Fixes the following security issues:
- CVE-2020-8696: Description: Improper removal of sensitive information
before storage or transfer in some Intel(R) Processors may allow an
authenticated user to potentially enable information disclosure via local
access
- CVE-2020-8698: Description: Improper isolation of shared resources in some
Intel(R) Processors may allow an authenticated user to potentially enable
information disclosure via local access
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html
License file updated with the new year, so change hash accordingly.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: explain license hash change]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
On Github, a large number of projects name their tag
<some-prefix>-0.3-<some-suffix> (i.e release-3.0, poco-0.1-release,
etc.). In fact majority of the cased adressed in this commit concerns
prefixes.
In most packages, we encode those prefix/suffix in the <pkg>_VERSION
variable.
The problem with this approach is that when used in conjunction with
release-monitoring.org, it doesn't work very well, because
release-monitoring.org has the concept of "version prefix/suffix" and
using that they drop the prefix/suffix to really get the version. For
example on https://release-monitoring.org/project/5418/ the latest
release of "poco" is "1.8.1", not "poco-1.8.1-release".
Therefore, a number of packages in Buildroot have a version that
doesn't match with release-monitoring.org.
Since really the version number of 1.8.1, is makes sense to update our
packages to drop these prefixes/suffixes.
This commit addreses the case of github-fetched packages with
non-conventional prefixes/suffixes.
Note that these changes modify the name of the files stored in DL_DIR,
which means that this will force a re-download of those package source
code for all users, and requires a change to their .hash file.
Signed-off-by: Victor Huesca <victor.huesca@bootlin.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Includes MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
Move to the Intel github repo as this release is not yet available on
downloadmirror.intel.com.
Update license hash because of copyright year and DOS/UNIX newlines change.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The big "intel-microcode.dat" text file is gone. Only binary files are
provided, in the "intel-ucode" directory. Install it at /lib/firmware/,
like linux-firmware does, and update the iucode-tool init script to use
that path.
We don't install the microcode under "intel-ucode-with-caveats", since
it needs special commits in the Linux kernel (see "relnotes" for more
information).
Tested on an equipment with Intel C3000 processor.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
