1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted intel-microcode 3.20220207.1~deb11u1 (amd64 i386 source) into

    From Debian FTP Masters@21:1/5 to All on Mon Mar 21 13:50:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 20 Mar 2022 17:40:05 -0300
    Binary: intel-microcode
    Source: intel-microcode
    Architecture: amd64 i386 source
    Version: 3.20220207.1~deb11u1
    Distribution: bullseye
    Urgency: medium
    Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
    Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
    Description:
    intel-microcode - Processor microcode firmware for Intel CPUs
    Changes:
    intel-microcode (3.20220207.1~deb11u1) bullseye; urgency=medium
    .
    * Backport for Debian stable (no changes)
    * Release manager: this is the same package already in bullseye-backports,
    testing and unstable. It fixes several security issues, adds MSRs that
    can be enabled by updated kernels for enhanced security mitigaton, and
    also fixes several critical "functional issues" (i.e. processor errata).
    There were no reports to date of regressions introduced by this microcode
    drelease.
    .
    intel-microcode (3.20220207.1) unstable; urgency=medium
    .
    * upstream changelog: new upstream datafile 20220207
    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
    CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
    debug port, on Pentium, Celeron and Atom processors with signatures
    0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
    may cause a system hang, on many processors.
    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
    to improper sanitization of shared resources (fast-store forward
    predictor), on many processors.
    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
    Atom Processors may allow information disclosure or denial of service
    via network access.
    * Fixes critical errata (functional issues) on many processors
    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
    it can only be disabled by poweroff or reboot). Useful to protect
    SGX and other threads from side-channel info leak. Improves the
    mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
    processors.
    * Disables TSX in more processor models.
    * Fixes issue with WBINDV on multi-socket (server) systems which could
    cause resets and unpredictable system behavior.
    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
    Lake) processors, to control a fix for (hopefully rare) unpredictable
    processor behavior when HyperThreading is enabled. This MSR switch
    is enabled by default on *server* processors. On other processors,
    it needs to be explicitly enabled by an updated UEFI/BIOS (with added
    configuration logic). An updated operating system kernel might also
    be able to enable it. When enabled, this fix can impact performance.
    * Updated Microcodes:
    sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
    sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
    sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
    sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
    sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
    sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
    sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
    sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
    sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
    sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
    sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
    sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
    sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
    sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
    sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
    sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
    sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
    sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
    sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
    sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
    sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
    sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
    sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
    sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
    sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
    sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
    sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
    sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
    sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
    sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
    sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
    sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
    sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
    sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
    sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
    sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
    sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
    sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
    sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
    sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
    * Removed Microcodes:
    sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
    sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
    * update .gitignore and debian/.gitignore.
    Add some missing items from .gitignore and debian/.gitignore.
    * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
    When the BIOS microcode is older than revision 0x7f (and perhaps in some
    other cases as well), the latest microcode updates for 0x406e3 and
    0x506e3 must be applied using the early update method. Otherwise, the
    system might hang. Also: there must not be any other intermediate
    microcode update attempts [other than the one done by the BIOS itself],
    either. It must go from the BIOS microcode update directly to the
    latest microcode update.
    * source: update symlinks to reflect id of the latest release, 20220207 Checksums-Sha1:
    8b5c0cb37941c7e5f109a728de2fa5a66db9e891 1821 intel-microcode_3.20220207.1~deb11u1.dsc
    c4ef7c7b96a0a824b975d46343479e83a76e8184 4512036 intel-microcode_3.20220207.1~deb11u1.tar.xz
    ecd3e6899e910fd34f6f84d332402c1886ba3cf7 6022 intel-microcode_3.20220207.1~deb11u1_amd64.buildinfo
    d18e89c4c357c23194b18847d3ffb9d6a5dd5950 3845236 intel-microcode_3.20220207.1~deb11u1_amd64.deb
    d75e967fd51ad746bef2d6419f2440a37fa2de6a 4794 intel-microcode_3.20220207.1~deb11u1_i386.buildinfo
    ff6ddde24243f187ec8bb6da9c73df42271d98c2 3985136 intel-microcode_3.20220207.1~deb11u1_i386.deb
    Checksums-Sha256:
    b7883c81951888860752a857974d199addcbf4f96fd22133a4d482b4e81ca253 1821 intel-microcode_3.20220207.1~deb11u1.dsc
    fe60e6fe53cce88b028bb4be3e6891d221ce16920b4aebbcf90ae25c83c54c8a 4512036 intel-microcode_3.20220207.1~deb11u1.tar.xz
    a4e4d03a003063f3d15ac4089ce51dbd9cc446bb72cac5de90ceb0e0541c8b00 6022 intel-microcode_3.20220207.1~deb11u1_amd64.buildinfo
    7336013f5ad74e5d485b39ece15eaced8d6aebe38c5eb175627d3f56e4dbf7cc 3845236 intel-microcode_3.20220207.1~deb11u1_amd64.deb
    0f78380b29b552907c5949739dd16c71834966885ce6b3ad86100ae9b3138872 4794 intel-microcode_3.20220207.1~deb11u1_i386.buildinfo
    8c2313794e26a5d9c8e0304cafa164e3f592866b6fb12d3f2c01e849473e5581 3985136 intel-microcode_3.20220207.1~deb11u1_i386.deb
    Files:
    d936c7e77797161e7170963d0c7ba5b5 1821 non-free/admin standard intel-microcode_3.20220207.1~deb11u1.dsc
    1692f9268af5f41cbb0acd5cbcfe71c2 4512036 non-free/admin standard intel-microcode_3.20220207.1~deb11u1.tar.xz
    cbffcad95f7e0e9b8e15354629b29313 6022 non-free/admin standard intel-microcode_3.20220207.1~deb11u1_amd64.buildinfo
    25c950da92e49e5af6195865d7abfd61 3845236 non-free/admin standard intel-microcode_3.20220207.1~deb11u1_amd64.deb
    55b64a721af439b68f05817147ae5fe4 4794 non-free/admin standard intel-microcode_3.20220207.1~deb11u1_i386.buildinfo
    6b603f6e346e88468af89221fed8dbca 3985136 non-free/admin standard intel-microcode_3.20220207.1~deb11u1_i386.deb

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEIXEYtQeAQUHyKjs9TkVcVzAplOQFAmI3kwwACgkQTkVcVzAp lORxUBAAkMmT8VCms4j2AFm/qWh28pnqduisoWAPWfBn0TC1Pf6JIP1e28bLuCzc fUZPgMRvIkMpt6VbKcPoWyxcBLlvGQ34MPErTsPg8PbTMP2ggDI/utW6G4tsH0p9 BOzp1T5N7qM/Kabcfo9/6q5ovLLU+Tp/QR5a33vt/cSAqIPSyD++/VdGzVHDfpNE w7qLMY+SHeBgDLZ4tIXG1Feew203BAhlSxEQEo5ih7MtOi9BMS8vEv9ZUUK9j8Lr vsz257EepcFEqgHSVwynwNWQB+ssB82DK3tUueoJvsCPXYnpxWja5RhNZ+zckYnS jW+RnsqNUOTBYybjeKTNn1/pmfucXUeEGuN6697ecMx9yih/wfguBLUaNGos1bJY kYHctehv0VDz386yjsoYpo9qiw4oke9/N+p4j04gxBp03VyEb4A54Xrd2QJlMcRP NUBEu1OL2+F2HQxm9Sl/K8TuVw1BQNKABu1WjSA96jiiMXl+C0P9j1/9RZFGyTMG iT7zhNDacRv9vRsK2Zx/Tl4v8W4jO2rkr4SSFAlUygHklnUPUit95jd4VeYYxlCT n2zq4U/XFjCCn6Q6bxNlN4C29LP9A0v6kvffZpEkR5VtJoSoT5f0Nq6C5jRWQWPB 6iNkwnAiMi6ouU3VfCj6UBgAafGw6xVgLT/iSl+NRJ/T4QHklXQ=
    =1gEr
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)