From 7e0d55c5e855f10238cd8b93fd0ab27d87d41240 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:11:02 +0200
Subject: Adding debian version 3.20231114.1~deb12u1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/changelog | 1948 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1948 insertions(+)
 create mode 100644 debian/changelog

(limited to 'debian/changelog')

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..c2aeefe
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1948 @@
+intel-microcode (3.20231114.1~deb12u1) bookworm-security; urgency=high
+
+  * Build for bookworm (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 18 Nov 2023 16:13:39 -0300
+
+intel-microcode (3.20231114.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20231114 (closes: #1055962)
+    Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
+    Sequence of processor instructions leads to unexpected behavior for some
+    Intel(R) Processors, may allow an authenticated user to potentially enable
+    escalation of privilege and/or information disclosure and/or denial of
+    service via local access.
+    Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
+    Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
+    0x01) were already mitigated by a previous microcode update.
+  * Fixes for unspecified functional issues
+  * Updated microcodes:
+    sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
+    sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
+    sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
+    sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
+    sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
+    sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
+    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
+    sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
+    sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
+    sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
+    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
+    sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
+    sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
+    sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
+    sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
+    sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
+    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
+    sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
+    sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
+    sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
+  * Updated 2023-08-08 changelog entry with reptar information
+  * source: update symlinks to reflect id of the latest release, 20231114
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 16 Nov 2023 08:09:43 -0300
+
+intel-microcode (3.20230808.1~deb12u1) bookworm-security; urgency=high
+
+  * Build for bookworm (no changes)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 08 Aug 2023 20:08:03 -0300
+
+intel-microcode (3.20230808.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20230808 (closes: #1043305)
+    * Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
+      INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
+    * Mitigations for "reptar" on a few processors, refer to the 2023-11-14
+      entry for details.  This information was disclosed in 2023-11-14.
+    * Updated microcodes:
+      sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
+      sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
+      sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
+      sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
+      sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
+      sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
+      sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
+      sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
+      sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
+      sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
+      sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
+      sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
+      sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
+      sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
+      sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
+      sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
+      sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+      sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+      sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+      sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+      sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
+      sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+      sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+      sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+      sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
+      sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
+      sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
+      sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
+      sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
+      sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
+      sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
+      sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
+      sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
+      sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
+      sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
+      sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
+      sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
+      sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
+      sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
+      sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
+      sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
+      sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
+      sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
+      sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
+      sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
+  * source: update symlinks to reflect id of the latest release, 20230808
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 08 Aug 2023 17:25:56 -0300
+
+intel-microcode (3.20230512.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20230512 (closes: #1036013)
+    * New microcodes:
+      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
+      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
+    * Updated microcodes:
+      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
+      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
+      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
+      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
+      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
+      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
+      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
+      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
+      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
+      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
+      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
+      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
+      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
+      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
+      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
+      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
+      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
+      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
+      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
+      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
+      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
+      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
+      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
+      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
+      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
+      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
+      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
+      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
+      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
+      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
+      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
+      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
+      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
+      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
+  * source: update symlinks to reflect id of the latest release, 20230512
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300
+
+intel-microcode (3.20230214.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * New upstream microcode datafile 20230214
+    - Includes Fixes for: (Closes: #1031334)
+       - INTEL-SA-00700: CVE-2022-21216
+       - INTEL-SA-00730: CVE-2022-33972
+       - INTEL-SA-00738: CVE-2022-33196
+       - INTEL-SA-00767: CVE-2022-38090
+  * New Microcodes:
+    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
+    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
+    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
+    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
+    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
+  * Updated Microcodes:
+    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
+    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
+    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
+    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
+    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
+    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
+    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
+    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
+    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
+    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
+    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
+    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
+    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
+    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
+    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
+    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
+    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
+    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
+    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
+    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
+    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c
+
+ -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100
+
+intel-microcode (3.20221108.2) unstable; urgency=medium
+
+  * Move source and binary from non-free/admin to non-free-firmware/admin
+    following the 2022 General Resolution about non-free firmware.
+
+ -- Cyril Brulebois <kibi@debian.org>  Fri, 17 Feb 2023 01:12:52 +0100
+
+intel-microcode (3.20221108.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20221108
+    * New Microcodes:
+      sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
+      sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800
+    * Updated Microcodes:
+      sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
+      sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
+      sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
+      sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
+      sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
+      sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
+      sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
+      sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
+      sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
+      sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
+      sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
+      sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
+      sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
+      sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
+      sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
+      sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
+      sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
+      sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 03 Dec 2022 17:21:08 -0300
+
+intel-microcode (3.20220809.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20220809
+    * Fixes INTEL-SA-00657, CVE-2022-21233
+      Stale data from APIC leaks SGX memory (AEPIC leak)
+    * Fixes unspecified errata (functional issues) on Xeon Scalable
+    * Updated Microcodes:
+      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
+      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
+      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
+      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
+      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
+      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
+      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
+      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
+      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
+      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
+      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
+      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+  * source: update symlinks to reflect id of the latest release, 20220809
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 19 Aug 2022 14:21:20 -0300
+
+intel-microcode (3.20220510.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20220510
+    * Fixes INTEL-SA-000617, CVE-2022-21151:
+      Processor optimization removal or modification of security-critical
+      code may allow an authenticated user to potentially enable information
+      disclosure via local access (closes: #1010947)
+    * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
+      Atom E3900
+    * New Microcodes:
+      sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+      sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+      sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
+      sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
+      sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+      sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+    * Updated Microcodes:
+      sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
+      sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
+      sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
+      sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
+      sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
+      sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
+      sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
+      sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
+      sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
+      sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
+      sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
+      sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
+      sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
+      sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
+      sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
+      sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
+      sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
+      sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
+      sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
+      sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
+      sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
+      sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
+      sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
+      sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
+      sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
+      sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
+      sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
+      sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
+      sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
+      sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
+      sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
+      sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
+      sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
+      sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
+      sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
+      sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
+  * source: update symlinks to reflect id of the latest release, 20220510
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 15 May 2022 20:09:05 -0300
+
+intel-microcode (3.20220419.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20220419
+    * Fixes errata APLI-11 in Atom E3900 series processors
+    * Updated Microcodes:
+      sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384
+  * source: update symlinks to reflect id of the latest release, 20220419
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 Apr 2022 17:25:05 -0300
+
+intel-microcode (3.20220207.1) unstable; urgency=medium
+
+  * upstream changelog: new upstream datafile 20220207
+    * Mitigates (*only* when loaded from UEFI firmware through the FIT)
+      CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
+      debug port, on Pentium, Celeron and Atom processors with signatures
+      0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
+      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
+    * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
+      may cause a system hang, on many processors.
+    * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
+      to improper sanitization of shared resources (fast-store forward
+      predictor), on many processors.
+    * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
+      Atom Processors may allow information disclosure or denial of service
+      via network access.
+    * Fixes critical errata (functional issues) on many processors
+    * Adds a MSR switch to enable RAPL filtering (default off, once enabled
+      it can only be disabled by poweroff or reboot).  Useful to protect
+      SGX and other threads from side-channel info leak.  Improves the
+      mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
+      processors.
+    * Disables TSX in more processor models.
+    * Fixes issue with WBINDV on multi-socket (server) systems which could
+      cause resets and unpredictable system behavior.
+    * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
+      Lake) processors, to control a fix for (hopefully rare) unpredictable
+      processor behavior when HyperThreading is enabled.  This MSR switch
+      is enabled by default on *server* processors.  On other processors,
+      it needs to be explicitly enabled by an updated UEFI/BIOS (with added
+      configuration logic).  An updated operating system kernel might also
+      be able to enable it.  When enabled, this fix can impact performance.
+    * Updated Microcodes:
+      sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
+      sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
+      sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
+      sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
+      sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
+      sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
+      sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
+      sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
+      sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
+      sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
+      sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
+      sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
+      sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
+      sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
+      sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
+      sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
+      sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
+      sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
+      sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
+      sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
+      sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
+      sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
+      sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
+      sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
+      sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
+      sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
+      sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
+      sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
+      sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
+      sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
+      sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
+      sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
+      sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
+      sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
+      sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
+      sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
+      sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
+      sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
+      sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
+      sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
+    * Removed Microcodes:
+      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+  * update .gitignore and debian/.gitignore.
+    Add some missing items from .gitignore and debian/.gitignore.
+  * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
+    When the BIOS microcode is older than revision 0x7f (and perhaps in some
+    other cases as well), the latest microcode updates for 0x406e3 and
+    0x506e3 must be applied using the early update method.  Otherwise, the
+    system might hang.  Also: there must not be any other intermediate
+    microcode update attempts [other than the one done by the BIOS itself],
+    either.  It must go from the BIOS microcode update directly to the
+    latest microcode update.
+  * source: update symlinks to reflect id of the latest release, 20220207
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 25 Feb 2022 05:36:55 -0300
+
+intel-microcode (3.20210608.2) unstable; urgency=high
+
+  * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
+    debian/changelog (3.20210608.1).
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 23 Jun 2021 13:42:19 -0300
+
+intel-microcode (3.20210608.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20210608 (closes: #989615)
+    * Implements mitigations for CVE-2020-24511 CVE-2020-24512
+      (INTEL-SA-00464), information leakage through shared resources,
+      and timing discrepancy sidechannels
+    * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
+      Domain-bypass transient execution vulnerability in some Intel Atom
+      Processors, affects Intel SGX.
+    * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
+      VT-d privilege escalation
+    * Fixes critical errata on several processors
+    * New Microcodes:
+      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
+      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
+      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
+      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
+      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
+      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
+      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
+      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
+      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
+    * Updated Microcodes:
+      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
+      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
+      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
+      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
+      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
+      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
+      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
+      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
+      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
+      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
+      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
+      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
+      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
+      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
+      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
+      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
+      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
+      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
+      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
+      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
+      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
+      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
+      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
+      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
+      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
+      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
+      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
+      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
+      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
+  * source: update symlinks to reflect id of the latest release, 20210608
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 08 Jun 2021 22:37:57 -0300
+
+intel-microcode (3.20210216.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20210216
+    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+      and Cascade Lake Server (B0/B1) when using an active JTAG
+      agent like In Target Probe (ITP), Direct Connect Interface
+      (DCI) or a Baseboard Management Controller (BMC) to take the
+      CPU JTAG/TAP out of reset and then returning it to reset.
+    * This issue is related to the INTEL-SA-00381 mitigation.
+    * Updated Microcodes:
+      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+  * source: update symlinks to reflect id of the latest release, 20210216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 17 Feb 2021 11:26:06 -0300
+
+intel-microcode (3.20201118.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20201118
+    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
+      processors.  Note that Debian already had removed this specific falty
+      microcode update on the 3.20201110.1 release
+    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
+      N/J4xxx which didn't make it to release 20201110, fixing security issues
+      (INTEL-SA-00381, INTEL-SA-00389)
+    * Updated Microcodes:
+      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
+    * Removed Microcodes:
+      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 27 Dec 2020 15:59:32 -0300
+
+intel-microcode (3.20201110.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20201110 (closes: #974533)
+    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
+      aka INTEL-SA-00381: AVX register information leakage;
+      Fast-Forward store predictor information leakage
+    * Implements mitigation for CVE-2020-8695, Intel SGX information
+      disclosure via RAPL, aka INTEL-SA-00389
+    * Fixes critical errata on several processor models
+    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
+      for Skylake-U/Y, Skylake Xeon E3
+    * New Microcodes
+      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
+      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
+      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
+      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
+      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
+      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
+      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
+    * Updated Microcodes
+      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
+      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
+      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
+      sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
+      sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
+      sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
+      sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
+      sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
+      sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
+      sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
+      sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
+      sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
+      sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
+      sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
+      sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
+      sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
+      sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
+      sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
+      sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
+      sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
+      sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
+  * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
+    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
+    INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
+    FOR 0x806c1 TIGER LAKE PROCESSORS by this package update.  Contact your
+    system vendor for a firmware update, or wait fo a possible fix in a future
+    Intel microcode release.
+  * source: update symlinks to reflect id of the latest release, 20201110
+  * source: ship new upstream documentation (security.md, releasenote.md)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 12 Nov 2020 15:03:36 -0300
+
+intel-microcode (3.20200616.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20200616
+    + Downgraded microcodes (to a previously shipped revision):
+      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
+    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+  * This update *removes* the SRBDS mitigations from the above processors
+  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 28 Jun 2020 18:38:57 -0300
+
+intel-microcode (3.20200609.2) unstable; urgency=medium
+
+  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
+    * Microcode rollbacks (closes: LP#1883002)
+      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
+    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
+      https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
+    just in case.  Note that Debian does not do late loading by itself.
+    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 11 Jun 2020 08:55:07 -0300
+
+intel-microcode (3.20200609.1) unstable; urgency=high
+
+  * SECURITY UPDATE
+    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
+      on the processor model
+    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
+      L1DCES mitigations, plus mitigations described in the changelog entry
+      for package release 3.20191112.1.
+    * Expect some performance impact, the mitigations are enabled by
+      default.  A Linux kernel update will be issued that allows one to
+      selectively disable the mitigations.
+  * New upstream microcode datafile 20200609
+    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
+      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
+    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
+      (VRDS), INTEL-SA-00329
+    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
+      (L1DCES), INTEL-SA-00329
+    * Known to fix the regression introduced in release 2019-11-12 (sig
+      0x50564, rev. 0x2000065), which would cause several systems with
+      Skylake Xeon, Skylake HEDT processors to hang while rebooting
+    * Updated Microcodes:
+      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
+      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
+      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
+      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
+      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
+      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
+      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
+      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
+      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
+      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
+      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
+      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
+      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
+      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
+      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
+      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
+      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
+      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
+      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
+      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
+  * Restores the microcode-level fixes that were reverted by release
+    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 09 Jun 2020 17:16:46 -0300
+
+intel-microcode (3.20200520.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20200520
+    + Updated Microcodes:
+      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 May 2020 11:44:00 -0300
+
+intel-microcode (3.20200508.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20200508
+    + Updated Microcodes:
+      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
+    * Likely fixes several critical errata on IceLake-U/Y causing system
+      hangs
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 09 May 2020 23:30:43 -0300
+
+intel-microcode (3.20191115.2) unstable; urgency=medium
+
+  * Microcode rollbacks (closes: #946515, LP#1854764):
+    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
+  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
+    Xeon processors with signature 0x50654.
+    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 10 Dec 2019 23:10:19 -0300
+
+intel-microcode (3.20191115.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20191115
+    + Updated Microcodes:
+      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
+      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
+      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
+      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
+      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
+      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 16 Nov 2019 23:14:58 -0300
+
+intel-microcode (3.20191113.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20191113
+    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
+      Adds microcode update for CFL-S (Coffe Lake Desktop)
+      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+    + Updated Microcodes (previously removed):
+      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 15 Nov 2019 00:43:54 -0300
+
+intel-microcode (3.20191112.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20191112
+    + SECURITY UPDATE
+      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
+      - Implements TA Indirect Sharing mitigation, and improves the
+        MDS mitigation (VERW)
+      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
+        CVE-2019-11139
+      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+    + CRITICAL ERRATA FIXES
+      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
+        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
+        as 10%).  But ensures the processor will actually jump where it
+        should, so don't even *dream* of not applying this fix.
+      - Fixes AVX SHUF* instruction implementation flaw erratum
+    + Removed Microcodes:
+      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+    + New Microcodes:
+      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
+      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
+      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
+      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
+      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
+      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+    + Updated Microcodes:
+      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
+      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
+      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
+      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
+      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
+      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
+      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
+      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
+      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
+      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
+      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
+      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
+      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+    + Updated Microcodes (previously removed):
+      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 12 Nov 2019 23:21:54 -0300
+
+intel-microcode (3.20190918.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20190918
+    + SECURITY UPDATE
+      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
+      the set of processors being updated.
+    + Updated Microcodes:
+      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
+      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
+      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
+      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
+      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
+      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
+      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
+      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
+      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
+      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 19 Sep 2019 00:38:50 -0300
+
+intel-microcode (3.20190618.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20190618
+    + SECURITY UPDATE
+      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+      for Sandybridge server and Core-X processors
+    + Updated Microcodes:
+      sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+  * Add some missing (minor) changelog entries to 3.20190514.1
+  * Reformat 3.20190514.1 changelog entry to match rest of changelog
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 19 Jun 2019 09:05:54 -0300
+
+intel-microcode (3.20190514.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20190514
+    + SECURITY UPDATE
+      Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+      CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+    + New Microcodes:
+      sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
+      sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
+      sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
+      sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
+      sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
+      sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+    + Updated Microcodes:
+      sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
+      sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
+      sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
+      sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
+      sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
+      sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
+      sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
+      sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
+      sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
+      sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
+      sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
+      sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
+      sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
+      sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
+      sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
+      sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
+      sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
+      sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
+      sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
+      sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
+      sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
+      sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
+      sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
+      sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
+      sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
+      sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
+      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+      sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+  * README.Debian, control: update download/homepage URLs
+  * copyright: update download URL and date range
+  * source: update symlinks to reflect id of the latest release, 20190514
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 14 May 2019 21:49:08 -0300
+
+intel-microcode (3.20190312.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20190312
+    + Removed Microcodes:
+      sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+    + New Microcodes:
+      sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
+      sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
+      sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
+      sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
+      sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+    + Updated Microcodes:
+      sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
+      sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
+      sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
+      sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
+      sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
+      sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
+      sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
+      sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
+      sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
+      sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
+      sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
+      sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 16 Mar 2019 21:07:54 -0300
+
+intel-microcode (3.20180807a.2) unstable; urgency=medium
+
+  * Makefile: unblacklist 0x206c2 (Westmere EP)
+    According to pragyansri.pathi@intel.com, on message to LP#1795594
+    on 2018-10-09, we can ship 0x206c2 updates without restrictions.
+    Also, there are no reports in the field about this update causing
+    issues (closes: #907402) (LP: #1795594)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 23 Oct 2018 19:52:40 -0300
+
+intel-microcode (3.20180807a.1) unstable; urgency=high
+
+  [ Henrique de Moraes Holschuh ]
+  * New upstream microcode datafile 20180807a
+    (closes: #906158, #906160, #903135, #903141)
+    + New Microcodes:
+      sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
+      sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
+      sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
+      sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
+      sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+    + Updated Microcodes:
+      sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
+      sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
+      sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
+      sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
+      sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
+      sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
+      sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
+      sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
+      sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
+      sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
+      sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
+      sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
+      sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
+      sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
+      sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
+      sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
+      sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
+      sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
+      sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
+      sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
+      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+    + Implements SSBD support (Spectre v4 mitigation),
+      Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
+      Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+    + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
+      processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
+      Intel SA-0088, CVE-2017-5753, CVE-2017-5754
+  * source: update symlinks to reflect id of the latest release, 20180807a
+  * debian/intel-microcode.docs: ship license and releasenote upstream files.
+  * debian/changelog: update entry for 3.20180703.1 with L1TF information
+
+  [ Julian Andres Klode ]
+  * initramfs: include all microcode for MODULES=most.
+    Default to early instead of auto, and install all of the microcode,
+    not just the one matching the current CPU, if MODULES=most is set
+    in the initramfs-tools config (LP: #1778738)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 24 Aug 2018 08:53:53 -0300
+
+intel-microcode (3.20180703.2) unstable; urgency=medium
+
+  * source: fix badly named symlink that resulted in most microcode
+    updates not being shipped in the binary package.  Oops!
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 05 Jul 2018 14:26:36 -0300
+
+intel-microcode (3.20180703.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20180703 (closes: #903018)
+    + Updated Microcodes:
+      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
+      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
+      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
+      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
+      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
+      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
+      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
+      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640,
+      Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+    + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation),
+      SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
+      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
+      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
+      server dies.
+  * source: update symlinks to reflect id of the latest release, 20180703
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 05 Jul 2018 10:03:53 -0300
+
+intel-microcode (3.20180425.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20180425 (closes: #897443, #895878)
+    + Updated Microcodes:
+      sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
+      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+    + Note that sig 0x000604f1 has been blacklisted from late-loading
+      since Debian release 3.20171117.1.
+  * source: remove undesired list files from microcode directories
+  * source: switch to microcode-<id>.d/ since Intel dropped .dat
+    support.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 02 May 2018 16:48:44 -0300
+
+intel-microcode (3.20180312.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20180312 (closes: #886367)
+    + New Microcodes:
+      sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+      sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+    + Updated Microcodes:
+      sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
+      sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
+      sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
+      sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
+      sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
+      sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
+      sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
+      sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
+      sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
+      sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
+      sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
+      sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
+      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+      sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
+      sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
+      sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
+      sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
+      sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
+      sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
+      sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
+      sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
+      Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
+      Coffee Lake
+    + Missing production updates:
+      + Broadwell-E/EX Xeons (sig 0x406f1)
+      + Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
+        Gemini Lake, Denverton
+  * Update past changelog entries with new information:
+    Intel already had all necessary semanthics in LFENCE, so the
+    Spectre-related Intel microcode changes did not need to enhance LFENCE.
+  * debian/control: update Vcs-* fields for the move to salsa.debian.org
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 14 Mar 2018 09:21:24 -0300
+
+intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
+
+  * Revert to release 20171117, as per Intel instructions issued to
+    the public in 2018-01-22 (closes: #886998)
+  * This effectively removes IBRS/IBPB/STIPB microcode support for
+    Spectre variant 2 mitigation.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 22 Jan 2018 23:01:59 -0200
+
+intel-microcode (3.20180108.1) unstable; urgency=high
+
+  * New upstream microcode data file 20180108 (closes: #886367)
+    + Updated Microcodes:
+      sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
+      sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
+      sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
+      sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
+      sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
+      sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
+      sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
+      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+      sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
+      sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
+      sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
+      sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
+      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+      sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
+      sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
+      sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
+      sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+    + Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+    + Very likely fixes several other errata on some of the processors
+  * supplementary-ucode-CVE-2017-5715.d/: remove.
+    + Downgraded microcodes:
+      sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
+      sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+    + Recall related to bug #886998
+  * source: remove superseded upstream data file: 20171117
+  * README.Debian, copyright: update download URLs (closes: #886368)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 10 Jan 2018 00:23:44 -0200
+
+intel-microcode (3.20171215.1) unstable; urgency=high
+
+  * Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
+    New upstream microcodes to partially address CVE-2017-5715
+    + Updated Microcodes:
+      sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
+      sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
+      sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
+      sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
+      sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+      sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
+      sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
+      sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
+      sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
+      sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
+  * Implements IBRS and IBPB support via new MSR (Spectre variant 2
+    mitigation, indirect branches).  Support is exposed through cpuid(7).EDX.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 04 Jan 2018 23:04:38 -0200
+
+intel-microcode (3.20171117.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20171117
+    + New Microcodes:
+      sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+      sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
+      sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
+      sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+    + Updated Microcodes:
+      sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
+      sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
+  * source: remove superseded upstream data file: 20170707.
+  * source: remove unneeded intel-ucode/ directory for 20171117.
+  * debian/control: bump standards version to 4.1.1 (no changes)
+  * Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
+  * README.source: fix IUC_EXCLUDE example and minor issues.
+  * Makefile, README.souce: support loading ucode from directories.
+  * debian/rules: switch to dh mode (debhelper v9)
+  * ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
+    loading.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 18 Nov 2017 18:55:09 -0200
+
+intel-microcode (3.20170707.1) unstable; urgency=high
+
+  * New upstream microcode datafile 20170707
+    + New Microcodes:
+      sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
+      sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
+      sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
+      sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+    + This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
+      SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
+      Lake and Skylake processors: Skylake D0/R0 were fixed since the
+      previous upstream release (20170511).  This new release adds the
+      fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+    + Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
+      (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
+  * source: remove unneeded intel-ucode/ directory
+  * source: remove superseded upstream data file: 20170511
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 08 Jul 2017 19:04:27 -0300
+
+intel-microcode (3.20170511.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20170511
+    + Updated Microcodes:
+      sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+      sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+      sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+      sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+      sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
+      sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
+      sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
+      sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
+      sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
+      sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+    + This release fixes undisclosed errata on the desktop, mobile and
+      server processor models from the Haswell, Broadwell, and Skylake
+      families, including even the high-end multi-socket server Xeons
+    + Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
+      similar) on several processor families
+    + Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
+    + Likely fix serious or critical Skylake errata: SKL138/144,
+      SKL137/145, SLK149
+    * Likely fix nightmare-level Skylake erratum SKL150.  Fortunately,
+      either this erratum is very-low-hitting, or gcc/clang/icc/msvc
+      won't usually issue the affected opcode pattern and it ends up
+      being rare.
+      SKL150 - Short loops using both the AH/BH/CH/DH registers and
+      the corresponding wide register *may* result in unpredictable
+      system behavior.  Requires both logical processors of the same
+      core (i.e. sibling hyperthreads) to be active to trigger, as
+      well as a "complex set of micro-architectural conditions"
+  * source: remove unneeded intel-ucode/ directory
+    Since release 20170511, upstream ships the microcodes both in .dat
+    format, and as Linux-style split /lib/firmware/intel-ucode files.
+    It is simpler to just use the .dat format file for now, so remove
+    the intel-ucode/ directory. Note: before removal, it was verified
+    that there were no discrepancies between the two microcode sets
+    (.dat and intel-ucode/)
+  * source: remove superseded upstream data file: 20161104
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 15 May 2017 15:12:25 -0300
+
+intel-microcode (3.20161104.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20161104
+    + New Microcodes:
+      sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x700000d, size 20480
+      sig 0x00050664, pf_mask 0x10, 2016-06-02, rev 0xf00000a, size 21504
+    + Updated Microcodes:
+      sig 0x000306f2, pf_mask 0x6f, 2016-10-07, rev 0x0039, size 32768
+      sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb00001f, size 25600
+    + Removed Microcodes:
+      sig 0x000106e4, pf_mask 0x09, 2013-07-01, rev 0x0003, size 6144
+    + This update fixes critical errata on Broadwell-DE V2/Y0 (Xeon
+      D-1500 family), including one that can crash VMWare ESXi 6 with
+      #PF (VMWare KB2146388), and could affect Linux as well.  This same
+      issue was fixed for the E5v4 Xeons in release 20160607
+    + This update fixes undisclosed (and likely critical) errata on
+      Broadwell-E Core i7-68xxK/69xxK/6950X, Broadwell-EP/EX B0/R0/M0
+      Xeon E5v4 and Xeon E7v4, and Haswell-EP Xeon E5v3
+    + This release deletes the microcode update for the Jasper Forest
+      embedded Xeons (Xeon EC35xx/LC35xx/EC35xx/LC55xx), for undisclosed
+      reasons.  The deleted microcode is outdated when compared with the
+      updates for the other Nehalem Xeons
+  * Makefile: always exclude microcode sig 0x206c2 just in case
+    Intel is quite clear in the Intel SA-00030 advisory text that recent
+    revisions (0x14 and later?) of the 0x206c2 microcode updates must be
+    installed along with updated SINIT ACM on vPro systems (i.e. through
+    an UEFI/BIOS firmware update).  This is a defensive change so that we
+    don't ship such a microcode update in the future by mistake
+  * source: remove partially superseded upstream data file: 20160714
+  * source: remove superseded upstream data file: 20101123
+  * changelog: replace "pf mask" with "pf_mask"
+  * control, compat: switch debhelper compatibility level to 9
+  * control: bump standards-version, no changes required
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 09 Nov 2016 20:35:57 -0200
+
+intel-microcode (3.20160714.1) unstable; urgency=medium
+
+  * New upstream microcode datafile 20160714
+    + Updated Microcodes:
+      sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
+      sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
+      sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
+      sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+    + This release hopefully fixes a hang when updating the microcode on
+      some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
+  * source: remove superseded upstream data file: 20160607
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 21 Jul 2016 19:04:09 -0300
+
+intel-microcode (3.20160607.2) unstable; urgency=low
+
+  * REMOVE microcode:
+    sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+    (closes: #828819)
+  * The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
+    sig=0x406e3, pf=0x80) may hang while attempting an early microcode
+    update to revision 0x8a, apparently due to some sort of firmware
+    dependency.  On affected systems, the only way to avoid the issue is
+    to get a firmware update that includes microcode revision 0x8a or
+    later.  At this time, there are reports of both sucessful and failed
+    updates on the m3-6Y30, and only of failed updates on the i7-6500U.
+    There are no reports about Skylake-U K-1 (pf=0x40).
+  + WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
+    processor with microcode earlier than revision 0x8a, due to several
+    critical errata that cause unpredictable behavior, data corruption,
+    and other problems.  Users *must* update their firmware to get
+    microcode 0x8a or newer, and keep it up-to-date.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 08 Jul 2016 22:54:26 -0300
+
+intel-microcode (3.20160607.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20160607
+    + New Microcodes:
+      sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+      sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
+      sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
+      sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+    + Updated Microcodes:
+      sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
+      sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
+      sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
+      sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
+      sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
+      sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
+      sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
+  * source: remove superseded upstream data file: 20151106.
+  * control: change upstream URL to a search for "linux microcode"
+    Unfortunately, many of the per-processor-model feeds have not been
+    updated for microcode release 20160607.  Switch to the general search
+    page as the upstream URL.
+  * README.Debian: fix duplicated word 'to'
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 23 Jun 2016 12:17:03 -0300
+
+intel-microcode (3.20151106.2) unstable; urgency=medium
+
+  * Makefile: make the build less verbose.
+  * debian/changelog: fix error in past entry.
+    Correct the version of the microcode that caused bug #776431,
+    in the entry for version 3.20150121.1.
+  * initramfs: don't force_load microcode.ko when missing.
+    Detect a missing microcode.ko and don't attempt to force_load() it,
+    otherwise we get spurious warnings at boot.  In verbose mode, log the
+    fact that the microcode driver is modular.   For Linux 4.4 and later,
+    skip the entire module loading logic, since the microcode driver cannot
+    be modular for those kernels (closes: #814301).
+  * initramfs: update copyright notice
+  * initramfs: use iucode_tool -l for verbose mode
+  * README.Debian: enhance and add recovery instructions.
+    Rewrite large parts of the README.Debian document, and add recovery
+    instructions (use of the "dis_ucode_ldr" kernel parameter).
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 17 Apr 2016 12:38:12 -0300
+
+intel-microcode (3.20151106.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20151106
+    + New Microcodes:
+      sig 0x000306f4, pf mask 0x80, 2015-07-17, rev 0x0009, size 14336
+      sig 0x00040671, pf mask 0x22, 2015-08-03, rev 0x0013, size 11264
+    + Updated Microcodes:
+      sig 0x000306a9, pf mask 0x12, 2015-02-26, rev 0x001c, size 12288
+      sig 0x000306c3, pf mask 0x32, 2015-08-13, rev 0x001e, size 21504
+      sig 0x000306d4, pf mask 0xc0, 2015-09-11, rev 0x0022, size 16384
+      sig 0x000306f2, pf mask 0x6f, 2015-08-10, rev 0x0036, size 30720
+      sig 0x00040651, pf mask 0x72, 2015-08-13, rev 0x001d, size 20480
+    * This massive Haswell + Broadwell (and related Xeons) update fixes
+      several critical errata, including the high-hitting BDD86/BDM101/
+      HSM153(?) which triggers an MCE and locks the processor core
+      (LP: #1509764)
+    * Might fix critical errata BDD51, BDM53 (TSX-related)
+  * source: remove superseded upstream data file: 20150121
+  * Add support for supplementary microcode bundles:
+    + README.source: update and mention supplementary microcode
+    + Makefile: support supplementary microcode
+      Add support for supplementary microcode bundles, which (unlike .fw
+      microcode override files) can be superseded by a higher revision
+      microcode from the latest regular microcode bundle.  Also, fix the
+      "oldies" target to have its own exclude filter (IUC_OLDIES_EXCLUDE)
+  * Add support for x32 arch:
+    + README.source: mention x32
+    + control,rules: enable building on x32 arch (Closes: #777356)
+  * ucode-blacklist: add Broadwell and Haswell-E signatures
+    Add a missing signature for Haswell Refresh (Haswell-E) to the "must
+    be updated only by the early microcode update driver" list.  There is
+    at least one report of one of the Broadwell microcode updates disabling
+    TSX-NI, so add them as well just in case
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 09 Nov 2015 23:07:32 -0200
+
+intel-microcode (3.20150121.1) unstable; urgency=critical
+
+  * New upstream microcode data file 20150121
+    * Downgraded microcodes (to a previously shipped revision):
+      sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+    * The microcode downgrade fixes a very nasty regression on Xeon E5v3
+      processors (closes: #776431)
+  * critical urgency: the broken sig 0x306f2, rev 0x2d microcode shipped
+    in release 20150107 caused CPU core hangs and Linux boot failures.
+    The upstream fix was to downgrade it to the same microcode revision
+    that was shipped in release 20140913
+  * source: remove superseded upstream data file: 20150107.
+  * initramfs.hook: do not mix arrays and lists.
+    Avoid echo "foo $@", use echo "foo $*" instead.  This is unlikely
+    to be expĺoitable, but it makes ShellCheck happier.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 28 Jan 2015 20:03:20 -0200
+
+intel-microcode (3.20150107.1) unstable; urgency=high
+
+  * New upstream microcode data file 20150107
+    + New Microcodes:
+      sig 0x000306d4, pf mask 0xc0, 2014-12-05, rev 0x0018, size 14336
+    + Updated Microcodes:
+      sig 0x000306f2, pf mask 0x6f, 2014-11-21, rev 0x002d, size 28672
+    + High urgency: there are fast-tracked microcode updates in this
+      release which imply that critical errata are being fixed
+  * source: remove superseded upstream data file: 20140913
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 18 Jan 2015 00:30:11 -0200
+
+intel-microcode (3.20140913.1) unstable; urgency=low
+
+  * New upstream microcode data file 20140913
+    + New Microcodes:
+      sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+    + Updated Microcodes:
+      sig 0x000306c3, pf mask 0x32, 2014-07-03, rev 0x001c, size 21504
+      sig 0x00040651, pf mask 0x72, 2014-07-03, rev 0x001c, size 20480
+      sig 0x00040661, pf mask 0x32, 2014-07-03, rev 0x0012, size 23552
+    + WARNING: UNSAFE TO BE APPLIED AT RUNTIME (lp#1370352)
+  * Microcode updates are now applied only through the early initramfs
+    + Bump major version number
+    + Requires Linux kernel v3.10 or later, other kernels unsupported
+    + postinst: don't apply microcode update
+    + kernel preinst: stop loading microcode module
+    + modprobe.d: blacklist microcode module from autoloading outside
+      of the initramfs.  Still load it inside the initramfs for logging
+    + initramfs: always use early initramfs mode, reject kernels before
+      v3.10
+    + README.Debian, NEWS.Debian: update
+  * add a microcode best-effort blacklist.  This is a reactive blacklist
+    which renames problematic microcode data files in such a way they
+    will only be used for the [early] initramfs.  Use it to blacklist
+    all Haswell microcode updates
+  * Allow a non-Intel box to generate an early initramfs with microcode
+    for an Intel box if the /etc/default/intel-microcode defaults are
+    changed:
+    + postinst: always attempt to update the initramfs
+    + initramfs: on auto mode, do nothing in a non-intel box. In
+      forced "early" mode, attempt to run iucode-tool.  This will do
+      nothing (add no microcode) unless the default configuration is
+      changed in /etc/default/intel-microcode
+    + default: update comments
+  * source: remove superseded upstream data file: 20140624
+  * README.source: remove information about lenny, oldstable
+  * debian/control: bump standards vesion to 3.9.6
+  * lintian-overrides: remove
+  * debian/copyright: update upstream copyright dates
+  * postrm: avoid use of test -a
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 19 Oct 2014 15:23:13 -0200
+
+intel-microcode (2.20140624.1) unstable; urgency=high
+
+  * New upstream microcode data file 20140624
+    + Updated Microcodes:
+      sig 0x000306a9, pf mask 0x12, 2014-05-29, rev 0x001b, size 12288
+      sig 0x000306c3, pf mask 0x32, 2014-05-23, rev 0x001a, size 20480
+      sig 0x000306e4, pf mask 0xed, 2014-05-29, rev 0x0428, size 13312
+      sig 0x000306e7, pf mask 0xed, 2014-05-29, rev 0x070d, size 15360
+      sig 0x00040651, pf mask 0x72, 2014-05-23, rev 0x0018, size 19456
+      sig 0x00040661, pf mask 0x32, 2014-05-23, rev 0x0010, size 23552
+    + High urgency: there are fast-tracked microcode updates in this
+      release which imply that critical errata are being fixed
+  * Intel strongly suggests that this CPU microcode update be applied
+    to all Ivy Bridge, Haswell, and Broadwell processors (thanks to
+    Canonical for the warning, refer to LP#1335156)
+  * This update is reported to better fix the errata addressed by the
+    20140430 update (refer to LP#1335156)
+  * source: remove superseded upstream data file: 20140430
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 27 Jun 2014 16:35:12 -0300
+
+intel-microcode (2.20140430.1) unstable; urgency=low
+
+  * New upstream microcode data file 20140430
+    + New microcodes:
+      sig 0x000306e7, pf mask 0xed, 2014-04-14, rev 0x070c, size 15360
+    + Updated microcodes:
+      sig 0x000306e4, pf mask 0xed, 2014-04-10, rev 0x0427, size 12288
+  * source: remove superseded upstream data file: 20140122
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 03 May 2014 14:21:27 -0300
+
+intel-microcode (2.20140122.1) unstable; urgency=low
+
+  * New upstream microcode data file 20140122
+    + New Microcodes:
+      sig 0x00040661, pf mask 0x32, 2013-08-21, rev 0x000f, size 23552
+    + Updated Microcodes:
+      sig 0x000106e5, pf mask 0x13, 2013-08-20, rev 0x0007, size 7168
+      sig 0x000306c3, pf mask 0x32, 2013-08-16, rev 0x0017, size 20480
+      sig 0x000306e4, pf mask 0xed, 2013-07-09, rev 0x0416, size 11264
+      sig 0x00040651, pf mask 0x72, 2013-09-14, rev 0x0017, size 19456
+  * source: remove superseded upstream data file: 20130906
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 01 Feb 2014 15:39:03 -0200
+
+intel-microcode (2.20130906.1) unstable; urgency=high
+
+  * New upstream microcode data file 20130906
+    + Updated Microcodes:
+      sig 0x000306c3, pf mask 0x32, 2013-08-07, rev 0x0016, size 20480
+      sig 0x00040651, pf mask 0x72, 2013-08-08, rev 0x0016, size 19456
+    + Updated Microcodes (recently removed):
+      sig 0x000106e4, pf mask 0x09, 2013-07-01, rev 0x0003, size 6144
+  * This microcode release *likely* fixes the security issues addressed by
+    the 20130808 update for signature 0x106e4 (Xeon EC3500/EC5500/LC3500/
+    LC5500, Jasper Forest core), which was missing from the 20130808 update
+  * upstream changelog: trim down, sunrise now at 20080220, the first
+    microcode pack with a license that allows redistribution
+  * debian/control: recommend initramfs-tools (>= 0.113~) for backports
+  * cpu-signatures.txt: Xeon nocona cores are 64-bit, ship for amd64 arch
+  * source: remove superseded upstream data file: 20130808
+  * postinst: fix kernel version check for blacklist
+    Distro kernels have version strings that make it hard to get the real
+    kernel version, so we have to blacklist by branches only.  We were
+    refusing to update the kernel on postinst for users of Debian stable's
+    kernel because of this issue
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Sep 2013 20:35:47 -0300
+
+intel-microcode (2.20130808.1) unstable; urgency=high
+
+  * Reupload, high severity, no changes
+  * Bump major version number.  I will need this so that I can track two
+    separate branches for Wheezy: branch 1.x will target stable-updates (no
+    early firmware support), while branch 2.x will target stable-backports,
+    testing and unstable.  This major version bump should have been done for
+    the 1.20130222.3 upload in hindsight.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 17 Aug 2013 10:56:45 -0300
+
+intel-microcode (1.20130808.2) unstable; urgency=high
+
+  * Reupload with high severity.  This microcode update has been documented
+    by Intel to fix a severe security issue (refer to LP bug 1212497);
+    This update is known to fix several nasty errata on 3rd-gen and
+    4th-gen Core i3/i5/i7, and Xeon 5500 and later, including but not
+    limited to:
+    + AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging
+      may cause system crash
+    + AAK170/BT246: The upper 32 bits of CR3 may be incorrectly used
+      with 32-bit paging
+  * Erratum AAK167/BT248 is nasty: "If a logical processor has EPT (Extended
+    Page Tables) enabled, is using 32-bit PAE paging, and accesses the
+    virtual-APIC page then a complex sequence of internal processor
+    micro-architectural events may cause an incorrect address translation or
+    machine check on either logical processor.  This erratum may result in
+    unexpected faults, an uncorrectable TLB error logged in
+    IA32_MCi_STATUS.MCACOD (bits [15:0]), a guest or hypervisor crash, or
+    other unpredictable system behavior"
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 16 Aug 2013 21:10:12 -0300
+
+intel-microcode (1.20130808.1) unstable; urgency=low
+
+  * New upstream microcode data file 20130808
+    + New Microcodes:
+      sig 0x000306c3, pf mask 0x32, 2013-07-02, rev 0x0012, size 19456
+      sig 0x000306e4, pf mask 0xed, 2013-06-13, rev 0x0415, size 11264
+      sig 0x000306e6, pf mask 0xed, 2013-06-19, rev 0x0600, size 11264
+      sig 0x00040651, pf mask 0x72, 2013-07-02, rev 0x0015, size 18432
+    + Updated Microcodes (removed in the past):
+      sig 0x000106a5, pf mask 0x03, 2013-06-21, rev 0x0019, size 10240
+    + Updated Microcodes:
+      sig 0x000106a4, pf mask 0x03, 2013-06-21, rev 0x0012, size 14336
+      sig 0x000106e5, pf mask 0x13, 2013-07-01, rev 0x0006, size 7168
+      sig 0x00020652, pf mask 0x12, 2013-06-26, rev 0x000e, size 8192
+      sig 0x00020655, pf mask 0x92, 2013-06-28, rev 0x0004, size 3072
+      sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240
+      sig 0x000206d7, pf mask 0x6d, 2013-06-17, rev 0x0710, size 17408
+      sig 0x000206f2, pf mask 0x05, 2013-06-18, rev 0x0037, size 13312
+      sig 0x000306a9, pf mask 0x12, 2013-06-13, rev 0x0019, size 12288
+    + Removed Microcodes:
+      sig 0x000106e4, pf mask 0x09, 2010-03-08, rev 0x0002, size 5120
+  * Remove from the source package an unused upstream microcode bundle,
+    which has been completely superseded by later bundles:
+    microcode-20130222.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 15 Aug 2013 20:18:32 -0300
+
+intel-microcode (1.20130222.6) unstable; urgency=low
+
+  * initramfs, postinst: don't do anything on non-Intel systems
+  * initramfs, postinst: blacklist several kernel versions (closes: #716917)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 20 Jul 2013 10:46:59 -0300
+
+intel-microcode (1.20130222.5) unstable; urgency=low
+
+  * debian/control: depend on iucode-tool, and shorten description
+  * initramfs hook: several auto mode fixes
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 03 Jul 2013 19:55:13 -0300
+
+intel-microcode (1.20130222.4) unstable; urgency=low
+
+  * initramfs: fix xargs error when iucode-tool is not installed
+    in the early firmware update mode code path (closes: #712943)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 20 Jun 2013 22:07:04 -0300
+
+intel-microcode (1.20130222.3) unstable; urgency=low
+
+  * initramfs: add support for early firmware update
+    Add support to update microcode during early kernel startup, requires
+    Linux 3.9 or later with CONFIG_MICROCODE_INTEL_EARLY enabled.
+    This also requires initramfs-tools 0.113 or later, as well as iucode-tool
+    1.0 or later.  We fallback to late initramfs mode if outdated versions of
+    initramfs-tools or iucode-tool are installed.
+  * Update README.Debian and NEWS.Debian for early updates
+  * debian/control: update recommends for early-fw support
+    Recommend iucode-tool v1.0 or later and initramfs-tools 0.113, and
+    update the explanation in the package description accordingly.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 19 Jun 2013 22:15:46 -0300
+
+intel-microcode (1.20130222.2) unstable; urgency=low
+
+  * kernel preinst: simplify and load microcode and cpuid modules
+  * postinst: attempt to load microcode module (closes: #692535)
+  * Makefile: Use the -s! and --loose-date-filtering facilities added to
+    iucode_tool v0.9 to better implement the selection of legacy microcode,
+    and to fix the support for IUC_INCLUDE, which was non-functional.
+  * debian/control: build-depend on iucode-tool (>= 0.9)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 27 Mar 2013 16:39:06 -0300
+
+intel-microcode (1.20130222.1) unstable; urgency=low
+
+  * New upstream microcode data file 20130222 (closes: #702152)
+    + Updated Microcodes:
+        sig 0x000306a9, pf mask 0x12, 2013-01-09, rev 0x0017, size 11264
+  * Remove from the source package an unused microcode data file, which
+    was completely superseded by later ones: microcode-20120606-v2.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 03 Mar 2013 16:59:35 -0300
+
+intel-microcode (1.20120606.v2.2) unstable; urgency=medium
+
+  * initramfs: work around initramfs-tools bug #688794.
+    Use "_" in place of "+-." for the initramfs script name.  This works
+    around a PANIC during boot when the initramfs was created in a system
+    with noexec $TMPDIR.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 09 Oct 2012 07:43:37 -0300
+
+intel-microcode (1.20120606.v2.1) unstable; urgency=medium
+
+  * New upstream microcode data file 20120606-v2 (2012-10-01)
+    + Updated Microcodes:
+      sig 0x000206d6, pf mask 0x6d, 2012-05-22, rev 0x0619, size 16384
+      sig 0x000206d7, pf mask 0x6d, 2012-05-22, rev 0x070d, size 16384
+      sig 0x000306a9, pf mask 0x12, 2012-07-16, rev 0x0013, size 11264
+    + Updated Microcodes (recently removed):
+      sig 0x000206f2, pf mask 0x05, 2012-04-12, rev 0x0036, size 12288
+  * Remove from the source package some unused upstream microcode bundles,
+    which were completely superseded by later ones: microcode-20080401.dat,
+    microcode-20090330.dat, microcode-20090927.dat, microcode-20100209.dat,
+    microcode-20110428.dat, microcode-20111110.dat.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 08 Oct 2012 14:56:17 -0300
+
+intel-microcode (1.20120606.6) unstable; urgency=medium
+
+  * debian/control: conflicts with microcode.ctl (<< 1.18~0)
+    microcode.ctl (1.18~0+nmu1) is a transitional package.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 02 Sep 2012 17:46:39 -0300
+
+intel-microcode (1.20120606.5) unstable; urgency=low
+
+  * debian/copyright: correct statement.
+  * debian/control: use i686 instead of IA32 in package description.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Wed, 29 Aug 2012 19:33:14 -0300
+
+intel-microcode (1.20120606.4) unstable; urgency=low
+
+  * README.Debian: mention module-init-tools, not just kmod.  This
+    is useful when backporting to Debian Squeeze.
+  * initramfs: make sure we modprobe cpuid early.
+    Provide an /etc/kernel/preinst.d hook to modprobe the cpuid module
+    before an in-place kernel upgrade makes it impossible to do so at
+    initramfs rebuild time.  This is only done when dev/cpuid is not yet
+    available, IUCODE_TOOL_SCANCPUS is active, and iucode-tool is
+    installed.  Thanks to Philipp Kern for the report.
+  * NEWS.Debian: document failures with in-place kernel upgrades
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 11 Aug 2012 19:35:46 -0300
+
+intel-microcode (1.20120606.3) unstable; urgency=low
+
+  * initramfs: while creating the initramfs, if we need to iucode_tool
+    --scan-system, attempt to modprobe cpuid if cpu/cpuid device is missing,
+    and report an error if it doesn't work.  Thanks to Sebastian Andrzej
+    Siewior for a good suggestion on how to fix it (closes: #683161)
+  * README.Debian: add "modprobe cpuid" to example
+  * debian/control: use better Vcs-browser URI that is properly
+    handled by the current alioth redirector.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 29 Jul 2012 11:09:44 -0300
+
+intel-microcode (1.20120606.2) unstable; urgency=low
+
+  * Fix README.source to reflect that cpu-signatures.txt processing
+    was moved to the toplevel Makefile
+  * Update diff-latest-pack.sh to really find iucode_tool
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Jul 2012 18:10:47 -0300
+
+intel-microcode (1.20120606.1) unstable; urgency=low
+
+  * Change to ABI 1:
+    + Ship binary microcode in /lib/firmware
+    + Add initramfs helpers to install and load binary microcode on boot
+    + Call update-initramfs on package upgrades and removals
+    + Use non-deprecated kernel interface to interact with kernel
+      (sysfs+fw loader)
+  * Include microcode for older processors.  This should help some
+    older boxes for which microcode was not being shipped by Intel
+    anymore but which still have users, with the trade-off that we
+    will also ship some useless and mostly useless microcode
+  * Do not ship i686-only microcode in the amd64 binary package.  We
+    still ship all microcode in the i386 binary package, to support
+    64bit processors running i?86 userspace transparently
+  * Switch myself to maintainer, and Giacomo to uploader to better
+    reflect who is responsible for any bugs this could cause...
+  * Switch to the 3.0 (native) package format as it doesn't make practical
+    sense to base the source package on the Intel upstream tarball anymore
+    because we use all past Intel microcode releases as source
+    + Use xz to compress the tarball, it does a _much_ better job than
+      bzip2 and gzip for this package
+    + Override lintian warning about switch to native packaging, as it was
+      done on purpose.  It can be removed in the future
+  * Drop CDBS, switch to classic (less obfuscated/much better documented)
+    debhelper build
+  * Switch to debhelper v7, which is good enough for Debian Lenny and later
+    don't use a newer mode for now, to facilitate backporting
+  * Document in README.source:
+    + this package must be trivial to backport to oldstable and stable
+      (i.e. Debian Lenny and Debian Squeeze ATM)
+    + how to add new upstream microcode packs and microcode overrides
+    + other relevant details related to the lack of Intel changelogs
+  * Build-Depend on iucode-tool to handle binary microcode, merge
+    microcode packs and overrides, and split into firmware files
+  * Drop support for microcode.ctl, as it cannot handle binary
+    microcode or the non-deprecated kernel interface
+  * Update package short and long descriptions
+  * Add a NEWS file to explain all the behaviour changes
+  * Recommend iucode-tool to support optional selective microcode
+    selection for the initramfs (reduces microcode size greatly)
+  * Change to priority: standard.  This package should be installed in
+    every Intel-based Debian system, which is unfortunately impossible
+    since it is non-free, but at least mark it as such
+  * add debian/diff-latest-pack.sh utility (not shipped in the binary
+    package) to help produce the "upstream changelogs"
+  * debian/control: add Vcs-* fields
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Fri, 13 Jul 2012 15:23:23 -0300
+
+intel-microcode (0.20120606-1) unstable; urgency=medium
+
+  * New upstream data file: microcode-20120606
+    + New Microcodes:
+      sig 0x00020661, pf mask 0x02, 2011-07-18, rev 0x0105, size 5120
+      sig 0x000206d7, pf mask 0x6d, 2012-04-03, rev 0x070c, size 16384
+      sig 0x000306a9, pf mask 0x12, 2012-04-12, rev 0x0012, size 11264
+    + Updated Microcodes:
+      sig 0x000106e5, pf mask 0x13, 2011-09-01, rev 0x0005, size 6144
+      sig 0x000206a7, pf mask 0x12, 2012-04-24, rev 0x0028, size 9216
+      sig 0x000206d6, pf mask 0x6d, 2012-04-18, rev 0x0618, size 16384
+    + Removed Microcodes (recently updated):
+      sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
+  * Fixes precise-event based sampling (PEBS) on Sandy Bridge processors
+    (http://lkml.org/lkml/2012/6/7/145)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 09 Jun 2012 00:44:12 -0300
+
+intel-microcode (0.20111110-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20111110
+    + New Microcodes:
+      sig 0x000206d6, pf mask 0x6d, 2011-09-29, rev 0x060c, size 15360
+    + Updated Microcodes:
+      sig 0x00020652, pf mask 0x12, 2011-09-01, rev 0x000d, size 7168
+      sig 0x00020655, pf mask 0x92, 2011-09-01, rev 0x0003, size 2048
+      sig 0x000206a7, pf mask 0x12, 2011-10-11, rev 0x0025, size 9216
+      sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
+    + Removed Microcodes (recently added):
+      sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
+      sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
+      sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 24 Dec 2011 18:17:05 -0200
+
+intel-microcode (0.20110915-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20110915
+    + New Microcodes:
+      sig 0x000206f2, pf mask 0x05, 2011-07-21, rev 0x0032, size 12288
+      sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
+      sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
+      sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120
+    + Updated Microcodes:
+      sig 0x000206a7, pf mask 0x12, 2011-07-14, rev 0x001b, size 9216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 16 Oct 2011 13:10:43 -0200
+
+intel-microcode (0.20110428-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20110428
+    + New Microcodes:
+      sig 0x000206a7, pf mask 0x12, 2011-04-07, rev 0x0017, size 8192
+    + Readded Microcodes:
+      sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
+    + Removed Microcodes (recently rolled back):
+      sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
+  * debian/rules: install microcode*.dat, instead of microcode-*.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 26 Jun 2011 18:56:57 -0300
+
+intel-microcode (0.20101123-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20101123
+    + New Microcodes:
+      sig 0x000006fb, pf mask 0x20, 2010-10-03, rev 0x00ba, size 4096
+    + Readded Microcodes (older revision):
+      sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
+    + Updated Microcodes:
+      sig 0x000006f2, pf mask 0x01, 2010-10-02, rev 0x005d, size 4096
+      sig 0x000006f2, pf mask 0x20, 2010-10-02, rev 0x005c, size 4096
+      sig 0x000006f6, pf mask 0x01, 2010-09-30, rev 0x00d0, size 4096
+      sig 0x000006f6, pf mask 0x04, 2010-10-01, rev 0x00d2, size 4096
+      sig 0x000006f6, pf mask 0x20, 2010-10-01, rev 0x00d1, size 4096
+      sig 0x000006f7, pf mask 0x10, 2010-10-02, rev 0x006a, size 4096
+      sig 0x000006f7, pf mask 0x40, 2010-10-02, rev 0x006b, size 4096
+      sig 0x000006fa, pf mask 0x80, 2010-10-02, rev 0x0095, size 4096
+      sig 0x000006fb, pf mask 0x01, 2010-10-03, rev 0x00ba, size 4096
+      sig 0x000006fb, pf mask 0x04, 2010-10-03, rev 0x00bc, size 4096
+      sig 0x000006fb, pf mask 0x08, 2010-10-03, rev 0x00bb, size 4096
+      sig 0x000006fb, pf mask 0x10, 2010-10-03, rev 0x00ba, size 4096
+      sig 0x000006fb, pf mask 0x40, 2010-10-03, rev 0x00bc, size 4096
+      sig 0x000006fb, pf mask 0x80, 2010-10-03, rev 0x00ba, size 4096
+      sig 0x000006fd, pf mask 0x01, 2010-10-02, rev 0x00a4, size 4096
+      sig 0x000006fd, pf mask 0x20, 2010-10-02, rev 0x00a4, size 4096
+      sig 0x000006fd, pf mask 0x80, 2010-10-02, rev 0x00a4, size 4096
+      sig 0x00010661, pf mask 0x01, 2010-10-04, rev 0x0043, size 4096
+      sig 0x00010661, pf mask 0x02, 2010-10-04, rev 0x0042, size 4096
+      sig 0x00010661, pf mask 0x80, 2010-10-04, rev 0x0044, size 4096
+      sig 0x00010676, pf mask 0x01, 2010-09-29, rev 0x060f, size 4096
+      sig 0x00010676, pf mask 0x04, 2010-09-29, rev 0x060f, size 4096
+      sig 0x00010676, pf mask 0x10, 2010-09-29, rev 0x060f, size 4096
+      sig 0x00010676, pf mask 0x40, 2010-09-29, rev 0x060f, size 4096
+      sig 0x00010676, pf mask 0x80, 2010-09-29, rev 0x060f, size 4096
+      sig 0x00010677, pf mask 0x10, 2010-09-29, rev 0x070a, size 4096
+      sig 0x0001067a, pf mask 0x11, 2010-09-28, rev 0x0a0b, size 8192
+      sig 0x0001067a, pf mask 0x44, 2010-09-28, rev 0x0a0b, size 8192
+      sig 0x0001067a, pf mask 0xa0, 2010-09-28, rev 0x0a0b, size 8192
+      sig 0x000106d1, pf mask 0x08, 2010-09-30, rev 0x0029, size 4096
+    + Removed Microcodes:
+      sig 0x00000612, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+      sig 0x00000616, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+      sig 0x00000617, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+      sig 0x00000619, pf mask 0x00, 1998-02-18, rev 0x00d2, size 2048
+      sig 0x00000633, pf mask 0x00, 1998-09-23, rev 0x0036, size 2048
+      sig 0x00000634, pf mask 0x00, 1998-09-23, rev 0x0037, size 2048
+      sig 0x00000650, pf mask 0x04, 1997-12-12, rev 0x0019, size 2048
+      sig 0x00000650, pf mask 0x20, 1998-02-11, rev 0x002e, size 2048
+      sig 0x00000650, pf mask 0x80, 1998-02-11, rev 0x002f, size 2048
+      sig 0x00000651, pf mask 0x02, 1999-05-25, rev 0x0041, size 2048
+      sig 0x00000651, pf mask 0x08, 1999-05-25, rev 0x0042, size 2048
+      sig 0x00000652, pf mask 0x08, 1999-05-18, rev 0x002d, size 2048
+      sig 0x00000672, pf mask 0x01, 1999-09-22, rev 0x0010, size 2048
+      sig 0x00000673, pf mask 0x01, 1999-09-10, rev 0x000e, size 2048
+      sig 0x00000683, pf mask 0x01, 2001-02-06, rev 0x0013, size 2048
+      sig 0x00000683, pf mask 0x04, 2001-02-06, rev 0x0010, size 2048
+      sig 0x00000683, pf mask 0x10, 2001-02-06, rev 0x0014, size 2048
+      sig 0x000006a4, pf mask 0x04, 2000-06-16, rev 0x0001, size 2048
+      sig 0x00000f12, pf mask 0x01, 2003-05-02, rev 0x002d, size 2048
+      sig 0x00000f12, pf mask 0x02, 2003-05-02, rev 0x002f, size 2048
+      sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
+      sig 0x00000f13, pf mask 0x04, 2003-05-08, rev 0x0005, size 2048
+      sig 0x00000f24, pf mask 0x08, 2003-06-05, rev 0x0020, size 2048
+      sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Mon, 10 Jan 2011 23:25:18 -0200
+
+intel-microcode (0.20100914-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20100914
+    + Updated Microcodes:
+      sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168
+    + Removed Microcodes:
+      sig 0x000006d8, pf mask 0x08, 2006-08-31, rev 0x0021, size 2048
+      sig 0x000006d8, pf mask 0x20, 2004-07-22, rev 0x0020, size 2048
+      sig 0x00000f65, pf mask 0x04, 2007-05-10, rev 0x000b, size 2048
+      sig 0x00010661, pf mask 0x04, 2007-05-01, rev 0x0036, size 4096
+      sig 0x000106a5, pf mask 0x03, 2010-03-03, rev 0x0015, size 8192
+      sig 0x000206e6, pf mask 0x04, 2010-04-21, rev 0x0007, size 6144
+  * Add upstream changelog, with a list of changed microcodes per release
+  * Update debian/copyright to match the latest license
+  * Update documentation on where and how to get an up-to-date microcode
+    file directly from Intel, and how to install it
+  * postinst: run the microcode.ctl initscript on install/upgrades to apply
+    updated microcodes to the processor
+  * Merge changes from version 0.20090927-1, which I lost in the last
+    upload for some stupid reason.  The lack of 0.20090927-1 in the
+    changelog upsets the BTS' version tracking, so it is more than just a
+    cosmetic fix
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sun, 26 Sep 2010 19:51:46 -0300
+
+intel-microcode (0.20100826-1) unstable; urgency=low
+
+  * New upstream data file: microcode-20100826 (closes: #571128)
+  * debian/control: Add myself to uploaders
+  * debian/control: bump standards-version to 3.9.1 (no changes required)
+  * debian/control: Change homepage to the only stable URI available,
+    which is that of the RSS feed
+  * debian/source/format: set to 1.0, we gain nothing from the other formats
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 28 Aug 2010 11:25:34 -0300
+
+intel-microcode (0.20090927-1) unstable; urgency=low
+
+  * New upstream version (Closes: #549706)
+
+ -- Giacomo Catenazzi <cate@debian.org>  Tue, 06 Oct 2009 07:42:02 +0200
+
+intel-microcode (0.20090330-1) unstable; urgency=low
+
+  * New upstream version. This version replaced 6 and add
+    extra 3 microcode files.
+
+ -- Giacomo Catenazzi <cate@debian.org>  Tue, 31 Mar 2009 07:54:00 +0200
+
+intel-microcode (0.20080910-2) unstable; urgency=low
+
+  * Revert architecture change
+
+ -- Giacomo Catenazzi <cate@debian.org>  Mon, 13 Oct 2008 19:40:18 +0200
+
+intel-microcode (0.20080910-1) unstable; urgency=low
+
+  * New upstream version.
+  * Set architecture to all: the data is architecture indipendent
+    (and used in i386 and amd64 architectures). Note: this package
+    is "non-free" (i.e. usual manual check), so it should not
+    use space on CD and other medium, on non Intel architectures.
+
+ -- Giacomo Catenazzi <cate@debian.org>  Mon, 15 Sep 2008 08:33:19 +0200
+
+intel-microcode (0.20080401-1) unstable; urgency=low
+
+  * New upstream version.
+
+ -- Giacomo Catenazzi <cate@debian.org>  Fri, 25 Apr 2008 18:59:10 +0200
+
+intel-microcode (0.20080220-1) unstable; urgency=low
+
+  * New upstream version.
+
+ -- Giacomo Catenazzi <cate@debian.org>  Mon, 10 Mar 2008 07:48:48 +0100
+
+intel-microcode (0.20080131-1) unstable; urgency=low
+
+  * Initial release. The new license is finally enough good for
+    debian non-free
+  * BTW packing the microcode will solve potential/theoretical
+    man-in-the-middle attack (Closes: #282583)
+
+ -- Giacomo Catenazzi <cate@debian.org>  Wed, 20 Feb 2008 19:33:10 +0100
+
-- 
cgit v1.2.3