commit: e6aa06039c5a87fc0c2e607c63437ce9285c5806 Author: Michał Górny <mgorny <AT> gentoo <DOT> org> AuthorDate: Thu May 11 08:02:02 2023 +0000 Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> CommitDate: Thu May 11 19:26:05 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6aa0603
sys-kernel/gentoo-kernel: Backport CVE-2023-32233 fix to 6.1.27-r2 Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> sys-kernel/gentoo-kernel/Manifest | 2 + .../gentoo-kernel/gentoo-kernel-6.1.27-r2.ebuild | 140 +++++++++++++++++++++ 2 files changed, 142 insertions(+) diff --git a/sys-kernel/gentoo-kernel/Manifest b/sys-kernel/gentoo-kernel/Manifest index 594c8115578f..0444d400d4dc 100644 --- a/sys-kernel/gentoo-kernel/Manifest +++ b/sys-kernel/gentoo-kernel/Manifest @@ -18,6 +18,8 @@ DIST genpatches-6.1-30.base.tar.xz 1467496 BLAKE2B 7e442668319addb39f4812669463c DIST genpatches-6.1-30.extras.tar.xz 3812 BLAKE2B 8797213e32516d6f5cd88061574201951f5803f9e26e0662eae391704521c9530c47bcf2498a469b3e8f0696a1fa1a329fa097e983476ae4aaf38af465c1593e SHA512 58f4e9d6791b3e9903703349f4cb5456fe2e4d871cdf6f7c3dcf0338982c55c82c1da80b65a768d8efd2d992386c176821f4858aedaefcfc4b293c55a7aa8a1a DIST genpatches-6.1-31.base.tar.xz 1473456 BLAKE2B 2bee72cc97ba8a27bab8f69ab11ca7ac3aab81c9d9a00a8cdbe4ab6a50a378d6ea0de3b825ea2acc2fc3cac900b5bb2c3dd7e652a38f804237bb478020be9b5b SHA512 da57c6f5495b0768807c064f7045a19f0d6cb1d90150b6987d6ea0e21756668fb29fdd40329061acfcb923ac3d1dda2144853c33fe5f1bb5d21df05fd30bac65 DIST genpatches-6.1-31.extras.tar.xz 3812 BLAKE2B 2d599eba0488cce5ff711080e61cc94aef9265c710c5b68ca7badb4a13147cf8f19e4660988321a0f929a3d3a9dd78adf30f905d4eeb63de4e45f41bc5063fd3 SHA512 87db9b58bb212c5182927012b95d04628dec1cb884cf52b83c566fc52262a5684dcea298260233f8a02974b30640f538754893b2c87cb34a71b5d7674b482ae2 +DIST genpatches-6.1-32.base.tar.xz 1474460 BLAKE2B 43060d16a84ca2c65ef9d7447747e6b857423134fd518e05c3c052bf5c664c9a0f8af97b84e7d911c84766cf478b71695537a3c56a367589bf37adaac032a7e0 SHA512 cf8bd867d09b68a197368c546ffa4c626b1c30f0f7a63138129d3abe8a0479c88717dff6ea0a79c53d7f108d2a1fedc433b7b2088e20f082be921701e5d7d790 +DIST genpatches-6.1-32.extras.tar.xz 3808 BLAKE2B b697db5da31e471ab0af978e722c12ca2d8c5cc371f1d4c2d11c5816b34b479e6ac17f1cd9ab26826bacb065e0a254e18b767c9cfcc12fb16c40f9d73aa1e3d9 SHA512 9113f7505f8dd5a535e2550863dc8d69a6961fc4180d5a7b77206a397db570571f083e39f6be87da072b588e4a2d1b9c1e4b2a725172c9a799b3dc8e88542f66 DIST genpatches-6.2-15.base.tar.xz 763032 BLAKE2B b933b63ddc6d19f47ba58d5a5884ffc63f533f9008b22788276d0b096f3f13ab9eeadb82deb1d37de1ac77aef082f2f10f9eded0461d31ad17165712e696d175 SHA512 6f3bb8fb4dcee4539ebf58d99b4c8b42618366b684c202ff4fe60ee3e8581175ac0337290c1ac24e9e3b552145c760ed7a65f405665c437d76f4922efd810fc9 DIST genpatches-6.2-15.extras.tar.xz 3808 BLAKE2B 6134125180afd914169eb329f5d9ec8f3f9fbd3ff61a0266200defdae573a62b39ba557c2a815229344ac762786715a6193ce3cb9c3ed08d07a87d83427ab107 SHA512 857e513619ab77e79461a337c02e9fa9fbb63ee9a837eef438b1e5af3c8c856867c738b0b28f21a8035a5e1b963eb8c13507223ad6a251f5320da67aeaeb595d DIST genpatches-6.2-16.base.tar.xz 768864 BLAKE2B e852e0feb635be67bbf0da77ca6c946abb4fdad1b7b6a6e72c350b7705c4c1edeaa152f8b5ab70e4089bec80de805dc4a506ca60f74f53d3572b3ad0214bcec8 SHA512 2ea683e51835696d825977f65d93b9c25259f59499669bbddbfadc1573e6510b46e916c4e4922d5c62bd64ecda992615fbdb076f5c50648debfe2f9f05e1974f diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-6.1.27-r2.ebuild b/sys-kernel/gentoo-kernel/gentoo-kernel-6.1.27-r2.ebuild new file mode 100644 index 000000000000..d77da3bdbc2e --- /dev/null +++ b/sys-kernel/gentoo-kernel/gentoo-kernel-6.1.27-r2.ebuild @@ -0,0 +1,140 @@ +# Copyright 2020-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit kernel-build toolchain-funcs + +MY_P=linux-${PV%.*} +GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 5 )) +# https://koji.fedoraproject.org/koji/packageinfo?packageID=8 +# forked to https://github.com/projg2/fedora-kernel-config-for-gentoo +CONFIG_VER=6.1.7-gentoo +GENTOO_CONFIG_VER=g7 + +DESCRIPTION="Linux kernel built with Gentoo patches" +HOMEPAGE=" + https://wiki.gentoo.org/wiki/Project:Distribution_Kernel + https://www.kernel.org/ +" +SRC_URI+=" + https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz + https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz + https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz + https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz + -> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz + amd64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-x86_64-fedora.config + -> kernel-x86_64-fedora.config.${CONFIG_VER} + ) + arm64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-aarch64-fedora.config + -> kernel-aarch64-fedora.config.${CONFIG_VER} + ) + ppc64? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-ppc64le-fedora.config + -> kernel-ppc64le-fedora.config.${CONFIG_VER} + ) + x86? ( + https://raw.githubusercontent.com/projg2/fedora-kernel-config-for-gentoo/${CONFIG_VER}/kernel-i686-fedora.config + -> kernel-i686-fedora.config.${CONFIG_VER} + ) +" +S=${WORKDIR}/${MY_P} + +LICENSE="GPL-2" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~riscv ~x86" +IUSE="debug hardened" +REQUIRED_USE="arm? ( savedconfig ) + hppa? ( savedconfig ) + riscv? ( savedconfig )" + +RDEPEND=" + !sys-kernel/gentoo-kernel-bin:${SLOT} +" +BDEPEND=" + debug? ( dev-util/pahole ) +" +PDEPEND=" + >=virtual/dist-kernel-${PV} +" + +QA_FLAGS_IGNORED=" + usr/src/linux-.*/scripts/gcc-plugins/.*.so + usr/src/linux-.*/vmlinux + usr/src/linux-.*/arch/powerpc/kernel/vdso.*/vdso.*.so.dbg +" + +src_prepare() { + local PATCHES=( + # meh, genpatches have no directory + "${WORKDIR}"/*.patch + ) + default + + local biendian=false + + # prepare the default config + case ${ARCH} in + amd64) + cp "${DISTDIR}/kernel-x86_64-fedora.config.${CONFIG_VER}" .config || die + ;; + arm) + return + ;; + arm64) + cp "${DISTDIR}/kernel-aarch64-fedora.config.${CONFIG_VER}" .config || die + biendian=true + ;; + hppa) + return + ;; + ppc) + # assume powermac/powerbook defconfig + # we still package.use.force savedconfig + cp "${WORKDIR}/${MY_P}/arch/powerpc/configs/pmac32_defconfig" .config || die + ;; + ppc64) + cp "${DISTDIR}/kernel-ppc64le-fedora.config.${CONFIG_VER}" .config || die + biendian=true + ;; + riscv) + return + ;; + x86) + cp "${DISTDIR}/kernel-i686-fedora.config.${CONFIG_VER}" .config || die + ;; + *) + die "Unsupported arch ${ARCH}" + ;; + esac + + local myversion="-gentoo-dist" + use hardened && myversion+="-hardened" + echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die + local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}" + + local merge_configs=( + "${T}"/version.config + "${dist_conf_path}"/base.config + ) + use debug || merge_configs+=( + "${dist_conf_path}"/no-debug.config + ) + if use hardened; then + merge_configs+=( "${dist_conf_path}"/hardened-base.config ) + + tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config ) + + if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then + merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" ) + fi + fi + + # this covers ppc64 and aarch64_be only for now + if [[ ${biendian} == true && $(tc-endian) == big ]]; then + merge_configs+=( "${dist_conf_path}/big-endian.config" ) + fi + + kernel-build_merge_configs "${merge_configs[@]}" +}