commit f2a97ff11150ebdd547c7a942966de0fd5d39c01 Author: Predrag Ivanović <predivan@mts.rs> Date: Wed May 15 16:00:18 2019 +0200 [notify] intel-ucode: Security update for MDS. Update CPU microcode to mitigate 4 variants of the data sampling flaw: - CVE-2018-12126 (Microarchitectural Store Buffer Data Sampling (MSBDS)) - CVE-2018-12127 (Microarchitectural Load Port Data Samping (MLPDS)) - CVE-2018-12130 (Microarchitectural Fill Buffer Data Sampling (MFBDS)) - CVE-2019-11091 (Microarchitectural Data Sampling Uncacheable Memory (MDSUM)) References: - https://seclists.org/bugtraq/2019/May/43 - https://security-tracker.debian.org/tracker/DSA-4447-1 - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/MDS - https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html diff --git a/intel-ucode/.signature b/intel-ucode/.signature index a42cb01c..ea356f4f 100644 --- a/intel-ucode/.signature +++ b/intel-ucode/.signature @@ -1,5 +1,5 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF36iNtE3SpULdH+N/eYdUI27leHB2BUzi6mOFLCmwLB7DtLIdIws/Rqj++y1d1TDpnqAXdGmrhDM54ikvwstcug8= -SHA256 (Pkgfile) = cdef6a450dd63aff43e00b90e26427152c883b8b5de655ce9f335d5390f7749b +RWSagIOpLGJF33z6h7xY68n8bFeBXBckM7E7NDWTipN5Oie1JougaapYpl1HiVhNp83pViNfBblBtkW2Dm++KfwLjr0j0sJn0QQ= +SHA256 (Pkgfile) = 903398deb91907942fcb8ee01f219adb68819aa93ad8c853226423d697089b76 SHA256 (.footprint) = 45cbe6146ee529f5d7fc3c4dcbb9c56420b2950c372d4196867ff304578bb771 -SHA256 (microcode-20180807a.tgz) = 46ab18699ec42eb6cc01ee1846ec4d7ca979766dee2156f92d69e2f6df548137 +SHA256 (microcode-20190514.tar.gz) = 553858de4315d267d1f259d1146db028eec5112a797379a7a83f5c8a22e626b3 diff --git a/intel-ucode/Pkgfile b/intel-ucode/Pkgfile index 4408ec3c..ee10c31b 100644 --- a/intel-ucode/Pkgfile +++ b/intel-ucode/Pkgfile @@ -4,13 +4,13 @@ # Depends on: iucode-tool name=intel-ucode -version=20180807a +version=20190514 release=1 -source=(https://downloadmirror.intel.com/28087/eng/microcode-$version.tgz) +source=(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/...) build() { + cd Intel-Linux-Processor-Microcode-Data-Files-microcode-$version install -d -m755 $PKG/boot - rm -f intel-ucode/list /usr/sbin/iucode_tool --write-earlyfw=early-ucode.cpio intel-ucode/ install -m644 early-ucode.cpio $PKG/boot/early-ucode.cpio }