diff --git a/.gitignore b/.gitignore
index 6365bc5..c46b03a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/microcode-20180807a.tgz
+SOURCES/microcode-20190507_Public_DEMO.tar.gz
diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata
index 00db538..cfde0ee 100644
--- a/.microcode_ctl.metadata
+++ b/.microcode_ctl.metadata
@@ -1 +1 @@
-20001bc89a46a40015d12f329910e4eb263d4e82 SOURCES/microcode-20180807a.tgz
+e4348dac784e84458d1972c356ce772d58ce6b0e SOURCES/microcode-20190507_Public_DEMO.tar.gz
diff --git a/SOURCES/06-4f-01_readme b/SOURCES/06-4f-01_readme
index b7fed91..f79f58d 100644
--- a/SOURCES/06-4f-01_readme
+++ b/SOURCES/06-4f-01_readme
@@ -6,10 +6,10 @@ after a microcode update performed on a running system is still present even
 on a kernels that contain aforementioned changes.  As a result, microcode update
 for this CPU model has been disabled by default.
 
-For the reference, kernel versions for the respective RHEL 7 minor versions
+For the reference, kernel versions for the respective RHEL minor versions
 that contain the aforementioned changes, are listed below:
  * Upstream/RHEL 8: kernel-4.17.0 or newer;
- * RHEL 7.6: kernel-3.10.0-894 or newer;
+ * RHEL 7.6 onwards: kernel-3.10.0-894 or newer;
  * RHEL 7.5.z: kernel-3.10.0-862.6.1 or newer;
  * RHEL 7.4.z: kernel-3.10.0-693.35.1 or newer;
  * RHEL 7.3.z: kernel-3.10.0-514.52.1 or newer;
diff --git a/SOURCES/README.caveats b/SOURCES/README.caveats
index 3fd3b03..4809372 100644
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@@ -395,7 +395,7 @@ Mitigation: late microcode loading is disabled for the affected CPU model.
 Minimum versions of the kernel package that contain the aforementioned patch
 series:
  - Upstream/RHEL 8: 4.17.0
- - RHEL 7.6:  3.10.0-894
+ - RHEL 7.6 onwards:  3.10.0-894
  - RHEL 7.5:  3.10.0-862.6.1
  - RHEL 7.4:  3.10.0-693.35.1
  - RHEL 7.3:  3.10.0-514.52.1
@@ -409,11 +409,10 @@ series:
 
 Early microcode load inside a virtual machine
 ---------------------------------------------
-RHEL 8 (and RHEL 7 before that) kernel supports performing microcode update
-during early boot stage from a cpio archive placed at the beginning
-of the initramfs image.  However, when an early microcode update is attempted
-inside some virtualised environments, that may result in unexpected system
-behaviour.
+RHEL 8 kernel supports performing microcode update during early boot stage
+from a cpio archive placed at the beginning of the initramfs image.  However,
+when an early microcode update is attempted inside some virtualised
+environments, that may result in unexpected system behaviour.
 
 Affected microcode: all.
 
@@ -421,7 +420,7 @@ Mitigation: early microcode loading is disabled for all CPU models.
 
 Minimum versions of kernel RPM that contain the fix:
  - Upstream/RHEL 8: 4.10.0
- - RHEL 7.6: 3.10.0-930
+ - RHEL 7.6 onwards: 3.10.0-930
  - RHEL 7.5: 3.10.0-862.14.1
  - RHEL 7.4: 3.10.0-693.38.1
  - RHEL 7.3: 3.10.0-514.57.1
@@ -438,5 +437,5 @@ articles:
    https://access.redhat.com/articles/3436091
  * CVE-2018-3639 ("Speculative Store Bypass"):
    https://access.redhat.com/articles/3540901
- * CVE-2018-3620, CVE-2018-3646 ("L! Terminal Fault Attack"):
+ * CVE-2018-3620, CVE-2018-3646 ("L1 Terminal Fault Attack"):
    https://access.redhat.com/articles/3562741
diff --git a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
index 7d88111..c14fcb9 100755
--- a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
+++ b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh
@@ -105,7 +105,7 @@ install() {
 				ucode_dir="intel-ucode"
 				;;
 			AMD)
-				ucode_dir="and-ucode"
+				ucode_dir="amd-ucode"
 				;;
 			*)
 				dinfo "    microcode_ctl: unknown CPU" \
@@ -144,8 +144,18 @@ install() {
 		      "version \"$kernel\" passed, adding" \
 		      "\"$DATA_DIR/$i\" to fw_dir variable"
 		fw_dir="$DATA_DIR/$i $fw_dir"
+
+	# The list of directories is reverse-sorted in order to preserve the
+	# "last wins" policy in case of presence of multiple microcode
+	# revisions.
+	#
+	# In case of hostonly == 0, all microcode revisions will be included,
+	# but since the microcode search is done with the "first wins" policy
+	# by the (early) microcode loading code, the correct microcode revision
+	# still has to be picked.
 	done <<-EOF
-	$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/")
+	$(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \
+		| sort -r)
 	EOF
 
 	dinfo "    microcode_ctl: final fw_dir: \"${fw_dir}\""
diff --git a/SOURCES/gen_provides.sh b/SOURCES/gen_provides.sh
new file mode 100755
index 0000000..0ecf7aa
--- /dev/null
+++ b/SOURCES/gen_provides.sh
@@ -0,0 +1,114 @@
+#! /bin/bash -efux
+
+# Generator of RPM "Provides:" tags for Intel microcode files.
+#
+# SPDX-License-Identifier: CC0-1.0
+
+IFS=$'\n'
+UPDATED="intel-beta"
+CODENAMES="codenames"
+
+if [ "$#" -ge 1 ]; then
+	CODENAMES="$1"
+	shift
+fi
+
+# Match only FF-MM-SS ucode files under intel-ucode/intel-ucode-with-caveats
+# directories.
+for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]$'); do
+	ucode=$(basename "$f")
+	ucode_caveat="$(basename "$(dirname "$(dirname "$f")")")"
+	ucode_fname="$ucode_caveat/$ucode"
+	file_sz="$(stat -c "%s" "$f")"
+	skip=0
+
+	while :; do
+		[ "$skip" -lt "$file_sz" ] || break
+
+		# Microcode header format description:
+		# https://gitlab.com/iucode-tool/iucode-tool/blob/master/intel_microcode.c
+		IFS=' ' read hdrver rev \
+		       date_y date_d date_m \
+		       cpuid cksum ldrver \
+		       pf_mask datasz totalsz <<- EOF
+		$(dd if="$f" bs=1 skip="$skip" count=36 status=none \
+			| hexdump -e '"" 1/4 "%u " 1/4 "%#x " \
+			                 1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
+					 1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
+					 1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"')
+		EOF
+
+		[ 0 != "$datasz" ] || datasz=2000
+		[ 0 != "$totalsz" ] || totalsz=2048
+
+		# TODO: add some sanity/safety checks here.  As of now, there's
+		#       a (pretty fragile) assumption that all the matched files
+		#       are valid Intel microcode files in the expected format.
+
+		skip=$((skip + totalsz))
+
+		#[ -n "$rev" ] || continue
+
+		# Basic "Provides:" tag. Everything else is bells and whistles.
+		# It's possible that microcode files for different platform_id's
+		# and the same CPUID have the same version, that's why "sort -u"
+		# in the end.
+		printf "firmware(intel-ucode/%s) = %s\n" "$ucode" "$rev"
+
+		# Generate extended "Provides:" tags with additional
+		# information, which allow more precise matching.
+		printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x) = %s.%s.%s\n" \
+			"$ucode_fname" "$cpuid" "$pf_mask" "$date_y" "$date_m" "$date_d"
+		printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x) = %s\n" \
+			"$ucode_fname" "$cpuid" "$pf_mask" "$rev"
+
+		# Generate tags for each possible platform_id
+		_pf=1
+		_pf_mask="$pf_mask"
+		while [ 0 -lt "$_pf_mask" ]; do
+			[ 1 -ne "$((_pf_mask % 2))" ] || \
+				# We try to provide a more specific firmware()
+				# dependency here.  It has incorrect file name,
+				# but allows constructing a required RPM
+				# capability name by (directly) using
+				# the contents of /proc/cpuinfo and
+				# /sys/devices/system/cpu/cpu*/microcode/processor_flags
+				# (except for a Deschutes CPU with sig 0x1632)
+				printf "iucode_rev(fname:%s;platform_id:0x%x) = %s\n" \
+					"$ucode_fname" "$_pf" "$rev"
+
+			_pf_mask=$((_pf_mask / 2))
+			_pf=$((_pf * 2))
+		done
+
+		# Generate tags with codename information, in case
+		# it is available
+		cpuid_up="$(echo "$cpuid" | tr 'a-z' 'A-Z')"
+		if [ -e "$CODENAMES" ]; then
+			grep '	'"$cpuid_up"'	' "$CODENAMES" \
+			| while IFS=$'\t' read segm int_fname codename stepping candidate_pf rest; do
+				codename=$(echo "$codename" | tr ' (),' '_[];')
+				candidate_pf=$(printf "%u" "0x${candidate_pf}")
+				[ \( 0 -ne "$pf_mask" \) -a \
+				  \( "$candidate_pf" -ne "$((candidate_pf & pf_mask))" \) ] || { \
+					printf "iucode_rev(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s\n" \
+						"$ucode_fname" "$cpuid" "$pf_mask" \
+						"$segm" "$codename" "$stepping" "$candidate_pf" \
+						"$rev";
+					printf "iucode_date(fname:%s;cpuid:%s;pf_mask:0x%x;segment:\"%s\";codename:\"%s\";stepping:\"%s\";pf_model:0x%x) = %s.%s.%s\n" \
+						"$ucode_fname" "$cpuid" "$pf_mask" \
+						"$segm" "$codename" "$stepping" "$candidate_pf" \
+						"$date_y" "$date_m" "$date_d";
+				  }
+			done
+		fi
+
+		# Kludge squared: generate additional "Provides:" tags
+		# for the files in the overrides tarball (that a placed
+		# in a separate caveat with a specific name)
+		[ "x${ucode_caveat}" != "x${UPDATED}" ] || {
+			printf "firmware_updated(intel-ucode/%s) = %s\n" \
+				"$ucode" "$rev";
+		}
+	done
+done | sort -u
diff --git a/SOURCES/intel_readme b/SOURCES/intel_readme
index c3113eb..ed352e5 100644
--- a/SOURCES/intel_readme
+++ b/SOURCES/intel_readme
@@ -7,7 +7,7 @@ initramfs is generated for the kernel version that properly handles early
 microcode inside a virtual machine (i.e. do not attempts yo load it).
 The versions of the kernel package that properly handle early microcode load
 inside a virtual machine are as follows:
- * RHEL 7.6: kernel-3.10.0-930 or newer;
+ * RHEL 7.6 onwards: kernel-3.10.0-930 or newer;
  * RHEL 7.5: kernel-3.10.0-862.14.1 or newer;
  * RHEL 7.4: kernel-3.10.0-693.38.1 or newer;
  * RHEL 7.3: kernel-3.10.0-514.57.1 or newer;
diff --git a/SOURCES/update_ucode b/SOURCES/update_ucode
index cd9f507..0d5038e 100644
--- a/SOURCES/update_ucode
+++ b/SOURCES/update_ucode
@@ -164,7 +164,7 @@ while :; do
 		debug "  Creating symlinks in ${FW_DIR}/${INTEL_UCODE_DIR}"
 		$cmd mkdir -p $verbose_opt "${FW_DIR}/${INTEL_UCODE_DIR}"
 		$cmd find "${MC_DIR}/${INTEL_UCODE_DIR}" -maxdepth 1 -mindepth 1 \
-			-type f -exec bash -c 'ln -s '"$verbose_opt"' '\''{}'\'' \
+			-type f -exec bash -c 'ln -fs '"$verbose_opt"' '\''{}'\'' \
 				"'"${FW_DIR}/${INTEL_UCODE_DIR}/"'$(basename '\''{}'\'')"' \;
 		;;
 	esac
@@ -272,7 +272,7 @@ fi | while read -r i; do
 				debug "      Adding \"$FW_DIR/$k/$path\""
 				$cmd mkdir -p $verbose_opt \
 					"$(dirname "$FW_DIR/$k/$path")"
-				$cmd ln -s $verbose_opt "$DATA_DIR/$i/$path" \
+				$cmd ln -fs $verbose_opt "$DATA_DIR/$i/$path" \
 					"$FW_DIR/$k/$path"
 			done
 
diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec
index 0892fa1..2a29705 100644
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@@ -1,5 +1,5 @@
-%define intel_ucode_version 20180807a
-%define intel_ucode_file_id 28087
+%define intel_ucode_version 20190507
+%define intel_ucode_file_id 28727
 %global debug_package %{nil}
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
@@ -13,12 +13,13 @@
 
 Summary:        CPU microcode updates for Intel x86 processors
 Name:           microcode_ctl
-Version:        %{intel_ucode_version}
-Release:        2%{?dist}
+Version:        20180807a
+Release:        2.%{intel_ucode_version}.1%{?dist}
 Epoch:          4
 License:        CC0 and Redistributable, no modification permitted
 URL:            https://downloadcenter.intel.com/download/%{intel_ucode_file_id}/Linux-Processor-Microcode-Data-File
-Source0:        https://downloadmirror.intel.com/%{intel_ucode_file_id}/eng/microcode-%{intel_ucode_version}.tgz
+#Source0:        https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz
+Source0:        microcode-%{intel_ucode_version}_Public_DEMO.tar.gz
 
 
 # systemd unit
@@ -48,6 +49,7 @@ Source101:      06-4f-01_config
 Source110:      intel_readme
 Source111:      intel_config
 
+Source200:      gen_provides.sh
 
 ExclusiveArch:  %{ix86} x86_64
 BuildRequires:  systemd-units
@@ -56,6 +58,8 @@ Requires(preun): systemd
 Requires(postun): systemd
 Requires(posttrans): kernel
 
+%global _use_internal_dependency_generator 0
+%define __find_provides "%{SOURCE200}"
 
 %description
 This package provides microcode update files for Intel x86 and x86_64 CPUs.
@@ -68,11 +72,17 @@ Package name "microcode_ctl" is historical, as the binary with the same name
 is no longer used for microcode upload and, as a result, no longer provided.
 
 %prep
-%setup -q -c %{name}-%{intel_ucode_version}
+%setup -n "Intel-Public-Microcode-%{intel_ucode_version}_Public_DEMO"
 
 %build
 :
 
+# In the 20190507 release, 06-4f-01 ucode has been moved back into intel-ucode;
+# reverting it, as it is still considered unsafe:
+#   https://bugzilla.redhat.com/show_bug.cgi?id=1646383
+mkdir intel-ucode-with-caveats
+mv intel-ucode/06-4f-01 intel-ucode-with-caveats/
+
 %install
 install -m 755 -d \
 	"%{buildroot}/%{_datarootdir}/microcode_ctl/intel-ucode" \
@@ -267,6 +277,13 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri May 10 2019 Eugene Syromiatnikov <esyr@redhat.com> - 4:20180807a-2.20190507.1
+- Intel CPU microcode update to 20190507 (#1704339).
+
+* Fri May 10 2019 Eugene Syromiatnikov <esyr@redhat.com> 4:20180807a-2.20190312.1
+- Intel CPU microcode update to 20190312 (#1704339).
+- Add "Provides:" tags generation.
+
 * Tue Nov 06 2018 Eugene Syromiatnikov <esyr@redhat.com> 4:20180807a-2
 - Do not exit with error in %postin if disclaimer printing returned an error
   (#1647083).