diff --git a/.gitignore b/.gitignore index 1e0ee83..bec24a5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/06-2d-07 -SOURCES/microcode-20190918.tar.gz +SOURCES/microcode-20191112.pre.tar.gz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index 6623deb..a9d16a9 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,2 +1,2 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 -bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz +7f4a43a1e7d06c7d67e602b43009fa7a39e6d102 SOURCES/microcode-20191112.pre.tar.gz diff --git a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh index c14fcb9..8dc327a 100755 --- a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh +++ b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh @@ -43,7 +43,8 @@ install() { dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\"" } - while read -d "/" -r i; do + fw_dir_add="" + while read -d $'\n' -r i; do dinfo " microcode_ctl: processing data directory " \ "\"$DATA_DIR/$i\"..." @@ -143,8 +144,12 @@ install() { dinfo " microcode_ctl: $i: caveats check for kernel" \ "version \"$kernel\" passed, adding" \ "\"$DATA_DIR/$i\" to fw_dir variable" - fw_dir="$DATA_DIR/$i $fw_dir" + if [ 0 -eq "$do_skip_host_only" ]; then + fw_dir_add="$DATA_DIR/$i " + else + fw_dir_add="$DATA_DIR/$i $fw_dir_add" + fi # The list of directories is reverse-sorted in order to preserve the # "last wins" policy in case of presence of multiple microcode # revisions. @@ -153,11 +158,20 @@ install() { # but since the microcode search is done with the "first wins" policy # by the (early) microcode loading code, the correct microcode revision # still has to be picked. + # + # Note that dracut without patch [1] puts only the last directory + # in the early cpio; we try to address this by putting only the last + # matching caveat in the search path, but that workaround works only + # for host-only mode; non-host-only mode early cpio generation is still + # broken without that patch. + # + # [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b done <<-EOF - $(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \ - | sort -r) + $(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \ + | LC_ALL=C sort) EOF + fw_dir="${fw_dir_add}${fw_dir}" dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\"" } diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 90b9620..44b17d2 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,4 +1,4 @@ -%define intel_ucode_version 20190918 +%define intel_ucode_version 20191112 %define intel_ucode_file_id 28727 %global debug_package %{nil} @@ -14,11 +14,11 @@ Summary: CPU microcode updates for Intel x86 processors Name: microcode_ctl Version: 20190618 -Release: 1.%{intel_ucode_version}.2%{?dist} +Release: 1.%{intel_ucode_version}.1%{?dist} Epoch: 4 License: CC0 and Redistributable, no modification permitted URL: https://downloadcenter.intel.com/download/%{intel_ucode_file_id}/Linux-Processor-Microcode-Data-File -Source0: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz +Source0: microcode-%{intel_ucode_version}.pre.tar.gz # (Pre-MDS) revision 0x714 of 06-2d-07 microcode Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 @@ -297,6 +297,37 @@ rm -rf %{buildroot} %changelog +* Thu Nov 07 2019 Eugene Syromiatnikov - 4:20190618-1.20191112-1 +- Intel CPU microcode update to 20191112, addresses CVE-2017-5715, + CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764059, #1764072, #1764951, + #1764971, #1764999, #1765403, #1765415, #1766443, #1766872): + - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6; + - Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a; + - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150; + - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46; + - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc + to 0xd4 + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6; + - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6. + +* Thu Oct 10 2019 Eugene Syromiatnikov - 4:20190618-1.20190918-3 +- Rework dracut hook to address dracut's early initramfs generation + behaviour. + * Sun Oct 06 2019 Eugene Syromiatnikov - 4:20190618-1.20190918.2 - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default.