t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)
This fixes the Zenbleed vulnerability by including the latest fixed
microcode from linux-firmware. They don't do proper release management
but just tag a date approximately every month to keep distros happy.
Thus we need to use a master commit to get the fixes now.
Also update Linux to 5.15.122 to make sure that we know in case the
microcode fix somehow didn't get applied.
Change-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94
Reviewed-on: https://review.monogon.dev/c/monogon/+/1974
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI
diff --git a/third_party/linux-firmware/external.bzl b/third_party/linux-firmware/external.bzl
index c014469..7ab8434 100644
--- a/third_party/linux-firmware/external.bzl
+++ b/third_party/linux-firmware/external.bzl
@@ -4,6 +4,9 @@
sums = {
"20211216": "c0f735dd232c22d41ce4d23a050a8d6efe3b6b8cbf9d0a636af5f9df66a619a3",
"20230310": "14c472af10f9b566c4f575aeb30d8a274d54b1660007e7426b7e4ea21dff81aa",
+ # We need the Zenbleed fix for which there is no release yet, so pin
+ # 2023-07-25 master.
+ "b6ea35ff6b9869470a0c68813f1668acb3d356a8": "67e58b74fb0eebb17fdf95c58a24c6244f93bb0ae8e880f1814ad80463f3a935",
}
all_content = """
filegroup(name = "all_files", srcs = glob(["**"]), visibility = ["//visibility:public"])
diff --git a/third_party/linux/external.bzl b/third_party/linux/external.bzl
index 64aeb54..ad4ec4c 100644
--- a/third_party/linux/external.bzl
+++ b/third_party/linux/external.bzl
@@ -24,6 +24,7 @@
"5.15.2": "5634033a4981be42d3259f50d5371a2cdc9ace5d9860da67a2879630533ab175",
"5.15.32": "1463cdfa223088610dd65d3eadeffa44ec49746091b8ae8ddac6f3070d17df86",
"5.15.104": "71c532ce09992e470f3259ffeb38d2b5bba990c243a559e4726a57412bd36b54",
+ "5.15.122": "38755801cd1ce229a8c0a0536d29aa37acea8a8aa13fa438e19fbf9d6293342d",
}
http_archive(
name = name,