[gentoo-commits] repo/gentoo:master commit in: sys-kernel/gentoo-kernel/

Thu, 11 May 2023 12:26:29 -0700 

commit:     87ac09b70f4f42914fcd5a0af5f94b4c8f3e8efc
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Thu May 11 08:02:07 2023 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Thu May 11 19:26:06 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87ac09b7

sys-kernel/gentoo-kernel: Backport CVE-2023-32233 fix to 5.15.110-r2

Signed-off-by: Michał Górny <mgorny <AT> gentoo.org>

 sys-kernel/gentoo-kernel/Manifest                  |   2 +
 .../gentoo-kernel/gentoo-kernel-5.15.110-r2.ebuild | 134 +++++++++++++++++++++
 2 files changed, 136 insertions(+)

diff --git a/sys-kernel/gentoo-kernel/Manifest 
b/sys-kernel/gentoo-kernel/Manifest
index 0444d400d4dc..7f32b8e9a534 100644
--- a/sys-kernel/gentoo-kernel/Manifest
+++ b/sys-kernel/gentoo-kernel/Manifest
@@ -8,6 +8,8 @@ DIST genpatches-5.15-114.base.tar.xz 4428092 BLAKE2B 
d48a687c2ee6e7127bec22dda70
 DIST genpatches-5.15-114.extras.tar.xz 3932 BLAKE2B 
17aa4f2062511ba4e8b73a3449fe6ca4a1edb6cd80ff3037501f0dd7496db9282554cb45857752436e5c1de194e30988a84122698e8a6c27fb2e80edfe20845b
 SHA512 
0bad9b065dd20cfc5436d7f449c0c79ca997be93db9fd1d3d7f1ce3929d7f73fa027a8c20475f5de770513211fca68cd2d0bca8c7fd8ba0daab15234c61e2ceb
 DIST genpatches-5.15-115.base.tar.xz 4432584 BLAKE2B 
a39251400e823a2e2cb5265981a3c243cd5ee5f294f77b23d022ea565ab78d507f64891b1076454aa24082034a89ad76d061fa898763820ea899bd18013a4347
 SHA512 
4e54fd61aaa960d813a7fe53e3669ae5d9e42bcb1b537189c7e03f3f66d72bc87ccd02c6fcb1e77c570168fbed6b1353e1bb5a50a21e41bd4667abdefd40b5c2
 DIST genpatches-5.15-115.extras.tar.xz 3932 BLAKE2B 
2cd277a80fa68517ed5b2494b8289fe24e651c70b85a3ec8badfc8d98b7f0ed487769e53be865bfcd77d4d3eb31519d3cd9d15174d3231d62b81bdc020ab7f62
 SHA512 
01abc3b127db13150b754dca3b891854454e5c907c2eac18761f5b68c7d90dd8fc7d8c44c82d83ac90ec6fcacb56c9363083bd1731ec5cbe0ec66c31fe815c14
+DIST genpatches-5.15-116.base.tar.xz 4433124 BLAKE2B 
1ace5f7ac7fe7dee5ca92c8228fa07f1abe85d92040adc0d2b83c2d5f55976c4ecfc0a3ed4575d5528db1eab14b65250d25d9fb28a880422385a45a887117820
 SHA512 
7346fe13050c49737f98e5ad7bdb848caf693b2e3129a7e9e382f1c6462242dcdae1fc7e184b10f7593159c7d6c3cd8bf69dd1d66abb604746871123424563f1
+DIST genpatches-5.15-116.extras.tar.xz 3928 BLAKE2B 
0130495424324f43fcb5f29b4178c56b43b01c4a7ca7a3b95ac07130f44d6875519d0ee79d9cf8a9912bd6c6d8bb81a0adcd17f27da1e59e24f19073d9a20cff
 SHA512 
ece809c981c8d2c5ed7ec66df69dec3920cc75e7e43145c0ca5dbc577e16cc58880d449d8503d1863974fd2fb707a403b5a9b5ad02d9835e01c45637fd6bcfd7
 DIST genpatches-5.4-246.base.tar.xz 5659072 BLAKE2B 
4b3f836c7e9f7f4d1cac0c735bbbb7751c0c165c826cbf549033c9e9fb85be3ccf45d480b0c8d80f7d980daaa1fb62265b600e24dee320673434333bec891e0c
 SHA512 
029102ba3170b99836ddf5e4a9a7101826eae3dcced431a7049e4c025ca6057f694c66f67a20d5b08a124275ed91aac3a0e1060ca2946fea54d68b251e61b478
 DIST genpatches-5.4-246.extras.tar.xz 1812 BLAKE2B 
78297c82519cf71230dc19d674d345cb40d8226adab6af53c0c3af7239f7a1464b8c89b51b62c509b33e8b2eb1a8c102b10146a8a6151ab5f069a1e00f8f6f8c
 SHA512 
13aa1321f559e01257926ef94dd023222c2be9225bb412424a4b4696c1e6d6abe3e7f29c375836e1f9986d496df89051a60c34e8f8070aa0bd556683a387e356
 DIST genpatches-5.4-248.base.tar.xz 5689960 BLAKE2B 
50714236c3fa565fb097577d8885ea6b0f6448061025221c317df2270877f70093446a79c60baa8247a80a481ee2475720836651cf2a83c31b13e0a59e6e30ed
 SHA512 
0850c79fe4bbb6752e2a9a316204638287107b72ed180d0f417b6d03fd9288305a221d1e085bc4da0fe7ed82790e29525bee72c288f5e6d876c306ef316f8d82

diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.110-r2.ebuild 
b/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.110-r2.ebuild
new file mode 100644
index 000000000000..f45f633a3dbc
--- /dev/null
+++ b/sys-kernel/gentoo-kernel/gentoo-kernel-5.15.110-r2.ebuild
@@ -0,0 +1,134 @@
+# Copyright 2020-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit kernel-build toolchain-funcs
+
+MY_P=linux-${PV%.*}
+GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 6 ))
+CONFIG_VER=5.15.19
+CONFIG_HASH=ec69da7a42b5b7c3da91572ef22097b069ddbd01
+GENTOO_CONFIG_VER=g7
+
+DESCRIPTION="Linux kernel built with Gentoo patches"
+HOMEPAGE="
+       https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
+       https://www.kernel.org/
+"
+SRC_URI+="
+       https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
+       
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
+       
https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
+       
https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
+               -> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
+       amd64? (
+               
https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64-fedora.config
+                       -> kernel-x86_64-fedora.config.${CONFIG_VER}
+       )
+       arm64? (
+               
https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-aarch64-fedora.config
+                       -> kernel-aarch64-fedora.config.${CONFIG_VER}
+       )
+       ppc64? (
+               
https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-ppc64le-fedora.config
+                       -> kernel-ppc64le-fedora.config.${CONFIG_VER}
+       )
+       x86? (
+               
https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-i686-fedora.config
+                       -> kernel-i686-fedora.config.${CONFIG_VER}
+       )
+"
+S=${WORKDIR}/${MY_P}
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~x86"
+IUSE="debug hardened"
+REQUIRED_USE="arm? ( savedconfig )"
+
+RDEPEND="
+       !sys-kernel/gentoo-kernel-bin:${SLOT}
+"
+BDEPEND="
+       debug? ( dev-util/pahole )
+"
+PDEPEND="
+       >=virtual/dist-kernel-${PV}
+"
+
+QA_FLAGS_IGNORED="
+       usr/src/linux-.*/scripts/gcc-plugins/.*.so
+       usr/src/linux-.*/vmlinux
+       usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg
+"
+
+src_prepare() {
+       local PATCHES=(
+               # meh, genpatches have no directory
+               "${WORKDIR}"/*.patch
+       )
+       default
+
+       local biendian=false
+
+       # prepare the default config
+       case ${ARCH} in
+               amd64)
+                       cp 
"${DISTDIR}/kernel-x86_64-fedora.config.${CONFIG_VER}" .config || die
+                       ;;
+               arm)
+                       return
+                       ;;
+               arm64)
+                       cp 
"${DISTDIR}/kernel-aarch64-fedora.config.${CONFIG_VER}" .config || die
+                       biendian=true
+                       ;;
+               hppa)
+                       return
+                       ;;
+               ppc)
+                       # assume powermac/powerbook defconfig
+                       # we still package.use.force savedconfig
+                       cp 
"${WORKDIR}/${MY_P}/arch/powerpc/configs/pmac32_defconfig" .config || die
+                       ;;
+               ppc64)
+                       cp 
"${DISTDIR}/kernel-ppc64le-fedora.config.${CONFIG_VER}" .config || die
+                       biendian=true
+                       ;;
+               x86)
+                       cp "${DISTDIR}/kernel-i686-fedora.config.${CONFIG_VER}" 
.config || die
+                       ;;
+               *)
+                       die "Unsupported arch ${ARCH}"
+                       ;;
+       esac
+
+       local myversion="-gentoo-dist"
+       use hardened && myversion+="-hardened"
+       echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || 
die
+       local 
dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"
+
+       local merge_configs=(
+               "${T}"/version.config
+               "${dist_conf_path}"/base.config
+       )
+       use debug || merge_configs+=(
+               "${dist_conf_path}"/no-debug.config
+       )
+       if use hardened; then
+               merge_configs+=( "${dist_conf_path}"/hardened-base.config )
+
+               tc-is-gcc && merge_configs+=( 
"${dist_conf_path}"/hardened-gcc-plugins.config )
+
+               if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then
+                       merge_configs+=( 
"${dist_conf_path}/hardened-${ARCH}.config" )
+               fi
+       fi
+
+       # this covers ppc64 and aarch64_be only for now
+       if [[ ${biendian} == true && $(tc-endian) == big ]]; then
+               merge_configs+=( "${dist_conf_path}/big-endian.config" )
+       fi
+
+       kernel-build_merge_configs "${merge_configs[@]}"
+}

Reply via email to