commit 78a538df4c1112bad6bee08509385af8d0ecc77a
author Lorenz Brun <lorenz@monogon.tech> Tue Jul 25 21:39:04 2023 +0200
committer Lorenz Brun <lorenz@monogon.tech> Wed Jul 26 12:39:17 2023 +0000
tree 7c0c3d44f2334a2305242f768322f36a175434a9
parent 90613afdf11f7831fc0a673f2fe502c28ab93729

t/{linux,-firmware}: fix Zenbleed (CVE-2023-20593)

This fixes the Zenbleed vulnerability by including the latest fixed
microcode from linux-firmware. They don't do proper release management
but just tag a date approximately every month to keep distros happy.
Thus we need to use a master commit to get the fixes now.

Also update Linux to 5.15.122 to make sure that we know in case the
microcode fix somehow didn't get applied.

Change-Id: I5e26826e6df0f665e1a23efe8587dfb93edb2d94
Reviewed-on: https://review.monogon.dev/c/monogon/+/1974
Reviewed-by: Leopold Schabel <leo@monogon.tech>
Tested-by: Jenkins CI

third_party/linux-firmware/external.bzl

diff --git a/third_party/linux-firmware/external.bzl b/third_party/linux-firmware/external.bzl
index c014469..7ab8434 100644
--- a/third_party/linux-firmware/external.bzl
+++ b/third_party/linux-firmware/external.bzl
@@ -4,6 +4,9 @@
     sums = {
         "20211216": "c0f735dd232c22d41ce4d23a050a8d6efe3b6b8cbf9d0a636af5f9df66a619a3",
         "20230310": "14c472af10f9b566c4f575aeb30d8a274d54b1660007e7426b7e4ea21dff81aa",
+        # We need the Zenbleed fix for which there is no release yet, so pin
+        # 2023-07-25 master.
+        "b6ea35ff6b9869470a0c68813f1668acb3d356a8": "67e58b74fb0eebb17fdf95c58a24c6244f93bb0ae8e880f1814ad80463f3a935",
     }
     all_content = """
 filegroup(name = "all_files", srcs = glob(["**"]), visibility = ["//visibility:public"])