github themactep/thingino-firmware firmware-2026-03-16
on GitHub

20 hours ago

Changes in this release:

  • 2f53dc1 busybox: enable strings applet
  • 0598a56 thingino-libwebsockets: bump libwebsockets to 4.5.2 Make the libwebsockets version override unconditional so package builds use 4.5.2 even without selecting BR2_PACKAGE_THINGINO_LIBWEBSOCKETS directly. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 783b664 libwebsockets: add netlink sign-conversion patch Add 0002-fix-netlink-sign-conversion.patch to the 4.5.2 global patch set so the netlink signedness fixes apply in non-override builds. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • ddfe07c cameras: fix white light gpio definition for aoqee c1
  • 10b298a init: read data directly from uboot env
  • a0f2cef remove patches obsoleted by newer buildroot version
  • 11f7ff3 makefile: do not chmod buildroot
  • 275c849 buildroot: update to 2026.02 Update buildroot submodule from 2025.11.x to 2026.02 (tag: 2026.02, commit 52ee2f5644da5389634b2465f1dc31deb5a4807c). Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • a8c5cff webui: layout tweaks
  • 36b106b docs: send2gphotos
  • 0eccc84 docs: kernel 4.4
  • 16ed6e8 docs: shared host directory
  • e5f4313 docs: save agent's thought process for future reference
  • 0861af4 formatting
  • 30f0ba9 busybox: remove strings applet
  • 507ef9b copilot: extend instructions
  • 8fbc83c package/ingenic-sdk: update to 688d857 Update ingenic-sdk from 249f859 to 688d857 Hash change: 249f859b18589666ee16ff5328e0fd90a227119c -> 688d8570647c21f2ed075dd6bf553484c0b66712 Changelog: 8e74d4e: add sc2336p sensor driver for t31 (ported from t23) 688d857: add IQ file for sc2336p sensor for t31
  • 55abf66 package/thingino-onvif: update to 8fc2bd7 Update thingino-onvif from 8d2df21 to 8fc2bd7 Hash change: 8d2df21e9f040f31861dc64dbecc804e06b5fb0f -> 8fc2bd78b14373896e000dedd5ff3b2ea0d35438 Changelog: 435bbc0: ONVIF backchannel: use ch0 URI directly, remove profile URL fallback 8fc2bd7: add libtomcrypt artefacts to make clean
  • 669676c makefile: formatting
  • a559f30 webui: add support for thingino.json to info.cgi
  • e040e69 live555: patch onvif backchannel support for non-complient clients
  • 8d61213 docs: add onvif specs
  • 8be013f docs: add onvif specs
  • 5ec8e56 cameras: another round of env cleanup
  • 67a881f webui: reorganize files; use short option for launching mqttsub daemon
  • 96aeee7 copilot: extend instructions with overrides and basic rules
  • 9a5d3b9 mosquitto: add a preliminary mqtt subscription service with webui configuration
  • 1cef366 mosquitto: add mbedTLS broker support Rewrite mosquitto broker to use mbedTLS instead of OpenSSL for TLS, matching the mbedTLS backend already used by the client library. - 0002-broker-mbedtls.patch: full broker mbedTLS port - New src/net_mbedtls_broker.c/h: per-listener TLS context using mbedtls_ssl_config, srvcert, pkey, ca_chain; BIO callbacks over raw sockets; certificate CN extraction for logging - src/net.c: guard OpenSSL-specific code with WITH_TLS_OPENSSL - src/security_default.c: add WITH_TLS_MBEDTLS cert/key loading path - src/Makefile: add net_mbedtls_broker.o and tls_mbedtls.o for mbedtls - All other broker sources: ifdef guards for OpenSSL vs mbedTLS paths - mosquitto-override.mk: when broker+mbedtls, exclude apps/mosquitto_ctrl and apps/mosquitto_passwd from build (both require OpenSSL) Broker is opt-in via BR2_PACKAGE_THINGINO_MOSQUITTO_BROKER=y in defconfig. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 6e3ab62 webui: formatting
  • 677f522 httpd-ssl: fix indentation
  • 3899018 fixes to the second sensor handling
  • e58241d prudunt: move docs and test to prudynt repo
  • e2ebcf4 portal: make it work with uhttpd
  • ff98b35 webui: make ui buttons more responsive, update state immediately on chanage, reverify with heartbeats
  • 580193c webui: fix json-config-admin.cgi send_json response format Replace non-standard HTTP/1.1 status line and broken Content-Length header with correct CGI Status: header, matching the pattern used by other CGI scripts. This fixes the 502 Bad Gateway error on the config-admin.html page.
  • 7fed752 prudynt-t: add daynight pitch-black startup fix docs and tests Add documentation and a host-runnable test suite for the pitch-black startup bug fix in the prudynt-t day/night algorithm. docs/DAYNIGHT_PITCH_BLACK_STARTUP_FIX.md Describes the four bugs (TC-2/3/4/8b), their root causes, the three fixes applied (hysteresis decay, 2-confirm initial mode, fallback timeout), timing impact table, and how to run the tests. tests/test_daynight_algo.cpp Self-contained C++17 simulation of DayNightWorker's simple-gain loop with 10 test cases (21 assertions) covering all bug and fix scenarios. Build and run on the host with: g++ -std=c++17 test_daynight_algo.cpp -o test_daynight_algo && ./test_daynight_algo Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 1fdf6b1 uhttpd: increase CGI workers from 2 to 20, connections from 50 to 100 -n 2 allowed only 2 simultaneous CGI instances. With json-heartbeat.cgi (and potentially other SSE streams) permanently holding slots, regular CGI requests like pan/tilt motor commands had no available worker and would queue indefinitely, appearing as 'pending' in the browser. Increase -n from 2 to 20 to accommodate persistent SSE connections (heartbeat, motor-stream, timegraph) plus concurrent API requests. Increase -N from 50 to 100 to match the higher concurrency. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • d4f5b81 webui: add Connection: close to all remaining CGI response headers All CGI scripts that output HTTP responses without Content-Length were missing Connection: close, causing fetch requests to hang indefinitely under uhttpd (which uses HTTP/1.1 keep-alive by default). Covers all response patterns: - heredoc-style send_json() functions (firmware-reset, info, config-, tool-, etc.) - printf-style header blocks (login, session-status, api-key, logout, etc.) - echo-style headers (json-prudynt, json-telegrambot, ctl-telegrambot, restart-prudynt, etc.) - inline one-liner printf headers (json-motor-params, json-prudynt-save, json-send2, etc.) - redirect responses (restore, reboot, run) dl2.cgi is exempt as it already sets Content-Length. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 9b8a23f webui: add Connection: close to CGI json_header responses uhttpd uses HTTP/1.1 keep-alive by default. Without Content-Length or Connection: close, uhttpd cannot determine when a CGI response body ends, causing fetch requests to hang in pending state indefinitely. Add Connection: close to json_header() in all JSON CGI scripts so uhttpd knows to close the connection after the response, signalling the end of the response body to the client. Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 8ce01dd refactor video storage garbage collector
  • 5044122 webserver: switch to uhttpd with ssl support (not enforced)
  • d195a87 thingino-uhttpd: disable CGI script timeout (-t 0) to fix SSE streams uhttpd's -t flag sets script_timeout: a hard wall-clock timer started at CGI process spawn. With -t 30, uhttpd kills every CGI after 30 seconds regardless of I/O activity. SSE endpoints (json-heartbeat.cgi, json-motor-stream.cgi, json-timegraph-stream.cgi) are long-lived streaming processes that must run until the client disconnects. The 30-second kill caused a 30-second disconnect/reconnect loop in the browser's EventSource after the earlier fix removed the duplicate Connection header (which had caused a 10-second loop via Keep-Alive: timeout=10 misinterpretation). Set -t 0 to disable script_timeout. proc.c checks script_timeout > 0 before arming the timer, so 0 safely disables it for all CGI scripts.
  • ec367d2 webui: remove Connection: keep-alive from SSE CGI headers uhttpd already adds Connection: Keep-Alive + Keep-Alive: timeout=10 for all HTTP/1.1 keepalive requests. The CGI scripts were also setting Connection: keep-alive, creating duplicate Connection headers. Chrome interprets the duplicate as listing keep-alive as a hop-by-hop header, making Keep-Alive: timeout=10 apply to the SSE stream itself. This causes EventSource connections to be closed after 10 seconds, firing onerror and reconnecting in a loop. Remove Connection: keep-alive from json-heartbeat.cgi, json-motor-stream.cgi, and json-timegraph-stream.cgi.
  • b73c975 thingino-webserver: add busybox httpd config fragment When BR2_PACKAGE_THINGINO_WEBSERVER_BUSYBOX is selected, inject a BusyBox kconfig fragment enabling all required httpd features: CGI, basic auth, MD5 auth, ranges, proxy, gzip, etag, last-modified, date, ACL, URL encoding, error pages, and script interpreter support. Fragment is appended via BUSYBOX_KCONFIG_FRAGMENT_FILES in busybox-httpd-override.mk, included from thingino-overrides.mk.
  • 5aa1866 thingino-webserver: add busybox httpd config fragment When BR2_PACKAGE_THINGINO_WEBSERVER_BUSYBOX is selected, inject a BusyBox kconfig fragment enabling all required httpd features: CGI, basic auth, MD5 auth, ranges, proxy, gzip, etag, last-modified, date, ACL, URL encoding, error pages, and script interpreter support. Fragment is appended via BUSYBOX_KCONFIG_FRAGMENT_FILES in busybox-httpd-override.mk, included from thingino-overrides.mk.
  • 417196e thingino-httpd-ssl: switch cert generation to ECDSA, add IP SAN The preferred_ciphers list in httpd-ssl.c is ECDSA-only (ECDHE_ECDSA_*). Generating an RSA cert caused alert 40 (handshake_failure) immediately - no cipher could be negotiated. Switch mbedtls-certgen call to ECDSA P-256 (-s 256 -t ecdsa) to match. Also auto-detect the primary IPv4 and pass -i to include an IP SAN, consistent with the uhttpd cert gen fix.
  • 3af214d add httpd-ssl package
  • 135d40c webserver: install httpd-ssl proxy along with busybox httpd
  • 8bc5a66 httpd-ssl: fix path to service file
  • 6458515 mbedtls-certgen: add SAN + BasicConstraints; S60uhttpd: pass IP to certgen mbedtls-certgen was generating certificates with an empty extensions block, which Chrome rejects with ERR_CERT_INVALID (no bypass possible). Add SubjectAltName (DNS:, optional IP:) and BasicConstraints (CA:FALSE) extensions using mbedtls_asn1_write_* and mbedtls_x509write_crt_set_basic_constraints(). Add -i/--ip option to pass an IP address for the IP SAN entry. S60uhttpd: auto-detect the primary non-loopback IPv4 via 'ip addr show' and pass it as -i to mbedtls-certgen so generated certs include an IP SAN matching the camera's current address.
  • a5dde5e ustream-ssl: fix getrandom() fallback for kernel < 3.17, cap TLS to 1.2 getrandom() was added in Linux kernel 3.17. On older kernels (e.g. Ingenic T31X at 3.10.14), it returns -ENOSYS causing MBEDTLS_ERR_ENTROPY_SOURCE_FAILED on every TLS handshake attempt. Fix _random() to retry on EINTR, and fall through to /dev/urandom when getrandom() is unavailable (ENOSYS). Also fix the NULL check on the FILE* before fread() to avoid crashing if open fails. Additionally, cap TLS to 1.2 for server contexts when built against mbedtls 3.x. TLS 1.3 with PSA crypto hangs during handshake on this embedded MIPS target. Use correct version check (#if MBEDTLS_VERSION_NUMBER >= 0x03000000) since MBEDTLS_SSL_VERSION_TLS1_2 is an enum value, not a preprocessor define.
  • 0c9942a httpd-ssl: fix for modern mbedtls
  • 8c1a8e3 webui: add video record garbage collector
  • f0f32c1 portal lua: remove deprecated wlan ap configuration routine
  • 94b68cf webui: bypass authentication for trusted ip addresses
  • e6f3830 webui: wire sun tracking fields in photosensing config - Add daynight.sun.{enabled,latitude,longitude,sunrise_offset,sunset_offset} fields to the By Sun section, namespaced as daynight_sun_* to match existing daynight.* pattern and save to prudynt.json - Load/apply sun fields from prudynt response; default to enabled when prudynt has no sun key yet - Add 'Use my location' button with geolocation fallback chain: 1. navigator.geolocation (works on HTTPS/Firefox) 2. ipapi.co IP geolocation (fallback on HTTP/Chrome) 3. 'Find manually' link to my-coordinates.com Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com
  • 838699a makefile: make user local directory configurable in environment
  • 8653344 libunistring: fix compilation with gcc15
  • 226e7bd add subzeroclaw package
  • 0ffb57f webui: add lua variants for streamer support
  • b3a2836 busybox: slim down removing unused features
Check out latest releases or
releases around themactep/thingino-firmware firmware-2026-03-16

Don't miss a new thingino-firmware release

NewReleases is sending notifications on new releases.

Get notifications