diff --git a/.gitignore b/.gitignore index 2c9515a..6d0223b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/microcode-20180807a.tgz -SOURCES/microcode_ctl-2.1-14.tar.xz +SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 131e43b..8ab3274 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,2 +1,2 @@ 20001bc89a46a40015d12f329910e4eb263d4e82 SOURCES/microcode-20180807a.tgz -e2508bc2b2b359fb45be6fd5595612cffaca8024 SOURCES/microcode_ctl-2.1-14.tar.xz +3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/SOURCES/microcode_ctl-do-not-install-intel-ucode.patch b/SOURCES/microcode_ctl-do-not-install-intel-ucode.patch index 5e5603c..110557b 100644 --- a/SOURCES/microcode_ctl-do-not-install-intel-ucode.patch +++ b/SOURCES/microcode_ctl-do-not-install-intel-ucode.patch @@ -1,9 +1,9 @@ -Index: microcode_ctl-2.1-14/Makefile +Index: microcode_ctl-2.1-18/Makefile =================================================================== ---- microcode_ctl-2.1-14.orig/Makefile 2018-08-29 04:23:03.368699515 +0200 -+++ microcode_ctl-2.1-14/Makefile 2018-08-29 04:24:00.498140839 +0200 +--- microcode_ctl-2.1-18.orig/Makefile 2018-08-16 04:48:33.466867302 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-08-16 04:55:46.140598645 +0200 @@ -29,14 +29,13 @@ - tar -xf $(MICROCODE_INTEL) + $(CC) $(CFLAGS) -o $(PROGRAM) intel-microcode2ucode.c clean: - rm -rf $(PROGRAM) intel-ucode diff --git a/SOURCES/microcode_ctl-do-not-merge-ucode-with-caveats.patch b/SOURCES/microcode_ctl-do-not-merge-ucode-with-caveats.patch new file mode 100644 index 0000000..a1e90bb --- /dev/null +++ b/SOURCES/microcode_ctl-do-not-merge-ucode-with-caveats.patch @@ -0,0 +1,16 @@ +Do not extract intel-ucode-with-caveats into the same directory as it needs +special handling. +Index: microcode_ctl-2.1-18/Makefile +=================================================================== +--- microcode_ctl-2.1-18.orig/Makefile 2018-07-09 08:55:53.000000000 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-07-20 17:52:34.767187807 +0200 +@@ -21,8 +21,7 @@ + MICDIRINTEL = $(MICDIR)/intel-ucode + + all: +- tar xf $(MICROCODE_INTEL) ./intel-ucode/* ./intel-ucode-with-caveats/* \ +- --one-top-level=intel-ucode --strip-components=2 --backup=simple ++ tar -xf $(MICROCODE_INTEL) ./intel-ucode + + clean: + rm -rf intel-ucode diff --git a/SOURCES/microcode_ctl-do-not-pipe-to-intel_microcode2ucode.patch b/SOURCES/microcode_ctl-do-not-pipe-to-intel_microcode2ucode.patch deleted file mode 100644 index fc6934b..0000000 --- a/SOURCES/microcode_ctl-do-not-pipe-to-intel_microcode2ucode.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: microcode_ctl-2.1-14/Makefile -=================================================================== ---- microcode_ctl-2.1-14.orig/Makefile 2017-11-22 08:19:31.000000000 +0100 -+++ microcode_ctl-2.1-14/Makefile 2018-08-09 07:10:34.562202626 +0200 -@@ -26,7 +26,7 @@ - - microcode_ctl: intel-microcode2ucode.c - $(CC) $(CFLAGS) -o $(PROGRAM) intel-microcode2ucode.c -- tar -xOf $(MICROCODE_INTEL) | ./intel-microcode2ucode - >/dev/null -+ tar -xf $(MICROCODE_INTEL) - - clean: - rm -rf $(PROGRAM) intel-ucode diff --git a/SOURCES/microcode_ctl-revert-intel-microcode2ucode-removal.patch b/SOURCES/microcode_ctl-revert-intel-microcode2ucode-removal.patch new file mode 100644 index 0000000..6b3b3a6 --- /dev/null +++ b/SOURCES/microcode_ctl-revert-intel-microcode2ucode-removal.patch @@ -0,0 +1,226 @@ +Revert removal of intel_microcode2ucode [1]. + +Since it was shipped to end users, its removal may introduce unneeded +disruption. + +[1] https://pagure.io/microcode_ctl/c/fde91236cc7b45ecffa5c48a7cd8b30ff75752cf.patch +Index: microcode_ctl-2.1-18/Makefile +=================================================================== +--- microcode_ctl-2.1-18.orig/Makefile 2018-07-20 17:52:34.767187807 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-07-20 19:13:37.948699082 +0200 +@@ -7,6 +7,7 @@ + # as published by the Free Software Foundation; either version + # 2 of the License, or (at your option) any later version. + ++PROGRAM = intel-microcode2ucode + MICROCODE_INTEL = microcode-20180703.tgz + + INS = install +@@ -16,23 +17,29 @@ + DESTDIR = + PREFIX = /usr/local + ++INSDIR = $(PREFIX)/sbin + DOCDIR = $(PREFIX)/share/doc/microcode_ctl + MICDIR = /lib/firmware + MICDIRINTEL = $(MICDIR)/intel-ucode + +-all: ++all: microcode_ctl + tar -xf $(MICROCODE_INTEL) ./intel-ucode + ++microcode_ctl: intel-microcode2ucode.c ++ $(CC) $(CFLAGS) -o $(PROGRAM) intel-microcode2ucode.c ++ + clean: +- rm -rf intel-ucode ++ rm -rf $(PROGRAM) intel-ucode + + install: +- $(INS) -d $(DESTDIR)$(DOCDIR) \ ++ $(INS) -d $(DESTDIR)$(INSDIR) $(DESTDIR)$(DOCDIR) \ + $(DESTDIR)$(MICDIRINTEL) ++ $(INS) -m 755 $(PROGRAM) $(DESTDIR)$(INSDIR) + $(INS) -m 644 README $(DESTDIR)$(DOCDIR) + $(INS) -m 644 intel-ucode/* $(DESTDIR)$(MICDIRINTEL) + + uninstall: +- rm -rf $(DESTDIR)$(MICDIRINTEL) \ ++ rm -rf $(DESTDIR)$(INSDIR)/$(PROGRAM) \ ++ $(DESTDIR)$(MICDIRINTEL) \ + $(DESTDIR)$(DOCDIR) + +Index: microcode_ctl-2.1-18/intel-microcode2ucode.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ microcode_ctl-2.1-18/intel-microcode2ucode.c 2018-07-20 19:02:19.510433818 +0200 +@@ -0,0 +1,169 @@ ++/* ++ * Convert Intel microcode.dat into individual ucode files ++ * named: intel-ucode/$family-$model-$stepping ++ * ++ * The subdir intel-ucode/ is created in the current working ++ * directory. We get multiple ucodes in the same file, so they ++ * are appended to an existing file. Make sure the directory ++ * is empty before every run of the converter. ++ * ++ * Kay Sievers ++ * Anton Arapov ++ */ ++ ++ ++#ifndef _GNU_SOURCE ++# define _GNU_SOURCE 1 ++#endif ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++struct microcode_header_intel { ++ unsigned int hdrver; ++ unsigned int rev; ++ unsigned int date; ++ unsigned int sig; ++ unsigned int cksum; ++ unsigned int ldrver; ++ unsigned int pf; ++ unsigned int datasize; ++ unsigned int totalsize; ++ unsigned int reserved[3]; ++}; ++ ++union mcbuf { ++ struct microcode_header_intel hdr; ++ unsigned int i[0]; ++ char c[0]; ++}; ++ ++int main(int argc, char *argv[]) ++{ ++ char *filename = "/lib/firmware/microcode.dat"; ++ FILE *input, *f; ++ char line[LINE_MAX]; ++ char buf[4000000]; ++ union mcbuf *mc; ++ size_t bufsize, count, start; ++ int rc = EXIT_SUCCESS; ++ ++ if (argv[1] != NULL) ++ filename = argv[1]; ++ ++ if (!strcmp(filename, "-")) { ++ input = stdin; ++ } else { ++ input = fopen(filename, "re"); ++ if (input == NULL) { ++ printf("open %s: %m\n", filename); ++ rc = EXIT_FAILURE; ++ goto out; ++ } ++ } ++ ++ count = 0; ++ mc = (union mcbuf *) buf; ++ while (fgets(line, sizeof(line), input) != NULL) { ++ if (sscanf(line, "%x, %x, %x, %x", ++ &mc->i[count], ++ &mc->i[count + 1], ++ &mc->i[count + 2], ++ &mc->i[count + 3]) != 4) ++ continue; ++ count += 4; ++ } ++ fclose(input); ++ ++ bufsize = count * sizeof(int); ++ printf("%s: %lu(%luk) bytes, %zu integers\n", ++ filename, ++ bufsize, ++ bufsize / 1024, ++ count); ++ ++ if (bufsize < sizeof(struct microcode_header_intel)) ++ goto out; ++ ++ mkdir("intel-ucode", 0750); ++ ++ start = 0; ++ for (;;) { ++ size_t size; ++ unsigned int family, model, stepping; ++ unsigned int year, month, day; ++ ++ mc = (union mcbuf *) &buf[start]; ++ ++ if (mc->hdr.totalsize) ++ size = mc->hdr.totalsize; ++ else ++ size = 2000 + sizeof(struct microcode_header_intel); ++ ++ if (mc->hdr.ldrver != 1 || mc->hdr.hdrver != 1) { ++ printf("unknown version/format:\n"); ++ rc = EXIT_FAILURE; ++ break; ++ } ++ ++ /* ++ * 0- 3 stepping ++ * 4- 7 model ++ * 8-11 family ++ * 12-13 type ++ * 16-19 extended model ++ * 20-27 extended family ++ */ ++ family = (mc->hdr.sig >> 8) & 0xf; ++ if (family == 0xf) ++ family += (mc->hdr.sig >> 20) & 0xff; ++ model = (mc->hdr.sig >> 4) & 0x0f; ++ if (family == 0x06) ++ model += ((mc->hdr.sig >> 16) & 0x0f) << 4; ++ stepping = mc->hdr.sig & 0x0f; ++ ++ year = mc->hdr.date & 0xffff; ++ month = mc->hdr.date >> 24; ++ day = (mc->hdr.date >> 16) & 0xff; ++ ++ asprintf(&filename, "intel-ucode/%02x-%02x-%02x", family, model, stepping); ++ printf("\n"); ++ printf("%s\n", filename); ++ printf("signature: 0x%02x\n", mc->hdr.sig); ++ printf("flags: 0x%02x\n", mc->hdr.pf); ++ printf("revision: 0x%02x\n", mc->hdr.rev); ++ printf("date: %04x-%02x-%02x\n", year, month, day); ++ printf("size: %zu\n", size); ++ ++ f = fopen(filename, "ae"); ++ if (f == NULL) { ++ printf("open %s: %m\n", filename); ++ rc = EXIT_FAILURE; ++ goto out; ++ } ++ if (fwrite(mc, size, 1, f) != 1) { ++ printf("write %s: %m\n", filename); ++ rc = EXIT_FAILURE; ++ goto out; ++ } ++ fclose(f); ++ free(filename); ++ ++ start += size; ++ if (start >= bufsize) ++ break; ++ } ++ printf("\n"); ++ ++ out: ++ return rc; ++} diff --git a/SOURCES/microcode_ctl-use-microcode-20180807a-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20180807a-tgz.patch index f39cb1f..c698100 100644 --- a/SOURCES/microcode_ctl-use-microcode-20180807a-tgz.patch +++ b/SOURCES/microcode_ctl-use-microcode-20180807a-tgz.patch @@ -6,7 +6,7 @@ Index: microcode_ctl-2.1-18/Makefile # 2 of the License, or (at your option) any later version. PROGRAM = intel-microcode2ucode --MICROCODE_INTEL = microcode-20171117.tgz +-MICROCODE_INTEL = microcode-20180703.tgz +MICROCODE_INTEL = microcode-20180807a.tgz INS = install diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index e1a6ac9..acffd2e 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define upstream_version 2.1-14 +%define upstream_version 2.1-18 %define intel_ucode_version 20180807a %define intel_ucode_file_id 28087 %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl @@ -11,7 +11,7 @@ Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 29.16%{?dist} +Release: 47%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted @@ -38,8 +38,9 @@ Source21: intel_config Source30: README.caveats Source31: %{i_m2u_man}.in -Patch1: microcode_ctl-do-not-pipe-to-intel_microcode2ucode.patch -Patch2: microcode_ctl-use-microcode-%{intel_ucode_version}-tgz.patch +Patch1: microcode_ctl-do-not-merge-ucode-with-caveats.patch +Patch2: microcode_ctl-revert-intel-microcode2ucode-removal.patch +Patch3: microcode_ctl-use-microcode-%{intel_ucode_version}-tgz.patch Patch4: microcode_ctl-do-not-install-intel-ucode.patch Patch5: microcode_ctl-intel-microcode2ucode-buf-handling.patch @@ -62,11 +63,12 @@ back to the old microcode. %prep %setup -q -n %{name}-%{upstream_version} %patch1 -p1 +%patch2 -p1 -# Use microcode-20180807a.tgz instead of microcode-20171117.tgz bundled with -# upstream microcode_ctl-2.1-14. +# Use microcode-20180807a.tgz instead of microcode-20180703.tgz bundled with +# upstream microcode_ctl-2.1-18. cp "%{SOURCE1}" . -%patch2 -p1 +%patch3 -p1 # We install ucode files manually into "intel" caveat directory %patch4 -p1 @@ -83,6 +85,8 @@ make CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} #find intel-ucode -type f | sed 's/^/%%ghost \/lib\/firmware\//' > ghost_list touch ghost_list +tar xf microcode-%{intel_ucode_version}.tgz ./intel-ucode-with-caveats ./license + # man page sed "%{SOURCE31}" \ -e "s/@DATE@/2018-08-28/g" \ @@ -257,61 +261,73 @@ rm -rf %{buildroot} %changelog -* Wed Sep 05 2018 Eugene Syromiatnikov - 2:2.1-29.16 +* Wed Sep 05 2018 Eugene Syromiatnikov - 2:2.1-47 - Add 7.3.z kernel version to kernel_early configuration. -* Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.15 +* Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-46 - Fix dracut module checks in Host-Only mode. -* Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-29.14 +* Thu Aug 30 2018 Eugene Syromiatnikov - 2:2.1-45 - Disable 06-4f-01 microcode in config (#1623630). -* Wed Aug 29 2018 Eugene Syromiatnikov - 2:2.1-29.12 -- Drop "hypervisor" /proc/cpuinfo flag check. +* Tue Aug 28 2018 Eugene Syromiatnikov - 2:2.1-44 - Intel CPU microcode update to 20180807a. - Add README.caveats documentation file. - Add intel-microcode2ucode manual page. - Add check for early microcode load, use it in microcode_ctl dracut module. +- Resolves: #1596627. + +* Mon Aug 20 2018 Eugene Syromiatnikov - 2:2.1-43 - Check that the currently running kernel is installed before running dracut -f. -* Fri Aug 10 2018 Eugene Syromiatnikov - 2:2.1-29.11 -- Add an ability to disable "hypervisor" /proc/cpuinfo flag check. +* Thu Aug 16 2018 Eugene Syromiatnikov - 2:2.1-42 +- Drop "hypervisor" /proc/cpuinfo flag check. + +* Thu Aug 09 2018 Eugene Syromiatnikov - 2:2.1-41 - Intel CPU microcode update to 20180807. -- Resolves: #1614847. +- Resolves: #1614422 + +* Mon Aug 06 2018 Eugene Syromiatnikov - 2:2.1-40 +- Add an ability to disable "hypervisor" /proc/cpuinfo flag check. -* Fri Jul 27 2018 Eugene Syromiatnikov - 2:2.1-29.10 -- Provide %attr for the ghosted /lib/firmware. +* Fri Jul 27 2018 Eugene Syromiatnikov - 2:2.1-39 +- Provide %attr for the ghosted /lib/firmware/intel-ucode. -* Thu Jul 26 2018 Eugene Syromiatnikov - 2:2.1-29.9 +* Thu Jul 26 2018 Eugene Syromiatnikov - 2:2.1-38 - Remove model name blacklists from caveats configuration files. +- Resolves: #1596627 -* Tue Jul 24 2018 Eugene Syromiatnikov - 2.1-29.8 +* Wed Jul 25 2018 Eugene Syromiatnikov - 2:2.1-37 - Add model name blacklist infrastructure. - Store Intel ucode files in /usr/share/microcode_ctl; do not populate them in a virtualised environment. -- Resolves: #1576334 +- Resolves: #1596627 -* Tue Jul 17 2018 Eugene Syromiatnikov - 2.1-29.7 +* Fri Jul 20 2018 Eugene Syromiatnikov - 2:2.1-35 +- Add intel-microcode2ucode back +- Resolves: #1574582 + +* Fri Jul 20 2018 Eugene Syromiatnikov - 2:2.1-34 +- Update to upstream 2.1-18. Intel CPU microcode update to 20180703. - Add infrastructure for handling kernel-version-dependant microcode. -- Resolves: #1576334 +- Resolves: #1574582 -* Mon Jul 16 2018 Eugene Syromiatnikov - 2.1-29.4 -- Intel CPU microcode update to 20180703. -- Resolves: #1573456 +* Wed Jun 13 2018 Petr Oros - 2.1-33 +- CVE-2018-3639 hw: cpu: speculative store bypass +- Resolves: #1495071 -* Wed Jun 13 2018 Petr Oros - 2.1-29.3 +* Mon Jun 11 2018 Petr Oros - 2.1-32 - Fix: Operation not permitted when installing microcode_ctl -- CVE-2018-3639 hw: cpu: speculative store bypass -- Resolves: #1573456 +- Resolves: #1584247 -* Tue May 15 2018 Petr Oros - 2.1-29.2 +* Tue May 15 2018 Petr Oros - 2.1-31 - Update disclaimer text -- Resolves: #1575570 +- Resolves: #1574574 -* Mon May 7 2018 Petr Oros - 2.1-29.1 +* Mon May 7 2018 Petr Oros - 2.1-30 - Intel CPU microcode update to 20180425. -- Resolves: #1575570 +- Resolves: #1574574 * Fri Jan 12 2018 Petr Oros - 2.1-29 - Revert Microcode from Intel for Side Channel attack