summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2018-01-04 17:24:38 +0100
committerThomas Deutschmann <whissi@gentoo.org>2018-01-04 17:24:55 +0100
commite6ea9dcb23142a268cef722793a408071677d6b1 (patch)
tree3c2d353e40b51102c6a0ff64fdb3a91a0afc938f
parentsys-block/tw_cli: special version for >=3.8 kernel (diff)
downloadgentoo-e6ea9dcb23142a268cef722793a408071677d6b1.tar.gz
gentoo-e6ea9dcb23142a268cef722793a408071677d6b1.tar.bz2
gentoo-e6ea9dcb23142a268cef722793a408071677d6b1.zip
sys-firmware/intel-microcode: Rev bump for CVE-2017-5715 mitigation
The CPU microcode for Intel Haswell-X, Skylake-X and Broadwell-X chipsets was updated to report both branch prediction control via CPUID flag and ability to control branch prediction via an MSR register. Required for kernel mitigation against CVE-2017-5715. Bug: https://bugs.gentoo.org/643430 Package-Manager: Portage-2.3.19, Repoman-2.3.6
-rw-r--r--sys-firmware/intel-microcode/Manifest1
-rw-r--r--sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild39
2 files changed, 40 insertions, 0 deletions
diff --git a/sys-firmware/intel-microcode/Manifest b/sys-firmware/intel-microcode/Manifest
index e37c29bbc77b..22f1ac958e3e 100644
--- a/sys-firmware/intel-microcode/Manifest
+++ b/sys-firmware/intel-microcode/Manifest
@@ -9,3 +9,4 @@ DIST microcode-20161104.tgz 1290125 BLAKE2B 9274bebe3f9104f0afc6378ae40810b2a634
DIST microcode-20170511.tgz 2143617 BLAKE2B a2185b44cfca9832d2a80f12a189c49365ed323692b8fd94e99a0f4e8d3f0102a21cfce806ad9e53f172c3ae038f4ffafbafc8421bea6668bfbfdd1262bbd8e9 SHA512 4e2066096d56430c2df73631f15cf16f2317c1d8ff745d7b7cdd784ebccc2b797565eb52703cce9b4238774dbfdcaecacd892d729b7869fdfd7644008ce74a60
DIST microcode-20170707.tgz 2908882 BLAKE2B 545d94ee9292d1ba730932f11660d0e0378b4a6f2a5232cdcc26333a8d707ec13b040d41617fb28c17e4b81f1df5bc4180f1979925d2fa5198f2edfb3623967c SHA512 2f0643c332318e9c818b9a23a996b59086e86e80e649589e43dbab19f13083d6d9505b8557f67b45ce56de0da043c753a14bb146e597b6669f24fe543656c65f
DIST microcode-20171117.tgz 3594762 BLAKE2B 7a02c28ec6b9b22a367f8fd7d59f244d0195fef3b256fa2542bca734026e869fdefc7b368a230e94ac0554473d18d1b80aa00511ad4ab6580279f512a106c17d SHA512 b1f09dd7bb04c00e456e34bf42bf786c780aba6d2ef3231a45769216a093876e9bb15123c82ddb7d8ef5426fe10b946509f363770af3b4eba16ba76043a064b4
+DIST microcode-20171117_p20171215.tgz 1468587 BLAKE2B 58777a39f843ae880f7dd8971a9570dbfc176d69541bb9d3cdc948d7be71a7df2559265fb1c8a199bc7567bb5a60176ade1d2c36624d0193dbac98d82401d0dd SHA512 25db94dbf18b1fea9497ec1e61bb5349d7bc78b0578d8869546bc3ec579b96bee7cd62657e66ebd3d4616805e85d790ac7ee7c0fed70b5db30236ffd12b33293
diff --git a/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
new file mode 100644
index 000000000000..aa9186b43f8a
--- /dev/null
+++ b/sys-firmware/intel-microcode/intel-microcode-20171117_p20171215.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit toolchain-funcs
+
+# Find updates by searching and clicking the first link (hopefully it's the one):
+# http://www.intel.com/content/www/us/en/search.html?keyword=Processor+Microcode+Data+File
+
+NUM="27337"
+DESCRIPTION="Intel IA32/IA64 microcode update data"
+HOMEPAGE="http://inertiawar.com/microcode/ https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=${NUM}"
+#SRC_URI="http://downloadmirror.intel.com/${NUM}/eng/microcode-${PV}.tgz"
+SRC_URI="mirror://gentoo/microcode-${PV}.tgz
+ https://dev.gentoo.org/~whissi/dist/${PN}/microcode-${PV}.tgz"
+
+LICENSE="intel-ucode"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="initramfs +split-ucode"
+REQUIRED_USE="|| ( initramfs split-ucode )"
+
+DEPEND="initramfs? ( sys-apps/iucode_tool )"
+RDEPEND="!<sys-apps/microcode-ctl-1.17-r2" #268586
+
+S=${WORKDIR}
+
+src_compile() {
+ if use initramfs ; then
+ iucode_tool --write-earlyfw=microcode.cpio intel-ucode/ || die
+ fi
+}
+
+src_install() {
+ insinto /lib/firmware
+ use initramfs && doins microcode.cpio
+ use split-ucode && doins -r intel-ucode
+}