Accepted intel-microcode 3.20220207.1~bpo11+1 (amd64 i386 source) into bullseye-backports, bullseye-backports

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 02 Mar 2022 14:20:35 -0300
Binary: intel-microcode
Source: intel-microcode
Architecture: amd64 i386 source
Version: 3.20220207.1~bpo11+1
Distribution: bullseye-backports
Urgency: medium
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description: 
 intel-microcode - Processor microcode firmware for Intel CPUs
Changes:
 intel-microcode (3.20220207.1~bpo11+1) bullseye-backports; urgency=medium
 .
   * Rebuild for bullseye-backports (no changes required)
 .
 intel-microcode (3.20220207.1) unstable; urgency=medium
 .
   * upstream changelog: new upstream datafile 20220207
     * Mitigates (*only* when loaded from UEFI firmware through the FIT)
       CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
       debug port, on Pentium, Celeron and Atom processors with signatures
       0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
       https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
     * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
       may cause a system hang, on many processors.
     * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
       to improper sanitization of shared resources (fast-store forward
       predictor), on many processors.
     * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
       Atom Processors may allow information disclosure or denial of service
       via network access.
     * Fixes critical errata (functional issues) on many processors
     * Adds a MSR switch to enable RAPL filtering (default off, once enabled
       it can only be disabled by poweroff or reboot).  Useful to protect
       SGX and other threads from side-channel info leak.  Improves the
       mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
       processors.
     * Disables TSX in more processor models.
     * Fixes issue with WBINDV on multi-socket (server) systems which could
       cause resets and unpredictable system behavior.
     * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
       Lake) processors, to control a fix for (hopefully rare) unpredictable
       processor behavior when HyperThreading is enabled.  This MSR switch
       is enabled by default on *server* processors.  On other processors,
       it needs to be explicitly enabled by an updated UEFI/BIOS (with added
       configuration logic).  An updated operating system kernel might also
       be able to enable it.  When enabled, this fix can impact performance.
     * Updated Microcodes:
       sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
       sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
       sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
       sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
       sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
       sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
       sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
       sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
       sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
       sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
       sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
       sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
       sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
       sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
       sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
       sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
       sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
       sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
       sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
       sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
       sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
       sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
       sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
       sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
       sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
       sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
       sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
       sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
       sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
       sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
       sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
       sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
       sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
       sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
       sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
       sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
       sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
       sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
       sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
       sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
       sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
     * Removed Microcodes:
       sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
       sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
   * update .gitignore and debian/.gitignore.
     Add some missing items from .gitignore and debian/.gitignore.
   * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
     When the BIOS microcode is older than revision 0x7f (and perhaps in some
     other cases as well), the latest microcode updates for 0x406e3 and
     0x506e3 must be applied using the early update method.  Otherwise, the
     system might hang.  Also: there must not be any other intermediate
     microcode update attempts [other than the one done by the BIOS itself],
     either.  It must go from the BIOS microcode update directly to the
     latest microcode update.
   * source: update symlinks to reflect id of the latest release, 20220207
Checksums-Sha1: 
 5998ba911fedc7b7248f8747f55225149f981994 1821 intel-microcode_3.20220207.1~bpo11+1.dsc
 a6667dfe1a1d93daa47da390aee2946b9cdc35d8 4524180 intel-microcode_3.20220207.1~bpo11+1.tar.xz
 f91afd9e6cb6c15ba8582de8cd11b8089a24670a 6022 intel-microcode_3.20220207.1~bpo11+1_amd64.buildinfo
 02bc6e9fa518045aa89a5da3835b2a7bd90d665b 3845112 intel-microcode_3.20220207.1~bpo11+1_amd64.deb
 dcfc1f84f398f9a2130251b1dd2849f93de4cb66 4794 intel-microcode_3.20220207.1~bpo11+1_i386.buildinfo
 6fd01c47f053f3ab76dce42ea72d8a73ed3e4918 3984972 intel-microcode_3.20220207.1~bpo11+1_i386.deb
Checksums-Sha256: 
 d3d7a8525a803173b7520866fb92445d636b5ff0450678daac12d333881b1b60 1821 intel-microcode_3.20220207.1~bpo11+1.dsc
 d289ccadb013889f831cfabbd00ddf28a55b26fc784da46c9862fa893596aafa 4524180 intel-microcode_3.20220207.1~bpo11+1.tar.xz
 71561b06f4dfc9429f5a6a10cc30642b7535abf3fd8b0a9fc4e88f26fa3c82d5 6022 intel-microcode_3.20220207.1~bpo11+1_amd64.buildinfo
 074b249de058eb120e45a86dbce76e2877521aa9bef1eb39bccffb6514043c19 3845112 intel-microcode_3.20220207.1~bpo11+1_amd64.deb
 abab58082c288fc4bad5c5d7afbaa1948bfb975f47ebf6cf41c128b074328fdb 4794 intel-microcode_3.20220207.1~bpo11+1_i386.buildinfo
 6dab168b494b7d63bb4bc0f1a5e9c43bec0b67a03e2770edeb955b74fe2074b7 3984972 intel-microcode_3.20220207.1~bpo11+1_i386.deb
Files: 
 d4110e2854c6f5c74b9b5faf31cdb3ce 1821 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1.dsc
 2269766d4a959f6cec13c9493d130813 4524180 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1.tar.xz
 d4462dc723d41e9a82aedf0dd40a9fd8 6022 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1_amd64.buildinfo
 cb3652cf7637dcc4bb63c2f3069f948f 3845112 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1_amd64.deb
 c78fd6f51cea1ae22011691f29c2e4b6 4794 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1_i386.buildinfo
 0ca6b8e3306a2cce511eb22710ad9b5e 3984972 non-free/admin standard intel-microcode_3.20220207.1~bpo11+1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmIf0eEACgkQTkVcVzAp
lOTcow/+OSEdlrLcwf3ehjlhNeBZCZu/GQNoc/3hV6seTGm84Tm+4GABtvEqFuMp
Upcdg0QHoRxpX5Z9tQUoSJwK8tjpQqmNgBmHEUCnkWWhQAoF9YGGqtLTiooKgIXv
Uvt6fHzkfYFQ798L8UXK3RWj0IqJvXBBeEsfB5r5o06OgFg9Od2Dal4aCBSyXOv1
GTxplt+U+VakARH3reWtnLiDe0v9+kAVBo6MVAcDhPaY8g3bW+thK7YA9JgdyRty
J8fLrSlmFDbsYpAbEjiLfza/a3Bvh1ZEeXDrO3Vcuu+s6h6XBauotKtyv557xZGo
z3zVG9oK/lU7AI500mAd52KryrRToM9U4EudSz2Ybu58Ec2PLwP/hCQ32MXz7aaI
1lzN+/OyG3Nv60v7ITsCnDFhnRS2am2rw2En0HePEazyjxC9DOvDh/eUYCIak8Ln
0QdEVTk4ZGYpBy0nJjazJ1WhAj8gvqWOMZiU3j1XCcYIE+Oe9sX9VnXqJKaxi/cH
IWevf1w4brOcVVvqNMCfoHD0rqVTiEHVFzDSAq58U27Re3dTZ8N06U2exISRfCkr
Shhp9Cykncc6XKzUvt6sORPxjYwR44M+5gN/1MdZXSFM5VwNNpxvGcrNUecPm7jP
3GdXKBN7HFb9C1iyni0UBaiqfhxdxWqXQgrfnZVWMcXBTQzTcqc=
=1xzM
-----END PGP SIGNATURE-----