From 5db2102feb99269b1f3c2e804ac2f5572fc5f0bc Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 16 2018 20:02:51 +0000
Subject: import microcode_ctl-2.1-22.5.el7_4


---

diff --git a/.gitignore b/.gitignore
index be81d01..fdaa9cc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1 @@
-SOURCES/06-3f-02
-SOURCES/06-4f-01
-SOURCES/06-55-04
-SOURCES/microcode_ctl-2.1-13.tar.xz
+SOURCES/microcode_ctl-2.1-12.tar.xz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index e58993b..965cd65 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -1,4 +1 @@
-da2f5f07e4e3d7b1b4a3d2d88b6ae4f82c02e3eb SOURCES/06-3f-02
-40270ff77e3065a617f60d5b1661a702588fdb3f SOURCES/06-4f-01
-f0c06ee29a41c667a36ed82ff391e8742f343c8b SOURCES/06-55-04
-0cefa72da2d85cde99721cdcb553bee23955359b SOURCES/microcode_ctl-2.1-13.tar.xz
+007fd59f17e01a387b3af171241b15139b1f5046 SOURCES/microcode_ctl-2.1-12.tar.xz
diff --git a/SOURCES/disclaimer b/SOURCES/disclaimer
new file mode 100644
index 0000000..8d8d7c8
--- /dev/null
+++ b/SOURCES/disclaimer
@@ -0,0 +1,11 @@
+This update supersedes microcode provided  by Red Hat with the CVE-2017-5715 (“Spectre”)
+CPU branch injection vulnerability mitigation.  (HIstorically, Red Hat has provided updated
+microcode, developed by our microprocessor partners, as a customer convenience.)  Further
+testing has uncovered problems with the microcode provided along with the “Spectre” mitigation
+that could lead to system instabilities.  As a result, Red Hat is providing an microcode update
+that reverts to the last known good microcode version dated before 03 January 2018.
+Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates.
+
+IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and
+install updated microcode from their hardware vendor immediately. The "Spectre" mitigation requires
+both an updated kernel from Red Hat and updated microcode from your hardware vendor.
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 943589e..fadc355 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,9 +1,9 @@
-%define upstream_version 2.1-13
+%define upstream_version 2.1-12
 
 Summary:        Tool to transform and deploy CPU microcode update for x86.
 Name:           microcode_ctl
 Version:        2.1
-Release:        22.2%{?dist}
+Release:        22.5%{?dist}
 Epoch:          2
 Group:          System Environment/Base
 License:        GPLv2+ and Redistributable, no modification permitted
@@ -11,9 +11,7 @@ URL:            http://fedorahosted.org/microcode_ctl
 Source0:        http://fedorahosted.org/released/microcode_ctl/%{name}-%{upstream_version}.tar.xz
 Source1:        microcode.service
 Source2:        01-microcode.conf
-Source3:        06-3f-02
-Source4:        06-4f-01
-Source5:        06-55-04
+Source3:        disclaimer
 Buildroot:      %{_tmppath}/%{name}-%{version}-root
 ExclusiveArch:  %{ix86} x86_64
 BuildRequires:  systemd-units
@@ -44,20 +42,33 @@ mkdir -p %{buildroot}/usr/lib/dracut/dracut.conf.d
 mkdir -p %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
 install -m 644 %{SOURCE2} %{buildroot}/usr/lib/dracut/dracut.conf.d
-install -m 644 %{SOURCE3} %{buildroot}/lib/firmware/intel-ucode
-install -m 644 %{SOURCE4} %{buildroot}/lib/firmware/intel-ucode
-install -m 644 %{SOURCE5} %{buildroot}/lib/firmware/intel-ucode
+install -m 644 %{SOURCE3} %{buildroot}/usr/share/doc/microcode_ctl/disclaimer
 
 %post
 %systemd_post microcode.service
 # "reload" file is not presented on a certain virtualized hw
-if [ -f /sys/devices/system/cpu/microcode/reload ] ; then
+if [ -w /sys/devices/system/cpu/microcode/reload ] ; then
 	grep -l GenuineIntel /proc/cpuinfo | xargs grep -l -E "model[[:space:]]*: 79$" > /dev/null || \
 	echo 1 > /sys/devices/system/cpu/microcode/reload
 fi
+# send the message to syslog, so it gets recorded on /var/log
+if [ -e /usr/bin/logger ]; then
+	/usr/bin/logger -p syslog.notice -t DISCLAIMER -f /usr/share/doc/microcode_ctl/disclaimer
+fi
+# also paste it over dmesg (some customers drop dmesg messages while
+# others keep them into /var/log for the later case, we'll have the
+# disclaimer recorded twice into system logs.
+cat /usr/share/doc/microcode_ctl/disclaimer > /dev/kmsg
 
 %posttrans
-dracut -f
+# We only want to regenerate the initramfs for a fully booted
+# system; if this package happened to e.g. be pulled in as a build
+# dependency, it is pointless at best to regenerate the initramfs,
+# and also does not work with rpm-ostree:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1199582
+if [ -d /run/systemd/system ]; then
+	dracut -f
+fi
 
 %preun
 %systemd_preun microcode.service
@@ -77,6 +88,18 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Jan 15 2018 Petr Oros <poros@redhat.com> - 2.1-22.5
+- Use right upstream source for revert
+- Resolves: #1533971
+
+* Fri Jan 12 2018 Petr Oros <poros@redhat.com> - 2.1-22.4
+- Revert Microcode from Intel for Side Channel attack
+- Resolves: #1533971
+
+* Fri Jan 12 2018 Petr Oros <poros@redhat.com> - 2.1-22.3
+- Don't run dracut if not on a live system
+- Resolves: #1531453
+
 * Fri Dec 15 2017 Petr Oros <poros@redhat.com> - 2.1-22.2
 - Update Intel CPU microde for 06-3f-02, 06-4f-01, and 06-55-04
 - Resolves: #1527358