sys-kernel/gentoo-kernel: Backport CVE-2023-32233 fix to 5.10.179-r2

Signed-off-by: Michał Górny <mgorny@gentoo.org>

2 files changed, 136 insertions, 0 deletions

diff --git a/sys-kernel/gentoo-kernel/Manifest b/sys-kernel/gentoo-kernel/Manifest
index 7f32b8e9a534..8d044716da78 100644
--- a/sys-kernel/gentoo-kernel/Manifest
+++ b/sys-kernel/gentoo-kernel/Manifest
@@ -2,6 +2,8 @@ DIST genpatches-5.10-186.base.tar.xz 5195200 BLAKE2B 80451354985fedc89685d4bc689
 DIST genpatches-5.10-186.extras.tar.xz 3868 BLAKE2B fd83930f87ffab80902b20d931dc9131915e3d6d33f66d7698f5ec7bae211ef1da5d3be0b60a6871b8696e0ad3a60d71dd0b17fb09fb14eaf77a0d570f6e0948 SHA512 aa3df46b0a3640310377455592411b3254505b2262ce58f0c3a374077199ec0c7a63262dcba84ef88a553951c786cf6d9ace55a7cacce48d19696ab568c25cc5
 DIST genpatches-5.10-188.base.tar.xz 5250408 BLAKE2B 0fd1169e3638e5a220dde27354790b43a16b5b3e8087c6ad1f64dcad04214810464923db0290163b94dfdd4d2afb80df138786d94f06707ec939997774c2528f SHA512 516f910acee2d6e42399c380cbab3a0b7f7ed30c99704f3f7e5eb8f8a15a8a8eade2c065d165502d93b724ee7d43c6987f08125b4a98b85d5c6b28e939507fb4
 DIST genpatches-5.10-188.extras.tar.xz 3872 BLAKE2B bfd4b91944fad6cc5781dae0365b019dd1897bb00e255e098cae2f220af481734ea84f225494ec5e34bf601572a2b3d514b4808036e913ea947033457d0b8065 SHA512 a783c59c8f1e9dfe6938478536c9de36bc98440a47d9a85c2360aed9d4f96402e64161c57a3daf8ac53196e91fe47c1358f72af94f67040814067f42a7529601
+DIST genpatches-5.10-189.base.tar.xz 5251680 BLAKE2B ef349b00e1ca8cedc2b580a07e66e8906436198ec7019a8881b2b647152861554fc1b0099f4fcef39497b3a3edd3657c87974ec7b88a01e580ce421a23e2a706 SHA512 94d65f1cdba7415021ac031b2ab896d7b2b15692f5e826833abf8c285a3eda6a8e8e88a57a8f11ccbc5ae94437b732ac6fa974bd26bafa3b426e3d61bc8656c2
+DIST genpatches-5.10-189.extras.tar.xz 3872 BLAKE2B 78ab95ce3f57e4ba86655cd54009252807e32fd0b03228180fb26a47ae9e595e468e549c21a5141dc8214e55fcfa46e63e5f4e866e4113b8d3beebb99512cb86 SHA512 cc6d60a70a1f575ce69a14c265a36e58126a011cafc5a2bc7c569e0d1b626855f1cf430c44775d2602ad35144b449a8f1db1da8594f513edae4329ba354e0347
 DIST genpatches-5.15-112.base.tar.xz 4370104 BLAKE2B 578389e95be1b135fffdbcd598088d07d07ecc764307278c0339351d879594a994a4904500ee1b003ceb5ed928e95b5b07c363d94ff99db3e93568d25234fb26 SHA512 3797509bce6dd1949190f0d9bcb4d1c918c9bcd9f528b493b5f3b7e2fcb9265ea42e51e218c0342814e0f55c827ddd1bab130df76f849352e5894225d73bf3e8
 DIST genpatches-5.15-112.extras.tar.xz 3932 BLAKE2B f76085492bf8b1c1bd9092174460be8ef5e22921f1f7a6282eff9cece01203ca68d0259b94a184161bfabddef1a7e5f1eb29b0da5eb85cc35853e767a2239216 SHA512 3e8ea63b9011f782b11e1df144414d9e3f53f24a391829342c872dd4f5b0a3c128dd792f95feab7aca08adf6a08d88e11ec2e2d61e0b0302546f0a55f29b78dc
 DIST genpatches-5.15-114.base.tar.xz 4428092 BLAKE2B d48a687c2ee6e7127bec22dda70b965bf137c4096da374a9e83349d1cc80f44a184a839504c151b7ad59f0c7363c4579bd5df38d0685d24e7e527849d9047e99 SHA512 f5fa405303ed93c4e94a38f5375bd2efc915c1449cbfcb3b04701bcb40b50c50c8e0999e39cc07d9816f4938d2ab2e18763ae0a0473525e3889ac33ccc84f7ee
diff --git a/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.179-r2.ebuild b/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.179-r2.ebuild
new file mode 100644
index 000000000000..91e1b5a2d288
--- /dev/null
+++ b/sys-kernel/gentoo-kernel/gentoo-kernel-5.10.179-r2.ebuild
@@ -0,0 +1,134 @@
+# Copyright 2020-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit kernel-build toolchain-funcs
+
+MY_P=linux-${PV%.*}
+GENPATCHES_P=genpatches-${PV%.*}-$(( ${PV##*.} + 10 ))
+# https://koji.fedoraproject.org/koji/packageinfo?packageID=8
+CONFIG_VER=5.10.12
+CONFIG_HASH=836165dd2dff34e4f2c47ca8f9c803002c1e6530
+GENTOO_CONFIG_VER=g7
+
+DESCRIPTION="Linux kernel built with Gentoo patches"
+HOMEPAGE="
+	https://wiki.gentoo.org/wiki/Project:Distribution_Kernel
+	https://www.kernel.org/
+"
+SRC_URI+="
+	https://cdn.kernel.org/pub/linux/kernel/v$(ver_cut 1).x/${MY_P}.tar.xz
+	https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.base.tar.xz
+	https://dev.gentoo.org/~mpagano/dist/genpatches/${GENPATCHES_P}.extras.tar.xz
+	https://github.com/projg2/gentoo-kernel-config/archive/${GENTOO_CONFIG_VER}.tar.gz
+		-> gentoo-kernel-config-${GENTOO_CONFIG_VER}.tar.gz
+	amd64? (
+		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-x86_64-fedora.config
+			-> kernel-x86_64-fedora.config.${CONFIG_VER}
+	)
+	arm64? (
+		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-aarch64-fedora.config
+			-> kernel-aarch64-fedora.config.${CONFIG_VER}
+	)
+	ppc64? (
+		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-ppc64le-fedora.config
+			-> kernel-ppc64le-fedora.config.${CONFIG_VER}
+	)
+	x86? (
+		https://src.fedoraproject.org/rpms/kernel/raw/${CONFIG_HASH}/f/kernel-i686-fedora.config
+			-> kernel-i686-fedora.config.${CONFIG_VER}
+	)
+"
+S=${WORKDIR}/${MY_P}
+
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~x86"
+IUSE="debug hardened"
+REQUIRED_USE="arm? ( savedconfig )"
+
+RDEPEND="
+	!sys-kernel/gentoo-kernel-bin:${SLOT}
+"
+BDEPEND="
+	debug? ( dev-util/pahole )
+"
+PDEPEND="
+	>=virtual/dist-kernel-${PV}
+"
+
+QA_FLAGS_IGNORED="
+	usr/src/linux-.*/scripts/gcc-plugins/.*.so
+	usr/src/linux-.*/vmlinux
+"
+
+src_prepare() {
+	local PATCHES=(
+		# meh, genpatches have no directory
+		"${WORKDIR}"/*.patch
+	)
+	default
+
+	local biendian=false
+
+	# prepare the default config
+	case ${ARCH} in
+		amd64)
+			cp "${DISTDIR}/kernel-x86_64-fedora.config.${CONFIG_VER}" .config || die
+			;;
+		arm)
+			return
+			;;
+		arm64)
+			cp "${DISTDIR}/kernel-aarch64-fedora.config.${CONFIG_VER}" .config || die
+			biendian=true
+			;;
+		hppa)
+			return
+			;;
+		ppc)
+			# assume powermac/powerbook defconfig
+			# we still package.use.force savedconfig
+			cp "${WORKDIR}/${MY_P}/arch/powerpc/configs/pmac32_defconfig" .config || die
+			;;
+		ppc64)
+			cp "${DISTDIR}/kernel-ppc64le-fedora.config.${CONFIG_VER}" .config || die
+			biendian=true
+			;;
+		x86)
+			cp "${DISTDIR}/kernel-i686-fedora.config.${CONFIG_VER}" .config || die
+			;;
+		*)
+			die "Unsupported arch ${ARCH}"
+			;;
+	esac
+
+	local myversion="-gentoo-dist"
+	use hardened && myversion+="-hardened"
+	echo "CONFIG_LOCALVERSION=\"${myversion}\"" > "${T}"/version.config || die
+	local dist_conf_path="${WORKDIR}/gentoo-kernel-config-${GENTOO_CONFIG_VER}"
+
+	local merge_configs=(
+		"${T}"/version.config
+		"${dist_conf_path}"/base.config
+	)
+	use debug || merge_configs+=(
+		"${dist_conf_path}"/no-debug.config
+	)
+	if use hardened; then
+		merge_configs+=( "${dist_conf_path}"/hardened-base.config )
+
+		tc-is-gcc && merge_configs+=( "${dist_conf_path}"/hardened-gcc-plugins.config )
+
+		if [[ -f "${dist_conf_path}/hardened-${ARCH}.config" ]]; then
+			merge_configs+=( "${dist_conf_path}/hardened-${ARCH}.config" )
+		fi
+	fi
+
+	# this covers ppc64 and aarch64_be only for now
+	if [[ ${biendian} == true && $(tc-endian) == big ]]; then
+		merge_configs+=( "${dist_conf_path}/big-endian.config" )
+	fi
+
+	kernel-build_merge_configs "${merge_configs[@]}"
+}