[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#930794: marked as done (unblock: intel-microcode/3.20190618.1)

Your message dated Fri, 21 Jun 2019 21:46:34 +0200
with message-id <8da60c25-1121-e2cf-bf83-b7d4cb07e05a@debian.org>
and subject line Re: Bug#930794: unblock: intel-microcode/3.20190618.1
has caused the Debian Bug report #930794,
regarding unblock: intel-microcode/3.20190618.1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
930794: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930794
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package intel-microcode

This is an update that adds the MDS mitigations for Sandybridge server
and HEDT (Core-X).  Other than those two updated microcode files, there
are just changes to text files.

It has been the subject of a security update (DSA 4447-2, and soon DLA
1789-2), please refer to

https://security-tracker.debian.org/tracker/CVE-2019-11091

for details.

diff attached (with the microcode blob changes removed for clarity).

diffstat (git, ignores rename of symlink):
 changelog            |    7 +++
 debian/changelog     |  106 +++++++++++++++++++++++++++++----------------------
 intel-ucode/06-2d-06 |binary
 intel-ucode/06-2d-07 |binary
 releasenote          |   46 ++--------------------
 5 files changed, 74 insertions(+), 85 deletions(-)


unblock intel-microcode/3.20190618.1

Thank you

-- 
  Henrique Holschuh

diff --git a/changelog b/changelog
index b6f59a6..f3579cf 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,10 @@
+2019-06-18:
+  * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+  * Updated Microcodes:
+    sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+    sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+
 2019-05-14:
   * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
     CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
diff --git a/debian/changelog b/debian/changelog
index f7c67ce..ac6bfe1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,50 +1,68 @@
+intel-microcode (3.20190618.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20190618
+    + SECURITY UPDATE
+      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+      for Sandybridge server and Core-X processors
+    + Updated Microcodes:
+      sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+  * Add some missing (minor) changelog entries to 3.20190514.1
+  * Reformat 3.20190514.1 changelog entry to match rest of changelog
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 19 Jun 2019 09:05:54 -0300
+
 intel-microcode (3.20190514.1) unstable; urgency=high
 
   * New upstream microcode datafile 20190514
-  * SECURITY UPDATE
-    Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
-    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-  * New Microcodes:
-    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
-    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
-    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
-    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
-    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
-    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
-  * Updated Microcodes:
-    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
-    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
-    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
-    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
-    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
-    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
-    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
-    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
-    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
-    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
-    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
-    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
-    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
-    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
-    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
-    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
-    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
-    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
-    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
-    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
-    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
-    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
-    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
-    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
-    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
-    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
-    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
-    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
-    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
-    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
-    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
-    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
-    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+    + SECURITY UPDATE
+      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+    + New Microcodes:
+      sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
+      sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
+      sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
+      sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
+      sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
+      sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+    + Updated Microcodes:
+      sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
+      sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
+      sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
+      sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
+      sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
+      sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
+      sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
+      sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
+      sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
+      sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
+      sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
+      sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
+      sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
+      sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
+      sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
+      sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
+      sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
+      sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
+      sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
+      sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
+      sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
+      sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
+      sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
+      sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
+      sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
+      sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+      sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+  * README.Debian, control: update download/homepage URLs
+  * copyright: update download URL and date range
+  * source: update symlinks to reflect id of the latest release, 20190514
 
  -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 14 May 2019 21:49:08 -0300
 
diff --git a/intel-ucode/06-2d-06 b/intel-ucode/06-2d-06
index d89a291..2c9b69c 100644
Binary files a/intel-ucode/06-2d-06 and b/intel-ucode/06-2d-06 differ
diff --git a/intel-ucode/06-2d-07 b/intel-ucode/06-2d-07
index 0da2b9e..52a3fb6 100644
Binary files a/intel-ucode/06-2d-07 and b/intel-ucode/06-2d-07 differ
diff --git a/microcode-20190514.d b/microcode-20190618.d
similarity index 100%
rename from microcode-20190514.d
rename to microcode-20190618.d
diff --git a/releasenote b/releasenote
index b5f1ea5..3c73f65 100644
--- a/releasenote
+++ b/releasenote
@@ -82,48 +82,12 @@ OS vendors must ensure that the late loader patches (provided in
 linux-kernel-patches\) are included in the distribution before packaging the
 BDX-ML microcode for late-loading.
 
-== 20190514 Release ==
--- Updates upon 20190312 release --
+== 20190618 Release ==
+-- Updates upon 20190514 release --
 Processor             Identifier     Version       Products
 Model        Stepping F-MO-S/PI      Old->New
 ---- new platforms ----------------------------------------
-VLV          C0       6-37-8/02           00000838 Atom Z series
-VLV          C0       6-37-8/0C           00000838 Celeron N2xxx, Pentium N35xx
-VLV          D0       6-37-9/0F           0000090c Atom E38xx
-CHV          C0       6-4c-3/01           00000368 Atom X series
-CHV          D0       6-4c-4/01           00000411 Atom X series
-CLX-SP       B1       6-55-7/bf           05000021 Xeon Scalable Gen2
+
 ---- updated platforms ------------------------------------
-SNB          D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
-IVB          E1/L1    6-3a-9/12 00000020->00000021 Core Gen3
-HSW          C0       6-3c-3/32 00000025->00000027 Core Gen4
-BDW-U/Y      E0/F0    6-3d-4/c0 0000002b->0000002d Core Gen5
-IVB-E/EP     C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2
-IVB-EX       D1       6-3e-7/ed 00000714->00000715 Xeon E7 v2
-HSX-E/EP     Cx/M1    6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3
-HSX-EX       E0       6-3f-4/80 00000013->00000014 Xeon E7 v3
-HSW-U        C0/D0    6-45-1/72 00000024->00000025 Core Gen4
-HSW-H        C0       6-46-1/32 0000001a->0000001b Core Gen4
-BDW-H/E3     E0/G0    6-47-1/22 0000001e->00000020 Core Gen5
-SKL-U/Y      D0/K1    6-4e-3/c0 000000c6->000000cc Core Gen6
-BDX-ML       B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx
-SKX-SP       H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
-SKX-D        M1       6-55-4/b7 0200005a->0000005e Xeon D-21xx
-BDX-DE       V1       6-56-2/10 00000019->0000001a Xeon D-1520/40
-BDX-DE       V2/3     6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
-BDX-DE       Y0       6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87
-BDX-NS       A0       6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
-APL          D0       6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
-SKL-H/S      R0/N0    6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
-DNV          B0       6-5f-1/01 00000024->0000002e Atom C Series
-GLK          B0       6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx
-AML-Y22      H0       6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
-KBL-U/Y      H0       6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
-CFL-U43e     D0       6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
-WHL-U        W0       6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
-WHL-U        V0       6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
-KBL-G/H/S/E3 B0       6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
-CFL-H/S/E3   U0       6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E
-CFL-S        B0       6-9e-b/02 000000aa->000000b4 Core Gen8
-CFL-H/S      P0       6-9e-c/22 000000a2->000000ae Core Gen9
-CFL-H        R0       6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile
+SNB-E/EN/EP  C1/M0    6-2d-6/6d 0000061d->0000061f Xeon E3/E5, Core X
+SNB-E/EN/EP  C2/M1    6-2d-7/6d 00000714->00000718 Xeon E3/E5, Core X
diff --git a/supplementary-ucode-20190514_BDX-ML.bin b/supplementary-ucode-20190618_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20190514_BDX-ML.bin
rename to supplementary-ucode-20190618_BDX-ML.bin

--- End Message ---
--- Begin Message --- 
Hi Henrique,

On 20-06-2019 20:05, Henrique de Moraes Holschuh wrote:
> unblock intel-microcode/3.20190618.1

Unblocked, thanks.

Just one question, the reason why all the binary blobs are different in
the package is that because the builds by Intel aren't reproducible?
I.e. they are rebuild every time?

Paul

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
Reply to: