Bug#1056358: bookworm-pu: package needrestart/3.6-4+deb12u1

[Antoine Beaupré <anarcat@debian.org>]

Control: tags -1 - moreinfo

On 2023-12-02 18:52:39, Adam D. Barratt wrote:
> There doesn't appear to be a debdiff attached.

What is wrong with me.

diff -Nru needrestart-3.6/debian/changelog needrestart-3.6/debian/changelog
--- needrestart-3.6/debian/changelog	2023-05-31 10:47:03.000000000 -0400
+++ needrestart-3.6/debian/changelog	2023-11-15 15:05:37.000000000 -0500
@@ -1,3 +1,9 @@
+needrestart (3.6-4+deb12u1) bookworm; urgency=medium
+
+  * fix microcode check regression on AMD CPUs (Closes: #1013285)
+
+ -- Antoine Beaupré <anarcat@debian.org>  Wed, 15 Nov 2023 15:05:37 -0500
+
 needrestart (3.6-4) unstable; urgency=medium
 
   * Remove leftover conffile 30-pacman with 3.6-4.
diff -Nru needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch
--- needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch	1969-12-31 19:00:00.000000000 -0500
+++ needrestart-3.6/debian/patches/05-fix-AMD-ucode-checking-in-non-debug-mode.patch	2023-11-15 15:05:37.000000000 -0500
@@ -0,0 +1,33 @@
+From b073fb6d9969597173daa8c511a85bae9b03ed37 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Wed, 15 Nov 2023 15:20:37 -0500
+Subject: [PATCH] fix AMD ucode checking in non-debug mode
+
+It looks like the assignment when the ucode exist was not
+done *unless* `debug` (`-v`) was set. Therefore, all AMD microcode
+checks were returning UNKNOWN, including in Nagios checks, unless the
+`-v` ("verbose", but actually `debug`) was passed.
+
+Closes: #249
+---
+ perl/lib/NeedRestart/uCode/AMD.pm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/perl/lib/NeedRestart/uCode/AMD.pm b/perl/lib/NeedRestart/uCode/AMD.pm
+index 638e68d..6daad8f 100644
+--- a/perl/lib/NeedRestart/uCode/AMD.pm
++++ b/perl/lib/NeedRestart/uCode/AMD.pm
+@@ -185,8 +185,8 @@ sub nr_ucode_check_real {
+     if ( exists( $_ucodes->{cpuid}->{$cpuid} ) ) {
+         my $prid = $_ucodes->{cpuid}->{$cpuid};
+         if ( exists( $_ucodes->{prid}->{$prid} ) ) {
+-            $vars{AVAIL} = sprintf( "0x%08x", $_ucodes->{prid}->{$prid} ),
+-		print STDERR "$LOGPREF #$info->{processor} found ucode $vars{AVAIL}\n" if ($debug);
++            $vars{AVAIL} = sprintf( "0x%08x", $_ucodes->{prid}->{$prid} );
++            print STDERR "$LOGPREF #$info->{processor} found ucode $vars{AVAIL}\n" if ($debug);
+ 	}
+     }
+ 
+-- 
+2.39.2
+
diff -Nru needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch
--- needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch	1969-12-31 19:00:00.000000000 -0500
+++ needrestart-3.6/debian/patches/06-uCode-fix-uninitialized-value-in-logging-of-processo.patch	2023-11-15 15:05:37.000000000 -0500
@@ -0,0 +1,30 @@
+From e85bfe33b595b88cc8052a7815d13612ecc2a841 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Stefan=20B=C3=BChler?= <source@stbuehler.de>
+Date: Sun, 28 May 2023 17:42:28 +0200
+Subject: [PATCH] [uCode] fix uninitialized value in logging of processor index
+
+This got broken in f8c2609f8d5a0e10bd988497b8ea9815a7bb2fa8.
+
+Before that it would have effectively logged
+`$processors{$pid}->{processor}`, but the `processor` entry
+is also the key in `%processors`, i.e. equals `$pid`.
+---
+ perl/lib/NeedRestart/uCode.pm | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/perl/lib/NeedRestart/uCode.pm b/perl/lib/NeedRestart/uCode.pm
+index 6251339..db81375 100644
+--- a/perl/lib/NeedRestart/uCode.pm
++++ b/perl/lib/NeedRestart/uCode.pm
+@@ -148,7 +148,7 @@ sub nr_ucode_check {
+             }
+             $ui->progress_step;
+ 
+-            my $nstate = compare_ucode_versions( $debug, $processors{processor}, @nvars );
++            my $nstate = compare_ucode_versions( $debug, $pid, @nvars );
+             if ( $nstate > $state ) {
+                 ( $state, @vars ) = ( $nstate, @nvars );
+             }
+-- 
+2.39.2
+
diff -Nru needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch
--- needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch	1969-12-31 19:00:00.000000000 -0500
+++ needrestart-3.6/debian/patches/07-mark-unavailable-firmware-as-CURRENT.patch	2023-11-15 15:05:37.000000000 -0500
@@ -0,0 +1,61 @@
+From 0e1ffe8025416a918ddf169f2d858762733d7238 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
+Date: Tue, 21 Nov 2023 10:59:32 -0500
+Subject: [PATCH] mark unavailable firmware as CURRENT
+
+This changes the policy of reporting missing firmware updates as
+"UNKNOWN". Now, if there's no available firmware, we report
+"current". That fixes needrestart on platforms that do not have
+firmware support (#220) or platforms that *are* supported but for
+which a CPU is to new to have an updated firmware available (#149).
+
+It does *not* create a new "unavailable" status (#274) as this maps
+poorly in Nagios reporting, but that is an option that was considered
+here as well.
+
+Closes: #149
+Closes: #274
+Closes: #220
+---
+ perl/lib/NeedRestart/uCode.pm | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/perl/lib/NeedRestart/uCode.pm b/perl/lib/NeedRestart/uCode.pm
+index db81375..71144b8 100644
+--- a/perl/lib/NeedRestart/uCode.pm
++++ b/perl/lib/NeedRestart/uCode.pm
+@@ -52,13 +52,26 @@ my $LOGPREF = '[ucode]';
+ sub compare_ucode_versions {
+     my ($debug, $processor, %vars) = @_;
+ 
+-    unless ( exists( $vars{CURRENT} ) && exists( $vars{AVAIL} ) ) {
+-        print STDERR
+-	    "$LOGPREF #$processor did not get current microcode version\n"
+-	    if ( $debug && !exists( $vars{CURRENT} ) );
++    # if no firmware is available for the current CPU, that's
++    # considered up to date. the rationale here is that if we warn on
++    # this, we're actually going to warn for certain new CPUs that
++    # have an up-to-date, built-in firmware without any update. that,
++    # in turn, creates alert fatigue and makes operators more likely
++    # to ignore warnings.
++    unless ( exists( $vars{AVAIL} ) ) {
+         print STDERR
+ 	    "$LOGPREF #$processor did not get available microcode version\n"
+-	    if ( $debug && !exists( $vars{AVAIL} ) );
++	    if ( $debug );
++        return NRM_CURRENT;
++    }
++    # from here on, there is a microcode file available
++    #
++    # if we can't find a microcode firmware for the current CPU,
++    # *that* is a problem.
++    unless ( exists( $vars{CURRENT} )  ) {
++        print STDERR
++            "$LOGPREF #$processor did not get current microcode version\n"
++            if ( $debug);
+ 
+         return NRM_UNKNOWN;
+     }
+-- 
+2.39.2
+
diff -Nru needrestart-3.6/debian/patches/series needrestart-3.6/debian/patches/series
--- needrestart-3.6/debian/patches/series	2023-05-31 10:47:03.000000000 -0400
+++ needrestart-3.6/debian/patches/series	2023-11-15 15:05:37.000000000 -0500
@@ -2,3 +2,6 @@
 02-bash-term-in-posix-shell.diff
 03-ignore-serial-getty.diff
 04-vm-detection.diff
+05-fix-AMD-ucode-checking-in-non-debug-mode.patch
+06-uCode-fix-uninitialized-value-in-logging-of-processo.patch
+07-mark-unavailable-firmware-as-CURRENT.patch