6264d12ed8 firmware-utils: update to Git HEAD (2023-11-21)
ebdaee7194 ramips: add support for Sercomm CPJ routers
fd277ee490 ramips: mt7620: drop unnecessary trailing tabs
a8f31d2aa1 ramips: sercomm.mk: make common recipe to set a bit in pid
dae399196b scripts: sercomm-pid.py: use uppercase hwid in pid
95ebd609ae kernel: bump 5.15 to 5.15.139
d6b62611b8 firmware-utils: package oseama
40bd2bb3d6 firmware-utils: new package replacing otrx
a39dca7ead kernel: bump 5.15 to 5.15.138
c7b6cfac40 scripts/dump-target-info.pl: add new function to DUMP devices
6cb1cb1b13 OpenWrt v23.05.2: revert to branch defaults
1c26bcb108 OpenWrt v23.05.2: adjust config defaults
842932a63d netifd: fix IPv4 route target masking
51bb178824 treewide: fix shell errors during dump stage
4637ba72b7 scan.mk: do not silence output of dump phase
b38b5c4299 ramips: add support for MeiG SLT866 4G CPE
ce62536aca uboot-envtools: add environment config for MeiG SLT866
03e26f856f kernel: support reading hex MAC address from NVMEM
a00fc406b9 kernel: add support MeigLink SLM828 modem
275f7e07ee ramips: cf-ew72-v2: Add support for COMFAST CF-EW72 V2
65bf66f727 ramips: Add support for ComFast CF-E390AX
ce62c25c08 OpenWrt v23.05.1: revert to branch defaults
a58a86693f OpenWrt v23.05.1: adjust config defaults
101988c61a scripts/getver.sh: prevent asking for negative rev-parse
b7e81d210b iptables: backport patch fixing bug with string module
3d006f95f2 wolfssl: update to 5.6.4
46385eb7f8 netifd: update to the latest version
11a41bc4b2 netifd: update to Git HEAD (2023-11-09)
f6a9f0c57b ipq-wifi: update to Git HEAD (2023-11-10)
2285eb732a ucode: update to Git HEAD (2023-11-07)
f5e9fd624d hostapd: refresh patches
85d1b43be4 hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
1cab0d74b3 hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
c9e8453de7 hostapd: fix broke noscan option for mesh
2ef625e769 mac80211: fix not set noscan option for wpa_supplicant
5106f554bb px5g-wolfssl: Fix permission of private key
6fd16b0d27 px5g-mbedtls: Fix permission of private key
6de0e0d01a hostapd: use rtnl to set up interfaces
bbfb920e99 wifi: fix applying mesh parameters when wpa_supplicant is in use
f780cfb92f netifd: update to the latest version
d3c193525e mediatek: add CMCC RAX3000M support
429715a237 uboot-mediatek: add support for CMCC RAX3000M
b209f45640 arm-trusted-firmware-mediatek: add emmc/spim-nand ddr4 build for mt7981
04cde73d56 treewide: fix MERCUSYS brand spelling
3223f31fd3 mbedtls: Activate secp521r1 curve by default
cfadbc090c image: fix image generation within ImageBuilder

OpenWrt now uses the new mbedTLS implementation for hostapd as well as
wpa_supplicant.

In order to keep as close to upstream as possible, use these
derivations.

Signed-off-by: David Bauer <mail@david-bauer.net>

Remove due to ticket #2939

These devices risk being bricked in a way that can not be recovered
without running full TFTP or serial recovery, as the flash ends up in a
read-only state with no way of upgrading to a fixed version.

Thus, remove the support for the time being. Don't just flag them as
BROKEN, as this would deliberately brick these boards when installating
such an image.

Signed-off-by: David Bauer <mail@david-bauer.net>

lantiq-xrx200: remove BROKEN target-flag

The generated CI changed due to the order in targets.mk.

No functional change.

Signed-off-by: David Bauer <mail@david-bauer.net>

This removes the BROKEN flag from the lantiq-xrx200 target.
The issues with the switch-driver have been resolved upstream

Link: https://github.com/openwrt/openwrt/pull/13638



Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: David Bauer <mail@david-bauer.net>

There is a new way to flash OpenWrt on the ASUS TUF AX4200 which does
not require to open the device.

Link: https://github.com/blocktrron/openwrt-asus-filogic-factory/releases/tag/filogic-v1



Signed-off-by: David Bauer <mail@david-bauer.net>

ci: dynamically set thread-count 

Collect some basic system information about the runners the CI jobs
run on. This is done iwth the intention to have diagnostics information
in advance in case builds fail spuriously in some instances.

Signed-off-by: David Bauer <mail@david-bauer.net>

Despite what GitHub states in their documentation, the runners feature a
different core count. Automatically set the build thread-count by the
amount of available CPU cores.

Link: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources



Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: Florian Maurer <f.maurer@outlook.de>

gluon-mesh-vpn: depend on simple-tc in implementation

treewide: remove stale migrations

modules: update to latest HEAD

gluon-mesh-vpn-core: remove old migration code

This code was added way back in 2017. We don't support updates from
those old versions, so we can remove it.

Signed-off-by: David Bauer <mail@david-bauer.net>

55aef54b7 nmap: backport fix to be able to compile it with OpenSSL 1.1
ea020233c iperf3-mt: new package
9d611efed dnsproxy: new features
542e8dae9 aircrack-ng: backport patch and move package to pcre2
3754fbdd3 aircrack-ng: bump to release 1.7
66774c3b3 pyodbc: Fix segmentation fault
9068bc76c speedtestcpp: update to 1.20.3
3b240b06f wavemon: bump to 9.5.0
4ae738408 libndpi: bump to release 4.8
a1f665fc9 haproxy: move to PCRE2
5a27d7d8b strongswan: Update to 5.9.11
f218d96e1 python3: Fix building C extensions with setuptools
4aaa4844f efibootmgr: Add armsr target support
41f5c318d  efivar: Add armsr target support
78b009fbd dmidecode: Add armsr target support
18061b655 zerotier: fix typo
6ab71e289 aircrack-ng: fix wrong inclusion of libbsd if detected
96e1b50f1 lighttpd: update to lighttpd 1.4.73 release hash
ec2255903 sing-box: update to v1.6.0
69db0bd91 rust: Fix compile error for mipsel_24kc+24kf
ca8eb766a rust: Fix compile error if build dir and DL_DIR on separate filesystems

7c43ced160 libnl: add support for cli
ec54022549 mediatek: add label-mac for GL.iNet GL-MT3000
610ae4d344 odhcpd: Bump to latest commits
8ed934f371 uboot-mediatek: fix global pll clock override on mtk_spim
250ab7b7a5 build: fix pkg-config detection when inside of a nix-shell
592aacc3d9 ci: add workflow for automated GitHub release
65a10c8230 hostapd: fix broken WPS on broadcom-wl and ath11k
21e5db97c4 build: add CycloneDX SBOM JSON support
4ef8899c7a package-dumpinfo,metadata: add ABI version information to package index
fdeb7d6dd0 package-metadata: add CPE information to JSON package manifests
21552a955a package-dumpinfo: add CPE information to package index
40203cdbde firewall4: update to the latest version
f34ccb10dd ucode: update to latest Git HEAD
51b1d5950e ucode: fix build on macos
b549880815 ucode: update to latest Git HEAD
41f27bbb6d bcm53xx: add the latest fix version of brcm_nvram
0dec0e0f19 kernel: fix mtd/NVMEM regression affecting U-Boot env NVMEM driver
20736013e9 kernel: backport nvmem v6.6 fixes and v6.7 changes
066971615f kernel: backport v6.6 nvmem changes
b649b0bf71 kernel: nvmem: fix "fixed-layout" & support "mac-base"
e465592155 urngd: update to version 2023-11-01
1157b8c1f1 uboot-mediatek: fix determine the size of an uImage.FIT using 'imsz' or 'imszb'.
89184b15cf mediatek: add build for MT7981 RFB
25bb84e273 uboot-mediatek: add build for mt7981 rfb
3f6e28e39c arm-trusted-firmware-mediatek: fix copy&paste error in Makefile
958817b1c3 kernel: serial: 8250_mtk: track busclk state to avoid bus error

modules: update to latest HEAD

Package name of mbedtls is not 'mbedtls' but 'libmbedtls'.

Signed-off-by: David Bauer <mail@david-bauer.net>

gluon-core: dont fail on unset interface role

gluon-status-page: html: improve accessibility

OpenWrt does not ship with WolfSSL anymore. Instead mbedTLS is shipped
by default.

We can remove the default removal of WolfSSL packages, as they are not
included by default anymore.

Signed-off-by: David Bauer <mail@david-bauer.net>

In case no interface role was selected for a given interface,
gluon-reconfigure currently fails with

Configuring: 021-interface-roles
/usr/bin/lua: /usr/lib/lua/gluon/util.lua:25: bad argument #1 to 'pairs' (table expected, got nil)
stack traceback:
	[C]: in function '?'
	/usr/lib/lua/simple-uci.lua:22: in function 'foreach'
	./021-interface-roles:47: in main chunk
	[C]: ?

Check we actually have a role set before accessing the table.

Signed-off-by: David Bauer <mail@david-bauer.net>

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

google-lighthouse:
Warning: Consider avoiding viewport values that prevent users from resizing documents.

Rule ID: meta-viewport
Accessibility:
Ruleset: axe-core 4.4
User Impact: Critical
Guidelines: WCAG 2.1 Best Practice, WCAG 2.0 Best Practice

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 879dcbb708d40f8b8679d4f7941b938a086e23a7 to 62339db73c56dd749060f65a6ebb93a6e056b755.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/879dcbb708d40f8b8679d4f7941b938a086e23a7...62339db73c56dd749060f65a6ebb93a6e056b755

)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/login-action](https://github.com/docker/login-action) from b4bedf8053341df3b5a9f9e0f2cf4e79e27360c6 to 1f401f745bf57e30b3a2800ad308a87d2ebdf14b.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/b4bedf8053341df3b5a9f9e0f2cf4e79e27360c6...1f401f745bf57e30b3a2800ad308a87d2ebdf14b

)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [korthout/backport-action](https://github.com/korthout/backport-action) from 1.4.0 to 2.0.0.
- [Release notes](https://github.com/korthout/backport-action/releases)
- [Commits](https://github.com/korthout/backport-action/compare/v1.4.0...v2.0.0

)

---
updated-dependencies:
- dependency-name: korthout/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4c1b68d83ad20cc1a09620ca477d5bbbb5fa14d0 to fdf7f43ecf7c1a5c7afe936410233728a8c2d9c2.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/4c1b68d83ad20cc1a09620ca477d5bbbb5fa14d0...fdf7f43ecf7c1a5c7afe936410233728a8c2d9c2

)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The vpn-core package does not utilize simple-tc anymore.
This is now up to the VPN implementations.

Signed-off-by: David Bauer <mail@david-bauer.net>

Remove old migrations which are due to be removed.

Signed-off-by: David Bauer <mail@david-bauer.net>

2cf0156 libplatforminfo: handle armsr target

83ef378 nodogsplash: explicit file copy
eb2a29e nodogsplash: update to version 5.0.2

be1804da8 tor: update to 0.4.8.7 stable
c214bc111 zabbix: move to PCRE2 library
876f3fa5b postfix: move to PCRE2 library
f2fb6c561 postfix: bump to 3.8.2 release
08670d65c knot: patch enabling PKCS11 related code only if PKCS11 is available
89f92abc3 knot: update to version 3.3.2
2cc3f40b6 fdm: update to 2.2 release and switch to PCRE2
69d10e78e tvheadend: drop support for PCRE
8e4d2a7a6 tvheadend: add dependency on gettext (host)
ba3a2c198 tvheadend: update to 2023-06-05
ae7e40514 freeradius3: switch to pcre2
7226eb4fa freeradius3: Update to 3.0.26
f304110d0 travelmate: release 2.1.1-2
6db87db0a travelmate: release 2.1.1
2ff4bbaa5 ngtcp2: update to 1.0.1
235df4a22 dnsproxy: Update to 0.56.2
9af082dbc rclone: Update to 1.64.2
c37c2c5e0 rclone: Update to 1.64.1
f804ce20d https-dns-proxy: bugfix: crashes on logging from upstream
2f40f153b curl: prepare for HTTP/3 support
101ef86ee ngtcp2: add new package
e9bc3a70d nghttp3: add new package
273132baa snowflake: update to 2.7.0
b441feedf sing-box: update to v1.5.4
2dd9b92c1 transmission: update to 4.0.4
30fdc34b9 transmission: fix depends on libmbedtls
e458d26df exim: update to version 4.96.2
f4406635c cryptsetup: update to version 2.6.1
a5aa83ea2 lvm2: update LVM2 to 2.03.22 and DM to 1.02.196
8ef1ea882 https-dns-proxy: bugfix: prevent crashes on IPv6 systems
8ca88fc77 tor: fix daemon reloading
29837902d tor: update to 0.4.8.4 stable
1350b323b stress-ng: backport immintrin.h header detection for GCC 13
6d52a2476 stress-ng: bump to version 0.17.00
2b6d8fff1 stress-ng: bump to version 0.15.10
94be9cc19 shadowsocks-libev: convert to PCRE2
f14a03638 ooniprobe: remove unused package
a566154df micropython-lib: move to PCRE2
9f4329153 conntrack-tools: update to 1.4.8
2d5990822 adblock-fast: bugfix: allow command
985d0af6e rust: fix build with glibc, ARM and hard floats
e9d12e379 shairport-sync: fix init script
fb0c43164 net-snmp: backport patch fixing memory leak for PCRE2
3658011d9 node: Friday October 13 2023 Security Releases
f8753b970 ddns-scripts: add ddns-scripts-utils package
c34885d8b ddns-scripts: desec.io - update url to https
a56540e73 ddns: Prevent clearing of desec.io entries
8a5dd0672 https-dns-proxy: bugfix: logging crashing instances on ath79
156c8ab3b dnsdist: update to 1.8.2
f9b72c115 dnsdist: update to 1.8.1
d2599b8f2 dnsdist: Move the configuration to Config.in
c0ce509c4 dnsdist: Split in two packages `dnsdist` and `dnsdist-full`
bad939906 h2o: ABI-breaking patch for CVE-2023-44487
cadf429a4 h2o: Build libh2o-evloop without yaml support
d1c12e082 nghttp2: fix CVE-2023-44487
e67bba368 lighttpd: update to lighttpd 1.4.72 release hash
c42f1261f zsh: use autoreconf PKG_FIXUP to configure
45498f4b8 zsh: backport PCRE2 patches and move to it
b8fe33cd2 golang: Update to 1.21.3
2fa541608 samba4: Update to version 4.18.8
1465e81a4 dnsproxy: Update to 0.56.1
54c8035cf rust: update to 1.73.0
58ade934e kmod: update to 31
8d06c50d5 snowflake: update to 2.6.1
c09ba4e6e node: bump to v18.18.1
0e6ceb80f cni-protocol: update protocol
7fe0677d0 podman: update to 4.7.1
c01ce827d aardvark-dns: update to 1.8.0
e07515df0 netavark: update to 1.8.0
a38348e64 slirp4netns: update to 1.2.2
35f99480c crun: update to 1.9.2
3fd6e9e05 conmon: update to 2.1.8
6544ab791 python-setuptools-rust: Set cargo profile from environment variable
6bded4a1f rust: Set release profile settings
74b970fbc rust: Add option to use sccache
236da17e6 rust: Use make's jobserver when building packages
185f27789 rust: Consolidate cargo environment variables
9762480e0 rust: Move CARGO_HOME to $(DL_DIR)/cargo
a9e98ed2d rust: Move cargo config options into environment variables
c3247d59e rust: Install to $(STAGING_DIR)/host
b7a65dba3 rust: Improve Host/Install speed
a80300210 rust: Cache bootstrap downloads to $(DL_DIR)/rustc
7a947aa22 rust: Add RUST_HOST_FEATURES for host builds
6f2cba3ef rust: Use build host Python
12be20d0c python-zope-interface: Update to 6.1, refresh patch