On Thu, Oct 03, 2024 at 05:07:29PM -0400, J Doe wrote:
> Related to this .. I noticed the following at the bottom of man:
>
> "The firmware is outdated and contains known vulnerabilities."
The originally imported firmware images were known vulnerable to
CVE-2017-9417 ("broadpwn"), which this sentence probably refers to.
However, in December 2017 sthen@ committed updated firmware images
which fixed this particular issue. The man page wasn't updated then.
(In my opinion this sentence should be removed from the man page
because it states a tautology that holds for virtually all firmware
in the world for which vendors have stopped shipping updates.)
Our images were again updated in April 2020, but not since then.
There was another update of images in linux-firmware.git in December 2022,
and perhaps more recently, too.
In any case, we should update our sysutils/firmware/bwfm port to ship
the most recent available images.
However, ...
> Does that apply for newer chipsets like the BCM4387 ?
... on Apple M1/M2 we are getting firmware from a MacOS system partition.
So it will depend on how up-to-date your MacOS installation is.
Firmware images for this particular device appear in neither
linux-firmware.git nor our bwfm firmware package. So unless I am
missing something this device wouldn't work on non-Apple systems
anyway unless firmware is obtained somehow.
