[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#985609: marked as done (buster-pu: package intel-microcode/3.20210216.1~deb10u1)

Your message dated Sat, 27 Mar 2021 10:26:45 +0000
with message-id <702e3cb8159c9986264e966af79023672688a8a4.camel@adam-barratt.org.uk>
and subject line Closing p-u requests for fixes included in 10.9 point release
has caused the Debian Bug report #985609,
regarding buster-pu: package intel-microcode/3.20210216.1~deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
985609: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985609
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

I'd like to update the intel-microcode in buster non-free.

This is a safe update: it only changes a few microcodes from what is
alrady in buster non-free, fixing a security issue.  There are no
regressions reported regarding this microcode update [when compared with
what is already in non-free buster].

Here's the relevant changelog:
intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium

  * RELEASE MANAGER INFORMATION: this update mitigates an extra security
    issue on a few processors, as described in 3.20210216.1 changelog.
    It has zero reports of regressions when compared with 3.20201118.1~deb10u1
    thus it is a safe stable update.
  * Rebuild for buster, keeping all changes to avoid regressions present
    in 3.20201118.1~deb10u1.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 20 Mar 2021 11:57:37 -0300

intel-microcode (3.20210216.1) unstable; urgency=medium

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 17 Feb 2021 11:26:06 -0300


The git diff is attached.  Here's the diffstat:

 changelog            |   12 ++++++++++++
 debian/changelog     |   28 ++++++++++++++++++++++++++++
 intel-ucode/06-55-04 |binary
 intel-ucode/06-55-06 |binary
 intel-ucode/06-55-07 |binary
 license              |    2 +-
 releasenote.md       |   23 +++++++++++++++++++++++
 7 files changed, 64 insertions(+), 1 deletion(-)

Thank you.

-- 
  Henrique Holschuh

diff --git a/changelog b/changelog
index 2444e14..1c60ff2 100644
--- a/changelog
+++ b/changelog
@@ -1,3 +1,15 @@
+2021-02-16:
+  * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+    and Cascade Lake Server (B0/B1) when using an active JTAG
+    agent like In Target Probe (ITP), Direct Connect Interface
+    (DCI) or a Baseboard Management Controller (BMC) to take the
+    CPU JTAG/TAP out of reset and then returning it to reset.
+  * This issue is related to the INTEL-SA-00381 mitigation.
+  * Updated Microcodes:
+    sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+    sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+    sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+
 2020-11-18:
   * Removes a faulty microcode update from release 2020-11-10
     which results on boot failures with a MCE (firmware error)
diff --git a/debian/changelog b/debian/changelog
index b746f58..45661aa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,31 @@
+intel-microcode (3.20210216.1~deb10u1) buster; urgency=medium
+
+  * RELEASE MANAGER INFORMATION: this update mitigates an extra security
+    issue on a few processors, as described in 3.20210216.1 changelog.
+    It has zero reports of regressions when compared with 3.20201118.1~deb10u1
+    thus it is a safe stable update.
+  * Rebuild for buster, keeping all changes to avoid regressions present
+    in 3.20201118.1~deb10u1.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 20 Mar 2021 11:57:37 -0300
+
+intel-microcode (3.20210216.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20210216
+    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+      and Cascade Lake Server (B0/B1) when using an active JTAG
+      agent like In Target Probe (ITP), Direct Connect Interface
+      (DCI) or a Baseboard Management Controller (BMC) to take the
+      CPU JTAG/TAP out of reset and then returning it to reset.
+    * This issue is related to the INTEL-SA-00381 mitigation.
+    * Updated Microcodes:
+      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+  * source: update symlinks to reflect id of the latest release, 20210216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 17 Feb 2021 11:26:06 -0300
+
 intel-microcode (3.20201118.1~deb10u1) buster; urgency=high
 
   * Rebuild for buster, with changes to avoid regressions
diff --git a/intel-ucode/06-55-04 b/intel-ucode/06-55-04
index 3822870..aa33771 100644
Binary files a/intel-ucode/06-55-04 and b/intel-ucode/06-55-04 differ
diff --git a/intel-ucode/06-55-06 b/intel-ucode/06-55-06
index 8370d64..6c9e6d7 100644
Binary files a/intel-ucode/06-55-06 and b/intel-ucode/06-55-06 differ
diff --git a/intel-ucode/06-55-07 b/intel-ucode/06-55-07
index 8b1f7e4..9a8f61c 100644
Binary files a/intel-ucode/06-55-07 and b/intel-ucode/06-55-07 differ
diff --git a/license b/license
index 8fbad3d..cb763c9 100644
--- a/license
+++ b/license
@@ -1,4 +1,4 @@
-Copyright (c) 2018-2020 Intel Corporation.
+Copyright (c) 2018-2021 Intel Corporation.
 All rights reserved.
 
 Redistribution.
diff --git a/microcode-20201118.d b/microcode-20210216.d
similarity index 100%
rename from microcode-20201118.d
rename to microcode-20210216.d
diff --git a/releasenote.md b/releasenote.md
index 0c2e2f7..c89508b 100644
--- a/releasenote.md
+++ b/releasenote.md
@@ -1,5 +1,28 @@
 # Release Notes
 
+## [microcode-20210216](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210216)
+
+### Purpose
+
+- Security updates for [INTEL-SA-00381](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html)
+
+### New Platforms
+
+None
+
+### Updated Platforms
+
+| Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
+|:---------------|:---------|:------------|:---------|:---------|:---------
+| SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon Scalable
+| SKX-D          | M1       | 06-55-04/b7 | 02006a08 | 02006a0a | Xeon D-21xx
+| CLX-SP         | B0       | 06-55-06/bf | 04003003 | 04003006 | Xeon Scalable Gen2
+| CLX-SP         | B1       | 06-55-07/bf | 05003003 | 05003006 | Xeon Scalable Gen2
+
+### Removed Platforms
+
+None
+
 ## [microcode-20201118](https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20201118)
 
 ### Purpose
diff --git a/supplementary-ucode-20201118_BDX-ML.bin b/supplementary-ucode-20210216_BDX-ML.bin
similarity index 100%
rename from supplementary-ucode-20201118_BDX-ML.bin
rename to supplementary-ucode-20210216_BDX-ML.bin

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.9

Hi,

Each of the updates referenced in these bugs was included in the 10.9
point release today.

Regards,

Adam

--- End Message ---
Reply to: