.gitignore

@@ -4,4 +4,4 @@ SOURCES/06-55-04
 SOURCES/06-5e-03
 SOURCES/microcode-20190918.tar.gz
 SOURCES/microcode-20191115.tar.gz
-SOURCES/microcode-20240910.tar.gz
+SOURCES/microcode-20240531.tar.gz

.microcode_ctl.metadata

@@ -4,4 +4,4 @@ bcf2173cd3dd499c37defbc2533703cfa6ec2430 SOURCES/06-2d-07
 86c60ee7d5d0d7115a4962c1c61ceecb0fd3a95a SOURCES/06-5e-03
 bc20d6789e6614b9d9f88ee321ab82bed220f26f SOURCES/microcode-20190918.tar.gz
 774636f4d440623b0ee6a2dad65260e81208074d SOURCES/microcode-20191115.tar.gz
-2815182aa376dba6d534bc087a27fe9f27def1d2 SOURCES/microcode-20240910.tar.gz
+9e4c19980b5d79eaa8c7324b6f6821c5812680c0 SOURCES/microcode-20240531.tar.gz

SOURCES/06-8c-01_readme

@@ -18,7 +18,6 @@ microcode revisions in question are listed below:
  * 06-8c-01, revision 0xac: b9f342e564a0be372ed1f4709263bf811feb022a
  * 06-8c-01, revision 0xb4: 6596bb8696cde85538bb833d090f0b7a42d6ae14
  * 06-8c-01, revision 0xb6: 76556e8248a89f38cd55a6c83dccc995ba176091
- * 06-8c-01, revision 0xb8: 6e9b138d1db2934479b179af4a3a19e843c4b4e4
 
 Please contact your system vendor for a BIOS/firmware update that contains
 the latest microcode version.  For the information regarding microcode versions

SOURCES/06-8e-9e-0x-0xca_readme

@@ -141,15 +141,6 @@ in question:
  * 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
  * 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
 
- * 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
- * 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
- * 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
- * 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
- * 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
- * 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
- * 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
- * 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
-
 Please contact your system vendor for a BIOS/firmware update that contains
 the latest microcode version.  For the information regarding microcode versions
 required for mitigating specific side-channel cache attacks, please refer

SOURCES/06-8e-9e-0x-dell_readme

@@ -141,15 +141,6 @@ in question:
  * 06-9e-0c, revision 0xf6: a8dfddd009f750b6528f93556b67d4eeca1e5dfa
  * 06-9e-0d, revision 0xfc: a0ad865fd2d3b9d955a889c96fabc67da0235dda
 
- * 06-8e-09, revision 0xf6: c2786ef2eb4feb8ac3e3efae83c361de3ad8df0d
- * 06-8e-0a, revision 0xf6: 9bb2839d451ecee40c1eb08f40e4baec9a159e90
- * 06-8e-0b, revision 0xf6: 7b60fc7d44654976df32971a45399b3b910f3390
- * 06-8e-0c, revision 0xfc: 34efc9a54dc32082b898116840c0a1a1cef59e69
- * 06-9e-0a, revision 0xf8: 880163a2da13ed1eae1654535d751a788de6fa3f
- * 06-9e-0b, revision 0xf6: ca90c9139d0c1554f6d17ae1bdcf94d0faa6ece7
- * 06-9e-0c, revision 0xf8: 97dcc36772894619ab28be8c35c4ff9f15d684ae
- * 06-9e-0d, revision 0x100: 1a00b6a4373b95811c6396f2a0d8d497f4006fb7
-
 Please contact your system vendor for a BIOS/firmware update that contains
 the latest microcode version.  For the information regarding microcode versions
 required for mitigating specific side-channel cache attacks, please refer

SOURCES/README.caveats

@@ -10,8 +10,8 @@ behaviour.
 
 General behaviour
 =================
-In RHEL 8 (as well as RHEL 7 before it), there are currently two main handlers
-for CPU microcode update:
+In RHEL 9 (as well as in RHEL 7 and RHEL 8 before it), there are currently
+two main handlers for CPU microcode update:
  * Early microcode update. It uses GenuineIntel.bin or AuthenticAMD.bin file
    placed at the beginning of an initramfs image
    (/boot/initramfs-KERNEL_VERSION.img, where "KERNEL_VERSION" is a kernel
@@ -45,10 +45,10 @@ zero-filled.
 
 The early microcode is placed into initramfs image by the "dracut" script, which
 scans the aforementioned subdirectories of the configured list of firmware
-directories (by default, the list consists of two directories in RHEL 8,
+directories (by default, the list consists of two directories in RHEL 9,
 "/lib/firmware/updates" and "/lib/firmware").
 
-In RHEL 8, AMD CPU microcode is shipped as a part of the linux-firmware package,
+In RHEL 9, AMD CPU microcode is shipped as a part of the linux-firmware package,
 and Intel microcode is shipped as a part of the microcode_ctl package.
 
 The microcode_ctl package currently includes the following:
@@ -613,7 +613,7 @@ Mitigation: microcode loading is disabled for the affected CPU model.
 
 Minimum versions of the kernel package that contain the aforementioned patch
 series:
- - Upstream/RHEL 8: 4.17.0
+ - Upstream/RHEL 8/RHEL 9: 4.17.0
  - RHEL 7.6 onwards:  3.10.0-894
  - RHEL 7.5:  3.10.0-862.6.1
  - RHEL 7.4:  3.10.0-693.35.1
@@ -628,7 +628,7 @@ series:
 
 Early microcode load inside a virtual machine
 ---------------------------------------------
-RHEL 8 kernel supports performing microcode update during early boot stage
+RHEL 9 kernel supports performing microcode update during early boot stage
 from a cpio archive placed at the beginning of the initramfs image.  However,
 when an early microcode update is attempted inside some virtualised
 environments, that may result in unexpected system behaviour.
@@ -643,7 +643,7 @@ Mitigation: early microcode loading is disabled for all CPU models on kernels
 without the fix.
 
 Minimum versions of the kernel package that contain the fix:
- - Upstream/RHEL 8: 4.10.0
+ - Upstream/RHEL 8/RHEL 9: 4.10.0
  - RHEL 7.6 onwards: 3.10.0-930
  - RHEL 7.5: 3.10.0-862.14.1
  - RHEL 7.4: 3.10.0-693.38.1

SOURCES/gen_provides.sh

@@ -43,25 +43,43 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
 
 			# ext_sig, 12 bytes in size
 			IFS=' ' read cpuid pf_mask <<- EOF
-			$(hexdump -s "$skip" -n 8 \
-				-e '"" 1/4 "%08x " 1/4 "%u" "\n"' "$f")
+			$(dd if="$f" ibs=1 skip="$skip" count=8 status=none \
+				| xxd -e -g4 | xxd -r | hexdump -n 8 \
+				-e '"" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
 			EOF
+			# Converting values from the constructed %#08x format
+			pf_mask="$((pf_mask))"
 
 			skip="$((skip + 12))"
 			ext_sig_pos="$((ext_sig_pos + 1))"
 		else
 			# Microcode header, 48 bytes, last 3 fields reserved
+			# cksum, ldrver are ignored
 			IFS=' ' read hdrver rev \
-			       date_y date_d date_m \
+			       date_m date_d date_y \
 			       cpuid cksum ldrver \
 			       pf_mask datasz totalsz <<- EOF
-			$(hexdump -s "$skip" -n 36 \
-				-e '"" 1/4 "%u " 1/4 "%#x " \
-			               1/2 "%04x " 1/1 "%02x " 1/1 "%02x " \
-				       1/4 "%08x " 1/4 "%x " 1/4 "%#x " \
-				       1/4 "%u " 1/4 "%u " 1/4 "%u" "\n"' "$f")
+			$(dd if="$f" ibs=1 skip="$skip" count=36 status=none \
+				| xxd -e -g4 | xxd -r | hexdump -n 36 \
+				-e '"0x" 4/1 "%02x" " 0x" 4/1 "%02x" " " \
+			               1/1 "%02x " 1/1 "%02x " 2/1 "%02x" " " \
+				       4/1 "%02x" " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" \
+				       " 0x" 4/1 "%x" \
+				       " 0x" 4/1 "%02x" " 0x" 4/1 "%02x" "\n"')
 			EOF
 
+			# Converting values from the constructed %#08x format
+			rev="$(printf '%#x' "$((rev))")"
+			pf_mask="$((pf_mask))"
+			datasz="$((datasz))"
+			totalsz="$((totalsz))"
+
+			# Skipping files with unexpected hdrver value
+			[ 1 = "$((hdrver))" ] || {
+				echo "$f+$skip@$file_sz: incorrect hdrver $((hdrver))" >&2
+				break
+			}
+
 			[ 0 != "$datasz" ] || datasz=2000
 			[ 0 != "$totalsz" ] || totalsz=2048
 
@@ -80,9 +98,12 @@ for f in $(grep -E '/intel-ucode.*/[0-9a-f][0-9a-f]-[0-9a-f][0-9a-f]-[0-9a-f][0-
 				# ext_sig table header, 20 bytes in size,
 				# last 3 fields are reserved.
 				IFS=' ' read ext_sig_cnt  <<- EOF
-				$(hexdump -s "$skip" -n 4 \
-					-e '"" 1/4 "%u" "\n"' "$f")
+				$(dd if="$f" ibs=1 skip="$skip" count=4 status=none \
+					| xxd -e -g4 | hexdump -n 4 \
+					-e '"0x" 4/1 "%02x" "\n"')
 				EOF
+				# Converting values from the constructed format
+				ext_sig_cnt="$((ext_sig_cnt))"
 
 				skip="$((skip + 20))"
 			else

SOURCES/gen_updates2.py

@@ -144,7 +144,7 @@ def read_revs_dir(path, args, src=None, ret=None):
                 offs = 0
                 while offs < sz:
                     f.seek(offs, os.SEEK_SET)
-                    hdr = struct.unpack("IiIIIIIIIIII", f.read(48))
+                    hdr = struct.unpack("<IiIIIIIIIIII", f.read(48))
                     ret.append({"path": rp, "src": src or path,
                                 "cpuid": hdr[3], "pf": hdr[6], "rev": hdr[1],
                                 "date": hdr[2], "offs": offs, "cksum": hdr[4],
@@ -152,7 +152,7 @@ def read_revs_dir(path, args, src=None, ret=None):
 
                     if hdr[8] and hdr[8] - hdr[7] > 48:
                         f.seek(hdr[7], os.SEEK_CUR)
-                        ext_tbl = struct.unpack("IIIII", f.read(20))
+                        ext_tbl = struct.unpack("<IIIII", f.read(20))
                         log_status("Found %u extended signatures for %s:%#x" %
                                    (ext_tbl[0], rp, offs), level=1)
 
@@ -160,7 +160,7 @@ def read_revs_dir(path, args, src=None, ret=None):
                         ext_sig_cnt = 0
                         while cur_offs < offs + hdr[8] \
                                 and ext_sig_cnt <= ext_tbl[0]:
-                            ext_sig = struct.unpack("III", f.read(12))
+                            ext_sig = struct.unpack("<III", f.read(12))
                             ignore = args.ignore_ext_dups and \
                                 (ext_sig[0] == hdr[3])
                             if not ignore:

SPECS/microcode_ctl.spec

@@ -1,5 +1,4 @@
-%define intel_ucode_version 20240910
-%global debug_package %{nil}
+%define intel_ucode_version 20240531
 
 %define caveat_dir %{_datarootdir}/microcode_ctl/ucode_with_caveats
 %define microcode_ctl_libexec %{_libexecdir}/microcode_ctl
@@ -122,10 +121,12 @@ Source1000:     gen_provides.sh
 Source1001:     codenames.list
 Source1002:     gen_updates2.py
 
-ExclusiveArch:  %{ix86} x86_64
+BuildArch:      noarch
 BuildRequires:  systemd-units
-# hexdump is used in gen_provides.sh
-BuildRequires:  coreutils util-linux
+# dd, hexdump, and xxd are used in gen_provides.sh
+BuildRequires:  coreutils util-linux /usr/bin/xxd
+# gen_updates2.py requires python interpreter
+BuildRequires:  /usr/bin/python3
 Requires:       coreutils
 Requires(post): systemd coreutils
 Requires(preun): systemd coreutils
@@ -313,7 +314,7 @@ install -m 644 "%{SOURCE182}" "%{tgl_inst_dir}/disclaimer"
 # SUMMARY.intel-ucode generation
 # It is to be done only after file population, so, it is here,
 # at the end of the install stage
-/usr/libexec/platform-python "%{SOURCE1002}" -C "%{SOURCE1001}" \
+/usr/bin/python3 "%{SOURCE1002}" -C "%{SOURCE1001}" \
 	summary -A "%{buildroot}" \
 	> "%{buildroot}/%{_pkgdocdir}/SUMMARY.intel-ucode"
 
@@ -408,13 +409,9 @@ rpm -qa --qf "${qf}" ${pkgs} | sort -r -n -k'3,3' | {
 		# https://bugzilla.redhat.com/show_bug.cgi?id=1609696
 		# So, we check for symvers file inside /lib/modules.
 		#
-		# Also account for the fact that symvers compression has been
-		# switched from gzip to xz on newer kernels.
-		#
 		# XXX: Not sure if this check is still needed, since we now
 		# iterate over the rpm output.
-		[ -e "/lib/modules/${kver_uname}/symvers.gz" -o \
-		  -e "/lib/modules/${kver_uname}/symvers.xz" ] || continue
+		[ -e "/lib/modules/${kver_uname}/symvers.gz" ] || continue
 		# Check that modules.dep for the kernel is present as well,
 		# otherwise dracut complains with "/lib/modules/.../modules.dep
 		# is missing. Did you run depmod?".
@@ -551,137 +548,12 @@ rm -rf %{buildroot}
 
 
 %changelog
-* Mon Sep 23 2024 Eugene Syromiatnikov <esyr@redhat.com> - 4:20240910-1
-- Update Intel CPU microcode to microcode-20240910 release, addresses
-  CVE-2024-23984, CVE-2024-24853, CVE-2024-24968, CVE-2024-24980,
-  CVE-2024-25939 (RHEL-59081):
-  - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in
-    intel-06-8c-01/intel-ucode/06-8c-01) from revision 0xb6 up to 0xb8;
-  - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
-    to 0xf6;
-  - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xf4 up
-    to 0xf6;
-  - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xf4 up
-    to 0xf6;
-  - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xf4 up
-    to 0xf6;
-  - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
-    microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
-    revision 0xfa up to 0xfc;
-  - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xf6 up
-    to 0xf8;
-  - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xf4 up
-    to 0xf6;
-  - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xf6 up
-    to 0xf8;
-  - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
-    intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xfc up
-    to 0x100;
-  - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
-    0x5003605 up to 0x5003707;
-  - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002802
-    up to 0x7002904;
-  - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0003d1
-    up to 0xd0003e7;
-  - Update of 06-6c-01/0x10 (ICL-D B0) microcode from revision 0x1000290
-    up to 0x10002b0;
-  - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xc4
-    up to 0xc6;
-  - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x36 up
-    to 0x38;
-  - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x50 up
-    to 0x52;
-  - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x19 up
-    to 0x1a;
-  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode from revision
-    0x35 up to 0x36;
-  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
-    intel-ucode/06-97-02) from revision 0x35 up to 0x36;
-  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
-    from revision 0x35 up to 0x36;
-  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-02)
-    from revision 0x35 up to 0x36;
-  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
-    intel-ucode/06-97-05) from revision 0x35 up to 0x36;
-  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode from revision 0x35
-    up to 0x36;
-  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
-    from revision 0x35 up to 0x36;
-  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-97-05)
-    from revision 0x35 up to 0x36;
-  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode from revision
-    0x433 up to 0x434;
-  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode (in
-    intel-ucode/06-9a-03) from revision 0x433 up to 0x434;
-  - Update of 06-9a-03/0x80 (ADL-P 6+8/U 9W L0/R0) microcode (in
-    intel-ucode/06-9a-04) from revision 0x433 up to 0x434;
-  - Update of 06-9a-04/0x80 (ADL-P 2+8 R0) microcode from revision 0x433
-    up to 0x434;
-  - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xfa up
-    to 0xfc;
-  - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xfa
-    up to 0xfc;
-  - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xfa
-    up to 0xfc;
-  - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xfa
-    up to 0xfe;
-  - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision
-    0xfa up to 0xfc;
-  - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x5e up
-    to 0x62;
-  - Update of 06-aa-04/0xe6 (MTL-H/U C0) microcode from revision 0x1c
-    up to 0x1f;
-  - Update of 06-b7-01/0x32 (RPL-S B0) microcode from revision 0x123 up
-    to 0x129;
-  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode from revision
-    0x4121 up to 0x4122;
-  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
-    intel-ucode/06-ba-02) from revision 0x4121 up to 0x4122;
-  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) from
-    revision 0x4121 up to 0x4122;
-  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
-    intel-ucode/06-ba-03) from revision 0x4121 up to 0x4122;
-  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode from revision 0x4121
-    up to 0x4122;
-  - Update of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-03) from
-    revision 0x4121 up to 0x4122;
-  - Update of 06-ba-02/0xe0 (RPL-H 6+8/P 6+8 J0) microcode (in
-    intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
-  - Update of 06-ba-03/0xe0 (RPL-U 2+8 Q0) microcode (in
-    intel-ucode/06-ba-08) from revision 0x4121 up to 0x4122;
-  - Update of 06-ba-08/0xe0 microcode from revision 0x4121 up to 0x4122;
-  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
-    intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
-  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
-    intel-ucode/06-bf-02) from revision 0x35 up to 0x36;
-  - Update of 06-bf-02/0x07 (ADL C0) microcode from revision 0x35 up
-    to 0x36;
-  - Update of 06-bf-05/0x07 (ADL C0) microcode (in intel-ucode/06-bf-02)
-    from revision 0x35 up to 0x36;
-  - Update of 06-97-02/0x07 (ADL-HX/S 8+8 C0) microcode (in
-    intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
-  - Update of 06-97-05/0x07 (ADL-S 6+0 K0) microcode (in
-    intel-ucode/06-bf-05) from revision 0x35 up to 0x36;
-  - Update of 06-bf-02/0x07 (ADL C0) microcode (in intel-ucode/06-bf-05)
-    from revision 0x35 up to 0x36;
-  - Update of 06-bf-05/0x07 (ADL C0) microcode from revision 0x35 up
-    to 0x36;
-  - Update of 06-be-00/0x19 (ADL-N A0) microcode from revision 0x17 up
-    to 0x1a (old pf 0x11).
-
 * Mon Jun 17 2024 Eugene Syromiatnikov <esyr@redhat.com> - 4:20240531-1
 - Update Intel CPU microcode to microcode-20240531 release, addresses
   CVE-2023-22655, CVE-2023-23583. CVE-2023-28746, CVE-2023-38575,
   CVE-2023-39368, CVE-2023-42667, CVE-2023-43490, CVE-2023-45733,
-  CVE-2023-46103, CVE-2023-49141 (RHEL-30859, RHEL-30862, RHEL-30865,
-  RHEL-30868, RHEL-30871, RHEL-41093, RHEL-41108):
+  CVE-2023-46103, CVE-2023-49141 (RHEL-30861, RHEL-30864, RHEL-30867,
+  RHEL-30870, RHEL-30873, RHEL-41094, RHEL-41109):
   - Addition of 06-aa-04/0xe6 (MTL-H/U C0) microcode at revision 0x1c;
   - Addition of 06-ba-08/0xe0 microcode (in intel-ucode/06-ba-02) at
     revision 0x4121;
@@ -1055,8 +927,8 @@ rm -rf %{buildroot}
 
 * Thu Aug 10 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230808-1
 - Update Intel CPU microcode to microcode-20230808 release, addresses
-  CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213125, #2223993, #2230678,
-  #2230690):
+  CVE-2022-40982, CVE-2022-41804, CVE-2023-23908 (#2213124, #2223992, #2230677,
+  #2230689):
   - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
     intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006f05 up
     to 0x2007006;
@@ -1256,7 +1128,7 @@ rm -rf %{buildroot}
     to 0x11 (old pf 0x1).
 
 * Mon Aug 07 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230516-1
-- Update Intel CPU microcode to microcode-20230516 release (#2213125):
+- Update Intel CPU microcode to microcode-20230516 release (#2213124):
   - Addition of 06-be-00/0x01 (ADL-N A0) microcode at revision 0x10;
   - Addition of 06-9a-04/0x40 (AZB A0) microcode at revision 0x4;
   - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
@@ -1429,19 +1301,19 @@ rm -rf %{buildroot}
 
 * Tue Aug 01 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-4
 - Avoid spurious find failures due to calls on directories that may not exist
-  (#2231065).
+  (#2225681).
 
 * Wed Jun 28 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-3
 - Force locale to C in check_caveats, reload_microcode, and update_ucode
-  (#2218096).
+  (#2218104).
 
 * Tue Jun 06 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-2
-- Cleanup the dangling symlinks in update_ucode (#2135376).
+- Cleanup the dangling symlinks in update_ucode (#2213022).
 
 * Wed Feb 15 2023 Eugene Syromiatnikov <esyr@redhat.com> - 4:20230214-1
 - Update Intel CPU microcode to microcode-20230214 release, addresses
-  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171234,
-  #2171259):
+  CVE-2022-21216, CVE-2022-33196, CVE-2022-33972, CVE-2022-38090 (#2171237,
+  #2171262):
   - Addition of 06-6c-01/0x10 (ICL-D B0) microcode at revision 0x1000211;
   - Addition of 06-8f-04/0x87 (SPR-SP E0/S1) microcode at revision
     0x2b000181;
@@ -1617,11 +1489,11 @@ rm -rf %{buildroot}
 
 * Tue Oct 25 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-2
 - Change the logger severity level to warning to align with the kmsg one
-  (#2136224).
+  (#2136506).
 
 * Tue Aug 09 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220809-1
 - Update Intel CPU microcode to microcode-20220510 release, addresses
-  CVE-2022-21233 (#2115667):
+  CVE-2022-21233 (#2115663):
   - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
     intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006d05 up
     to 0x2006e05;
@@ -1684,7 +1556,8 @@ rm -rf %{buildroot}
 
 * Tue May 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220510-1
 - Update Intel CPU microcode to microcode-20220510 release, addresses
-  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2086743):
+  CVE-2022-0005, CVE-2022-21131, CVE-2022-21136, CVE-2022-21151 (#2090248,
+  #2090261, #2086751, #2040069):
   - Addition of 06-97-02/0x03 (ADL-HX C0) microcode at revision 0x1f;
   - Addition of 06-97-05/0x03 (ADL-S 6+0 K0) microcode (in
     intel-ucode/06-97-02) at revision 0x1f;
@@ -1807,13 +1680,8 @@ rm -rf %{buildroot}
     to 0x53.
 
 * Thu Feb 10 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220207-1
-- Update Intel CPU microcode to microcode-20220207 release:
-  - Fixes in releasenote.md file.
-
-* Mon Feb 07 2022 Eugene Syromiatnikov <esyr@redhat.com> - 4:20220204-1
-- Update Intel CPU microcode to microcode-20220204 release, addresses
-  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,
-  #2049554, #2049571):
+- Update Intel CPU microcode to microcode-20220207 release, addresses
+  CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#2053253):
   - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;
   - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)
     at revision 0xb00000f;
@@ -1917,6 +1785,10 @@ rm -rf %{buildroot}
   - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up
     to 0x50.
 
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4:20210608-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
 * Mon Jul 05 2021 Eugene Syromiatnikov <esyr@redhat.com> - 4:20210608-1
 - Update Intel CPU microcode to microcode-20210608 release (#1921773):
   - Fixes in releasenote.md file.