Debian Bug report logs - #906158
intel-microcode: Update intel-microcode to 20180807

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Schade <markus.schade@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: intel-microcode: Update intel-microcode to 20180807

Date: Wed, 15 Aug 2018 09:08:15 +0200

Package: intel-microcode
Version: 3.20180425.1
Severity: grave
Tags: security

Dear Maintainer,

Intel has released a new microcode version which includes updates for
further CPU models providing the necessary code for SSBD as well as the
recently disclosed L1TF vulnerability

https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File


Please consider packaging this version to enable mitigations.

Thanks!

Markus

Message #14 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: Markus Schade <markus.schade@gmail.com>, 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Wed, 15 Aug 2018 11:36:05 -0300

On Wed, 15 Aug 2018, Markus Schade wrote:
> Intel has released a new microcode version which includes updates for
> further CPU models providing the necessary code for SSBD as well as the
> recently disclosed L1TF vulnerability
> 
> https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File

Unfortunately, that release is undistributable (refer to the new
"license" file that was added by Intel to the microcode data file pack
version 20180807).

Packages have been ready since 2018-08-08, but could not be uploaded (or
even pushed to public git trees) for that reason.

Intel has been made aware of the issue and pestered by just about
everyone, and should get it straightened up soon.

-- 
  Henrique Holschuh

Message #19 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Markus Schade <markus.schade@gmail.com>

Cc: 906158@bugs.debian.org

Subject: Re: intel-microcode: Update intel-microcode to 20180807

Date: Fri, 17 Aug 2018 09:54:15 +0200

On Wed, Aug 15, 2018 at 09:08:15AM +0200, Markus Schade wrote:
> Package: intel-microcode
> Version: 3.20180425.1
> Severity: grave
> Tags: security
> 
> Dear Maintainer,
> 
> Intel has released a new microcode version which includes updates for
> further CPU models providing the necessary code for SSBD as well as the
> recently disclosed L1TF vulnerability
>
> https://downloadcenter.intel.com/download/28039/Linux-Processor-Microcode-Data-File

Hi Markus,
This microcode release happened a week before the disclosure of L1TF and with
all previous CPU bugs, Intel initially only shipped updates to OEMs and only
released general microcode updates weeks/months later.

Have you been able to confirm (e.g. by testing) that 20180807 implements changes
necessary for L1TF (such as L1D_FLUSH) or is there some official statement
by Intel on this?

Cheers,
        Moritz

Message #24 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Markus Schade <markus.schade@gmail.com>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: 906158@bugs.debian.org

Subject: Re: intel-microcode: Update intel-microcode to 20180807

Date: Fri, 17 Aug 2018 10:36:29 +0200

Am 17.08.2018 um 09:54 schrieb Moritz Mühlenhoff:
> This microcode release happened a week before the disclosure of L1TF and with
> all previous CPU bugs, Intel initially only shipped updates to OEMs and only
> released general microcode updates weeks/months later.
> 
> Have you been able to confirm (e.g. by testing) that 20180807 implements changes
> necessary for L1TF (such as L1D_FLUSH) or is there some official statement
> by Intel on this?

Actually Intel is a bit better prepared this time.
20170703 already contained l1d_flush (in addition to ssbd) for most
server CPUs. 20180807 just added more CPU models (mostly desktop products).

So yes, I have tested and can confirm this MCU will provide ssbd and
l1d_flush on kernels that have support for these features (e.g latest
Ubuntu or vanilla)

Actual mitigation results may vary as outlined in [1].

Tested models include: Core i/Xeon E3 (SNB, IVB, SKL), Xeon E5 (SNB,
IVB, HSW, BDW), Xeon SP (SKL)

Best regards,
Markus



[1] https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF

Message #29 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: Moritz Mühlenhoff <jmm@inutil.org>, 906158@bugs.debian.org

Cc: Markus Schade <markus.schade@gmail.com>

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Fri, 17 Aug 2018 08:22:47 -0300

On Fri, 17 Aug 2018, Moritz Mühlenhoff wrote:
> Have you been able to confirm (e.g. by testing) that 20180807 implements changes
> necessary for L1TF (such as L1D_FLUSH) or is there some official statement
> by Intel on this?

It does (privately tested on a few processor models).  Exposes L1D_FLUSH
flags, and the MSRs.

The L1D flush fixes are present on release 20180703, btw.  As far as I
can tell, 20180807 builds on 20180703 by adding more processors and
fixing the single microcode update that regressed -- but not present in
20180703 anyway -- (sig 0x706a1).

This can be inferred from the microcode guidance tables Intel has
published for SA-00115 and SA-00161.

As far as I can tell, Intel knew about L1TF early enough that they fixed
the whole thing along with SSBD.  They just did not disclose anything
about it outside of the embargo group, apparently.

-- 
  Henrique Holschuh

Message #34 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Henrique de Moraes Holschuh <hmh@debian.org>

Cc: Moritz Mühlenhoff <jmm@inutil.org>, 906158@bugs.debian.org, Markus Schade <markus.schade@gmail.com>

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Sat, 18 Aug 2018 13:39:24 +0200

Hi,

On Fri, Aug 17, 2018 at 08:22:47AM -0300, Henrique de Moraes Holschuh wrote:
> On Fri, 17 Aug 2018, Moritz Mühlenhoff wrote:
> > Have you been able to confirm (e.g. by testing) that 20180807 implements changes
> > necessary for L1TF (such as L1D_FLUSH) or is there some official statement
> > by Intel on this?
> 
> It does (privately tested on a few processor models).  Exposes L1D_FLUSH
> flags, and the MSRs.
> 
> The L1D flush fixes are present on release 20180703, btw.  As far as I
> can tell, 20180807 builds on 20180703 by adding more processors and
> fixing the single microcode update that regressed -- but not present in
> 20180703 anyway -- (sig 0x706a1).
> 
> This can be inferred from the microcode guidance tables Intel has
> published for SA-00115 and SA-00161.
> 
> As far as I can tell, Intel knew about L1TF early enough that they fixed
> the whole thing along with SSBD.  They just did not disclose anything
> about it outside of the embargo group, apparently.

Fantastic! I'll update the Debian Security Tracker later on. Those are
somewhat tricky to track since it obviously depends on the CPU in use,
but I'll clarify with some notes.

Do we have also indication whether the 20180703 release also fixed the
SGX angle?

Cheers,
        Moritz

Message #39 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Markus Schade <markus.schade@gmail.com>

To: Moritz Mühlenhoff <jmm@inutil.org>

Cc: 906158@bugs.debian.org, hmh@debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Sat, 18 Aug 2018 14:14:11 +0200

Hi,

Am 18.08.2018 um 13:39 schrieb Moritz Mühlenhoff:
> Do we have also indication whether the 20180703 release also fixed the
> SGX angle?

No sure, if you are asking Henrique or me, but yes, the microcode does
include the mitigation for SGX aka Foreshadow.

It is also explicitly stated by Intel in [1]

"This method affects select microprocessor products supporting Intel®
Software Guard Extensions (Intel® SGX)" ...

"Microcode updates (MCUs) we released earlier this year are an important
component of the mitigation strategy for all three applications of L1TF"

Best regards,
Markus

[1]
https://newsroom.intel.com/editorials/protecting-our-customers-through-lifecycle-security-threats/

Message #44 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Ivan Baldo <ibaldo@adinet.com.uy>

To: 906158@bugs.debian.org

Subject: re: intel-microcode: Update intel-microcode to 20180807

Date: Sat, 18 Aug 2018 16:56:22 -0300

    Hello.

    Do you have confirmation that they will change the license?

    Should we contact (pester) them or do you think this is not more 
necessary now?

    Hey! Thanks a lot for the great work and service you are doing with 
this updates! Very appreciated!

    Have a great day.


-- 
Ivan Baldo - ibaldo@adinet.com.uy - http://ibaldo.codigolibre.net/
Freelance C++/PHP programmer and GNU/Linux systems administrator.
The sky is not the limit!

Message #49 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: Ivan Baldo <ibaldo@adinet.com.uy>, 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Sat, 18 Aug 2018 22:57:32 -0300

On Sat, 18 Aug 2018, Ivan Baldo wrote:
>     Do you have confirmation that they will change the license?

No.  And apparently both SuSE and RedHat decided they are OK with the
new license or something (since they have updates on the works or
already available), so I will just ask them if they can share their
analysis.

>     Should we contact (pester) them or do you think this is not more
> necessary now?

Please don't.  It is unlikely to help.

-- 
  Henrique Holschuh

Message #54 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Markus Schade <markus.schade@gmail.com>

To: Moritz Mühlenhoff <jmm@inutil.org>, Henrique de Moraes Holschuh <hmh@debian.org>

Cc: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Sun, 19 Aug 2018 09:36:49 +0200

Henrique,

could you please clarify what concerns Debian has with the license?

Other distros seem to have no problems. I see updated packages from
Fedora, OpenSUSE, Gentoo and Archlinux.

Best regards,
Markus

Message #59 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Matthew Thode <prometheanfire@gentoo.org>

To: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Mon, 20 Aug 2018 13:11:24 -0500

[Message part 1 (text/plain, inline)]

Gentoo is now looking into this as well.

We can restrict mirroring and ensure users accept the licence before
installing so that's likely the way we'll go.

https://bugs.gentoo.org/664134

-- 
Matthew Thode (prometheanfire)

[signature.asc (application/pgp-signature, inline)]

Message #68 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Matthew Crews <mattcrews@protonmail.com>

To: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Thu, 23 Aug 2018 05:35:06 +0000

[Message part 1 (text/plain, inline)]

I can't speak for the maintainer, or the ability to redistribute, but clause 3 (v) of the license is pretty troublesome.

To quote:

3. LICENSE RESTRICTIONS. All right, title and interest in and to the Software and associated documentation are and will remain the exclusive property of Intel and its licensors or suppliers. Unless expressly permitted under the Agreement, You will not, and will not allow any third party to

**Snip**

(v) publish or provide any Software benchmark or comparison test results.

**Snip**

This is basically telling end users that they can't use the software in any way they see fit, nor publish the results as they see fit. This package might already be in non-free, but this seems a bit much.

[Message part 2 (text/html, inline)]

Message #73 received at 906158@bugs.debian.org (full text, mbox, reply):

From: "Santiago R.R." <santiagorr@riseup.net>

To: Markus Schade <markus.schade@gmail.com>, 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Thu, 23 Aug 2018 19:30:51 +0200

[Message part 1 (text/plain, inline)]

Hi,

I cannot talk for the maintainer either, but AFAIU the new license
doesn't make it possible for Debian to distribute the binaries.
Gentoo has concluded that also, and that the files cannot be mirrored. 

El 19/08/18 a las 09:36, Markus Schade escribió:
…
> could you please clarify what concerns Debian has with the license?

AFAICS, there are different points that Debian would be concerned about.
Starting with:

DO NOT DOWNLOAD, INSTALL, ACCESS, COPY, OR USE ANY PORTION OF THE SOFTWARE 
UNTIL YOU HAVE READ AND ACCEPTED THE TERMS AND CONDITIONS OF THIS AGREEMENT.

(I didn't have to read the agreement to download, install…)

And then:

2. LIMITED LICENSE. Conditioned on Your compliance with the terms and 
conditions of this Agreement, Intel grants to You … to (iii) distribute an 
object code representation of the Software, provided by Intel, through multiple 
levels of distribution, solely as embedded in or for execution on an 
Intel-based product and subject to these license terms, and if to an end user, 
pursuant to a license agreement with terms and conditions at least as 
restrictive as those contained in the Intel End User Software License Agreement 
in Appendix A hereto.


Distribution to derivatives is problematic:

3. LICENSE RESTRICTIONS. …
Unless expressly permitted under the 
Agreement, You will not, and will not allow any third party to (i) use, copy, 
distribute, sell or offer to sell the Software or associated documentation;
… (iii) use or make the Software 
available for the use or benefit of third parties;

And then, there are some restrictions, for which I am not sure we
(Debian) would be concerned, such as 13. export, directly or
indirectly", to some countries, or 14. "You will not provide the
Software to the U.S. Government."


Maybe it would be needed to change the package to provide a download
helper from the intel servers? The user should have to be asked to
accept or not the license and its appendix A.

Cheers,

 -- S

[signature.asc (application/pgp-signature, inline)]

Message #78 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Markus Schade <markus.schade@gmail.com>

To: Henrique de Moraes Holschuh <hmh@debian.org>

Cc: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Thu, 23 Aug 2018 20:22:16 +0200

Hi everyone,

apparently Intel has changed its mind and is reverting to the old license:

https://01.org/mcu-path-license-2018
https://wccftech.com/intel-microcode-update-gag-order-benchmarks/

But I guess we have to to wait for the actual MCU download to
incorporate this change. What do you think, Henrique?



Best regards,
Markus

Message #83 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: Markus Schade <markus.schade@gmail.com>

Cc: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Thu, 23 Aug 2018 16:31:37 -0300

On Thu, 23 Aug 2018, Markus Schade wrote:
> apparently Intel has changed its mind and is reverting to the old license:
> 
> https://01.org/mcu-path-license-2018
> https://wccftech.com/intel-microcode-update-gag-order-benchmarks/
> 
> But I guess we have to to wait for the actual MCU download to
> incorporate this change. What do you think, Henrique?

Yes, it is much better to wait for a new download to be made available,
with the mcu-path-license-2018 version of the distribution license
inside.

The text of this license is the same (or very close to) the older
license that Intel used in the .dat format for a *long* time.  It is
non-free, of course, but it is both distributable and usable, as far as
I know (IANAL).

Now, we wait.  Feel free to send email to this bug report if you notice
the mcu-path-license-2018 release is already available.  There is no
need to open a new bug report about it ;-)

-- 
  Henrique Holschuh

Message #88 received at 906158@bugs.debian.org (full text, mbox, reply):

From: Mathias Krause <minipli@googlemail.com>

To: 906158@bugs.debian.org

Subject: Re: Bug#906158: intel-microcode: Update intel-microcode to 20180807

Date: Fri, 24 Aug 2018 08:26:22 +0200

On Thu, 23 Aug 2018 16:31:37 -0300 Henrique de Moraes Holschuh
<hmh@debian.org> wrote:
> Yes, it is much better to wait for a new download to be made available,
> with the mcu-path-license-2018 version of the distribution license
> inside.
> 
> The text of this license is the same (or very close to) the older
> license that Intel used in the .dat format for a *long* time.  It is
> non-free, of course, but it is both distributable and usable, as far as
> I know (IANAL).
> 
> Now, we wait.  Feel free to send email to this bug report if you notice
> the mcu-path-license-2018 release is already available.  There is no
> need to open a new bug report about it ;-)

The new version is available for download here:

https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File

Strange enough, it's flagged as an "older" release on the website. But
it contains, in fact, the new license.


Cheers,
Mathias

Message #95 received at 906158-close@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: 906158-close@bugs.debian.org

Subject: Bug#906158: fixed in intel-microcode 3.20180807a.1

Date: Fri, 24 Aug 2018 12:35:00 +0000

Source: intel-microcode
Source-Version: 3.20180807a.1

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906158@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <hmh@debian.org> (supplier of updated intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Aug 2018 08:53:53 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180807a.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 903135 903141 906158 906160
Changes:
 intel-microcode (3.20180807a.1) unstable; urgency=high
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20180807a
     (closes: #906158, #906160, #903135, #903141)
     + New Microcodes:
       sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
       sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
       sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
       sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
       sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
     + Updated Microcodes:
       sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
       sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
       sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
       sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
       sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
       sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
       sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
       sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
       sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
       sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
       sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
       sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
       sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
       sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
       sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
       sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
       sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
       sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
       sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
       sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
       sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
       sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
       sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
       sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
     + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
       Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
     + Implements SSBD support (Spectre v4 mitigation),
       Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
       Intel SA-00115, CVE-2018-3639, CVE-2018-3640
     + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
       processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
       Intel SA-0088, CVE-2017-5753, CVE-2017-5754
   * source: update symlinks to reflect id of the latest release, 20180807a
   * debian/intel-microcode.docs: ship license and releasenote upstream files.
   * debian/changelog: update entry for 3.20180703.1 with L1TF information
 .
   [ Julian Andres Klode ]
   * initramfs: include all microcode for MODULES=most.
     Default to early instead of auto, and install all of the microcode,
     not just the one matching the current CPU, if MODULES=most is set
     in the initramfs-tools config (LP: #1778738)
Checksums-Sha1:
 e8345eba5ca27879bd3c7039352a0fc07eb574af 1789 intel-microcode_3.20180807a.1.dsc
 6641e0f872818c063efcffed37ae4d11c4e83964 1976648 intel-microcode_3.20180807a.1.tar.xz
 e3f61dce161aab23b2cfbfad73682f266ea5d2d8 5896 intel-microcode_3.20180807a.1_amd64.buildinfo
 dcc70fb7b4cb2f55d20eb29499f9b6bbb21a532b 1294196 intel-microcode_3.20180807a.1_amd64.deb
Checksums-Sha256:
 acb159c8f55318ba300d54978d2e0975a2bfefcba90036bc126a13769aee6fee 1789 intel-microcode_3.20180807a.1.dsc
 1a7cb96d5c6a4abac2936236223d9bea79d7442dc1cfe9b712ff8e35374f0f9f 1976648 intel-microcode_3.20180807a.1.tar.xz
 814429089af608f70cd2e092616ef41c3bc44348dbee0d549cc30c4035bf9d02 5896 intel-microcode_3.20180807a.1_amd64.buildinfo
 493279b2868a0d6410c5983f93d8f6be043621336ac0c17e4909902d66530726 1294196 intel-microcode_3.20180807a.1_amd64.deb
Files:
 23b387fd159873824c347dc372378f34 1789 non-free/admin standard intel-microcode_3.20180807a.1.dsc
 14b52370a1269cfc3a9d113644549f55 1976648 non-free/admin standard intel-microcode_3.20180807a.1.tar.xz
 1a84c1161b028a472a70906066797b25 5896 non-free/admin standard intel-microcode_3.20180807a.1_amd64.buildinfo
 5fd78ce0bdeade88fb2c91de3f808468 1294196 non-free/admin standard intel-microcode_3.20180807a.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlt/924ACgkQsZwaZk2P
+bGiHA/+Mha946b1b834tsCXVUHbnmI35zpvJ+LplshSW9dV6h8gRvh3QyOh66MI
ojectORPjIc9W+k2rt226VNiXBUYD1ObBKBqkaCzx4R6IqHIx5oUgIcoUTDu7Xiv
cVXwjESZJLKAG/rk4OXQYpYVLoY+SH0yhgM4CRWDbf18XASOmyXpp/+h0mx+AIoq
uwrQ20kDwQNy+bKj53NkUbU9ZTWmgiyI8QB7dkXCBQvVcr4WzgUlJfm66lEV4AlK
lDMdV4zf2jNUkoOtypcPp29E201bmLV8upKdo8vG6FPLooJ/LHsggVcGMf2OryHh
9NONS30c9fLou91Z94wRlQKzA6yWCRS0Wi51Yx/GOEmJWVBO61JicHk86/ln+33i
rzOuv3VBkJHrfKTy52nIDhIzIKyyOeVQNBIlN4CVa/AzTYf36LbT4wCr6V3g5LF4
YcsbYOriC8scZD/24Ngj5JjbFVmoI7VdVWSnFVI+14qN/sr+0ZvGAF9ld/Z2qFY0
/yrjwkq11IDjiHpTDoFc5n7Brf8e8qHWggk7D54xV7RTEz3KKfedy063LUvP4sYI
l4hYZeork06DWlNIZGsd1AKNZZN49qy7Xhvsro7CZajlKypufLFSP+8jh9i56T7o
IA8fkrFSSyxa6hOeV4vdmtl4NZz7Amqyv4BjiSB196prqpIyL5o=
=BaXI
-----END PGP SIGNATURE-----

Message #100 received at 906160-close@bugs.debian.org (full text, mbox, reply):

From: Henrique de Moraes Holschuh <hmh@debian.org>

To: 906160-close@bugs.debian.org

Subject: Bug#906160: fixed in intel-microcode 3.20180807a.1

Date: Fri, 24 Aug 2018 12:35:00 +0000

Source: intel-microcode
Source-Version: 3.20180807a.1

We believe that the bug you reported is fixed in the latest version of
intel-microcode, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 906160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Henrique de Moraes Holschuh <hmh@debian.org> (supplier of updated intel-microcode package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 24 Aug 2018 08:53:53 -0300
Source: intel-microcode
Binary: intel-microcode
Architecture: source amd64
Version: 3.20180807a.1
Distribution: unstable
Urgency: high
Maintainer: Henrique de Moraes Holschuh <hmh@debian.org>
Changed-By: Henrique de Moraes Holschuh <hmh@debian.org>
Description:
 intel-microcode - Processor microcode firmware for Intel CPUs
Closes: 903135 903141 906158 906160
Changes:
 intel-microcode (3.20180807a.1) unstable; urgency=high
 .
   [ Henrique de Moraes Holschuh ]
   * New upstream microcode datafile 20180807a
     (closes: #906158, #906160, #903135, #903141)
     + New Microcodes:
       sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
       sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
       sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
       sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
       sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
     + Updated Microcodes:
       sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
       sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
       sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
       sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
       sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
       sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
       sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
       sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
       sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
       sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
       sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
       sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
       sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
       sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
       sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
       sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
       sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
       sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
       sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
       sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
       sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
       sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
       sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
       sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
     + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
       Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
     + Implements SSBD support (Spectre v4 mitigation),
       Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
       Intel SA-00115, CVE-2018-3639, CVE-2018-3640
     + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
       processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
       Intel SA-0088, CVE-2017-5753, CVE-2017-5754
   * source: update symlinks to reflect id of the latest release, 20180807a
   * debian/intel-microcode.docs: ship license and releasenote upstream files.
   * debian/changelog: update entry for 3.20180703.1 with L1TF information
 .
   [ Julian Andres Klode ]
   * initramfs: include all microcode for MODULES=most.
     Default to early instead of auto, and install all of the microcode,
     not just the one matching the current CPU, if MODULES=most is set
     in the initramfs-tools config (LP: #1778738)
Checksums-Sha1:
 e8345eba5ca27879bd3c7039352a0fc07eb574af 1789 intel-microcode_3.20180807a.1.dsc
 6641e0f872818c063efcffed37ae4d11c4e83964 1976648 intel-microcode_3.20180807a.1.tar.xz
 e3f61dce161aab23b2cfbfad73682f266ea5d2d8 5896 intel-microcode_3.20180807a.1_amd64.buildinfo
 dcc70fb7b4cb2f55d20eb29499f9b6bbb21a532b 1294196 intel-microcode_3.20180807a.1_amd64.deb
Checksums-Sha256:
 acb159c8f55318ba300d54978d2e0975a2bfefcba90036bc126a13769aee6fee 1789 intel-microcode_3.20180807a.1.dsc
 1a7cb96d5c6a4abac2936236223d9bea79d7442dc1cfe9b712ff8e35374f0f9f 1976648 intel-microcode_3.20180807a.1.tar.xz
 814429089af608f70cd2e092616ef41c3bc44348dbee0d549cc30c4035bf9d02 5896 intel-microcode_3.20180807a.1_amd64.buildinfo
 493279b2868a0d6410c5983f93d8f6be043621336ac0c17e4909902d66530726 1294196 intel-microcode_3.20180807a.1_amd64.deb
Files:
 23b387fd159873824c347dc372378f34 1789 non-free/admin standard intel-microcode_3.20180807a.1.dsc
 14b52370a1269cfc3a9d113644549f55 1976648 non-free/admin standard intel-microcode_3.20180807a.1.tar.xz
 1a84c1161b028a472a70906066797b25 5896 non-free/admin standard intel-microcode_3.20180807a.1_amd64.buildinfo
 5fd78ce0bdeade88fb2c91de3f808468 1294196 non-free/admin standard intel-microcode_3.20180807a.1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAlt/924ACgkQsZwaZk2P
+bGiHA/+Mha946b1b834tsCXVUHbnmI35zpvJ+LplshSW9dV6h8gRvh3QyOh66MI
ojectORPjIc9W+k2rt226VNiXBUYD1ObBKBqkaCzx4R6IqHIx5oUgIcoUTDu7Xiv
cVXwjESZJLKAG/rk4OXQYpYVLoY+SH0yhgM4CRWDbf18XASOmyXpp/+h0mx+AIoq
uwrQ20kDwQNy+bKj53NkUbU9ZTWmgiyI8QB7dkXCBQvVcr4WzgUlJfm66lEV4AlK
lDMdV4zf2jNUkoOtypcPp29E201bmLV8upKdo8vG6FPLooJ/LHsggVcGMf2OryHh
9NONS30c9fLou91Z94wRlQKzA6yWCRS0Wi51Yx/GOEmJWVBO61JicHk86/ln+33i
rzOuv3VBkJHrfKTy52nIDhIzIKyyOeVQNBIlN4CVa/AzTYf36LbT4wCr6V3g5LF4
YcsbYOriC8scZD/24Ngj5JjbFVmoI7VdVWSnFVI+14qN/sr+0ZvGAF9ld/Z2qFY0
/yrjwkq11IDjiHpTDoFc5n7Brf8e8qHWggk7D54xV7RTEz3KKfedy063LUvP4sYI
l4hYZeork06DWlNIZGsd1AKNZZN49qy7Xhvsro7CZajlKypufLFSP+8jh9i56T7o
IA8fkrFSSyxa6hOeV4vdmtl4NZz7Amqyv4BjiSB196prqpIyL5o=
=BaXI
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.