Accepting request 1103108 from home:tiwai:branches:Kernel:HEAD

- Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569) amd-ucode-CVE-2023-20569.patch OBS-URL: https://build.opensuse.org/request/show/1103108 OBS-URL: https://build.opensuse.org/package/show/Kernel:HEAD/kernel-firmware?expand=0&rev=436
2023-08-09 09:43:42 +00:00 · 2023-08-09 09:43:42 +00:00 · e822b795c3
commit e822b795c3
parent c4e96d6d7c
5 changed files with 66 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -23,6 +23,7 @@
 *.zst filter=lfs diff=lfs merge=lfs -text
 ## Specific LFS patterns
 ast_dp501_fw.bin filter=lfs diff=lfs merge=lfs -text
+microcode_amd_fam19h.bin filter=lfs diff=lfs merge=lfs -text
 ql2600_fw.bin filter=lfs diff=lfs merge=lfs -text
 ql2700_fw.bin filter=lfs diff=lfs merge=lfs -text
 ql8300_fw.bin filter=lfs diff=lfs merge=lfs -text
--- a/amd-ucode-CVE-2023-20569.patch
+++ b/amd-ucode-CVE-2023-20569.patch
@ -0,0 +1,48 @@
+From: John Allen <john.allen@amd.com>
+Date: Tue, 8 Aug 2023 19:02:39 +0000
+Subject: [PATCH] linux-firmware: Update AMD cpu microcode
+
+* Update AMD cpu microcode for processor family 19h
+
+Key Name        = AMD Microcode Signing Key (for signing microcode container files only)
+Key ID          = F328AE73
+Key Fingerprint = FC7C 6C50 5DAF CC14 7183 57CA E4BE 5339 F328 AE73
+
+Signed-off-by: John Allen <john.allen@amd.com>
+---
+
+diff --git a/WHENCE b/WHENCE
+--- a/WHENCE
+++ b/WHENCE
+@@ -3924,7 +3924,7 @@ Raw: amd-ucode/microcode_amd_fam17h.bin
+ Version: 2023-07-19
+ File: amd-ucode/microcode_amd_fam19h.bin
+ Raw: amd-ucode/microcode_amd_fam19h.bin
+-Version: 2023-07-18
+Version: 2023-08-08
+ File: amd-ucode/README
+ 
+ License: Redistributable. See LICENSE.amd-ucode for details
+diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
+--- a/amd-ucode/microcode_amd_fam19h.bin.asc
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
+@@ -1,11 +1,11 @@
+ -----BEGIN PGP SIGNATURE-----
+ 
+-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo
+-rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx
+-7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm
+-xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT
+-LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
+-wJCtcDle/3pF+N6SAFWiXbNZ+P8p19afhcYddDl97xtpzA6/8b20a2eHkrqnu/Ds
+-jTozF9kmhiifYMYpXtXgSOwI3GRZbQ==
+-=t+j1
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmTEYrcACgkQ5L5TOfMo
+rnN4IQf/QKbOezXZ4OYzaPANvsZQEAzLNfuylC/aQMwrPaO7daz5/zmCN4HU5XkH
+dDT8DYfPg+fQHIgxAw0/L24xPOm5Op/QuLVDyDqVr4qvL8+65eeI+JqxD/wXMXYN
+V34kkLM2p8iuyY1Nc8IDLXu4X75KGNPbKZlMRKMU3Pr7ai5O4ihmiAM+N6qv1KEJ
+YToNN6vrg0qt1cv0SLM8sa4e7L1+oblUrg/o0FViYE8pxsU3ZRRVSJMUg+lKjvl/
+1ZPGKOdD80fcNJ+ItYGHNNs3eCc3WgW7Kc/E668eH75Yu9Zt7ewWZX8Sg/mygleY
+OzMwhbPJg4bF4zm7C/Pku7i1T2Omcg==
+=km2X
+ -----END PGP SIGNATURE-----
--- a/kernel-firmware.changes
+++ b/kernel-firmware.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Aug  9 08:29:37 UTC 2023 - Takashi Iwai <tiwai@suse.com>
+
+- Update AMD 19h ucode for "Inception" (bsc#1213287, CVE-2023-20569)
+  amd-ucode-CVE-2023-20569.patch
+
 -------------------------------------------------------------------
 Wed Aug 02 12:12:14 UTC 2023 - tiwai@suse.com

--- a/kernel-firmware.spec
+++ b/kernel-firmware.spec
@ -45,6 +45,8 @@ Source10:       ql8300_fw.bin
 Source99:       kernel-firmware-rpmlintrc
 # temporary revert (bsc#1202152): taken from upstream commit 06acb465d80b
 Source100:      rtw8822c_fw.bin
+# updated amd-ucode (bsc#1213287, CVE-2023-20569)
+Source300:      microcode_amd_fam19h.bin
 # install / build infrastructure
 Source1001:     install-split.sh
 Source1002:     list-license.sh
@ -63,6 +65,8 @@ Source1014:     README.build
 # workarounds
 Source1100:     qcom-post
 Source1101:     uncompressed-post
+# updated amd-ucode (bsc#1213287, CVE-2023-20569)
+Patch2:         amd-ucode-CVE-2023-20569.patch
 BuildRequires:  fdupes
 BuildRequires:  suse-module-tools
 Requires(post): %{_bindir}/mkdir
@ -6383,6 +6387,10 @@ various USB WiFi / Ethernet drivers.

 %prep
 %setup -q -n kernel-firmware-%{version}
+# updated amd-ucode (bsc#1213287, CVE-2023-20569)
+cp %{SOURCE300} amd-ucode/
+%patch2 -p1
+
 # additional firmwares
 cat %{SOURCE1} >> WHENCE
 cp %{SOURCE2} %{SOURCE8} %{SOURCE9} %{SOURCE10} .
--- a/microcode_amd_fam19h.bin
+++ b/microcode_amd_fam19h.bin
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cc026f66376a02a0833d399d05d90c0d9bd45c45982e2c9921a19be0c294ad67
+size 39172