4 changed files with 50 additions and 69 deletions
--- a/SOURCES/README.caveats
+++ b/SOURCES/README.caveats
@ -10,8 +10,8 @@ behaviour.

 General behaviour
 =================
-In RHEL 9 (as well as in RHEL 7 and RHEL 8 before it), there are currently
-two main handlers for CPU microcode update:
+In RHEL 8 (as well as RHEL 7 before it), there are currently two main handlers
+for CPU microcode update:
 * Early microcode update. It uses GenuineIntel.bin or AuthenticAMD.bin file
   placed at the beginning of an initramfs image
   (/boot/initramfs-KERNEL_VERSION.img, where "KERNEL_VERSION" is a kernel
@ -45,10 +45,10 @@ zero-filled.

 The early microcode is placed into initramfs image by the "dracut" script, which
 scans the aforementioned subdirectories of the configured list of firmware
-directories (by default, the list consists of two directories in RHEL 9,
+directories (by default, the list consists of two directories in RHEL 8,
 "/lib/firmware/updates" and "/lib/firmware").

-In RHEL 9, AMD CPU microcode is shipped as a part of the linux-firmware package,
+In RHEL 8, AMD CPU microcode is shipped as a part of the linux-firmware package,
 and Intel microcode is shipped as a part of the microcode_ctl package.

 The microcode_ctl package currently includes the following:
@ -613,7 +613,7 @@ Mitigation: microcode loading is disabled for the affected CPU model.

 Minimum versions of the kernel package that contain the aforementioned patch
 series:
- - Upstream/RHEL 8/RHEL 9: 4.17.0
+ - Upstream/RHEL 8: 4.17.0
 - RHEL 7.6 onwards:  3.10.0-894
 - RHEL 7.5:  3.10.0-862.6.1
 - RHEL 7.4:  3.10.0-693.35.1
@ -628,7 +628,7 @@ series:

 Early microcode load inside a virtual machine
 ---------------------------------------------
-RHEL 9 kernel supports performing microcode update during early boot stage
+RHEL 8 kernel supports performing microcode update during early boot stage
 from a cpio archive placed at the beginning of the initramfs image.  However,
 when an early microcode update is attempted inside some virtualised
 environments, that may result in unexpected system behaviour.
@ -643,7 +643,7 @@ Mitigation: early microcode loading is disabled for all CPU models on kernels
 without the fix.

 Minimum versions of the kernel package that contain the fix:
- - Upstream/RHEL 8/RHEL 9: 4.10.0
+ - Upstream/RHEL 8: 4.10.0
 - RHEL 7.6 onwards: 3.10.0-930
 - RHEL 7.5: 3.10.0-862.14.1
 - RHEL 7.4: 3.10.0-693.38.1
--- a/SOURCES/gen_provides.sh
+++ b/SOURCES/gen_provides.sh
@ -43,43 +43,25 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-

 			# ext_sig, 12 bytes in size
 			IFS=' ' read cpuid pf_mask <<- EOF
-			$(dd if="$f" ibs=1 skip="$skip" count=8 status=none \
-				| xxd -e -g4 | xxd -r | hexdump -n 8 \
-				-e '"" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
+			$(hexdump -s "$skip" -n 8 \
+				-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
 			EOF
-			# Converting values from the constructed %#08x format
-			pf_mask="$((pf_mask))"

 			skip="$((skip + 12))"
 			ext_sig_pos="$((ext_sig_pos + 1))"
 		else
 			# Microcode header, 48 bytes, last 3 fields reserved
-			# cksum, ldrver are ignored
 			IFS=' ' read hdrver rev \
-			       date_m date_d date_y \
+			       date_y date_d date_m \
 			       cpuid cksum ldrver \
 			       pf_mask datasz totalsz <<- EOF
-			$(dd if="$f" ibs=1 skip="$skip" count=36 status=none \
-				| xxd -e -g4 | xxd -r | hexdump -n 36 \
-				-e '"0x" 4/1 "%02x" " 0x" 4/1 "%02x" " " \
-			               1/1 "%02x " 1/1 "%02x " 2/1 "%02x" " " \
-				       4/1 "%02x" " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" \
-				       " 0x" 4/1 "%x" \
-				       " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
+			$(hexdump -s "$skip" -n 36 \
+				-e '"" 1/4 "%u " 1/4 "%#x " \
+			               1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
+				       1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
+				       1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
 			EOF

-			# Converting values from the constructed %#08x format
-			rev="$(printf '%#x' "$((rev))")"
-			pf_mask="$((pf_mask))"
-			datasz="$((datasz))"
-			totalsz="$((totalsz))"
-
-			# Skipping files with unexpected hdrver value
-			[ 1 = "$((hdrver))" ] || {
-				echo "$f+$skip@$file_sz: incorrect hdrver $((hdrver))" >&2
-				break
-			}
-
 			[ 0 != "$datasz" ] || datasz=2000
 			[ 0 != "$totalsz" ] || totalsz=2048

@ -98,12 +80,9 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
 				# ext_sig table header, 20 bytes in size,
 				# last 3 fields are reserved.
 				IFS=' ' read ext_sig_cnt  <<- EOF
-				$(dd if="$f" ibs=1 skip="$skip" count=4 status=none \
-					| xxd -e -g4 | hexdump -n 4 \
-					-e '"0x" 4/1 "%02x" "\n"')
+				$(hexdump -s "$skip" -n 4 \
+					-e '"" 1/4 "%u" "\n"' "$f")
 				EOF
-				# Converting values from the constructed format
-				ext_sig_cnt="$((ext_sig_cnt))"

 				skip="$((skip + 20))"
 			else
--- a/SOURCES/gen_updates2.py
+++ b/SOURCES/gen_updates2.py
@ -144,7 +144,7 @@ def read_revs_dir(path, args, src=None, ret=None):
                offs = 0
                while offs < sz:
                    f.seek(offs, os.SEEK_SET)
-                    hdr = struct.unpack("<IiIIIIIIIIII", f.read(48))
+                    hdr = struct.unpack("IiIIIIIIIIII", f.read(48))
                    ret.append({"path": rp, "src": src or path,
                                "cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
                                "date": hdr[2], "offs": offs, "cksum": hdr[4],
@ -152,7 +152,7 @@ def read_revs_dir(path, args, src=None, ret=None):

                    if hdr[8] and hdr[8] - hdr[7] > 48:
                        f.seek(hdr[7], os.SEEK_CUR)
-                        ext_tbl = struct.unpack("<IIIII", f.read(20))
+                        ext_tbl = struct.unpack("IIIII", f.read(20))
                        log_status("Found %u extended signatures for %s:%#x" %
                                   (ext_tbl[0], rp, offs), level=1)

@ -160,7 +160,7 @@ def read_revs_dir(path, args, src=None, ret=None):
                        ext_sig_cnt = 0
                        while cur_offs < offs + hdr[8] \
                                and ext_sig_cnt <= ext_tbl[0]:
-                            ext_sig = struct.unpack("<III", f.read(12))
+                            ext_sig = struct.unpack("III", f.read(12))
                            ignore = args.ignore_ext_dups and \
                                (ext_sig[0] == hdr[3])
                            if not ignore:
--- a/SPECS/microcode_ctl.spec
+++ b/SPECS/microcode_ctl.spec
@ -1,4 +1,5 @@
 %define intel_ucode_version 20240910
+%global debug_package %{nil}

 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
 %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
@ -121,12 +122,10 @@ Source1000:     gen_provides.sh
 Source1001:     codenames.list
 Source1002:     gen_updates2.py

-BuildArch:      noarch
+ExclusiveArch:  %{ix86} x86_64
 BuildRequires:  systemd-units
-# dd, hexdump, and xxd are used in gen_provides.sh
-BuildRequires:  coreutils util-linux /usr/bin/xxd
-# gen_updates2.py requires python interpreter
-BuildRequires:  /usr/bin/python3
+# hexdump is used in gen_provides.sh
+BuildRequires:  coreutils util-linux
 Requires:       coreutils
 Requires(post): systemd coreutils
 Requires(preun): systemd coreutils
@ -314,7 +313,7 @@ install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
 # SUMMARY.intel-ucode generation
 # It is to be done only after file population, so, it is here,
 # at the end of the install stage
-/usr/bin/python3 "%{SOURCE1002}" -C "%{SOURCE1001}" \
+/usr/libexec/platform-python "%{SOURCE1002}" -C "%{SOURCE1001}" \
 	summary -A "%{buildroot}" \
 	> "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode"

@ -554,8 +553,8 @@ rm -rf %{buildroot}
 %changelog
 * Mon Sep 23 2024 Eugene Syromiatnikov <esyr@redhat.com> - 4:20240910-1
 - Update Intel CPU microcode to microcode-20240910 release, addresses
- Addresses CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980,
-  CVE-2024-25939 (RHEL-58057):
+  CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980,
+  CVE-2024-25939 (RHEL-59081):
  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb6 up to 0xb8;
  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
@ -681,8 +680,8 @@ rm -rf %{buildroot}
 - Update Intel CPU microcode to microcode-20240531 release, addresses
  CVE-2023-22655, CVE-2023-23583. CVE-2023-28746, CVE-2023-38575,
  CVE-2023-39368, CVE-2023-42667, CVE-2023-43490, CVE-2023-45733,
-  CVE-2023-46103, CVE-2023-49141 (RHEL-30861, RHEL-30864, RHEL-30867,
-  RHEL-30870, RHEL-30873, RHEL-41094, RHEL-41109):
+  CVE-2023-46103, CVE-2023-49141 (RHEL-30859, RHEL-30862, RHEL-30865,
+  RHEL-30868, RHEL-30871, RHEL-41093, RHEL-41108):
  - Addition of 06-aa-04/0xe6 (MTL-H/U C0) microcode at revision 0x1c;
  - Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) at
    revision 0x4121;
@ -1056,8 +1055,8 @@ rm -rf %{buildroot}

 * Thu Aug 10 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230808-1
 - Update Intel CPU microcode to microcode-20230808 release, addresses
-  CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213124, #2223992, #2230677,
-  #2230689):
+  CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213125, #2223993, #2230678,
+  #2230690):
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006f05 up
    to 0x2007006;
@ -1257,7 +1256,7 @@ rm -rf %{buildroot}
    to 0x11 (old pf 0x1).

 * Mon Aug 07 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230516-1
- Update Intel CPU microcode to microcode-20230516 release (#2213124):
+- Update Intel CPU microcode to microcode-20230516 release (#2213125):
  - Addition of 06-be-00/0x01 (ADL-N A0) microcode at revision 0x10;
  - Addition of 06-9a-04/0x40 (AZB A0) microcode at revision 0x4;
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
@ -1430,19 +1429,22 @@ rm -rf %{buildroot}

 * Tue Aug 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-4
 - Avoid spurious find failures due to calls on directories that may not exist
-  (#2225681).
+  (#2231065).
+
+* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 4:20230214-3
+- Rebuilt for MSVSphere 8.8

 * Wed Jun 28 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-3
 - Force locale to C in check_caveats, reload_microcode, and update_ucode
-  (#2218104).
+  (#2218096).

 * Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
- Cleanup the dangling symlinks in update_ucode (#2213022).
+- Cleanup the dangling symlinks in update_ucode (#2135376).

 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
 - Update Intel CPU microcode to microcode-20230214 release, addresses
-  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
-  #2171262):
+  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,
+  #2171259):
  - Addition of 06-6c-01/0x10 (ICL-D B0) microcode at revision 0x1000211;
  - Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision
    0x2b000181;
@ -1618,11 +1620,11 @@ rm -rf %{buildroot}

 * Tue Oct 25 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2
 - Change the logger severity level to warning to align with the kmsg one
-  (#2136506).
+  (#2136224).

 * Tue Aug 09 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-1
 - Update Intel CPU microcode to microcode-20220510 release, addresses
-  CVE-2022-21233 (#2115663):
+  CVE-2022-21233 (#2115667):
  - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
    intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up
    to 0x2006e05;
@ -1685,8 +1687,7 @@ rm -rf %{buildroot}

 * Tue May 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220510-1
 - Update Intel CPU microcode to microcode-20220510 release, addresses
-  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090248,
-  #2090261, #2086751, #2040069):
+  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
  - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
  - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
    intel-ucode/06-97-02) at revision 0x1f;
@ -1809,8 +1810,13 @@ rm -rf %{buildroot}
    to 0x53.

 * Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
- Update Intel CPU microcode to microcode-20220207 release, addresses
-  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253):
+- Update Intel CPU microcode to microcode-20220207 release:
+  - Fixes in releasenote.md file.
+
+* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
+- Update Intel CPU microcode to microcode-20220204 release, addresses
+  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
+  #2049554, #2049571):
  - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
  - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
    at revision 0xb00000f;
@ -1914,10 +1920,6 @@ rm -rf %{buildroot}
  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
    to 0x50.

-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:20210608-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
-
 * Mon Jul 05 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1
 - Update Intel CPU microcode to microcode-20210608 release (#1921773):
  - Fixes in releasenote.md file.