The firmware file for mt7601u (MediaTek MT7601U Wireless MACs) has
been moved to the mediatek/ folder by commit
8451c2b1 mt76xx: Move the old Mediatek WiFi firmware to mediatek
Address this by updating the location of the firmware file in our
linux-firmware Makefile generating the mt7601u-firmware package.
All other MediaTek Wi-Fi firmware files are supplied by OpenWrt's
own repository rather than being taken from linux-firmware.
Fixes: d53fe5d9ce ("linux-firmware: update to 20230515")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Package offloading firmware for MT7981 which has been added to
linux-firmware recently and became available in this release.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for
each board.
The vendor ships the device in two variants; one with and one without
eMMC; but both without static mac-addresses.
In order to assign both board types unique MAC addresses, fall back on
the same method used for the NanoPi R2S and R4S in case the EEPROM
chip is not present by generating the board MAC from the SD card CID.
[0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec
Similar too and based on:
commit b5675f500daf ("rockchip: ensure NanoPi R4S has unique MAC address")
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Synchronize the ath11k backports with the current ath-next tree.
This replaces the 160MHz with the upstreamed one, fixes 6GHz only WIPHY
registration, allows SAR usage on WCN6750 and plenty of REO fixes.
Signed-off-by: Robert Marko <robimarko@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Some devices like ZBT WE1326 and ZBT WF3526-P and some Netgear models need
to delay phy port initialization after calling the mt7621_pcie_init_port()
driver function to get into reliable boots for both warm and hard resets.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
It's reported that current memory detection code occasionally detects
larger memory under some bootloaders.
Current memory detection code tests whether address space wraps around
on KSEG0, which is unreliable because it's cached.
Rewrite memory size detection to perform the same test on KSEG1 instead.
While at it, this patch also does the following two things:
1. use a fixed pattern instead of a random function pointer as the magic
value.
2. add an additional memory write and a second comparison as part of the
test to prevent possible smaller memory detection result due to
leftover values in memory.
Fixes: 6d91ddf517 ("ramips: mt7621: add support for memory detection")
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This adds the MHI SBL callback that ath11k will utilize in order to
support multiple PCI cards or AHB+PCI combo which currently does not
work due to QRTR ID-s conflicting.
This is a prerequisite for the mac80211 patch targeting ath11k as it
uses MHI from kernel.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.
This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.
Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This can improve load balancing by pushing backlog (and RPS) processing
to separate threads, allowing the scheduler to distribute the load.
It can be enabled with: echo 1 > /proc/sys/net/core/backlog_threaded
Signed-off-by: Felix Fietkau <nbd@nbd.name>
