From f52becc4dd5f42ac0cc6df6999a1db9a589351db Mon Sep 17 00:00:00 2001 From: Dongsu Park Date: Tue, 1 Aug 2023 11:51:21 +0200 Subject: [PATCH] overlay sys-kernel/coreos-firmware: update to 20230625_p20230724 Update coreos-firmware to 20230625_p20230724, mainly to address CVE-2023-20593. Gentoo ref: 6390ce05738eac80fc06663a73ca6b22fdaee8d1 Fix issue of dealing with snapshot directory to avoid build failure. Specify correct symlinks to firmware files of CXGB4, ICE DDP. --- .../coreos-overlay/sys-kernel/coreos-firmware/Manifest | 2 +- ...build => coreos-firmware-20230625_p20230724.ebuild} | 0 .../coreos-firmware/coreos-firmware-99999999.ebuild | 10 ++++++++-- 3 files changed, 9 insertions(+), 3 deletions(-) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/{coreos-firmware-20230404.ebuild => coreos-firmware-20230625_p20230724.ebuild} (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest index 81dc979cab..fa71770299 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/Manifest @@ -1 +1 @@ -DIST linux-firmware-20230404.tar.xz 273105092 BLAKE2B 3bf6c4d5e501362613bdcb01c416a4ed8f818c48bc5875040aec05b63b570d156200ed85c7206d2075b9b0998aa4a358c0bcd5fa3abd3efcee145492b602db52 SHA512 815ee4c72396d9dcebd1e8a66cd63a523e3dcf623a06cb6d5d4df63a0830532c66f5c4564dd3c258ebe5072830a103800b7159d39d7a68cbb40d76abed399f9c +DIST linux-firmware-20230625_p20230724.tar.gz 441906566 BLAKE2B 5bed31d9ad78440bb12feeacb1ba27a07ad30b0eb8c7bfd03a4e7a7590012af1f9535a49fbf031abf79dd05ca90be79566f06db6f955910edfdca61281831c67 SHA512 daaf07422eb6f3e1b50f8a5dba5bfff747fe6750c0210ab798745f61d774eef7642ab45b9b404c668cf017d6b7fcf89c34bce9e6c77053b1b81f1a3498c5be18 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230404.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625_p20230724.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230404.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-20230625_p20230724.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild index 3d28074116..e562d2eed1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-firmware/coreos-firmware-99999999.ebuild @@ -10,7 +10,7 @@ inherit linux-info savedconfig # In case this is a real snapshot, fill in commit below. # For normal, tagged releases, leave blank -MY_COMMIT= +MY_COMMIT="59fbffa9ec8e4b0b31d2d13e715cf6580ad0e99c" if [[ ${PV} == 99999999* ]]; then inherit git-r3 @@ -18,6 +18,7 @@ if [[ ${PV} == 99999999* ]]; then else if [[ -n "${MY_COMMIT}" ]]; then SRC_URI="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/snapshot/${MY_COMMIT}.tar.gz -> linux-firmware-${PV}.tar.gz" + S="${WORKDIR}/${MY_COMMIT}" else SRC_URI="https://mirrors.edge.kernel.org/pub/linux/kernel/firmware/linux-firmware-${PV}.tar.xz -> linux-firmware-${PV}.tar.xz" fi @@ -59,7 +60,7 @@ RESTRICT="binchecks strip" # source name is linux-firmware, not coreos-firmware S="${WORKDIR}/linux-firmware-${PV}" -CXGB_VERSION="1.27.1.0" +CXGB_VERSION="1.27.3.0" ICE_DDP_VERSION="1.3.30.0" src_unpack() { @@ -67,6 +68,11 @@ src_unpack() { git-r3_src_unpack else default + # rename directory from git snapshot tarball + if [[ ${#MY_COMMIT} -gt 8 ]]; then + mv ${MY_COMMIT}/ linux-firmware-${PV} || die + fi + # Upstream linux-firmware tarball does not contain # symlinks for cxgb4 firmware files, but "modinfo # cxgb4.ko" shows it requires t?fw.bin files. These