summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/changelog2018
1 files changed, 2018 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..bb758d4
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,2018 @@
+intel-microcode (3.20240312.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20240312 (closes: #1066108)
+ - Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
+ Protection mechanism failure of bus lock regulator for some Intel
+ Processors may allow an unauthenticated user to potentially enable
+ denial of service via network access.
+ - Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
+ Non-transparent sharing of return predictor targets between contexts in
+ some Intel Processors may allow an authorized user to potentially
+ enable information disclosure via local access. Affects SGX as well.
+ - Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
+ Information exposure through microarchitectural state after transient
+ execution from some register files for some Intel Atom Processors and
+ E-cores of Intel Core Processors may allow an authenticated user to
+ potentially enable information disclosure via local access. Enhances
+ VERW instruction to clear stale register buffers. Affects SGX as well.
+ Requires kernel update to be effective.
+ - Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
+ Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
+ Processors when using Intel SGX or Intel TDX may allow a privileged
+ user to potentially enable escalation of privilege via local access.
+ NOTE: effective only when loaded by firmware. Allows SMM firmware to
+ attack SGX/TDX.
+ - Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
+ Incorrect calculation in microcode keying mechanism for some Intel
+ Xeon D Processors with Intel SGX may allow a privileged user to
+ potentially enable information disclosure via local access.
+ * Fixes for other unspecified functional issues on many processors
+ * Updated microcodes:
+ sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
+ sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
+ sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
+ sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
+ sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
+ sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
+ sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
+ sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
+ sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
+ sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
+ sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
+ sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
+ sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
+ sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
+ sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
+ sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+ sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+ sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+ sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
+ sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
+ sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
+ sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
+ sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
+ sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
+ sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
+ sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
+ sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
+ sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
+ sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
+ sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
+ sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
+ sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
+ sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
+ sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
+ sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
+ sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
+ sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
+ sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
+ sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
+ sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
+ sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
+ * New microcodes:
+ sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
+ sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
+ sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
+ sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
+ * source: update symlinks to reflect id of the latest release, 20240312
+ * changelog, debian/changelog: fix typos
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
+
+intel-microcode (3.20231114.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20231114 (closes: #1055962)
+ Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
+ Sequence of processor instructions leads to unexpected behavior for some
+ Intel(R) Processors, may allow an authenticated user to potentially enable
+ escalation of privilege and/or information disclosure and/or denial of
+ service via local access.
+ Note: "reptar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
+ Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
+ 0x01) were already mitigated by a previous microcode update.
+ * Fixes for unspecified functional issues
+ * Updated microcodes:
+ sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
+ sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
+ sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
+ sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
+ sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
+ sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
+ sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
+ sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+ sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+ sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+ sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+ sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
+ sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
+ sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+ sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+ sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+ sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
+ sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
+ sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
+ sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
+ sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
+ sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
+ sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
+ sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
+ sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
+ sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
+ sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
+ sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
+ sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
+ sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
+ sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
+ sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
+ * Updated 2023-08-08 changelog entry with reptar information
+ * source: update symlinks to reflect id of the latest release, 20231114
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 Nov 2023 08:09:43 -0300
+
+intel-microcode (3.20230808.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20230808 (closes: #1043305)
+ * Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
+ INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
+ * Mitigations for "reptar" on a few processors, refer to the 2023-11-14
+ entry for details. This information was disclosed in 2023-11-14.
+ * Updated microcodes:
+ sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
+ sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
+ sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
+ sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
+ sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
+ sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
+ sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
+ sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
+ sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
+ sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
+ sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
+ sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
+ sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
+ sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
+ sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
+ sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
+ sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+ sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+ sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+ sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
+ sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
+ sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+ sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+ sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
+ sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
+ sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
+ sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
+ sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
+ sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
+ sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
+ sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
+ sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
+ sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
+ sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
+ sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
+ sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
+ sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
+ sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
+ sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
+ sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
+ sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
+ sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
+ sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
+ sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
+ sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
+ * source: update symlinks to reflect id of the latest release, 20230808
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 08 Aug 2023 17:25:56 -0300
+
+intel-microcode (3.20230512.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20230512 (closes: #1036013)
+ * New microcodes:
+ sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
+ sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
+ * Updated microcodes:
+ sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
+ sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
+ sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
+ sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
+ sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
+ sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
+ sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
+ sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
+ sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
+ sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
+ sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
+ sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
+ sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
+ sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
+ sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
+ sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
+ sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
+ sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+ sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+ sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+ sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
+ sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
+ sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+ sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+ sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
+ sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
+ sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
+ sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
+ sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
+ sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
+ sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
+ sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
+ sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
+ sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
+ sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
+ sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
+ sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
+ sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
+ sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
+ sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
+ sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
+ * source: update symlinks to reflect id of the latest release, 20230512
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 16 May 2023 00:13:02 -0300
+
+intel-microcode (3.20230214.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream microcode datafile 20230214
+ - Includes Fixes for: (Closes: #1031334)
+ - INTEL-SA-00700: CVE-2022-21216
+ - INTEL-SA-00730: CVE-2022-33972
+ - INTEL-SA-00738: CVE-2022-33196
+ - INTEL-SA-00767: CVE-2022-38090
+ * New Microcodes:
+ sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+ sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+ sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+ sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+ sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+ sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+ sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+ sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
+ sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
+ sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
+ sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
+ sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
+ sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
+ sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
+ * Updated Microcodes:
+ sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
+ sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
+ sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
+ sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
+ sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
+ sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
+ sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
+ sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
+ sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
+ sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
+ sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
+ sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
+ sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
+ sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
+ sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
+ sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
+ sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
+ sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
+ sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
+ sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c
+
+ -- Tobias Frost <tobi@debian.org> Sun, 12 Mar 2023 18:16:50 +0100
+
+intel-microcode (3.20221108.2) unstable; urgency=medium
+
+ * Move source and binary from non-free/admin to non-free-firmware/admin
+ following the 2022 General Resolution about non-free firmware.
+
+ -- Cyril Brulebois <kibi@debian.org> Fri, 17 Feb 2023 01:12:52 +0100
+
+intel-microcode (3.20221108.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20221108
+ * New Microcodes:
+ sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
+ sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800
+ * Updated Microcodes:
+ sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
+ sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
+ sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
+ sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
+ sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
+ sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
+ sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
+ sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
+ sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
+ sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
+ sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
+ sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
+ sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
+ sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
+ sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
+ sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
+ sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
+ sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 03 Dec 2022 17:21:08 -0300
+
+intel-microcode (3.20220809.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20220809
+ * Fixes INTEL-SA-00657, CVE-2022-21233
+ Stale data from APIC leaks SGX memory (AEPIC leak)
+ * Fixes unspecified errata (functional issues) on Xeon Scalable
+ * Updated Microcodes:
+ sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
+ sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
+ sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
+ sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
+ sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
+ sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
+ sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
+ sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
+ sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+ sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+ sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
+ sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
+ sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
+ sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+ sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
+ * source: update symlinks to reflect id of the latest release, 20220809
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 19 Aug 2022 14:21:20 -0300
+
+intel-microcode (3.20220510.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20220510
+ * Fixes INTEL-SA-000617, CVE-2022-21151:
+ Processor optimization removal or modification of security-critical
+ code may allow an authenticated user to potentially enable information
+ disclosure via local access (closes: #1010947)
+ * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
+ Atom E3900
+ * New Microcodes:
+ sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+ sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+ sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
+ sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
+ sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+ sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
+ * Updated Microcodes:
+ sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
+ sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
+ sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
+ sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
+ sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
+ sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
+ sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
+ sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
+ sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
+ sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
+ sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
+ sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
+ sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
+ sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
+ sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
+ sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
+ sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
+ sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
+ sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
+ sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
+ sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
+ sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
+ sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
+ sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
+ sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
+ sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
+ sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
+ sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
+ sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
+ sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
+ sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
+ sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
+ sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
+ sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
+ sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
+ sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424
+ * source: update symlinks to reflect id of the latest release, 20220510
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 15 May 2022 20:09:05 -0300
+
+intel-microcode (3.20220419.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20220419
+ * Fixes errata APLI-11 in Atom E3900 series processors
+ * Updated Microcodes:
+ sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384
+ * source: update symlinks to reflect id of the latest release, 20220419
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 21 Apr 2022 17:25:05 -0300
+
+intel-microcode (3.20220207.1) unstable; urgency=medium
+
+ * upstream changelog: new upstream datafile 20220207
+ * Mitigates (*only* when loaded from UEFI firmware through the FIT)
+ CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
+ debug port, on Pentium, Celeron and Atom processors with signatures
+ 0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
+ * Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
+ may cause a system hang, on many processors.
+ * Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
+ to improper sanitization of shared resources (fast-store forward
+ predictor), on many processors.
+ * Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
+ Atom Processors may allow information disclosure or denial of service
+ via network access.
+ * Fixes critical errata (functional issues) on many processors
+ * Adds a MSR switch to enable RAPL filtering (default off, once enabled
+ it can only be disabled by poweroff or reboot). Useful to protect
+ SGX and other threads from side-channel info leak. Improves the
+ mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
+ processors.
+ * Disables TSX in more processor models.
+ * Fixes issue with WBINDV on multi-socket (server) systems which could
+ cause resets and unpredictable system behavior.
+ * Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
+ Lake) processors, to control a fix for (hopefully rare) unpredictable
+ processor behavior when HyperThreading is enabled. This MSR switch
+ is enabled by default on *server* processors. On other processors,
+ it needs to be explicitly enabled by an updated UEFI/BIOS (with added
+ configuration logic). An updated operating system kernel might also
+ be able to enable it. When enabled, this fix can impact performance.
+ * Updated Microcodes:
+ sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
+ sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
+ sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
+ sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
+ sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
+ sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
+ sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
+ sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
+ sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
+ sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
+ sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
+ sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
+ sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
+ sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
+ sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
+ sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
+ sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
+ sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
+ sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
+ sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
+ sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
+ sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
+ sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
+ sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
+ sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
+ sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
+ sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
+ sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
+ sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
+ sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
+ sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
+ sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
+ sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
+ sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
+ sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
+ sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
+ sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
+ sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
+ sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
+ sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
+ * Removed Microcodes:
+ sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+ sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+ * update .gitignore and debian/.gitignore.
+ Add some missing items from .gitignore and debian/.gitignore.
+ * ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
+ When the BIOS microcode is older than revision 0x7f (and perhaps in some
+ other cases as well), the latest microcode updates for 0x406e3 and
+ 0x506e3 must be applied using the early update method. Otherwise, the
+ system might hang. Also: there must not be any other intermediate
+ microcode update attempts [other than the one done by the BIOS itself],
+ either. It must go from the BIOS microcode update directly to the
+ latest microcode update.
+ * source: update symlinks to reflect id of the latest release, 20220207
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 25 Feb 2022 05:36:55 -0300
+
+intel-microcode (3.20210608.2) unstable; urgency=high
+
+ * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
+ debian/changelog (3.20210608.1).
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 23 Jun 2021 13:42:19 -0300
+
+intel-microcode (3.20210608.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20210608 (closes: #989615)
+ * Implements mitigations for CVE-2020-24511 CVE-2020-24512
+ (INTEL-SA-00464), information leakage through shared resources,
+ and timing discrepancy sidechannels
+ * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
+ Domain-bypass transient execution vulnerability in some Intel Atom
+ Processors, affects Intel SGX.
+ * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
+ VT-d privilege escalation
+ * Fixes critical errata on several processors
+ * New Microcodes:
+ sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
+ sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
+ sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
+ sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+ sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
+ sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
+ sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
+ sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
+ sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
+ sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
+ sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
+ * Updated Microcodes:
+ sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
+ sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
+ sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
+ sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
+ sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
+ sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
+ sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
+ sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
+ sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
+ sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
+ sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
+ sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
+ sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
+ sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
+ sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
+ sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
+ sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
+ sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
+ sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
+ sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
+ sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
+ sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
+ sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
+ sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
+ sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
+ sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
+ sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
+ sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
+ * source: update symlinks to reflect id of the latest release, 20210608
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 08 Jun 2021 22:37:57 -0300
+
+intel-microcode (3.20210216.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20210216
+ * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
+ and Cascade Lake Server (B0/B1) when using an active JTAG
+ agent like In Target Probe (ITP), Direct Connect Interface
+ (DCI) or a Baseboard Management Controller (BMC) to take the
+ CPU JTAG/TAP out of reset and then returning it to reset.
+ * This issue is related to the INTEL-SA-00381 mitigation.
+ * Updated Microcodes:
+ sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
+ sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
+ sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
+ * source: update symlinks to reflect id of the latest release, 20210216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 17 Feb 2021 11:26:06 -0300
+
+intel-microcode (3.20201118.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20201118
+ * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
+ processors. Note that Debian already had removed this specific falty
+ microcode update on the 3.20201110.1 release
+ * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
+ N/J4xxx which didn't make it to release 20201110, fixing security issues
+ (INTEL-SA-00381, INTEL-SA-00389)
+ * Updated Microcodes:
+ sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
+ * Removed Microcodes:
+ sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 27 Dec 2020 15:59:32 -0300
+
+intel-microcode (3.20201110.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20201110 (closes: #974533)
+ * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
+ aka INTEL-SA-00381: AVX register information leakage;
+ Fast-Forward store predictor information leakage
+ * Implements mitigation for CVE-2020-8695, Intel SGX information
+ disclosure via RAPL, aka INTEL-SA-00389
+ * Fixes critical errata on several processor models
+ * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
+ for Skylake-U/Y, Skylake Xeon E3
+ * New Microcodes
+ sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
+ sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
+ sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
+ sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
+ sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
+ sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
+ sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
+ * Updated Microcodes
+ sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
+ sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
+ sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
+ sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
+ sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
+ sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
+ sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
+ sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
+ sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
+ sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
+ sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
+ sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
+ sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
+ sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
+ sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
+ sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
+ sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
+ sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
+ sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
+ sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
+ sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
+ * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
+ INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
+ FOR 0x806c1 TIGER LAKE PROCESSORS by this package update. Contact your
+ system vendor for a firmware update, or wait fo a possible fix in a future
+ Intel microcode release.
+ * source: update symlinks to reflect id of the latest release, 20201110
+ * source: ship new upstream documentation (security.md, releasenote.md)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 12 Nov 2020 15:03:36 -0300
+
+intel-microcode (3.20200616.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20200616
+ + Downgraded microcodes (to a previously shipped revision):
+ sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+ sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+ * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+ * This update *removes* the SRBDS mitigations from the above processors
+ * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 28 Jun 2020 18:38:57 -0300
+
+intel-microcode (3.20200609.2) unstable; urgency=medium
+
+ * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
+ * Microcode rollbacks (closes: LP#1883002)
+ sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+ * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
+ * Avoid hangs on boot on (some?) Skylake-U/Y processors,
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/31
+ * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
+ just in case. Note that Debian does not do late loading by itself.
+ Refer to LP#1883002 for the report, 0x806ec hangs upon late load.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 11 Jun 2020 08:55:07 -0300
+
+intel-microcode (3.20200609.1) unstable; urgency=high
+
+ * SECURITY UPDATE
+ * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
+ on the processor model
+ * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
+ L1DCES mitigations, plus mitigations described in the changelog entry
+ for package release 3.20191112.1.
+ * Expect some performance impact, the mitigations are enabled by
+ default. A Linux kernel update will be issued that allows one to
+ selectively disable the mitigations.
+ * New upstream microcode datafile 20200609
+ * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
+ Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
+ * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
+ (VRDS), INTEL-SA-00329
+ * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
+ (L1DCES), INTEL-SA-00329
+ * Known to fix the regression introduced in release 2019-11-12 (sig
+ 0x50564, rev. 0x2000065), which would cause several systems with
+ Skylake Xeon, Skylake HEDT processors to hang while rebooting
+ * Updated Microcodes:
+ sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
+ sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
+ sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
+ sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
+ sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
+ sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
+ sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
+ sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
+ sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
+ sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
+ sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
+ sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
+ sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
+ sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
+ sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
+ sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
+ sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
+ sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
+ sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
+ sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
+ * Restores the microcode-level fixes that were reverted by release
+ 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 09 Jun 2020 17:16:46 -0300
+
+intel-microcode (3.20200520.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20200520
+ + Updated Microcodes:
+ sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 21 May 2020 11:44:00 -0300
+
+intel-microcode (3.20200508.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20200508
+ + Updated Microcodes:
+ sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
+ * Likely fixes several critical errata on IceLake-U/Y causing system
+ hangs
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 09 May 2020 23:30:43 -0300
+
+intel-microcode (3.20191115.2) unstable; urgency=medium
+
+ * Microcode rollbacks (closes: #946515, LP#1854764):
+ sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
+ * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
+ Xeon processors with signature 0x50654.
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/21
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 10 Dec 2019 23:10:19 -0300
+
+intel-microcode (3.20191115.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20191115
+ + Updated Microcodes:
+ sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
+ sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
+ sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
+ sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
+ sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
+ sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
+ sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
+ sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 16 Nov 2019 23:14:58 -0300
+
+intel-microcode (3.20191113.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20191113
+ + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
+ Adds microcode update for CFL-S (Coffe Lake Desktop)
+ INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
+ + Updated Microcodes (previously removed):
+ sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 15 Nov 2019 00:43:54 -0300
+
+intel-microcode (3.20191112.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20191112
+ + SECURITY UPDATE
+ - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
+ - Implements TA Indirect Sharing mitigation, and improves the
+ MDS mitigation (VERW)
+ - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
+ CVE-2019-11139
+ - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
+ + CRITICAL ERRATA FIXES
+ - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
+ Ice Lake), causes a 0-3% typical perforance hit (can be as bad
+ as 10%). But ensures the processor will actually jump where it
+ should, so don't even *dream* of not applying this fix.
+ - Fixes AVX SHUF* instruction implementation flaw erratum
+ + Removed Microcodes:
+ sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ + New Microcodes:
+ sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
+ sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
+ sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
+ sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
+ sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
+ sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
+ + Updated Microcodes:
+ sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
+ sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
+ sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
+ sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
+ sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
+ sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
+ sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
+ sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
+ sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
+ sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
+ sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
+ sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
+ sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
+ + Updated Microcodes (previously removed):
+ sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Nov 2019 23:21:54 -0300
+
+intel-microcode (3.20190918.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20190918
+ + SECURITY UPDATE
+ *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
+ the set of processors being updated.
+ + Updated Microcodes:
+ sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
+ sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
+ sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
+ sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
+ sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
+ sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
+ sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
+ sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
+ sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
+ sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 19 Sep 2019 00:38:50 -0300
+
+intel-microcode (3.20190618.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20190618
+ + SECURITY UPDATE
+ Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ for Sandybridge server and Core-X processors
+ + Updated Microcodes:
+ sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456
+ * Add some missing (minor) changelog entries to 3.20190514.1
+ * Reformat 3.20190514.1 changelog entry to match rest of changelog
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 19 Jun 2019 09:05:54 -0300
+
+intel-microcode (3.20190514.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20190514
+ + SECURITY UPDATE
+ Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
+ + New Microcodes:
+ sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
+ sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
+ sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
+ sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
+ sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
+ sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
+ + Updated Microcodes:
+ sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
+ sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
+ sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
+ sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
+ sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
+ sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
+ sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
+ sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
+ sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
+ sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
+ sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
+ sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
+ sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
+ sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
+ sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
+ sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
+ sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
+ sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
+ sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
+ sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
+ sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
+ sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
+ sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
+ sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
+ sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
+ sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
+ sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
+ sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
+ * README.Debian, control: update download/homepage URLs
+ * copyright: update download URL and date range
+ * source: update symlinks to reflect id of the latest release, 20190514
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 14 May 2019 21:49:08 -0300
+
+intel-microcode (3.20190312.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20190312
+ + Removed Microcodes:
+ sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ + New Microcodes:
+ sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
+ sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
+ sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
+ sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
+ sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280
+ + Updated Microcodes:
+ sig 0x000306f2, pf_mask 0x6f, 2018-11-20, rev 0x0041, size 34816
+ sig 0x000306f4, pf_mask 0x80, 2018-11-06, rev 0x0013, size 17408
+ sig 0x00050654, pf_mask 0xb7, 2019-01-28, rev 0x200005a, size 33792
+ sig 0x00050662, pf_mask 0x10, 2018-12-06, rev 0x0019, size 32768
+ sig 0x00050663, pf_mask 0x10, 2018-12-06, rev 0x7000016, size 23552
+ sig 0x00050664, pf_mask 0x10, 2018-11-17, rev 0xf000014, size 23552
+ sig 0x00050665, pf_mask 0x10, 2018-11-17, rev 0xe00000c, size 19456
+ sig 0x000506c9, pf_mask 0x03, 2018-09-14, rev 0x0036, size 17408
+ sig 0x000506ca, pf_mask 0x03, 2018-09-20, rev 0x0010, size 15360
+ sig 0x000706a1, pf_mask 0x01, 2018-09-21, rev 0x002c, size 73728
+ sig 0x000806e9, pf_mask 0xc0, 2018-07-16, rev 0x009a, size 98304
+ sig 0x000806ea, pf_mask 0xc0, 2018-10-18, rev 0x009e, size 98304
+ sig 0x000906e9, pf_mask 0x2a, 2018-07-16, rev 0x009a, size 98304
+ sig 0x000906ea, pf_mask 0x22, 2018-12-12, rev 0x00aa, size 98304
+ sig 0x000906eb, pf_mask 0x02, 2018-12-12, rev 0x00aa, size 99328
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 16 Mar 2019 21:07:54 -0300
+
+intel-microcode (3.20180807a.2) unstable; urgency=medium
+
+ * Makefile: unblacklist 0x206c2 (Westmere EP)
+ According to pragyansri.pathi@intel.com, on message to LP#1795594
+ on 2018-10-09, we can ship 0x206c2 updates without restrictions.
+ Also, there are no reports in the field about this update causing
+ issues (closes: #907402) (LP: #1795594)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 23 Oct 2018 19:52:40 -0300
+
+intel-microcode (3.20180807a.1) unstable; urgency=high
+
+ [ Henrique de Moraes Holschuh ]
+ * New upstream microcode datafile 20180807a
+ (closes: #906158, #906160, #903135, #903141)
+ + New Microcodes:
+ sig 0x000206c2, pf_mask 0x03, 2018-05-08, rev 0x001f, size 11264
+ sig 0x000206e6, pf_mask 0x04, 2018-05-15, rev 0x000d, size 9216
+ sig 0x000506c2, pf_mask 0x01, 2018-05-11, rev 0x0014, size 15360
+ sig 0x000506ca, pf_mask 0x03, 2018-05-11, rev 0x000c, size 14336
+ sig 0x000506f1, pf_mask 0x01, 2018-05-11, rev 0x0024, size 10240
+ + Updated Microcodes:
+ sig 0x000106a5, pf_mask 0x03, 2018-05-11, rev 0x001d, size 12288
+ sig 0x000106e5, pf_mask 0x13, 2018-05-08, rev 0x000a, size 9216
+ sig 0x00020652, pf_mask 0x12, 2018-05-08, rev 0x0011, size 9216
+ sig 0x00020655, pf_mask 0x92, 2018-04-23, rev 0x0007, size 4096
+ sig 0x000206a7, pf_mask 0x12, 2018-04-10, rev 0x002e, size 12288
+ sig 0x000206f2, pf_mask 0x05, 2018-05-16, rev 0x003b, size 14336
+ sig 0x000306a9, pf_mask 0x12, 2018-04-10, rev 0x0020, size 13312
+ sig 0x000306c3, pf_mask 0x32, 2018-04-02, rev 0x0025, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2018-03-22, rev 0x002b, size 18432
+ sig 0x00040651, pf_mask 0x72, 2018-04-02, rev 0x0024, size 22528
+ sig 0x00040661, pf_mask 0x32, 2018-04-02, rev 0x001a, size 25600
+ sig 0x00040671, pf_mask 0x22, 2018-04-03, rev 0x001e, size 13312
+ sig 0x000406e3, pf_mask 0xc0, 2018-04-17, rev 0x00c6, size 99328
+ sig 0x00050662, pf_mask 0x10, 2018-05-25, rev 0x0017, size 31744
+ sig 0x00050663, pf_mask 0x10, 2018-04-20, rev 0x7000013, size 22528
+ sig 0x00050664, pf_mask 0x10, 2018-04-20, rev 0xf000012, size 22528
+ sig 0x000506c9, pf_mask 0x03, 2018-05-11, rev 0x0032, size 16384
+ sig 0x000506e3, pf_mask 0x36, 2018-04-17, rev 0x00c6, size 99328
+ sig 0x000706a1, pf_mask 0x01, 2018-05-22, rev 0x0028, size 73728
+ sig 0x000806e9, pf_mask 0xc0, 2018-03-24, rev 0x008e, size 98304
+ sig 0x000806ea, pf_mask 0xc0, 2018-05-15, rev 0x0096, size 98304
+ sig 0x000906e9, pf_mask 0x2a, 2018-03-24, rev 0x008e, size 98304
+ sig 0x000906ea, pf_mask 0x22, 2018-05-02, rev 0x0096, size 97280
+ sig 0x000906eb, pf_mask 0x02, 2018-03-24, rev 0x008e, size 98304
+ + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation)
+ Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ + Implements SSBD support (Spectre v4 mitigation),
+ Disable speculation for (some) RDMSR/WRMSR (Spectre v3a fix)
+ Intel SA-00115, CVE-2018-3639, CVE-2018-3640
+ + Implements IBRS/IBPB/STIPB support, Spectre v2 mitigation for older
+ processors with signatures 0x106a5, 0x106e5, 0x20652, 0x20655.
+ Intel SA-0088, CVE-2017-5753, CVE-2017-5754
+ * source: update symlinks to reflect id of the latest release, 20180807a
+ * debian/intel-microcode.docs: ship license and releasenote upstream files.
+ * debian/changelog: update entry for 3.20180703.1 with L1TF information
+
+ [ Julian Andres Klode ]
+ * initramfs: include all microcode for MODULES=most.
+ Default to early instead of auto, and install all of the microcode,
+ not just the one matching the current CPU, if MODULES=most is set
+ in the initramfs-tools config (LP: #1778738)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 24 Aug 2018 08:53:53 -0300
+
+intel-microcode (3.20180703.2) unstable; urgency=medium
+
+ * source: fix badly named symlink that resulted in most microcode
+ updates not being shipped in the binary package. Oops!
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 05 Jul 2018 14:26:36 -0300
+
+intel-microcode (3.20180703.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20180703 (closes: #903018)
+ + Updated Microcodes:
+ sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
+ sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
+ sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
+ sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
+ sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
+ sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
+ sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
+ sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
+ + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640,
+ Intel SA-00161, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
+ + Implements L1D_FLUSH support (L1TF "Foreshadow/-NG" mitigation),
+ SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
+ Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
+ Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
+ server dies.
+ * source: update symlinks to reflect id of the latest release, 20180703
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 05 Jul 2018 10:03:53 -0300
+
+intel-microcode (3.20180425.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20180425 (closes: #897443, #895878)
+ + Updated Microcodes:
+ sig 0x000406f1, pf_mask 0xef, 2018-03-21, rev 0xb00002c, size 27648
+ sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
+ + Note that sig 0x000604f1 has been blacklisted from late-loading
+ since Debian release 3.20171117.1.
+ * source: remove undesired list files from microcode directories
+ * source: switch to microcode-<id>.d/ since Intel dropped .dat
+ support.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 02 May 2018 16:48:44 -0300
+
+intel-microcode (3.20180312.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20180312 (closes: #886367)
+ + New Microcodes:
+ sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140, size 30720
+ sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009, size 18432
+ + Updated Microcodes:
+ sig 0x000206a7, pf_mask 0x12, 2018-02-07, rev 0x002d, size 12288
+ sig 0x000206d6, pf_mask 0x6d, 2018-01-30, rev 0x061c, size 18432
+ sig 0x000206d7, pf_mask 0x6d, 2018-01-26, rev 0x0713, size 19456
+ sig 0x000306a9, pf_mask 0x12, 2018-02-07, rev 0x001f, size 13312
+ sig 0x000306c3, pf_mask 0x32, 2018-01-21, rev 0x0024, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2018-01-18, rev 0x002a, size 18432
+ sig 0x000306e4, pf_mask 0xed, 2018-01-25, rev 0x042c, size 15360
+ sig 0x000306e7, pf_mask 0xed, 2018-02-16, rev 0x0713, size 16384
+ sig 0x000306f2, pf_mask 0x6f, 2018-01-19, rev 0x003c, size 33792
+ sig 0x000306f4, pf_mask 0x80, 2018-01-22, rev 0x0011, size 17408
+ sig 0x00040651, pf_mask 0x72, 2018-01-18, rev 0x0023, size 21504
+ sig 0x00040661, pf_mask 0x32, 2018-01-21, rev 0x0019, size 25600
+ sig 0x00040671, pf_mask 0x22, 2018-01-21, rev 0x001d, size 12288
+ sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+ sig 0x00050654, pf_mask 0xb7, 2018-01-26, rev 0x2000043, size 28672
+ sig 0x00050662, pf_mask 0x10, 2018-01-22, rev 0x0015, size 31744
+ sig 0x00050663, pf_mask 0x10, 2018-01-22, rev 0x7000012, size 22528
+ sig 0x00050664, pf_mask 0x10, 2018-01-22, rev 0xf000011, size 22528
+ sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
+ sig 0x000806e9, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 98304
+ sig 0x000806ea, pf_mask 0xc0, 2018-01-21, rev 0x0084, size 97280
+ sig 0x000906e9, pf_mask 0x2a, 2018-01-21, rev 0x0084, size 98304
+ sig 0x000906ea, pf_mask 0x22, 2018-01-21, rev 0x0084, size 96256
+ sig 0x000906eb, pf_mask 0x02, 2018-01-21, rev 0x0084, size 98304
+ + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
+ Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
+ Coffee Lake
+ + Missing production updates:
+ + Broadwell-E/EX Xeons (sig 0x406f1)
+ + Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
+ Gemini Lake, Denverton
+ * Update past changelog entries with new information:
+ Intel already had all necessary semanthics in LFENCE, so the
+ Spectre-related Intel microcode changes did not need to enhance LFENCE.
+ * debian/control: update Vcs-* fields for the move to salsa.debian.org
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 14 Mar 2018 09:21:24 -0300
+
+intel-microcode (3.20180108.1+really20171117.1) unstable; urgency=critical
+
+ * Revert to release 20171117, as per Intel instructions issued to
+ the public in 2018-01-22 (closes: #886998)
+ * This effectively removes IBRS/IBPB/STIPB microcode support for
+ Spectre variant 2 mitigation.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 22 Jan 2018 23:01:59 -0200
+
+intel-microcode (3.20180108.1) unstable; urgency=high
+
+ * New upstream microcode data file 20180108 (closes: #886367)
+ + Updated Microcodes:
+ sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
+ sig 0x000306e4, pf_mask 0xed, 2017-12-01, rev 0x042a, size 15360
+ sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
+ sig 0x000306f4, pf_mask 0x80, 2017-11-17, rev 0x0010, size 17408
+ sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
+ sig 0x00040661, pf_mask 0x32, 2017-11-20, rev 0x0018, size 25600
+ sig 0x00040671, pf_mask 0x22, 2017-11-17, rev 0x001b, size 13312
+ sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+ sig 0x00050654, pf_mask 0xb7, 2017-12-08, rev 0x200003c, size 27648
+ sig 0x00050662, pf_mask 0x10, 2017-12-16, rev 0x0014, size 31744
+ sig 0x00050663, pf_mask 0x10, 2017-12-16, rev 0x7000011, size 22528
+ sig 0x000506e3, pf_mask 0x36, 2017-11-16, rev 0x00c2, size 99328
+ sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
+ sig 0x000806e9, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
+ sig 0x000806ea, pf_mask 0xc0, 2018-01-04, rev 0x0080, size 98304
+ sig 0x000906e9, pf_mask 0x2a, 2018-01-04, rev 0x0080, size 98304
+ sig 0x000906ea, pf_mask 0x22, 2018-01-04, rev 0x0080, size 97280
+ sig 0x000906eb, pf_mask 0x02, 2018-01-04, rev 0x0080, size 98304
+ + Implements IBRS/IBPB support: mitigation against Spectre (CVE-2017-5715)
+ + Very likely fixes several other errata on some of the processors
+ * supplementary-ucode-CVE-2017-5715.d/: remove.
+ + Downgraded microcodes:
+ sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
+ sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ + Recall related to bug #886998
+ * source: remove superseded upstream data file: 20171117
+ * README.Debian, copyright: update download URLs (closes: #886368)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 10 Jan 2018 00:23:44 -0200
+
+intel-microcode (3.20171215.1) unstable; urgency=high
+
+ * Add supplementary-ucode-CVE-2017-5715.d/: (closes: #886367)
+ New upstream microcodes to partially address CVE-2017-5715
+ + Updated Microcodes:
+ sig 0x000306c3, pf_mask 0x32, 2017-11-20, rev 0x0023, size 23552
+ sig 0x000306d4, pf_mask 0xc0, 2017-11-17, rev 0x0028, size 18432
+ sig 0x000306f2, pf_mask 0x6f, 2017-11-17, rev 0x003b, size 33792
+ sig 0x00040651, pf_mask 0x72, 2017-11-20, rev 0x0021, size 22528
+ sig 0x000406e3, pf_mask 0xc0, 2017-11-16, rev 0x00c2, size 99328
+ sig 0x000406f1, pf_mask 0xef, 2017-11-18, rev 0xb000025, size 27648
+ sig 0x00050654, pf_mask 0xb7, 2017-11-21, rev 0x200003a, size 27648
+ sig 0x000506c9, pf_mask 0x03, 2017-11-22, rev 0x002e, size 16384
+ sig 0x000806e9, pf_mask 0xc0, 2017-12-03, rev 0x007c, size 98304
+ sig 0x000906e9, pf_mask 0x2a, 2017-12-03, rev 0x007c, size 98304
+ * Implements IBRS and IBPB support via new MSR (Spectre variant 2
+ mitigation, indirect branches). Support is exposed through cpuid(7).EDX.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 04 Jan 2018 23:04:38 -0200
+
+intel-microcode (3.20171117.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20171117
+ + New Microcodes:
+ sig 0x000506c9, pf_mask 0x03, 2017-03-25, rev 0x002c, size 16384
+ sig 0x000706a1, pf_mask 0x01, 2017-10-31, rev 0x001e, size 72704
+ sig 0x000906ea, pf_mask 0x22, 2017-08-23, rev 0x0070, size 95232
+ sig 0x000906eb, pf_mask 0x02, 2017-09-20, rev 0x0072, size 97280
+ + Updated Microcodes:
+ sig 0x00050654, pf_mask 0xb7, 2017-10-17, rev 0x2000035, size 26624
+ sig 0x000806ea, pf_mask 0xc0, 2017-08-03, rev 0x0070, size 96256
+ * source: remove superseded upstream data file: 20170707.
+ * source: remove unneeded intel-ucode/ directory for 20171117.
+ * debian/control: bump standards version to 4.1.1 (no changes)
+ * Makefile: rename microcode-extras.pbin to microcode-includes.pbin.
+ * README.source: fix IUC_EXCLUDE example and minor issues.
+ * Makefile, README.souce: support loading ucode from directories.
+ * debian/rules: switch to dh mode (debhelper v9)
+ * ucode-blacklist: blacklist sig 0x406f1 (Skylake-X H0) from late
+ loading.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 18 Nov 2017 18:55:09 -0200
+
+intel-microcode (3.20170707.1) unstable; urgency=high
+
+ * New upstream microcode datafile 20170707
+ + New Microcodes:
+ sig 0x00050654, pf_mask 0x97, 2017-06-01, rev 0x2000022, size 25600
+ sig 0x000806e9, pf_mask 0xc0, 2017-04-27, rev 0x0062, size 97280
+ sig 0x000806ea, pf_mask 0xc0, 2017-05-23, rev 0x0066, size 95232
+ sig 0x000906e9, pf_mask 0x2a, 2017-04-06, rev 0x005e, size 97280
+ + This release fixes the nightmare-level errata SKZ7/SKW144/SKL150/
+ SKX150 (Skylake) KBL095/KBW095 (Kaby Lake) for all affected Kaby
+ Lake and Skylake processors: Skylake D0/R0 were fixed since the
+ previous upstream release (20170511). This new release adds the
+ fixes for Kaby Lake Y0/B0/H0 and Skylake H0 (Skylake-E/X).
+ + Fix undisclosed errata in Skylake H0 (0x50654), Kaby Lake Y0
+ (0x806ea), Kaby Lake H0 (0x806e9), Kaby Lake B0 (0x906e9)
+ * source: remove unneeded intel-ucode/ directory
+ * source: remove superseded upstream data file: 20170511
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 08 Jul 2017 19:04:27 -0300
+
+intel-microcode (3.20170511.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20170511
+ + Updated Microcodes:
+ sig 0x000306c3, pf_mask 0x32, 2017-01-27, rev 0x0022, size 22528
+ sig 0x000306d4, pf_mask 0xc0, 2017-01-27, rev 0x0025, size 17408
+ sig 0x000306f2, pf_mask 0x6f, 2017-01-30, rev 0x003a, size 32768
+ sig 0x000306f4, pf_mask 0x80, 2017-01-30, rev 0x000f, size 16384
+ sig 0x00040651, pf_mask 0x72, 2017-01-27, rev 0x0020, size 20480
+ sig 0x00040661, pf_mask 0x32, 2017-01-27, rev 0x0017, size 24576
+ sig 0x00040671, pf_mask 0x22, 2017-01-27, rev 0x0017, size 11264
+ sig 0x000406e3, pf_mask 0xc0, 2017-04-09, rev 0x00ba, size 98304
+ sig 0x000406f1, pf_mask 0xef, 2017-03-01, rev 0xb000021, size 26624
+ sig 0x000506e3, pf_mask 0x36, 2017-04-09, rev 0x00ba, size 98304
+ + This release fixes undisclosed errata on the desktop, mobile and
+ server processor models from the Haswell, Broadwell, and Skylake
+ families, including even the high-end multi-socket server Xeons
+ + Likely fix the TSC-Deadline LAPIC errata (BDF89, SKL142 and
+ similar) on several processor families
+ + Fix erratum BDF90 on Xeon E7v4, E5v4(?) (closes: #862606)
+ + Likely fix serious or critical Skylake errata: SKL138/144,
+ SKL137/145, SLK149
+ * Likely fix nightmare-level Skylake erratum SKL150. Fortunately,
+ either this erratum is very-low-hitting, or gcc/clang/icc/msvc
+ won't usually issue the affected opcode pattern and it ends up
+ being rare.
+ SKL150 - Short loops using both the AH/BH/CH/DH registers and
+ the corresponding wide register *may* result in unpredictable
+ system behavior. Requires both logical processors of the same
+ core (i.e. sibling hyperthreads) to be active to trigger, as
+ well as a "complex set of micro-architectural conditions"
+ * source: remove unneeded intel-ucode/ directory
+ Since release 20170511, upstream ships the microcodes both in .dat
+ format, and as Linux-style split /lib/firmware/intel-ucode files.
+ It is simpler to just use the .dat format file for now, so remove
+ the intel-ucode/ directory. Note: before removal, it was verified
+ that there were no discrepancies between the two microcode sets
+ (.dat and intel-ucode/)
+ * source: remove superseded upstream data file: 20161104
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 15 May 2017 15:12:25 -0300
+
+intel-microcode (3.20161104.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20161104
+ + New Microcodes:
+ sig 0x00050663, pf_mask 0x10, 2016-10-12, rev 0x700000d, size 20480
+ sig 0x00050664, pf_mask 0x10, 2016-06-02, rev 0xf00000a, size 21504
+ + Updated Microcodes:
+ sig 0x000306f2, pf_mask 0x6f, 2016-10-07, rev 0x0039, size 32768
+ sig 0x000406f1, pf_mask 0xef, 2016-10-07, rev 0xb00001f, size 25600
+ + Removed Microcodes:
+ sig 0x000106e4, pf_mask 0x09, 2013-07-01, rev 0x0003, size 6144
+ + This update fixes critical errata on Broadwell-DE V2/Y0 (Xeon
+ D-1500 family), including one that can crash VMWare ESXi 6 with
+ #PF (VMWare KB2146388), and could affect Linux as well. This same
+ issue was fixed for the E5v4 Xeons in release 20160607
+ + This update fixes undisclosed (and likely critical) errata on
+ Broadwell-E Core i7-68xxK/69xxK/6950X, Broadwell-EP/EX B0/R0/M0
+ Xeon E5v4 and Xeon E7v4, and Haswell-EP Xeon E5v3
+ + This release deletes the microcode update for the Jasper Forest
+ embedded Xeons (Xeon EC35xx/LC35xx/EC35xx/LC55xx), for undisclosed
+ reasons. The deleted microcode is outdated when compared with the
+ updates for the other Nehalem Xeons
+ * Makefile: always exclude microcode sig 0x206c2 just in case
+ Intel is quite clear in the Intel SA-00030 advisory text that recent
+ revisions (0x14 and later?) of the 0x206c2 microcode updates must be
+ installed along with updated SINIT ACM on vPro systems (i.e. through
+ an UEFI/BIOS firmware update). This is a defensive change so that we
+ don't ship such a microcode update in the future by mistake
+ * source: remove partially superseded upstream data file: 20160714
+ * source: remove superseded upstream data file: 20101123
+ * changelog: replace "pf mask" with "pf_mask"
+ * control, compat: switch debhelper compatibility level to 9
+ * control: bump standards-version, no changes required
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 09 Nov 2016 20:35:57 -0200
+
+intel-microcode (3.20160714.1) unstable; urgency=medium
+
+ * New upstream microcode datafile 20160714
+ + Updated Microcodes:
+ sig 0x000306f4, pf mask 0x80, 2016-06-07, rev 0x000d, size 15360
+ sig 0x000406e3, pf mask 0xc0, 2016-06-22, rev 0x009e, size 97280
+ sig 0x000406f1, pf mask 0xef, 2016-06-06, rev 0xb00001d, size 25600
+ sig 0x000506e3, pf mask 0x36, 2016-06-22, rev 0x009e, size 97280
+ + This release hopefully fixes a hang when updating the microcode on
+ some Skylake-U D-1/Skylake-Y D-1 (sig 0x406e3, pf 0x80) systems
+ * source: remove superseded upstream data file: 20160607
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 21 Jul 2016 19:04:09 -0300
+
+intel-microcode (3.20160607.2) unstable; urgency=low
+
+ * REMOVE microcode:
+ sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+ (closes: #828819)
+ * The Core i7-6500U and m3-6Y30 processors (Skylake-UY D-1,
+ sig=0x406e3, pf=0x80) may hang while attempting an early microcode
+ update to revision 0x8a, apparently due to some sort of firmware
+ dependency. On affected systems, the only way to avoid the issue is
+ to get a firmware update that includes microcode revision 0x8a or
+ later. At this time, there are reports of both sucessful and failed
+ updates on the m3-6Y30, and only of failed updates on the i7-6500U.
+ There are no reports about Skylake-U K-1 (pf=0x40).
+ + WARNING: it is unsafe to use a system based on an Intel Skylake-U/Y
+ processor with microcode earlier than revision 0x8a, due to several
+ critical errata that cause unpredictable behavior, data corruption,
+ and other problems. Users *must* update their firmware to get
+ microcode 0x8a or newer, and keep it up-to-date.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 08 Jul 2016 22:54:26 -0300
+
+intel-microcode (3.20160607.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20160607
+ + New Microcodes:
+ sig 0x000406e3, pf mask 0xc0, 2016-04-06, rev 0x008a, size 96256
+ sig 0x000406f1, pf mask 0xef, 2016-05-20, rev 0xb00001c, size 25600
+ sig 0x00050662, pf mask 0x10, 2015-12-12, rev 0x000f, size 28672
+ sig 0x000506e3, pf mask 0x36, 2016-04-06, rev 0x008a, size 96256
+ + Updated Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2016-03-16, rev 0x0020, size 22528
+ sig 0x000306d4, pf mask 0xc0, 2016-04-29, rev 0x0024, size 17408
+ sig 0x000306f2, pf mask 0x6f, 2016-03-28, rev 0x0038, size 32768
+ sig 0x000306f4, pf mask 0x80, 2016-02-11, rev 0x000a, size 15360
+ sig 0x00040651, pf mask 0x72, 2016-04-01, rev 0x001f, size 20480
+ sig 0x00040661, pf mask 0x32, 2016-04-01, rev 0x0016, size 24576
+ sig 0x00040671, pf mask 0x22, 2016-04-29, rev 0x0016, size 11264
+ * source: remove superseded upstream data file: 20151106.
+ * control: change upstream URL to a search for "linux microcode"
+ Unfortunately, many of the per-processor-model feeds have not been
+ updated for microcode release 20160607. Switch to the general search
+ page as the upstream URL.
+ * README.Debian: fix duplicated word 'to'
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 23 Jun 2016 12:17:03 -0300
+
+intel-microcode (3.20151106.2) unstable; urgency=medium
+
+ * Makefile: make the build less verbose.
+ * debian/changelog: fix error in past entry.
+ Correct the version of the microcode that caused bug #776431,
+ in the entry for version 3.20150121.1.
+ * initramfs: don't force_load microcode.ko when missing.
+ Detect a missing microcode.ko and don't attempt to force_load() it,
+ otherwise we get spurious warnings at boot. In verbose mode, log the
+ fact that the microcode driver is modular. For Linux 4.4 and later,
+ skip the entire module loading logic, since the microcode driver cannot
+ be modular for those kernels (closes: #814301).
+ * initramfs: update copyright notice
+ * initramfs: use iucode_tool -l for verbose mode
+ * README.Debian: enhance and add recovery instructions.
+ Rewrite large parts of the README.Debian document, and add recovery
+ instructions (use of the "dis_ucode_ldr" kernel parameter).
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 17 Apr 2016 12:38:12 -0300
+
+intel-microcode (3.20151106.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20151106
+ + New Microcodes:
+ sig 0x000306f4, pf mask 0x80, 2015-07-17, rev 0x0009, size 14336
+ sig 0x00040671, pf mask 0x22, 2015-08-03, rev 0x0013, size 11264
+ + Updated Microcodes:
+ sig 0x000306a9, pf mask 0x12, 2015-02-26, rev 0x001c, size 12288
+ sig 0x000306c3, pf mask 0x32, 2015-08-13, rev 0x001e, size 21504
+ sig 0x000306d4, pf mask 0xc0, 2015-09-11, rev 0x0022, size 16384
+ sig 0x000306f2, pf mask 0x6f, 2015-08-10, rev 0x0036, size 30720
+ sig 0x00040651, pf mask 0x72, 2015-08-13, rev 0x001d, size 20480
+ * This massive Haswell + Broadwell (and related Xeons) update fixes
+ several critical errata, including the high-hitting BDD86/BDM101/
+ HSM153(?) which triggers an MCE and locks the processor core
+ (LP: #1509764)
+ * Might fix critical errata BDD51, BDM53 (TSX-related)
+ * source: remove superseded upstream data file: 20150121
+ * Add support for supplementary microcode bundles:
+ + README.source: update and mention supplementary microcode
+ + Makefile: support supplementary microcode
+ Add support for supplementary microcode bundles, which (unlike .fw
+ microcode override files) can be superseded by a higher revision
+ microcode from the latest regular microcode bundle. Also, fix the
+ "oldies" target to have its own exclude filter (IUC_OLDIES_EXCLUDE)
+ * Add support for x32 arch:
+ + README.source: mention x32
+ + control,rules: enable building on x32 arch (Closes: #777356)
+ * ucode-blacklist: add Broadwell and Haswell-E signatures
+ Add a missing signature for Haswell Refresh (Haswell-E) to the "must
+ be updated only by the early microcode update driver" list. There is
+ at least one report of one of the Broadwell microcode updates disabling
+ TSX-NI, so add them as well just in case
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 09 Nov 2015 23:07:32 -0200
+
+intel-microcode (3.20150121.1) unstable; urgency=critical
+
+ * New upstream microcode data file 20150121
+ * Downgraded microcodes (to a previously shipped revision):
+ sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+ * The microcode downgrade fixes a very nasty regression on Xeon E5v3
+ processors (closes: #776431)
+ * critical urgency: the broken sig 0x306f2, rev 0x2d microcode shipped
+ in release 20150107 caused CPU core hangs and Linux boot failures.
+ The upstream fix was to downgrade it to the same microcode revision
+ that was shipped in release 20140913
+ * source: remove superseded upstream data file: 20150107.
+ * initramfs.hook: do not mix arrays and lists.
+ Avoid echo "foo $@", use echo "foo $*" instead. This is unlikely
+ to be expĺoitable, but it makes ShellCheck happier.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 28 Jan 2015 20:03:20 -0200
+
+intel-microcode (3.20150107.1) unstable; urgency=high
+
+ * New upstream microcode data file 20150107
+ + New Microcodes:
+ sig 0x000306d4, pf mask 0xc0, 2014-12-05, rev 0x0018, size 14336
+ + Updated Microcodes:
+ sig 0x000306f2, pf mask 0x6f, 2014-11-21, rev 0x002d, size 28672
+ + High urgency: there are fast-tracked microcode updates in this
+ release which imply that critical errata are being fixed
+ * source: remove superseded upstream data file: 20140913
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 18 Jan 2015 00:30:11 -0200
+
+intel-microcode (3.20140913.1) unstable; urgency=low
+
+ * New upstream microcode data file 20140913
+ + New Microcodes:
+ sig 0x000306f2, pf mask 0x6f, 2014-09-03, rev 0x0029, size 28672
+ + Updated Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2014-07-03, rev 0x001c, size 21504
+ sig 0x00040651, pf mask 0x72, 2014-07-03, rev 0x001c, size 20480
+ sig 0x00040661, pf mask 0x32, 2014-07-03, rev 0x0012, size 23552
+ + WARNING: UNSAFE TO BE APPLIED AT RUNTIME (lp#1370352)
+ * Microcode updates are now applied only through the early initramfs
+ + Bump major version number
+ + Requires Linux kernel v3.10 or later, other kernels unsupported
+ + postinst: don't apply microcode update
+ + kernel preinst: stop loading microcode module
+ + modprobe.d: blacklist microcode module from autoloading outside
+ of the initramfs. Still load it inside the initramfs for logging
+ + initramfs: always use early initramfs mode, reject kernels before
+ v3.10
+ + README.Debian, NEWS.Debian: update
+ * add a microcode best-effort blacklist. This is a reactive blacklist
+ which renames problematic microcode data files in such a way they
+ will only be used for the [early] initramfs. Use it to blacklist
+ all Haswell microcode updates
+ * Allow a non-Intel box to generate an early initramfs with microcode
+ for an Intel box if the /etc/default/intel-microcode defaults are
+ changed:
+ + postinst: always attempt to update the initramfs
+ + initramfs: on auto mode, do nothing in a non-intel box. In
+ forced "early" mode, attempt to run iucode-tool. This will do
+ nothing (add no microcode) unless the default configuration is
+ changed in /etc/default/intel-microcode
+ + default: update comments
+ * source: remove superseded upstream data file: 20140624
+ * README.source: remove information about lenny, oldstable
+ * debian/control: bump standards vesion to 3.9.6
+ * lintian-overrides: remove
+ * debian/copyright: update upstream copyright dates
+ * postrm: avoid use of test -a
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 19 Oct 2014 15:23:13 -0200
+
+intel-microcode (2.20140624.1) unstable; urgency=high
+
+ * New upstream microcode data file 20140624
+ + Updated Microcodes:
+ sig 0x000306a9, pf mask 0x12, 2014-05-29, rev 0x001b, size 12288
+ sig 0x000306c3, pf mask 0x32, 2014-05-23, rev 0x001a, size 20480
+ sig 0x000306e4, pf mask 0xed, 2014-05-29, rev 0x0428, size 13312
+ sig 0x000306e7, pf mask 0xed, 2014-05-29, rev 0x070d, size 15360
+ sig 0x00040651, pf mask 0x72, 2014-05-23, rev 0x0018, size 19456
+ sig 0x00040661, pf mask 0x32, 2014-05-23, rev 0x0010, size 23552
+ + High urgency: there are fast-tracked microcode updates in this
+ release which imply that critical errata are being fixed
+ * Intel strongly suggests that this CPU microcode update be applied
+ to all Ivy Bridge, Haswell, and Broadwell processors (thanks to
+ Canonical for the warning, refer to LP#1335156)
+ * This update is reported to better fix the errata addressed by the
+ 20140430 update (refer to LP#1335156)
+ * source: remove superseded upstream data file: 20140430
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 27 Jun 2014 16:35:12 -0300
+
+intel-microcode (2.20140430.1) unstable; urgency=low
+
+ * New upstream microcode data file 20140430
+ + New microcodes:
+ sig 0x000306e7, pf mask 0xed, 2014-04-14, rev 0x070c, size 15360
+ + Updated microcodes:
+ sig 0x000306e4, pf mask 0xed, 2014-04-10, rev 0x0427, size 12288
+ * source: remove superseded upstream data file: 20140122
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 03 May 2014 14:21:27 -0300
+
+intel-microcode (2.20140122.1) unstable; urgency=low
+
+ * New upstream microcode data file 20140122
+ + New Microcodes:
+ sig 0x00040661, pf mask 0x32, 2013-08-21, rev 0x000f, size 23552
+ + Updated Microcodes:
+ sig 0x000106e5, pf mask 0x13, 2013-08-20, rev 0x0007, size 7168
+ sig 0x000306c3, pf mask 0x32, 2013-08-16, rev 0x0017, size 20480
+ sig 0x000306e4, pf mask 0xed, 2013-07-09, rev 0x0416, size 11264
+ sig 0x00040651, pf mask 0x72, 2013-09-14, rev 0x0017, size 19456
+ * source: remove superseded upstream data file: 20130906
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Feb 2014 15:39:03 -0200
+
+intel-microcode (2.20130906.1) unstable; urgency=high
+
+ * New upstream microcode data file 20130906
+ + Updated Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2013-08-07, rev 0x0016, size 20480
+ sig 0x00040651, pf mask 0x72, 2013-08-08, rev 0x0016, size 19456
+ + Updated Microcodes (recently removed):
+ sig 0x000106e4, pf mask 0x09, 2013-07-01, rev 0x0003, size 6144
+ * This microcode release *likely* fixes the security issues addressed by
+ the 20130808 update for signature 0x106e4 (Xeon EC3500/EC5500/LC3500/
+ LC5500, Jasper Forest core), which was missing from the 20130808 update
+ * upstream changelog: trim down, sunrise now at 20080220, the first
+ microcode pack with a license that allows redistribution
+ * debian/control: recommend initramfs-tools (>= 0.113~) for backports
+ * cpu-signatures.txt: Xeon nocona cores are 64-bit, ship for amd64 arch
+ * source: remove superseded upstream data file: 20130808
+ * postinst: fix kernel version check for blacklist
+ Distro kernels have version strings that make it hard to get the real
+ kernel version, so we have to blacklist by branches only. We were
+ refusing to update the kernel on postinst for users of Debian stable's
+ kernel because of this issue
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 21 Sep 2013 20:35:47 -0300
+
+intel-microcode (2.20130808.1) unstable; urgency=high
+
+ * Reupload, high severity, no changes
+ * Bump major version number. I will need this so that I can track two
+ separate branches for Wheezy: branch 1.x will target stable-updates (no
+ early firmware support), while branch 2.x will target stable-backports,
+ testing and unstable. This major version bump should have been done for
+ the 1.20130222.3 upload in hindsight.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 17 Aug 2013 10:56:45 -0300
+
+intel-microcode (1.20130808.2) unstable; urgency=high
+
+ * Reupload with high severity. This microcode update has been documented
+ by Intel to fix a severe security issue (refer to LP bug 1212497);
+ This update is known to fix several nasty errata on 3rd-gen and
+ 4th-gen Core i3/i5/i7, and Xeon 5500 and later, including but not
+ limited to:
+ + AAK167/BT248: Virtual APIC accesses with 32-bit PAE paging
+ may cause system crash
+ + AAK170/BT246: The upper 32 bits of CR3 may be incorrectly used
+ with 32-bit paging
+ * Erratum AAK167/BT248 is nasty: "If a logical processor has EPT (Extended
+ Page Tables) enabled, is using 32-bit PAE paging, and accesses the
+ virtual-APIC page then a complex sequence of internal processor
+ micro-architectural events may cause an incorrect address translation or
+ machine check on either logical processor. This erratum may result in
+ unexpected faults, an uncorrectable TLB error logged in
+ IA32_MCi_STATUS.MCACOD (bits [15:0]), a guest or hypervisor crash, or
+ other unpredictable system behavior"
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 16 Aug 2013 21:10:12 -0300
+
+intel-microcode (1.20130808.1) unstable; urgency=low
+
+ * New upstream microcode data file 20130808
+ + New Microcodes:
+ sig 0x000306c3, pf mask 0x32, 2013-07-02, rev 0x0012, size 19456
+ sig 0x000306e4, pf mask 0xed, 2013-06-13, rev 0x0415, size 11264
+ sig 0x000306e6, pf mask 0xed, 2013-06-19, rev 0x0600, size 11264
+ sig 0x00040651, pf mask 0x72, 2013-07-02, rev 0x0015, size 18432
+ + Updated Microcodes (removed in the past):
+ sig 0x000106a5, pf mask 0x03, 2013-06-21, rev 0x0019, size 10240
+ + Updated Microcodes:
+ sig 0x000106a4, pf mask 0x03, 2013-06-21, rev 0x0012, size 14336
+ sig 0x000106e5, pf mask 0x13, 2013-07-01, rev 0x0006, size 7168
+ sig 0x00020652, pf mask 0x12, 2013-06-26, rev 0x000e, size 8192
+ sig 0x00020655, pf mask 0x92, 2013-06-28, rev 0x0004, size 3072
+ sig 0x000206a7, pf mask 0x12, 2013-06-12, rev 0x0029, size 10240
+ sig 0x000206d7, pf mask 0x6d, 2013-06-17, rev 0x0710, size 17408
+ sig 0x000206f2, pf mask 0x05, 2013-06-18, rev 0x0037, size 13312
+ sig 0x000306a9, pf mask 0x12, 2013-06-13, rev 0x0019, size 12288
+ + Removed Microcodes:
+ sig 0x000106e4, pf mask 0x09, 2010-03-08, rev 0x0002, size 5120
+ * Remove from the source package an unused upstream microcode bundle,
+ which has been completely superseded by later bundles:
+ microcode-20130222.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 15 Aug 2013 20:18:32 -0300
+
+intel-microcode (1.20130222.6) unstable; urgency=low
+
+ * initramfs, postinst: don't do anything on non-Intel systems
+ * initramfs, postinst: blacklist several kernel versions (closes: #716917)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 20 Jul 2013 10:46:59 -0300
+
+intel-microcode (1.20130222.5) unstable; urgency=low
+
+ * debian/control: depend on iucode-tool, and shorten description
+ * initramfs hook: several auto mode fixes
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 03 Jul 2013 19:55:13 -0300
+
+intel-microcode (1.20130222.4) unstable; urgency=low
+
+ * initramfs: fix xargs error when iucode-tool is not installed
+ in the early firmware update mode code path (closes: #712943)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 20 Jun 2013 22:07:04 -0300
+
+intel-microcode (1.20130222.3) unstable; urgency=low
+
+ * initramfs: add support for early firmware update
+ Add support to update microcode during early kernel startup, requires
+ Linux 3.9 or later with CONFIG_MICROCODE_INTEL_EARLY enabled.
+ This also requires initramfs-tools 0.113 or later, as well as iucode-tool
+ 1.0 or later. We fallback to late initramfs mode if outdated versions of
+ initramfs-tools or iucode-tool are installed.
+ * Update README.Debian and NEWS.Debian for early updates
+ * debian/control: update recommends for early-fw support
+ Recommend iucode-tool v1.0 or later and initramfs-tools 0.113, and
+ update the explanation in the package description accordingly.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 19 Jun 2013 22:15:46 -0300
+
+intel-microcode (1.20130222.2) unstable; urgency=low
+
+ * kernel preinst: simplify and load microcode and cpuid modules
+ * postinst: attempt to load microcode module (closes: #692535)
+ * Makefile: Use the -s! and --loose-date-filtering facilities added to
+ iucode_tool v0.9 to better implement the selection of legacy microcode,
+ and to fix the support for IUC_INCLUDE, which was non-functional.
+ * debian/control: build-depend on iucode-tool (>= 0.9)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 27 Mar 2013 16:39:06 -0300
+
+intel-microcode (1.20130222.1) unstable; urgency=low
+
+ * New upstream microcode data file 20130222 (closes: #702152)
+ + Updated Microcodes:
+ sig 0x000306a9, pf mask 0x12, 2013-01-09, rev 0x0017, size 11264
+ * Remove from the source package an unused microcode data file, which
+ was completely superseded by later ones: microcode-20120606-v2.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 03 Mar 2013 16:59:35 -0300
+
+intel-microcode (1.20120606.v2.2) unstable; urgency=medium
+
+ * initramfs: work around initramfs-tools bug #688794.
+ Use "_" in place of "+-." for the initramfs script name. This works
+ around a PANIC during boot when the initramfs was created in a system
+ with noexec $TMPDIR.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 09 Oct 2012 07:43:37 -0300
+
+intel-microcode (1.20120606.v2.1) unstable; urgency=medium
+
+ * New upstream microcode data file 20120606-v2 (2012-10-01)
+ + Updated Microcodes:
+ sig 0x000206d6, pf mask 0x6d, 2012-05-22, rev 0x0619, size 16384
+ sig 0x000206d7, pf mask 0x6d, 2012-05-22, rev 0x070d, size 16384
+ sig 0x000306a9, pf mask 0x12, 2012-07-16, rev 0x0013, size 11264
+ + Updated Microcodes (recently removed):
+ sig 0x000206f2, pf mask 0x05, 2012-04-12, rev 0x0036, size 12288
+ * Remove from the source package some unused upstream microcode bundles,
+ which were completely superseded by later ones: microcode-20080401.dat,
+ microcode-20090330.dat, microcode-20090927.dat, microcode-20100209.dat,
+ microcode-20110428.dat, microcode-20111110.dat.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 08 Oct 2012 14:56:17 -0300
+
+intel-microcode (1.20120606.6) unstable; urgency=medium
+
+ * debian/control: conflicts with microcode.ctl (<< 1.18~0)
+ microcode.ctl (1.18~0+nmu1) is a transitional package.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 02 Sep 2012 17:46:39 -0300
+
+intel-microcode (1.20120606.5) unstable; urgency=low
+
+ * debian/copyright: correct statement.
+ * debian/control: use i686 instead of IA32 in package description.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 29 Aug 2012 19:33:14 -0300
+
+intel-microcode (1.20120606.4) unstable; urgency=low
+
+ * README.Debian: mention module-init-tools, not just kmod. This
+ is useful when backporting to Debian Squeeze.
+ * initramfs: make sure we modprobe cpuid early.
+ Provide an /etc/kernel/preinst.d hook to modprobe the cpuid module
+ before an in-place kernel upgrade makes it impossible to do so at
+ initramfs rebuild time. This is only done when dev/cpuid is not yet
+ available, IUCODE_TOOL_SCANCPUS is active, and iucode-tool is
+ installed. Thanks to Philipp Kern for the report.
+ * NEWS.Debian: document failures with in-place kernel upgrades
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 11 Aug 2012 19:35:46 -0300
+
+intel-microcode (1.20120606.3) unstable; urgency=low
+
+ * initramfs: while creating the initramfs, if we need to iucode_tool
+ --scan-system, attempt to modprobe cpuid if cpu/cpuid device is missing,
+ and report an error if it doesn't work. Thanks to Sebastian Andrzej
+ Siewior for a good suggestion on how to fix it (closes: #683161)
+ * README.Debian: add "modprobe cpuid" to example
+ * debian/control: use better Vcs-browser URI that is properly
+ handled by the current alioth redirector.
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 29 Jul 2012 11:09:44 -0300
+
+intel-microcode (1.20120606.2) unstable; urgency=low
+
+ * Fix README.source to reflect that cpu-signatures.txt processing
+ was moved to the toplevel Makefile
+ * Update diff-latest-pack.sh to really find iucode_tool
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 21 Jul 2012 18:10:47 -0300
+
+intel-microcode (1.20120606.1) unstable; urgency=low
+
+ * Change to ABI 1:
+ + Ship binary microcode in /lib/firmware
+ + Add initramfs helpers to install and load binary microcode on boot
+ + Call update-initramfs on package upgrades and removals
+ + Use non-deprecated kernel interface to interact with kernel
+ (sysfs+fw loader)
+ * Include microcode for older processors. This should help some
+ older boxes for which microcode was not being shipped by Intel
+ anymore but which still have users, with the trade-off that we
+ will also ship some useless and mostly useless microcode
+ * Do not ship i686-only microcode in the amd64 binary package. We
+ still ship all microcode in the i386 binary package, to support
+ 64bit processors running i?86 userspace transparently
+ * Switch myself to maintainer, and Giacomo to uploader to better
+ reflect who is responsible for any bugs this could cause...
+ * Switch to the 3.0 (native) package format as it doesn't make practical
+ sense to base the source package on the Intel upstream tarball anymore
+ because we use all past Intel microcode releases as source
+ + Use xz to compress the tarball, it does a _much_ better job than
+ bzip2 and gzip for this package
+ + Override lintian warning about switch to native packaging, as it was
+ done on purpose. It can be removed in the future
+ * Drop CDBS, switch to classic (less obfuscated/much better documented)
+ debhelper build
+ * Switch to debhelper v7, which is good enough for Debian Lenny and later
+ don't use a newer mode for now, to facilitate backporting
+ * Document in README.source:
+ + this package must be trivial to backport to oldstable and stable
+ (i.e. Debian Lenny and Debian Squeeze ATM)
+ + how to add new upstream microcode packs and microcode overrides
+ + other relevant details related to the lack of Intel changelogs
+ * Build-Depend on iucode-tool to handle binary microcode, merge
+ microcode packs and overrides, and split into firmware files
+ * Drop support for microcode.ctl, as it cannot handle binary
+ microcode or the non-deprecated kernel interface
+ * Update package short and long descriptions
+ * Add a NEWS file to explain all the behaviour changes
+ * Recommend iucode-tool to support optional selective microcode
+ selection for the initramfs (reduces microcode size greatly)
+ * Change to priority: standard. This package should be installed in
+ every Intel-based Debian system, which is unfortunately impossible
+ since it is non-free, but at least mark it as such
+ * add debian/diff-latest-pack.sh utility (not shipped in the binary
+ package) to help produce the "upstream changelogs"
+ * debian/control: add Vcs-* fields
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 13 Jul 2012 15:23:23 -0300
+
+intel-microcode (0.20120606-1) unstable; urgency=medium
+
+ * New upstream data file: microcode-20120606
+ + New Microcodes:
+ sig 0x00020661, pf mask 0x02, 2011-07-18, rev 0x0105, size 5120
+ sig 0x000206d7, pf mask 0x6d, 2012-04-03, rev 0x070c, size 16384
+ sig 0x000306a9, pf mask 0x12, 2012-04-12, rev 0x0012, size 11264
+ + Updated Microcodes:
+ sig 0x000106e5, pf mask 0x13, 2011-09-01, rev 0x0005, size 6144
+ sig 0x000206a7, pf mask 0x12, 2012-04-24, rev 0x0028, size 9216
+ sig 0x000206d6, pf mask 0x6d, 2012-04-18, rev 0x0618, size 16384
+ + Removed Microcodes (recently updated):
+ sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
+ * Fixes precise-event based sampling (PEBS) on Sandy Bridge processors
+ (http://lkml.org/lkml/2012/6/7/145)
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 09 Jun 2012 00:44:12 -0300
+
+intel-microcode (0.20111110-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20111110
+ + New Microcodes:
+ sig 0x000206d6, pf mask 0x6d, 2011-09-29, rev 0x060c, size 15360
+ + Updated Microcodes:
+ sig 0x00020652, pf mask 0x12, 2011-09-01, rev 0x000d, size 7168
+ sig 0x00020655, pf mask 0x92, 2011-09-01, rev 0x0003, size 2048
+ sig 0x000206a7, pf mask 0x12, 2011-10-11, rev 0x0025, size 9216
+ sig 0x000206f2, pf mask 0x05, 2011-08-31, rev 0x0034, size 12288
+ + Removed Microcodes (recently added):
+ sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
+ sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
+ sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 24 Dec 2011 18:17:05 -0200
+
+intel-microcode (0.20110915-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20110915
+ + New Microcodes:
+ sig 0x000206f2, pf mask 0x05, 2011-07-21, rev 0x0032, size 12288
+ sig 0x00030661, pf mask 0x02, 2011-06-23, rev 0x0106, size 5120
+ sig 0x00030661, pf mask 0x04, 2011-06-23, rev 0x0106, size 5120
+ sig 0x00030661, pf mask 0x08, 2011-06-23, rev 0x0106, size 5120
+ + Updated Microcodes:
+ sig 0x000206a7, pf mask 0x12, 2011-07-14, rev 0x001b, size 9216
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 16 Oct 2011 13:10:43 -0200
+
+intel-microcode (0.20110428-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20110428
+ + New Microcodes:
+ sig 0x000206a7, pf mask 0x12, 2011-04-07, rev 0x0017, size 8192
+ + Readded Microcodes:
+ sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
+ + Removed Microcodes (recently rolled back):
+ sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
+ * debian/rules: install microcode*.dat, instead of microcode-*.dat
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 26 Jun 2011 18:56:57 -0300
+
+intel-microcode (0.20101123-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20101123
+ + New Microcodes:
+ sig 0x000006fb, pf mask 0x20, 2010-10-03, rev 0x00ba, size 4096
+ + Readded Microcodes (older revision):
+ sig 0x000106a5, pf mask 0x03, 2009-04-14, rev 0x0011, size 8192
+ + Updated Microcodes:
+ sig 0x000006f2, pf mask 0x01, 2010-10-02, rev 0x005d, size 4096
+ sig 0x000006f2, pf mask 0x20, 2010-10-02, rev 0x005c, size 4096
+ sig 0x000006f6, pf mask 0x01, 2010-09-30, rev 0x00d0, size 4096
+ sig 0x000006f6, pf mask 0x04, 2010-10-01, rev 0x00d2, size 4096
+ sig 0x000006f6, pf mask 0x20, 2010-10-01, rev 0x00d1, size 4096
+ sig 0x000006f7, pf mask 0x10, 2010-10-02, rev 0x006a, size 4096
+ sig 0x000006f7, pf mask 0x40, 2010-10-02, rev 0x006b, size 4096
+ sig 0x000006fa, pf mask 0x80, 2010-10-02, rev 0x0095, size 4096
+ sig 0x000006fb, pf mask 0x01, 2010-10-03, rev 0x00ba, size 4096
+ sig 0x000006fb, pf mask 0x04, 2010-10-03, rev 0x00bc, size 4096
+ sig 0x000006fb, pf mask 0x08, 2010-10-03, rev 0x00bb, size 4096
+ sig 0x000006fb, pf mask 0x10, 2010-10-03, rev 0x00ba, size 4096
+ sig 0x000006fb, pf mask 0x40, 2010-10-03, rev 0x00bc, size 4096
+ sig 0x000006fb, pf mask 0x80, 2010-10-03, rev 0x00ba, size 4096
+ sig 0x000006fd, pf mask 0x01, 2010-10-02, rev 0x00a4, size 4096
+ sig 0x000006fd, pf mask 0x20, 2010-10-02, rev 0x00a4, size 4096
+ sig 0x000006fd, pf mask 0x80, 2010-10-02, rev 0x00a4, size 4096
+ sig 0x00010661, pf mask 0x01, 2010-10-04, rev 0x0043, size 4096
+ sig 0x00010661, pf mask 0x02, 2010-10-04, rev 0x0042, size 4096
+ sig 0x00010661, pf mask 0x80, 2010-10-04, rev 0x0044, size 4096
+ sig 0x00010676, pf mask 0x01, 2010-09-29, rev 0x060f, size 4096
+ sig 0x00010676, pf mask 0x04, 2010-09-29, rev 0x060f, size 4096
+ sig 0x00010676, pf mask 0x10, 2010-09-29, rev 0x060f, size 4096
+ sig 0x00010676, pf mask 0x40, 2010-09-29, rev 0x060f, size 4096
+ sig 0x00010676, pf mask 0x80, 2010-09-29, rev 0x060f, size 4096
+ sig 0x00010677, pf mask 0x10, 2010-09-29, rev 0x070a, size 4096
+ sig 0x0001067a, pf mask 0x11, 2010-09-28, rev 0x0a0b, size 8192
+ sig 0x0001067a, pf mask 0x44, 2010-09-28, rev 0x0a0b, size 8192
+ sig 0x0001067a, pf mask 0xa0, 2010-09-28, rev 0x0a0b, size 8192
+ sig 0x000106d1, pf mask 0x08, 2010-09-30, rev 0x0029, size 4096
+ + Removed Microcodes:
+ sig 0x00000612, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+ sig 0x00000616, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+ sig 0x00000617, pf mask 0x00, 1996-12-10, rev 0x00c6, size 2048
+ sig 0x00000619, pf mask 0x00, 1998-02-18, rev 0x00d2, size 2048
+ sig 0x00000633, pf mask 0x00, 1998-09-23, rev 0x0036, size 2048
+ sig 0x00000634, pf mask 0x00, 1998-09-23, rev 0x0037, size 2048
+ sig 0x00000650, pf mask 0x04, 1997-12-12, rev 0x0019, size 2048
+ sig 0x00000650, pf mask 0x20, 1998-02-11, rev 0x002e, size 2048
+ sig 0x00000650, pf mask 0x80, 1998-02-11, rev 0x002f, size 2048
+ sig 0x00000651, pf mask 0x02, 1999-05-25, rev 0x0041, size 2048
+ sig 0x00000651, pf mask 0x08, 1999-05-25, rev 0x0042, size 2048
+ sig 0x00000652, pf mask 0x08, 1999-05-18, rev 0x002d, size 2048
+ sig 0x00000672, pf mask 0x01, 1999-09-22, rev 0x0010, size 2048
+ sig 0x00000673, pf mask 0x01, 1999-09-10, rev 0x000e, size 2048
+ sig 0x00000683, pf mask 0x01, 2001-02-06, rev 0x0013, size 2048
+ sig 0x00000683, pf mask 0x04, 2001-02-06, rev 0x0010, size 2048
+ sig 0x00000683, pf mask 0x10, 2001-02-06, rev 0x0014, size 2048
+ sig 0x000006a4, pf mask 0x04, 2000-06-16, rev 0x0001, size 2048
+ sig 0x00000f12, pf mask 0x01, 2003-05-02, rev 0x002d, size 2048
+ sig 0x00000f12, pf mask 0x02, 2003-05-02, rev 0x002f, size 2048
+ sig 0x00000f12, pf mask 0x04, 2003-05-02, rev 0x002e, size 2048
+ sig 0x00000f13, pf mask 0x04, 2003-05-08, rev 0x0005, size 2048
+ sig 0x00000f24, pf mask 0x08, 2003-06-05, rev 0x0020, size 2048
+ sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 10 Jan 2011 23:25:18 -0200
+
+intel-microcode (0.20100914-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20100914
+ + Updated Microcodes:
+ sig 0x000206c2, pf mask 0x03, 2010-09-07, rev 0x0013, size 7168
+ + Removed Microcodes:
+ sig 0x000006d8, pf mask 0x08, 2006-08-31, rev 0x0021, size 2048
+ sig 0x000006d8, pf mask 0x20, 2004-07-22, rev 0x0020, size 2048
+ sig 0x00000f65, pf mask 0x04, 2007-05-10, rev 0x000b, size 2048
+ sig 0x00010661, pf mask 0x04, 2007-05-01, rev 0x0036, size 4096
+ sig 0x000106a5, pf mask 0x03, 2010-03-03, rev 0x0015, size 8192
+ sig 0x000206e6, pf mask 0x04, 2010-04-21, rev 0x0007, size 6144
+ * Add upstream changelog, with a list of changed microcodes per release
+ * Update debian/copyright to match the latest license
+ * Update documentation on where and how to get an up-to-date microcode
+ file directly from Intel, and how to install it
+ * postinst: run the microcode.ctl initscript on install/upgrades to apply
+ updated microcodes to the processor
+ * Merge changes from version 0.20090927-1, which I lost in the last
+ upload for some stupid reason. The lack of 0.20090927-1 in the
+ changelog upsets the BTS' version tracking, so it is more than just a
+ cosmetic fix
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 26 Sep 2010 19:51:46 -0300
+
+intel-microcode (0.20100826-1) unstable; urgency=low
+
+ * New upstream data file: microcode-20100826 (closes: #571128)
+ * debian/control: Add myself to uploaders
+ * debian/control: bump standards-version to 3.9.1 (no changes required)
+ * debian/control: Change homepage to the only stable URI available,
+ which is that of the RSS feed
+ * debian/source/format: set to 1.0, we gain nothing from the other formats
+
+ -- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 28 Aug 2010 11:25:34 -0300
+
+intel-microcode (0.20090927-1) unstable; urgency=low
+
+ * New upstream version (Closes: #549706)
+
+ -- Giacomo Catenazzi <cate@debian.org> Tue, 06 Oct 2009 07:42:02 +0200
+
+intel-microcode (0.20090330-1) unstable; urgency=low
+
+ * New upstream version. This version replaced 6 and add
+ extra 3 microcode files.
+
+ -- Giacomo Catenazzi <cate@debian.org> Tue, 31 Mar 2009 07:54:00 +0200
+
+intel-microcode (0.20080910-2) unstable; urgency=low
+
+ * Revert architecture change
+
+ -- Giacomo Catenazzi <cate@debian.org> Mon, 13 Oct 2008 19:40:18 +0200
+
+intel-microcode (0.20080910-1) unstable; urgency=low
+
+ * New upstream version.
+ * Set architecture to all: the data is architecture indipendent
+ (and used in i386 and amd64 architectures). Note: this package
+ is "non-free" (i.e. usual manual check), so it should not
+ use space on CD and other medium, on non Intel architectures.
+
+ -- Giacomo Catenazzi <cate@debian.org> Mon, 15 Sep 2008 08:33:19 +0200
+
+intel-microcode (0.20080401-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Giacomo Catenazzi <cate@debian.org> Fri, 25 Apr 2008 18:59:10 +0200
+
+intel-microcode (0.20080220-1) unstable; urgency=low
+
+ * New upstream version.
+
+ -- Giacomo Catenazzi <cate@debian.org> Mon, 10 Mar 2008 07:48:48 +0100
+
+intel-microcode (0.20080131-1) unstable; urgency=low
+
+ * Initial release. The new license is finally enough good for
+ debian non-free
+ * BTW packing the microcode will solve potential/theoretical
+ man-in-the-middle attack (Closes: #282583)
+
+ -- Giacomo Catenazzi <cate@debian.org> Wed, 20 Feb 2008 19:33:10 +0100
+