github themactep/thingino-firmware firmware-2026-03-15
on GitHub

2 hours ago

Changes in this release:

  • 4d20fdf package/jsonpath: update to e3f6a41 Update jsonpath from e5a07f4 to e3f6a41 Hash change: e5a07f468508f5e599723373445d442623ece70d -> e3f6a4160ba2e4806fead60e535e4fba0f8d06be Changelog: e086664: lexer: fix a minor memleak in jp_get_token()/match_token() b17c31f: main: exit 1 on getopt() errors e3f6a41: main: exit 1 when showing the usage
  • 1def397 package/mosquitto-20x: bump to 2.0.23 Update legacy shadow package to mosquitto 2.0.23, refresh source hash, and switch source URL to upstream releases where 2.0.23 is available. Refresh mbedtls patch hunks for 2.0.23 source drift and keep rebuild passing for wyze_cam3_t31x_gc2053_atbm6031. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • d998811 package: split mosquitto packages by version Convert legacy 20x into a standalone shadow package pinned to 2.0.22 with local mbedtls patches, and keep 2.1.2 in its own wrapper/override package. This removes legacy coupling to Buildroot BR2_PACKAGE_MOSQUITTO and updates defaults to select 20x by default. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 6eda4b6 package/faac: update to 72ee46a Update faac from 17da360 to 72ee46a Hash change: 17da3609662caef12a57f49d2324ff3a1923748b -> 72ee46a5d2e0272ebd6c3cc97bb9d0882aa09ae9 Changelog: 72ee46a: Remove Digital Radio Mondiale (DRM) support (#81)
  • 2f5e893 webui: handle password via a base64 payload to avoid transcoding
  • f47e2e4 sysupgrade: take care of an absent value
  • bfa22a4 Fix gpio_default configuration (#1109)
  • 90827cd record manager: expand host name in path
  • 9f4c30e recordmgr: add debug mode logging Add a debug mode to recordmgr with verbose syslog output for config, skip reasons, and cleanup decisions. Wire init script support for recorder.debug by passing --debug at startup. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • f860950 Update issue templates
  • 903355a mosquitto: add mbedtls to broker
  • 84b4193 wifi-atbm6132u: bump with a firmware file path fix
  • 5018849 curl: add missing curl binary
  • 78e1d41 mosquitto: bump to 2.1.2
  • c9b61d3 webui: add controls to disable rtsp streams
  • 0501298 sysupgrade: check for upgrade completion flag directly from env
  • 7e70c8c Update buildroot to latest version
  • 6ed2e12 make: fix handling of user settings
  • ad412dc webui: remove disabling viden on an rtsp stream. use /mic endpoint instead
  • c4cc801 libcurl: convert to a virtual override to piggyback buildroot versions
  • 13e0aab uhttpd: fix premature connection closing on requests to onvif cgi
  • 654ef4c Update buildroot to latest version
  • eca02b3 cameras: remove personal overrides for wireguard package
  • 5850593 aoqee c1: correct definition of white light pin
  • 2f45c8b wifi: do not run if a wired interface is present
  • 3928775 Add Home Assistant integration with MQTT support (#1103) * Add Home Assistant integration with MQTT support - Implemented ha-discovery script for MQTT auto-discovery of camera entities. - Created ha-state script to publish current camera state to MQTT. - Added Makefile for installation of Home Assistant related files. - Developed config-ha.js for managing Home Assistant settings in the web UI. - Updated navigation to include Home Assistant configuration page. - Created config-ha.html for Home Assistant settings interface. - Implemented json-config-ha.cgi for handling Home Assistant configuration via API. * fix PR review issues: move ha config to package, quote creds, enable globally
  • d0924af odhcp6c: move update script to /lib/netifd/dhcpv6.script Match the script path expected by updated odhcp6c from openwrt.
  • 2f53dc1 busybox: enable strings applet
  • 69c2b16 busybox: enable strings applet
  • 69a52e1 wireguard: add a watchdog
  • 90380a8 webui: add ntpd runtime info
  • 47dad4c package/faac: update to 17da360 Update faac from f7ae97b to 17da360 Hash change: f7ae97b3ec40694de07e4866838f8b186ab694f3 -> 17da3609662caef12a57f49d2324ff3a1923748b Changelog: 17da360: refactor the hot path for writing bits to the output stream (#80)
  • c393e6e webui: fixes and layout tweaks
  • 493a065 webui: add eslint configuration
  • a38a3b8 webui: massive clean up; refactor js to consolidate common functions
  • b4bd88c web ui: handle both plain password and psk from wpa_supplicant.conf
  • c38ae0e wifi: always convert plain password to psk before saving
  • 593e06e webui: increase maximum gain threshold in photosensing config (#1101) The SC3338 sensor is able to reproduce a mostly clear image even with a gain of 35000.
  • abae3cd package: convert thingino-v4l2loopback to override Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 1fcd9d7 Update buildroot to latest version
  • ba5526c streamer: bump
  • 7a0c418 prudynt: add photosensing data collection on start
  • 7c5e2b0 prudynt-t: add a crash watch script for debugging
  • 7ee5ae2 webui: preload daynight cache and stream sensor data from prudynt events
  • ade95f6 cameras: add experimental profile for cinnado d1 t41nq
  • 1d3811c wifi atbm6132u: add a temporary fork with fixes for kernel 4.4
  • 67fd195 streamer: remove audio parameters overrides for wyze cameras
  • 35e19c6 prudynt-t: raise default audio buffer headroom Increase default audio queue warn/cap frames to reduce timestamp-jump pressure under load. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 5c1af4d thingino-libwebsockets: bump libwebsockets to 4.5.2 Make the libwebsockets version override unconditional so package builds use 4.5.2 even without selecting BR2_PACKAGE_THINGINO_LIBWEBSOCKETS directly. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 1661d0d libwebsockets: add netlink sign-conversion patch Add 0002-fix-netlink-sign-conversion.patch to the 4.5.2 global patch set so the netlink signedness fixes apply in non-override builds. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • ddfe07c cameras: fix white light gpio definition for aoqee c1
  • 5946f5f webui: sdcard: use base64 transport for error messages Format error output contains ANSI escape codes and control characters that corrupt the JSON response, causing json.parse failures in the browser. Encode error messages as base64 (message_b64) consistent with how other scripts transport command output.
  • f0bd01c change mdnsd parameters to use non-local interface; fixes portal login prompt
  • 10b298a init: read data directly from uboot env
  • a0f2cef remove patches obsoleted by newer buildroot version
  • 857eef8 makefile: do not chmod buildroot
  • 11f7ff3 makefile: do not chmod buildroot
  • 275c849 buildroot: update to 2026.02 Update buildroot submodule from 2025.11.x to 2026.02 (tag: 2026.02, commit 52ee2f5644da5389634b2465f1dc31deb5a4807c). Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • a8c5cff webui: layout tweaks
  • 36b106b docs: send2gphotos
  • 0eccc84 docs: kernel 4.4
  • 16ed6e8 docs: shared host directory
  • e5f4313 docs: save agent's thought process for future reference
  • 0861af4 formatting
  • 30f0ba9 busybox: remove strings applet
  • 507ef9b copilot: extend instructions
  • 8fbc83c package/ingenic-sdk: update to 688d857 Update ingenic-sdk from 249f859 to 688d857 Hash change: 249f859b18589666ee16ff5328e0fd90a227119c -> 688d8570647c21f2ed075dd6bf553484c0b66712 Changelog: 8e74d4e: add sc2336p sensor driver for t31 (ported from t23) 688d857: add IQ file for sc2336p sensor for t31
  • 55abf66 package/thingino-onvif: update to 8fc2bd7 Update thingino-onvif from 8d2df21 to 8fc2bd7 Hash change: 8d2df21e9f040f31861dc64dbecc804e06b5fb0f -> 8fc2bd78b14373896e000dedd5ff3b2ea0d35438 Changelog: 435bbc0: ONVIF backchannel: use ch0 URI directly, remove profile URL fallback 8fc2bd7: add libtomcrypt artefacts to make clean
  • 669676c makefile: formatting
  • a559f30 webui: add support for thingino.json to info.cgi
  • e040e69 live555: patch onvif backchannel support for non-complient clients
  • 8d61213 docs: add onvif specs
  • 8be013f docs: add onvif specs
  • 5ec8e56 cameras: another round of env cleanup
  • 67a881f webui: reorganize files; use short option for launching mqttsub daemon
  • 96aeee7 copilot: extend instructions with overrides and basic rules
  • 9a5d3b9 mosquitto: add a preliminary mqtt subscription service with webui configuration
  • 1cef366 mosquitto: add mbedTLS broker support Rewrite mosquitto broker to use mbedTLS instead of OpenSSL for TLS, matching the mbedTLS backend already used by the client library. - 0002-broker-mbedtls.patch: full broker mbedTLS port - New src/net_mbedtls_broker.c/h: per-listener TLS context using mbedtls_ssl_config, srvcert, pkey, ca_chain; BIO callbacks over raw sockets; certificate CN extraction for logging - src/net.c: guard OpenSSL-specific code with WITH_TLS_OPENSSL - src/security_default.c: add WITH_TLS_MBEDTLS cert/key loading path - src/Makefile: add net_mbedtls_broker.o and tls_mbedtls.o for mbedtls - All other broker sources: ifdef guards for OpenSSL vs mbedTLS paths - mosquitto-override.mk: when broker+mbedtls, exclude apps/mosquitto_ctrl and apps/mosquitto_passwd from build (both require OpenSSL) Broker is opt-in via BR2_PACKAGE_THINGINO_MOSQUITTO_BROKER=y in defconfig. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 6e3ab62 webui: formatting
  • 677f522 httpd-ssl: fix indentation
  • 28091cc crond: run tasks from memory
  • 3899018 fixes to the second sensor handling
  • e58241d prudunt: move docs and test to prudynt repo
  • e2ebcf4 portal: make it work with uhttpd
  • ff98b35 webui: make ui buttons more responsive, update state immediately on chanage, reverify with heartbeats
  • a942a8f prudynt: use dynamic buffers number calculation
  • 580193c webui: fix json-config-admin.cgi send_json response format Replace non-standard HTTP/1.1 status line and broken Content-Length header with correct CGI Status: header, matching the pattern used by other CGI scripts. This fixes the 502 Bad Gateway error on the config-admin.html page.
  • 7fed752 prudynt-t: add daynight pitch-black startup fix docs and tests Add documentation and a host-runnable test suite for the pitch-black startup bug fix in the prudynt-t day/night algorithm. docs/DAYNIGHT_PITCH_BLACK_STARTUP_FIX.md Describes the four bugs (TC-2/3/4/8b), their root causes, the three fixes applied (hysteresis decay, 2-confirm initial mode, fallback timeout), timing impact table, and how to run the tests. tests/test_daynight_algo.cpp Self-contained C++17 simulation of DayNightWorker's simple-gain loop with 10 test cases (21 assertions) covering all bug and fix scenarios. Build and run on the host with: g++ -std=c++17 test_daynight_algo.cpp -o test_daynight_algo && ./test_daynight_algo Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 1fdf6b1 uhttpd: increase CGI workers from 2 to 20, connections from 50 to 100 -n 2 allowed only 2 simultaneous CGI instances. With json-heartbeat.cgi (and potentially other SSE streams) permanently holding slots, regular CGI requests like pan/tilt motor commands had no available worker and would queue indefinitely, appearing as 'pending' in the browser. Increase -n from 2 to 20 to accommodate persistent SSE connections (heartbeat, motor-stream, timegraph) plus concurrent API requests. Increase -N from 50 to 100 to match the higher concurrency. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • d4f5b81 webui: add Connection: close to all remaining CGI response headers All CGI scripts that output HTTP responses without Content-Length were missing Connection: close, causing fetch requests to hang indefinitely under uhttpd (which uses HTTP/1.1 keep-alive by default). Covers all response patterns: - heredoc-style send_json() functions (firmware-reset, info, config-, tool-, etc.) - printf-style header blocks (login, session-status, api-key, logout, etc.) - echo-style headers (json-prudynt, json-telegrambot, ctl-telegrambot, restart-prudynt, etc.) - inline one-liner printf headers (json-motor-params, json-prudynt-save, json-send2, etc.) - redirect responses (restore, reboot, run) dl2.cgi is exempt as it already sets Content-Length. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 9b8a23f webui: add Connection: close to CGI json_header responses uhttpd uses HTTP/1.1 keep-alive by default. Without Content-Length or Connection: close, uhttpd cannot determine when a CGI response body ends, causing fetch requests to hang in pending state indefinitely. Add Connection: close to json_header() in all JSON CGI scripts so uhttpd knows to close the connection after the response, signalling the end of the response body to the client. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 8ce01dd refactor video storage garbage collector
  • 5044122 webserver: switch to uhttpd with ssl support (not enforced)
  • d195a87 thingino-uhttpd: disable CGI script timeout (-t 0) to fix SSE streams uhttpd's -t flag sets script_timeout: a hard wall-clock timer started at CGI process spawn. With -t 30, uhttpd kills every CGI after 30 seconds regardless of I/O activity. SSE endpoints (json-heartbeat.cgi, json-motor-stream.cgi, json-timegraph-stream.cgi) are long-lived streaming processes that must run until the client disconnects. The 30-second kill caused a 30-second disconnect/reconnect loop in the browser's EventSource after the earlier fix removed the duplicate Connection header (which had caused a 10-second loop via Keep-Alive: timeout=10 misinterpretation). Set -t 0 to disable script_timeout. proc.c checks script_timeout > 0 before arming the timer, so 0 safely disables it for all CGI scripts.
  • ec367d2 webui: remove Connection: keep-alive from SSE CGI headers uhttpd already adds Connection: Keep-Alive + Keep-Alive: timeout=10 for all HTTP/1.1 keepalive requests. The CGI scripts were also setting Connection: keep-alive, creating duplicate Connection headers. Chrome interprets the duplicate as listing keep-alive as a hop-by-hop header, making Keep-Alive: timeout=10 apply to the SSE stream itself. This causes EventSource connections to be closed after 10 seconds, firing onerror and reconnecting in a loop. Remove Connection: keep-alive from json-heartbeat.cgi, json-motor-stream.cgi, and json-timegraph-stream.cgi.
  • b73c975 thingino-webserver: add busybox httpd config fragment When BR2_PACKAGE_THINGINO_WEBSERVER_BUSYBOX is selected, inject a BusyBox kconfig fragment enabling all required httpd features: CGI, basic auth, MD5 auth, ranges, proxy, gzip, etag, last-modified, date, ACL, URL encoding, error pages, and script interpreter support. Fragment is appended via BUSYBOX_KCONFIG_FRAGMENT_FILES in busybox-httpd-override.mk, included from thingino-overrides.mk.
  • 5aa1866 thingino-webserver: add busybox httpd config fragment When BR2_PACKAGE_THINGINO_WEBSERVER_BUSYBOX is selected, inject a BusyBox kconfig fragment enabling all required httpd features: CGI, basic auth, MD5 auth, ranges, proxy, gzip, etag, last-modified, date, ACL, URL encoding, error pages, and script interpreter support. Fragment is appended via BUSYBOX_KCONFIG_FRAGMENT_FILES in busybox-httpd-override.mk, included from thingino-overrides.mk.
  • 417196e thingino-httpd-ssl: switch cert generation to ECDSA, add IP SAN The preferred_ciphers list in httpd-ssl.c is ECDSA-only (ECDHE_ECDSA_*). Generating an RSA cert caused alert 40 (handshake_failure) immediately - no cipher could be negotiated. Switch mbedtls-certgen call to ECDSA P-256 (-s 256 -t ecdsa) to match. Also auto-detect the primary IPv4 and pass -i to include an IP SAN, consistent with the uhttpd cert gen fix.
  • 3af214d add httpd-ssl package
  • 135d40c webserver: install httpd-ssl proxy along with busybox httpd
  • 8bc5a66 httpd-ssl: fix path to service file
  • 6458515 mbedtls-certgen: add SAN + BasicConstraints; S60uhttpd: pass IP to certgen mbedtls-certgen was generating certificates with an empty extensions block, which Chrome rejects with ERR_CERT_INVALID (no bypass possible). Add SubjectAltName (DNS:, optional IP:) and BasicConstraints (CA:FALSE) extensions using mbedtls_asn1_write_* and mbedtls_x509write_crt_set_basic_constraints(). Add -i/--ip option to pass an IP address for the IP SAN entry. S60uhttpd: auto-detect the primary non-loopback IPv4 via 'ip addr show' and pass it as -i to mbedtls-certgen so generated certs include an IP SAN matching the camera's current address.
  • a5dde5e ustream-ssl: fix getrandom() fallback for kernel < 3.17, cap TLS to 1.2 getrandom() was added in Linux kernel 3.17. On older kernels (e.g. Ingenic T31X at 3.10.14), it returns -ENOSYS causing MBEDTLS_ERR_ENTROPY_SOURCE_FAILED on every TLS handshake attempt. Fix _random() to retry on EINTR, and fall through to /dev/urandom when getrandom() is unavailable (ENOSYS). Also fix the NULL check on the FILE* before fread() to avoid crashing if open fails. Additionally, cap TLS to 1.2 for server contexts when built against mbedtls 3.x. TLS 1.3 with PSA crypto hangs during handshake on this embedded MIPS target. Use correct version check (#if MBEDTLS_VERSION_NUMBER >= 0x03000000) since MBEDTLS_SSL_VERSION_TLS1_2 is an enum value, not a preprocessor define.
  • 0c9942a httpd-ssl: fix for modern mbedtls
  • 8c1a8e3 webui: add video record garbage collector
  • f0f32c1 portal lua: remove deprecated wlan ap configuration routine
  • e7a8846 libcurl: bump to 8.18.0
  • 94b68cf webui: bypass authentication for trusted ip addresses
  • db23cab makefile: fix typo
  • e6f3830 webui: wire sun tracking fields in photosensing config - Add daynight.sun.{enabled,latitude,longitude,sunrise_offset,sunset_offset} fields to the By Sun section, namespaced as daynight_sun_* to match existing daynight.* pattern and save to prudynt.json - Load/apply sun fields from prudynt response; default to enabled when prudynt has no sun key yet - Add 'Use my location' button with geolocation fallback chain: 1. navigator.geolocation (works on HTTPS/Firefox) 2. ipapi.co IP geolocation (fallback on HTTP/Chrome) 3. 'Find manually' link to my-coordinates.com Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 6811866 make output directory root configurable from environment, default to inside the tree
  • 838699a makefile: make user local directory configurable in environment
  • 8653344 libunistring: fix compilation with gcc15
  • 226e7bd add subzeroclaw package
  • 1eb6d41 docker: change working directory to avoid contamination with user dotfiles
  • 0ffb57f webui: add lua variants for streamer support
  • 7cab72e odhcp6c: drop cmake patch. not needed with the newer buildroot package
  • 6d20310 buildroot: switch submodule to upstream master branch Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • eeb225d remove samples from user overlay. rename templates for clarity
  • b3a2836 busybox: slim down removing unused features
  • c887845 sync changes to cameras profiles with stable branch
Check out latest releases or
releases around themactep/thingino-firmware firmware-2026-03-15

Don't miss a new thingino-firmware release

NewReleases is sending notifications on new releases.

Get notifications