v1|\
 zyxel,gs1900-24hp-v2)
 	idx="$(find_mtd_index u-boot-env)"
 	[ -n "$idx" ] && \

package/boot/uboot-fritz4040/Makefile

@@ -10,9 +10,9 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_SOURCE_URL:=https://github.com/chunkeey/FritzBox-4040-UBOOT
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_VERSION:=f92be9d783b1210c020d5d6129e210a94bb7e290
-PKG_SOURCE_DATE:=2019-10-19
-PKG_MIRROR_HASH:=e40a7f624b1758b276f81c765ef1da568c595b8bd54568b9cceca7d170ebc612
+PKG_SOURCE_VERSION:=9d89013f9cc963eca25856c61fa066091d35f8de
+PKG_SOURCE_DATE:=2022-05-01
+PKG_MIRROR_HASH:=4f2a3782ba359e6d901b536d1d685026913c14426f8e58ba9673281f20675050
 
 PKG_RELEASE:=$(AUTORELEASE)
 

package/boot/uboot-imx/Makefile

@@ -23,7 +23,7 @@ endef
 define U-Boot/apalis_imx6
   NAME:=Toradex Apalis
   UBOOT_IMAGE:=SPL u-boot.img u-boot-with-spl.imx
-  UBOOT_MAKE_FLAGS:=SPL u-boot.img u-boot-with-spl.imx
+  UBOOT_MAKE_FLAGS+=SPL u-boot.img u-boot-with-spl.imx
   BUILD_SUBTARGET:=cortexa9
   BUILD_DEVICES:=toradex_apalis
 endef
@@ -31,7 +31,7 @@ endef
 define U-Boot/mx6cuboxi
   NAME:=SolidRun Cubox-i boards
   UBOOT_IMAGE:=SPL u-boot.img
-  UBOOT_MAKE_FLAGS:=SPL u-boot.img
+  UBOOT_MAKE_FLAGS+=SPL u-boot.img
   BUILD_SUBTARGET:=cortexa9
   BUILD_DEVICES:=solidrun_cubox-i
 endef

package/boot/uboot-layerscape/Makefile

@@ -14,7 +14,7 @@ PKG_RELEASE:=$(AUTORELEASE)
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot
 PKG_SOURCE_VERSION:=LSDK-21.08
-PKG_MIRROR_HASH:=874e871755ef84ebbf35cc247f0979ec18ed1946e4dca71006a83463b2899db1
+PKG_MIRROR_HASH:=54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6
 
 include $(INCLUDE_DIR)/u-boot.mk
 include $(INCLUDE_DIR)/package.mk

package/boot/uboot-layerscape/files/fsl_ls1021a-iot-sdboot-uEnv.txt

@@ -2,7 +2,7 @@ fdtaddr=0x8f000000
 loadaddr=0x81000000
 fdt_high=0x8fffffff
 initrd_high=0xffffffff
-sd_boot=ext4load mmc 0:1 $loadaddr fitImage;bootm $loadaddr
+sd_boot=ext4load mmc 0:1 ${loadaddr} fitImage;bootm ${loadaddr}
 bootargs=root=/dev/mmcblk0p2 rw rootwait rootfstype=squashfs,f2fs noinitrd earlycon=uart8250,mmio,0x21c0500 console=ttyS0,115200
 bootcmd=echo starting openwrt ...;run sd_boot
 bootdelay=3

package/boot/uboot-layerscape/patches/0900-layerscape-adjust-LS1021A-IOT-config-for-OpenWrt.patch

@@ -0,0 +1,45 @@
+From b382eeafe01df21da3518b2f1dd7d22ee114efb0 Mon Sep 17 00:00:00 2001
+From: Pawel Dembicki <paweldembicki@gmail.com>
+Date: Mon, 24 Oct 2022 14:19:38 +0200
+Subject: [PATCH] layerscape: adjust LS1021A-IOT config for OpenWrt
+
+Two configs are required:
+  - FIT
+  - Ext4load
+
+Let's enable it. U-boot is now bigger than 512K. Let's enlarge it to
+768K. Envs start at 1M, so it will fit.
+
+Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
+---
+ configs/ls1021aiot_sdcard_defconfig | 3 +++
+ include/configs/ls1021aiot.h        | 4 ++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+--- a/configs/ls1021aiot_sdcard_defconfig
++++ b/configs/ls1021aiot_sdcard_defconfig
+@@ -27,8 +27,11 @@ CONFIG_CMD_MII=y
+ # CONFIG_CMD_MDIO is not set
+ CONFIG_CMD_PING=y
+ CONFIG_CMD_EXT2=y
++CONFIG_CMD_EXT4=y
+ CONFIG_CMD_FAT=y
+ # CONFIG_SPL_EFI_PARTITION is not set
++CONFIG_FIT=y
++CONFIG_FIT_VERBOSE=y
+ CONFIG_OF_CONTROL=y
+ CONFIG_ENV_OVERWRITE=y
+ CONFIG_ENV_IS_IN_MMC=y
+--- a/include/configs/ls1021aiot.h
++++ b/include/configs/ls1021aiot.h
+@@ -78,8 +78,8 @@
+ 		CONFIG_SYS_MONITOR_LEN)
+ #define CONFIG_SYS_SPL_MALLOC_SIZE	0x100000
+ #define CONFIG_SPL_BSS_START_ADDR	0x80100000
+-#define CONFIG_SPL_BSS_MAX_SIZE		0x80000
+-#define CONFIG_SYS_MONITOR_LEN		0x80000
++#define CONFIG_SPL_BSS_MAX_SIZE		0xc0000
++#define CONFIG_SYS_MONITOR_LEN		0xc0000
+ #endif
+ 
+ #define CONFIG_SYS_DDR_SDRAM_BASE	0x80000000UL

package/boot/uboot-mediatek/001-mtk-0100-arm-dts-mt7622-remove-default-pinctrl-of-uart0.patch

@@ -0,0 +1,45 @@
+From a3ba6adb70c91ec3b9312c3a025faa44acd39cfa Mon Sep 17 00:00:00 2001
+From: Weijie Gao <weijie.gao@mediatek.com>
+Date: Wed, 13 Jul 2022 11:16:39 +0800
+Subject: [PATCH] arm: dts: mt7622: remove default pinctrl of uart0
+
+Currently u-boot running on mt7622 will print an warning log at beginning:
+> serial_mtk serial@11002000: pinctrl_select_state_full: uclass_get_device_by_phandle_id: err=-19
+
+It turns out that the pinctrl uclass can't work properly in board_f stage.
+
+Since the uart0 is the default UART device used by bootrom, and will be
+initialized in both bootrom and tf-a bl2. It's ok not to setup pinctrl for
+uart0 in u-boot.
+
+This patch removes the default pinctrl of uart0 to suppress the unwanted
+warning.
+
+Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
+---
+ arch/arm/dts/mt7622-bananapi-bpi-r64.dts | 2 --
+ arch/arm/dts/mt7622-rfb.dts              | 2 --
+ 2 files changed, 4 deletions(-)
+
+--- a/arch/arm/dts/mt7622-bananapi-bpi-r64.dts
++++ b/arch/arm/dts/mt7622-bananapi-bpi-r64.dts
+@@ -182,8 +182,6 @@
+ };
+ 
+ &uart0 {
+-	pinctrl-names = "default";
+-	pinctrl-0 = <&uart0_pins>;
+ 	status = "okay";
+ };
+ 
+--- a/arch/arm/dts/mt7622-rfb.dts
++++ b/arch/arm/dts/mt7622-rfb.dts
+@@ -189,8 +189,6 @@
+ };
+ 
+ &uart0 {
+-	pinctrl-names = "default";
+-	pinctrl-0 = <&uart0_pins>;
+ 	status = "okay";
+ };
+ 

package/boot/uboot-mediatek/Makefile

@@ -68,7 +68,7 @@ endef
 define U-Boot/mt7622_ubnt_unifi-6-lr
   NAME:=Ubiquiti UniFi 6 LR
   UBOOT_CONFIG:=mt7622_ubnt_unifi-6-lr
-  BUILD_DEVICES:=ubnt_unifi-6-lr-ubootmod
+  BUILD_DEVICES:=ubnt_unifi-6-lr-v1-ubootmod ubnt_unifi-6-lr-v2-ubootmod
   BUILD_SUBTARGET:=mt7622
   UBOOT_IMAGE:=u-boot.fip
   BL2_BOOTDEV:=nor

package/boot/uboot-mediatek/patches/002-0011-arm-dts-mt7622-force-high-speed-mode-for-uart.patch

@@ -0,0 +1,26 @@
+From 79786aa175010dde78f95970939e8efadd7a3295 Mon Sep 17 00:00:00 2001
+From: Weijie Gao <weijie.gao@mediatek.com>
+Date: Wed, 31 Aug 2022 19:04:34 +0800
+Subject: [PATCH 11/32] arm: dts: mt7622: force high-speed mode for uart
+
+The input clock for uart is too slow (25MHz) which introduces frequent data
+error on both receiving and transmitting even if the baudrate is 115200.
+
+Using high-speed can significantly solve this issue.
+
+Reviewed-by: Simon Glass <sjg@chromium.org>
+Signed-off-by: Weijie Gao <weijie.gao@mediatek.com>
+---
+ arch/arm/dts/mt7622.dtsi | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm/dts/mt7622.dtsi
++++ b/arch/arm/dts/mt7622.dtsi
+@@ -191,6 +191,7 @@
+ 		status = "disabled";
+ 		assigned-clocks = <&topckgen CLK_TOP_AXI_SEL>;
+ 		assigned-clock-parents = <&topckgen CLK_TOP_SYSPLL1_D2>;
++		mediatek,force-highspeed;
+ 	};
+ 
+ 	mmc0: mmc@11230000 {

package/boot/uboot-mediatek/patches/050-mt7622-enable-pstore.patch

@@ -15,7 +15,7 @@
 +		ranges;
 +
 +		/* 64 KiB reserved for ramoops/pstore */
-+		ramoops@0x42ff0000 {
++		ramoops@42ff0000 {
 +			compatible = "ramoops";
 +			reg = <0 0x42ff0000 0 0x10000>;
 +			record-size = <0x1000>;

package/boot/uboot-mediatek/patches/060-bootm-fix-typo-imape_comp-image_comp.patch

@@ -0,0 +1,48 @@
+From 22832a0a15227e3fcc364b356247d8aeb9ce45b3 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Sat, 27 Aug 2022 04:05:31 +0100
+Subject: [PATCH 1/2] bootm: fix typo imape_comp -> image_comp
+
+Chage variable name 'imape_comp' to the supposedly intended name
+'image_comp'.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ boot/bootm.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/boot/bootm.c
++++ b/boot/bootm.c
+@@ -973,7 +973,7 @@ static int bootm_host_load_image(const v
+ 	int noffset;
+ 	ulong load_end;
+ 	uint8_t image_type;
+-	uint8_t imape_comp;
++	uint8_t image_comp;
+ 	void *load_buf;
+ 	int ret;
+ 
+@@ -991,20 +991,20 @@ static int bootm_host_load_image(const v
+ 		return -EINVAL;
+ 	}
+ 
+-	if (fit_image_get_comp(fit, noffset, &imape_comp)) {
++	if (fit_image_get_comp(fit, noffset, &image_comp)) {
+ 		puts("Can't get image compression!\n");
+ 		return -EINVAL;
+ 	}
+ 
+ 	/* Allow the image to expand by a factor of 4, should be safe */
+ 	load_buf = malloc((1 << 20) + len * 4);
+-	ret = image_decomp(imape_comp, 0, data, image_type, load_buf,
++	ret = image_decomp(image_comp, 0, data, image_type, load_buf,
+ 			   (void *)data, len, CONFIG_SYS_BOOTM_LEN,
+ 			   &load_end);
+ 	free(load_buf);
+ 
+ 	if (ret) {
+-		ret = handle_decomp_error(imape_comp, load_end - 0, ret);
++		ret = handle_decomp_error(image_comp, load_end - 0, ret);
+ 		if (ret != BOOTM_ERR_UNIMPLEMENTED)
+ 			return ret;
+ 	}

package/boot/uboot-mediatek/patches/061-image-fit-don-t-set-compression-if-it-can-t-be-read.patch

@@ -0,0 +1,71 @@
+From b2c109c012ca946baebbb23e7f4301f6eee4c6f3 Mon Sep 17 00:00:00 2001
+From: Daniel Golle <daniel@makrotopia.org>
+Date: Mon, 15 Aug 2022 12:15:50 +0200
+Subject: [PATCH 2/2] image-fit: don't set compression if it can't be read
+
+fit_image_get_comp() should not set value -1 in case it can't read
+the compression node. Instead, leave the value untouched in that case
+as it can be absent and a default value previously defined by the
+caller of fit_image_get_comp() should be used.
+
+As a result the warning message
+WARNING: 'compression' nodes for ramdisks are deprecated, please fix your .its file!
+no longer shows if the compression node is actually absent.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ boot/bootm.c     | 6 ++----
+ boot/image-fit.c | 3 +--
+ cmd/ximg.c       | 7 ++-----
+ 3 files changed, 5 insertions(+), 11 deletions(-)
+
+--- a/boot/bootm.c
++++ b/boot/bootm.c
+@@ -991,10 +991,8 @@ static int bootm_host_load_image(const v
+ 		return -EINVAL;
+ 	}
+ 
+-	if (fit_image_get_comp(fit, noffset, &image_comp)) {
+-		puts("Can't get image compression!\n");
+-		return -EINVAL;
+-	}
++	if (fit_image_get_comp(fit, noffset, &image_comp))
++		image_comp = IH_COMP_NONE;
+ 
+ 	/* Allow the image to expand by a factor of 4, should be safe */
+ 	load_buf = malloc((1 << 20) + len * 4);
+--- a/boot/image-fit.c
++++ b/boot/image-fit.c
+@@ -476,7 +476,7 @@ void fit_print_contents(const void *fit)
+ void fit_image_print(const void *fit, int image_noffset, const char *p)
+ {
+ 	char *desc;
+-	uint8_t type, arch, os, comp;
++	uint8_t type, arch, os, comp = IH_COMP_NONE;
+ 	size_t size;
+ 	ulong load, entry;
+ 	const void *data;
+@@ -793,7 +793,6 @@ int fit_image_get_comp(const void *fit,
+ 	data = fdt_getprop(fit, noffset, FIT_COMP_PROP, &len);
+ 	if (data == NULL) {
+ 		fit_get_debug(fit, noffset, FIT_COMP_PROP, len);
+-		*comp = -1;
+ 		return -1;
+ 	}
+ 
+--- a/cmd/ximg.c
++++ b/cmd/ximg.c
+@@ -171,11 +171,8 @@ do_imgextract(struct cmd_tbl *cmdtp, int
+ 			return 1;
+ 		}
+ 
+-		if (fit_image_get_comp(fit_hdr, noffset, &comp)) {
+-			puts("Could not find script subimage "
+-				"compression type\n");
+-			return 1;
+-		}
++		if (fit_image_get_comp(fit_hdr, noffset, &comp))
++			comp = IH_COMP_NONE;
+ 
+ 		data = (ulong)fit_data;
+ 		len = (ulong)fit_len;

package/boot/uboot-mediatek/patches/200-cmd-add-imsz-and-imszb.patch

@@ -68,7 +68,7 @@
  {
 --- a/boot/image-fit.c
 +++ b/boot/image-fit.c
-@@ -1993,6 +1993,51 @@ static const char *fit_get_image_type_pr
+@@ -1992,6 +1992,51 @@ static const char *fit_get_image_type_pr
  	return "unknown";
  }
  

package/boot/uboot-mediatek/patches/280-image-fdt-save-name-of-FIT-configuration-in-chosen-node.patch

@@ -0,0 +1,58 @@
+From patchwork Mon Mar 21 23:22:23 2022
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Daniel Golle <daniel@makrotopia.org>
+X-Patchwork-Id: 1607954
+Return-Path: <u-boot-bounces@lists.denx.de>
+X-Original-To: incoming@patchwork.ozlabs.org
+Delivered-To: patchwork-incoming@bilbo.ozlabs.org
+Date: Mon, 21 Mar 2022 23:22:23 +0000
+From: Daniel Golle <daniel@makrotopia.org>
+To: u-boot@lists.denx.de
+Cc: Simon Glass <sjg@chromium.org>, Alexandru Gagniuc <mr.nuke.me@gmail.com>,
+ Patrick Delaunay <patrick.delaunay@foss.st.com>,
+ Heinrich Schuchardt <xypron.glpk@gmx.de>
+Subject: [PATCH] image-fdt: save name of FIT configuration in '/chosen' node
+Message-ID: <YjkIr8wmz1XEOVNh@makrotopia.org>
+MIME-Version: 1.0
+Content-Disposition: inline
+X-BeenThere: u-boot@lists.denx.de
+X-Mailman-Version: 2.1.39
+Precedence: list
+List-Id: U-Boot discussion <u-boot.lists.denx.de>
+List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
+ <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
+List-Archive: <https://lists.denx.de/pipermail/u-boot/>
+List-Post: <mailto:u-boot@lists.denx.de>
+List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
+List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
+ <mailto:u-boot-request@lists.denx.de?subject=subscribe>
+Errors-To: u-boot-bounces@lists.denx.de
+Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
+
+It can be useful for the OS (Linux) to know which configuration has
+been chosen by U-Boot when launching a FIT image.
+Store the name of the FIT configuration node used in a new string
+attribute called 'bootconf' in the '/chosen' node in device tree.
+
+Signed-off-by: Daniel Golle <daniel@makrotopia.org>
+---
+ boot/image-fdt.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/boot/image-fdt.c
++++ b/boot/image-fdt.c
+@@ -601,6 +601,12 @@ int image_setup_libfdt(bootm_headers_t *
+ 		goto err;
+ 	}
+ 
++	/* Store name of configuration node as bootconf in /chosen node */
++	if (images->fit_uname_cfg)
++		fdt_find_and_setprop(blob, "/chosen", "bootconf",
++					images->fit_uname_cfg,
++					strlen(images->fit_uname_cfg) + 1, 1);
++
+ 	/* Update ethernet nodes */
+ 	fdt_fixup_ethernet(blob);
+ #if CONFIG_IS_ENABLED(CMD_PSTORE)

package/boot/uboot-mediatek/patches/404-add-bananapi_bpi-r64_defconfigs.patch

@@ -643,7 +643,7 @@
 +boot_write_bl2=mtd erase bl2 && mtd write spi-nand0 $loadaddr 0x0 0x20000 && mtd write spi-nand0 $loadaddr 0x20000 0x20000 && mtd write spi-nand0 $loadaddr 0x40000 0x20000 && mtd write spi-nand0 $loadaddr 0x60000 0x20000
 +boot_write_fip=mtd erase fip && mtd write fip $loadaddr
 +check_ubi=ubi part ubi || run ubi_format
-+reset_factory=ubi part ubi ; ubi write 0x0 ubootenv 0x0 ; ubi write 0x0 ubootenv2 0x0 ; ubi remove rootfs_data
++reset_factory=mw $loadaddr 0x0 0x100000 ; ubi part ubi ; ubi write $loadaddr ubootenv 0x100000 ; ubi write $loadaddr ubootenv2 0x100000 ; ubi remove rootfs_data
 +ubi_format=ubi detach ; mtd erase ubi && ubi part ubi ; reset
 +ubi_prepare_rootfs=if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
 +ubi_read_production=ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs

package/boot/uboot-mediatek/patches/410-add-linksys-e8450.patch

@@ -139,7 +139,7 @@
 +CONFIG_USB_STORAGE=y
 --- /dev/null
 +++ b/arch/arm/dts/mt7622-linksys-e8450-ubi.dts
-@@ -0,0 +1,195 @@
+@@ -0,0 +1,193 @@
 +// SPDX-License-Identifier: GPL-2.0
 +/*
 + * Copyright (c) 2019 MediaTek Inc.
@@ -302,8 +302,6 @@
 +};
 +
 +&uart0 {
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&uart0_pins>;
 +	status = "okay";
 +};
 +
@@ -392,7 +390,7 @@
 +boot_write_bl2=mtd erase bl2 && mtd write spi-nand0 $loadaddr 0x0 0x20000 && mtd write spi-nand0 $loadaddr 0x20000 0x20000 && mtd write spi-nand0 $loadaddr 0x40000 0x20000 && mtd write spi-nand0 $loadaddr 0x60000 0x20000
 +boot_write_fip=mtd erase fip && mtd write fip $loadaddr
 +check_ubi=ubi part ubi || run ubi_format
-+reset_factory=ubi part ubi ; ubi write 0x0 ubootenv 0x0 ; ubi write 0x0 ubootenv2 0x0 ; ubi remove rootfs_data
++reset_factory=mw $loadaddr 0x0 0x100000 ; ubi part ubi ; ubi write $loadaddr ubootenv 0x100000 ; ubi write $loadaddr ubootenv2 0x100000 ; ubi remove rootfs_data
 +ubi_format=ubi detach ; mtd erase ubi && ubi part ubi ; reset
 +ubi_prepare_rootfs=if ubi check rootfs_data ; then else if env exists rootfs_data_max ; then ubi create rootfs_data $rootfs_data_max dynamic || ubi create rootfs_data - dynamic ; else ubi create rootfs_data - dynamic ; fi ; fi
 +ubi_read_production=ubi read $loadaddr fit && iminfo $loadaddr && run ubi_prepare_rootfs

package/boot/uboot-mediatek/patches/412-add-ubnt-unifi-6-lr.patch

@@ -1,6 +1,6 @@
 --- /dev/null
 +++ b/configs/mt7622_ubnt_unifi-6-lr_defconfig
-@@ -0,0 +1,141 @@
+@@ -0,0 +1,142 @@
 +CONFIG_ARM=y
 +CONFIG_POSITION_INDEPENDENT=y
 +CONFIG_ARCH_MEDIATEK=y
@@ -142,9 +142,10 @@
 +CONFIG_SPI_FLASH_SST=y
 +CONFIG_SPI_FLASH_WINBOND=y
 +CONFIG_SPI_FLASH_XMC=y
++CONFIG_SPI_FLASH_USE_4K_SECTORS=y
 --- /dev/null
 +++ b/arch/arm/dts/mt7622-ubnt-unifi-6-lr.dts
-@@ -0,0 +1,202 @@
+@@ -0,0 +1,187 @@
 +// SPDX-License-Identifier: GPL-2.0
 +/*
 + * Copyright (c) 2019 MediaTek Inc.
@@ -283,19 +284,6 @@
 +	};
 +};
 +
-+&snfi {
-+	pinctrl-names = "default", "snfi";
-+	pinctrl-0 = <&snor_pins>;
-+	pinctrl-1 = <&snfi_pins>;
-+	status = "okay";
-+
-+	spi-flash@0 {
-+		compatible = "jedec,spi-nor";
-+		reg = <0>;
-+		u-boot,dm-pre-reloc;
-+	};
-+};
-+
 +&snor {
 +	pinctrl-names = "default";
 +	pinctrl-0 = <&snor_pins>;
@@ -311,8 +299,6 @@
 +};
 +
 +&uart0 {
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&uart0_pins>;
 +	status = "okay";
 +};
 +
@@ -366,10 +352,10 @@
 +loadaddr=0x48000000
 +bootcmd=if pstore check ; then run boot_recovery ; else run boot_nor ; fi
 +bootdelay=0
-+bootfile=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-ubootmod-initramfs-recovery.itb
-+bootfile_bl2=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-ubootmod-preloader.bin
-+bootfile_fip=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-ubootmod-bl31-uboot.fip
-+bootfile_upg=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-ubootmod-squashfs-sysupgrade.itb
++bootfile=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-v1-ubootmod-initramfs-recovery.itb
++bootfile_bl2=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-v1-ubootmod-preloader.bin
++bootfile_fip=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-v1-ubootmod-bl31-uboot.fip
++bootfile_upg=openwrt-mediatek-mt7622-ubnt_unifi-6-lr-v1-ubootmod-squashfs-sysupgrade.itb
 +bootmenu_confirm_return=askenv - Press ENTER to return to menu ; bootmenu 60
 +bootmenu_default=0
 +bootmenu_delay=0
@@ -403,7 +389,7 @@
 +reset_factory=mtd erase nor0 0xc0000 0x10000 && reset
 +nor_read_production=mtd read nor0 $loadaddr 0x1000000 0x1000 && imsz $loadaddr image_size && mtd read nor0 $loadaddr 0x1000000 $image_size
 +nor_read_recovery=mtd read nor0 $loadaddr 0x120000 0x1000 && imsz $loadaddr image_size && mtd read nor0 $loadaddr 0x120000 $image_size
-+nor_pad_size=imsz $loadaddr image_size ; setexpr image_eb $image_size / 0x1000 ; setexpr tmp1 image_size % 0x1000 ; test 0x$tmp1 -gt 0 && setexpr image_eb $image_eb + 1 ; setexpr image_eb $image_eb * 0x1000
++nor_pad_size=imsz $loadaddr image_size ; setexpr image_eb 0x$image_size / 0x1000 ; setexpr tmp1 0x$image_size % 0x1000 ; test 0x$tmp1 -gt 0 && setexpr image_eb 0x$image_eb + 1 ; setexpr image_eb 0x$image_eb * 0x1000
 +nor_write_production=run nor_pad_size ; test 0x$image_eb -le 0x3000000 && mtd erase nor0 0x1000000 0x$image_eb && mtd write nor0 $loadaddr 0x1000000 $filesize
 +nor_write_recovery=run nor_pad_size ; test 0x$image_eb -le 0xee0000 && mtd erase nor0 0x120000 0x$image_eb && mtd write nor0 $loadaddr 0x120000 $filesize
 +_init_env=setenv _init_env ; saveenv

package/boot/uboot-mvebu/Makefile

@@ -8,10 +8,10 @@
 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
-PKG_VERSION:=2022.01
+PKG_VERSION:=2022.07
 PKG_RELEASE:=$(AUTORELEASE)
 
-PKG_HASH:=81b4543227db228c03f8a1bf5ddbc813b0bb8f6555ce46064ef721a6fc680413
+PKG_HASH:=92b08eb49c24da14c1adbf70a71ae8f37cc53eeb4230e859ad8b6733d13dcf5e
 
 include $(INCLUDE_DIR)/u-boot.mk
 include $(INCLUDE_DIR)/package.mk
@@ -62,13 +62,6 @@ UBOOT_TARGETS:= \
 	espressobin \
 	uDPU
 
-define Build/Configure
-	# enable additional options beyond <device>_defconfig
-	echo CONFIG_CMD_SETEXPR=y >> $(PKG_BUILD_DIR)/configs/$(UBOOT_CONFIG)_defconfig
-
-	$(call Build/Configure/U-Boot)
-endef
-
 define Package/u-boot/install
 	$(if $(findstring cortexa53,$(BUILD_SUBTARGET)),,$(Package/u-boot/install/default))
 endef

package/boot/uboot-mvebu/patches/0001-tools-termios_linux.h-Fix-compilation-on-non-glibc-s.patch

@@ -0,0 +1,44 @@
+From 82a6da13c3a113eefdb378ff53635f32a6184d6f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
+Date: Thu, 8 Sep 2022 16:59:36 +0200
+Subject: [PATCH] tools: termios_linux.h: Fix compilation on non-glibc systems
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+TCGETS2 is defined in header file asm/ioctls.h provided by linux kernel.
+On glib systems it is automatically included by some other glibc include
+header file and therefore TCGETS2 is present in termios_linux.h when
+linux kernel provides it.
+
+On non-glibc systems (e.g. musl) asm/ioctls.h is not automatically included
+which results in the strange error that BOTHER is supported, TCGETS2 not
+defined and struct termios does not provide c_ispeed member.
+
+    tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
+    tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
+      662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
+          |      ^
+
+Fix this issue by explicitly including asm/ioctls.h file which provides
+TCGETS2 macro (if supported on selected architecture) to not depending on
+glibc auto-include behavior and because termios_linux.h requires it.
+
+With this change it is possible compile kwboot with musl libc.
+
+Reported-by: Michal Vasilek <michal.vasilek@nic.cz>
+Signed-off-by: Pali Rohár <pali@kernel.org>
+---
+ tools/termios_linux.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/termios_linux.h
++++ b/tools/termios_linux.h
+@@ -29,6 +29,7 @@
+ #include <errno.h>
+ #include <sys/ioctl.h>
+ #include <sys/types.h>
++#include <asm/ioctls.h>
+ #include <asm/termbits.h>
+ 
+ #if defined(BOTHER) && defined(TCGETS2)

package/boot/uboot-mvebu/patches/0002-tools-mkimage-fix-build-with-LibreSSL.patch

@@ -0,0 +1,28 @@
+From aed6107ae96870cd190b23d6da34a7e616799ed3 Mon Sep 17 00:00:00 2001
+From: Michal Vasilek <michal.vasilek@nic.cz>
+Date: Fri, 22 Jul 2022 19:55:53 +0200
+Subject: [PATCH 1/2] tools: mkimage: fix build with LibreSSL
+
+RSA_get0_* functions are not available in LibreSSL
+
+Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+---
+ tools/sunxi_toc0.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/tools/sunxi_toc0.c
++++ b/tools/sunxi_toc0.c
+@@ -34,6 +34,12 @@
+ #define pr_warn(fmt, args...)	fprintf(stderr, pr_fmt(fmt), "warning", ##args)
+ #define pr_info(fmt, args...)	fprintf(stderr, pr_fmt(fmt), "info", ##args)
+ 
++#if defined(LIBRESSL_VERSION_NUMBER)
++#define RSA_get0_n(key) (key)->n
++#define RSA_get0_e(key) (key)->e
++#define RSA_get0_d(key) (key)->d
++#endif
++
+ struct __packed toc0_key_item {
+ 	__le32  vendor_id;
+ 	__le32  key0_n_len;

package/boot/uboot-mvebu/patches/0003-tools-mkimage-fix-build-with-recent-LibreSSL.patch

@@ -0,0 +1,27 @@
+From 16b94d211b18ae0204c4f850fdf23573b19170ec Mon Sep 17 00:00:00 2001
+From: Mark Kettenis <kettenis@openbsd.org>
+Date: Mon, 29 Aug 2022 13:34:01 +0200
+Subject: [PATCH 2/2] tools: mkimage: fix build with recent LibreSSL
+
+LibreSSL 3.5.0 and later (also shipped as part of OpenBSD 7.1 and
+and later) have an opaque RSA object and do provide the
+RSA_get0_* functions that OpenSSL provides.
+
+Fixes: 2ecc354b8e46 ("tools: mkimage: fix build with LibreSSL")
+Signed-off-by: Mark Kettenis <kettenis@openbsd.org>
+Reviewed-by: Jonathan Gray <jsg@jsg.id.au>
+---
+ tools/sunxi_toc0.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/sunxi_toc0.c
++++ b/tools/sunxi_toc0.c
+@@ -34,7 +34,7 @@
+ #define pr_warn(fmt, args...)	fprintf(stderr, pr_fmt(fmt), "warning", ##args)
+ #define pr_info(fmt, args...)	fprintf(stderr, pr_fmt(fmt), "info", ##args)
+ 
+-#if defined(LIBRESSL_VERSION_NUMBER)
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x3050000fL
+ #define RSA_get0_n(key) (key)->n
+ #define RSA_get0_e(key) (key)->e
+ #define RSA_get0_d(key) (key)->d

package/boot/uboot-mvebu/patches/010-ddr-marvell-a38x-fix-split-out-mix.patch

@@ -1,116 +0,0 @@
-From 3fc92a215b69ad448c151489228eb340df9a8703 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun@nic.cz>
-Date: Wed, 12 Jan 2022 17:06:59 +0100
-Subject: [PATCH] ddr: marvell: a38x: fix SPLIT_OUT_MIX state decision
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a cleaned up and fixed version of a patch
-  mv_ddr: a380: fix SPLIT_OUT_MIX state decision
-
-  in each pattern cycle the bus state can be changed
-  in order to avoide it, need to back to the same bus state on each
-  pattern cycle
-by
-  Moti Boskula <motib@marvell.com>
-
-The original patch is not in Marvell's mv-ddr-marvell repository. It was
-gives to us by Marvell to fix an issues with DDR training on some
-boards, but it cannot be applied as is to mv-ddr-marvell, because it is
-a very dirty draft patch that would certainly break other things, mainly
-DDR4 training code in mv-ddr-marvell, since it changes common functions.
-
-I have cleaned up the patch and removed stuff that seemed unnecessary
-(when removed, it still fixed things). Note that I don't understand
-completely what the code does exactly, since I haven't studied the DDR
-training code extensively (and I suspect that no one besides some few
-people in Marvell understand the code completely).
-
-Anyway after the cleanup the patch still fixes isssues with DDR training
-on the failing boards.
-
-There was also a problem with the original patch on some of the Allied
-Telesis' x530 boards, reported by Chris Packham. I have asked Chris to
-send me some logs, and managed to fix it:
-- if you look at the change, you'll notice that it introduces
-  subtraction of cur_start_win[] and cur_end_win[] members, depending on
-  a bit set in the current_byte_status variable
-- the original patch subtracted cur_start_win[] if either
-  BYTE_SPLIT_OUT_MIX or BYTE_HOMOGENEOUS_SPLIT_OUT bits were set, but
-  subtracted cur_end_win[] only if the first one (BYTE_SPLIT_OUT_MIX)
-  was set
-- from Chris Packham logs I discovered that the x530 board where the
-  original patch introduced DDR training failure, only the
-  BYTE_HOMOGENEOUS_SPLIT_OUT bit was set, and on our boards where the
-  patch is needed only the BYTE_SPLIT_OUT_MIX is set in the
-  current_byte_status variable
-- this led me to the hypothesis that both cur_start_win[] and
-  cur_end_win[] should be subtracted only if BYTE_SPLIT_OUT_MIX bit is
-  set, the BYTE_HOMOGENEOUS_SPLIT_OUT bit shouldn't be considered at all
-- this hypothesis also gains credibility when considering the commit
-  title ("fix SPLIT_OUT_MIX state decision")
-
-Hopefully this will fix things without breaking anything else.
-
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
-Reviewed-by: Stefan Roese <sr@denx.de>
-Tested-by: Chris Packham <judge.packham@gmail.com>
----
- .../a38x/ddr3_training_centralization.c       | 26 +++++++++++++++++++
- 1 file changed, 26 insertions(+)
-
---- a/drivers/ddr/marvell/a38x/ddr3_training_centralization.c
-+++ b/drivers/ddr/marvell/a38x/ddr3_training_centralization.c
-@@ -55,6 +55,7 @@ static int ddr3_tip_centralization(u32 d
- 	enum hws_training_ip_stat training_result[MAX_INTERFACE_NUM];
- 	u32 if_id, pattern_id, bit_id;
- 	u8 bus_id;
-+	u8 current_byte_status;
- 	u8 cur_start_win[BUS_WIDTH_IN_BITS];
- 	u8 centralization_result[MAX_INTERFACE_NUM][BUS_WIDTH_IN_BITS];
- 	u8 cur_end_win[BUS_WIDTH_IN_BITS];
-@@ -166,6 +167,10 @@ static int ddr3_tip_centralization(u32 d
- 						  result[search_dir_id][7]));
- 				}
- 
-+				current_byte_status =
-+					mv_ddr_tip_sub_phy_byte_status_get(if_id,
-+									   bus_id);
-+
- 				for (bit_id = 0; bit_id < BUS_WIDTH_IN_BITS;
- 				     bit_id++) {
- 					/* check if this code is valid for 2 edge, probably not :( */
-@@ -174,11 +179,32 @@ static int ddr3_tip_centralization(u32 d
- 							       [HWS_LOW2HIGH]
- 							       [bit_id],
- 							       EDGE_1);
-+					if (current_byte_status &
-+					    BYTE_SPLIT_OUT_MIX) {
-+						if (cur_start_win[bit_id] >= 64)
-+							cur_start_win[bit_id] -= 64;
-+						else
-+							cur_start_win[bit_id] = 0;
-+						DEBUG_CENTRALIZATION_ENGINE
-+							(DEBUG_LEVEL_INFO,
-+							 ("pattern %d IF %d pup %d bit %d subtract 64 adll from start\n",
-+							  pattern_id, if_id, bus_id, bit_id));
-+					}
- 					cur_end_win[bit_id] =
- 						GET_TAP_RESULT(result
- 							       [HWS_HIGH2LOW]
- 							       [bit_id],
- 							       EDGE_1);
-+					if (cur_end_win[bit_id] >= 64 &&
-+					    (current_byte_status &
-+					     BYTE_SPLIT_OUT_MIX)) {
-+						cur_end_win[bit_id] -= 64;
-+						DEBUG_CENTRALIZATION_ENGINE
-+							(DEBUG_LEVEL_INFO,
-+							 ("pattern %d IF %d pup %d bit %d subtract 64 adll from end\n",
-+							  pattern_id, if_id, bus_id, bit_id));
-+					}
-+
- 					/* window length */
- 					current_window[bit_id] =
- 						cur_end_win[bit_id] -

package/boot/uboot-mvebu/patches/011-ddr-marvell-a38x-fix-synchronous-asynchronous-mode.patch

@@ -1,98 +0,0 @@
-From eadc4f512fb43bba2fa4e842c982da919da664be Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun@nic.cz>
-Date: Tue, 4 Jan 2022 15:57:49 +0100
-Subject: [PATCH] ddr: marvell: a38x: Fix Synchronous vs Asynchronous mode
- determination
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Before commit 4c289425752f ("mv_ddr: a38x: add support for ddr async
-mode"), Asynchornous Mode was only used when the CPU Subsystem Clock
-Options[4:0] field in the SAR1 register was set to value 0x13: CPU at
-2 GHz and DDR at 933 MHz.
-
-Then commit 4c289425752f ("mv_ddr: a38x: add support for ddr async
-mode") added support for Asynchornous Modes with frequencies other than
-933 MHz (but at least 467 MHz), but the code it added to check for
-whether Asynchornous Mode should be used is wrong: it checks whether the
-frequency setting in board DDR topology map is set to value other than
-MV_DDR_FREQ_SAR.
-
-Thus boards which define a specific value, greater than 400 MHz, for DDR
-frequency in their board topology (e.g. Turris Omnia defines
-MV_DDR_FREQ_800), are incorrectly put into Asynchornous Mode after that
-commit.
-
-The A38x Functional Specification, section 10.12 DRAM Clocking, says:
-  In Synchornous mode, the DRAM and CPU clocks are edge aligned and run
-  in 1:2 or 1:3 CPU to DRAM frequency ratios.
-
-Change the check for whether Asynchornous Mode should be used according
-to this explanation in Functional Specification.
-
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
-Tested-by: Chris Packham <judge.packham@gmail.com>
-Reviewed-by: Stefan Roese <sr@denx.de>
----
- drivers/ddr/marvell/a38x/mv_ddr_plat.c | 19 ++++++++-----------
- 1 file changed, 8 insertions(+), 11 deletions(-)
-
---- a/drivers/ddr/marvell/a38x/mv_ddr_plat.c
-+++ b/drivers/ddr/marvell/a38x/mv_ddr_plat.c
-@@ -167,8 +167,6 @@ static u16 a38x_vco_freq_per_sar_ref_clk
- };
- 
- 
--static u32 async_mode_at_tf;
--
- static u32 dq_bit_map_2_phy_pin[] = {
- 	1, 0, 2, 6, 9, 8, 3, 7,	/* 0 */
- 	8, 9, 1, 7, 2, 6, 3, 0,	/* 1 */
-@@ -734,7 +732,8 @@ static int ddr3_tip_a38x_set_divider(u8
- 	u32 divider = 0;
- 	u32 sar_val, ref_clk_satr;
- 	u32 async_val;
--	u32 freq = mv_ddr_freq_get(frequency);
-+	u32 cpu_freq;
-+	u32 ddr_freq = mv_ddr_freq_get(frequency);
- 
- 	if (if_id != 0) {
- 		DEBUG_TRAINING_ACCESS(DEBUG_LEVEL_ERROR,
-@@ -751,11 +750,14 @@ static int ddr3_tip_a38x_set_divider(u8
- 	ref_clk_satr = reg_read(DEVICE_SAMPLE_AT_RESET2_REG);
- 	if (((ref_clk_satr >> DEVICE_SAMPLE_AT_RESET2_REG_REFCLK_OFFSET) & 0x1) ==
- 	    DEVICE_SAMPLE_AT_RESET2_REG_REFCLK_25MHZ)
--		divider = a38x_vco_freq_per_sar_ref_clk_25_mhz[sar_val] / freq;
-+		cpu_freq = a38x_vco_freq_per_sar_ref_clk_25_mhz[sar_val];
- 	else
--		divider = a38x_vco_freq_per_sar_ref_clk_40_mhz[sar_val] / freq;
-+		cpu_freq = a38x_vco_freq_per_sar_ref_clk_40_mhz[sar_val];
-+
-+	divider = cpu_freq / ddr_freq;
- 
--	if ((async_mode_at_tf == 1) && (freq > 400)) {
-+	if (((cpu_freq % ddr_freq != 0) || (divider != 2 && divider != 3)) &&
-+	    (ddr_freq > 400)) {
- 		/* Set async mode */
- 		dunit_write(0x20220, 0x1000, 0x1000);
- 		dunit_write(0xe42f4, 0x200, 0x200);
-@@ -869,8 +871,6 @@ int ddr3_tip_ext_write(u32 dev_num, u32
- 
- int mv_ddr_early_init(void)
- {
--	struct mv_ddr_topology_map *tm = mv_ddr_topology_map_get();
--
- 	/* FIXME: change this configuration per ddr type
- 	 * configure a380 and a390 to work with receiver odt timing
- 	 * the odt_config is defined:
-@@ -882,9 +882,6 @@ int mv_ddr_early_init(void)
- 
- 	mv_ddr_sw_db_init(0, 0);
- 
--	if (tm->interface_params[0].memory_freq != MV_DDR_FREQ_SAR)
--		async_mode_at_tf = 1;
--
- 	return MV_OK;
- }
- 

package/boot/uboot-mvebu/patches/012-nvme-Do-not-allocate-8kB-buffer-on-stack.patch

@@ -1,92 +0,0 @@
-From d17ab6e1289b1d705c75de8a2351218962fb7352 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
-Date: Thu, 9 Dec 2021 11:06:39 +0100
-Subject: [PATCH] nvme: Do not allocate 8kB buffer on stack
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Calling 'nvme scan' followed by 'nvme detail' crashes U-Boot on Turris
-Omnia with the following error:
-
-  undefined instruction
-  pc : [<0a000000>]          lr : [<7ff80bfc>]
-  reloc pc : [<8a8c0000>]    lr : [<00840bfc>]
-  sp : 7fb2b908  ip : 0000002a     fp : 02000000
-  r10: 04000000  r9 : 7fb2fed0     r8 : e1000000
-  r7 : 0c000000  r6 : 03000000     r5 : 06000000  r4 : 01000000
-  r3 : 7fb30928  r2 : 7fb30928     r1 : 00000000  r0 : 00000000
-  Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
-  Code: 0f0fb4f0 0f0fb4f0 0f0fb4f0 0f0fb4f0 (f0f04b0f)
-  Resetting CPU ...
-
-This happens when nvme_print_info() tries to return to the caller. It
-looks like this error is caused by trying to allocate 8 KiB of memory
-on the stack by the two uses of ALLOC_CACHE_ALIGN_BUFFER().
-
-Use malloc_cache_aligned() to allocate this memory dynamically instead.
-
-This fixes 'nvme detail' on Turris Omnia.
-
-Note that similar change was applied to file drivers/nvme/nvme.c in past by
-commit 2f83481dff9c ("nvme: use page-aligned buffer for identify command").
-
-Signed-off-by: Pali Rohár <pali@kernel.org>
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
----
- drivers/nvme/nvme_show.c | 35 ++++++++++++++++++++++++++---------
- 1 file changed, 26 insertions(+), 9 deletions(-)
-
---- a/drivers/nvme/nvme_show.c
-+++ b/drivers/nvme/nvme_show.c
-@@ -106,24 +106,41 @@ int nvme_print_info(struct udevice *udev
- {
- 	struct nvme_ns *ns = dev_get_priv(udev);
- 	struct nvme_dev *dev = ns->dev;
--	ALLOC_CACHE_ALIGN_BUFFER(char, buf_ns, sizeof(struct nvme_id_ns));
--	struct nvme_id_ns *id = (struct nvme_id_ns *)buf_ns;
--	ALLOC_CACHE_ALIGN_BUFFER(char, buf_ctrl, sizeof(struct nvme_id_ctrl));
--	struct nvme_id_ctrl *ctrl = (struct nvme_id_ctrl *)buf_ctrl;
-+	struct nvme_id_ctrl *ctrl;
-+	struct nvme_id_ns *id;
-+	int ret = 0;
- 
--	if (nvme_identify(dev, 0, 1, (dma_addr_t)(long)ctrl))
--		return -EIO;
-+	ctrl = memalign(dev->page_size, sizeof(struct nvme_id_ctrl));
-+	if (!ctrl)
-+		return -ENOMEM;
-+
-+	if (nvme_identify(dev, 0, 1, (dma_addr_t)(long)ctrl)) {
-+		ret = -EIO;
-+		goto free_ctrl;
-+	}
- 
- 	print_optional_admin_cmd(le16_to_cpu(ctrl->oacs), ns->devnum);
- 	print_optional_nvm_cmd(le16_to_cpu(ctrl->oncs), ns->devnum);
- 	print_format_nvme_attributes(ctrl->fna, ns->devnum);
- 
--	if (nvme_identify(dev, ns->ns_id, 0, (dma_addr_t)(long)id))
--		return -EIO;
-+	id = memalign(dev->page_size, sizeof(struct nvme_id_ns));
-+	if (!id) {
-+		ret = -ENOMEM;
-+		goto free_ctrl;
-+	}
-+
-+	if (nvme_identify(dev, ns->ns_id, 0, (dma_addr_t)(long)id)) {
-+		ret = -EIO;
-+		goto free_id;
-+	}
- 
- 	print_formats(id, ns);
- 	print_data_protect_cap(id->dpc, ns->devnum);
- 	print_metadata_cap(id->mc, ns->devnum);
- 
--	return 0;
-+free_id:
-+	free(id);
-+free_ctrl:
-+	free(ctrl);
-+	return ret;
- }

package/boot/uboot-mvebu/patches/100-ddr-marvell-a38x-fix-BYTE_HOMOGENEOUS_SPLIT_OUT-deci.patch

@@ -1,65 +0,0 @@
-From c11428c7def52671f57089701efe878f7071b696 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun@nic.cz>
-Date: Thu, 17 Feb 2022 01:08:37 +0100
-Subject: [PATCH 1/3] ddr: marvell: a38x: fix BYTE_HOMOGENEOUS_SPLIT_OUT
- decision
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In commit 3fc92a215b69 ("ddr: marvell: a38x: fix SPLIT_OUT_MIX state
-decision") I ported a cleaned up and changed version of patch
-  mv_ddr: a380: fix SPLIT_OUT_MIX state decision
-
-In the port we removed checking for BYTE_HOMOGENEOUS_SPLIT_OUT bit,
-because:
-- the fix seemed to work without it
-- the bit was checked for only at one place out of two, while the second
-  bit, BYTE_SPLIT_OUT_MIX, was checked for in both cases
-- without the removal it didn't work on Allied Telesis' x530 board
-
-We recently had a chance to test on more boards, and it seems that the
-change needs to be opposite: instead of removing the check for
-BYTE_HOMOGENEOUS_SPLIT_OUT from the first if() statement, the check
-needs to be added also to the second one - it needs to be at both
-places.
-
-With this change all the Turris Omnia boards I have had available to
-test seem to work, I didn't encounter not even one failed DDR training.
-
-As last time, I am noting that I do not understand what this code is
-actually doing, I haven't studied the DDR training algorithm and
-I suspect that no one will be able to explain it to U-Boot contributors,
-so we are left with this blind poking in the code with testing whether
-it works on several boards and hoping it doesn't break anything for
-anyone :-(.
-
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
-Tested-by: Chris Packham <judge.packham@gmail.com>
-Reviewed-by: Stefan Roese <sr@denx.de>
----
- drivers/ddr/marvell/a38x/ddr3_training_centralization.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
---- a/drivers/ddr/marvell/a38x/ddr3_training_centralization.c
-+++ b/drivers/ddr/marvell/a38x/ddr3_training_centralization.c
-@@ -180,7 +180,8 @@ static int ddr3_tip_centralization(u32 d
- 							       [bit_id],
- 							       EDGE_1);
- 					if (current_byte_status &
--					    BYTE_SPLIT_OUT_MIX) {
-+					    (BYTE_SPLIT_OUT_MIX |
-+					     BYTE_HOMOGENEOUS_SPLIT_OUT)) {
- 						if (cur_start_win[bit_id] >= 64)
- 							cur_start_win[bit_id] -= 64;
- 						else
-@@ -197,7 +198,8 @@ static int ddr3_tip_centralization(u32 d
- 							       EDGE_1);
- 					if (cur_end_win[bit_id] >= 64 &&
- 					    (current_byte_status &
--					     BYTE_SPLIT_OUT_MIX)) {
-+					     (BYTE_SPLIT_OUT_MIX |
-+					      BYTE_HOMOGENEOUS_SPLIT_OUT))) {
- 						cur_end_win[bit_id] -= 64;
- 						DEBUG_CENTRALIZATION_ENGINE
- 							(DEBUG_LEVEL_INFO,

package/boot/uboot-mvebu/patches/100-fix-build.patch

@@ -0,0 +1,20 @@
+The build fails on a sunxi tool:
+
+/usr/bin/ld: tools/sunxi_toc0.o: in function `toc0_set_header':
+sunxi_toc0.c:(.text+0x363): undefined reference to `RSA_get0_d'
+
+The missing function was added in libressl v3.5.0. We don't
+really care, so just cut it out for now.
+
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -96,8 +96,7 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(
+ 
+ # Cryptographic helpers and image types that depend on openssl/libcrypto
+ LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \
+-			lib/fdt-libcrypto.o \
+-			sunxi_toc0.o
++			lib/fdt-libcrypto.o
+ 
+ ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
+ 

package/boot/uboot-mvebu/patches/101-arm-mvebu-spl-Add-option-to-reset-the-board-on-DDR-t.patch

@@ -1,49 +0,0 @@
-From 74767a3875c99b1a3d2818456a5fdc02ec1e4f93 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun@nic.cz>
-Date: Thu, 17 Feb 2022 13:54:42 +0100
-Subject: [PATCH 2/3] arm: mvebu: spl: Add option to reset the board on DDR
- training failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some boards may occacionally fail DDR training. Currently we hang() in
-this case. Add an option that makes the board do an immediate reset in
-such a case, so that a new training is tried as soon as possible,
-instead of hanging and possibly waiting for watchdog to reset the board.
-
-(If the DDR training fails while booting the image via UART, we will
- still hang - it doesn't make sense to reset in such a case, because
- after reset the board will try booting from another medium, and the
- UART booting utility does not expect that.)
-
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
-Reviewed-by: Pali Rohár <pali@kernel.org>
-Reviewed-by: Stefan Roese <sr@denx.de>
----
- arch/arm/mach-mvebu/spl.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
---- a/arch/arm/mach-mvebu/spl.c
-+++ b/arch/arm/mach-mvebu/spl.c
-@@ -4,6 +4,7 @@
-  */
- 
- #include <common.h>
-+#include <cpu_func.h>
- #include <dm.h>
- #include <debug_uart.h>
- #include <fdtdec.h>
-@@ -290,7 +291,11 @@ void board_init_f(ulong dummy)
- 	ret = ddr3_init();
- 	if (ret) {
- 		debug("ddr3_init() failed: %d\n", ret);
--		hang();
-+		if (IS_ENABLED(CONFIG_DDR_RESET_ON_TRAINING_FAILURE) &&
-+		    get_boot_device() != BOOT_DEVICE_UART)
-+			reset_cpu();
-+		else
-+			hang();
- 	}
- #endif
- 

package/boot/uboot-mvebu/patches/102-arm-mvebu-turris_omnia-Reset-the-board-immediately-o.patch

@@ -1,38 +0,0 @@
-From 930c46e86123aeea1c73ae55d70ff3dcfc077992 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun@nic.cz>
-Date: Thu, 17 Feb 2022 13:54:43 +0100
-Subject: [PATCH 3/3] arm: mvebu: turris_omnia: Reset the board immediately on
- DDR training failure
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The state of the current DDR training code for Armada 38x is such that
-we cannot be sure it will always train successfully - although after the
-last change we were yet unable to find a board that failed DDR training,
-from experience in the last 2 years we know that it is possible.
-
-The experience also tells us that in many cases the board fails training
-only sometimes, and after a reset the training is successful.
-
-Enable the new option that makes the board reset itself on DDR training
-failure immediately. Until now we called hang() in such a case, which
-meant that the board was reset by the MCU after 120 seconds.
-
-Signed-off-by: Marek Behún <marek.behun@nic.cz>
-Reviewed-by: Stefan Roese <sr@denx.de>
-Reviewed-by: Pali Rohár <pali@kernel.org>
----
- configs/turris_omnia_defconfig | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/configs/turris_omnia_defconfig
-+++ b/configs/turris_omnia_defconfig
-@@ -11,6 +11,7 @@ CONFIG_NR_DRAM_BANKS=2
- CONFIG_SYS_MEMTEST_START=0x00800000
- CONFIG_SYS_MEMTEST_END=0x00ffffff
- CONFIG_TARGET_TURRIS_OMNIA=y
-+CONFIG_DDR_RESET_ON_TRAINING_FAILURE=y
- CONFIG_ENV_SIZE=0x10000
- CONFIG_ENV_OFFSET=0xF0000
- CONFIG_ENV_SECT_SIZE=0x10000

package/boot/uboot-sunxi/patches/252-sunxi-h3-add-support-for-nanopi-r1.patch

@@ -173,7 +173,7 @@ Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
 +};
 --- /dev/null
 +++ b/configs/nanopi_r1_defconfig
-@@ -0,0 +1,22 @@
+@@ -0,0 +1,21 @@
 +CONFIG_ARM=y
 +CONFIG_ARCH_SUNXI=y
 +CONFIG_SPL=y
@@ -186,7 +186,6 @@ Signed-off-by: Jayantajit Gogoi <jayanta.gogoi525@gmail.com>
 +CONFIG_NR_DRAM_BANKS=1
 +# CONFIG_SYS_MALLOC_CLEAR_ON_INIT is not set
 +CONFIG_CONSOLE_MUX=y
-+CONFIG_SYS_CLK_FREQ=480000000
 +# CONFIG_CMD_FLASH is not set
 +# CONFIG_SPL_DOS_PARTITION is not set
 +# CONFIG_SPL_EFI_PARTITION is not set

package/devel/gdb/Makefile

@@ -66,6 +66,7 @@ CONFIGURE_ARGS+= \
 	--without-mpc \
 	--without-mpfr \
 	--without-isl \
+	--without-xxhash \
 	--with-libgmp-prefix=$(STAGING_DIR)/usr
 
 CONFIGURE_VARS+= \

package/devel/strace/Makefile

@@ -9,17 +9,17 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=strace
-PKG_VERSION:=5.16
+PKG_VERSION:=5.19
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://strace.io/files/$(PKG_VERSION)
-PKG_HASH:=dc7db230ff3e57c249830ba94acab2b862da1fcaac55417e9b85041a833ca285
+PKG_HASH:=aa3dc1c8e60e4f6ff3d396514aa247f3c7bf719d8a8dc4dd4fa793be786beca3
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=LGPL-2.1-or-later
 PKG_LICENSE_FILES:=COPYING
-PKG_CPE_ID:=cpe:/a:paul_kranenburg:strace
+PKG_CPE_ID:=cpe:/a:strace_project:strace
 
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1
@@ -29,6 +29,7 @@ PKG_CONFIG_DEPENDS := \
 	CONFIG_STRACE_LIBUNWIND
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
 
 HOST_CFLAGS += -I$(LINUX_DIR)/user_headers/include
 

package/firmware/cypress-firmware/Makefile

@@ -208,42 +208,6 @@ endef
 
 $(eval $(call BuildPackage,cypress-firmware-43570-pcie))
 
-# Cypress 4359 PCIe Firmware
-define Package/cypress-firmware-4359-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-4359-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac4359-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac4359-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-pcie))
-
-# Cypress 4359 SDIO Firmware
-define Package/cypress-firmware-4359-sdio
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW4359 FullMac SDIO firmware
-endef
-
-define Package/cypress-firmware-4359-sdio/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac4359-sdio.bin \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac4359-sdio.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac4359-sdio.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-4359-sdio))
-
 # Cypress 4373 SDIO Firmware
 define Package/cypress-firmware-4373-sdio
   $(Package/cypress-firmware-default)
@@ -297,21 +261,3 @@ define Package/cypress-firmware-54591-pcie/install
 endef
 
 $(eval $(call BuildPackage,cypress-firmware-54591-pcie))
-
-# Cypress 89459 PCIe Firmware
-define Package/cypress-firmware-89459-pcie
-  $(Package/cypress-firmware-default)
-  TITLE:=CYW89459 FullMac PCIe firmware
-endef
-
-define Package/cypress-firmware-89459-pcie/install
-	$(INSTALL_DIR) $(1)/lib/firmware/brcm
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac89459-pcie.bin \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.bin
-	$(INSTALL_DATA) \
-		$(PKG_BUILD_DIR)/firmware/cyfmac89459-pcie.clm_blob \
-		$(1)/lib/firmware/brcm/brcmfmac89459-pcie.clm_blob
-endef
-
-$(eval $(call BuildPackage,cypress-firmware-89459-pcie))

package/firmware/intel-microcode/Makefile

@@ -8,13 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20220207
+PKG_VERSION:=20240531
 PKG_RELEASE:=1
 
 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz
-PKG_SOURCE_URL:=@DEBIAN/pool/non-free/i/intel-microcode/
-PKG_HASH:=42f2ab3c14bda745ec64008cde5c0f416f32f40e838a9df04cf5ddf5fc87498b
+PKG_SOURCE_URL:=@DEBIAN/pool/non-free-firmware/i/intel-microcode/
+PKG_HASH:=808cbb57a790dab7060b59b31e70e54ac47d3798d75e9784ed57a65b9f951fc4
 PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1
+PKG_CPE_ID:=cpe:/a:intel:microcode
 
 PKG_BUILD_DEPENDS:=iucode-tool/host
 

package/firmware/ipq-wifi/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/version.mk
 
 PKG_NAME:=ipq-wifi
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_FLAGS:=nonshared
 
 include $(INCLUDE_DIR)/package.mk
@@ -25,38 +25,7 @@ endef
 # <https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles>
 
 ALLWIFIBOARDS:= \
-	8dev_habanero-dvk \
-	aruba_ap-303 \
-	asus_rt-ac42u \
-	avm_fritzrepeater-1200 \
-	buffalo_wtr-m2133hp \
-	cellc_rtl30vw \
-	devolo_magic-2-wifi-next \
-	dlink_dap2610 \
-	edgecore_ecw5410 \
-	edgecore_oap100 \
-	engenius_eap2200 \
-	engenius_emd1 \
-	engenius_emr3500 \
-	ezviz_cs-w3-wd1200g-eup \
-	glinet_gl-ap1300 \
-	glinet_gl-b2200 \
-	glinet_gl-s1300 \
-	linksys_ea8300 \
-	linksys_mr8300-v0 \
-	luma_wrtq-329acn \
-	mikrotik_cap-ac \
-	mikrotik_hap-ac2 \
-	mikrotik_hap-ac3 \
-	mikrotik_sxtsq-5-ac \
-	mobipromo_cm520-79f \
-	nec_wg2600hp3 \
-	p2w_r619ac \
-	plasmacloud_pa1200 \
-	plasmacloud_pa2200 \
-	qxwlan_e2600ac \
-	teltonika_rutx \
-	zte_mf286d
+	zte_mf289f
 
 ALLWIFIPACKAGES:=$(foreach BOARD,$(ALLWIFIBOARDS),ipq-wifi-$(BOARD))
 
@@ -117,37 +86,6 @@ endef
 # Place files in this directory as board-<devicename>.<qca4019|qca9888|qca9984>
 # Add $(eval $(call generate-ipq-wifi-package,<devicename>,<display name>))
 
-$(eval $(call generate-ipq-wifi-package,8dev_habanero-dvk,8devices Habanero DVK))
-$(eval $(call generate-ipq-wifi-package,aruba_ap-303,Aruba AP-303))
-$(eval $(call generate-ipq-wifi-package,asus_rt-ac42u,ASUS RT-AC42U))
-$(eval $(call generate-ipq-wifi-package,avm_fritzrepeater-1200,AVM FRITZRepeater 1200))
-$(eval $(call generate-ipq-wifi-package,buffalo_wtr-m2133hp,Buffalo WTR-M2133HP))
-$(eval $(call generate-ipq-wifi-package,cellc_rtl30vw, Cell C RTL30VW))
-$(eval $(call generate-ipq-wifi-package,devolo_magic-2-wifi-next,devolo Magic 2 WiFi next))
-$(eval $(call generate-ipq-wifi-package,dlink_dap2610,D-Link DAP-2610))
-$(eval $(call generate-ipq-wifi-package,edgecore_ecw5410,Edgecore ECW5410))
-$(eval $(call generate-ipq-wifi-package,edgecore_oap100,Edgecore OAP100))
-$(eval $(call generate-ipq-wifi-package,engenius_eap2200,EnGenius EAP2200))
-$(eval $(call generate-ipq-wifi-package,engenius_emd1,EnGenius EMD1))
-$(eval $(call generate-ipq-wifi-package,engenius_emr3500,EnGenius EMR3500))
-$(eval $(call generate-ipq-wifi-package,ezviz_cs-w3-wd1200g-eup,EZVIZ CS-W3-WD1200G EUP))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-ap1300,GL.iNet GL-AP1300))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-b2200,GL.iNet GL-B2200))
-$(eval $(call generate-ipq-wifi-package,glinet_gl-s1300,GL.iNet GL-S1300))
-$(eval $(call generate-ipq-wifi-package,linksys_ea8300,Linksys EA8300))
-$(eval $(call generate-ipq-wifi-package,linksys_mr8300-v0,Linksys MR8300))
-$(eval $(call generate-ipq-wifi-package,luma_wrtq-329acn,Luma WRTQ-329ACN))
-$(eval $(call generate-ipq-wifi-package,mikrotik_cap-ac,Mikrotik cAP ac))
-$(eval $(call generate-ipq-wifi-package,mikrotik_hap-ac2,Mikrotik hAP ac2))
-$(eval $(call generate-ipq-wifi-package,mikrotik_hap-ac3,Mikrotik hAP ac3))
-$(eval $(call generate-ipq-wifi-package,mikrotik_sxtsq-5-ac,MikroTik SXTsq 5 ac))
-$(eval $(call generate-ipq-wifi-package,mobipromo_cm520-79f,MobiPromo CM520-79F))
-$(eval $(call generate-ipq-wifi-package,nec_wg2600hp3,NEC Platforms WG2600HP3))
-$(eval $(call generate-ipq-wifi-package,p2w_r619ac,P&W R619AC))
-$(eval $(call generate-ipq-wifi-package,plasmacloud_pa1200,Plasma Cloud PA1200))
-$(eval $(call generate-ipq-wifi-package,plasmacloud_pa2200,Plasma Cloud PA2200))
-$(eval $(call generate-ipq-wifi-package,qxwlan_e2600ac,Qxwlan E2600AC))
-$(eval $(call generate-ipq-wifi-package,teltonika_rutx,Teltonika RUTX))
-$(eval $(call generate-ipq-wifi-package,zte_mf286d,ZTE MF286D))
+$(eval $(call generate-ipq-wifi-package,zte_mf289f,ZTE MF289F))
 
 $(foreach PACKAGE,$(ALLWIFIPACKAGES),$(eval $(call BuildPackage,$(PACKAGE))))