diff --git a/.gitignore b/.gitignore index 3a2ce50..ccaec8a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ SOURCES/06-2d-07 -SOURCES/microcode-20190918.tar.gz +SOURCES/microcode-20191112.pre.tar.gz SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/.microcode_ctl.metadata b/.microcode_ctl.metadata index f237f59..30eec48 100644 --- a/.microcode_ctl.metadata +++ b/.microcode_ctl.metadata @@ -1,3 +1,3 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07 -bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz +7f4a43a1e7d06c7d67e602b43009fa7a39e6d102 SOURCES/microcode-20191112.pre.tar.gz 3959afc5d69a916a730131ce0f768db263e9e4f1 SOURCES/microcode_ctl-2.1-18.tar.xz diff --git a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh index c14fcb9..8dc327a 100755 --- a/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh +++ b/SOURCES/dracut_99microcode_ctl-fw_dir_override_module_init.sh @@ -43,7 +43,8 @@ install() { dinfo " microcode_ctl: reset fw_dir to \"${fw_dir}\"" } - while read -d "/" -r i; do + fw_dir_add="" + while read -d $'\n' -r i; do dinfo " microcode_ctl: processing data directory " \ "\"$DATA_DIR/$i\"..." @@ -143,8 +144,12 @@ install() { dinfo " microcode_ctl: $i: caveats check for kernel" \ "version \"$kernel\" passed, adding" \ "\"$DATA_DIR/$i\" to fw_dir variable" - fw_dir="$DATA_DIR/$i $fw_dir" + if [ 0 -eq "$do_skip_host_only" ]; then + fw_dir_add="$DATA_DIR/$i " + else + fw_dir_add="$DATA_DIR/$i $fw_dir_add" + fi # The list of directories is reverse-sorted in order to preserve the # "last wins" policy in case of presence of multiple microcode # revisions. @@ -153,11 +158,20 @@ install() { # but since the microcode search is done with the "first wins" policy # by the (early) microcode loading code, the correct microcode revision # still has to be picked. + # + # Note that dracut without patch [1] puts only the last directory + # in the early cpio; we try to address this by putting only the last + # matching caveat in the search path, but that workaround works only + # for host-only mode; non-host-only mode early cpio generation is still + # broken without that patch. + # + # [1] https://github.com/dracutdevs/dracut/commit/c44d2252bb4b done <<-EOF - $(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f/" \ - | sort -r) + $(find "$DATA_DIR" -maxdepth 1 -mindepth 1 -type d -printf "%f\n" \ + | LC_ALL=C sort) EOF + fw_dir="${fw_dir_add}${fw_dir}" dinfo " microcode_ctl: final fw_dir: \"${fw_dir}\"" } diff --git a/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch deleted file mode 100644 index 392e4f9..0000000 --- a/SOURCES/microcode_ctl-use-microcode-20190918-tgz.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: microcode_ctl-2.1-18/Makefile -=================================================================== ---- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 -+++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 -@@ -8,7 +8,7 @@ - # 2 of the License, or (at your option) any later version. - - PROGRAM = intel-microcode2ucode --MICROCODE_INTEL = microcode-20180703.tgz -+MICROCODE_INTEL = microcode-20190918.tar.gz - - INS = install - CC = gcc diff --git a/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch b/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch new file mode 100644 index 0000000..0abecf8 --- /dev/null +++ b/SOURCES/microcode_ctl-use-microcode-20191112-tgz.patch @@ -0,0 +1,13 @@ +Index: microcode_ctl-2.1-18/Makefile +=================================================================== +--- microcode_ctl-2.1-18.orig/Makefile 2018-07-24 09:15:12.463115045 +0200 ++++ microcode_ctl-2.1-18/Makefile 2018-08-09 06:18:45.524503945 +0200 +@@ -8,7 +8,7 @@ + # 2 of the License, or (at your option) any later version. + + PROGRAM = intel-microcode2ucode +-MICROCODE_INTEL = microcode-20180703.tgz ++MICROCODE_INTEL = microcode-20191112.pre.tar.gz + + INS = install + CC = gcc diff --git a/SPECS/microcode_ctl.spec b/SPECS/microcode_ctl.spec index 60f13f7..8e8f528 100644 --- a/SPECS/microcode_ctl.spec +++ b/SPECS/microcode_ctl.spec @@ -1,5 +1,5 @@ %define upstream_version 2.1-18 -%define intel_ucode_version 20190918 +%define intel_ucode_version 20191112 %define intel_ucode_file_id 28727 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats @@ -22,13 +22,13 @@ Summary: Tool to transform and deploy CPU microcode update for x86. Name: microcode_ctl Version: 2.1 -Release: 53.2%{?dist} +Release: 53.3%{?dist} Epoch: 2 Group: System Environment/Base License: GPLv2+ and Redistributable, no modification permitted URL: https://pagure.io/microcode_ctl Source0: https://releases.pagure.org/microcode_ctl/%{name}-%{upstream_version}.tar.xz -Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-%{intel_ucode_version}.tar.gz +Source1: microcode-%{intel_ucode_version}.pre.tar.gz # (Pre-MDS) revision 0x714 of 06-2d-07 microcode Source2: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/microcode-20190514/intel-ucode/06-2d-07 @@ -350,6 +350,35 @@ rm -rf %{buildroot} %changelog +* Thu Nov 07 2019 Eugene Syromiatnikov - 2:2.1-53.3 +- Intel CPU microcode update to 20191112, addresses CVE-2017-5715, + CVE-2019-0117, CVE-2019-11135, CVE-2019-11139 (#1764050, #1764070, #1764949, + #1764969, #1764997, #1765401, #1765413, #1766438, #1766870, #1769889): + - Addition of 06-a6-00/0x80 (CML-U 6+2 A0) microcode at revision 0xc6; + - Addition of 06-66-03/0x80 (CNL-U D0) microcode at revision 0x2a; + - Addition of 06-55-03/0x97 (SKL-SP B1) microcode at revision 0x1000150; + - Addition of 06-7e-05/0x80 (ICL-U/Y D1) microcode at revision 0x46; + - Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xcc to 0xd4; + - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 R0/N0) microcode from revision 0xcc + to 0xd4 + - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (AML-Y V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (CML-U 4+2 V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-8e-0c/0x94 (WHL-U V0) microcode from revision 0xb8 to 0xc6; + - Update of 06-9e-09/0x2a (KBL-G/X H0) microcode from revision 0xb4 to 0xc6; + - Update of 06-9e-09/0x2a (KBL-H/S/Xeon E3 B0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode from revision 0xb4 + to 0xc6; + - Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xb4 to 0xc6; + - Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xb8 to 0xc6. +- Rework dracut hook to address dracut's early initramfs generation + behaviour. + * Sun Oct 06 2019 Eugene Syromiatnikov - 2:2.1-53.2 - Do not update 06-2d-07 (SNB-E/EN/EP) to revision 0x718, use 0x714 by default.