Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series
@ 2023-08-08 19:31 Bernd Kuhls
  2023-08-08 19:31 ` [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808 Bernd Kuhls
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Bernd Kuhls @ 2023-08-08 19:31 UTC (permalink / raw)
  To: buildroot

Fixes CVE-2022-40982:
https://downfall.page/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
https://www.phoronix.com/news/Linux-Git-INCEPTION-DOWNFALL

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 linux/Config.in                      |  2 +-
 linux/linux.hash                     | 14 +++++++-------
 package/linux-headers/Config.in.host | 14 +++++++-------
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/linux/Config.in b/linux/Config.in
index 1501df86e9..32940bc346 100644
--- a/linux/Config.in
+++ b/linux/Config.in
@@ -128,7 +128,7 @@ endif
 
 config BR2_LINUX_KERNEL_VERSION
 	string
-	default "6.4.8" if BR2_LINUX_KERNEL_LATEST_VERSION
+	default "6.4.9" if BR2_LINUX_KERNEL_LATEST_VERSION
 	default "5.10.162-cip24" if BR2_LINUX_KERNEL_LATEST_CIP_VERSION
 	default "5.10.162-cip24-rt10" if BR2_LINUX_KERNEL_LATEST_CIP_RT_VERSION
 	default BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE \
diff --git a/linux/linux.hash b/linux/linux.hash
index c9a0497d1a..ec879b21d9 100644
--- a/linux/linux.hash
+++ b/linux/linux.hash
@@ -1,13 +1,13 @@
 # From https://www.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc
-sha256  c59f34e19e84db30206b9373041abf893f9d8a08765d163586570a5238c458b6  linux-6.4.8.tar.xz
-sha256  245248470a62d4e94b46f753afc01e19e45b9e6f3a0fa06e7f5da21fe845a808  linux-6.1.43.tar.xz
+sha256  b8b8a29852b999f337c4e93eff6c91fb7fd2d49a6614cbcbeb6fa171ba55cc9f  linux-6.4.9.tar.xz
+sha256  2e51d41fe11d082ae167cee05772bb07ca7f19448d2b46772d8ca2db7673a1a5  linux-6.1.44.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v5.x/sha256sums.asc
-sha256  00036a0260ad012aa832a8698a4afcf23b2410091527738ce48ce3fcc23f22ed  linux-5.15.124.tar.xz
-sha256  c9558bab35e23ae67661bfb3192c609c857f78582a035449ae63e33d04ab6112  linux-5.10.188.tar.xz
-sha256  bcb4953ed68131ef17f9f1ba52cac8b9d70007f5ab600bf3dee1fbf8beb218ca  linux-5.4.251.tar.xz
+sha256  150f3846b76cd23a6135f49cef71372bade5a06e851cb4f8558df8b862d8fec7  linux-5.15.125.tar.xz
+sha256  4c03516ae1d417571faaef175932d0892710bcbe0173e40550014d043d9098c9  linux-5.10.189.tar.xz
+sha256  3a78587523940374a7319089b63357c7dc412b90f5879d512265e59173588267  linux-5.4.252.tar.xz
 # From https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc
-sha256  118f7411793868db8dcb043cdc82e9ac6f722fbec8dcdde30b07889d941aa3b3  linux-4.19.289.tar.xz
-sha256  ed82679c0c6e600db80050d09e2294fb28b61cf27dc98657296c7eb5250a7625  linux-4.14.320.tar.xz
+sha256  6ee30a46f3fa6576602085b7b4b0c640586f99d1c110982db411819308b5755c  linux-4.19.250.tar.xz
+sha256  d0e32bd47a547cc20e0ce09ff45514282742edb2af38df5dc0a03f22d4321715  linux-4.14.321.tar.xz
 # Locally computed
 sha256  fb0edc3c18e47d2b6974cb0880a0afb5c3fa08f50ee87dfdf24349405ea5f8ae  linux-cip-5.10.162-cip24.tar.gz
 sha256  b5539243f187e3d478d76d44ae13aab83952c94b885ad889df6fa9997e16a441  linux-cip-5.10.162-cip24-rt10.tar.gz
diff --git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host
index d528f88745..c7d725aa13 100644
--- a/package/linux-headers/Config.in.host
+++ b/package/linux-headers/Config.in.host
@@ -400,13 +400,13 @@ endchoice
 
 config BR2_DEFAULT_KERNEL_HEADERS
 	string
-	default "4.14.320"	if BR2_KERNEL_HEADERS_4_14
-	default "4.19.289"	if BR2_KERNEL_HEADERS_4_19
-	default "5.4.251"	if BR2_KERNEL_HEADERS_5_4
-	default "5.10.188"	if BR2_KERNEL_HEADERS_5_10
-	default "5.15.124"	if BR2_KERNEL_HEADERS_5_15
-	default "6.1.43"	if BR2_KERNEL_HEADERS_6_1
-	default "6.4.8"		if BR2_KERNEL_HEADERS_6_4
+	default "4.14.321"	if BR2_KERNEL_HEADERS_4_14
+	default "4.19.290"	if BR2_KERNEL_HEADERS_4_19
+	default "5.4.252"	if BR2_KERNEL_HEADERS_5_4
+	default "5.10.189"	if BR2_KERNEL_HEADERS_5_10
+	default "5.15.125"	if BR2_KERNEL_HEADERS_5_15
+	default "6.1.44"	if BR2_KERNEL_HEADERS_6_1
+	default "6.4.9"		if BR2_KERNEL_HEADERS_6_4
 	default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION
 	default "custom"	if BR2_KERNEL_HEADERS_CUSTOM_TARBALL
 	default BR2_KERNEL_HEADERS_CUSTOM_REPO_VERSION \
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808
  2023-08-08 19:31 [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Bernd Kuhls
@ 2023-08-08 19:31 ` Bernd Kuhls
  2023-09-11 19:17   ` Peter Korsgaard
  2023-08-09 17:41 ` [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Thomas Petazzoni via buildroot
  2023-09-11 19:16 ` Peter Korsgaard
  2 siblings, 1 reply; 5+ messages in thread
From: Bernd Kuhls @ 2023-08-08 19:31 UTC (permalink / raw)
  To: buildroot

Fixes CVE-2022-40982:
https://downfall.page/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
https://www.phoronix.com/news/Linux-Git-INCEPTION-DOWNFALL

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/intel-microcode/intel-microcode.hash | 2 +-
 package/intel-microcode/intel-microcode.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/intel-microcode/intel-microcode.hash b/package/intel-microcode/intel-microcode.hash
index 3f12b71191..64c50dd6f7 100644
--- a/package/intel-microcode/intel-microcode.hash
+++ b/package/intel-microcode/intel-microcode.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  58f3321dcf900175d87d5b39455138c2a24e69df4ba997fb44e3e0d19e531ad1  intel-microcode-20230512.tar.gz
+sha256  fe49bb719441f20335ed6004090ab38cdc374134d36d4f5d30be7ed93b820313  intel-microcode-20230808.tar.gz
 sha256  03efb1491c7e899feb2665fa299363e64035e5444c1b8bc1f6ebed30de964e12  license
diff --git a/package/intel-microcode/intel-microcode.mk b/package/intel-microcode/intel-microcode.mk
index 48c6340af8..0a89d3a603 100644
--- a/package/intel-microcode/intel-microcode.mk
+++ b/package/intel-microcode/intel-microcode.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-INTEL_MICROCODE_VERSION = 20230512
+INTEL_MICROCODE_VERSION = 20230808
 INTEL_MICROCODE_SITE = $(call github,intel,Intel-Linux-Processor-Microcode-Data-Files,microcode-$(INTEL_MICROCODE_VERSION))
 INTEL_MICROCODE_LICENSE = PROPRIETARY
 INTEL_MICROCODE_LICENSE_FILES = license
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series
  2023-08-08 19:31 [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Bernd Kuhls
  2023-08-08 19:31 ` [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808 Bernd Kuhls
@ 2023-08-09 17:41 ` Thomas Petazzoni via buildroot
  2023-09-11 19:16 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-08-09 17:41 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

On Tue,  8 Aug 2023 21:31:56 +0200
Bernd Kuhls <bernd@kuhls.net> wrote:

> Fixes CVE-2022-40982:
> https://downfall.page/
> https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
> https://www.phoronix.com/news/Linux-Git-INCEPTION-DOWNFALL
> 
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> ---
>  linux/Config.in                      |  2 +-
>  linux/linux.hash                     | 14 +++++++-------
>  package/linux-headers/Config.in.host | 14 +++++++-------
>  3 files changed, 15 insertions(+), 15 deletions(-)

And the fun of a new hardware vulnerability begins!

Both applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series
  2023-08-08 19:31 [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Bernd Kuhls
  2023-08-08 19:31 ` [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808 Bernd Kuhls
  2023-08-09 17:41 ` [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Thomas Petazzoni via buildroot
@ 2023-09-11 19:16 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2023-09-11 19:16 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Fixes CVE-2022-40982:
 > https://downfall.page/
 > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
 > https://www.phoronix.com/news/Linux-Git-INCEPTION-DOWNFALL

 > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Committed to 2023.02.x and 2023.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808
  2023-08-08 19:31 ` [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808 Bernd Kuhls
@ 2023-09-11 19:17   ` Peter Korsgaard
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2023-09-11 19:17 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Fixes CVE-2022-40982:
 > https://downfall.page/
 > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html
 > https://www.phoronix.com/news/Linux-Git-INCEPTION-DOWNFALL

 > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Committed to 2023.02.x and 2023.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-09-11 19:18 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-08 19:31 [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Bernd Kuhls
2023-08-08 19:31 ` [Buildroot] [PATCH 2/2] package/intel-microcode: security bump version to 20230808 Bernd Kuhls
2023-09-11 19:17   ` Peter Korsgaard
2023-08-09 17:41 ` [Buildroot] [PATCH 1/2] {linux, linux-headers}: security bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series Thomas Petazzoni via buildroot
2023-09-11 19:16 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox